qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: Alistair Francis <alistair23@gmail.com>,
	marcel.apfelbaum@gmail.com, Jonathan.Cameron@Huawei.com,
	its@irrelevant.dk, mst@redhat.com, hchkuo@avery-design.com.tw,
	wilfred.mallawa@wdc.com, cbrowy@avery-design.com,
	kbusch@kernel.org, lukas@wunner.de, jiewen.yao@intel.com,
	qemu-devel@nongnu.org
Cc: Alistair Francis <alistair.francis@wdc.com>,
	qemu-block@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v5 2/3] backends: Initial support for SPDM socket support
Date: Thu, 7 Mar 2024 11:12:47 +0100	[thread overview]
Message-ID: <1f3fe77f-7139-4e40-a279-0f59771b96b4@linaro.org> (raw)
In-Reply-To: <20240307005859.356555-3-alistair.francis@wdc.com>

On 7/3/24 01:58, Alistair Francis wrote:
> From: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
> 
> SPDM enables authentication, attestation and key exchange to assist in
> providing infrastructure security enablement. It's a standard published
> by the DMTF [1].
> 
> SPDM supports multiple transports, including PCIe DOE and MCTP.
> This patch adds support to QEMU to connect to an external SPDM
> instance.
> 
> SPDM support can be added to any QEMU device by exposing a
> TCP socket to a SPDM server. The server can then implement the SPDM
> decoding/encoding support, generally using libspdm [2].
> 
> This is similar to how the current TPM implementation works and means
> that the heavy lifting of setting up certificate chains, capabilities,
> measurements and complex crypto can be done outside QEMU by a well
> supported and tested library.
> 
> 1: https://www.dmtf.org/standards/SPDM
> 2: https://github.com/DMTF/libspdm
> 
> Signed-off-by: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
> Signed-off-by: Chris Browy <cbrowy@avery-design.com>
> Co-developed-by: Jonathan Cameron <Jonathan.cameron@huawei.com>
> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> [ Changes by WM
>   - Bug fixes from testing
> ]
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> [ Changes by AF:
>   - Convert to be more QEMU-ified
>   - Move to backends as it isn't PCIe specific
> ]
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
>   MAINTAINERS                  |   6 +
>   include/sysemu/spdm-socket.h |  44 +++++++
>   backends/spdm-socket.c       | 216 +++++++++++++++++++++++++++++++++++
>   backends/Kconfig             |   4 +
>   backends/meson.build         |   2 +
>   5 files changed, 272 insertions(+)
>   create mode 100644 include/sysemu/spdm-socket.h
>   create mode 100644 backends/spdm-socket.c
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 4183f2f3ab..a07706c225 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -3395,6 +3395,12 @@ F: tests/qtest/*tpm*
>   F: docs/specs/tpm.rst
>   T: git https://github.com/stefanberger/qemu-tpm.git tpm-next
>   
> +SPDM
> +M: Alistair Francis <alistair.francis@wdc.com>
> +S: Maintained
> +F: backends/spdm-socket.c
> +F: include/sysemu/spdm-socket.h
> +
>   Checkpatch
>   S: Odd Fixes
>   F: scripts/checkpatch.pl
> diff --git a/include/sysemu/spdm-socket.h b/include/sysemu/spdm-socket.h
> new file mode 100644
> index 0000000000..24e6fccb83
> --- /dev/null
> +++ b/include/sysemu/spdm-socket.h
> @@ -0,0 +1,44 @@
> +/*
> + * QEMU SPDM socket support
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a copy
> + * of this software and associated documentation files (the "Software"), to deal
> + * in the Software without restriction, including without limitation the rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#ifndef SPDM_REQUESTER_H
> +#define SPDM_REQUESTER_H
> +
> +int spdm_socket_connect(uint16_t port, Error **errp);

Could we have a short description on what this function returns
and its arguments?

> +uint32_t spdm_socket_rsp(const int socket, uint32_t transport_type,
> +                         void *req, uint32_t req_len,
> +                         void *rsp, uint32_t rsp_len);

Ditto.

> +void spdm_socket_close(const int socket, uint32_t transport_type);
> +
> +#define SPDM_SOCKET_COMMAND_NORMAL                0x0001
> +#define SPDM_SOCKET_COMMAND_OOB_ENCAP_KEY_UPDATE  0x8001
> +#define SPDM_SOCKET_COMMAND_CONTINUE              0xFFFD
> +#define SPDM_SOCKET_COMMAND_SHUTDOWN              0xFFFE
> +#define SPDM_SOCKET_COMMAND_UNKOWN                0xFFFF
> +#define SPDM_SOCKET_COMMAND_TEST                  0xDEAD
> +
> +#define SPDM_SOCKET_TRANSPORT_TYPE_MCTP           0x01
> +#define SPDM_SOCKET_TRANSPORT_TYPE_PCI_DOE        0x02
> +
> +#define SPDM_SOCKET_MAX_MESSAGE_BUFFER_SIZE       0x1200
> +
> +#endif



  reply	other threads:[~2024-03-07 10:13 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-07  0:58 [PATCH v5 0/3] Initial support for SPDM Responders Alistair Francis
2024-03-07  0:58 ` [PATCH v5 1/3] hw/pci: Add all Data Object Types defined in PCIe r6.0 Alistair Francis
2024-03-07  0:58 ` [PATCH v5 2/3] backends: Initial support for SPDM socket support Alistair Francis
2024-03-07 10:12   ` Philippe Mathieu-Daudé [this message]
2024-03-07  0:58 ` [PATCH v5 3/3] hw/nvme: Add SPDM over DOE support Alistair Francis
2024-03-07 10:17   ` Philippe Mathieu-Daudé
2024-03-07  9:42 ` [PATCH v5 0/3] Initial support for SPDM Responders Jonathan Cameron via

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1f3fe77f-7139-4e40-a279-0f59771b96b4@linaro.org \
    --to=philmd@linaro.org \
    --cc=Jonathan.Cameron@Huawei.com \
    --cc=alistair.francis@wdc.com \
    --cc=alistair23@gmail.com \
    --cc=cbrowy@avery-design.com \
    --cc=hchkuo@avery-design.com.tw \
    --cc=its@irrelevant.dk \
    --cc=jiewen.yao@intel.com \
    --cc=kbusch@kernel.org \
    --cc=lukas@wunner.de \
    --cc=marcel.apfelbaum@gmail.com \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=wilfred.mallawa@wdc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).