* Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec [not found] <17C755C8DBF259BF.15491@groups.io> @ 2024-04-18 10:15 ` Wenxing Hou 2024-04-21 2:30 ` Yao, Jiewen 0 siblings, 1 reply; 6+ messages in thread From: Wenxing Hou @ 2024-04-18 10:15 UTC (permalink / raw) To: devel@edk2.groups.io, Andrew Fish, Leif Lindholm, Kinney, Michael D, Liming Gao, Sean Brogan, Joey Vagedes, Liu, Zhiguang, Kumar, Rahul R, Yao, Jiewen Dear EDKII reviewers: Thank you for your previous review of this patch set. Currently, five patches have been reviewed by. But there are five patches need review. Patch1: MdePkg: Add SPDM1.2 support. Patch2: MdePkg: Add TCG PFP 1.06 support. Patch4: MdeModulePkg/Variable: Add TCG SPDM device measurement update Patch8: .gitmodule: Add libspdm submodule for EDKII Patch10: ReadMe.rst: Add libspdm submodule license Could you please review the PATCH v4? PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH v4. Jiewen has no questions about all the patches anymore. Thanks, Wenxing -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wenxing Hou Sent: Thursday, April 18, 2024 5:28 PM To: devel@edk2.groups.io Cc: Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen <jiewen.yao@intel.com> Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder. This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement. Libspdm as submodule is to support DeviceSecurity feature: https://github.com/DMTF/libspdm TCG PFP spec 1.06: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ The POC branch: https://github.com/tianocore/edk2-staging/tree/DeviceSecurity And the PATCH set has passed the EDKII CI: https://github.com/tianocore/edk2/pull/5508 v2 changes: - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication v3 changes: - Add new patch 10: Update ReadMe.rst for libspdm submodule license v4 changes: - Update submodule libspdm to latest tag PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <quic_llindhol@quicinc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Joey Vagedes <joey.vagedes@gmail.com> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Wenxing Hou (10): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. SecurityPkg: add DeviceSecurity support .pytool/CISettings.py: add libspdm submodule. .gitmodule: Add libspdm submodule for EDKII SecurityPkg: Add libspdm submodule ReadMe.rst: Add libspdm submodule license .gitmodules | 3 + .pytool/CISettings.py | 2 + MdeModulePkg/MdeModulePkg.dec | 5 + .../Variable/RuntimeDxe/Measurement.c | 38 +- .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdePkg/Include/Guid/GlobalVariable.h | 8 +- MdePkg/Include/Guid/ImageAuthentication.h | 5 +- MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- .../IndustryStandard/UefiTcgPlatform.h | 186 ++- ReadMe.rst | 1 + .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ .../CryptlibWrapper/CryptlibWrapper.inf | 38 + .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ .../SpdmLib/Include/hal/library/debuglib.h | 39 + .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + .../SpdmLib/SpdmRequesterLib.inf | 59 + .../SpdmLib/SpdmResponderLib.inf | 61 + .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + .../SpdmLib/SpdmTransportMctpLib.inf | 38 + .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ .../HashLibBaseCryptoRouterDxe.c | 88 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- SecurityPkg/SecurityPkg.ci.yaml | 17 +- SecurityPkg/SecurityPkg.dec | 13 +- SecurityPkg/SecurityPkg.dsc | 31 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- 49 files changed, 7197 insertions(+), 85 deletions(-) create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117981): https://edk2.groups.io/g/devel/message/117981 Mute This Topic: https://groups.io/mt/105594737/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec 2024-04-18 10:15 ` [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec Wenxing Hou @ 2024-04-21 2:30 ` Yao, Jiewen 2024-04-26 1:51 ` Wenxing Hou 0 siblings, 1 reply; 6+ messages in thread From: Yao, Jiewen @ 2024-04-21 2:30 UTC (permalink / raw) To: Hou, Wenxing, devel@edk2.groups.io, Andrew Fish, Leif Lindholm, Kinney, Michael D, Liming Gao, Sean Brogan, Joey Vagedes, Liu, Zhiguang, Kumar, Rahul R All series: Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Dear Steward member Do you have any concern on adding libspdm (https://github.com/DMTF/libspdm) as one more submodule? Thank you Yao, Jiewen > -----Original Message----- > From: Hou, Wenxing <wenxing.hou@intel.com> > Sent: Thursday, April 18, 2024 6:16 PM > To: devel@edk2.groups.io; Andrew Fish <afish@apple.com>; Leif Lindholm > <quic_llindhol@quicinc.com>; Kinney, Michael D <michael.d.kinney@intel.com>; > Liming Gao <gaoliming@byosoft.com.cn>; Sean Brogan > <sean.brogan@microsoft.com>; Joey Vagedes <joey.vagedes@gmail.com>; Liu, > Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; > Yao, Jiewen <jiewen.yao@intel.com> > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on > PFP 1.06 spec > > Dear EDKII reviewers: > > Thank you for your previous review of this patch set. > Currently, five patches have been reviewed by. > > But there are five patches need review. > Patch1: MdePkg: Add SPDM1.2 support. > Patch2: MdePkg: Add TCG PFP 1.06 support. > Patch4: MdeModulePkg/Variable: Add TCG SPDM device measurement > update > Patch8: .gitmodule: Add libspdm submodule for EDKII > Patch10: ReadMe.rst: Add libspdm submodule license > > Could you please review the PATCH v4? > > PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH v4. > Jiewen has no questions about all the patches anymore. > > Thanks, > Wenxing > > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wenxing Hou > Sent: Thursday, April 18, 2024 5:28 PM > To: devel@edk2.groups.io > Cc: Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; > Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Sean Brogan <sean.brogan@microsoft.com>; Joey > Vagedes <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen <jiewen.yao@intel.com> > Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP > 1.06 spec > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 > > In PFP spec 1.06, platform firmware records the device certificate and device > measurement for each SPDM responder. > This PATCH set implement the DeviceSecurityLib to support spdm device > Authentication and Measurement. > > Libspdm as submodule is to support DeviceSecurity feature: > https://github.com/DMTF/libspdm > > TCG PFP spec 1.06: > https://trustedcomputinggroup.org/resource/pc-client-specific-platform- > firmware-profile-specification/ > > The POC branch: > https://github.com/tianocore/edk2-staging/tree/DeviceSecurity > > And the PATCH set has passed the EDKII CI: > https://github.com/tianocore/edk2/pull/5508 > > v2 changes: > - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> > PcdEnableSpdmDeviceAuthentication > v3 changes: > - Add new patch 10: Update ReadMe.rst for libspdm submodule license > v4 changes: > - Update submodule libspdm to latest tag > > PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: > Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes > <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao > <jiewen.yao@intel.com> > > Cc: Andrew Fish <afish@apple.com> > Cc: Leif Lindholm <quic_llindhol@quicinc.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Sean Brogan <sean.brogan@microsoft.com> > Cc: Joey Vagedes <joey.vagedes@gmail.com> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> > > Wenxing Hou (10): > MdePkg: Add SPDM1.2 support. > MdePkg: Add TCG PFP 1.06 support. > MdePkg: Add devAuthBoot GlobalVariable > MdeModulePkg/Variable: Add TCG SPDM device measurement update > SecurityPkg: Add TCG PFP 1.06 support. > SecurityPkg: add DeviceSecurity support > .pytool/CISettings.py: add libspdm submodule. > .gitmodule: Add libspdm submodule for EDKII > SecurityPkg: Add libspdm submodule > ReadMe.rst: Add libspdm submodule license > > .gitmodules | 3 + > .pytool/CISettings.py | 2 + > MdeModulePkg/MdeModulePkg.dec | 5 + > .../Variable/RuntimeDxe/Measurement.c | 38 +- > .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + > .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + > MdePkg/Include/Guid/GlobalVariable.h | 8 +- > MdePkg/Include/Guid/ImageAuthentication.h | 5 +- > MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- > .../IndustryStandard/UefiTcgPlatform.h | 186 ++- > ReadMe.rst | 1 + > .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ > .../CryptlibWrapper/CryptlibWrapper.inf | 38 + > .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ > .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + > .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ > .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + > .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ > .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + > .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + > .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + > .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ > .../SpdmLib/Include/hal/library/debuglib.h | 39 + > .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ > .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + > .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + > .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + > .../SpdmLib/SpdmRequesterLib.inf | 59 + > .../SpdmLib/SpdmResponderLib.inf | 61 + > .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + > .../SpdmLib/SpdmTransportMctpLib.inf | 38 + > .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + > SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + > .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ > .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ > .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ > .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ > .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + > .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ > SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ > SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- > .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ > .../HashLibBaseCryptoRouterDxe.c | 88 +- > .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- > SecurityPkg/SecurityPkg.ci.yaml | 17 +- > SecurityPkg/SecurityPkg.dec | 13 +- > SecurityPkg/SecurityPkg.dsc | 31 +- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- > 49 files changed, 7197 insertions(+), 85 deletions(-) create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h > create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h > create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf > create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf > create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf > create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h > create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h > create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h > > -- > 2.26.2.windows.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118050): https://edk2.groups.io/g/devel/message/118050 Mute This Topic: https://groups.io/mt/105594737/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec 2024-04-21 2:30 ` Yao, Jiewen @ 2024-04-26 1:51 ` Wenxing Hou 2024-04-29 0:33 ` Yao, Jiewen 0 siblings, 1 reply; 6+ messages in thread From: Wenxing Hou @ 2024-04-26 1:51 UTC (permalink / raw) To: Yao, Jiewen, devel@edk2.groups.io, Andrew Fish, Leif Lindholm, Kinney, Michael D, Liming Gao, Sean Brogan, Joey Vagedes, Liu, Zhiguang, Kumar, Rahul R Hi EDKII stewards, Could you please review the libspdm license? The libspdm(https://github.com/DMTF/libspdm) is a implementation that follows the DMTF SPDM(https://www.dmtf.org/standards/spdm) spec. And the libspdm library is under DMTF repo. The license is: https://github.com/DMTF/libspdm/blob/main/LICENSE.md Thanks, Wenxing -----Original Message----- From: Yao, Jiewen <jiewen.yao@intel.com> Sent: Sunday, April 21, 2024 10:31 AM To: Hou, Wenxing <wenxing.hou@intel.com>; devel@edk2.groups.io; Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com> Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec All series: Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Dear Steward member Do you have any concern on adding libspdm (https://github.com/DMTF/libspdm) as one more submodule? Thank you Yao, Jiewen > -----Original Message----- > From: Hou, Wenxing <wenxing.hou@intel.com> > Sent: Thursday, April 18, 2024 6:16 PM > To: devel@edk2.groups.io; Andrew Fish <afish@apple.com>; Leif Lindholm > <quic_llindhol@quicinc.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen > <jiewen.yao@intel.com> > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > based on PFP 1.06 spec > > Dear EDKII reviewers: > > Thank you for your previous review of this patch set. > Currently, five patches have been reviewed by. > > But there are five patches need review. > Patch1: MdePkg: Add SPDM1.2 support. > Patch2: MdePkg: Add TCG PFP 1.06 support. > Patch4: MdeModulePkg/Variable: Add TCG SPDM device measurement > update > Patch8: .gitmodule: Add libspdm submodule for EDKII > Patch10: ReadMe.rst: Add libspdm submodule license > > Could you please review the PATCH v4? > > PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH v4. > Jiewen has no questions about all the patches anymore. > > Thanks, > Wenxing > > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wenxing > Hou > Sent: Thursday, April 18, 2024 5:28 PM > To: devel@edk2.groups.io > Cc: Andrew Fish <afish@apple.com>; Leif Lindholm > <quic_llindhol@quicinc.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen > <jiewen.yao@intel.com> > Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > based on PFP > 1.06 spec > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 > > In PFP spec 1.06, platform firmware records the device certificate and > device measurement for each SPDM responder. > This PATCH set implement the DeviceSecurityLib to support spdm device > Authentication and Measurement. > > Libspdm as submodule is to support DeviceSecurity feature: > https://github.com/DMTF/libspdm > > TCG PFP spec 1.06: > https://trustedcomputinggroup.org/resource/pc-client-specific-platform > - > firmware-profile-specification/ > > The POC branch: > https://github.com/tianocore/edk2-staging/tree/DeviceSecurity > > And the PATCH set has passed the EDKII CI: > https://github.com/tianocore/edk2/pull/5508 > > v2 changes: > - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> > PcdEnableSpdmDeviceAuthentication > v3 changes: > - Add new patch 10: Update ReadMe.rst for libspdm submodule license > v4 changes: > - Update submodule libspdm to latest tag > > PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: > Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes > <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao > <jiewen.yao@intel.com> > > Cc: Andrew Fish <afish@apple.com> > Cc: Leif Lindholm <quic_llindhol@quicinc.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Sean Brogan <sean.brogan@microsoft.com> > Cc: Joey Vagedes <joey.vagedes@gmail.com> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> > > Wenxing Hou (10): > MdePkg: Add SPDM1.2 support. > MdePkg: Add TCG PFP 1.06 support. > MdePkg: Add devAuthBoot GlobalVariable > MdeModulePkg/Variable: Add TCG SPDM device measurement update > SecurityPkg: Add TCG PFP 1.06 support. > SecurityPkg: add DeviceSecurity support > .pytool/CISettings.py: add libspdm submodule. > .gitmodule: Add libspdm submodule for EDKII > SecurityPkg: Add libspdm submodule > ReadMe.rst: Add libspdm submodule license > > .gitmodules | 3 + > .pytool/CISettings.py | 2 + > MdeModulePkg/MdeModulePkg.dec | 5 + > .../Variable/RuntimeDxe/Measurement.c | 38 +- > .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + > .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + > MdePkg/Include/Guid/GlobalVariable.h | 8 +- > MdePkg/Include/Guid/ImageAuthentication.h | 5 +- > MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- > .../IndustryStandard/UefiTcgPlatform.h | 186 ++- > ReadMe.rst | 1 + > .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ > .../CryptlibWrapper/CryptlibWrapper.inf | 38 + > .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ > .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + > .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ > .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + > .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ > .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + > .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + > .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + > .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ > .../SpdmLib/Include/hal/library/debuglib.h | 39 + > .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ > .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + > .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + > .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + > .../SpdmLib/SpdmRequesterLib.inf | 59 + > .../SpdmLib/SpdmResponderLib.inf | 61 + > .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + > .../SpdmLib/SpdmTransportMctpLib.inf | 38 + > .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + > SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + > .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ > .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ > .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ > .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ > .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + > .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ > SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ > SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- > .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ > .../HashLibBaseCryptoRouterDxe.c | 88 +- > .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- > SecurityPkg/SecurityPkg.ci.yaml | 17 +- > SecurityPkg/SecurityPkg.dec | 13 +- > SecurityPkg/SecurityPkg.dsc | 31 +- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- > 49 files changed, 7197 insertions(+), 85 deletions(-) create mode > 100644 > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe > r.c > create mode 100644 > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe > r.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf > create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf > create mode 100644 > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h > create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h > create mode 100644 > SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h > > -- > 2.26.2.windows.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118308): https://edk2.groups.io/g/devel/message/118308 Mute This Topic: https://groups.io/mt/105594737/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec 2024-04-26 1:51 ` Wenxing Hou @ 2024-04-29 0:33 ` Yao, Jiewen 2024-04-29 0:47 ` Michael D Kinney 0 siblings, 1 reply; 6+ messages in thread From: Yao, Jiewen @ 2024-04-29 0:33 UTC (permalink / raw) To: Hou, Wenxing, devel@edk2.groups.io, Andrew Fish, Leif Lindholm, Kinney, Michael D, Liming Gao, Sean Brogan, Joey Vagedes, Liu, Zhiguang, Kumar, Rahul R Hi All It has been 4 work weeks and this V4 patch resolved previous comments and feedbacks. If there is no further objection, I plan to merge it tomorrow. Thank you Yao, Jiewen > -----Original Message----- > From: Hou, Wenxing <wenxing.hou@intel.com> > Sent: Friday, April 26, 2024 9:52 AM > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Andrew Fish > <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael > D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, > Rahul R <rahul.r.kumar@intel.com> > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on > PFP 1.06 spec > > Hi EDKII stewards, > > Could you please review the libspdm license? > > The libspdm(https://github.com/DMTF/libspdm) is a implementation that follows > the DMTF SPDM(https://www.dmtf.org/standards/spdm) spec. > > And the libspdm library is under DMTF repo. > The license is: https://github.com/DMTF/libspdm/blob/main/LICENSE.md > > > > Thanks, > Wenxing > > > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Sunday, April 21, 2024 10:31 AM > To: Hou, Wenxing <wenxing.hou@intel.com>; devel@edk2.groups.io; Andrew Fish > <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael > D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, > Rahul R <rahul.r.kumar@intel.com> > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on > PFP 1.06 spec > > All series: Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > Dear Steward member > Do you have any concern on adding libspdm (https://github.com/DMTF/libspdm) > as one more submodule? > > Thank you > Yao, Jiewen > > > -----Original Message----- > > From: Hou, Wenxing <wenxing.hou@intel.com> > > Sent: Thursday, April 18, 2024 6:16 PM > > To: devel@edk2.groups.io; Andrew Fish <afish@apple.com>; Leif Lindholm > > <quic_llindhol@quicinc.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen > > <jiewen.yao@intel.com> > > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > > based on PFP 1.06 spec > > > > Dear EDKII reviewers: > > > > Thank you for your previous review of this patch set. > > Currently, five patches have been reviewed by. > > > > But there are five patches need review. > > Patch1: MdePkg: Add SPDM1.2 support. > > Patch2: MdePkg: Add TCG PFP 1.06 support. > > Patch4: MdeModulePkg/Variable: Add TCG SPDM device measurement > > update > > Patch8: .gitmodule: Add libspdm submodule for EDKII > > Patch10: ReadMe.rst: Add libspdm submodule license > > > > Could you please review the PATCH v4? > > > > PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH > v4. > > Jiewen has no questions about all the patches anymore. > > > > Thanks, > > Wenxing > > > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wenxing > > Hou > > Sent: Thursday, April 18, 2024 5:28 PM > > To: devel@edk2.groups.io > > Cc: Andrew Fish <afish@apple.com>; Leif Lindholm > > <quic_llindhol@quicinc.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen > > <jiewen.yao@intel.com> > > Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > > based on PFP > > 1.06 spec > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 > > > > In PFP spec 1.06, platform firmware records the device certificate and > > device measurement for each SPDM responder. > > This PATCH set implement the DeviceSecurityLib to support spdm device > > Authentication and Measurement. > > > > Libspdm as submodule is to support DeviceSecurity feature: > > https://github.com/DMTF/libspdm > > > > TCG PFP spec 1.06: > > https://trustedcomputinggroup.org/resource/pc-client-specific-platform > > - > > firmware-profile-specification/ > > > > The POC branch: > > https://github.com/tianocore/edk2-staging/tree/DeviceSecurity > > > > And the PATCH set has passed the EDKII CI: > > https://github.com/tianocore/edk2/pull/5508 > > > > v2 changes: > > - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> > > PcdEnableSpdmDeviceAuthentication > > v3 changes: > > - Add new patch 10: Update ReadMe.rst for libspdm submodule license > > v4 changes: > > - Update submodule libspdm to latest tag > > > > PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: > > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: > > Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes > > <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao > > <jiewen.yao@intel.com> > > > > Cc: Andrew Fish <afish@apple.com> > > Cc: Leif Lindholm <quic_llindhol@quicinc.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Sean Brogan <sean.brogan@microsoft.com> > > Cc: Joey Vagedes <joey.vagedes@gmail.com> > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > Cc: Rahul Kumar <rahul1.kumar@intel.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> > > > > Wenxing Hou (10): > > MdePkg: Add SPDM1.2 support. > > MdePkg: Add TCG PFP 1.06 support. > > MdePkg: Add devAuthBoot GlobalVariable > > MdeModulePkg/Variable: Add TCG SPDM device measurement update > > SecurityPkg: Add TCG PFP 1.06 support. > > SecurityPkg: add DeviceSecurity support > > .pytool/CISettings.py: add libspdm submodule. > > .gitmodule: Add libspdm submodule for EDKII > > SecurityPkg: Add libspdm submodule > > ReadMe.rst: Add libspdm submodule license > > > > .gitmodules | 3 + > > .pytool/CISettings.py | 2 + > > MdeModulePkg/MdeModulePkg.dec | 5 + > > .../Variable/RuntimeDxe/Measurement.c | 38 +- > > .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + > > .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + > > MdePkg/Include/Guid/GlobalVariable.h | 8 +- > > MdePkg/Include/Guid/ImageAuthentication.h | 5 +- > > MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- > > .../IndustryStandard/UefiTcgPlatform.h | 186 ++- > > ReadMe.rst | 1 + > > .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ > > .../CryptlibWrapper/CryptlibWrapper.inf | 38 + > > .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ > > .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + > > .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ > > .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + > > .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ > > .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + > > .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + > > .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + > > .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ > > .../SpdmLib/Include/hal/library/debuglib.h | 39 + > > .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ > > .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + > > .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + > > .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + > > .../SpdmLib/SpdmRequesterLib.inf | 59 + > > .../SpdmLib/SpdmResponderLib.inf | 61 + > > .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + > > .../SpdmLib/SpdmTransportMctpLib.inf | 38 + > > .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + > > SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + > > .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ > > .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ > > .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ > > .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ > > .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + > > .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ > > SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ > > SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- > > .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ > > .../HashLibBaseCryptoRouterDxe.c | 88 +- > > .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- > > SecurityPkg/SecurityPkg.ci.yaml | 17 +- > > SecurityPkg/SecurityPkg.dec | 13 +- > > SecurityPkg/SecurityPkg.dsc | 31 +- > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- > > 49 files changed, 7197 insertions(+), 85 deletions(-) create mode > > 100644 > > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe > > r.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe > > r.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf > > create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf > > create mode 100644 > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h > > create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h > > create mode 100644 > > SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h > > > > -- > > 2.26.2.windows.1 > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118357): https://edk2.groups.io/g/devel/message/118357 Mute This Topic: https://groups.io/mt/105594737/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec 2024-04-29 0:33 ` Yao, Jiewen @ 2024-04-29 0:47 ` Michael D Kinney 0 siblings, 0 replies; 6+ messages in thread From: Michael D Kinney @ 2024-04-29 0:47 UTC (permalink / raw) To: Yao, Jiewen, Hou, Wenxing, devel@edk2.groups.io, Andrew Fish, Leif Lindholm, Liming Gao, Sean Brogan, Joey Vagedes, Liu, Zhiguang, Kumar, Rahul R Cc: Kinney, Michael D No objections. For all patches related to adding libspdm submodule: Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Mike > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Sunday, April 28, 2024 5:33 PM > To: Hou, Wenxing <wenxing.hou@intel.com>; devel@edk2.groups.io; Andrew > Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; > Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Sean Brogan <sean.brogan@microsoft.com>; > Joey Vagedes <joey.vagedes@gmail.com>; Liu, Zhiguang > <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com> > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > based on PFP 1.06 spec > > Hi All > It has been 4 work weeks and this V4 patch resolved previous comments > and feedbacks. > > If there is no further objection, I plan to merge it tomorrow. > > Thank you > Yao, Jiewen > > > > -----Original Message----- > > From: Hou, Wenxing <wenxing.hou@intel.com> > > Sent: Friday, April 26, 2024 9:52 AM > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Andrew > Fish > > <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, > Michael > > D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > Kumar, > > Rahul R <rahul.r.kumar@intel.com> > > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > based on > > PFP 1.06 spec > > > > Hi EDKII stewards, > > > > Could you please review the libspdm license? > > > > The libspdm(https://github.com/DMTF/libspdm) is a implementation that > follows > > the DMTF SPDM(https://www.dmtf.org/standards/spdm) spec. > > > > And the libspdm library is under DMTF repo. > > The license is: https://github.com/DMTF/libspdm/blob/main/LICENSE.md > > > > > > > > Thanks, > > Wenxing > > > > > > -----Original Message----- > > From: Yao, Jiewen <jiewen.yao@intel.com> > > Sent: Sunday, April 21, 2024 10:31 AM > > To: Hou, Wenxing <wenxing.hou@intel.com>; devel@edk2.groups.io; Andrew > Fish > > <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, > Michael > > D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > Kumar, > > Rahul R <rahul.r.kumar@intel.com> > > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > based on > > PFP 1.06 spec > > > > All series: Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > > > Dear Steward member > > Do you have any concern on adding libspdm > (https://github.com/DMTF/libspdm) > > as one more submodule? > > > > Thank you > > Yao, Jiewen > > > > > -----Original Message----- > > > From: Hou, Wenxing <wenxing.hou@intel.com> > > > Sent: Thursday, April 18, 2024 6:16 PM > > > To: devel@edk2.groups.io; Andrew Fish <afish@apple.com>; Leif > Lindholm > > > <quic_llindhol@quicinc.com>; Kinney, Michael D > > > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > > > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen > > > <jiewen.yao@intel.com> > > > Subject: RE: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity > feature > > > based on PFP 1.06 spec > > > > > > Dear EDKII reviewers: > > > > > > Thank you for your previous review of this patch set. > > > Currently, five patches have been reviewed by. > > > > > > But there are five patches need review. > > > Patch1: MdePkg: Add SPDM1.2 support. > > > Patch2: MdePkg: Add TCG PFP 1.06 support. > > > Patch4: MdeModulePkg/Variable: Add TCG SPDM device measurement > > > update > > > Patch8: .gitmodule: Add libspdm submodule for EDKII > > > Patch10: ReadMe.rst: Add libspdm submodule license > > > > > > Could you please review the PATCH v4? > > > > > > PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback > in PATCH > > v4. > > > Jiewen has no questions about all the patches anymore. > > > > > > Thanks, > > > Wenxing > > > > > > > > > -----Original Message----- > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > Wenxing > > > Hou > > > Sent: Thursday, April 18, 2024 5:28 PM > > > To: devel@edk2.groups.io > > > Cc: Andrew Fish <afish@apple.com>; Leif Lindholm > > > <quic_llindhol@quicinc.com>; Kinney, Michael D > > > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; > > > Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes > > > <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > > Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen > > > <jiewen.yao@intel.com> > > > Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature > > > based on PFP > > > 1.06 spec > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 > > > > > > In PFP spec 1.06, platform firmware records the device certificate > and > > > device measurement for each SPDM responder. > > > This PATCH set implement the DeviceSecurityLib to support spdm > device > > > Authentication and Measurement. > > > > > > Libspdm as submodule is to support DeviceSecurity feature: > > > https://github.com/DMTF/libspdm > > > > > > TCG PFP spec 1.06: > > > https://trustedcomputinggroup.org/resource/pc-client-specific- > platform > > > - > > > firmware-profile-specification/ > > > > > > The POC branch: > > > https://github.com/tianocore/edk2-staging/tree/DeviceSecurity > > > > > > And the PATCH set has passed the EDKII CI: > > > https://github.com/tianocore/edk2/pull/5508 > > > > > > v2 changes: > > > - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> > > > PcdEnableSpdmDeviceAuthentication > > > v3 changes: > > > - Add new patch 10: Update ReadMe.rst for libspdm submodule license > > > v4 changes: > > > - Update submodule libspdm to latest tag > > > > > > PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: > > > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: > > > Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes > > > <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao > > > <jiewen.yao@intel.com> > > > > > > Cc: Andrew Fish <afish@apple.com> > > > Cc: Leif Lindholm <quic_llindhol@quicinc.com> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > > Cc: Sean Brogan <sean.brogan@microsoft.com> > > > Cc: Joey Vagedes <joey.vagedes@gmail.com> > > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > > Cc: Rahul Kumar <rahul1.kumar@intel.com> > > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > > Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> > > > > > > Wenxing Hou (10): > > > MdePkg: Add SPDM1.2 support. > > > MdePkg: Add TCG PFP 1.06 support. > > > MdePkg: Add devAuthBoot GlobalVariable > > > MdeModulePkg/Variable: Add TCG SPDM device measurement update > > > SecurityPkg: Add TCG PFP 1.06 support. > > > SecurityPkg: add DeviceSecurity support > > > .pytool/CISettings.py: add libspdm submodule. > > > .gitmodule: Add libspdm submodule for EDKII > > > SecurityPkg: Add libspdm submodule > > > ReadMe.rst: Add libspdm submodule license > > > > > > .gitmodules | 3 + > > > .pytool/CISettings.py | 2 + > > > MdeModulePkg/MdeModulePkg.dec | 5 + > > > .../Variable/RuntimeDxe/Measurement.c | 38 +- > > > .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + > > > .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + > > > MdePkg/Include/Guid/GlobalVariable.h | 8 +- > > > MdePkg/Include/Guid/ImageAuthentication.h | 5 +- > > > MdePkg/Include/IndustryStandard/Spdm.h | 1112 > ++++++++++++++++- > > > .../IndustryStandard/UefiTcgPlatform.h | 186 ++- > > > ReadMe.rst | 1 + > > > .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ > > > .../CryptlibWrapper/CryptlibWrapper.inf | 38 + > > > .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ > > > .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + > > > .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ > > > .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + > > > .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ > > > .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + > > > .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + > > > .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + > > > .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ > > > .../SpdmLib/Include/hal/library/debuglib.h | 39 + > > > .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ > > > .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + > > > .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + > > > .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + > > > .../SpdmLib/SpdmRequesterLib.inf | 59 + > > > .../SpdmLib/SpdmResponderLib.inf | 61 + > > > .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + > > > .../SpdmLib/SpdmTransportMctpLib.inf | 38 + > > > .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + > > > SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + > > > .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ > > > .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ > > > .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ > > > .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ > > > .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + > > > .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ > > > SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ > > > SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- > > > .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ > > > .../HashLibBaseCryptoRouterDxe.c | 88 +- > > > .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- > > > SecurityPkg/SecurityPkg.ci.yaml | 17 +- > > > SecurityPkg/SecurityPkg.dec | 13 +- > > > SecurityPkg/SecurityPkg.dsc | 31 +- > > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- > > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- > > > 49 files changed, 7197 insertions(+), 85 deletions(-) create mode > > > 100644 > > > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c > > > create mode 100644 > > > > SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf > > > create mode 100644 > > > > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe > > > r.c > > > create mode 100644 > > > > SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe > > > r.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf > > > create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf > > > create mode 100644 > > > SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h > > > create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h > > > create mode 100644 > > > SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h > > > > > > -- > > > 2.26.2.windows.1 > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118358): https://edk2.groups.io/g/devel/message/118358 Mute This Topic: https://groups.io/mt/105594737/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
* [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec @ 2024-04-18 9:28 Wenxing Hou 0 siblings, 0 replies; 6+ messages in thread From: Wenxing Hou @ 2024-04-18 9:28 UTC (permalink / raw) To: devel Cc: Andrew Fish, Leif Lindholm, Michael D Kinney, Liming Gao, Sean Brogan, Joey Vagedes, Zhiguang Liu, Rahul Kumar, Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479 In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder. This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement. Libspdm as submodule is to support DeviceSecurity feature: https://github.com/DMTF/libspdm TCG PFP spec 1.06: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ The POC branch: https://github.com/tianocore/edk2-staging/tree/DeviceSecurity And the PATCH set has passed the EDKII CI: https://github.com/tianocore/edk2/pull/5508 v2 changes: - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication v3 changes: - Add new patch 10: Update ReadMe.rst for libspdm submodule license v4 changes: - Update submodule libspdm to latest tag PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <quic_llindhol@quicinc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Joey Vagedes <joey.vagedes@gmail.com> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com> Wenxing Hou (10): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. SecurityPkg: add DeviceSecurity support .pytool/CISettings.py: add libspdm submodule. .gitmodule: Add libspdm submodule for EDKII SecurityPkg: Add libspdm submodule ReadMe.rst: Add libspdm submodule license .gitmodules | 3 + .pytool/CISettings.py | 2 + MdeModulePkg/MdeModulePkg.dec | 5 + .../Variable/RuntimeDxe/Measurement.c | 38 +- .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdePkg/Include/Guid/GlobalVariable.h | 8 +- MdePkg/Include/Guid/ImageAuthentication.h | 5 +- MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- .../IndustryStandard/UefiTcgPlatform.h | 186 ++- ReadMe.rst | 1 + .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ .../CryptlibWrapper/CryptlibWrapper.inf | 38 + .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ .../SpdmLib/Include/hal/library/debuglib.h | 39 + .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + .../SpdmLib/SpdmRequesterLib.inf | 59 + .../SpdmLib/SpdmResponderLib.inf | 61 + .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + .../SpdmLib/SpdmTransportMctpLib.inf | 38 + .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ .../HashLibBaseCryptoRouterDxe.c | 88 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- SecurityPkg/SecurityPkg.ci.yaml | 17 +- SecurityPkg/SecurityPkg.dec | 13 +- SecurityPkg/SecurityPkg.dsc | 31 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- 49 files changed, 7197 insertions(+), 85 deletions(-) create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117970): https://edk2.groups.io/g/devel/message/117970 Mute This Topic: https://groups.io/mt/105594737/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-04-29 0:47 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <17C755C8DBF259BF.15491@groups.io> 2024-04-18 10:15 ` [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec Wenxing Hou 2024-04-21 2:30 ` Yao, Jiewen 2024-04-26 1:51 ` Wenxing Hou 2024-04-29 0:33 ` Yao, Jiewen 2024-04-29 0:47 ` Michael D Kinney 2024-04-18 9:28 Wenxing Hou
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox