[PATCH V2 0/6] Add Device Security driver


Yao, Jiewen
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303

This patch series add support for device security based
upon the DMTF SPDM specification.
https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.95a.zip

We did design review at 18 Oct, 2019.
https://edk2.groups.io/g/devel/files/Designs/2019/1018
And the feedback from the meeting is addressed.
https://edk2.groups.io/g/devel/files/Designs/2019/1018/EDKII-Device%20Firmware%20Security%20v2.pdf

The Device security protocol is added in EDKII repo.
Here we add the producer what follows Intel PCI security spec
to do the device firmware measurement.
https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html

The EDKII repo update is at https://github.com/jyao1/edk2/tree/DeviceSecurityMasterV2
The EDKII platform repo update is at https://github.com/jyao1/edk2-platforms/tree/DeviceSecurityMasterV2

The validation has been done on a Intel internal platform.
The device measurement can be shown in TCG event log.

signed-off-by: Jiewen Yao <jiewen.yao@...>

Jiewen Yao (6):
IntelSiliconPkg/Include: Add Intel PciSecurity definition.
IntelSiliconPkg/Include: Add Platform Device Security Policy protocol
IntelSiliconPkg/dec: Add ProtocolGuid definition.
IntelSiliconPkg/IntelPciDeviceSecurityDxe: Add PciSecurity.
IntelSiliconPkg/SamplePlatformDevicePolicyDxe: Add sample policy.
IntelSiliconPkg/dsc: Add Device Security component.

.../IntelPciDeviceSecurityDxe.c | 701 ++++++++++++++++++
.../IntelPciDeviceSecurityDxe.inf | 45 ++
.../TcgDeviceEvent.h | 193 +++++
.../SamplePlatformDevicePolicyDxe.c | 189 +++++
.../SamplePlatformDevicePolicyDxe.inf | 40 +
.../IndustryStandard/IntelPciSecurity.h | 66 ++
.../Protocol/PlatformDeviceSecurityPolicy.h | 84 +++
.../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 1 +
.../Intel/IntelSiliconPkg/IntelSiliconPkg.dsc | 3 +
9 files changed, 1322 insertions(+)
create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.c
create mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/SamplePlatformDevicePolicyDxe/SamplePlatformDevicePolicyDxe.inf
create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/IndustryStandard/IntelPciSecurity.h
create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Protocol/PlatformDeviceSecurityPolicy.h

--
2.19.2.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.