SpdmAuthentication.c File Reference

#include "SpdmSecurityLibInternal.h"

Go to the source code of this file.

Functions
EFI_STATUS EFIAPI	MeasureVariable (IN UINT32 PcrIndex, IN UINT32 EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, IN VOID *VarData, IN UINTN VarSize)
EFI_STATUS	ExtendCertificate (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN UINT8 AuthState, IN UINTN CertChainSize, IN UINT8 *CertChain, IN VOID *TrustAnchor, IN UINTN TrustAnchorSize, IN UINT8 SlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
EFI_STATUS	ExtendAuthentication (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN UINT8 AuthState, IN UINT8 *RequesterNonce, IN UINT8 *ResponderNonce, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
EFI_STATUS EFIAPI	DoDeviceCertificate (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, OUT UINT8 *AuthState, OUT UINT8 *ValidSlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState, OUT BOOLEAN *IsValidCertChain, OUT BOOLEAN *RootCertMatch)
EFI_STATUS EFIAPI	DoDeviceAuthentication (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, OUT UINT8 *AuthState, IN UINT8 ValidSlotId, IN BOOLEAN IsValidCertChain, IN BOOLEAN RootCertMatch, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)

Detailed Description

EDKII Device Security library for SPDM device. It follows the SPDM Specification.

Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file SpdmAuthentication.c.

Function Documentation

DoDeviceAuthentication()

EFI_STATUS EFIAPI DoDeviceAuthentication	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		OUT UINT8 *	AuthState,
		IN UINT8	ValidSlotId,
		IN BOOLEAN	IsValidCertChain,
		IN BOOLEAN	RootCertMatch,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

This function does authentication.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[out]	AuthState	The auth state of the devices.
[in]	ValidSlotId	The number of slot for the certificate chain.
[in]	IsValidCertChain	Indicate the validity of CertChain
[in]	RootCertMatch	Indicate the match or mismatch for Rootcert
[out]	SecurityState	The security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 618 of file SpdmAuthentication.c.

DoDeviceCertificate()

EFI_STATUS EFIAPI DoDeviceCertificate	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		OUT UINT8 *	AuthState,
		OUT UINT8 *	ValidSlotId,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState,
		OUT BOOLEAN *	IsValidCertChain,
		OUT BOOLEAN *	RootCertMatch
	)

This function gets SPDM digest and certificates.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[out]	AuthState	The auth state of the devices.
[out]	ValidSlotId	The number of slot for the certificate chain.
[out]	SecurityState	The security state of the requester.
[out]	IsValidCertChain	The validity of the certificate chain.
[out]	RootCertMatch	The authority of the certificate chain.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 497 of file SpdmAuthentication.c.

ExtendAuthentication()

EFI_STATUS ExtendAuthentication	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		IN UINT8	AuthState,
		IN UINT8 *	RequesterNonce,
		IN UINT8 *	ResponderNonce,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

Measure and log Auth state and Requester and responder Nonce into NV Index.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[in]	AuthState	The auth state of this deice.
[in]	RequesterNonce	A buffer to hold the requester nonce (32 bytes), if not NULL.
[in]	ResponderNonce	A buffer to hold the responder nonce (32 bytes), if not NULL.
[out]	SecurityState	A pointer to the security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 416 of file SpdmAuthentication.c.

ExtendCertificate()

EFI_STATUS ExtendCertificate	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		IN UINT8	AuthState,
		IN UINTN	CertChainSize,
		IN UINT8 *	CertChain,
		IN VOID *	TrustAnchor,
		IN UINTN	TrustAnchorSize,
		IN UINT8	SlotId,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

Extend Certicate and auth state to NV Index and measure trust anchor to PCR.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[in]	AuthState	The auth state of this deice.
[in]	CertChainSize	The size of cert chain.
[in]	CertChain	A pointer to a destination buffer to store the certificate chain.
[in]	TrustAnchor	A buffer to hold the trust_anchor which is used to validate the peer certificate, if not NULL.
[in]	TrustAnchorSize	A buffer to hold the trust_anchor_size, if not NULL..
[in]	SlotId	The number of slot for the certificate chain.
[out]	SecurityState	A pointer to the security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 107 of file SpdmAuthentication.c.

MeasureVariable()

EFI_STATUS EFIAPI MeasureVariable	(	IN UINT32	PcrIndex,
		IN UINT32	EventType,
		IN CHAR16 *	VarName,
		IN EFI_GUID *	VendorGuid,
		IN VOID *	VarData,
		IN UINTN	VarSize
	)

Measure and log an EFI variable, and extend the measurement result into a specific PCR.

Parameters

[in]	PcrIndex	PCR Index.
[in]	EventType	Event type.
[in]	VarName	A Null-terminated string that is the name of the vendor's variable.
[in]	VendorGuid	A unique identifier for the vendor.
[in]	VarData	The content of the variable data.
[in]	VarSize	The size of the variable data.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 29 of file SpdmAuthentication.c.