REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479
In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder. This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement. Libspdm as submodule is to support DeviceSecurity feature: https://github.com/DMTF/libspdm TCG PFP spec 1.06: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ The POC branch: https://github.com/tianocore/edk2-staging/tree/DeviceSecurity And the PATCH set has passed the EDKII CI: https://github.com/tianocore/edk2/pull/5508 v2 changes: - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication v3 changes: - Add new patch 10: Update ReadMe.rst for libspdm submodule license v4 changes: - Update submodule libspdm to latest tag PATCH 3: Reviewed-by: Liming Gao <gaolim...@byosoft.com.cn> PATCH 5: Reviewed-by: Jiewen Yao <jiewen....@intel.com> PATCH 6: Reviewed-by: Jiewen Yao <jiewen....@intel.com> PATCH 7: Reviewed-by: Joey Vagedes <joey.vage...@gmail.com> PATCH 9: Reviewed-by: Jiewen Yao <jiewen....@intel.com> Cc: Andrew Fish <af...@apple.com> Cc: Leif Lindholm <quic_llind...@quicinc.com> Cc: Michael D Kinney <michael.d.kin...@intel.com> Cc: Liming Gao <gaolim...@byosoft.com.cn> Cc: Sean Brogan <sean.bro...@microsoft.com> Cc: Joey Vagedes <joey.vage...@gmail.com> Cc: Zhiguang Liu <zhiguang....@intel.com> Cc: Rahul Kumar <rahul1.ku...@intel.com> Cc: Jiewen Yao <jiewen....@intel.com> Signed-off-by: Wenxing Hou <wenxing....@intel.com> Wenxing Hou (10): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. SecurityPkg: add DeviceSecurity support .pytool/CISettings.py: add libspdm submodule. .gitmodule: Add libspdm submodule for EDKII SecurityPkg: Add libspdm submodule ReadMe.rst: Add libspdm submodule license .gitmodules | 3 + .pytool/CISettings.py | 2 + MdeModulePkg/MdeModulePkg.dec | 5 + .../Variable/RuntimeDxe/Measurement.c | 38 +- .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdePkg/Include/Guid/GlobalVariable.h | 8 +- MdePkg/Include/Guid/ImageAuthentication.h | 5 +- MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- .../IndustryStandard/UefiTcgPlatform.h | 186 ++- ReadMe.rst | 1 + .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ .../CryptlibWrapper/CryptlibWrapper.inf | 38 + .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ .../SpdmLib/Include/hal/library/debuglib.h | 39 + .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + .../SpdmLib/SpdmRequesterLib.inf | 59 + .../SpdmLib/SpdmResponderLib.inf | 61 + .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + .../SpdmLib/SpdmTransportMctpLib.inf | 38 + .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ .../HashLibBaseCryptoRouterDxe.c | 88 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- SecurityPkg/SecurityPkg.ci.yaml | 17 +- SecurityPkg/SecurityPkg.dec | 13 +- SecurityPkg/SecurityPkg.dsc | 31 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- 49 files changed, 7197 insertions(+), 85 deletions(-) create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117970): https://edk2.groups.io/g/devel/message/117970 Mute This Topic: https://groups.io/mt/105594737/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
