From 9dd35cba2a928251dd3b1d352ba8c8cc8364537d Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Tue, 20 Feb 2024 09:32:29 +0800 Subject: [PATCH] Fix format to pass the EDKII CI Signed-off-by: Wenxing Hou --- .../Variable/RuntimeDxe/Measurement.c | 32 +++--- .../RuntimeDxe/VariableRuntimeDxe.inf | 3 +- .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 2 +- MdePkg/Include/Guid/DeviceAuthentication.h | 2 +- MdePkg/Include/Guid/GlobalVariable.h | 2 +- MdePkg/Include/Guid/ImageAuthentication.h | 6 +- .../IndustryStandard/UefiTcgPlatform.h | 2 +- MdePkg/MdePkg.ci.yaml | 3 +- MdePkg/MdePkg.dec | 4 +- .../OsStub/CryptlibWrapper/CryptlibWrapper.c | 20 ++-- .../OsStub/MemLibWrapper/MemLibWrapper.c | 2 +- .../PlatformLibWrapper/PlatformLibWrapper.c | 2 +- .../SpdmLib/Include/Stub/SpdmLibStub.h | 6 +- .../SpdmLib/Include/hal/LibspdmStdBoolAlt.h | 9 ++ .../SpdmLib/Include/hal/LibspdmStdDefAlt.h | 9 ++ .../SpdmLib/Include/hal/LibspdmStdIntAlt.h | 9 ++ .../DeviceSecurity/SpdmLib/Include/hal/base.h | 33 ++++--- .../SpdmLib/Include/hal/library/debuglib.h | 11 ++- .../SpdmLib/Include/library/spdm_lib_config.h | 97 ++++++++++--------- .../DeviceSecurity/SpdmLib/SpdmCommonLib.inf | 2 +- .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 2 +- .../SpdmLib/SpdmDeviceSecretLibNull.inf | 2 +- .../SpdmLib/SpdmRequesterLib.inf | 2 +- .../SpdmLib/SpdmResponderLib.inf | 2 +- .../SpdmLib/SpdmSecuredMessageLib.inf | 2 +- .../SpdmLib/SpdmTransportMctpLib.inf | 2 +- .../SpdmLib/SpdmTransportPciDoeLib.inf | 2 +- .../SpdmSecurityLib/SpdmAuthentication.c | 32 +++--- .../SpdmSecurityLib/SpdmConnectionInit.c | 15 ++- .../SpdmSecurityLib/SpdmMeasurement.c | 22 +++-- .../SpdmSecurityLib/SpdmSecurityLib.c | 14 ++- .../SpdmSecurityLib/SpdmSecurityLib.inf | 4 +- .../SpdmSecurityLib/SpdmSecurityLibInternal.h | 4 +- SecurityPkg/Include/Library/SpdmSecurityLib.h | 26 ++--- SecurityPkg/Include/Library/Tpm2CommandLib.h | 2 +- .../Include/Protocol/DeviceSecurityPolicy.h | 6 +- .../HashLibBaseCryptoRouterDxe.c | 47 ++++++--- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 2 +- SecurityPkg/SecurityPkg.ci.yaml | 3 +- SecurityPkg/SecurityPkg.dec | 2 +- SecurityPkg/SecurityPkg.dsc | 2 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 48 ++++----- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- 43 files changed, 297 insertions(+), 206 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c index 8e950bf24eb..74514077bd2 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c @@ -27,12 +27,12 @@ typedef struct { } VARIABLE_TYPE; VARIABLE_TYPE mVariableType[] = { - { EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid }, - { EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid }, - { EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid }, - { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid }, - { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid }, - { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid }, + { EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid }, + { EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid }, + { EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid }, + { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid }, + { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid }, + { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid }, { EFI_DEVICE_SECURITY_DATABASE, &gEfiDeviceSignatureDatabaseGuid }, }; @@ -126,18 +126,17 @@ MeasureVariable ( } if (CompareGuid (VendorGuid, &gEfiDeviceSignatureDatabaseGuid)) { - DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", PCR_INDEX_FOR_SIGNATURE_DB, (UINTN)EV_EFI_SPDM_DEVICE_POLICY)); DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid)); Status = TpmMeasureAndLogData ( - PCR_INDEX_FOR_SIGNATURE_DB, - EV_EFI_SPDM_DEVICE_POLICY, - VarLog, - VarLogSize, - VarLog, - VarLogSize - ); + PCR_INDEX_FOR_SIGNATURE_DB, + EV_EFI_SPDM_DEVICE_POLICY, + VarLog, + VarLogSize, + VarLog, + VarLogSize + ); FreePool (VarLog); return Status; } @@ -249,8 +248,9 @@ SecureBootHook ( if (CompareGuid (VendorGuid, &gEfiDeviceSignatureDatabaseGuid)) { if ((PcdGet32 (PcdTcgPfpMeasurementRevision) < TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106) || - (PcdGet8(PcdEnableSpdmDeviceAuthenticaion) == 0)) { - return ; + (PcdGet8 (PcdEnableSpdmDeviceAuthenticaion) == 0)) + { + return; } } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 592ade7f998..c729da448e0 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -140,7 +140,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## PRODUCES AND CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## PRODUCES AND CONSUMES + [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index e1e9081b281..98ff7800c10 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -81,7 +81,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## PRODUCES AND CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## PRODUCES AND CONSUMES [Guids] ## PRODUCES ## GUID # Signature of Variable store header diff --git a/MdePkg/Include/Guid/DeviceAuthentication.h b/MdePkg/Include/Guid/DeviceAuthentication.h index 3b6556f7c22..65dea4273d7 100644 --- a/MdePkg/Include/Guid/DeviceAuthentication.h +++ b/MdePkg/Include/Guid/DeviceAuthentication.h @@ -1,7 +1,7 @@ /** @file Guid & data structure used for Device Security. - Copyright (c) 2022, Intel Corporation. All rights reserved.
+ Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ diff --git a/MdePkg/Include/Guid/GlobalVariable.h b/MdePkg/Include/Guid/GlobalVariable.h index 7809748b762..eb6e5a043e4 100644 --- a/MdePkg/Include/Guid/GlobalVariable.h +++ b/MdePkg/Include/Guid/GlobalVariable.h @@ -1,7 +1,7 @@ /** @file GUID for EFI (NVRAM) Variables. - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h index 84bacef5075..f95255c0fb7 100644 --- a/MdePkg/Include/Guid/ImageAuthentication.h +++ b/MdePkg/Include/Guid/ImageAuthentication.h @@ -1,7 +1,7 @@ /** @file Image signature database are defined for the signed image validation. - Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: @@ -41,8 +41,8 @@ #define SETUP_MODE 1 #define USER_MODE 0 -#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 -#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 +#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 +#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 // *********************************************************************** // Signature Database diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h index 79a261a1509..61bd4e4667b 100644 --- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h +++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h @@ -2,7 +2,7 @@ TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and TCG PC Client Platform Firmware Profile Specification, Revision 1.06 - Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ diff --git a/MdePkg/MdePkg.ci.yaml b/MdePkg/MdePkg.ci.yaml index f024b48685e..7f0c1cb8ede 100644 --- a/MdePkg/MdePkg.ci.yaml +++ b/MdePkg/MdePkg.ci.yaml @@ -2,7 +2,7 @@ # CI configuration for MdePkg # # Copyright (c) Microsoft Corporation -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2020 - 2024, Intel Corporation. All rights reserved.
# Copyright (c) 2021, Arm Limited. All rights reserved.
# Copyright (c) 2023, Loongson Technology Corporation Limited. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent @@ -67,6 +67,7 @@ "Include/IndustryStandard/Tpm20.h", "Include/IndustryStandard/IoRemappingTable.h", "Include/IndustryStandard/UefiTcgPlatform.h", + "Include/IndustryStandard/Spdm.h", "Include/Library/PcdLib.h", "Include/Library/SafeIntLib.h", "Include/Protocol/DebugSupport.h", diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 78f4489b0d1..55c19ec8b1b 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -4,7 +4,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards. # -# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.
+# Copyright (c) 2007 - 2024, Intel Corporation. All rights reserved.
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
# (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP
# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.
@@ -743,7 +743,7 @@ # ## GUID used to specify section with devdb content ## Include/Guid/DeviceAuthentication.h - gEfiDeviceSignatureDatabaseGuid = {0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad}} + gEfiDeviceSignatureDatabaseGuid = { 0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad }} # # GUID defined in PI1.0 diff --git a/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c b/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c index 9a1fb3f7240..64db9750ff8 100644 --- a/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c +++ b/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -473,16 +473,22 @@ libspdm_rsa_get_public_key_from_x509 ( return RsaGetPublicKeyFromX509 (cert, cert_size, rsa_context); } -bool libspdm_ec_get_public_key_from_der(const uint8_t *der_data, - size_t der_size, - void **ec_context) +bool +libspdm_ec_get_public_key_from_der ( + const uint8_t *der_data, + size_t der_size, + void **ec_context + ) { return false; } -bool libspdm_rsa_get_public_key_from_der(const uint8_t *der_data, - size_t der_size, - void **rsa_context) +bool +libspdm_rsa_get_public_key_from_der ( + const uint8_t *der_data, + size_t der_size, + void **rsa_context + ) { return false; } diff --git a/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c b/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c index 3d6cb2b790b..42eeecd68c3 100644 --- a/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c +++ b/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ diff --git a/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c b/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c index 250919dab04..99cb15972b8 100644 --- a/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c +++ b/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h index d895f90b23c..8ec6e616757 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h @@ -1,6 +1,6 @@ /** @file - Copyright (c) 2020, Intel Corporation. All rights reserved.
+ Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -259,12 +259,12 @@ typedef enum { // Other component is busy. // SpdmResponseStateBusy, - #if LIBSPDM_RESPOND_IF_READY_SUPPORT + #if LIBSPDM_RESPOND_IF_READY_SUPPORT // // Hardware is not ready. // SpdmResponseStateNotReady, - #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */ + #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */ // // Firmware Update is done. Need resync. // diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h index 1f7e6b2f233..3a77cae1a5c 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h @@ -4,6 +4,15 @@ * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + #ifndef LIBSPDM_STDBOOL_ALT_H #define LIBSPDM_STDBOOL_ALT_H diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h index 1e0080e8cd7..73d320a1691 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h @@ -4,6 +4,15 @@ * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + #ifndef LIBSPDM_STD_DEF_ALT_H #define LIBSPDM_STD_DEF_ALT_H diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h index 2278c36a134..7a03887de68 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h @@ -4,6 +4,15 @@ * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + #ifndef LIBSPDM_STD_INT_ALT_H #define LIBSPDM_STD_INT_ALT_H diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h index f4bcac8fb6a..76ed79fef1d 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h @@ -4,6 +4,15 @@ * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + #ifndef BASE_H #define BASE_H @@ -13,7 +22,7 @@ #ifndef LIBSPDM_STDINT_ALT -#include + #include /* LIBSPDM_OPENSSL_STDINT_WORKAROUND */ @@ -40,25 +49,25 @@ /* In the future libspdm intends to use the Windows native compilation flags and defines, * in place of the UEFI profile / personality. */ -#ifdef LIBSPDM_OPENSSL_STDINT_WORKAROUND -#undef _WIN32 -#undef _WIN64 -#endif + #ifdef LIBSPDM_OPENSSL_STDINT_WORKAROUND + #undef _WIN32 + #undef _WIN64 + #endif #else /* LIBSPDM_STDINT_ALT */ -#include LIBSPDM_STDINT_ALT + #include LIBSPDM_STDINT_ALT #endif /* LIBSPDM_STDINT_ALT */ #ifndef LIBSPDM_STDBOOL_ALT -#include + #include #else -#include LIBSPDM_STDBOOL_ALT + #include LIBSPDM_STDBOOL_ALT #endif #ifndef LIBSPDM_STDDEF_ALT -#include + #include #else -#include LIBSPDM_STDDEF_ALT + #include LIBSPDM_STDDEF_ALT #endif /** @@ -73,7 +82,7 @@ * @return Minimum of two operands. * **/ -#define LIBSPDM_MIN(a, b) (((a) < (b)) ? (a) : (b)) +#define LIBSPDM_MIN(a, b) (((a) < (b)) ? (a) : (b)) /** * Return the number of elements in an array. @@ -86,6 +95,6 @@ * @return The number of elements in Array. The result has type size_t. * **/ -#define LIBSPDM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) +#define LIBSPDM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) #endif /* BASE_H */ diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h index d434ea9e741..f9652d812f8 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h @@ -4,6 +4,15 @@ License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + /** @file Provides services to print debug and assert messages to a debug output device. @@ -31,6 +40,6 @@ #define LIBSPDM_DEBUG_CODE_BEGIN DEBUG_CODE_BEGIN #define LIBSPDM_DEBUG_CODE_END DEBUG_CODE_END -#define LIBSPDM_DEBUG_CODE DEBUG_CODE +#define LIBSPDM_DEBUG_CODE DEBUG_CODE #endif /* DEBUG_LIB_H */ diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h index a0cabc84ef0..e21c085de50 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h @@ -4,6 +4,15 @@ * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md **/ +/** @file + EDKII Device Security library for SPDM device. + It follows the SPDM Specification. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + #ifndef SPDM_LIB_CONFIG_H #define SPDM_LIB_CONFIG_H @@ -15,7 +24,7 @@ * is disabled. */ #ifndef LIBSPDM_DEBUG_ENABLE -#define LIBSPDM_DEBUG_ENABLE 1 +#define LIBSPDM_DEBUG_ENABLE 1 #endif /* The SPDM specification allows a Responder to return up to 256 version entries in the `VERSION` @@ -88,112 +97,112 @@ * NOTE: Not all combination can be supported. E.g. Don't mix NIST algo with SMx.*/ #ifndef LIBSPDM_RSA_SSA_2048_SUPPORT -#define LIBSPDM_RSA_SSA_2048_SUPPORT 1 +#define LIBSPDM_RSA_SSA_2048_SUPPORT 1 #endif #ifndef LIBSPDM_RSA_SSA_3072_SUPPORT -#define LIBSPDM_RSA_SSA_3072_SUPPORT 1 +#define LIBSPDM_RSA_SSA_3072_SUPPORT 1 #endif #ifndef LIBSPDM_RSA_SSA_4096_SUPPORT -#define LIBSPDM_RSA_SSA_4096_SUPPORT 1 +#define LIBSPDM_RSA_SSA_4096_SUPPORT 1 #endif #ifndef LIBSPDM_RSA_PSS_2048_SUPPORT -#define LIBSPDM_RSA_PSS_2048_SUPPORT 0 +#define LIBSPDM_RSA_PSS_2048_SUPPORT 0 #endif #ifndef LIBSPDM_RSA_PSS_3072_SUPPORT -#define LIBSPDM_RSA_PSS_3072_SUPPORT 0 +#define LIBSPDM_RSA_PSS_3072_SUPPORT 0 #endif #ifndef LIBSPDM_RSA_PSS_4096_SUPPORT -#define LIBSPDM_RSA_PSS_4096_SUPPORT 0 +#define LIBSPDM_RSA_PSS_4096_SUPPORT 0 #endif #ifndef LIBSPDM_ECDSA_P256_SUPPORT -#define LIBSPDM_ECDSA_P256_SUPPORT 1 +#define LIBSPDM_ECDSA_P256_SUPPORT 1 #endif #ifndef LIBSPDM_ECDSA_P384_SUPPORT -#define LIBSPDM_ECDSA_P384_SUPPORT 1 +#define LIBSPDM_ECDSA_P384_SUPPORT 1 #endif #ifndef LIBSPDM_ECDSA_P521_SUPPORT -#define LIBSPDM_ECDSA_P521_SUPPORT 1 +#define LIBSPDM_ECDSA_P521_SUPPORT 1 #endif #ifndef LIBSPDM_SM2_DSA_P256_SUPPORT -#define LIBSPDM_SM2_DSA_P256_SUPPORT 0 +#define LIBSPDM_SM2_DSA_P256_SUPPORT 0 #endif #ifndef LIBSPDM_EDDSA_ED25519_SUPPORT -#define LIBSPDM_EDDSA_ED25519_SUPPORT 0 +#define LIBSPDM_EDDSA_ED25519_SUPPORT 0 #endif #ifndef LIBSPDM_EDDSA_ED448_SUPPORT -#define LIBSPDM_EDDSA_ED448_SUPPORT 0 +#define LIBSPDM_EDDSA_ED448_SUPPORT 0 #endif #ifndef LIBSPDM_FFDHE_2048_SUPPORT -#define LIBSPDM_FFDHE_2048_SUPPORT 0 +#define LIBSPDM_FFDHE_2048_SUPPORT 0 #endif #ifndef LIBSPDM_FFDHE_3072_SUPPORT -#define LIBSPDM_FFDHE_3072_SUPPORT 0 +#define LIBSPDM_FFDHE_3072_SUPPORT 0 #endif #ifndef LIBSPDM_FFDHE_4096_SUPPORT -#define LIBSPDM_FFDHE_4096_SUPPORT 0 +#define LIBSPDM_FFDHE_4096_SUPPORT 0 #endif #ifndef LIBSPDM_ECDHE_P256_SUPPORT -#define LIBSPDM_ECDHE_P256_SUPPORT 1 +#define LIBSPDM_ECDHE_P256_SUPPORT 1 #endif #ifndef LIBSPDM_ECDHE_P384_SUPPORT -#define LIBSPDM_ECDHE_P384_SUPPORT 1 +#define LIBSPDM_ECDHE_P384_SUPPORT 1 #endif #ifndef LIBSPDM_ECDHE_P521_SUPPORT -#define LIBSPDM_ECDHE_P521_SUPPORT 1 +#define LIBSPDM_ECDHE_P521_SUPPORT 1 #endif #ifndef LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT -#define LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 0 +#define LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 0 #endif #ifndef LIBSPDM_AEAD_AES_128_GCM_SUPPORT -#define LIBSPDM_AEAD_AES_128_GCM_SUPPORT 1 +#define LIBSPDM_AEAD_AES_128_GCM_SUPPORT 1 #endif #ifndef LIBSPDM_AEAD_AES_256_GCM_SUPPORT -#define LIBSPDM_AEAD_AES_256_GCM_SUPPORT 1 +#define LIBSPDM_AEAD_AES_256_GCM_SUPPORT 1 #endif #ifndef LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT -#define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 0 +#define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 0 #endif #ifndef LIBSPDM_AEAD_SM4_128_GCM_SUPPORT -#define LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 0 +#define LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 0 #endif #ifndef LIBSPDM_SHA256_SUPPORT -#define LIBSPDM_SHA256_SUPPORT 1 +#define LIBSPDM_SHA256_SUPPORT 1 #endif #ifndef LIBSPDM_SHA384_SUPPORT -#define LIBSPDM_SHA384_SUPPORT 1 +#define LIBSPDM_SHA384_SUPPORT 1 #endif #ifndef LIBSPDM_SHA512_SUPPORT -#define LIBSPDM_SHA512_SUPPORT 0 +#define LIBSPDM_SHA512_SUPPORT 0 #endif #ifndef LIBSPDM_SHA3_256_SUPPORT -#define LIBSPDM_SHA3_256_SUPPORT 0 +#define LIBSPDM_SHA3_256_SUPPORT 0 #endif #ifndef LIBSPDM_SHA3_384_SUPPORT -#define LIBSPDM_SHA3_384_SUPPORT 0 +#define LIBSPDM_SHA3_384_SUPPORT 0 #endif #ifndef LIBSPDM_SHA3_512_SUPPORT -#define LIBSPDM_SHA3_512_SUPPORT 0 +#define LIBSPDM_SHA3_512_SUPPORT 0 #endif #ifndef LIBSPDM_SM3_256_SUPPORT -#define LIBSPDM_SM3_256_SUPPORT 0 +#define LIBSPDM_SM3_256_SUPPORT 0 #endif /* This can be set to 0 for the device which does not need X509 parser.*/ #ifndef LIBSPDM_CERT_PARSE_SUPPORT -#define LIBSPDM_CERT_PARSE_SUPPORT 1 +#define LIBSPDM_CERT_PARSE_SUPPORT 1 #endif /* Code space optimization for Optional request/response messages.*/ @@ -239,27 +248,27 @@ #endif #ifndef LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP -#define LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP 0 +#define LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP 0 #endif #ifndef LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP -#define LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 0 +#define LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 0 #endif #ifndef LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP -#define LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP 0 +#define LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP 0 #endif #ifndef LIBSPDM_ENABLE_CAPABILITY_CSR_CAP -#define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP 0 +#define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP 0 #endif #ifndef LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP -#define LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP 0 +#define LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP 0 #endif #ifndef LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP -#define LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 0 +#define LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 0 #endif /* If 1 then endpoint supports sending GET_CERTIFICATE and GET_DIGESTS requests. @@ -267,7 +276,7 @@ * must also be enabled. */ #ifndef LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT -#define LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT 1 +#define LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT 1 #endif /* If 1 then endpoint supports sending CHALLENGE request. @@ -275,7 +284,7 @@ * must also be enabled. */ #ifndef LIBSPDM_SEND_CHALLENGE_SUPPORT -#define LIBSPDM_SEND_CHALLENGE_SUPPORT 1 +#define LIBSPDM_SEND_CHALLENGE_SUPPORT 1 #endif /* When LIBSPDM_RESPOND_IF_READY_SUPPORT is 0 then @@ -292,7 +301,7 @@ * ERROR response to the Requester, and will accept a subsequent RESPOND_IF_READY request. */ #ifndef LIBSPDM_RESPOND_IF_READY_SUPPORT -#define LIBSPDM_RESPOND_IF_READY_SUPPORT 1 +#define LIBSPDM_RESPOND_IF_READY_SUPPORT 1 #endif /* @@ -375,17 +384,17 @@ * See https://github.com/DMTF/libspdm/blob/main/doc/user_guide.md#message-logging * for more information */ #ifndef LIBSPDM_ENABLE_MSG_LOG -#define LIBSPDM_ENABLE_MSG_LOG 1 +#define LIBSPDM_ENABLE_MSG_LOG 1 #endif /* Enable macro checking during compilation. */ #ifndef LIBSPDM_CHECK_MACRO -#define LIBSPDM_CHECK_MACRO 0 +#define LIBSPDM_CHECK_MACRO 0 #endif /* Enable checks to the SPDM context during runtime. */ #ifndef LIBSPDM_CHECK_SPDM_CONTEXT -#define LIBSPDM_CHECK_SPDM_CONTEXT 1 +#define LIBSPDM_CHECK_SPDM_CONTEXT 1 #endif #endif /* SPDM_LIB_CONFIG_H */ diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf index 579e18ea743..a0c62bbad05 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf index 801839fcb50..5e919685767 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf index ff77a1c92e7..47f9fe9fe5a 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf index dd45c2caf3f..4fcefe32dcf 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf index 1defa6e1ba4..61528a80ab7 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf index 64beb91fab4..062bf77158c 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf index fb6930df54a..a597d359130 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf index a058c7ad673..a0f47d6c7d5 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c index b921f9d9e2d..86cf9b225c7 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -202,7 +202,7 @@ ExtendCertificate ( Status = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize); if (Status != EFI_SUCCESS) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; - Status = EFI_DEVICE_ERROR; + Status = EFI_DEVICE_ERROR; goto Exit; } } @@ -273,7 +273,7 @@ ExtendCertificate ( Status = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize); if (Status != EFI_SUCCESS) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; - Status = EFI_DEVICE_ERROR; + Status = EFI_DEVICE_ERROR; goto Exit; } } @@ -337,7 +337,7 @@ ExtendCertificate ( Status = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize); if (Status != EFI_SUCCESS) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; - Status = EFI_DEVICE_ERROR; + Status = EFI_DEVICE_ERROR; goto Exit; } } @@ -368,7 +368,7 @@ ExtendCertificate ( if (SignatureData == NULL) { ASSERT (SignatureData != NULL); SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE; - Status = EFI_OUT_OF_RESOURCES; + Status = EFI_OUT_OF_RESOURCES; goto Exit; } @@ -392,7 +392,7 @@ ExtendCertificate ( Exit: if (EventLog != NULL) { - FreePool(EventLog); + FreePool (EventLog); } return Status; @@ -403,7 +403,6 @@ ExtendCertificate ( @param[in] SpdmDeviceContext The SPDM context for the device. @param[in] AuthState The auth state of this deice. - @param[in] MeasurementHash A pointer to a destination buffer to store the measurement hash. @param[in] RequesterNonce A buffer to hold the requester nonce (32 bytes), if not NULL. @param[in] ResponderNonce A buffer to hold the responder nonce (32 bytes), if not NULL. @param[out] SecurityState A pointer to the security state of the requester. @@ -529,9 +528,9 @@ DoDeviceCertificate ( return EFI_DEVICE_ERROR; } - *IsValidCertChain = FALSE; - *RootCertMatch = FALSE; - CertChainSize = sizeof (CertChain); + *IsValidCertChain = FALSE; + *RootCertMatch = FALSE; + CertChainSize = sizeof (CertChain); ZeroMem (CertChain, sizeof (CertChain)); TrustAnchor = NULL; TrustAnchorSize = 0; @@ -539,10 +538,9 @@ DoDeviceCertificate ( // // Init *ValidSlotId to invalid slot_id // - *ValidSlotId = SPDM_MAX_SLOT_COUNT; + *ValidSlotId = SPDM_MAX_SLOT_COUNT; - if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP) == 0) - { + if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP) == 0) { *AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG; SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_NO_CAPABILITIES; Status = ExtendCertificate (SpdmDeviceContext, *AuthState, 0, NULL, NULL, 0, 0, SecurityState); @@ -553,7 +551,7 @@ DoDeviceCertificate ( if ((LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) || ((SlotMask & 0x01) == 0)) { *AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID; SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE; - SlotId = 0; + SlotId = 0; Status = ExtendCertificate (SpdmDeviceContext, *AuthState, 0, NULL, NULL, 0, SlotId, SecurityState); return Status; } @@ -578,7 +576,7 @@ DoDeviceCertificate ( *IsValidCertChain = TRUE; *AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH; SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE; - *ValidSlotId = SlotId; + *ValidSlotId = SlotId; } } @@ -606,6 +604,8 @@ DoDeviceCertificate ( @param[in] SpdmDeviceContext The SPDM context for the device. @param[out] AuthState The auth state of the devices. @param[in] ValidSlotId The number of slot for the certificate chain. + @param[in] IsValidCertChain Indicate the validity of CertChain + @param[in] RootCertMatch Indicate the match or mismatch for Rootcert @param[out] SecurityState The security state of the requester. @retval EFI_SUCCESS Operation completed successfully. @@ -651,7 +651,7 @@ DoDeviceAuthentication ( IsValidChallengeAuthSig = FALSE; - //get the valid CertChain + // get the valid CertChain CertChainSize = sizeof (CertChain); ZeroMem (CertChain, sizeof (CertChain)); SpdmReturn = SpdmGetCertificateEx (SpdmContext, NULL, ValidSlotId, &CertChainSize, CertChain, (CONST VOID **)&TrustAnchor, &TrustAnchorSize); diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c index 34eada8cc63..d61aa016982 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -303,6 +303,7 @@ CreateSpdmDeviceContext ( DEBUG ((DEBUG_ERROR, "Fail to get UID - %r\n", Status)); goto Error; } + RecordSpdmDeviceContextInList (SpdmDeviceContext); Status = GetVariable2 ( @@ -318,9 +319,11 @@ CreateSpdmDeviceContext ( if (DbList->SignatureListSize == 0) { break; } - if ((!CompareGuid (&DbList->SignatureType, &gEfiCertX509Guid)) - || (DbList->SignatureHeaderSize != 0) - || (DbList->SignatureSize < sizeof (EFI_SIGNATURE_DATA))) { + + if ( (!CompareGuid (&DbList->SignatureType, &gEfiCertX509Guid)) + || (DbList->SignatureHeaderSize != 0) + || (DbList->SignatureSize < sizeof (EFI_SIGNATURE_DATA))) + { DbSize -= DbList->SignatureListSize; DbList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbList + DbList->SignatureListSize); continue; @@ -376,6 +379,7 @@ CreateSpdmDeviceContext ( ASSERT (FALSE); goto Error; } + Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; SpdmReturn = SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { @@ -418,12 +422,13 @@ CreateSpdmDeviceContext ( if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { DEBUG ((DEBUG_ERROR, "SpdmInitConnection - %p\n", SpdmReturn)); - AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM; + AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM; SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_NO_CAPABILITIES; Status = ExtendCertificate (SpdmDeviceContext, AuthState, 0, NULL, NULL, 0, 0, SecurityState); if (Status != EFI_SUCCESS) { DEBUG ((DEBUG_ERROR, "ExtendCertificate AUTH_STATE_NO_SPDM failed\n")); } + goto Error; } diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c index 05e44514fa2..f94ec1e7bf2 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -346,7 +346,7 @@ ExtendMeasurement ( Status = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize); if (Status != EFI_SUCCESS) { SecurityState->MeasurementState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; - Status = EFI_DEVICE_ERROR; + Status = EFI_DEVICE_ERROR; goto Exit; } } @@ -401,7 +401,7 @@ ExtendMeasurement ( Status = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize); if (Status != EFI_SUCCESS) { SecurityState->MeasurementState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; - Status = EFI_DEVICE_ERROR; + Status = EFI_DEVICE_ERROR; goto Exit; } } @@ -453,7 +453,7 @@ ExtendMeasurement ( } if (ResponderNonce != NULL) { - TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS DynamicEventLogSpdmMeasurementsEvent; + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS DynamicEventLogSpdmMeasurementsEvent; CopyMem (DynamicEventLogSpdmMeasurementsEvent.Header.Signature, TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE)); DynamicEventLogSpdmMeasurementsEvent.Header.Version = TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION; @@ -478,9 +478,10 @@ ExtendMeasurement ( DEBUG ((DEBUG_INFO, "TpmMeasureAndLogData (Dynamic) - %r\n", Status)); } + Exit: if (EventLog != NULL) { - FreePool(EventLog); + FreePool (EventLog); } return Status; @@ -545,7 +546,7 @@ DoDeviceMeasurement ( } } - RequestAttribute = 0; + RequestAttribute = 0; RequestAttribute |= SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE; MeasurementRecordLength = sizeof (MeasurementRecord); @@ -568,7 +569,8 @@ DoDeviceMeasurement ( NULL, RequesterNonce, ResponderNonce, - NULL, 0 + NULL, + 0 ); if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) { DEBUG ((DEBUG_INFO, "NumberOfBlocks %d\n", NumberOfBlocks)); @@ -658,7 +660,8 @@ DoDeviceMeasurement ( NULL, RequesterNonce, ResponderNonce, - NULL, 0 + NULL, + 0 ); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (SpdmReturn == LIBSPDM_STATUS_VERIF_FAIL) { @@ -672,7 +675,8 @@ DoDeviceMeasurement ( } if ((ReceivedNumberOfBlock == NumberOfBlocks - 1) && - (ContentChanged == SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED)) { + (ContentChanged == SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED)) + { if (ContentChangedCount == 0) { ContentChangedCount++; goto ContentChangedFlag; diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c index 7c33af3f10d..a4e1f412acf 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -75,7 +75,8 @@ SpdmDeviceAuthenticationAndMeasurement ( BOOLEAN RootCertMatch; if ((PcdGet32 (PcdTcgPfpMeasurementRevision) < TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106) || - (PcdGet8(PcdEnableSpdmDeviceAuthenticaion) == 0)) { + (PcdGet8 (PcdEnableSpdmDeviceAuthenticaion) == 0)) + { return EFI_UNSUPPORTED; } @@ -91,13 +92,15 @@ SpdmDeviceAuthenticationAndMeasurement ( RootCertMatch = FALSE; if (((SecurityPolicy->AuthenticationPolicy & EDKII_DEVICE_AUTHENTICATION_REQUIRED) != 0) || - ((SecurityPolicy->MeasurementPolicy & EDKII_DEVICE_MEASUREMENT_REQUIRED) != 0)) { + ((SecurityPolicy->MeasurementPolicy & EDKII_DEVICE_MEASUREMENT_REQUIRED) != 0)) + { Status = DoDeviceCertificate (SpdmDeviceContext, &AuthState, &SlotId, SecurityState, &IsValidCertChain, &RootCertMatch); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "DoDeviceCertificate failed - %r\n", Status)); goto Ret; } else if ((AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG) || - (AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID)) { + (AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID)) + { goto Ret; } } @@ -108,7 +111,8 @@ SpdmDeviceAuthenticationAndMeasurement ( DEBUG ((DEBUG_ERROR, "DoDeviceAuthentication failed - %r\n", Status)); goto Ret; } else if ((AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG) || - (AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID)) { + (AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID)) + { goto Ret; } } diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf index ade582fac0b..838b115ab0e 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf @@ -1,7 +1,7 @@ ## @file # SPDM library. # -# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -51,4 +51,4 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## CONSUMES diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h index c33a7b04584..611274cb7db 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLibInternal.h @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -184,8 +184,6 @@ DoDeviceMeasurement ( OUT EDKII_DEVICE_SECURITY_STATE *SecurityState ); - - /** This function gets SPDM digest and certificates. diff --git a/SecurityPkg/Include/Library/SpdmSecurityLib.h b/SecurityPkg/Include/Library/SpdmSecurityLib.h index 702dc2e67ef..96a78413819 100644 --- a/SecurityPkg/Include/Library/SpdmSecurityLib.h +++ b/SecurityPkg/Include/Library/SpdmSecurityLib.h @@ -2,7 +2,7 @@ EDKII Device Security library for SPDM device. It follows the SPDM Specification. -Copyright (c) 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -45,7 +45,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent * to execute. **/ typedef -SPDM_RETURN + SPDM_RETURN (*SPDM_DEVICE_SEND_MESSAGE_FUNC)( IN VOID *SpdmContext, IN UINTN MessageSize, @@ -88,7 +88,7 @@ SPDM_RETURN * to execute. **/ typedef -SPDM_RETURN + SPDM_RETURN (*SPDM_DEVICE_RECEIVE_MESSAGE_FUNC)( IN VOID *SpdmContext, IN OUT UINTN *MessageSize, @@ -126,7 +126,7 @@ SPDM_RETURN * @retval RETURN_INVALID_PARAMETER The message is NULL or the message_size is zero. **/ typedef -SPDM_RETURN + SPDM_RETURN (*SPDM_TRANSPORT_ENCODE_MESSAGE_FUNC)( IN VOID *SpdmContext, IN OUT CONST UINT32 *SessionId, @@ -169,7 +169,7 @@ SPDM_RETURN * @retval RETURN_UNSUPPORTED The transport_message is unsupported. **/ typedef -SPDM_RETURN + SPDM_RETURN (*SPDM_TRANSPORT_DECODE_MESSAGE_FUNC)( IN VOID *SpdmContext, IN OUT UINT32 **SessionId, @@ -219,10 +219,10 @@ SPDM_RETURN * @retval RETURN_SUCCESS The sender buffer is acquired. **/ typedef -SPDM_RETURN + SPDM_RETURN (*SPDM_DEVICE_ACQUIRE_SENDER_BUFFER_FUNC)( - IN VOID *SpdmContext, - IN OUT VOID **MsgBufPtr + IN VOID *SpdmContext, + IN OUT VOID **MsgBufPtr ); /** @@ -234,7 +234,7 @@ SPDM_RETURN * @retval RETURN_SUCCESS The sender buffer is Released. **/ typedef -VOID + VOID (*SPDM_DEVICE_RELEASE_SENDER_BUFFER_FUNC)( IN VOID *SpdmContext, IN CONST VOID *MsgBufPtr @@ -278,10 +278,10 @@ VOID * @retval RETURN_SUCCESS The receiver buffer is acquired. **/ typedef -SPDM_RETURN + SPDM_RETURN (*SPDM_DEVICE_ACQUIRE_RECEIVER_BUFFER_FUNC)( - IN VOID *SpdmContext, - IN OUT VOID **MsgBufPtr + IN VOID *SpdmContext, + IN OUT VOID **MsgBufPtr ); /** @@ -293,7 +293,7 @@ SPDM_RETURN * @retval RETURN_SUCCESS The receiver buffer is Released. **/ typedef -VOID + VOID (*SPDM_DEVICE_RELEASE_RECEIVER_BUFFER_FUNC)( IN VOID *SpdmContext, IN CONST VOID *MsgBufPtr diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index f2ff3a5c0cd..70eec84c90f 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to send TPM2 command. -Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ diff --git a/SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h b/SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h index e0c84154796..69148badb6b 100644 --- a/SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h +++ b/SecurityPkg/Include/Protocol/DeviceSecurityPolicy.h @@ -1,7 +1,7 @@ /** @file Platform Device Security Policy Protocol definition - Copyright (c) 2022, Intel Corporation. All rights reserved.
+ Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -88,7 +88,7 @@ typedef struct { @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. **/ typedef -EFI_STATUS + EFI_STATUS (EFIAPI *EDKII_DEVICE_SECURITY_GET_DEVICE_POLICY)( IN EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *This, IN EDKII_DEVICE_IDENTIFIER *DeviceId, @@ -115,7 +115,7 @@ EFI_STATUS @retval EFI_UNSUPPORTED The function is unsupported for the specific Device. **/ typedef -EFI_STATUS + EFI_STATUS (EFIAPI *EDKII_DEVICE_SECURITY_NOTIFY_DEVICE_STATE)( IN EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *This, IN EDKII_DEVICE_IDENTIFIER *DeviceId, diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index 06c6c0068c9..517aaf83624 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -3,7 +3,7 @@ hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines. -Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -129,30 +129,44 @@ HashUpdate ( return EFI_SUCCESS; } +/** + Extend to TPM NvIndex. + + @param[in] NvIndex The NV Index of the area to extend. + @param[in] DataSize The data size to extend. + @param[in] Data The data to extend. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ EFI_STATUS EFIAPI Tpm2ExtendNvIndex ( - TPMI_RH_NV_INDEX NvIndex, - UINT16 DataSize, - BYTE *Data) + TPMI_RH_NV_INDEX NvIndex, + UINT16 DataSize, + BYTE *Data + ) { EFI_STATUS Status; TPMI_RH_NV_AUTH AuthHandle; TPM2B_MAX_BUFFER NvExtendData; AuthHandle = TPM_RH_PLATFORM; - ZeroMem (&NvExtendData, sizeof(NvExtendData)); + ZeroMem (&NvExtendData, sizeof (NvExtendData)); CopyMem (NvExtendData.buffer, Data, DataSize); NvExtendData.size = DataSize; - Status = Tpm2NvExtend ( - AuthHandle, - NvIndex, - NULL, - &NvExtendData - ); - if (EFI_ERROR(Status)) { - DEBUG ((DEBUG_ERROR, "Extend TPM NV index failed, Index: 0x%x Status: %d\n", - NvIndex, Status)); + Status = Tpm2NvExtend ( + AuthHandle, + NvIndex, + NULL, + &NvExtendData + ); + if (EFI_ERROR (Status)) { + DEBUG ( + (DEBUG_ERROR, "Extend TPM NV index failed, Index: 0x%x Status: %d\n", + NvIndex, Status) + ); } return Status; @@ -219,8 +233,8 @@ HashCompleteAndExtend ( Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks); ASSERT_EFI_ERROR (Status); ActivePcrBanks = ActivePcrBanks & mSupportedHashMaskCurrent; - ZeroMem (&TcgPcrEvent2Digest, sizeof(TcgPcrEvent2Digest)); - BufferPtr = CopyDigestListToBuffer (&TcgPcrEvent2Digest, DigestList, ActivePcrBanks); + ZeroMem (&TcgPcrEvent2Digest, sizeof (TcgPcrEvent2Digest)); + BufferPtr = CopyDigestListToBuffer (&TcgPcrEvent2Digest, DigestList, ActivePcrBanks); DigestListBinSize = (UINT32)((UINT8 *)BufferPtr - (UINT8 *)&TcgPcrEvent2Digest); // @@ -232,6 +246,7 @@ HashCompleteAndExtend ( (BYTE *)&TcgPcrEvent2Digest ); } + return Status; } diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c index d9e66366756..89666902b1b 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 NVStorage related command. -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.yaml index e32a1198051..db6b680c487 100644 --- a/SecurityPkg/SecurityPkg.ci.yaml +++ b/SecurityPkg/SecurityPkg.ci.yaml @@ -2,7 +2,7 @@ # CI configuration for SecurityPkg # # Copyright (c) Microsoft Corporation -# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2020 - 2024, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent ## { @@ -25,6 +25,7 @@ "Library/TcgStorageCoreLib/TcgStorageCore.c", "Library/Tpm2CommandLib/Tpm2NVStorage.c", "DeviceSecurity/SpdmLib/Include", + "DeviceSecurity/SpdmLib/libspdm", "DeviceSecurity/OsStub" ] }, diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 04eca45f956..9b0a2d6932b 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 15e8b274f38..5d93fec390c 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -1,7 +1,7 @@ ## @file # Security Module Package for All Architectures. # -# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.
# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 5ea459f504b..1d5e73fec86 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -1,7 +1,7 @@ /** @file This module implements Tcg2 Protocol. -Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -1242,15 +1242,16 @@ TcgDxeHashLogExtendEvent ( // Extend to NvIndex // Status = HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - (UINTN)HashDataLen, - &DigestList - ); + NewEventHdr->PCRIndex, + HashData, + (UINTN)HashDataLen, + &DigestList + ); if (!EFI_ERROR (Status)) { Status = TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData); } } + return Status; } @@ -2338,29 +2339,30 @@ MeasureAllSecureVariables ( // Meaurement UEFI device signature database // if ((PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106) && - (PcdGet8 (PcdEnableSpdmDeviceAuthenticaion) != 0)) { + (PcdGet8 (PcdEnableSpdmDeviceAuthenticaion) != 0)) + { Status = GetVariable2 (EFI_DEVICE_SECURITY_DATABASE, &gEfiDeviceSignatureDatabaseGuid, &Data, &DataSize); if (Status == EFI_SUCCESS) { Status = MeasureVariable ( - PCR_INDEX_FOR_SIGNATURE_DB, - EV_EFI_SPDM_DEVICE_POLICY, - EFI_DEVICE_SECURITY_DATABASE, - &gEfiDeviceSignatureDatabaseGuid, - Data, - DataSize - ); + PCR_INDEX_FOR_SIGNATURE_DB, + EV_EFI_SPDM_DEVICE_POLICY, + EFI_DEVICE_SECURITY_DATABASE, + &gEfiDeviceSignatureDatabaseGuid, + Data, + DataSize + ); FreePool (Data); } else if (Status == EFI_NOT_FOUND) { - Data = NULL; + Data = NULL; DataSize = 0; - Status = MeasureVariable ( - PCR_INDEX_FOR_SIGNATURE_DB, - EV_EFI_SPDM_DEVICE_POLICY, - EFI_DEVICE_SECURITY_DATABASE, - &gEfiDeviceSignatureDatabaseGuid, - Data, - DataSize - ); + Status = MeasureVariable ( + PCR_INDEX_FOR_SIGNATURE_DB, + EV_EFI_SPDM_DEVICE_POLICY, + EFI_DEVICE_SECURITY_DATABASE, + &gEfiDeviceSignatureDatabaseGuid, + Data, + DataSize + ); } } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index deea4834c6c..73cf1fec164 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -16,7 +16,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2024, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -107,8 +107,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLaml ## PRODUCES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa ## PRODUCES - gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion ## CONSUMES [Depex] # According to PcdTpm2AcpiTableRev definition in SecurityPkg.dec