From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: devel@edk2.groups.io
Subject: [PATCH V3 0/4] Add SPDM device security
Date: Thu, 7 Nov 2019 21:37:34 +0800 [thread overview]
Message-ID: <20191107133738.23824-1-jiewen.yao@intel.com> (raw)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303
========= v3 =============
The patch addresses the feedback below:
Liming Gao:
1) specify the spec version in file header for SPDM.
Ray Ni:
1) create a standalone function like PciDeviceAuthenticate() and
move the new code to that function then call it from CreatePciIoDevice
========= v2 =============
This patch series add support for device security based
upon the DMTF SPDM specification.
https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip
We did design review at 18 Oct, 2019.
https://edk2.groups.io/g/devel/files/Designs/2019/1018
And the feedback from the meeting is addressed.
https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf
We add the Device security protocol in EDKII repo.
PCI bus driver consumes the interface.
If there is no producer, the PCI bus driver keeps current behavior.
So far, we only provide the producer what follows Intel
PCI security spec.
https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html
The implementation is put to EDKII platform repo.
The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2
The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2
The validation has been done on a Intel internal platform.
The device measurement can be shown in TCG event log.
signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Jiewen Yao (4):
MdePkg/Include: Add DMTF SPDM definition.
MdeModulePkg/Include: Add DeviceSecurity.h
MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid.
MdeModulePkg/Pci: Add DeviceSecurity support.
MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c | 12 +-
MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 1 +
MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf | 4 +-
.../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 77 +++++
MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 4 +-
.../Include/Protocol/DeviceSecurity.h | 162 +++++++++
MdeModulePkg/MdeModulePkg.dec | 5 +
MdePkg/Include/IndustryStandard/Spdm.h | 320 ++++++++++++++++++
8 files changed, 581 insertions(+), 4 deletions(-)
create mode 100644 MdeModulePkg/Include/Protocol/DeviceSecurity.h
create mode 100644 MdePkg/Include/IndustryStandard/Spdm.h
--
2.19.2.windows.1
next reply other threads:[~2019-11-07 13:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-07 13:37 Yao, Jiewen [this message]
2019-11-07 13:37 ` [PATCH V3 1/4] MdePkg/Include: Add DMTF SPDM definition Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 2/4] MdeModulePkg/Include: Add DeviceSecurity.h Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 3/4] MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 4/4] MdeModulePkg/Pci: Add DeviceSecurity support Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191107133738.23824-1-jiewen.yao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox