REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303

This patch series add support for device security based
upon the DMTF SPDM specification.
https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip

We did design review at 18 Oct, 2019.
https://edk2.groups.io/g/devel/files/Designs/2019/1018
And the feedback from the meeting is addressed.
https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf

The Device security protocol is added in EDKII repo.
Here we add the producer what follows Intel PCI security spec
to do the device firmware measurement.
https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html

The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2
The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2

The validation has been done on a Intel internal platform.
The device measurement can be shown in TCG event log.

signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (6):
  IntelSiliconPkg/Include: Add Intel PciSecurity definition.
  IntelSiliconPkg/Include: Add Platform Device Security Policy protocol
  IntelSiliconPkg/dec: Add ProtocolGuid definition.
  IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity.
  IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy.
  IntelSiliconPkg/dsc: Add Device Security component.

 .../IntelPciDeviceSecurityDxe.c               | 701 ++++++++++++++++++
 .../IntelPciDeviceSecurityDxe.inf             |  45 ++
 .../TcgDeviceEvent.h                          | 193 +++++
 .../SamplePlatformDevicePolicyDxe.c           | 189 +++++
 .../SamplePlatformDevicePolicyDxe.inf         |  40 +
 .../IndustryStandard/IntelPciSecurity.h       |  66 ++
 .../Protocol/PlatformDeviceSecurityPolicy.h   |  84 +++
 .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec |   1 +
 .../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc |   3 +
 9 files changed, 1322 insertions(+)
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.c
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.inf
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h

-- 
2.19.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49768): https://edk2.groups.io/g/devel/message/49768
Mute This Topic: https://groups.io/mt/40117794/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-