From: "Wenxing Hou" <wenxing.hou@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
Andrew Fish <afish@apple.com>,
Leif Lindholm <quic_llindhol@quicinc.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Sean Brogan <sean.brogan@microsoft.com>,
"Joey Vagedes" <joey.vagedes@gmail.com>,
"Liu, Zhiguang" <zhiguang.liu@intel.com>,
"Kumar, Rahul R" <rahul.r.kumar@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec
Date: Thu, 18 Apr 2024 10:15:40 +0000 [thread overview]
Message-ID: <PH0PR11MB5046401701751121D6899276F70E2@PH0PR11MB5046.namprd11.prod.outlook.com> (raw)
In-Reply-To: <17C755C8DBF259BF.15491@groups.io>
Dear EDKII reviewers:
Thank you for your previous review of this patch set.
Currently, five patches have been reviewed by.
But there are five patches need review.
Patch1: MdePkg: Add SPDM1.2 support.
Patch2: MdePkg: Add TCG PFP 1.06 support.
Patch4: MdeModulePkg/Variable: Add TCG SPDM device measurement update
Patch8: .gitmodule: Add libspdm submodule for EDKII
Patch10: ReadMe.rst: Add libspdm submodule license
Could you please review the PATCH v4?
PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH v4. Jiewen has no questions about all the patches anymore.
Thanks,
Wenxing
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wenxing Hou
Sent: Thursday, April 18, 2024 5:28 PM
To: devel@edk2.groups.io
Cc: Andrew Fish <afish@apple.com>; Leif Lindholm <quic_llindhol@quicinc.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Sean Brogan <sean.brogan@microsoft.com>; Joey Vagedes <joey.vagedes@gmail.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479
In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder.
This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement.
Libspdm as submodule is to support DeviceSecurity feature:
https://github.com/DMTF/libspdm
TCG PFP spec 1.06:
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
The POC branch:
https://github.com/tianocore/edk2-staging/tree/DeviceSecurity
And the PATCH set has passed the EDKII CI:
https://github.com/tianocore/edk2/pull/5508
v2 changes:
- Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication
v3 changes:
- Add new patch 10: Update ReadMe.rst for libspdm submodule license
v4 changes:
- Update submodule libspdm to latest tag
PATCH 3: Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> PATCH 5: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 6: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> PATCH 7: Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Wenxing Hou (10):
MdePkg: Add SPDM1.2 support.
MdePkg: Add TCG PFP 1.06 support.
MdePkg: Add devAuthBoot GlobalVariable
MdeModulePkg/Variable: Add TCG SPDM device measurement update
SecurityPkg: Add TCG PFP 1.06 support.
SecurityPkg: add DeviceSecurity support
.pytool/CISettings.py: add libspdm submodule.
.gitmodule: Add libspdm submodule for EDKII
SecurityPkg: Add libspdm submodule
ReadMe.rst: Add libspdm submodule license
.gitmodules | 3 +
.pytool/CISettings.py | 2 +
MdeModulePkg/MdeModulePkg.dec | 5 +
.../Variable/RuntimeDxe/Measurement.c | 38 +-
.../RuntimeDxe/VariableRuntimeDxe.inf | 3 +
.../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 +
MdePkg/Include/Guid/GlobalVariable.h | 8 +-
MdePkg/Include/Guid/ImageAuthentication.h | 5 +-
MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++-
.../IndustryStandard/UefiTcgPlatform.h | 186 ++-
ReadMe.rst | 1 +
.../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++
.../CryptlibWrapper/CryptlibWrapper.inf | 38 +
.../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++
.../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 +
.../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++
.../PlatformLibWrapper/PlatformLibWrapper.inf | 33 +
.../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++
.../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 +
.../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 +
.../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 +
.../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++
.../SpdmLib/Include/hal/library/debuglib.h | 39 +
.../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++
.../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 +
.../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 +
.../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 +
.../SpdmLib/SpdmRequesterLib.inf | 59 +
.../SpdmLib/SpdmResponderLib.inf | 61 +
.../SpdmLib/SpdmSecuredMessageLib.inf | 44 +
.../SpdmLib/SpdmTransportMctpLib.inf | 38 +
.../SpdmLib/SpdmTransportPciDoeLib.inf | 38 +
SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 +
.../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++
.../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++
.../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++
.../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++
.../SpdmSecurityLib/SpdmSecurityLib.inf | 54 +
.../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++
SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +-
.../Include/Protocol/DeviceSecurityPolicy.h | 133 ++
.../HashLibBaseCryptoRouterDxe.c | 88 +-
.../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +-
SecurityPkg/SecurityPkg.ci.yaml | 17 +-
SecurityPkg/SecurityPkg.dec | 13 +-
SecurityPkg/SecurityPkg.dsc | 31 +-
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +-
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +-
49 files changed, 7197 insertions(+), 85 deletions(-) create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c
create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c
create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c
create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm
create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c
create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h
create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h
create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117981): https://edk2.groups.io/g/devel/message/117981
Mute This Topic: https://groups.io/mt/105594737/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next parent reply other threads:[~2024-04-18 10:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <17C755C8DBF259BF.15491@groups.io>
2024-04-18 10:15 ` Wenxing Hou [this message]
2024-04-21 2:30 ` [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec Yao, Jiewen
2024-04-26 1:51 ` Wenxing Hou
2024-04-29 0:33 ` Yao, Jiewen
2024-04-29 0:47 ` Michael D Kinney
2024-04-18 9:28 Wenxing Hou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB5046401701751121D6899276F70E2@PH0PR11MB5046.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox