SpdmSecurityLibInternal.h File Reference

#include <Uefi.h>
#include <hal/base.h>
#include <Stub/SpdmLibStub.h>
#include <industry_standard/spdm.h>
#include <industry_standard/spdm_secured_message.h>
#include <IndustryStandard/Pci.h>
#include <IndustryStandard/Tpm20.h>
#include <IndustryStandard/UefiTcgPlatform.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h>
#include <Library/UefiLib.h>
#include <Library/TpmMeasurementLib.h>
#include <Library/RngLib.h>
#include <Library/BaseCryptLib.h>
#include <library/spdm_requester_lib.h>
#include <Guid/DeviceAuthentication.h>
#include <Guid/ImageAuthentication.h>
#include <Protocol/PciIo.h>
#include <Library/SpdmSecurityLib.h>
#include "library/spdm_crypt_lib.h"

Go to the source code of this file.

Data Structures
struct	SPDM_DEVICE_CONTEXT
struct	SPDM_DEVICE_CONTEXT_INSTANCE

Macros
#define	SPDM_DEVICE_CONTEXT_SIGNATURE   SIGNATURE_32 ('S', 'P', 'D', 'C')
#define	SPDM_DEVICE_CONTEXT_INSTANCE_SIGNATURE   SIGNATURE_32 ('S', 'D', 'C', 'S')
#define	SPDM_DEVICE_CONTEXT_INSTANCE_FROM_LINK(a)   CR (a, SPDM_DEVICE_CONTEXT_INSTANCE, Link, SPDM_DEVICE_CONTEXT_INSTANCE_SIGNATURE)

Functions
VOID *EFIAPI	GetSpdmIoProtocolViaSpdmContext (IN VOID *SpdmContext)
SPDM_DEVICE_CONTEXT *EFIAPI	CreateSpdmDeviceContext (IN EDKII_SPDM_DEVICE_INFO *SpdmDeviceInfo, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
VOID EFIAPI	DestroySpdmDeviceContext (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext)
UINT32 EFIAPI	GetSpdmDeviceType (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext)
UINTN EFIAPI	GetDeviceMeasurementContextSize (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext)
EFI_STATUS EFIAPI	CreateDeviceMeasurementContext (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN OUT VOID *DeviceContext, IN UINTN DeviceContextSize)
EFI_STATUS	ExtendCertificate (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN UINT8 AuthState, IN UINTN CertChainSize, IN UINT8 *CertChain, IN VOID *TrustAnchor, IN UINTN TrustAnchorSize, IN UINT8 SlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
EFI_STATUS EFIAPI	DoDeviceMeasurement (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN UINT8 SlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
EFI_STATUS EFIAPI	DoDeviceCertificate (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, OUT UINT8 *AuthState, OUT UINT8 *ValidSlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState, OUT BOOLEAN *IsValidCertChain, OUT BOOLEAN *RootCertMatch)
EFI_STATUS EFIAPI	DoDeviceAuthentication (IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, OUT UINT8 *AuthState, IN UINT8 ValidSlotId, IN BOOLEAN IsValidCertChain, IN BOOLEAN RootCertMatch, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
VOID EFIAPI	InternalDumpData (CONST UINT8 *Data, UINTN Size)

Detailed Description

EDKII Device Security library for SPDM device. It follows the SPDM Specification.

Copyright (c) 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file SpdmSecurityLibInternal.h.

Macro Definition Documentation

SPDM_DEVICE_CONTEXT_INSTANCE_FROM_LINK

#define SPDM_DEVICE_CONTEXT_INSTANCE_FROM_LINK

(

a

)

CR (a, SPDM_DEVICE_CONTEXT_INSTANCE, Link, SPDM_DEVICE_CONTEXT_INSTANCE_SIGNATURE)

Definition at line 69 of file SpdmSecurityLibInternal.h.

SPDM_DEVICE_CONTEXT_INSTANCE_SIGNATURE

#define SPDM_DEVICE_CONTEXT_INSTANCE_SIGNATURE   SIGNATURE_32 ('S', 'D', 'C', 'S')

Definition at line 68 of file SpdmSecurityLibInternal.h.

SPDM_DEVICE_CONTEXT_SIGNATURE

#define SPDM_DEVICE_CONTEXT_SIGNATURE   SIGNATURE_32 ('S', 'P', 'D', 'C')

Definition at line 41 of file SpdmSecurityLibInternal.h.

Function Documentation

CreateDeviceMeasurementContext()

EFI_STATUS EFIAPI CreateDeviceMeasurementContext	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		IN OUT VOID *	DeviceContext,
		IN UINTN	DeviceContextSize
	)

This function creates the SPDM device measurement context for TCG SPDM event.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
	[in,OUT]	DeviceContext The TCG SPDM device measurement context.
[in]	DeviceContextSize	The size of TCG SPDM device measurement context.

Return values

EFI_SUCCESS	The TCG SPDM device measurement context is returned.
EFI_UNSUPPORTED	The TCG SPDM device measurement context is unsupported.

This function creates the SPDM device measurement context for TCG SPDM event.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[in,out]	DeviceContext	The TCG SPDM device measurement context.
[in]	DeviceContextSize	The size of TCG SPDM device measurement context.

Return values

EFI_SUCCESS	The TCG SPDM device measurement context is returned.
EFI_UNSUPPORTED	The TCG SPDM device measurement context is unsupported.

Definition at line 122 of file SpdmMeasurement.c.

CreateSpdmDeviceContext()

SPDM_DEVICE_CONTEXT *EFIAPI CreateSpdmDeviceContext	(	IN EDKII_SPDM_DEVICE_INFO *	SpdmDeviceInfo,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

This function creates the spdm device context and init connection to the responder with the device info.

Parameters

[in]	SpdmDeviceInfo	A pointer to device info.
[out]	SecurityState	A pointer to the security state of the requester.

Returns

the spdm device conext after the init connection succeeds.

Definition at line 167 of file SpdmConnectionInit.c.

DestroySpdmDeviceContext()

VOID EFIAPI DestroySpdmDeviceContext

(

IN SPDM_DEVICE_CONTEXT *

SpdmDeviceContext

)

This function destories the spdm device context.

Parameters

[in]

SpdmDeviceContext

A pointer to device info.

Definition at line 460 of file SpdmConnectionInit.c.

DoDeviceAuthentication()

EFI_STATUS EFIAPI DoDeviceAuthentication	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		OUT UINT8 *	AuthState,
		IN UINT8	ValidSlotId,
		IN BOOLEAN	IsValidCertChain,
		IN BOOLEAN	RootCertMatch,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

This function does authentication.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[out]	AuthState	The auth state of the devices.
[in]	ValidSlotId	The number of slot for the certificate chain.
[out]	SecurityState	The security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

This function does authentication.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[out]	AuthState	The auth state of the devices.
[in]	ValidSlotId	The number of slot for the certificate chain.
[in]	IsValidCertChain	Indicate the validity of CertChain
[in]	RootCertMatch	Indicate the match or mismatch for Rootcert
[out]	SecurityState	The security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 618 of file SpdmAuthentication.c.

DoDeviceCertificate()

EFI_STATUS EFIAPI DoDeviceCertificate	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		OUT UINT8 *	AuthState,
		OUT UINT8 *	ValidSlotId,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState,
		OUT BOOLEAN *	IsValidCertChain,
		OUT BOOLEAN *	RootCertMatch
	)

This function gets SPDM digest and certificates.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[out]	AuthState	The auth state of the devices.
[out]	ValidSlotId	The number of slot for the certificate chain.
[out]	SecurityState	The security state of the requester.
[out]	IsValidCertChain	The validity of the certificate chain.
[out]	RootCertMatch	The authority of the certificate chain.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 497 of file SpdmAuthentication.c.

DoDeviceMeasurement()

EFI_STATUS EFIAPI DoDeviceMeasurement	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		IN UINT8	SlotId,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

This function executes SPDM measurement and extend to TPM.

Parameters

[in]

SpdmDeviceContext

The SPDM context for the device.

This function gets SPDM measurement and extend to TPM.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[in]	SlotId	The number of slot id of the certificate.
[out]	SecurityState	A poniter to security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 504 of file SpdmMeasurement.c.

ExtendCertificate()

EFI_STATUS ExtendCertificate	(	IN SPDM_DEVICE_CONTEXT *	SpdmDeviceContext,
		IN UINT8	AuthState,
		IN UINTN	CertChainSize,
		IN UINT8 *	CertChain,
		IN VOID *	TrustAnchor,
		IN UINTN	TrustAnchorSize,
		IN UINT8	SlotId,
		OUT EDKII_DEVICE_SECURITY_STATE *	SecurityState
	)

Extend Certicate and auth state to NV Index and measure trust anchor to PCR.

Parameters

[in]	SpdmDeviceContext	The SPDM context for the device.
[in]	AuthState	The auth state of this deice.
[in]	CertChainSize	The size of cert chain.
[in]	CertChain	A pointer to a destination buffer to store the certificate chain.
[in]	TrustAnchor	A buffer to hold the trust_anchor which is used to validate the peer certificate, if not NULL.
[in]	TrustAnchorSize	A buffer to hold the trust_anchor_size, if not NULL..
[in]	SlotId	The number of slot for the certificate chain.
[out]	SecurityState	A pointer to the security state of the requester.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_OUT_OF_RESOURCES	Out of memory.
EFI_DEVICE_ERROR	The operation was unsuccessful.

Definition at line 107 of file SpdmAuthentication.c.

GetDeviceMeasurementContextSize()

UINTN EFIAPI GetDeviceMeasurementContextSize

(

IN SPDM_DEVICE_CONTEXT *

SpdmDeviceContext

)

This function returns the SPDM device measurement context size for TCG SPDM event.

Parameters

[in]

SpdmDeviceContext

The SPDM context for the device.

Returns

TCG SPDM device measurement context size

Definition at line 45 of file SpdmMeasurement.c.

GetSpdmDeviceType()

UINT32 EFIAPI GetSpdmDeviceType

(

IN SPDM_DEVICE_CONTEXT *

SpdmDeviceContext

)

This function returns the SPDM device type for TCG SPDM event.

Parameters

[in]

SpdmDeviceContext

The SPDM context for the device.

Returns

TCG SPDM device type

Definition at line 21 of file SpdmMeasurement.c.

GetSpdmIoProtocolViaSpdmContext()

VOID *EFIAPI GetSpdmIoProtocolViaSpdmContext

(

IN VOID *

SpdmContext

)

get Spdm Io protocol from Context list via spdm context.

Parameters

[in]

SpdmContext

The SPDM context of the requester.

return a pointer to the Spdm Io protocol.

Definition at line 55 of file SpdmConnectionInit.c.

InternalDumpData()

VOID EFIAPI InternalDumpData	(	CONST UINT8 *	Data,
		UINTN	Size
	)

This function dump raw data.

Parameters

data	raw data
size	raw data size

This function dumps data.

Parameters

[in]	Data	A pointer to Data.
[in]	Size	The size of Data.

Definition at line 148 of file SpdmMeasurement.c.