From: Alistair Francis <alistair23@gmail.com>
To: htafr <htafreit@gmail.com>
Cc: qemu-devel@nongnu.org, pbonzini@redhat.com
Subject: Re: [PATCH 0/1] Insert LibSPDM in QEMU enabling in-tree compilation
Date: Thu, 17 Oct 2024 14:00:35 +1000 [thread overview]
Message-ID: <CAKmqyKPUUgF1tLKCFF1FiT5HHEDDDg+=Yha2e38wSto4mKh_BA@mail.gmail.com> (raw)
In-Reply-To: <20241016163439.1130168-1-htafreit@gmail.com>
On Thu, Oct 17, 2024 at 2:35 AM htafr <htafreit@gmail.com> wrote:
>
> (I) Summary
> ===========================================================================
>
> This patch is the beginning of the support of the Security Protocol and
> Data Model (SPDM). There are some known issues (see II), but it's
> usable and not many users are going to use this functionality for now,
> but for those who will it may facilitate the development.
>
> There are some people working with LibSPDM to implement the SPDM on
> emulated devices, however current works that use QEMU compile LibSPDM
> out-of-tree [1][2][3]. This patch enables the compilation of LibSPDM when
> user pass the parameter '--enable-libspdm' to configure file, this option
> is disabled by default. The following parameters were also added:
>
> --libspdm-crypto=CHOICE set LibSPDM crypto algorithm [mbedtls] (choices:
> mbedtls/openssl)
> --libspdm-toolchain=VALUE
> toolchain to use for LibSPDM compilation [GCC]
>
> In order to facilitate future code development using LibSPDM API, this
> patch also provides the definition of the macro 'CONFIG_LIBSPDM'.
We have talked about this before, see
https://patchew.org/QEMU/cover.1691509717.git.alistair.francis@wdc.com/
The general agreement seemed to be that it will be hard to do SPDM
configuration inside QEMU, hence the external library (like the QEMU
TPM support).
>
>
> (II) Known Limitations
> ===========================================================================
>
> 1. This patch enables LibSPDM in-tree compilation for Linux systems only.
> 2. LibSPDM compilation uses CMake, so meson build system is making use
> of the CMake module [4].
> 3. Some problems may occur when compiling LibSPDM with MbedTls such as:
> error: "_GNU_SOURCE" redefined [-Werror]
> 10 | #define _GNU_SOURCE
>
> It's possible to compile using --disable-werror.
>
> (III) Sample configuration
> ===========================================================================
>
> ../configure \
> --disable-werror \
> --enable-libspdm \
> --libspdm-crypto=mbedtls \
> --enable-gcov
>
> References:
> [1] riscv-spdm
> Link: https://github.com/htafr/riscv-spdm
> [2] spdm-benchmark
> Link: https://github.com/rcaalves/spdm-benchmark
> [3] qemu-spdm-emulation-guide
> Link: https://github.com/twilfredo/qemu-spdm-emulation-guide
This one has been merged upstream and mainline QEMU supports it now:
https://www.qemu.org/docs/master/specs/spdm.html
Alistair
next prev parent reply other threads:[~2024-10-17 4:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-16 16:34 [PATCH 0/1] Insert LibSPDM in QEMU enabling in-tree compilation htafr
2024-10-16 16:34 ` [PATCH 1/1] libspdm: insert LibSPDM as subproject htafr
2024-10-17 4:00 ` Alistair Francis [this message]
2024-10-17 9:59 ` [PATCH 0/1] Insert LibSPDM in QEMU enabling in-tree compilation Daniel P. Berrangé
2024-10-17 13:37 ` Ágatha Freitas
2024-10-17 13:41 ` Daniel P. Berrangé
2024-10-18 2:30 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKmqyKPUUgF1tLKCFF1FiT5HHEDDDg+=Yha2e38wSto4mKh_BA@mail.gmail.com' \
--to=alistair23@gmail.com \
--cc=htafreit@gmail.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).