REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479
In PFP spec 1.06, platform firmware records the device certificate and device measurement for each SPDM responder. This PATCH set implement the DeviceSecurityLib to support spdm device Authentication and Measurement. Libspdm as submodule is to support DeviceSecurity feature: https://github.com/DMTF/libspdm TCG PFP spec 1.06: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ The POC branch: https://github.com/tianocore/edk2-staging/tree/DeviceSecurity And the PATCH set has passed the EDKII CI: https://github.com/tianocore/edk2/pull/5508 v2 changes: - Fix typo: PcdEnableSpdmDeviceAuthenticaion -> PcdEnableSpdmDeviceAuthentication v3 changes: - Add new patch 10: Update ReadMe.rst for libspdm submodule license v4 changes: - Update submodule libspdm to latest tag PATCH 3: Reviewed-by: Liming Gao <[email protected]> PATCH 5: Reviewed-by: Jiewen Yao <[email protected]> PATCH 6: Reviewed-by: Jiewen Yao <[email protected]> PATCH 7: Reviewed-by: Joey Vagedes <[email protected]> PATCH 9: Reviewed-by: Jiewen Yao <[email protected]> Cc: Andrew Fish <[email protected]> Cc: Leif Lindholm <[email protected]> Cc: Michael D Kinney <[email protected]> Cc: Liming Gao <[email protected]> Cc: Sean Brogan <[email protected]> Cc: Joey Vagedes <[email protected]> Cc: Zhiguang Liu <[email protected]> Cc: Rahul Kumar <[email protected]> Cc: Jiewen Yao <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Wenxing Hou (10): MdePkg: Add SPDM1.2 support. MdePkg: Add TCG PFP 1.06 support. MdePkg: Add devAuthBoot GlobalVariable MdeModulePkg/Variable: Add TCG SPDM device measurement update SecurityPkg: Add TCG PFP 1.06 support. SecurityPkg: add DeviceSecurity support .pytool/CISettings.py: add libspdm submodule. .gitmodule: Add libspdm submodule for EDKII SecurityPkg: Add libspdm submodule ReadMe.rst: Add libspdm submodule license .gitmodules | 3 + .pytool/CISettings.py | 2 + MdeModulePkg/MdeModulePkg.dec | 5 + .../Variable/RuntimeDxe/Measurement.c | 38 +- .../RuntimeDxe/VariableRuntimeDxe.inf | 3 + .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdePkg/Include/Guid/GlobalVariable.h | 8 +- MdePkg/Include/Guid/ImageAuthentication.h | 5 +- MdePkg/Include/IndustryStandard/Spdm.h | 1112 ++++++++++++++++- .../IndustryStandard/UefiTcgPlatform.h | 186 ++- ReadMe.rst | 1 + .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 970 ++++++++++++++ .../CryptlibWrapper/CryptlibWrapper.inf | 38 + .../OsStub/MemLibWrapper/MemLibWrapper.c | 177 +++ .../OsStub/MemLibWrapper/MemLibWrapper.inf | 33 + .../PlatformLibWrapper/PlatformLibWrapper.c | 85 ++ .../PlatformLibWrapper/PlatformLibWrapper.inf | 33 + .../SpdmLib/Include/Stub/SpdmLibStub.h | 347 +++++ .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 23 + .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 16 + .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 25 + .../DeviceSecurity/SpdmLib/Include/hal/base.h | 94 ++ .../SpdmLib/Include/hal/library/debuglib.h | 39 + .../SpdmLib/Include/library/spdm_lib_config.h | 394 ++++++ .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 47 + .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 45 + .../SpdmLib/SpdmDeviceSecretLibNull.inf | 36 + .../SpdmLib/SpdmRequesterLib.inf | 59 + .../SpdmLib/SpdmResponderLib.inf | 61 + .../SpdmLib/SpdmSecuredMessageLib.inf | 44 + .../SpdmLib/SpdmTransportMctpLib.inf | 38 + .../SpdmLib/SpdmTransportPciDoeLib.inf | 38 + SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 1 + .../SpdmSecurityLib/SpdmAuthentication.c | 697 +++++++++++ .../SpdmSecurityLib/SpdmConnectionInit.c | 481 +++++++ .../SpdmSecurityLib/SpdmMeasurement.c | 714 +++++++++++ .../SpdmSecurityLib/SpdmSecurityLib.c | 148 +++ .../SpdmSecurityLib/SpdmSecurityLib.inf | 54 + .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 250 ++++ SecurityPkg/Include/Library/SpdmSecurityLib.h | 437 +++++++ SecurityPkg/Include/Library/Tpm2CommandLib.h | 23 +- .../Include/Protocol/DeviceSecurityPolicy.h | 133 ++ .../HashLibBaseCryptoRouterDxe.c | 88 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 +- SecurityPkg/SecurityPkg.ci.yaml | 17 +- SecurityPkg/SecurityPkg.dec | 13 +- SecurityPkg/SecurityPkg.dsc | 31 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 61 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- 49 files changed, 7197 insertions(+), 85 deletions(-) create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c create mode 100644 SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf create mode 100644 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h create mode 100644 SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117970): https://edk2.groups.io/g/devel/message/117970 Mute This Topic: https://groups.io/mt/105594737/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
