From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 09FDBAC0A08 for ; Mon, 8 Apr 2024 01:46:57 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=j05Rh2Q95X/dXJ2uhWSCd3X/tmNCJ2kfC7o9nz3IdjE=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1712540816; v=1; b=YFs1H0Ti3VJmp0hPHsYg3ChGI2zU2BzRMeZchy2C1bzuM9MSPnKDuk9QHRMH9+0BjlwgeyhX d5xMhOcvFS2dtRpFYP4bkd7/FFuaEQVfADv392ZdyiICnxpEuNk9JfF3KppL6HT2E0BSTPa4RaB qWkHgsMQhljAoYRTjO9bkQ8l9x7wi0VEAvfzl6uPgy7/JGcfYD0XlaMGeIiQy+W66Mks0BJzS3d VIRMzGKpReeA1ygb6i5Qi3QMb7I+3wmCHOoY8g3QZ7bMpEJNqbFCIk5ylgszJeMG8ISzbG8oVX7 g9D2mJRRi13gh/ErXwFofiQFWk+WxRdyJxqtSIIuW5rAQ== X-Received: by 127.0.0.2 with SMTP id tvR5YY7687511xdltYWRSJ7o; Sun, 07 Apr 2024 18:46:56 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18]) by mx.groups.io with SMTP id smtpd.web11.96783.1712540815713985685 for ; Sun, 07 Apr 2024 18:46:55 -0700 X-CSE-ConnectionGUID: /Y6+IHo/THmnjNb8PFTTDQ== X-CSE-MsgGUID: GHcPRl+STHGpjzex19xI9w== X-IronPort-AV: E=McAfee;i="6600,9927,11037"; a="7969715" X-IronPort-AV: E=Sophos;i="6.07,186,1708416000"; d="scan'208";a="7969715" X-Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2024 18:46:55 -0700 X-CSE-ConnectionGUID: rYiZyleiQEKKTuXC1+1SFA== X-CSE-MsgGUID: geVraptuRUeemv2y/kh1Bg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,186,1708416000"; d="scan'208";a="24209627" X-Received: from shwdejointd777.ccr.corp.intel.com ([10.239.58.116]) by fmviesa003.fm.intel.com with ESMTP; 07 Apr 2024 18:46:52 -0700 From: "Wenxing Hou" To: devel@edk2.groups.io Cc: Sean Brogan , Joey Vagedes , Michael D Kinney , Liming Gao , Andrew Fish , Zhiguang Liu , Rahul Kumar , Jiewen Yao Subject: [edk2-devel] [PATCH v2 0/9] Add DeviceSecurity feature based on PFP 1.06 spec Date: Mon, 8 Apr 2024 09:46:40 +0800 Message-Id: <20240408014649.2521-1-wenxing.hou@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sun, 07 Apr 2024 18:46:55 -0700 Resent-From: wenxing.hou@intel.com Reply-To: devel@edk2.groups.io,wenxing.hou@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: x7dalv3x9sP0kjC1agTFFN28x7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=YFs1H0Ti; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder. This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement. Libspdm as submodule is to support DeviceSecurity feature: https://github.com/DMTF/libspdm TCG PFP spec 1.06: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ The POC branch: https://github.com/tianocore/edk2-staging/tree/DeviceSecurity And the PATCH set has passed the EDKII CI: https://github.com/tianocore/edk2/pull/5508 v2 changes: - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication Cc: Sean Brogan Cc: Joey Vagedes Cc: Michael D Kinney Cc: Liming Gao Cc: Andrew Fish Cc: Zhiguang Liu Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wenxing Hou Wenxing Hou (9): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. SecurityPkg: add DeviceSecurity support .pytool/CISettings.py: add libspdm submodule. .gitmodule: Add libspdm submodule for EDKII SecurityPkg: Add libspdm submodule .gitmodules | 3 + .pytool/CISettings.py | 2 + MdeModulePkg/MdeModulePkg.dec | 5 + .../Variable/RuntimeDxe/Measurement.c | 38 +- .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdePkg/Include/Guid/GlobalVariable.h | 8 +- MdePkg/Include/Guid/ImageAuthentication.h | 5 +- MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- .../IndustryStandard/UefiTcgPlatform.h | 186 ++- .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ .../CryptlibWrapper/CryptlibWrapper.inf | 38 + .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ .../SpdmLib/Include/hal/library/debuglib.h | 39 + .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + .../SpdmLib/SpdmRequesterLib.inf | 59 + .../SpdmLib/SpdmResponderLib.inf | 61 + .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + .../SpdmLib/SpdmTransportMctpLib.inf | 38 + .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ .../HashLibBaseCryptoRouterDxe.c | 88 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- SecurityPkg/SecurityPkg.ci.yaml | 17 +- SecurityPkg/SecurityPkg.dec | 13 +- SecurityPkg/SecurityPkg.dsc | 31 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- 48 files changed, 7196 insertions(+), 85 deletions(-) create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117477): https://edk2.groups.io/g/devel/message/117477 Mute This Topic: https://groups.io/mt/105394111/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-