Re: [edk2-devel] [PATCH 0/9] Add DeviceSecurity feature based on PFP 1.06 spec

Tue, 09 Apr 2024 08:14:10 -0700 

+Leif

Adding a new submodule requires review by the stewards to review
the license and the health and support of the submodule project.

The top level Readme also requires updates.  It lists all the submodules
and licenses used. Please update this series with the Readme changes.

https://github.com/tianocore/edk2?tab=readme-ov-file#license-details

I also notice that libspdm has its own .gitmodules file that pulls
in more submodules.

[submodule "os_stub/openssllib/openssl"]
    path = os_stub/openssllib/openssl
    url = https://github.com/openssl/openssl
[submodule "os_stub/mbedtlslib/mbedtls"]
    path = os_stub/mbedtlslib/mbedtls
    url = https://github.com/ARMmbed/mbedtls
[submodule "unit_test/cmockalib/cmocka"]
    path = unit_test/cmockalib/cmocka
    url = https://git.cryptomilk.org/projects/cmocka.git


edk2 already had openssl and mbedtls as submodules, does this mean that
openssl and mbedtls will be cloned twice in 2 different locations now?

The edk2 project had issues with the stability of the cmocka server
and changed to a tianocore mirror of the cmocka submodule to improve
CI stability. This is another submodule that will be cloned twice and
may reintroduce the potential for CI stability issues.

Thanks,

Mike

> -----Original Message-----
> From: Hou, Wenxing <wenxing....@intel.com>
> Sent: Monday, April 1, 2024 7:31 PM
> To: devel@edk2.groups.io
> Cc: Sean Brogan <sean.bro...@microsoft.com>; Joey Vagedes
> <joey.vage...@gmail.com>; Kinney, Michael D
> <michael.d.kin...@intel.com>; Liming Gao <gaolim...@byosoft.com.cn>;
> Andrew Fish <af...@apple.com>; Liu, Zhiguang <zhiguang....@intel.com>;
> Kumar, Rahul R <rahul.r.ku...@intel.com>; Yao, Jiewen
> <jiewen....@intel.com>
> Subject: [PATCH 0/9] Add DeviceSecurity feature based on PFP 1.06 spec
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2479
> 
> In PFP spec 1.06, platform firmware records the device certificate and
> device measurement for each SPDM responder.
> This PATCH set implement the DeviceSecurityLib to support spdm device
> Authentication and Measurement.
> 
> Libspdm as submodule is to support DeviceSecurity feature:
> https://github.com/DMTF/libspdm
> 
> TCG PFP spec 1.06:
> https://trustedcomputinggroup.org/resource/pc-client-specific-
> platform-firmware-profile-specification/
> 
> The POC branch:
> https://github.com/tianocore/edk2-staging/tree/DeviceSecurity
> 
> And the PATCH set has passed the EDKII CI:
> https://github.com/tianocore/edk2/pull/5508
> 
> Cc: Sean Brogan <sean.bro...@microsoft.com>
> Cc: Joey Vagedes <joey.vage...@gmail.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> Cc: Andrew Fish <af...@apple.com>
> Cc: Zhiguang Liu <zhiguang....@intel.com>
> Cc: Rahul Kumar <rahul1.ku...@intel.com>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Signed-off-by: Wenxing Hou <wenxing....@intel.com>
> 
> Wenxing Hou (9):
>   MdePkg: Add SPDM1.2 support.
>   MdePkg: Add TCG PFP 1.06 support.
>   MdePkg: Add devAuthBoot GlobalVariable
>   MdeModulePkg/Variable: Add TCG SPDM device measurement update
>   SecurityPkg: Add TCG PFP 1.06 support.
>   SecurityPkg: add DeviceSecurity support
>   .pytool/CISettings.py: add libspdm submodule.
>   .gitmodule: Add libspdm submodule for EDKII
>   SecurityPkg: Add libspdm submodule
> 
>  .gitmodules                                   |    3 +
>  .pytool/CISettings.py                         |    2 +
>  MdeModulePkg/MdeModulePkg.dec                 |    5 +
>  .../Variable/RuntimeDxe/Measurement.c         |   38 +-
>  .../RuntimeDxe/VariableRuntimeDxe.inf         |    3 +
>  .../RuntimeDxe/VariableSmmRuntimeDxe.inf      |    3 +
>  MdePkg/Include/Guid/GlobalVariable.h          |    8 +-
>  MdePkg/Include/Guid/ImageAuthentication.h     |    5 +-
>  MdePkg/Include/IndustryStandard/Spdm.h        | 1112
> ++++++++++++++++-
>  .../IndustryStandard/UefiTcgPlatform.h        |  186 ++-
>  .../OsStub/CryptlibWrapper/CryptlibWrapper.c  |  970 ++++++++++++++
>  .../CryptlibWrapper/CryptlibWrapper.inf       |   38 +
>  .../OsStub/MemLibWrapper/MemLibWrapper.c      |  177 +++
>  .../OsStub/MemLibWrapper/MemLibWrapper.inf    |   33 +
>  .../PlatformLibWrapper/PlatformLibWrapper.c   |   85 ++
>  .../PlatformLibWrapper/PlatformLibWrapper.inf |   33 +
>  .../SpdmLib/Include/Stub/SpdmLibStub.h        |  347 +++++
>  .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h   |   23 +
>  .../SpdmLib/Include/hal/LibspdmStdDefAlt.h    |   16 +
>  .../SpdmLib/Include/hal/LibspdmStdIntAlt.h    |   25 +
>  .../DeviceSecurity/SpdmLib/Include/hal/base.h |   94 ++
>  .../SpdmLib/Include/hal/library/debuglib.h    |   39 +
>  .../SpdmLib/Include/library/spdm_lib_config.h |  394 ++++++
>  .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf  |   47 +
>  .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf   |   45 +
>  .../SpdmLib/SpdmDeviceSecretLibNull.inf       |   36 +
>  .../SpdmLib/SpdmRequesterLib.inf              |   59 +
>  .../SpdmLib/SpdmResponderLib.inf              |   61 +
>  .../SpdmLib/SpdmSecuredMessageLib.inf         |   44 +
>  .../SpdmLib/SpdmTransportMctpLib.inf          |   38 +
>  .../SpdmLib/SpdmTransportPciDoeLib.inf        |   38 +
>  SecurityPkg/DeviceSecurity/SpdmLib/libspdm    |    1 +
>  .../SpdmSecurityLib/SpdmAuthentication.c      |  697 +++++++++++
>  .../SpdmSecurityLib/SpdmConnectionInit.c      |  481 +++++++
>  .../SpdmSecurityLib/SpdmMeasurement.c         |  714 +++++++++++
>  .../SpdmSecurityLib/SpdmSecurityLib.c         |  148 +++
>  .../SpdmSecurityLib/SpdmSecurityLib.inf       |   54 +
>  .../SpdmSecurityLib/SpdmSecurityLibInternal.h |  250 ++++
>  SecurityPkg/Include/Library/SpdmSecurityLib.h |  437 +++++++
>  SecurityPkg/Include/Library/Tpm2CommandLib.h  |   23 +-
>  .../Include/Protocol/DeviceSecurityPolicy.h   |  133 ++
>  .../HashLibBaseCryptoRouterDxe.c              |   88 +-
>  .../Library/Tpm2CommandLib/Tpm2NVStorage.c    |  122 +-
>  SecurityPkg/SecurityPkg.ci.yaml               |   17 +-
>  SecurityPkg/SecurityPkg.dec                   |   13 +-
>  SecurityPkg/SecurityPkg.dsc                   |   31 +-
>  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c             |   61 +-
>  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf           |    4 +-
>  48 files changed, 7196 insertions(+), 85 deletions(-)
>  create mode 100644
> SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe
> r.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrappe
> r.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
>  create mode 160000 SecurityPkg/DeviceSecurity/SpdmLib/libspdm
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
>  create mode 100644
> SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h
>  create mode 100644 SecurityPkg/Include/Library/SpdmSecurityLib.h
>  create mode 100644
> SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h
> 
> --
> 2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117548): https://edk2.groups.io/g/devel/message/117548
Mute This Topic: https://groups.io/mt/105281046/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to