Re: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405

.io> mailto:devel@edk2.groups.io>> 代表 Wenxing Hou 发送时间: 2024年5月27日 12:24 收件人: gaoliming mailto:gaolim...@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Kinney, Michael D mailto:michael.d.kin...@intel.com>>; 'Andrew Fish' mailto:af...@apple.com>>

Re: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405

. In this phase, only bug fixes will be accepted (https://github.com/tianocore/tianocore.github.io/wiki/HardFeatureFreeze). So, this patch set may be merged after the stable tag is created. Thanks Liming 发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io> mailto:devel@edk2.groups.io>> 代表

Re: [edk2-devel] Soft Feature Freeze starts now for edk2-stable202405

r issue; - Fix Pkcs7 memory leak; v3 changes: - Fix some issues form reviewer; - Add SHA3/SM3 implementation; - Update *.inf files; v4 changes: - Delete SHA3 implementation; - Complete Sm3 by linking OopensslLib; - collection data for platform integration test for newly implemented APIs;

[edk2-devel] [PATCH v4 10/11] CryptoPkg: Update *.inf in BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/BaseCryptLib.inf | 42

[edk2-devel] [PATCH v4 11/11] Add SM3 functions with openssl for Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have Sm3, the Sm3 implementaion is based on Openssl. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- CryptoPkg/CryptoPkgMbedTls.dsc

[edk2-devel] [PATCH v4 09/11] CryptoPkg: Add ImageTimestampVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381

[edk2-devel] [PATCH v4 08/11] CryptoPkg: Add AuthenticodeVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Pk/CryptAuthenticode.c| 214 ++ 1 file changed

[edk2-devel] [PATCH v4 07/11] CryptoPkg: Add more RSA related functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278

[edk2-devel] [PATCH v4 04/11] CryptoPkg: Add X509 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 + 1

[edk2-devel] [PATCH v4 06/11] CryptoPkg: Add Pkcs5 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100

[edk2-devel] [PATCH v4 05/11] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

test. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h |2 + .../BaseCryptLibMbedTls/InternalCryptLib.h| 33 + .../Pk/CryptPkcs7Internal.h | 29 +- .../BaseCryptLibMbedTls

[edk2-devel] [PATCH v4 03/11] CryptoPkg: Add Pem APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++ 1 file changed, 138

[edk2-devel] [PATCH v4 02/11] CryptoPkg: Add rand function for BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../BaseCryptLibMbedTls

[edk2-devel] [PATCH v4 00/11] Add more crypt APIs based on Mbedtls

implemented APIs; Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao Wenxing Hou (11): CryptoPkg: Add AeadAesGcm based on Mbedtls CryptoPkg: Add rand function for BaseCryptLibMbedTls CryptoPkg: Add Pem APIs based on Mbedtls CryptoPkg: Add X509

[edk2-devel] [PATCH v4 01/11] CryptoPkg: Add AeadAesGcm based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Reviewed-by: Yi Li Acked-by: Jiewen Yao --- .../Cipher/CryptAeadAesGcm.c | 227 ++ 1 file changed, 227

Re: [edk2-devel][edk2-stable202405] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

s. > > > > The patch has passed the EDKII CI check: > > https://github.com/tianocore/edk2/pull/5552 > > > > And the patch has passed unit_test in EDKII and integration test for > platform. > > And the patch hass passed the fuzz test: > > https://gith

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

passed unit_test in EDKII and integration test for platform. > And the patch hass passed the fuzz test: > https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d > 4 > 68a184530b6ab89128 > > v2 changes: > - Fix format variable name/hardcode number issue; &g

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

some issues form reviewer; - Add SHA3/SM3 implementation; - Update *.inf files; Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Wenxing Hou (11): CryptoPkg: Add AeadAesGcm based on Mbedtls CryptoPkg: Add rand function for BaseCryptLibMbedTls CryptoPkg: Add Pem APIs based on Mbedtls

[edk2-devel] [PATCH v3 11/11] Add SHA3/SM3 functions with openssl for Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3 implementaion based on Openssl. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Library/BaseCryptLibMbedTls/BaseCryptLib.inf | 11

[edk2-devel] [PATCH v3 07/11] CryptoPkg: Add more RSA related functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 ++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c

[edk2-devel] [PATCH v3 10/11] CryptoPkg: Update *.inf in BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/BaseCryptLib.inf | 42 ++- .../BaseCryptLibMbedTls

[edk2-devel] [PATCH v3 09/11] CryptoPkg: Add ImageTimestampVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++ 1 file changed, 381 insertions

[edk2-devel] [PATCH v3 08/11] CryptoPkg: Add AuthenticodeVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Pk/CryptAuthenticode.c| 214 ++ 1 file changed, 214 insertions(+) create mode 100644

[edk2-devel] [PATCH v3 04/11] CryptoPkg: Add X509 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 + 1 file changed, 1940 insertions(+) create

[edk2-devel] [PATCH v3 06/11] CryptoPkg: Add Pkcs5 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++ 1 file changed, 100 insertions

[edk2-devel] [PATCH v3 05/11] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h |2 + .../BaseCryptLibMbedTls/InternalCryptLib.h| 33 + .../Pk/CryptPkcs7Internal.h | 29

[edk2-devel] [PATCH v3 03/11] CryptoPkg: Add Pem APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++ 1 file changed, 138 insertions(+) create mode 100644 CryptoPkg/Library

[edk2-devel] [PATCH v3 02/11] CryptoPkg: Add rand function for BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 2 + .../BaseCryptLibMbedTls/InternalCryptLib.h| 16 +++ .../BaseCryptLibMbedTls

[edk2-devel] [PATCH v3 01/11] CryptoPkg: Add AeadAesGcm based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Cipher/CryptAeadAesGcm.c | 227 ++ 1 file changed, 227 insertions(+) create mode 100644

[edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

form reviewer; - Add SHA3/SM3 implementation; - Update *.inf files; Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Wenxing Hou (11): CryptoPkg: Add AeadAesGcm based on Mbedtls CryptoPkg: Add rand function for BaseCryptLibMbedTls CryptoPkg: Add Pem APIs based on Mbedtls CryptoPkg

Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec

> > Could you please review the PATCH v4? > > PS: Jiewen has reviewed all the PATCH. And I have fixed his feedback in PATCH > v4. > Jiewen has no questions about all the patches anymore. > > Thanks, > Wenxing > > > -Original Message- > From: dev

Re: [edk2-devel] [PATCH] Add SHA3/SM3 functions with openssl for Mbedtls

/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3 implementaion based on Openssl. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- CryptoPkg/CryptoPkg.ci.yaml | 1 + .../BaseCryptLibMbedTls/Hash/CryptCShake256.c | 282

[edk2-devel] [PATCH v2] Add SHA3/SM3 functions with openssl for Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3 implementaion based on Openssl. And the implementaion has passed build check. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- CryptoPkg/Library

[edk2-devel] [PATCH v2 9/9] CryptoPkg: Add ImageTimestampVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++ 1 file changed, 381 insertions

[edk2-devel] [PATCH v2 8/9] CryptoPkg: Add AuthenticodeVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Pk/CryptAuthenticode.c| 214 ++ 1 file changed, 214 insertions(+) create mode 100644

[edk2-devel] [PATCH v2 7/9] CryptoPkg: Add more RSA related functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 ++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c

[edk2-devel] [PATCH v2 6/9] CryptoPkg: Add Pkcs5 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++ 1 file changed, 100 insertions

[edk2-devel] [PATCH v2 5/9] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/InternalCryptLib.h| 33 + .../Pk/CryptPkcs7Internal.h | 29 +- .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 615

[edk2-devel] [PATCH v2 1/9] CryptoPkg: Add AeadAesGcm based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Cipher/CryptAeadAesGcm.c | 227 ++ 1 file changed, 227 insertions(+) create mode 100644

[edk2-devel] [PATCH v2 4/9] CryptoPkg: Add X509 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1925 + 1 file changed, 1925 insertions(+) create

[edk2-devel] [PATCH v2 3/9] CryptoPkg: Add Pem APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++ 1 file changed, 138 insertions(+) create mode 100644 CryptoPkg/Library

[edk2-devel] [PATCH v2 2/9] CryptoPkg: Add rand function for BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/InternalCryptLib.h| 16 +++ .../BaseCryptLibMbedTls/Rand/CryptRand.c | 105

[edk2-devel] [PATCH v2 0/9] Add more crypt APIs based on Mbedtls

Signed-off-by: Wenxing Hou Wenxing Hou (9): CryptoPkg: Add AeadAesGcm based on Mbedtls CryptoPkg: Add rand function for BaseCryptLibMbedTls CryptoPkg: Add Pem APIs based on Mbedtls CryptoPkg: Add X509 functions based on Mbedtls CryptoPkg: Add Pkcs7 related functions based on Mbedtls

[edk2-devel] [PATCH] Add SHA3/SM3 functions with openssl for Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3 implementaion based on Openssl. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- CryptoPkg/CryptoPkg.ci.yaml | 1

Re: [edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec

no questions about all the patches anymore. Thanks, Wenxing -Original Message- From: devel@edk2.groups.io On Behalf Of Wenxing Hou Sent: Thursday, April 18, 2024 5:28 PM To: devel@edk2.groups.io Cc: Andrew Fish ; Leif Lindholm ; Kinney, Michael D ; Liming Gao ; Sean Brogan ; Joey

[edk2-devel] [PATCH v4 07/10] .pytool/CISettings.py: add libspdm submodule.

Add DeviceSecurity submodule libspdm. Cc: Sean Brogan Cc: Joey Vagedes Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Wenxing Hou Reviewed-by: Joey Vagedes --- .pytool/CISettings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py

[edk2-devel] [PATCH v4 10/10] ReadMe.rst: Add libspdm submodule license

This patch add libspdm submodule license. Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Signed-off-by: Wenxing Hou --- ReadMe.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/ReadMe.rst b/ReadMe.rst index 808ccd37af..cfd522fdbd 100644 --- a/ReadMe.rst +++ b/ReadMe.rst

[edk2-devel] [PATCH v4 09/10] SecurityPkg: Add libspdm submodule

libspdm is submodule to support DeviceSecurity feature. Cc: Jiewen Yao Signed-off-by: Wenxing Hou Reviewed-by: Jiewen Yao --- SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + 1 file changed, 1 insertion(+) create mode 16 SecurityPkg/DeviceSecurity/SpdmLib/libspdm diff --git

[edk2-devel] [PATCH v4 08/10] .gitmodule: Add libspdm submodule for EDKII

libspdm is submodule, which will be used in DeviceSecurity. Cc: Andrew Fish Cc: Michael D Kinney Cc: Michael D Kinney Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- .gitmodules | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitmodules b/.gitmodules index 60d54b45eb..7f069abd3d

[edk2-devel] [PATCH v4 05/10] SecurityPkg: Add TCG PFP 1.06 support.

Add new api Tpm2ExtendNvIndex. It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX. Cc: Jiewen Yao Cc: Rahul Kumar Signed-off-by: Wenxing Hou Reviewed-by: Jiewen Yao --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +++- .../HashLibBaseCryptoRouterDx

[edk2-devel] [PATCH v4 04/10] MdeModulePkg/Variable: Add TCG SPDM device measurement update

Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable. Cc: Liming Gao Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdeModulePkg/MdeModulePkg.dec | 5 +++ .../Variable/RuntimeDxe/Measurement.c | 38 --- .../RuntimeDxe/VariableRuntimeDxe.inf

[edk2-devel] [PATCH v4 03/10] MdePkg: Add devAuthBoot GlobalVariable

According to UEFI 2.10 spec 3.3 Globally Defined Variables section, add devAuthBoot GlobalVariable. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou Reviewed-by: Liming Gao --- MdePkg/Include/Guid/GlobalVariable.h | 8 +++- MdePkg

[edk2-devel] [PATCH v4 02/10] MdePkg: Add TCG PFP 1.06 support.

Add support for TCG PC Client Platform Firmware Profile Specification 1.06. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h| 4 +- .../IndustryStandard/UefiTcgPlatform.h| 186

[edk2-devel] [PATCH v4 01/10] MdePkg: Add SPDM1.2 support.

-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h | 1110 ++-- 1 file changed, 1061 insertions(+), 49 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h index 4ec7a5ed1f..7940caa95e 100644 --- a/MdePkg/Include

[edk2-devel] [PATCH v4 00/10] Add DeviceSecurity feature based on PFP 1.06 spec

Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wenxing Hou Wenxing Hou (10): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. Security

[edk2-devel] [PATCH 6/9] CryptoPkg: Add Pkcs5 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++ 1 file changed, 100 insertions

[edk2-devel] [PATCH 9/9] CryptoPkg: Add ImageTimestampVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++ 1 file changed, 381 insertions

[edk2-devel] [PATCH 8/9] CryptoPkg: Add AuthenticodeVerify based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Pk/CryptAuthenticode.c| 214 ++ 1 file changed, 214 insertions(+) create mode 100644

[edk2-devel] [PATCH 7/9] CryptoPkg: Add more RSA related functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 ++ .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c

[edk2-devel] [PATCH 5/9] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/InternalCryptLib.h| 33 + .../Pk/CryptPkcs7Internal.h | 20 +- .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c | 615

[edk2-devel] [PATCH 4/9] CryptoPkg: Add X509 functions based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1924 + 1 file changed, 1924 insertions(+) create

[edk2-devel] [PATCH 3/9] CryptoPkg: Add Pem APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++ 1 file changed, 138 insertions(+) create mode 100644 CryptoPkg/Library

[edk2-devel] [PATCH 2/9] CryptoPkg: Add rand function for BaseCryptLibMbedTls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- CryptoPkg/CryptoPkg.ci.yaml | 1 + .../BaseCryptLibMbedTls/InternalCryptLib.h| 16 +++ .../BaseCryptLibMbedTls

[edk2-devel] [PATCH 1/9] CryptoPkg: Add AeadAesGcm based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Cipher/CryptAeadAesGcm.c | 227 ++ 1 file changed, 227 insertions(+) create mode 100644

[edk2-devel] [PATCH 0/9] Add more crypt APIs based on Mbedtls

unit_test in EDKII and integration test for platform. And the patch hass passed the fuzz test: https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128 Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Wenxing Hou (9): CryptoPkg: Add AeadAesGcm based on Mbedtls

Re: [edk2-devel] [PATCH 0/9] Add DeviceSecurity feature based on PFP 1.06 spec

ofile-specification/ > > The POC branch: > https://github.com/tianocore/edk2-staging/tree/DeviceSecurity > > And the PATCH set has passed the EDKII CI: > https://github.com/tianocore/edk2/pull/5508 > > Cc: Sean Brogan > Cc: Joey Vagedes > Cc: Michael D Kinney >

[edk2-devel] [PATCH v3 08/10] .gitmodule: Add libspdm submodule for EDKII

libspdm is submodule, which will be used in DeviceSecurity. Cc: Andrew Fish Cc: Michael D Kinney Cc: Michael D Kinney Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- .gitmodules| 3 +++ SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + 2 files changed, 4

[edk2-devel] [PATCH v3 10/10] ReadMe.rst: Add libspdm submodule license

This patch add libspdm submodule license. Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Signed-off-by: Wenxing Hou --- ReadMe.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/ReadMe.rst b/ReadMe.rst index 808ccd37af..cfd522fdbd 100644 --- a/ReadMe.rst +++ b/ReadMe.rst

[edk2-devel] [PATCH v3 09/10] SecurityPkg: Add libspdm submodule

libspdm is submodule to support DeviceSecurity feature. Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/libspdm b/SecurityPkg/DeviceSecurity/SpdmLib

[edk2-devel] [PATCH v3 05/10] SecurityPkg: Add TCG PFP 1.06 support.

Add new api Tpm2ExtendNvIndex. It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX. Cc: Jiewen Yao Cc: Rahul Kumar Signed-off-by: Wenxing Hou --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +++- .../HashLibBaseCryptoRouterDxe.c |

[edk2-devel] [PATCH v3 07/10] .pytool/CISettings.py: add libspdm submodule.

Add DeviceSecurity submodule libspdm. Cc: Sean Brogan Cc: Joey Vagedes Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Wenxing Hou Reviewed-by: Joey Vagedes --- .pytool/CISettings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py

[edk2-devel] [PATCH v3 03/10] MdePkg: Add devAuthBoot GlobalVariable

According to UEFI 2.10 spec 3.3 Globally Defined Variables section, add devAuthBoot GlobalVariable. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou Reviewed-by: Liming Gao --- MdePkg/Include/Guid/GlobalVariable.h | 8 +++- MdePkg

[edk2-devel] [PATCH v3 02/10] MdePkg: Add TCG PFP 1.06 support.

Add support for TCG PC Client Platform Firmware Profile Specification 1.06. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h| 4 +- .../IndustryStandard/UefiTcgPlatform.h| 186

[edk2-devel] [PATCH v3 04/10] MdeModulePkg/Variable: Add TCG SPDM device measurement update

Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable. Cc: Liming Gao Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdeModulePkg/MdeModulePkg.dec | 5 +++ .../Variable/RuntimeDxe/Measurement.c | 38 --- .../RuntimeDxe/VariableRuntimeDxe.inf

[edk2-devel] [PATCH v3 01/10] MdePkg: Add SPDM1.2 support.

-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h | 1110 ++-- 1 file changed, 1061 insertions(+), 49 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h index 4ec7a5ed1f..7940caa95e 100644 --- a/MdePkg/Include

[edk2-devel] [PATCH v3 00/10] Add DeviceSecurity feature based on PFP 1.06 spec

oey Vagedes Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Liming Gao Cc: Sean Brogan Cc: Joey Vagedes Cc: Zhiguang Liu Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wenxing Hou Wenxing Hou (10): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg:

Re: [edk2-devel] [PATCH 4/9] MdeModulePkg/Variable: Add TCG SPDM device measurement update

-devel] [PATCH 4/9] MdeModulePkg/Variable: Add TCG SPDM device measurement update Can you please fix the following typo? "PcdEnableSpdmDeviceAuthenticaion" Thanks, Michael On 4/1/2024 10:31 PM, Wenxing Hou wrote: > Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable. > > C

[edk2-devel] [PATCH v2 8/9] .gitmodule: Add libspdm submodule for EDKII

libspdm is submodule, which will be used in DeviceSecurity. Cc: Andrew Fish Cc: Michael D Kinney Cc: Michael D Kinney Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- .gitmodules| 3 +++ SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + 2 files changed, 4

[edk2-devel] [PATCH v2 9/9] SecurityPkg: Add libspdm submodule

libspdm is submodule to support DeviceSecurity feature. Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/libspdm b/SecurityPkg/DeviceSecurity/SpdmLib

[edk2-devel] [PATCH v2 7/9] .pytool/CISettings.py: add libspdm submodule.

Add DeviceSecurity submodule libspdm. Cc: Sean Brogan Cc: Joey Vagedes Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Wenxing Hou Reviewed-by: Joey Vagedes --- .pytool/CISettings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py

[edk2-devel] [PATCH v2 5/9] SecurityPkg: Add TCG PFP 1.06 support.

Add new api Tpm2ExtendNvIndex. It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX. Cc: Jiewen Yao Cc: Rahul Kumar Signed-off-by: Wenxing Hou --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +++- .../HashLibBaseCryptoRouterDxe.c |

[edk2-devel] [PATCH v2 4/9] MdeModulePkg/Variable: Add TCG SPDM device measurement update

Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable. Cc: Liming Gao Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdeModulePkg/MdeModulePkg.dec | 5 +++ .../Variable/RuntimeDxe/Measurement.c | 38 --- .../RuntimeDxe/VariableRuntimeDxe.inf

[edk2-devel] [PATCH v2 3/9] MdePkg: Add devAuthBoot GlobalVariable

According to UEFI 2.10 spec 3.3 Globally Defined Variables section, add devAuthBoot GlobalVariable. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/Include/Guid/GlobalVariable.h | 8 +++- MdePkg/Include/Guid

[edk2-devel] [PATCH v2 2/9] MdePkg: Add TCG PFP 1.06 support.

Add support for TCG PC Client Platform Firmware Profile Specification 1.06. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h| 4 +- .../IndustryStandard/UefiTcgPlatform.h| 186

[edk2-devel] [PATCH v2 1/9] MdePkg: Add SPDM1.2 support.

-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h | 1110 ++-- 1 file changed, 1061 insertions(+), 49 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h index 4ec7a5ed1f..7940caa95e 100644 --- a/MdePkg/Include

[edk2-devel] [PATCH v2 0/9] Add DeviceSecurity feature based on PFP 1.06 spec

Yao Signed-off-by: Wenxing Hou Wenxing Hou (9): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. SecurityPkg: add DeviceSecurity supp

[edk2-devel] [PATCH 9/9] SecurityPkg: Add libspdm submodule

libspdm is submodule to support DeviceSecurity feature. Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/libspdm b/SecurityPkg/DeviceSecurity/SpdmLib

[edk2-devel] [PATCH 8/9] .gitmodule: Add libspdm submodule for EDKII

libspdm is submodule, which will be used in DeviceSecurity. Cc: Andrew Fish Cc: Michael D Kinney Cc: Michael D Kinney Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- .gitmodules| 3 +++ SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + 2 files changed, 4

[edk2-devel] [PATCH 5/9] SecurityPkg: Add TCG PFP 1.06 support.

Add new api Tpm2ExtendNvIndex. It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX. Cc: Jiewen Yao Cc: Rahul Kumar Signed-off-by: Wenxing Hou --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +++- .../HashLibBaseCryptoRouterDxe.c |

[edk2-devel] [PATCH 7/9] .pytool/CISettings.py: add libspdm submodule.

Add DeviceSecurity submodule libspdm. Cc: Sean Brogan Cc: Joey Vagedes Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Wenxing Hou --- .pytool/CISettings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index ec3beb0dcf..314758da32

[edk2-devel] [PATCH 4/9] MdeModulePkg/Variable: Add TCG SPDM device measurement update

Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable. Cc: Liming Gao Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdeModulePkg/MdeModulePkg.dec | 5 +++ .../Variable/RuntimeDxe/Measurement.c | 38 --- .../RuntimeDxe/VariableRuntimeDxe.inf

[edk2-devel] [PATCH 3/9] MdePkg: Add devAuthBoot GlobalVariable

According to UEFI 2.10 spec 3.3 Globally Defined Variables section, add devAuthBoot GlobalVariable. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/Include/Guid/GlobalVariable.h | 8 +++- MdePkg/Include/Guid

[edk2-devel] [PATCH 0/9] Add DeviceSecurity feature based on PFP 1.06 spec

the EDKII CI: https://github.com/tianocore/edk2/pull/5508 Cc: Sean Brogan Cc: Joey Vagedes Cc: Michael D Kinney Cc: Liming Gao Cc: Andrew Fish Cc: Zhiguang Liu Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wenxing Hou Wenxing Hou (9): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP

[edk2-devel] [PATCH 1/9] MdePkg: Add SPDM1.2 support.

-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h | 1110 ++-- 1 file changed, 1061 insertions(+), 49 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h index 4ec7a5ed1f..7940caa95e 100644 --- a/MdePkg/Include

[edk2-devel] [PATCH 2/9] MdePkg: Add TCG PFP 1.06 support.

Add support for TCG PC Client Platform Firmware Profile Specification 1.06. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/Include/IndustryStandard/Spdm.h| 4 +- .../IndustryStandard/UefiTcgPlatform.h| 186

[edk2-devel] [PATCH 3/3] CryptoPkg: Remove interdependence for RsaPssVerify

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4742 Remove interdependence for RsaPssVerify, only use original mbedtls API. Because APIs such as Sha512Init may be closed by the platform PCD. And this patch optimize the hash flow. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou

[edk2-devel] [PATCH 2/3] CryptoPkg: Update Md5/Sha1/Sha2 by using new mbedtls api

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4741 Update Md5/Sha1/Sha2 by using mbedtls 3.0 api in BaseCryptLibMbedTls, because the old API may be deprecated when open some MACRO. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Library/BaseCryptLibMbedTls/Hash/CryptMd5.c

[edk2-devel] [PATCH 1/3] CryptoPkg: Update OPTIONAL location for BaseCryptLibMbedTls

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4740 There is a wrong usage for OPTIONAL. Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou --- .../Library/BaseCryptLibMbedTls/Pk/CryptPkcs1OaepNull.c | 6 ++ CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509Null.c| 6

[edk2-devel] [PATCH 0/3] CryptoPkg: Optimize APIs in BaseCryptLibMbedTls

. And these patch has paseed the EDKII CI test. https://github.com/tianocore/edk2/pull/5501 Cc: Jiewen Yao Cc: Yi Li Signed-off-by: Wenxing Hou Wenxing Hou (3): CryptoPkg: Update OPTIONAL location for BaseCryptLibMbedTls CryptoPkg: Update Md5/Sha1/Sha2 by using new mbedtls api CryptoPkg: Remove

[edk2-devel] [PATCH v3 2/2] MdePkg: Add gEfiDeviceSignatureDatabaseGuid to dec

According to UEFI 2.10 spec 32.8.2 UEFI Device Signature Variable GUID and Variable Name section, add gEfiDeviceSignatureDatabaseGuid to dec. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Signed-off-by: Wenxing Hou --- MdePkg/MdePkg.dec | 8 +++- 1 file changed, 7

  1   2   >