From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web11.4133.1573134111097651298
 for <devel@edk2.groups.io>;
 Thu, 07 Nov 2019 05:41:51 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Nov 2019 05:41:51 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,278,1569308400"; 
   d="scan'208";a="201040455"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
  by fmsmga008.fm.intel.com with ESMTP; 07 Nov 2019 05:41:48 -0800
Received: from fmsmsx154.amr.corp.intel.com (10.18.116.70) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 7 Nov 2019 05:41:46 -0800
Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by
 FMSMSX154.amr.corp.intel.com (10.18.116.70) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 7 Nov 2019 05:41:46 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.108]) by
 SHSMSX153.ccr.corp.intel.com ([169.254.12.215]) with mapi id 14.03.0439.000;
 Thu, 7 Nov 2019 21:41:44 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Yao, Jiewen"
	<jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH V3 0/6] Add Device Security driver
Thread-Topic: [edk2-devel] [PATCH V3 0/6] Add Device Security driver
Thread-Index: AQHVlXCxGZw4C0QwJEGo4z7q0b2rOad/tzlg
Date: Thu, 7 Nov 2019 13:41:44 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F842E11@shsmsx102.ccr.corp.intel.com>
References: <15D4E4F6A90DA807.5771@groups.io>
In-Reply-To: <15D4E4F6A90DA807.5771@groups.io>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMWQ3MWQ1MDYtZmZmNi00MDhhLTgyYjktNGI1NTg5ZDdjZmYyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoib0pkY0xyK2Nzd0t5OUN3MzFNbkc4cXY2THU5U2pzY3JLSkpmb2JtenlDVEdVa1JnelJya3d0QlhGSGdpSk9CMCJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: jiewen.yao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I forget to mention that this patch is also pushed to git:

The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecur=
ityMasterV3
The EDKII platform repo update is at https://github.com/jyao1/edk2-platfor=
ms/tree/DeviceSecurityMasterV3

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiew=
en
> Sent: Thursday, November 7, 2019 9:38 PM
> To: devel@edk2.groups.io
> Subject: [edk2-devel] [PATCH V3 0/6] Add Device Security driver
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2303
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D V3 =3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> The V3 version addresses the feedback below:
>=20
> Liming Gao:
> 1. Add SPDM spec version and align to latest one 0.99a.
>=20
> Rangasai Chaganty:
> 1. put a reference to the spec at the file header, for Intel PCI securit=
y spec.
> 2. add some high level description above the structure definition that
>    describes the structure.
> 3. on the services "GetDevicePolicy" and "SetDeviceState", Add more erro=
r
>    return states
>=20
> Ray Ni:
> 1. add comments to each field of structures like
> EDKII_DEVICE_SECURITY_POLICY
>    and EDKII_DEVICE_SECURITY_STATE.
> 2. add comments to all the macros defined in this patch to explain the m=
eaning
>    and more important how they are going to impact the logic.
> 3. make the macro short
>     EDKII_DEVICE_MEASUREMENT_POLICY_REQUIRED ->
> EDKII_DEVICE_MEASUREMENT_REQUIRED
>     EDKII_DEVICE_AUTHENTICATION_POLICY_REQUIRED ->
> EDKII_DEVICE_AUTHENTICATION_REQUIRED
> 4. rename the SetDeviceState to NotifyDeviceState.
> 5. add comments to explain clearly what SetDeviceState() needs to do.
> 6. change the prototype so that caller needs to pass in a policy structu=
re and
>    GetDevicePolicy() fills the structure buffer using CopyMem.
> 7. add the version macro for
> EDKII_DEVICE_SECURITY_POLICY_PROTOCOL.Version,
>    securitypolicy.version and securitystate.version.
> 8. add clear debug information for DvSec capability header.
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D V2 =3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> This patch series add support for device security based
> upon the DMTF SPDM specification.
> https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.9=
5a
> .zip
>=20
> We did design review at 18 Oct, 2019.
> https://edk2.groups.io/g/devel/files/Designs/2019/1018
> And the feedback from the meeting is addressed.
> https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-
> Device%20Firmware%20Security%20v2.pdf
>=20
> The Device security protocol is added in EDKII repo.
> Here we add the producer what follows Intel PCI security spec
> to do the device firmware measurement.
> https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-
> security-enhancements-spec.html
>=20
> The EDKII repo update is at
> https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2
> The EDKII platform repo update is at https://github.com/jyao1/edk2-
> platforms/tree/DeviceSecurityMasterV2
>=20
> The validation has been done on a Intel internal platform.
> The device measurement can be shown in TCG event log.
>=20
> signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
>=20
> Jiewen Yao (6):
>   IntelSiliconPkg/Include: Add Intel PciSecurity definition.
>   IntelSiliconPkg/Include: Add Platform Device Security Policy protocol
>   IntelSiliconPkg/dec: Add ProtocolGuid definition.
>   IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity.
>   IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy.
>   IntelSiliconPkg/dsc: Add Device Security component.
>=20
>  .../IntelPciDeviceSecurityDxe.c               | 697 ++++++++++++++++++
>  .../IntelPciDeviceSecurityDxe.inf             |  45 ++
>  .../TcgDeviceEvent.h                          | 178 +++++
>  .../SamplePlatformDevicePolicyDxe.c           | 204 +++++
>  .../SamplePlatformDevicePolicyDxe.inf         |  40 +
>  .../IndustryStandard/IntelPciSecurity.h       |  92 +++
>  .../Protocol/PlatformDeviceSecurityPolicy.h   | 128 ++++
>  .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec |   4 +
>  .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc |   3 +
>  9 files changed, 1391 insertions(+)
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurit=
yDxe/Int
> elPciDeviceSecurityDxe.c
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurit=
yDxe/Int
> elPciDeviceSecurityDxe.inf
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurit=
yDxe/Tcg
> DeviceEvent.h
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDeviceP=
olicyD
> xe/SamplePlatformDevicePolicyDxe.c
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDeviceP=
olicyD
> xe/SamplePlatformDevicePolicyDxe.inf
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.=
h
>  create mode 100644
> Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPol=
icy.h
>=20
> --
> 2.19.2.windows.1
>=20
>=20
>=20