public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [edk2-devel] [PATCH v3 00/10] Add DeviceSecurity feature based on PFP 1.06 spec
@ 2024-04-15  1:58 Wenxing Hou
  2024-04-15  1:58 ` [edk2-devel] [PATCH v3 01/10] MdePkg: Add SPDM1.2 support Wenxing Hou
                   ` (9 more replies)
  0 siblings, 10 replies; 11+ messages in thread
From: Wenxing Hou @ 2024-04-15  1:58 UTC (permalink / raw)
  To: devel
  Cc: Andrew Fish, Leif Lindholm, Michael D Kinney, Liming Gao,
	Sean Brogan, Joey Vagedes, Zhiguang Liu, Rahul Kumar, Jiewen Yao

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479

In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder.
This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement.

Libspdm as submodule is to support DeviceSecurity feature:
https://github.com/DMTF/libspdm

TCG PFP spec 1.06:
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/

The POC branch:
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity

And the PATCH set has passed the EDKII CI:
https://github.com/tianocore/edk2/pull/5508

v2 changes:
 - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication
v3 changes:
 - Add new patch 10: Update ReadMe.rst for libspdm submodule license

PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
PATCH 7: Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>

Wenxing Hou (10):
  MdePkg: Add SPDM1.2 support.
  MdePkg: Add TCG PFP 1.06 support.
  MdePkg: Add devAuthBoot GlobalVariable
  MdeModulePkg/Variable: Add TCG SPDM device measurement update
  SecurityPkg: Add TCG PFP 1.06 support.
  SecurityPkg: add DeviceSecurity support
  .pytool/CISettings.py: add libspdm submodule.
  .gitmodule: Add libspdm submodule for EDKII
  SecurityPkg: Add libspdm submodule
  ReadMe.rst: Add libspdm submodule license

 .gitmodules                                   |    3 +
 .pytool/CISettings.py                         |    2 +
 MdeModulePkg/MdeModulePkg.dec                 |    5 +
 .../Variable/RuntimeDxe/Measurement.c         |   38 +-
 .../RuntimeDxe/VariableRuntimeDxe.inf         |    3 +
 .../RuntimeDxe/VariableSmmRuntimeDxe.inf      |    3 +
 MdePkg/Include/Guid/GlobalVariable.h          |    8 +-
 MdePkg/Include/Guid/ImageAuthentication.h     |    5 +-
 MdePkg/Include/IndustryStandard/Spdm.h        | 1112 ++++++++++++++++-
 .../IndustryStandard/UefiTcgPlatform.h        |  186 ++-
 ReadMe.rst                                    |    1 +
 .../OsStub/CryptlibWrapper/CryptlibWrapper.c  |  970 ++++++++++++++
 .../CryptlibWrapper/CryptlibWrapper.inf       |   38 +
 .../OsStub/MemLibWrapper/MemLibWrapper.c      |  177 +++
 .../OsStub/MemLibWrapper/MemLibWrapper.inf    |   33 +
 .../PlatformLibWrapper/PlatformLibWrapper.c   |   85 ++
 .../PlatformLibWrapper/PlatformLibWrapper.inf |   33 +
 .../SpdmLib/Include/Stub/SpdmLibStub.h        |  347 +++++
 .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h   |   23 +
 .../SpdmLib/Include/hal/LibspdmStdDefAlt.h    |   16 +
 .../SpdmLib/Include/hal/LibspdmStdIntAlt.h    |   25 +
 .../DeviceSecurity/SpdmLib/Include/hal/base.h |   94 ++
 .../SpdmLib/Include/hal/library/debuglib.h    |   39 +
 .../SpdmLib/Include/library/spdm_lib_config.h |  394 ++++++
 .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf  |   47 +
 .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf   |   45 +
 .../SpdmLib/SpdmDeviceSecretLibNull.inf       |   36 +
 .../SpdmLib/SpdmRequesterLib.inf              |   59 +
 .../SpdmLib/SpdmResponderLib.inf              |   61 +
 .../SpdmLib/SpdmSecuredMessageLib.inf         |   44 +
 .../SpdmLib/SpdmTransportMctpLib.inf          |   38 +
 .../SpdmLib/SpdmTransportPciDoeLib.inf        |   38 +
 SecurityPkg/DeviceSecurity/SpdmLib/libspdm    |    1 +
 .../SpdmSecurityLib/SpdmAuthentication.c      |  697 +++++++++++
 .../SpdmSecurityLib/SpdmConnectionInit.c      |  481 +++++++
 .../SpdmSecurityLib/SpdmMeasurement.c         |  714 +++++++++++
 .../SpdmSecurityLib/SpdmSecurityLib.c         |  148 +++
 .../SpdmSecurityLib/SpdmSecurityLib.inf       |   54 +
 .../SpdmSecurityLib/SpdmSecurityLibInternal.h |  250 ++++
 SecurityPkg/Include/Library/SpdmSecurityLib.h |  437 +++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h  |   23 +-
 .../Include/Protocol/DeviceSecurityPolicy.h   |  133 ++
 .../HashLibBaseCryptoRouterDxe.c              |   88 +-
 .../Library/Tpm2CommandLib/Tpm2NVStorage.c    |  122 +-
 SecurityPkg/SecurityPkg.ci.yaml               |   17 +-
 SecurityPkg/SecurityPkg.dec                   |   13 +-
 SecurityPkg/SecurityPkg.dsc                   |   31 +-
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c             |   61 +-
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf           |    4 +-
 49 files changed, 7197 insertions(+), 85 deletions(-)
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
 create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h
 create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h
 create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117726): https://edk2.groups.io/g/devel/message/117726
Mute This Topic: https://groups.io/mt/105528198/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2024-04-15  1:59 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-15  1:58 [edk2-devel] [PATCH v3 00/10] Add DeviceSecurity feature based on PFP 1.06 spec Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 01/10] MdePkg: Add SPDM1.2 support Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 02/10] MdePkg: Add TCG PFP 1.06 support Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 03/10] MdePkg: Add devAuthBoot GlobalVariable Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 04/10] MdeModulePkg/Variable: Add TCG SPDM device measurement update Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 05/10] SecurityPkg: Add TCG PFP 1.06 support Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 06/10] SecurityPkg: add DeviceSecurity support Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 07/10] .pytool/CISettings.py: add libspdm submodule Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 08/10] .gitmodule: Add libspdm submodule for EDKII Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 09/10] SecurityPkg: Add libspdm submodule Wenxing Hou
2024-04-15  1:58 ` [edk2-devel] [PATCH v3 10/10] ReadMe.rst: Add libspdm submodule license Wenxing Hou

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox