From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web11.5236.1572525094034209064 for ; Thu, 31 Oct 2019 05:31:34 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2019 05:31:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,250,1569308400"; d="scan'208";a="283875650" Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.211.198]) by orsmga001.jf.intel.com with ESMTP; 31 Oct 2019 05:31:32 -0700 From: "Yao, Jiewen" To: devel@edk2.groups.io Subject: [PATCH V2 0/6] Add Device Security driver Date: Thu, 31 Oct 2019 20:31:21 +0800 Message-Id: <20191031123127.10900-1-jiewen.yao@intel.com> X-Mailer: git-send-email 2.19.2.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 This patch series add support for device security based upon the DMTF SPDM specification. https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip We did design review at 18 Oct, 2019. https://edk2.groups.io/g/devel/files/Designs/2019/1018 And the feedback from the meeting is addressed. https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf The Device security protocol is added in EDKII repo. Here we add the producer what follows Intel PCI security spec to do the device firmware measurement. https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2 The validation has been done on a Intel internal platform. The device measurement can be shown in TCG event log. signed-off-by: Jiewen Yao Jiewen Yao (6): IntelSiliconPkg/Include: Add Intel PciSecurity definition. IntelSiliconPkg/Include: Add Platform Device Security Policy protocol IntelSiliconPkg/dec: Add ProtocolGuid definition. IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity. IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy. IntelSiliconPkg/dsc: Add Device Security component. .../IntelPciDeviceSecurityDxe.c | 701 ++++++++++++++++++ .../IntelPciDeviceSecurityDxe.inf | 45 ++ .../TcgDeviceEvent.h | 193 +++++ .../SamplePlatformDevicePolicyDxe.c | 189 +++++ .../SamplePlatformDevicePolicyDxe.inf | 40 + .../IndustryStandard/IntelPciSecurity.h | 66 ++ .../Protocol/PlatformDeviceSecurityPolicy.h | 84 +++ .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 1 + .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 + 9 files changed, 1322 insertions(+) create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.c create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.inf create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h -- 2.19.2.windows.1