From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web09.4149.1573134086223867757 for ; Thu, 07 Nov 2019 05:41:26 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Nov 2019 05:41:25 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,278,1569308400"; d="scan'208";a="206151106" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga006.jf.intel.com with ESMTP; 07 Nov 2019 05:41:25 -0800 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 7 Nov 2019 05:41:25 -0800 Received: from shsmsx106.ccr.corp.intel.com (10.239.4.159) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 7 Nov 2019 05:41:24 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.108]) by SHSMSX106.ccr.corp.intel.com ([169.254.10.248]) with mapi id 14.03.0439.000; Thu, 7 Nov 2019 21:41:23 +0800 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH V3 0/4] Add SPDM device security Thread-Topic: [edk2-devel] [PATCH V3 0/4] Add SPDM device security Thread-Index: AQHVlXChQJD109UWsk2FnVg5Imq3M6d/tuiA Date: Thu, 7 Nov 2019 13:41:22 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F842DF5@shsmsx102.ccr.corp.intel.com> References: <15D4E4ECB733E1AF.3926@groups.io> In-Reply-To: <15D4E4ECB733E1AF.3926@groups.io> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTgzODFkZjYtZDllNi00ZmQ2LWJiZDktOWM5MDcxOThhZWFiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQW1GQ2pEMTZuQ1hNY1Q1SkM0M0RwK0N6cEd1SnMyYjFUMVFENjBBZDRTSnltd2hnQWhGUE5iU2VKeXZ4NjlwdCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jiewen.yao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi I forget to mention that this patch is also pushed to git. The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecur= ityMasterV3 The EDKII platform repo update is at https://github.com/jyao1/edk2-platfor= ms/tree/DeviceSecurityMasterV3 Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiew= en > Sent: Thursday, November 7, 2019 9:38 PM > To: devel@edk2.groups.io > Subject: [edk2-devel] [PATCH V3 0/4] Add SPDM device security >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2303 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D v3 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > The patch addresses the feedback below: > Liming Gao: > 1) specify the spec version in file header for SPDM. >=20 > Ray Ni: > 1) create a standalone function like PciDeviceAuthenticate() and > move the new code to that function then call it from CreatePciIoDevice >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D v2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > This patch series add support for device security based > upon the DMTF SPDM specification. > https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.9= 5a > .zip >=20 > We did design review at 18 Oct, 2019. > https://edk2.groups.io/g/devel/files/Designs/2019/1018 > And the feedback from the meeting is addressed. > https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII- > Device%20Firmware%20Security%20v2.pdf >=20 > We add the Device security protocol in EDKII repo. > PCI bus driver consumes the interface. > If there is no producer, the PCI bus driver keeps current behavior. >=20 > So far, we only provide the producer what follows Intel > PCI security spec. > https://www.intel.com/content/www/us/en/io/pci-express/pcie-device- > security-enhancements-spec.html > The implementation is put to EDKII platform repo. >=20 > The EDKII repo update is at > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 > The EDKII platform repo update is at https://github.com/jyao1/edk2- > platforms/tree/DeviceSecurityMasterV2 >=20 > The validation has been done on a Intel internal platform. > The device measurement can be shown in TCG event log. >=20 > signed-off-by: Jiewen Yao >=20 > Jiewen Yao (4): > MdePkg/Include: Add DMTF SPDM definition. > MdeModulePkg/Include: Add DeviceSecurity.h > MdeModulePkg/dec: Add EdkiiDeviceSecurityProtocolGuid. > MdeModulePkg/Pci: Add DeviceSecurity support. >=20 > MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.c | 12 +- > MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 1 + > MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf | 4 +- > .../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 77 +++++ > MdeModulePkg/Bus/Pci/PciBusDxe/PciLib.c | 4 +- > .../Include/Protocol/DeviceSecurity.h | 162 +++++++++ > MdeModulePkg/MdeModulePkg.dec | 5 + > MdePkg/Include/IndustryStandard/Spdm.h | 320 ++++++++++++++++++ > 8 files changed, 581 insertions(+), 4 deletions(-) > create mode 100644 MdeModulePkg/Include/Protocol/DeviceSecurity.h > create mode 100644 MdePkg/Include/IndustryStandard/Spdm.h >=20 > -- > 2.19.2.windows.1 >=20 >=20 >=20