DeviceSecurityPkg: test exceed LIBSPDM_MAX_ROOT_CERT_SUPPORT. #337
Commits on Oct 25, 2022
-
-
-
MdePkg/Include: Add SPDM1.1 support.
Signed-off-by: Jiewen Yao <[email protected]>
-
Signed-off-by: Jiewen Yao <[email protected]> Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: Add Tpm2NvExtend() support.
Signed-off-by: Qi Zhang <[email protected]>
-
Add a new test config: trust anchor is not in device security policy …
…database. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
some measurement is not correct for auth success.
Signed-off-by: Qi Zhang <[email protected]>
-
Add three new test configs: DeviceSecurityPolicy is Authentication On…
…ly, DeviceSecurityPolicy is Measurement Only, DeviceSecurityPolicy is None of Authentication and Measurement. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
update Tcg2DumpLog and DeployCert.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg/HashLibBaseCryptoRouter: extend whole digest to NV index.
Signed-off-by: Qi Zhang <[email protected]>
-
Fix data structure definition.
Signed-off-by: Jiewen Yao <[email protected]>
-
Signed-off-by: Jiewen Yao <[email protected]>
-
signature database should include root certificate not cert chain.
Signed-off-by: Qi Zhang <[email protected]>
-
fix the failure of TestSpdm().
Signed-off-by: Qi Zhang <[email protected]>
-
Clean up Device Auth definition.
Signed-off-by: Jiewen Yao <[email protected]>
-
update NV attribute according to PTP spec.
Signed-off-by: Qi Zhang <[email protected]>
-
Add a new test config: the device reports that the measurement conten…
…t has been modified again. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
only request GENERATE SIGNATURE for measurement when authenticated.
Signed-off-by: Qi Zhang <[email protected]>
-
update the version of NV_INDEX_INSTANCE_EVENT_LOG_STRUCT and NV_INDEX…
…_DYNAMIC_EVENT_LOG_STRUCT. Signed-off-by: Qi Zhang <[email protected]>
-
check SubHeaderLength for Tcg event log dump.
Signed-off-by: Qi Zhang <[email protected]>
-
1. Set SPDM requester support more algorithms default. 2. Add a new t…
…est config: Set SPDM responder support RSASSA_3072 and SHA_384 default. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
udpate Device Security with Crypt lib.
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Fix ValidateCryptRsa2( ) function fail when running Cryptest.efi
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
update Crypt test, remove ValidateCryptPkcs7Ec().
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Update RsaVerify from RSA1024 to RSA2048, fix ValidateCryptRsa( ) fun…
…ction fail when running Cryptest.efi Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Add a new test config: Set SPDM responder support RSASSA_4096 and SHA…
…_512 default. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Add a new test config: Set SPDM responder support ECDSA_ECC_NIST_P256…
… and SHA_256 default. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Add a new test config: Set SPDM responder support ECDSA_ECC_NIST_P384…
… and SHA_384 default. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Add a new test config: Set SPDM responder support ECDSA_ECC_NIST_P521…
… and SHA_512 default. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Add test configs to test PCI DOE.
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
If the Responder does not support MEASUREMENTS response capabilities,…
… it should set zero to its MeasurementSpecification and MeasurementHashAlgo field. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
Add two test configs: Set SPDM responder support SECP_256_R1 and AES_…
…256_GCM default. Set SPDM responder support SECP_521_R1 and CHACHA20_POLY1305 default. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
DeviceSecurityPkg: Update CryptlibStub with X509.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: sync libspdm 2.2.0.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: update with libspdm 2.2.0.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: platform_lib of os_stub.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: memlib of os_stub.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: cryptlib of os_stub.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: spdm stub code refine.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: Pass GCC build.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: define LIBSPDM_STDINT_ALT.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: undo SpdmLibStub.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: Uncrustify alignment.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: wrap RsaPkcs1Verify and RsaPkcs1Sign.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: add some NULL pointer check.
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
DeviceSecurityPkg: update with X509 upstream.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: remove unused file.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: spdm return type is libspdm_return_t.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: reconfig Include layout.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: fix a typo.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: fix build error.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: include OpensslLibFull lib for EC enabled.
As CryptoPkg discarded PcdOpensslEcEnabled. Signed-off-by: Qi Zhang <[email protected]>
Commits on Nov 2, 2022
-
DeviceSecurityPkg: reconfig includes.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Nov 4, 2022
-
DeviceSecurityPkg: Requester Nonce is needed.
Set requester_nonce_in to null and let libspdm to create requester nonce. Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: set PcrIndex and EventType for No Data.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Nov 8, 2022
-
DeviceSecurityPkg: get Sig Measurement without CHAL_CAP.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: enum slot id for GET_CERTIFICATE.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: Add a new test config.
1. Requester does not provision root CA of responder. 2. Provision certificate chain to responder. 3. Responder does not support Challenge capability. 4. Get measurement with signature. Signed-off-by: Zhao, Zhiqiang <[email protected]>
Commits on Nov 10, 2022
-
DeviceSecurityPkg: support multiple cert in Database
Signed-off-by: Qi Zhang <[email protected]>
Commits on Nov 11, 2022
-
DeviceSecurityPkg: handle ContentChanged case for measurement.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: Add test different certificate chains.
1. Provision a valid certificate chain without trust anchor to slot_0 of responder. 2. Provision a valid certificate chain with trust anchor to slot_1 of responder. 3. Authentication will select slot_1 to do later CHALLENGE and GET_MEASUREMENTS. 4. StartSession with slot_1. Signed-off-by: Zhao, Zhiqiang <[email protected]>
Commits on Nov 15, 2022
-
DeviceSecurityPkg: Record SlotId in Data.
Per PFP spec, Record NvIndex DEV_SEC (AUTH_FAIL_INVALID, TYPE: CertChain, Data:SlotId) Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: return SecurityState.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: test SignatureType is not EFI_CERT_X509_GUID.
1. there is only one SignatureList in database. 2. in SignatureList, the SignatureType is gEfiCertSha256Guid, not gEfiCertX509Guid. 3. Finally requester will not provision root CA of responder. 4. GetCertificate pass, but RootCert not match and no TrustAnchor. Signed-off-by: Zhao, Zhiqiang <[email protected]>
Commits on Nov 22, 2022
-
DeviceSecurityPkg: measurement with AUTH_FAIL_INVALID and No Data.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: SubheaderUID for each responder.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: check return value of libspdm.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Nov 23, 2022
-
DeviceSecurityPkg: remove TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1
Signed-off-by: Qi Zhang <[email protected]>
Commits on Nov 30, 2022
-
DeviceSecurityPkg: measure signature db to PCR 1.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: create SPDM Uid from volatile variable.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: record signature db full status.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Dec 5, 2022
-
DeviceSecurityPkg: test SPDM_MESSAGE_VERSION_11.
1. Set SPDM responder only support SPDM_MESSAGE_VERSION_11. 2. Do later device authentication and measurement successfully. Signed-off-by: Zhao, Zhiqiang <[email protected]>
-
DeviceSecurityPkg: test SPDM_MESSAGE_VERSION_10.
1. Set SPDM responder only support SPDM_MESSAGE_VERSION_10. 2. Do later device authentication and measurement successfully. 3. SPDM 1.0 does not support KEY_EXCHANGE or PSK_EXCHANGE, so skip. Signed-off-by: Zhao, Zhiqiang <[email protected]>
Commits on Dec 12, 2022
-
remove libspdm from DeviceSecurityPkg.
Signed-off-by: Qi Zhang <[email protected]>
-
DeviceSecurityPkg: move SpdmLib to SecurityPkg.
Signed-off-by: Qi Zhang <[email protected]>
-
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: add SpdmLib of libspdm wrapper.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: add OsStub lib to support libspdm.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: add SpdmSecurityLib.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: add definition of signature database devdb.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: add defintion of DeviceSecurityPolicy.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: update dec&dsc file for SPDM.
Signed-off-by: Qi Zhang <[email protected]>
-
MdePkg: add Tcg Spdm definition.
Signed-off-by: Qi Zhang <[email protected]>
-
SecurityPkg: update YAML to ignore the Ecc errors of spdm.
Signed-off-by: Qi Zhang <[email protected]>
-
.pytool/CISettings.py: add libspdm submodule.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Dec 13, 2022
-
DeviceSecurityPkg: rename to DeviceSecurityTestPkg.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Dec 14, 2022
-
SecurityPkg/DeviceSecurity: fix signature parsing issue.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Dec 16, 2022
-
SecurityPkg/DeviceSecurity: fix possible memory leak.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Dec 19, 2022
-
SecurityPkg/DeviceSecurity: Record Nonc for No Trust Anchor case.
Signed-off-by: Qi Zhang <[email protected]>
Commits on Dec 21, 2022
-
DeviceSecurityTestPkg: Test LIBSPDM_MAX_ROOT_CERT_SUPPORT.
1. there is only one SignatureList in database. 2. The total number of RootCert in database exceed the LIBSPDM_MAX_ROOT_CERT_SUPPORT. 3. Then fail to set multiple root certificates as trust anchors in SPDM context. 4. Finally fail to create a connection with the SPDM device and extend some error in PCR. Signed-off-by: Zhao, Zhiqiang <[email protected]>