* Re: [edk2-devel] [PATCH V3 0/6] Add Device Security driver [not found] <15D4E4F6A90DA807.5771@groups.io> @ 2019-11-07 13:41 ` Yao, Jiewen 0 siblings, 0 replies; 4+ messages in thread From: Yao, Jiewen @ 2019-11-07 13:41 UTC (permalink / raw) To: devel@edk2.groups.io, Yao, Jiewen I forget to mention that this patch is also pushed to git: The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV3 The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV3 > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen > Sent: Thursday, November 7, 2019 9:38 PM > To: devel@edk2.groups.io > Subject: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 > > =============== V3 =============== > > The V3 version addresses the feedback below: > > Liming Gao: > 1. Add SPDM spec version and align to latest one 0.99a. > > Rangasai Chaganty: > 1. put a reference to the spec at the file header, for Intel PCI security spec. > 2. add some high level description above the structure definition that > describes the structure. > 3. on the services "GetDevicePolicy" and "SetDeviceState", Add more error > return states > > Ray Ni: > 1. add comments to each field of structures like > EDKII_DEVICE_SECURITY_POLICY > and EDKII_DEVICE_SECURITY_STATE. > 2. add comments to all the macros defined in this patch to explain the meaning > and more important how they are going to impact the logic. > 3. make the macro short > EDKII_DEVICE_MEASUREMENT_POLICY_REQUIRED -> > EDKII_DEVICE_MEASUREMENT_REQUIRED > EDKII_DEVICE_AUTHENTICATION_POLICY_REQUIRED -> > EDKII_DEVICE_AUTHENTICATION_REQUIRED > 4. rename the SetDeviceState to NotifyDeviceState. > 5. add comments to explain clearly what SetDeviceState() needs to do. > 6. change the prototype so that caller needs to pass in a policy structure and > GetDevicePolicy() fills the structure buffer using CopyMem. > 7. add the version macro for > EDKII_DEVICE_SECURITY_POLICY_PROTOCOL.Version, > securitypolicy.version and securitystate.version. > 8. add clear debug information for DvSec capability header. > > =============== V2 =============== > > This patch series add support for device security based > upon the DMTF SPDM specification. > https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a > .zip > > We did design review at 18 Oct, 2019. > https://edk2.groups.io/g/devel/files/Designs/2019/1018 > And the feedback from the meeting is addressed. > https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII- > Device%20Firmware%20Security%20v2.pdf > > The Device security protocol is added in EDKII repo. > Here we add the producer what follows Intel PCI security spec > to do the device firmware measurement. > https://www.intel.com/content/www/us/en/io/pci-express/pcie-device- > security-enhancements-spec.html > > The EDKII repo update is at > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 > The EDKII platform repo update is at https://github.com/jyao1/edk2- > platforms/tree/DeviceSecurityMasterV2 > > The validation has been done on a Intel internal platform. > The device measurement can be shown in TCG event log. > > signed-off-by: Jiewen Yao <jiewen.yao@intel.com> > > Jiewen Yao (6): > IntelSiliconPkg/Include: Add Intel PciSecurity definition. > IntelSiliconPkg/Include: Add Platform Device Security Policy protocol > IntelSiliconPkg/dec: Add ProtocolGuid definition. > IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity. > IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy. > IntelSiliconPkg/dsc: Add Device Security component. > > .../IntelPciDeviceSecurityDxe.c | 697 ++++++++++++++++++ > .../IntelPciDeviceSecurityDxe.inf | 45 ++ > .../TcgDeviceEvent.h | 178 +++++ > .../SamplePlatformDevicePolicyDxe.c | 204 +++++ > .../SamplePlatformDevicePolicyDxe.inf | 40 + > .../IndustryStandard/IntelPciSecurity.h | 92 +++ > .../Protocol/PlatformDeviceSecurityPolicy.h | 128 ++++ > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 4 + > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 + > 9 files changed, 1391 insertions(+) > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Int > elPciDeviceSecurityDxe.c > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Int > elPciDeviceSecurityDxe.inf > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Tcg > DeviceEvent.h > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyD > xe/SamplePlatformDevicePolicyDxe.c > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyD > xe/SamplePlatformDevicePolicyDxe.inf > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h > > -- > 2.19.2.windows.1 > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH V3 0/6] Add Device Security driver @ 2019-11-07 13:38 Yao, Jiewen 2019-11-08 4:23 ` [edk2-devel] " Javeed, Ashraf 0 siblings, 1 reply; 4+ messages in thread From: Yao, Jiewen @ 2019-11-07 13:38 UTC (permalink / raw) To: devel REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 =============== V3 =============== The V3 version addresses the feedback below: Liming Gao: 1. Add SPDM spec version and align to latest one 0.99a. Rangasai Chaganty: 1. put a reference to the spec at the file header, for Intel PCI security spec. 2. add some high level description above the structure definition that describes the structure. 3. on the services "GetDevicePolicy" and "SetDeviceState", Add more error return states Ray Ni: 1. add comments to each field of structures like EDKII_DEVICE_SECURITY_POLICY and EDKII_DEVICE_SECURITY_STATE. 2. add comments to all the macros defined in this patch to explain the meaning and more important how they are going to impact the logic. 3. make the macro short EDKII_DEVICE_MEASUREMENT_POLICY_REQUIRED -> EDKII_DEVICE_MEASUREMENT_REQUIRED EDKII_DEVICE_AUTHENTICATION_POLICY_REQUIRED -> EDKII_DEVICE_AUTHENTICATION_REQUIRED 4. rename the SetDeviceState to NotifyDeviceState. 5. add comments to explain clearly what SetDeviceState() needs to do. 6. change the prototype so that caller needs to pass in a policy structure and GetDevicePolicy() fills the structure buffer using CopyMem. 7. add the version macro for EDKII_DEVICE_SECURITY_POLICY_PROTOCOL.Version, securitypolicy.version and securitystate.version. 8. add clear debug information for DvSec capability header. =============== V2 =============== This patch series add support for device security based upon the DMTF SPDM specification. https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip We did design review at 18 Oct, 2019. https://edk2.groups.io/g/devel/files/Designs/2019/1018 And the feedback from the meeting is addressed. https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf The Device security protocol is added in EDKII repo. Here we add the producer what follows Intel PCI security spec to do the device firmware measurement. https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2 The validation has been done on a Intel internal platform. The device measurement can be shown in TCG event log. signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Jiewen Yao (6): IntelSiliconPkg/Include: Add Intel PciSecurity definition. IntelSiliconPkg/Include: Add Platform Device Security Policy protocol IntelSiliconPkg/dec: Add ProtocolGuid definition. IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity. IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy. IntelSiliconPkg/dsc: Add Device Security component. .../IntelPciDeviceSecurityDxe.c | 697 ++++++++++++++++++ .../IntelPciDeviceSecurityDxe.inf | 45 ++ .../TcgDeviceEvent.h | 178 +++++ .../SamplePlatformDevicePolicyDxe.c | 204 +++++ .../SamplePlatformDevicePolicyDxe.inf | 40 + .../IndustryStandard/IntelPciSecurity.h | 92 +++ .../Protocol/PlatformDeviceSecurityPolicy.h | 128 ++++ .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 4 + .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 + 9 files changed, 1391 insertions(+) create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.c create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.inf create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h -- 2.19.2.windows.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] [PATCH V3 0/6] Add Device Security driver 2019-11-07 13:38 Yao, Jiewen @ 2019-11-08 4:23 ` Javeed, Ashraf 2019-11-08 5:14 ` Yao, Jiewen 0 siblings, 1 reply; 4+ messages in thread From: Javeed, Ashraf @ 2019-11-08 4:23 UTC (permalink / raw) To: devel@edk2.groups.io, Yao, Jiewen Jiewen, It could be better to organize your PcieSecurity driver stack under a common "Pci" folder; like under the following path: "Intel/IntelSiliconPkg/Feature/Pci" Thanks Ashraf > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen > Sent: Thursday, November 7, 2019 7:08 PM > To: devel@edk2.groups.io > Subject: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 > > =============== V3 =============== > > The V3 version addresses the feedback below: > > Liming Gao: > 1. Add SPDM spec version and align to latest one 0.99a. > > Rangasai Chaganty: > 1. put a reference to the spec at the file header, for Intel PCI security spec. > 2. add some high level description above the structure definition that > describes the structure. > 3. on the services "GetDevicePolicy" and "SetDeviceState", Add more error > return states > > Ray Ni: > 1. add comments to each field of structures like > EDKII_DEVICE_SECURITY_POLICY > and EDKII_DEVICE_SECURITY_STATE. > 2. add comments to all the macros defined in this patch to explain the meaning > and more important how they are going to impact the logic. > 3. make the macro short > EDKII_DEVICE_MEASUREMENT_POLICY_REQUIRED -> > EDKII_DEVICE_MEASUREMENT_REQUIRED > EDKII_DEVICE_AUTHENTICATION_POLICY_REQUIRED -> > EDKII_DEVICE_AUTHENTICATION_REQUIRED > 4. rename the SetDeviceState to NotifyDeviceState. > 5. add comments to explain clearly what SetDeviceState() needs to do. > 6. change the prototype so that caller needs to pass in a policy structure and > GetDevicePolicy() fills the structure buffer using CopyMem. > 7. add the version macro for > EDKII_DEVICE_SECURITY_POLICY_PROTOCOL.Version, > securitypolicy.version and securitystate.version. > 8. add clear debug information for DvSec capability header. > > =============== V2 =============== > > This patch series add support for device security based upon the DMTF SPDM > specification. > https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a > .zip > > We did design review at 18 Oct, 2019. > https://edk2.groups.io/g/devel/files/Designs/2019/1018 > And the feedback from the meeting is addressed. > https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII- > Device%20Firmware%20Security%20v2.pdf > > The Device security protocol is added in EDKII repo. > Here we add the producer what follows Intel PCI security spec to do the device > firmware measurement. > https://www.intel.com/content/www/us/en/io/pci-express/pcie-device- > security-enhancements-spec.html > > The EDKII repo update is at > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 > The EDKII platform repo update is at https://github.com/jyao1/edk2- > platforms/tree/DeviceSecurityMasterV2 > > The validation has been done on a Intel internal platform. > The device measurement can be shown in TCG event log. > > signed-off-by: Jiewen Yao <jiewen.yao@intel.com> > > Jiewen Yao (6): > IntelSiliconPkg/Include: Add Intel PciSecurity definition. > IntelSiliconPkg/Include: Add Platform Device Security Policy protocol > IntelSiliconPkg/dec: Add ProtocolGuid definition. > IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity. > IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy. > IntelSiliconPkg/dsc: Add Device Security component. > > .../IntelPciDeviceSecurityDxe.c | 697 ++++++++++++++++++ > .../IntelPciDeviceSecurityDxe.inf | 45 ++ > .../TcgDeviceEvent.h | 178 +++++ > .../SamplePlatformDevicePolicyDxe.c | 204 +++++ > .../SamplePlatformDevicePolicyDxe.inf | 40 + > .../IndustryStandard/IntelPciSecurity.h | 92 +++ > .../Protocol/PlatformDeviceSecurityPolicy.h | 128 ++++ > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 4 + > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 + > 9 files changed, 1391 insertions(+) > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Int > elPciDeviceSecurityDxe.c > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Int > elPciDeviceSecurityDxe.inf > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Tcg > DeviceEvent.h > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyD > xe/SamplePlatformDevicePolicyDxe.c > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyD > xe/SamplePlatformDevicePolicyDxe.inf > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h > create mode 100644 > Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h > > -- > 2.19.2.windows.1 > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] [PATCH V3 0/6] Add Device Security driver 2019-11-08 4:23 ` [edk2-devel] " Javeed, Ashraf @ 2019-11-08 5:14 ` Yao, Jiewen 2019-11-08 10:25 ` Javeed, Ashraf 0 siblings, 1 reply; 4+ messages in thread From: Yao, Jiewen @ 2019-11-08 5:14 UTC (permalink / raw) To: Javeed, Ashraf, devel@edk2.groups.io Right. I have put them to edk2-platforms\Silicon\Intel\IntelSiliconPkg\Feature\PcieSecurity. Similar to Capsule, SmmAccess, VTd. Thank you Yao Jiewen > -----Original Message----- > From: Javeed, Ashraf <ashraf.javeed@intel.com> > Sent: Friday, November 8, 2019 12:23 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> > Subject: RE: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > Jiewen, > It could be better to organize your PcieSecurity driver stack under a common > "Pci" folder; like under the following path: > "Intel/IntelSiliconPkg/Feature/Pci" > > Thanks > Ashraf > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, > Jiewen > > Sent: Thursday, November 7, 2019 7:08 PM > > To: devel@edk2.groups.io > > Subject: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 > > > > =============== V3 =============== > > > > The V3 version addresses the feedback below: > > > > Liming Gao: > > 1. Add SPDM spec version and align to latest one 0.99a. > > > > Rangasai Chaganty: > > 1. put a reference to the spec at the file header, for Intel PCI security spec. > > 2. add some high level description above the structure definition that > > describes the structure. > > 3. on the services "GetDevicePolicy" and "SetDeviceState", Add more error > > return states > > > > Ray Ni: > > 1. add comments to each field of structures like > > EDKII_DEVICE_SECURITY_POLICY > > and EDKII_DEVICE_SECURITY_STATE. > > 2. add comments to all the macros defined in this patch to explain the meaning > > and more important how they are going to impact the logic. > > 3. make the macro short > > EDKII_DEVICE_MEASUREMENT_POLICY_REQUIRED -> > > EDKII_DEVICE_MEASUREMENT_REQUIRED > > EDKII_DEVICE_AUTHENTICATION_POLICY_REQUIRED -> > > EDKII_DEVICE_AUTHENTICATION_REQUIRED > > 4. rename the SetDeviceState to NotifyDeviceState. > > 5. add comments to explain clearly what SetDeviceState() needs to do. > > 6. change the prototype so that caller needs to pass in a policy structure and > > GetDevicePolicy() fills the structure buffer using CopyMem. > > 7. add the version macro for > > EDKII_DEVICE_SECURITY_POLICY_PROTOCOL.Version, > > securitypolicy.version and securitystate.version. > > 8. add clear debug information for DvSec capability header. > > > > =============== V2 =============== > > > > This patch series add support for device security based upon the DMTF SPDM > > specification. > > > https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a > > .zip > > > > We did design review at 18 Oct, 2019. > > https://edk2.groups.io/g/devel/files/Designs/2019/1018 > > And the feedback from the meeting is addressed. > > https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII- > > Device%20Firmware%20Security%20v2.pdf > > > > The Device security protocol is added in EDKII repo. > > Here we add the producer what follows Intel PCI security spec to do the device > > firmware measurement. > > https://www.intel.com/content/www/us/en/io/pci-express/pcie-device- > > security-enhancements-spec.html > > > > The EDKII repo update is at > > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 > > The EDKII platform repo update is at https://github.com/jyao1/edk2- > > platforms/tree/DeviceSecurityMasterV2 > > > > The validation has been done on a Intel internal platform. > > The device measurement can be shown in TCG event log. > > > > signed-off-by: Jiewen Yao <jiewen.yao@intel.com> > > > > Jiewen Yao (6): > > IntelSiliconPkg/Include: Add Intel PciSecurity definition. > > IntelSiliconPkg/Include: Add Platform Device Security Policy protocol > > IntelSiliconPkg/dec: Add ProtocolGuid definition. > > IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity. > > IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy. > > IntelSiliconPkg/dsc: Add Device Security component. > > > > .../IntelPciDeviceSecurityDxe.c | 697 ++++++++++++++++++ > > .../IntelPciDeviceSecurityDxe.inf | 45 ++ > > .../TcgDeviceEvent.h | 178 +++++ > > .../SamplePlatformDevicePolicyDxe.c | 204 +++++ > > .../SamplePlatformDevicePolicyDxe.inf | 40 + > > .../IndustryStandard/IntelPciSecurity.h | 92 +++ > > .../Protocol/PlatformDeviceSecurityPolicy.h | 128 ++++ > > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 4 + > > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 + > > 9 files changed, 1391 insertions(+) > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Int > > elPciDeviceSecurityDxe.c > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Int > > elPciDeviceSecurityDxe.inf > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/Tcg > > DeviceEvent.h > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyD > > xe/SamplePlatformDevicePolicyDxe.c > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyD > > xe/SamplePlatformDevicePolicyDxe.inf > > create mode 100644 > > Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h > > create mode 100644 > > Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h > > > > -- > > 2.19.2.windows.1 > > > > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] [PATCH V3 0/6] Add Device Security driver 2019-11-08 5:14 ` Yao, Jiewen @ 2019-11-08 10:25 ` Javeed, Ashraf 0 siblings, 0 replies; 4+ messages in thread From: Javeed, Ashraf @ 2019-11-08 10:25 UTC (permalink / raw) To: Yao, Jiewen, devel@edk2.groups.io True, thought PCI is a vast topic, could be many more sample drivers in future, thus having under one" Pci" folder would be better. I know this is your third version already, and I could have reviewed it earlier and made this point. No issues now, could be moved in future. Regards Ashraf > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Friday, November 8, 2019 10:44 AM > To: Javeed, Ashraf <ashraf.javeed@intel.com>; devel@edk2.groups.io > Subject: RE: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > Right. I have put them to edk2- > platforms\Silicon\Intel\IntelSiliconPkg\Feature\PcieSecurity. Similar to Capsule, > SmmAccess, VTd. > > Thank you > Yao Jiewen > > > -----Original Message----- > > From: Javeed, Ashraf <ashraf.javeed@intel.com> > > Sent: Friday, November 8, 2019 12:23 PM > > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> > > Subject: RE: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > > > Jiewen, > > It could be better to organize your PcieSecurity driver stack under a > > common "Pci" folder; like under the following path: > > "Intel/IntelSiliconPkg/Feature/Pci" > > > > Thanks > > Ashraf > > > > > -----Original Message----- > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, > > Jiewen > > > Sent: Thursday, November 7, 2019 7:08 PM > > > To: devel@edk2.groups.io > > > Subject: [edk2-devel] [PATCH V3 0/6] Add Device Security driver > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 > > > > > > =============== V3 =============== > > > > > > The V3 version addresses the feedback below: > > > > > > Liming Gao: > > > 1. Add SPDM spec version and align to latest one 0.99a. > > > > > > Rangasai Chaganty: > > > 1. put a reference to the spec at the file header, for Intel PCI security spec. > > > 2. add some high level description above the structure definition that > > > describes the structure. > > > 3. on the services "GetDevicePolicy" and "SetDeviceState", Add more error > > > return states > > > > > > Ray Ni: > > > 1. add comments to each field of structures like > > > EDKII_DEVICE_SECURITY_POLICY > > > and EDKII_DEVICE_SECURITY_STATE. > > > 2. add comments to all the macros defined in this patch to explain the > meaning > > > and more important how they are going to impact the logic. > > > 3. make the macro short > > > EDKII_DEVICE_MEASUREMENT_POLICY_REQUIRED -> > > > EDKII_DEVICE_MEASUREMENT_REQUIRED > > > EDKII_DEVICE_AUTHENTICATION_POLICY_REQUIRED -> > > > EDKII_DEVICE_AUTHENTICATION_REQUIRED > > > 4. rename the SetDeviceState to NotifyDeviceState. > > > 5. add comments to explain clearly what SetDeviceState() needs to do. > > > 6. change the prototype so that caller needs to pass in a policy structure and > > > GetDevicePolicy() fills the structure buffer using CopyMem. > > > 7. add the version macro for > > > EDKII_DEVICE_SECURITY_POLICY_PROTOCOL.Version, > > > securitypolicy.version and securitystate.version. > > > 8. add clear debug information for DvSec capability header. > > > > > > =============== V2 =============== > > > > > > This patch series add support for device security based upon the > > > DMTF SPDM specification. > > > > > https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0 > > .95a > > > .zip > > > > > > We did design review at 18 Oct, 2019. > > > https://edk2.groups.io/g/devel/files/Designs/2019/1018 > > > And the feedback from the meeting is addressed. > > > https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII- > > > Device%20Firmware%20Security%20v2.pdf > > > > > > The Device security protocol is added in EDKII repo. > > > Here we add the producer what follows Intel PCI security spec to do > > > the device firmware measurement. > > > https://www.intel.com/content/www/us/en/io/pci-express/pcie-device- > > > security-enhancements-spec.html > > > > > > The EDKII repo update is at > > > https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2 > > > The EDKII platform repo update is at https://github.com/jyao1/edk2- > > > platforms/tree/DeviceSecurityMasterV2 > > > > > > The validation has been done on a Intel internal platform. > > > The device measurement can be shown in TCG event log. > > > > > > signed-off-by: Jiewen Yao <jiewen.yao@intel.com> > > > > > > Jiewen Yao (6): > > > IntelSiliconPkg/Include: Add Intel PciSecurity definition. > > > IntelSiliconPkg/Include: Add Platform Device Security Policy protocol > > > IntelSiliconPkg/dec: Add ProtocolGuid definition. > > > IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity. > > > IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy. > > > IntelSiliconPkg/dsc: Add Device Security component. > > > > > > .../IntelPciDeviceSecurityDxe.c | 697 ++++++++++++++++++ > > > .../IntelPciDeviceSecurityDxe.inf | 45 ++ > > > .../TcgDeviceEvent.h | 178 +++++ > > > .../SamplePlatformDevicePolicyDxe.c | 204 +++++ > > > .../SamplePlatformDevicePolicyDxe.inf | 40 + > > > .../IndustryStandard/IntelPciSecurity.h | 92 +++ > > > .../Protocol/PlatformDeviceSecurityPolicy.h | 128 ++++ > > > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 4 + > > > .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 + > > > 9 files changed, 1391 insertions(+) create mode 100644 > > > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecur > > ityDxe/Int > > > elPciDeviceSecurityDxe.c > > > create mode 100644 > > > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecur > > ityDxe/Int > > > elPciDeviceSecurityDxe.inf > > > create mode 100644 > > > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecur > > ityDxe/Tcg > > > DeviceEvent.h > > > create mode 100644 > > > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevic > > ePolicyD > > > xe/SamplePlatformDevicePolicyDxe.c > > > create mode 100644 > > > > > Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevic > > ePolicyD > > > xe/SamplePlatformDevicePolicyDxe.inf > > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecur > > > ity.h > > > create mode 100644 > > > Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurit > > > yPolicy.h > > > > > > -- > > > 2.19.2.windows.1 > > > > > > > > > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-08 10:25 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <15D4E4F6A90DA807.5771@groups.io> 2019-11-07 13:41 ` [edk2-devel] [PATCH V3 0/6] Add Device Security driver Yao, Jiewen 2019-11-07 13:38 Yao, Jiewen 2019-11-08 4:23 ` [edk2-devel] " Javeed, Ashraf 2019-11-08 5:14 ` Yao, Jiewen 2019-11-08 10:25 ` Javeed, Ashraf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox