From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web10.6665.1573196037662764039 for ; Thu, 07 Nov 2019 22:53:57 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: ray.ni@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Nov 2019 22:53:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,280,1569308400"; d="scan'208";a="213187995" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 07 Nov 2019 22:53:53 -0800 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 7 Nov 2019 22:53:53 -0800 Received: from shsmsx154.ccr.corp.intel.com (10.239.6.54) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 7 Nov 2019 22:53:52 -0800 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.127]) by SHSMSX154.ccr.corp.intel.com ([169.254.7.200]) with mapi id 14.03.0439.000; Fri, 8 Nov 2019 14:53:50 +0800 From: "Ni, Ray" To: "devel@edk2.groups.io" , "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH V3 0/4] Add SPDM device security Thread-Topic: [edk2-devel] [PATCH V3 0/4] Add SPDM device security Thread-Index: AQHVlXChrelFB937Lkama5+vgm795Kd/tuiAgAEgWzA= Date: Fri, 8 Nov 2019 06:53:50 +0000 Message-ID: <734D49CCEBEEF84792F5B80ED585239D5C354F25@SHSMSX104.ccr.corp.intel.com> References: <15D4E4ECB733E1AF.3926@groups.io> <74D8A39837DF1E4DA445A8C0B3885C503F842DF5@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F842DF5@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: ray.ni@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable For changes in edk2 repo, Reviewed-by: Ray Ni > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, > Jiewen > Sent: Thursday, November 7, 2019 9:41 PM > To: devel@edk2.groups.io; Yao, Jiewen > Subject: Re: [edk2-devel] [PATCH V3 0/4] Add SPDM device security >=20 > Hi > I forget to mention that this patch is also pushed to git. >=20 > The EDKII repo update is at > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV3 > The EDKII platform repo update is at https://github.com/jyao1/edk2- > platforms/tree/DeviceSecurityMasterV3 >=20 > Thank you > Yao Jiewen >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Yao, > > Jiewen > > Sent: Thursday, November 7, 2019 9:38 PM > > To: devel@edk2.groups.io > > Subject: [edk2-devel] [PATCH V3 0/4] Add SPDM device security > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2303 > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D v3 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > The patch addresses the feedback below: > > Liming Gao: > > 1) specify the spec version in file header for SPDM. > > > > Ray Ni: > > 1) create a standalone function like PciDeviceAuthenticate() and move > > the new code to that function then call it from CreatePciIoDevice > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D v2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > This patch series add support for device security based upon the DMTF > > SPDM specification. > > > https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0 > > .95a > > .zip > > > > We did design review at 18 Oct, 2019. > > https://edk2.groups.io/g/devel/files/Designs/2019/1018 > > And the feedback from the meeting is addressed. > > https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII- > > Device%20Firmware%20Security%20v2.pdf > > > > We add the Device security protocol in EDKII repo. > > PCI bus driver consumes the interface. > > If there is no producer, the PCI bus driver keeps current behavior. > > > > So far, we only provide the producer what follows Intel PCI security > > spec. > > https://www.intel.com/content/www/us/en/io/pci-express/pcie-device- > > security-enhancements-spec.html > > The implementation is put to EDKII platform repo. > > > > The EDKII repo update is at > > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 > > The EDKII platform repo update is at https://github.com/jyao1/edk2- > > platforms/tree/DeviceSecurityMasterV2 > > > > The validation has been done on a Intel internal platform. > > The device measurement can be shown in TCG event log. > > > > signed-off-by: Jiewen Yao > > > > Jiewen Yao (4): > > MdePkg/Include: Add DMTF SPDM definition. > > MdeModulePkg/Include: Add DeviceSecurity.h > > MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid. > > MdeModulePkg/Pci: Add DeviceSecurity support. > > > > MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c | 12 +- > > MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 1 + > > MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf | 4 +- > > .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 77 +++++ > > MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 4 +- > > .../Include/Protocol/DeviceSecurity.h | 162 +++++++++ > > MdeModulePkg/MdeModulePkg.dec | 5 + > > MdePkg/Include/IndustryStandard/Spdm.h | 320 > ++++++++++++++++++ > > 8 files changed, 581 insertions(+), 4 deletions(-) create mode > > 100644 MdeModulePkg/Include/Protocol/DeviceSecurity.h > > create mode 100644 MdePkg/Include/IndustryStandard/Spdm.h > > > > -- > > 2.19.2.windows.1 > > > > > > >=20 >=20 >=20