* [PATCH V3 1/4] MdePkg/Include: Add DMTF SPDM definition.
2019-11-07 13:37 [PATCH V3 0/4] Add SPDM device security Yao, Jiewen
@ 2019-11-07 13:37 ` Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 2/4] MdeModulePkg/Include: Add DeviceSecurity.h Yao, Jiewen
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2019-11-07 13:37 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Yun Lou
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Yun Lou <yun.lou@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed by: Liming Gao <liming.gao@intel.com>
---
MdePkg/Include/IndustryStandard/Spdm.h | 320 +++++++++++++++++++++++++
1 file changed, 320 insertions(+)
create mode 100644 MdePkg/Include/IndustryStandard/Spdm.h
diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h
new file mode 100644
index 0000000000..c05395fea7
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/Spdm.h
@@ -0,0 +1,320 @@
+/** @file
+ Definitions of Security Protocol & Data Model Specification (SPDM)
+ version 0.99a in Distributed Management Task Force (DMTF).
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#ifndef __SPDM_H__
+#define __SPDM_H__
+
+#pragma pack(1)
+
+///
+/// SPDM response code
+///
+#define SPDM_DIGESTS 0x01
+#define SPDM_CERTIFICATE 0x02
+#define SPDM_CHALLENGE_AUTH 0x03
+#define SPDM_VERSION 0x04
+#define SPDM_MEASUREMENTS 0x60
+#define SPDM_CAPABILITIES 0x61
+#define SPDM_SET_CERT_RESPONSE 0x62
+#define SPDM_ALGORITHMS 0x63
+#define SPDM_ERROR 0x7F
+///
+/// SPDM request code
+///
+#define SPDM_GET_DIGESTS 0x81
+#define SPDM_GET_CERTIFICATE 0x82
+#define SPDM_CHALLENGE 0x83
+#define SPDM_GET_VERSION 0x84
+#define SPDM_GET_MEASUREMENTS 0xE0
+#define SPDM_GET_CAPABILITIES 0xE1
+#define SPDM_NEGOTIATE_ALGORITHMS 0xE3
+#define SPDM_RESPOND_IF_READY 0xFF
+
+///
+/// SPDM message header
+///
+typedef struct {
+ UINT8 SPDMVersion;
+ UINT8 RequestResponseCode;
+ UINT8 Param1;
+ UINT8 Param2;
+} SPDM_MESSAGE_HEADER;
+
+#define SPDM_MESSAGE_VERSION 0x10
+
+///
+/// SPDM GET_VERSION request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+} SPDM_GET_VERSION_REQUEST;
+
+///
+/// SPDM GET_VERSION response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT8 Reserved;
+ UINT8 VersionNumberEntryCount;
+//SPDM_VERSION_NUMBER VersionNumberEntry[VersionNumberEntryCount];
+} SPDM_VERSION_RESPONSE;
+
+///
+/// SPDM VERSION structure
+///
+typedef struct {
+ UINT16 Alpha:4;
+ UINT16 UpdateVersionNumber:4;
+ UINT16 MinorVersion:4;
+ UINT16 MajorVersion:4;
+} SPDM_VERSION_NUMBER;
+
+///
+/// SPDM GET_CAPABILITIES request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+} SPDM_GET_CAPABILITIES_REQUEST;
+
+///
+/// SPDM GET_CAPABILITIES response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT8 Reserved;
+ UINT8 CTExponent;
+ UINT16 Reserved2;
+ UINT32 Flags;
+} SPDM_CAPABILITIES_RESPONSE;
+
+///
+/// SPDM GET_CAPABILITIES response Flags
+///
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP BIT0
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP BIT1
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP BIT2
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP (BIT3 | BIT4)
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG BIT3
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG BIT4
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP BIT5
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT16 Length;
+ UINT8 MeasurementSpecification;
+ UINT8 Reserved;
+ UINT32 BaseAsymAlgo;
+ UINT32 BaseHashAlgo;
+ UINT8 Reserved2[12];
+ UINT8 ExtAsymCount;
+ UINT8 ExtHashCount;
+ UINT16 Reserved3;
+//UINT32 ExtAsym[ExtAsymCount];
+//UINT32 ExtHash[ExtHashCount];
+} SPDM_NEGOTIATE_ALGORITHMS_REQUEST;
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request BaseAsymAlgo
+///
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 BIT0
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 BIT1
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 BIT2
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 BIT3
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 BIT4
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 BIT5
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 BIT6
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 BIT7
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 BIT8
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request BaseHashAlgo
+///
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 BIT0
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 BIT1
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 BIT2
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 BIT3
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 BIT4
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 BIT5
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT16 Length;
+ UINT8 MeasurementSpecificationSel;
+ UINT8 Reserved;
+ UINT32 MeasurementHashAlgo;
+ UINT32 BaseAsymSel;
+ UINT32 BaseHashSel;
+ UINT8 Reserved2[12];
+ UINT8 ExtAsymSelCount;
+ UINT8 ExtHashSelCount;
+ UINT16 Reserved3;
+//UINT32 ExtAsymSel[ExtAsymSelCount];
+//UINT32 ExtHashSel[ExtHashSelCount];
+} SPDM_ALGORITHMS_RESPONSE;
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS response MeasurementHashAlgo
+///
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_RAW_BIT_STREAM_ONLY BIT0
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256 BIT1
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_384 BIT2
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_512 BIT3
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_256 BIT4
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_384 BIT5
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_512 BIT6
+
+///
+/// SPDM GET_DIGESTS request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+} SPDM_GET_DIGESTS_REQUEST;
+
+///
+/// SPDM GET_DIGESTS response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+//UINT8 Digest[DigestSize];
+} SPDM_DIGESTS_RESPONSE;
+
+///
+/// SPDM GET_DIGESTS request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT16 Offset;
+ UINT16 Length;
+} SPDM_GET_CERTIFICATE_REQUEST;
+
+///
+/// SPDM GET_DIGESTS response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT16 PortionLength;
+ UINT16 RemainderLength;
+//UINT8 CertChain[CertChainSize];
+} SPDM_CERTIFICATE_RESPONSE;
+
+///
+/// SPDM CHALLENGE request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT32 Nonce;
+} SPDM_CHALLENGE_REQUEST;
+
+///
+/// SPDM CHALLENGE response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+//UINT8 CertChainHash[DigestSize];
+//UINT32 Nonce;
+//UINT8 MeasurementSummaryHash[DigestSize];
+//UINT16 OpaqueLength;
+//UINT8 OpaqueData[OpaqueLength];
+//UINT8 Signature[KeySize];
+} SPDM_CHALLENGE_AUTH_RESPONSE;
+
+///
+/// SPDM GET_MEASUREMENTS request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT32 Nonce;
+} SPDM_GET_MEASUREMENTS_REQUEST;
+
+///
+/// SPDM MEASUREMENTS block common header
+///
+typedef struct {
+ UINT8 Index;
+ UINT8 MeasurementSpecification;
+ UINT16 MeasurementSize;
+//UINT8 Measurement[MeasurementSize];
+} SPDM_MEASUREMENT_BLOCK_COMMON_HEADER;
+
+#define SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_DMTF BIT0
+
+///
+/// SPDM MEASUREMENTS block DMTF header
+///
+typedef struct {
+ UINT8 DMTFSpecMeasurementValueType;
+ UINT16 DMTFSpecMeasurementValueSize;
+//UINT8 DMTFSpecMeasurementValue[DMTFSpecMeasurementValueSize];
+} SPDM_MEASUREMENT_BLOCK_DMTF_HEADER;
+
+///
+/// SPDM MEASUREMENTS block MeasurementValueType
+///
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM 0
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE 1
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION 2
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION 3
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM BIT7
+
+///
+/// SPDM GET_MEASUREMENTS response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT8 NumberOfBlocks;
+ UINT8 MeasurementRecordLength[3];
+//UINT8 MeasurementRecord[MeasurementRecordLength];
+//UINT32 Nonce;
+//UINT16 OpaqueLength;
+//UINT8 OpaqueData[OpaqueLength];
+//UINT8 Signature[KeySize];
+} SPDM_MEASUREMENTS_RESPONSE;
+
+///
+/// SPDM ERROR response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == Error Code
+ // Param2 == Error Data
+//UINT8 ExtendedErrorData[];
+} SPDM_ERROR_RESPONSE;
+
+///
+/// SPDM error code
+///
+#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01
+#define SPDM_ERROR_CODE_BUSY 0x03
+#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04
+#define SPDM_ERROR_CODE_UNSPECIFIED 0x05
+#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07
+#define SPDM_ERROR_CODE_MAJOR_VERSION_MISMATCH 0x41
+#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42
+#define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43
+
+///
+/// SPDM RESPONSE_IF_READY request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RequestCode
+ // Param2 == Token
+} SPDM_RESPONSE_IF_READY_REQUEST;
+
+#pragma pack()
+
+#endif
+
--
2.19.2.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH V3 2/4] MdeModulePkg/Include: Add DeviceSecurity.h
2019-11-07 13:37 [PATCH V3 0/4] Add SPDM device security Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 1/4] MdePkg/Include: Add DMTF SPDM definition Yao, Jiewen
@ 2019-11-07 13:37 ` Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 3/4] MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 4/4] MdeModulePkg/Pci: Add DeviceSecurity support Yao, Jiewen
3 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2019-11-07 13:37 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Yun Lou
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303
EDKII_DEVICE_SECURITY_PROTOCOL is used for device
measurement and/or authentication.
It is similar to EFI_SECURITY_ARCH_PROTOCOL.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Yun Lou <yun.lou@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Include/Protocol/DeviceSecurity.h | 162 ++++++++++++++++++
1 file changed, 162 insertions(+)
create mode 100644 MdeModulePkg/Include/Protocol/DeviceSecurity.h
diff --git a/MdeModulePkg/Include/Protocol/DeviceSecurity.h b/MdeModulePkg/Include/Protocol/DeviceSecurity.h
new file mode 100644
index 0000000000..c3bf624cac
--- /dev/null
+++ b/MdeModulePkg/Include/Protocol/DeviceSecurity.h
@@ -0,0 +1,162 @@
+/** @file
+ Device Security Protocol definition.
+
+ It is used to authenticate a device based upon the platform policy.
+ It is similar to the EFI_SECURITY_ARCH_PROTOCOL, which is used to verify a image.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+
+#ifndef __DEVICE_SECURITY_H__
+#define __DEVICE_SECURITY_H__
+
+//
+// Device Security Protocol GUID value
+//
+#define EDKII_DEVICE_SECURITY_PROTOCOL_GUID \
+ { \
+ 0x5d6b38c8, 0x5510, 0x4458, { 0xb4, 0x8d, 0x95, 0x81, 0xcf, 0xa7, 0xb0, 0xd } \
+ }
+
+//
+// Forward reference for pure ANSI compatability
+//
+typedef struct _EDKII_DEVICE_SECURITY_PROTOCOL EDKII_DEVICE_SECURITY_PROTOCOL;
+
+//
+// Revision The revision to which the DEVICE_SECURITY interface adheres.
+// All future revisions must be backwards compatible.
+// If a future version is not back wards compatible it is not the same GUID.
+//
+#define EDKII_DEVICE_SECURITY_PROTOCOL_REVISION 0x00010000
+
+//
+// The device identifier.
+//
+typedef struct {
+ ///
+ /// Version of this data structure.
+ ///
+ UINT32 Version;
+ ///
+ /// Type of the device.
+ /// This field is also served as a device Access protocol GUID.
+ /// The device access protocol is installed on the DeviceHandle.
+ /// The device access protocol is device specific.
+ /// EDKII_DEVICE_IDENTIFIER_TYPE_PCI_GUID means the device access protocol is PciIo.
+ /// EDKII_DEVICE_IDENTIFIER_TYPE_USB_GUID means the device access protocol is UsbIo.
+ ///
+ EFI_GUID DeviceType;
+ ///
+ /// The handle created for this device.
+ /// NOTE: This might be a temporary handle.
+ /// If the device is not authenticated, this handle shall be uninstalled.
+ ///
+ /// As minimal requirement, there should be 2 protocols installed on the device handle.
+ /// 1) An EFI_DEVICE_PATH_PROTOCOL with EFI_DEVICE_PATH_PROTOCOL_GUID.
+ /// 2) A device access protocol with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID.
+ /// If the device is PCI device, the EFI_PCI_IO_PROTOCOL is installed with
+ /// EDKII_DEVICE_IDENTIFIER_TYPE_PCI_GUID.
+ /// If the device is USB device, the EFI_USB_IO_PROTOCOL is installed with
+ /// EDKII_DEVICE_IDENTIFIER_TYPE_USB_GUID.
+ ///
+ /// The device access protocol is required, because the verifier need have a way
+ /// to communciate with the device hardware to get the measurement or do the
+ /// challenge/response for the device authentication.
+ ///
+ /// NOTE: We don't use EFI_PCI_IO_PROTOCOL_GUID or EFI_USB_IO_PROTOCOL_GUID here,
+ /// because we don't want to expose a real protocol. A platform may have driver
+ /// register a protocol notify function. Installing a real protocol may cause
+ /// the callback function being executed before the device is authenticated.
+ ///
+ EFI_HANDLE DeviceHandle;
+} EDKII_DEVICE_IDENTIFIER;
+
+//
+// Revision The revision to which the DEVICE_IDENTIFIER interface adheres.
+// All future revisions must be backwards compatible.
+//
+#define EDKII_DEVICE_IDENTIFIER_REVISION 0x00010000
+
+//
+// Device Identifier GUID value
+//
+#define EDKII_DEVICE_IDENTIFIER_TYPE_PCI_GUID \
+ { \
+ 0x2509b2f1, 0xa022, 0x4cca, { 0xaf, 0x70, 0xf9, 0xd3, 0x21, 0xfb, 0x66, 0x49 } \
+ }
+
+#define EDKII_DEVICE_IDENTIFIER_TYPE_USB_GUID \
+ { \
+ 0x7394f350, 0x394d, 0x488c, { 0xbb, 0x75, 0xc, 0xab, 0x7b, 0x12, 0xa, 0xc5 } \
+ }
+
+/**
+ The device driver uses this service to measure and/or verify a device.
+
+ The flow in device driver is:
+ 1) Device driver discovers a new device.
+ 2) Device driver creates an EFI_DEVICE_PATH_PROTOCOL.
+ 3) Device driver creates a device access protocol. e.g.
+ EFI_PCI_IO_PROTOCOL for PCI device.
+ EFI_USB_IO_PROTOCOL for USB device.
+ EFI_EXT_SCSI_PASS_THRU_PROTOCOL for SCSI device.
+ EFI_ATA_PASS_THRU_PROTOCOL for ATA device.
+ EFI_NVM_EXPRESS_PASS_THRU_PROTOCOL for NVMe device.
+ EFI_SD_MMC_PASS_THRU_PROTOCOL for SD/MMC device.
+ 4) Device driver installs the EFI_DEVICE_PATH_PROTOCOL with EFI_DEVICE_PATH_PROTOCOL_GUID,
+ and the device access protocol with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID.
+ Once it is done, a DeviceHandle is returned.
+ 5) Device driver creates EDKII_DEVICE_IDENTIFIER with EDKII_DEVICE_IDENTIFIER_TYPE_xxx_GUID
+ and the DeviceHandle.
+ 6) Device driver calls DeviceAuthenticate().
+ 7) If DeviceAuthenticate() returns EFI_SECURITY_VIOLATION, the device driver uninstalls
+ all protocols on this handle.
+ 8) If DeviceAuthenticate() returns EFI_SUCCESS, the device driver installs the device access
+ protocol with a real protocol GUID. e.g.
+ EFI_PCI_IO_PROTOCOL with EFI_PCI_IO_PROTOCOL_GUID.
+ EFI_USB_IO_PROTOCOL with EFI_USB_IO_PROTOCOL_GUID.
+
+ @param[in] This The protocol instance pointer.
+ @param[in] DeviceId The Identifier for the device.
+
+ @retval EFI_SUCCESS The device specified by the DeviceId passed the measurement
+ and/or authentication based upon the platform policy.
+ If TCG measurement is required, the measurement is extended to TPM PCR.
+ @retval EFI_SECURITY_VIOLATION The device fails to return the measurement data.
+ @retval EFI_SECURITY_VIOLATION The device fails to response the authentication request.
+ @retval EFI_SECURITY_VIOLATION The system fails to verify the device based upon the authentication response.
+ @retval EFI_SECURITY_VIOLATION The system fails to extend the measurement to TPM PCR.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_DEVICE_AUTHENTICATE)(
+ IN EDKII_DEVICE_SECURITY_PROTOCOL *This,
+ IN EDKII_DEVICE_IDENTIFIER *DeviceId
+ );
+
+///
+/// Device Security Protocol structure.
+/// It is similar to the EFI_SECURITY_ARCH_PROTOCOL, which is used to verify a image.
+/// This protocol is used to authenticate a device based upon the platform policy.
+///
+struct _EDKII_DEVICE_SECURITY_PROTOCOL {
+ UINT64 Revision;
+ EDKII_DEVICE_AUTHENTICATE DeviceAuthenticate;
+};
+
+///
+/// Device Security Protocol GUID variable.
+///
+extern EFI_GUID gEdkiiDeviceSecurityProtocolGuid;
+
+///
+/// Device Identifier tpye GUID variable.
+///
+extern EFI_GUID gEdkiiDeviceIdentifierTypePciGuid;
+extern EFI_GUID gEdkiiDeviceIdentifierTypeUsbGuid;
+
+#endif
--
2.19.2.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH V3 3/4] MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid.
2019-11-07 13:37 [PATCH V3 0/4] Add SPDM device security Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 1/4] MdePkg/Include: Add DMTF SPDM definition Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 2/4] MdeModulePkg/Include: Add DeviceSecurity.h Yao, Jiewen
@ 2019-11-07 13:37 ` Yao, Jiewen
2019-11-07 13:37 ` [PATCH V3 4/4] MdeModulePkg/Pci: Add DeviceSecurity support Yao, Jiewen
3 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2019-11-07 13:37 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Yun Lou
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Yun Lou <yun.lou@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
MdeModulePkg/MdeModulePkg.dec | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index d6bac974da..b7356aa4ed 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -584,6 +584,11 @@
## Include/Protocol/IoMmu.h
gEdkiiIoMmuProtocolGuid = { 0x4e939de9, 0xd948, 0x4b0f, { 0x88, 0xed, 0xe6, 0xe1, 0xce, 0x51, 0x7c, 0x1e } }
+ ## Include/Protocol/DeviceSecurity.h
+ gEdkiiDeviceSecurityProtocolGuid = { 0x5d6b38c8, 0x5510, 0x4458, { 0xb4, 0x8d, 0x95, 0x81, 0xcf, 0xa7, 0xb0, 0xd } }
+ gEdkiiDeviceIdentifierTypePciGuid = { 0x2509b2f1, 0xa022, 0x4cca, { 0xaf, 0x70, 0xf9, 0xd3, 0x21, 0xfb, 0x66, 0x49 } }
+ gEdkiiDeviceIdentifierTypeUsbGuid = { 0x7394f350, 0x394d, 0x488c, { 0xbb, 0x75, 0xc, 0xab, 0x7b, 0x12, 0xa, 0xc5 } }
+
## Include/Protocol/SmmMemoryAttribute.h
gEdkiiSmmMemoryAttributeProtocolGuid = { 0x69b792ea, 0x39ce, 0x402d, { 0xa2, 0xa6, 0xf7, 0x21, 0xde, 0x35, 0x1d, 0xfe } }
--
2.19.2.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH V3 4/4] MdeModulePkg/Pci: Add DeviceSecurity support.
2019-11-07 13:37 [PATCH V3 0/4] Add SPDM device security Yao, Jiewen
` (2 preceding siblings ...)
2019-11-07 13:37 ` [PATCH V3 3/4] MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid Yao, Jiewen
@ 2019-11-07 13:37 ` Yao, Jiewen
3 siblings, 0 replies; 5+ messages in thread
From: Yao, Jiewen @ 2019-11-07 13:37 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Hao A Wu, Ray Ni, Yun Lou
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303
Whenever a PCI device is discovered, PCI bus calls the
EDKII_DEVICE_SECURITY_PROTOCOL to authenticate it.
If the function returns success, the PCI bus allocates
the resource and installs the PCI_IO for the device.
If the function returns fail, the PCI bus skips the device.
It is similar to EFI_SECURITY_ARCH_PROTOCOL, which
is used to verify an EFI image.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Yun Lou <yun.lou@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c | 12 ++-
MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 1 +
MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf | 4 +-
.../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 77 +++++++++++++++++++
MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 4 +-
5 files changed, 94 insertions(+), 4 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c
index b020ce50ce..64284ac825 100644
--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c
+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c
@@ -8,7 +8,7 @@
PCI Root Bridges. So it means platform needs install PCI Root Bridge IO protocol for each
PCI Root Bus and install PCI Host Bridge Resource Allocation Protocol.
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -37,7 +37,7 @@ UINT64 gAllZero = 0;
EFI_PCI_PLATFORM_PROTOCOL *gPciPlatformProtocol;
EFI_PCI_OVERRIDE_PROTOCOL *gPciOverrideProtocol;
EDKII_IOMMU_PROTOCOL *mIoMmuProtocol;
-
+EDKII_DEVICE_SECURITY_PROTOCOL *mDeviceSecurityProtocol;
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PCI_HOTPLUG_REQUEST_PROTOCOL mPciHotPlugRequest = {
PciHotPlugRequestNotify
@@ -293,6 +293,14 @@ PciBusDriverBindingStart (
);
}
+ if (mDeviceSecurityProtocol == NULL) {
+ gBS->LocateProtocol (
+ &gEdkiiDeviceSecurityProtocolGuid,
+ NULL,
+ (VOID **) &mDeviceSecurityProtocol
+ );
+ }
+
if (PcdGetBool (PcdPciDisableBusEnumeration)) {
gFullEnumeration = FALSE;
} else {
diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h b/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h
index 504a1b1c12..d4113993c8 100644
--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h
+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h
@@ -27,6 +27,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/PciOverride.h>
#include <Protocol/PciEnumerationComplete.h>
#include <Protocol/IoMmu.h>
+#include <Protocol/DeviceSecurity.h>
#include <Library/DebugLib.h>
#include <Library/UefiDriverEntryPoint.h>
diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf b/MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf
index 05c22025b8..9284998f36 100644
--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf
+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf
@@ -2,7 +2,7 @@
# The PCI bus driver will probe all PCI devices and allocate MMIO and IO space for these devices.
# Please use PCD feature flag PcdPciBusHotplugDeviceSupport to enable hot plug supporting.
#
-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -90,6 +90,8 @@
gEfiIncompatiblePciDeviceSupportProtocolGuid ## SOMETIMES_CONSUMES
gEfiLoadFile2ProtocolGuid ## SOMETIMES_PRODUCES
gEdkiiIoMmuProtocolGuid ## SOMETIMES_CONSUMES
+ gEdkiiDeviceSecurityProtocolGuid ## SOMETIMES_CONSUMES
+ gEdkiiDeviceIdentifierTypePciGuid ## SOMETIMES_CONSUMES
gEfiLoadedImageDevicePathProtocolGuid ## CONSUMES
[FeaturePcd]
diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c
index c7eafff593..f8020f4e72 100644
--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c
+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c
@@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "PciBus.h"
extern CHAR16 *mBarTypeStr[];
+extern EDKII_DEVICE_SECURITY_PROTOCOL *mDeviceSecurityProtocol;
#define OLD_ALIGN 0xFFFFFFFFFFFFFFFFULL
#define EVEN_ALIGN 0xFFFFFFFFFFFFFFFEULL
@@ -2070,6 +2071,67 @@ InitializeP2C (
PciIo->Pci.Write (PciIo, EfiPciIoWidthUint8, 0x3C, 1, &gAllZero);
}
+/*
+ Authenticate the PCI device by using DeviceSecurityProtocol.
+
+ @param PciIoDevice PCI device.
+
+ @retval EFI_SUCCESS The device passes the authentication.
+ @return not EFI_SUCCESS The device failes the authentication or
+ unexpected error happen during authentication.
+*/
+EFI_STATUS
+AuthenticatePciDevice (
+ IN PCI_IO_DEVICE *PciIoDevice
+ )
+{
+ EDKII_DEVICE_IDENTIFIER DeviceIdentifier;
+ EFI_STATUS Status;
+
+ if (mDeviceSecurityProtocol != NULL) {
+ //
+ // Prepare the parameter
+ //
+ DeviceIdentifier.Version = EDKII_DEVICE_IDENTIFIER_REVISION;
+ CopyGuid (&DeviceIdentifier.DeviceType, &gEdkiiDeviceIdentifierTypePciGuid);
+ DeviceIdentifier.DeviceHandle = NULL;
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &DeviceIdentifier.DeviceHandle,
+ &gEfiDevicePathProtocolGuid,
+ PciIoDevice->DevicePath,
+ &gEdkiiDeviceIdentifierTypePciGuid,
+ &PciIoDevice->PciIo,
+ NULL
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ //
+ // Do DeviceAuthentication
+ //
+ Status = mDeviceSecurityProtocol->DeviceAuthenticate (mDeviceSecurityProtocol, &DeviceIdentifier);
+ //
+ // Always uninstall, because they are only for Authentication.
+ // No need to check return Status.
+ //
+ gBS->UninstallMultipleProtocolInterfaces (
+ DeviceIdentifier.DeviceHandle,
+ &gEfiDevicePathProtocolGuid,
+ PciIoDevice->DevicePath,
+ &gEdkiiDeviceIdentifierTypePciGuid,
+ &PciIoDevice->PciIo,
+ NULL
+ );
+ return Status;
+ }
+
+ //
+ // Device Security Protocol is not found, just return success
+ //
+ return EFI_SUCCESS;
+}
+
/**
Create and initialize general PCI I/O device instance for
PCI device/bridge device/hotplug bridge device.
@@ -2156,6 +2218,21 @@ CreatePciIoDevice (
PciIoDevice->IsPciExp = TRUE;
}
+ //
+ // Now we can do the authentication check for the device.
+ //
+ Status = AuthenticatePciDevice (PciIoDevice);
+ //
+ // If authentication fails, skip this device.
+ //
+ if (EFI_ERROR(Status)) {
+ if (PciIoDevice->DevicePath != NULL) {
+ FreePool (PciIoDevice->DevicePath);
+ }
+ FreePool (PciIoDevice);
+ return NULL;
+ }
+
if (PcdGetBool (PcdAriSupport)) {
//
// Check if the device is an ARI device.
diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
index 5b55fb5d3b..72690ab647 100644
--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c
@@ -1054,7 +1054,9 @@ PciScanBus (
&PciDevice
);
- ASSERT (!EFI_ERROR (Status));
+ if (EFI_ERROR (Status)) {
+ continue;
+ }
PciAddress = EFI_PCI_ADDRESS (StartBusNumber, Device, Func, 0);
--
2.19.2.windows.1
^ permalink raw reply related [flat|nested] 5+ messages in thread