From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 35B5B740034 for ; Wed, 12 Jun 2024 05:10:28 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=dE9n3KKlYMQkuB67njtTy8A+QPYb0gw8ZQNHnOTGS+o=; c=relaxed/simple; d=groups.io; h=From:Message-id:MIME-version:Subject:Date:In-reply-to:Cc:To:References:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-type; s=20240206; t=1718169027; v=1; b=Y57t3Ac8EWCAPARU9Q6A66gNXpSW0VogBqiXVNoR3p1YYW5OQVMCj6xtg7VPJP4m2PqqNUo+ V9tdQ1KfXE7OvTMnHTf4clC/XI8VhQTB/Tr7tixkEtzC4d1AMl2kklx9/kIpyGoWl+lK6ds3+Yl geqWxv0yznffH/koGvM0wO6stfBbObdWwNH+eGt3ESHLai6FTl01br+OJXga92KVtKhY6VdDY29 TTl3Jl6NympQeRee7S1F1DlNhlN2ElqZ5w8va2BRPtkgKAUDDnE78UQRu1r/driot52LlcfaHBt ciEUyoSiqZNewTk7xkyHpKgGfhQ93ts6JdGsaC3d6myNQ== X-Received: by 127.0.0.2 with SMTP id qdWgYY7687511x9Z0qezJ7oB; Tue, 11 Jun 2024 22:10:26 -0700 X-Received: from ma-mailsvcp-mx-lapp02.apple.com (ma-mailsvcp-mx-lapp02.apple.com [17.32.222.23]) by mx.groups.io with SMTP id smtpd.web10.4051.1718169025765803139 for ; Tue, 11 Jun 2024 22:10:25 -0700 X-Received: from rn-mailsvcp-mta-lapp01.rno.apple.com (rn-mailsvcp-mta-lapp01.rno.apple.com [10.225.203.149]) by ma-mailsvcp-mx-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0SEY00HTLBPAND10@ma-mailsvcp-mx-lapp02.apple.com> for devel@edk2.groups.io; Tue, 11 Jun 2024 22:10:25 -0700 (PDT) X-Received: from mr55p01nt-mmpp05.apple.com (mr55p01nt-mmpp05.apple.com [10.170.185.201]) by rn-mailsvcp-mta-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0SEY00SCABPB11B0@rn-mailsvcp-mta-lapp01.rno.apple.com>; Tue, 11 Jun 2024 22:10:24 -0700 (PDT) X-Received: from process_milters-daemon.mr55p01nt-mmpp05.apple.com by mr55p01nt-mmpp05.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0SEY1YO00BE7A600@mr55p01nt-mmpp05.apple.com>; Wed, 12 Jun 2024 05:10:23 +0000 (GMT) X-Va-A: X-Va-T-CD: ed1848c559ac2f53b46d916c29459a6a X-Va-E-CD: 3d436735529a1b6ce7f7cd2d304b0c65 X-Va-R-CD: f29e562d91fdb050871a11d5df6eb525 X-Va-ID: cc983f91-9b91-4296-81ba-ba45ab9c9342 X-Va-CD: 0 X-V-A: X-V-T-CD: ed1848c559ac2f53b46d916c29459a6a X-V-E-CD: 3d436735529a1b6ce7f7cd2d304b0c65 X-V-R-CD: f29e562d91fdb050871a11d5df6eb525 X-V-ID: 2f79130f-ed70-47c7-b7fd-88ac25cb8c22 X-V-CD: 0 X-Received: from smtpclient.apple (unknown [17.11.44.254]) by mr55p01nt-mmpp05.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0SEY1YJ4EBPALJ00@mr55p01nt-mmpp05.apple.com>; Wed, 12 Jun 2024 05:10:23 +0000 (GMT) From: "Andrew Fish via groups.io" Message-id: <670D88D6-2EFD-4C75-AD20-EAAEA0D9FFFF@apple.com> MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\)) Subject: Re: [edk2-devel] mDeviceSecurityProtocol with SPDM Date: Tue, 11 Jun 2024 22:10:12 -0700 In-reply-to: Cc: zhiqiang.zhao@intel.com, qi1.zhang@intel.com, "Yao, Jiewen" , Wenxing Hou To: edk2-devel-groups-io , alistair23@gmail.com References: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 11 Jun 2024 22:10:26 -0700 Resent-From: afish@apple.com Reply-To: devel@edk2.groups.io,afish@apple.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: G9147a7MmPfpFMIsW72iaZm6x7686176AA= Content-type: multipart/alternative; boundary="Apple-Mail=_161EF5AD-D4EF-453D-8C10-9BCA893B33F7" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Y57t3Ac8; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --Apple-Mail=_161EF5AD-D4EF-453D-8C10-9BCA893B33F7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 10, 2024, at 10:42=E2=80=AFPM, Alistair Francis wrote: >=20 > Hello, >=20 > I'm trying to use SPDM over DOE as a EDKII_DEVICE_SECURITY_PROTOCOL > implementation. >=20 > I'm using the DeviceSecurity fork from staging, with my own DOE > implementation [5]. >=20 > First I load `DeviceSecurityPolicyStub` [1], which consumes > `gEdkiiDeviceIdentifierTypePci > Guid` and produces > `gEdkiiDeviceSecurityPolicyProtocolGuid`. >=20 > Then I am loading `SpdmDeviceSecurityDxe` [2], which consumes > `gEdkiiDeviceSecurityPolicyProtocolGuid` and produces > `gEdkiiDeviceSecurityProtocolGuid`. >=20 > At which point I think the `gEdkiiDeviceSecurityProtocolGuid` should > work in PciBus [3]. Except the problem is that the PCIe bus is already > probed as `DeviceSecurityPolicyStub` consumes > `gEdkiiDeviceIdentifierTypePciGuid`. So I get stuck in a circular > loop. >=20 > Does anyone know how I can re-probe the `PciBusDxe` or somehow avoid > the circular dependency? >=20 > Or asking another way, is there a way to call the > `AuthenticatePciDevice()` [4] function after probing a PCIe device and > determining that the PCIe device supports DOE and SPDM? I don't see > any users of `gEfiDevicePathProtocolGuid` in upstream EDK2. >=20 The gEfiDevicePathProtocolGuid is just a distributed namespace that is crea= ted by a UEFI bus driver as it enumerates. The bus driver inherits the Devi= ce Path of the parent (does not care what it looks like) and appends a Devi= ce Path node for the handle the bus driver is creating to represent the dev= ice. So it is basically just the name of the device. It came about since we= needed to be able to make NVRAM Variables that pointed at hardware devices= , so the hardware devices needed names that identified the devices even if = the system got reconfigured.=20 So for example when the PCI Bus driver enumerates PCI devices it will creat= e child handles and add a PCI Device Path [1] node. This node contains the = PCI Dev and Func. It does not contain the bus as that could change based on= a configuration change. The PCI bus driver will start enumerating at the = root (some device path that represents the chipset) and then you enumerate= the 1st level (bus 0) devices, if that device is a PCI to PCI bridge then = it will have children with its own set of devices and functions. So you can= recurse down, and if some one inserts a card and you reset the system the = route is the same, but the assigned bus numbers change. For PCI there is no= t much reason to consume the gEfiDevicePathProtocolGuid as the EFI_PCI_IO_P= ROTOCOL [2], that the bus driver will install on the same handle as the Dev= ice Path has all the info contained in the Device Path, and much more.=20 [1] https://uefi.org/specs/UEFI/2.10/10_Protocols_Device_Path_Protocol.html= #pci-device-path [2] https://uefi.org/specs/UEFI/2.10/14_Protocols_PCI_Bus_Support.html#efi-= pci-i-o-protocol > 1: 2: https://github.com/tianocore/edk2-staging/blob/DeviceSecurity/Devic= eSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceSecurityDxe.inf#L56 https://github.com/tianocore/edk2-staging/blob/DeviceSecurity/DeviceSecurit= yTestPkg/Test/DeviceSecurityPolicyStub/DeviceSecurityPolicyStub.inf#L36 >=20 >=20 > 3: https://github.com/tianocore/edk2-staging/blob/DeviceSecurity/MdeModul= ePkg/Bus/Pci/PciBusDxe/PciBus.c#L299 > 4: https://github.com/tianocore/edk2-staging/blob/DeviceSecurity/MdeModul= ePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c#L2085 > 5: https://github.com/tianocore/edk2/pull/5715 >=20 > PS: This is the second mail, the first didn't make it to the list >=20 Alistair, If you are not subscribed to the mailing list you mail gets stuck in a manu= al moderation bucket. So when it looks like the mail did not make it, you a= re just in with the people trying to sell lights for chickens, and all the= people from around the world trying to sell mailing lists of people who at= tended random conferences we have never go to?=20 Thanks, Andrew Fish > Alistair >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119558): https://edk2.groups.io/g/devel/message/119558 Mute This Topic: https://groups.io/mt/106627087/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --Apple-Mail=_161EF5AD-D4EF-453D-8C10-9BCA893B33F7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On Jun 10, 2024, at 10:42= =E2=80=AFPM, Alistair Francis <alistair23@gmail.com> wrote:

Hello,

I'm trying to u= se SPDM over DOE as a EDKII_DEVICE_SECURITY_PROTOCOL
implementation.
=
I'm using the DeviceSecurity fork from staging, with my own DOE
impl= ementation [5].

First I load `DeviceSecurityPolicyStub` [1], which c= onsumes
`gEdkiiDeviceIdentifierTypePci
=
Guid` and produces
`gEdkii= DeviceSecurityPolicyProtocolGuid`.

Then I am loading `SpdmDeviceSecu= rityDxe` [2], which consumes
`gEdkiiDeviceSecurityPolicyProtocolGuid` an= d produces
`gEdkiiDeviceSecurityProtocolGuid`.

At which point I t= hink the `gEdkiiDeviceSecurityProtocolGuid` should
work in PciBus [3]. E= xcept the problem is that the PCIe bus is already
probed as `DeviceSecur= ityPolicyStub` consumes
`gEdkiiDeviceIdentifierTypePciGuid`. So I get st= uck in a circular
loop.

Does anyone know how I can re-probe the `= PciBusDxe` or somehow avoid
the circular dependency?

Or asking an= other way, is there a way to call the
`AuthenticatePciDevice()` [4] func= tion after probing a PCIe device and
determining that the PCIe device su= pports DOE and SPDM? I don't see
any users of `gEfiDevicePathProtocolGui= d` in upstream EDK2.


Th= e gEfiDevicePathProtocolGuid is just a distributed namespace that is create= d by a UEFI bus driver as it enumerates. The bus driver inherits the Device= Path of the parent (does not care what it looks like) and appends a Device= Path node for the handle the bus driver is creating to represent the devic= e. So it is basically just the name of the device. It came about since we n= eeded to be able to make NVRAM Variables that pointed at hardware devices, = so the hardware devices needed names that identified the devices even if th= e system got reconfigured. 

So for example wh= en the PCI Bus driver enumerates PCI devices it will create child handles a= nd add a PCI Device Path [1] node. This node contains the PCI Dev and Func.= It does not contain the bus as that could change based on a configuration = change.  The PCI bus driver will start enumerating at the root  (= some device path that represents the chipset) and then you enumerate the 1s= t level (bus 0) devices, if that device is a PCI to PCI bridge then it will= have children with its own set of devices and functions. So you can recurs= e down, and if some one inserts a card and you reset the system the route i= s the same, but the assigned bus numbers change. For PCI there is not much = reason to consume the gEfiDevicePathProtocolGuid as the EFI_PCI_IO_PROTOCOL= [2], that the bus driver will install on the same handle as the Device Pat= h has all the info contained in the Device Path, and much more. 
=

[1] https://uefi.org/spec= s/UEFI/2.10/10_Protocols_Device_Path_Protocol.html#pci-device-path
1: 2: https://github.com/tianocore/edk2-staging/= blob/DeviceSecurity/DeviceSecurityTestPkg/SpdmDeviceSecurityDxe/SpdmDeviceS= ecurityDxe.inf#L56
https://github.com/tian= ocore/edk2-staging/blob/DeviceSecurity/DeviceSecurityTestPkg/Test/DeviceSec= urityPolicyStub/DeviceSecurityPolicyStub.inf#L36

3: https://github.com/tianocore/edk2-staging/blo= b/DeviceSecurity/MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c#L299
4: https:/= /github.com/tianocore/edk2-staging/blob/DeviceSecurity/MdeModulePkg/Bus/Pci= /PciBusDxe/PciEnumeratorSupport.c#L2085
5: https://github.com/tianocore/= edk2/pull/5715

PS: This is the second mail, the first didn't make it= to the list


Alistair,<= /div>

If you are not subscribed to the mailing list you = mail gets stuck in a manual moderation bucket. So when it looks like the ma= il did not make it, you are just in with the people  trying to sell li= ghts for chickens, and all the people from around the world trying to sell = mailing lists of people who attended random conferences we have never go to= ? 

Thanks,

Andrew Fi= sh

Alistair





_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#119558) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--Apple-Mail=_161EF5AD-D4EF-453D-8C10-9BCA893B33F7--