SpdmSecurityLib.h

Go to the documentation of this file.

 
#ifndef SPDM_SECURITY_LIB_H_
#define SPDM_SECURITY_LIB_H_
 
#include <Protocol/DeviceSecurity.h>
#include <Protocol/DeviceSecurityPolicy.h>
 
typedef
  SPDM_RETURN
(*SPDM_DEVICE_SEND_MESSAGE_FUNC)(
  IN VOID            *SpdmContext,
  IN UINTN           MessageSize,
  IN OUT CONST VOID  *Message,
  IN UINT64          Timeout
  );
 
typedef
  SPDM_RETURN
(*SPDM_DEVICE_RECEIVE_MESSAGE_FUNC)(
  IN VOID       *SpdmContext,
  IN OUT UINTN  *MessageSize,
  IN OUT VOID   **Message,
  IN UINT64     Timeout
  );
 
typedef
  SPDM_RETURN
(*SPDM_TRANSPORT_ENCODE_MESSAGE_FUNC)(
  IN VOID              *SpdmContext,
  IN OUT CONST UINT32  *SessionId,
  IN BOOLEAN           IsAppMessage,
  IN BOOLEAN           IsRequester,
  IN UINTN             MessageSize,
  IN OUT VOID          *Message,
  IN OUT UINTN         *TransportMessageSize,
  IN VOID              **TransportMessage
  );
 
typedef
  SPDM_RETURN
(*SPDM_TRANSPORT_DECODE_MESSAGE_FUNC)(
  IN VOID        *SpdmContext,
  IN OUT UINT32  **SessionId,
  IN BOOLEAN     *IsAppMessage,
  IN BOOLEAN     IsRequester,
  IN UINTN       TransportMessageSize,
  IN OUT VOID    *TransportMessage,
  IN OUT UINTN   *MessageSize,
  IN OUT VOID    **Message
  );
 
typedef
  SPDM_RETURN
(*SPDM_DEVICE_ACQUIRE_SENDER_BUFFER_FUNC)(
  IN VOID      *SpdmContext,
  IN OUT VOID  **MsgBufPtr
  );
 
typedef
  VOID
(*SPDM_DEVICE_RELEASE_SENDER_BUFFER_FUNC)(
  IN VOID        *SpdmContext,
  IN CONST VOID  *MsgBufPtr
  );
 
typedef
  SPDM_RETURN
(*SPDM_DEVICE_ACQUIRE_RECEIVER_BUFFER_FUNC)(
  IN VOID      *SpdmContext,
  IN OUT VOID  **MsgBufPtr
  );
 
typedef
  VOID
(*SPDM_DEVICE_RELEASE_RECEIVER_BUFFER_FUNC)(
  IN VOID        *SpdmContext,
  IN CONST VOID  *MsgBufPtr
  );
 
typedef struct {
  UINT32                     Version;
  //
  // DeviceType is used to create TCG event log context_data.
  // DeviceHandle is used to create TCG event log device_path information.
  //
  EDKII_DEVICE_IDENTIFIER    *DeviceId;
 
  //
  // TRUE  means to use PCR 0 (code) / 1 (config).
  // FALSE means to use PCR 2 (code) / 3 (config).
  //
  BOOLEAN                    IsEmbeddedDevice;
 
  //
  // Below 9 APIs are used to send/receive SPDM request/response.
  //
  // The request flow is:
  //   |<---                       SenderBufferSize                     --->|
  //      |<---                TransportRequestBufferSize            --->|
  //   |<---MaxHeaderSize--->|<-SpdmRequestBufferSize ->|
  //   +--+------------------+==========================+----------------+--+
  //   |  | Transport Header |       SPDM Message       | Transport Tail |  |
  //   +--+------------------+==========================+----------------+--+
  //   ^  ^                  ^
  //   |  |                  | SpdmRequestBuffer
  //   |  | TransportRequestBuffer
  //   | SenderBuffer
  //
  //   AcquireSenderBuffer (&SenderBuffer, &SenderBufferSize);
  //   SpdmRequestBuffer = SenderBuffer + TransportHeaderSize;
  //   /* build SPDM request in SpdmRequestBuffer */
  //   TransportEncodeMessage (SpdmRequestBuffer, SpdmRequestBufferSize,
  //       &TransportRequestBuffer, &TransportRequestBufferSize);
  //   SendMessage (TransportRequestBuffer, TransportRequestBufferSize);
  //   ReleaseSenderBuffer (SenderBuffer);
  //
  // The response flow is:
  //   |<---                       ReceiverBufferSize                   --->|
  //      |<---                TransportResponseBufferSize           --->|
  //                         |<-SpdmResponseBufferSize->|
  //   +--+------------------+==========================+----------------+--+
  //   |  | Transport Header |       SPDM Message       | Transport Tail |  |
  //   +--+------------------+==========================+----------------+--+
  //   ^  ^                  ^
  //   |  |                  | SpdmResponseBuffer
  //   |  | TransportResponseBuffer
  //   | ReceiverBuffer
  //
  //   AcquireReceiverBuffer (&ReceiverBuffer, &ReceiverBufferSize);
  //   TransportResponseBuffer = ReceiverBuffer;
  //   ReceiveMessage (&TransportResponseBuffer, &TransportResponseBufferSize);
  //   TransportDecodeMessage (TransportResponseBuffer, TransportResponseBufferSize,
  //       &SpdmResponseBuffer, &SpdmResponseBufferSize);
  //   /* process SPDM response in SpdmResponseBuffer */
  //   ReleaseReceiverBuffer (ReceiverBuffer);
  //
 
  //
  // API required by SpdmRegisterDeviceIoFunc in libspdm
  // It is used to send/receive transport message (SPDM + transport header).
  //
  SPDM_DEVICE_SEND_MESSAGE_FUNC               SendMessage;
  SPDM_DEVICE_RECEIVE_MESSAGE_FUNC            ReceiveMessage;
  //
  // API required by SpdmRegisterTransportLayerFunc in libspdm
  // It is used to add/remove transport header for SPDM.
  //
  SPDM_TRANSPORT_ENCODE_MESSAGE_FUNC          TransportEncodeMessage;
  SPDM_TRANSPORT_DECODE_MESSAGE_FUNC          TransportDecodeMessage;
  //
  // API required by SpdmRegisterDeviceBufferFunc in libspdm
  // It is used to get the sender/receiver buffer for transport message (SPDM + transport header).
  // The size MUST be big enough to send or receive one transport message (SPDM + transport header).
  // Tthe sender/receiver buffer MAY be overlapped.
  //
  SPDM_DEVICE_ACQUIRE_SENDER_BUFFER_FUNC      AcquireSenderBuffer;
  SPDM_DEVICE_RELEASE_SENDER_BUFFER_FUNC      ReleaseSenderBuffer;
  SPDM_DEVICE_ACQUIRE_RECEIVER_BUFFER_FUNC    AcquireReceiverBuffer;
  SPDM_DEVICE_RELEASE_RECEIVER_BUFFER_FUNC    ReleaseReceiverBuffer;
 
  //
  // Preferred Algorithm List for SPDM negotiation.
  // If it is none zero, it will be used directly.
  // If it is zero, then the SpdmSecurityLib will set the default value.
  //
  UINT32                                      BaseHashAlgo;
  UINT32                                      BaseAsymAlgo;
 
  //
  // transfer size
  //
  UINT32                                      MaxSpdmMsgSize;
  UINT32                                      TransportHeaderSize;
  UINT32                                      TransportTailSize;
  UINT32                                      SenderBufferSize;
  UINT32                                      ReceiverBufferSize;
 
  EFI_GUID                                    *SpdmIoProtocolGuid;
} EDKII_SPDM_DEVICE_INFO;
 
RETURN_STATUS
EFIAPI
SpdmDeviceAuthenticationAndMeasurement (
  IN  EDKII_SPDM_DEVICE_INFO        *SpdmDeviceInfo,
  IN  EDKII_DEVICE_SECURITY_POLICY  *SecurityPolicy,
  OUT EDKII_DEVICE_SECURITY_STATE   *SecurityState
  );
 
VOID *
EFIAPI
SpdmGetIoProtocolViaSpdmContext (
  IN VOID  *SpdmContext
  );
 
BOOLEAN
EFIAPI
IsDeviceAuthBootEnabled (
  VOID
  );
 
#endif