[edk2-devel] [PATCH v2 0/9] Add DeviceSecurity feature based on PFP 1.06 spec

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wenxing Hou" <wenxing.hou@intel.com>
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.brogan@microsoft.com>,
	Joey Vagedes <joey.vagedes@gmail.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Andrew Fish <afish@apple.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v2 0/9] Add DeviceSecurity feature based on PFP 1.06 spec
Date: Mon,  8 Apr 2024 09:46:40 +0800	[thread overview]
Message-ID: <20240408014649.2521-1-wenxing.hou@intel.com> (raw)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479

In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder.
This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement.

Libspdm as submodule is to support DeviceSecurity feature:
https://github.com/DMTF/libspdm

TCG PFP spec 1.06:
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/

The POC branch:
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity

And the PATCH set has passed the EDKII CI:
https://github.com/tianocore/edk2/pull/5508

v2 changes:
 - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Andrew Fish <afish@apple.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>

Wenxing Hou (9):
  MdePkg: Add SPDM1.2 support.
  MdePkg: Add TCG PFP 1.06 support.
  MdePkg: Add devAuthBoot GlobalVariable
  MdeModulePkg/Variable: Add TCG SPDM device measurement update
  SecurityPkg: Add TCG PFP 1.06 support.
  SecurityPkg: add DeviceSecurity support
  .pytool/CISettings.py: add libspdm submodule.
  .gitmodule: Add libspdm submodule for EDKII
  SecurityPkg: Add libspdm submodule

 .gitmodules                                   |    3 +
 .pytool/CISettings.py                         |    2 +
 MdeModulePkg/MdeModulePkg.dec                 |    5 +
 .../Variable/RuntimeDxe/Measurement.c         |   38 +-
 .../RuntimeDxe/VariableRuntimeDxe.inf         |    3 +
 .../RuntimeDxe/VariableSmmRuntimeDxe.inf      |    3 +
 MdePkg/Include/Guid/GlobalVariable.h          |    8 +-
 MdePkg/Include/Guid/ImageAuthentication.h     |    5 +-
 MdePkg/Include/IndustryStandard/Spdm.h        | 1112 ++++++++++++++++-
 .../IndustryStandard/UefiTcgPlatform.h        |  186 ++-
 .../OsStub/CryptlibWrapper/CryptlibWrapper.c  |  970 ++++++++++++++
 .../CryptlibWrapper/CryptlibWrapper.inf       |   38 +
 .../OsStub/MemLibWrapper/MemLibWrapper.c      |  177 +++
 .../OsStub/MemLibWrapper/MemLibWrapper.inf    |   33 +
 .../PlatformLibWrapper/PlatformLibWrapper.c   |   85 ++
 .../PlatformLibWrapper/PlatformLibWrapper.inf |   33 +
 .../SpdmLib/Include/Stub/SpdmLibStub.h        |  347 +++++
 .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h   |   23 +
 .../SpdmLib/Include/hal/LibspdmStdDefAlt.h    |   16 +
 .../SpdmLib/Include/hal/LibspdmStdIntAlt.h    |   25 +
 .../DeviceSecurity/SpdmLib/Include/hal/base.h |   94 ++
 .../SpdmLib/Include/hal/library/debuglib.h    |   39 +
 .../SpdmLib/Include/library/spdm_lib_config.h |  394 ++++++
 .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf  |   47 +
 .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf   |   45 +
 .../SpdmLib/SpdmDeviceSecretLibNull.inf       |   36 +
 .../SpdmLib/SpdmRequesterLib.inf              |   59 +
 .../SpdmLib/SpdmResponderLib.inf              |   61 +
 .../SpdmLib/SpdmSecuredMessageLib.inf         |   44 +
 .../SpdmLib/SpdmTransportMctpLib.inf          |   38 +
 .../SpdmLib/SpdmTransportPciDoeLib.inf        |   38 +
 SecurityPkg/DeviceSecurity/SpdmLib/libspdm    |    1 +
 .../SpdmSecurityLib/SpdmAuthentication.c      |  697 +++++++++++
 .../SpdmSecurityLib/SpdmConnectionInit.c      |  481 +++++++
 .../SpdmSecurityLib/SpdmMeasurement.c         |  714 +++++++++++
 .../SpdmSecurityLib/SpdmSecurityLib.c         |  148 +++
 .../SpdmSecurityLib/SpdmSecurityLib.inf       |   54 +
 .../SpdmSecurityLib/SpdmSecurityLibInternal.h |  250 ++++
 SecurityPkg/Include/Library/SpdmSecurityLib.h |  437 +++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h  |   23 +-
 .../Include/Protocol/DeviceSecurityPolicy.h   |  133 ++
 .../HashLibBaseCryptoRouterDxe.c              |   88 +-
 .../Library/Tpm2CommandLib/Tpm2NVStorage.c    |  122 +-
 SecurityPkg/SecurityPkg.ci.yaml               |   17 +-
 SecurityPkg/SecurityPkg.dec                   |   13 +-
 SecurityPkg/SecurityPkg.dsc                   |   31 +-
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c             |   61 +-
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf           |    4 +-
 48 files changed, 7196 insertions(+), 85 deletions(-)
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
 create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h
 create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h
 create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117477): https://edk2.groups.io/g/devel/message/117477
Mute This Topic: https://groups.io/mt/105394111/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next             reply	other threads:[~2024-04-08  1:46 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-08  1:46 Wenxing Hou [this message]
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 1/9] MdePkg: Add SPDM1.2 support Wenxing Hou
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 2/9] MdePkg: Add TCG PFP 1.06 support Wenxing Hou
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 3/9] MdePkg: Add devAuthBoot GlobalVariable Wenxing Hou
2024-04-09  6:17   ` 回复: " gaoliming via groups.io
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 4/9] MdeModulePkg/Variable: Add TCG SPDM device measurement update Wenxing Hou
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 5/9] SecurityPkg: Add TCG PFP 1.06 support Wenxing Hou
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 6/9] SecurityPkg: add DeviceSecurity support Wenxing Hou
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 7/9] .pytool/CISettings.py: add libspdm submodule Wenxing Hou
2024-04-09 14:51   ` Joey Vagedes via groups.io
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 8/9] .gitmodule: Add libspdm submodule for EDKII Wenxing Hou
2024-04-08  1:46 ` [edk2-devel] [PATCH v2 9/9] SecurityPkg: Add libspdm submodule Wenxing Hou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240408014649.2521-1-wenxing.hou@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox