Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wenxing Hou" <wenxing.hou@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Andrew Fish <afish@apple.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Sean Brogan <sean.brogan@microsoft.com>,
	"Joey Vagedes" <joey.vagedes@gmail.com>,
	"Liu, Zhiguang" <zhiguang.liu@intel.com>,
	"Kumar, Rahul R" <rahul.r.kumar@intel.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec
Date: Thu, 18 Apr 2024 10:15:40 +0000	[thread overview]
Message-ID: <PH0PR11MB5046401701751121D6899276F70E2@PH0PR11MB5046.namprd11.prod.outlook.com> (raw)
In-Reply-To: <17C755C8DBF259BF.15491@groups.io>

Dear EDKII reviewers:

Thank you for your previous review of this patch set.
Currently, five patches have been reviewed by. 

But there are five patches need review.
	Patch1:  MdePkg: Add SPDM1.2 support.
	Patch2:  MdePkg: Add TCG PFP 1.06 support.
	Patch4:  MdeModulePkg/Variable: Add TCG SPDM device measurement update
	Patch8:  .gitmodule: Add libspdm submodule for EDKII
	Patch10: ReadMe.rst: Add libspdm submodule license

Could you please review the PATCH v4?

PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH v4. Jiewen has no questions about all the patches anymore.

Thanks,
Wenxing


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wenxing Hou
Sent: Thursday, April 18, 2024 5:28 PM
To: devel@edk2.groups.io
Cc: Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479

In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder.
This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement.

Libspdm as submodule is to support DeviceSecurity feature:
https://github.com/DMTF/libspdm

TCG PFP spec 1.06:
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/

The POC branch:
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity

And the PATCH set has passed the EDKII CI:
https://github.com/tianocore/edk2/pull/5508

v2 changes:
 - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication
v3 changes:
 - Add new patch 10: Update ReadMe.rst for libspdm submodule license
v4 changes:
 - Update submodule libspdm to latest tag

PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>

Wenxing Hou (10):
  MdePkg: Add SPDM1.2 support.
  MdePkg: Add TCG PFP 1.06 support.
  MdePkg: Add devAuthBoot GlobalVariable
  MdeModulePkg/Variable: Add TCG SPDM device measurement update
  SecurityPkg: Add TCG PFP 1.06 support.
  SecurityPkg: add DeviceSecurity support
  .pytool/CISettings.py: add libspdm submodule.
  .gitmodule: Add libspdm submodule for EDKII
  SecurityPkg: Add libspdm submodule
  ReadMe.rst: Add libspdm submodule license

 .gitmodules                                   |    3 +
 .pytool/CISettings.py                         |    2 +
 MdeModulePkg/MdeModulePkg.dec                 |    5 +
 .../Variable/RuntimeDxe/Measurement.c         |   38 +-
 .../RuntimeDxe/VariableRuntimeDxe.inf         |    3 +
 .../RuntimeDxe/VariableSmmRuntimeDxe.inf      |    3 +
 MdePkg/Include/Guid/GlobalVariable.h          |    8 +-
 MdePkg/Include/Guid/ImageAuthentication.h     |    5 +-
 MdePkg/Include/IndustryStandard/Spdm.h        | 1112 ++++++++++++++++-
 .../IndustryStandard/UefiTcgPlatform.h        |  186 ++-
 ReadMe.rst                                    |    1 +
 .../OsStub/CryptlibWrapper/CryptlibWrapper.c  |  970 ++++++++++++++
 .../CryptlibWrapper/CryptlibWrapper.inf       |   38 +
 .../OsStub/MemLibWrapper/MemLibWrapper.c      |  177 +++
 .../OsStub/MemLibWrapper/MemLibWrapper.inf    |   33 +
 .../PlatformLibWrapper/PlatformLibWrapper.c   |   85 ++
 .../PlatformLibWrapper/PlatformLibWrapper.inf |   33 +
 .../SpdmLib/Include/Stub/SpdmLibStub.h        |  347 +++++
 .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h   |   23 +
 .../SpdmLib/Include/hal/LibspdmStdDefAlt.h    |   16 +
 .../SpdmLib/Include/hal/LibspdmStdIntAlt.h    |   25 +
 .../DeviceSecurity/SpdmLib/Include/hal/base.h |   94 ++
 .../SpdmLib/Include/hal/library/debuglib.h    |   39 +
 .../SpdmLib/Include/library/spdm_lib_config.h |  394 ++++++
 .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf  |   47 +
 .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf   |   45 +
 .../SpdmLib/SpdmDeviceSecretLibNull.inf       |   36 +
 .../SpdmLib/SpdmRequesterLib.inf              |   59 +
 .../SpdmLib/SpdmResponderLib.inf              |   61 +
 .../SpdmLib/SpdmSecuredMessageLib.inf         |   44 +
 .../SpdmLib/SpdmTransportMctpLib.inf          |   38 +
 .../SpdmLib/SpdmTransportPciDoeLib.inf        |   38 +
 SecurityPkg/DeviceSecurity/SpdmLib/libspdm    |    1 +
 .../SpdmSecurityLib/SpdmAuthentication.c      |  697 +++++++++++
 .../SpdmSecurityLib/SpdmConnectionInit.c      |  481 +++++++
 .../SpdmSecurityLib/SpdmMeasurement.c         |  714 +++++++++++
 .../SpdmSecurityLib/SpdmSecurityLib.c         |  148 +++
 .../SpdmSecurityLib/SpdmSecurityLib.inf       |   54 +
 .../SpdmSecurityLib/SpdmSecurityLibInternal.h |  250 ++++  SecurityPkg/Include/Library/SpdmSecurityLib.h |  437 +++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h  |   23 +-
 .../Include/Protocol/DeviceSecurityPolicy.h   |  133 ++
 .../HashLibBaseCryptoRouterDxe.c              |   88 +-
 .../Library/Tpm2CommandLib/Tpm2NVStorage.c    |  122 +-
 SecurityPkg/SecurityPkg.ci.yaml               |   17 +-
 SecurityPkg/SecurityPkg.dec                   |   13 +-
 SecurityPkg/SecurityPkg.dsc                   |   31 +-
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c             |   61 +-
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf           |    4 +-
 49 files changed, 7197 insertions(+), 85 deletions(-)  create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c
 create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
 create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
 create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h
 create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h
 create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h

--
2.26.2.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117981): https://edk2.groups.io/g/devel/message/117981
Mute This Topic: https://groups.io/mt/105594737/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next      parent reply	other threads:[~2024-04-18 10:15 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <17C755C8DBF259BF.15491@groups.io>
2024-04-18 10:15 ` Wenxing Hou [this message]
2024-04-21  2:30   ` [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec Yao, Jiewen
2024-04-26  1:51     ` Wenxing Hou
2024-04-29  0:33       ` Yao, Jiewen
2024-04-29  0:47         ` Michael D Kinney
2024-04-18  9:28 Wenxing Hou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PH0PR11MB5046401701751121D6899276F70E2@PH0PR11MB5046.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox