From 14db728651dcb697cd950c22db629d9423b7f8db Mon Sep 17 00:00:00 2001 From: Mikhail Krichanov Date: Fri, 1 Nov 2024 17:15:11 +0300 Subject: [PATCH] SecurityPkg: Added SecurityPkg to CI. --- .github/workflows/build_common.yml | 54 +++++++++++++++++++ STATUS.md | 2 +- .../DeviceSecurity/SpdmLib/SpdmCryptLib.inf | 5 ++ .../SpdmSecurityLib/SpdmAuthentication.c | 12 ++--- .../SpdmSecurityLib/SpdmConnectionInit.c | 20 +++---- .../SpdmSecurityLib/SpdmMeasurement.c | 8 +-- SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c | 37 ++++++------- 7 files changed, 99 insertions(+), 39 deletions(-) diff --git a/.github/workflows/build_common.yml b/.github/workflows/build_common.yml index 99b827b300..23b1cc29f3 100644 --- a/.github/workflows/build_common.yml +++ b/.github/workflows/build_common.yml @@ -135,6 +135,15 @@ jobs: SKIP_TESTS: 1 SKIP_PACKAGE: 1 + - name: Build SecurityPkg + if: always() + run: ./efibuild.sh + env: + SELFPKG: SecurityPkg + ARCHS: IA32,X64 + SKIP_TESTS: 1 + SKIP_PACKAGE: 1 + build-windows: name: Windows VS2019 runs-on: windows-latest @@ -249,6 +258,15 @@ jobs: SKIP_TESTS: 1 SKIP_PACKAGE: 1 + - name: Build SecurityPkg + if: always() + run: ./efibuild.sh + env: + SELFPKG: SecurityPkg + ARCHS: IA32,X64 + SKIP_TESTS: 1 + SKIP_PACKAGE: 1 + build-linux-clangpdb: name: Linux CLANGPDB runs-on: ubuntu-22.04 @@ -373,6 +391,18 @@ jobs: SKIP_TESTS: 1 SKIP_PACKAGE: 1 + - name: Build SecurityPkg + if: always() + run: docker compose run build-package + env: + SELFPKG: SecurityPkg + SELFPKG_DIR: SecurityPkg + TOOLCHAINS: CLANGPDB + ARCHS: IA32,X64 + TARGETS: RELEASE,DEBUG,NOOPT + SKIP_TESTS: 1 + SKIP_PACKAGE: 1 + build-linux-clangdwarf: name: Linux CLANGDWARF runs-on: ubuntu-22.04 @@ -497,6 +527,18 @@ jobs: SKIP_TESTS: 1 SKIP_PACKAGE: 1 + - name: Build SecurityPkg + if: always() + run: docker compose run build-package + env: + SELFPKG: SecurityPkg + SELFPKG_DIR: SecurityPkg + TOOLCHAINS: CLANGDWARF + ARCHS: IA32,X64 + TARGETS: RELEASE,DEBUG,NOOPT + SKIP_TESTS: 1 + SKIP_PACKAGE: 1 + build-linux-gcc5: name: Linux GCC runs-on: ubuntu-22.04 @@ -620,3 +662,15 @@ jobs: TARGETS: RELEASE,DEBUG,NOOPT SKIP_TESTS: 1 SKIP_PACKAGE: 1 + + - name: Build SecurityPkg + if: always() + run: docker compose run build-package + env: + SELFPKG: SecurityPkg + SELFPKG_DIR: SecurityPkg + TOOLCHAINS: GCC + ARCHS: IA32,X64 + TARGETS: RELEASE,DEBUG,NOOPT + SKIP_TESTS: 1 + SKIP_PACKAGE: 1 diff --git a/STATUS.md b/STATUS.md index 77589f54ca..c55c07dd37 100644 --- a/STATUS.md +++ b/STATUS.md @@ -61,7 +61,7 @@ | $${\color{lightblue}RedfishPkg/}$$ | | RedfishPkg.dsc | IA32 X64 ARM AARCH64 RISCV64 | DEBUG RELEASE NOOPT | ❓ | ❌ | | $${\color{lightblue}SecurityPkg/}$$ | -| SecurityPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | ❓ | ❌ | +| SecurityPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | GCC CLANGDWARF CLANGPDB VS2019 XCODE5 | ❌ | | Test/SecurityPkgHostTest.dsc | IA32 X64 | NOOPT | ❓ | ❌ | | $${\color{lightblue}ShellPkg/}$$ | | ShellPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | ❓ | ❌ | diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf index 5e91968576..11e65bc739 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf +++ b/SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf @@ -43,3 +43,8 @@ BaseCryptLib RngLib MemLibWrapper + +[BuildOptions] + CLANGPDB:*_*_*_CC_FLAGS = -Wno-non-literal-null-conversion + GCC:*_*_*_CC_FLAGS = -Wno-non-literal-null-conversion + XCODE:*_*_*_CC_FLAGS = -Wno-non-literal-null-conversion diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c index 86cf9b225c..3852025ec4 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c @@ -136,9 +136,9 @@ ExtendCertificate ( EventLog = NULL; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection; DataSize = sizeof (BaseHashAlgo); - Status = SpdmGetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &BaseHashAlgo, &DataSize); + Status = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataBaseHashAlgo, &Parameter, &BaseHashAlgo, &DataSize); ASSERT_EFI_ERROR (Status); DeviceContextSize = GetDeviceMeasurementContextSize (SpdmDeviceContext); @@ -520,9 +520,9 @@ DoDeviceCertificate ( SpdmContext = SpdmDeviceContext->SpdmContext; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection; DataSize = sizeof (CapabilityFlags); - SpdmReturn = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + SpdmReturn = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; return EFI_DEVICE_ERROR; @@ -641,9 +641,9 @@ DoDeviceAuthentication ( SpdmContext = SpdmDeviceContext->SpdmContext; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection; DataSize = sizeof (CapabilityFlags); - SpdmReturn = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + SpdmReturn = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; return EFI_DEVICE_ERROR; diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c index d61aa01698..962e906e4e 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c @@ -338,8 +338,8 @@ CreateSpdmDeviceContext ( DataSize = DbList->SignatureSize - sizeof (EFI_GUID); ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationLocal; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataPeerPublicRootCert, &Parameter, Data, DataSize); + Parameter.location = (libspdm_data_location_t)SpdmDataLocationLocal; + SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataPeerPublicRootCert, &Parameter, Data, DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (SpdmReturn == LIBSPDM_STATUS_BUFFER_FULL) { Status = RecordConnectionFailureStatus ( @@ -366,22 +366,22 @@ CreateSpdmDeviceContext ( Data8 = 0; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationLocal; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof (Data8)); + Parameter.location = (libspdm_data_location_t)SpdmDataLocationLocal; + SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof (Data8)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; } Data32 = 0; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); + SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; } Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); + SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; @@ -398,7 +398,7 @@ CreateSpdmDeviceContext ( SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521; } - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); + SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; @@ -412,7 +412,7 @@ CreateSpdmDeviceContext ( SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; } - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); + SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; @@ -433,9 +433,9 @@ CreateSpdmDeviceContext ( } ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection; DataSize = sizeof (Data16); - SpdmReturn = SpdmGetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &Data16, &DataSize); + SpdmReturn = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataSpdmVersion, &Parameter, &Data16, &DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { DEBUG ((DEBUG_ERROR, "SpdmGetData - %p\n", SpdmReturn)); goto Error; diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c index f94ec1e7bf..3eb33292bd 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c @@ -209,9 +209,9 @@ ExtendMeasurement ( EventLog = NULL; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection; DataSize = sizeof (MeasurementHashAlgo); - Status = SpdmGetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &MeasurementHashAlgo, &DataSize); + Status = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataMeasurementHashAlgo, &Parameter, &MeasurementHashAlgo, &DataSize); ASSERT_EFI_ERROR (Status); if (MeasurementRecord != NULL) { @@ -531,9 +531,9 @@ DoDeviceMeasurement ( SpdmContext = SpdmDeviceContext->SpdmContext; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection; DataSize = sizeof (CapabilityFlags); - SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG) == 0) { AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG; diff --git a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c index 91101ccd1f..6c82dac66b 100644 --- a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c +++ b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c @@ -59,10 +59,10 @@ Tpm2GetAlgoFromHashMask ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI HashStart ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { TPMI_DH_OBJECT SequenceHandle; @@ -72,12 +72,13 @@ HashStart ( AlgoId = Tpm2GetAlgoFromHashMask (); Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle); - if (!EFI_ERROR (Status)) { - *HashHandle = (VOID *)(UINTN)SequenceHandle; - return TRUE; + if (EFI_ERROR (Status)) { + return Status; } - return FALSE; + *HashHandle = (HASH_HANDLE)SequenceHandle; + + return EFI_SUCCESS; } /** @@ -89,11 +90,11 @@ HashStart ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ) { @@ -108,9 +109,9 @@ HashUpdate ( CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); Buffer += sizeof (HashBuffer.buffer); - Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)(UINTN)HashHandle, &HashBuffer); + Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer); if (EFI_ERROR (Status)) { - return FALSE; + return Status; } } @@ -119,12 +120,12 @@ HashUpdate ( // HashBuffer.size = (UINT16)HashLen; CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen); - Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)(UINTN)HashHandle, &HashBuffer); + Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer); if (EFI_ERROR (Status)) { - return FALSE; + return Status; } - return TRUE; + return EFI_SUCCESS; } /** @@ -141,7 +142,7 @@ HashUpdate ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, IN TPMI_DH_PCR PcrIndex, IN VOID *DataToHash, IN UINTN DataToHashLen, @@ -163,7 +164,7 @@ HashCompleteAndExtend ( CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); Buffer += sizeof (HashBuffer.buffer); - Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)(UINTN)HashHandle, &HashBuffer); + Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer); if (EFI_ERROR (Status)) { return EFI_DEVICE_ERROR; } @@ -181,13 +182,13 @@ HashCompleteAndExtend ( if (AlgoId == TPM_ALG_NULL) { Status = Tpm2EventSequenceComplete ( PcrIndex, - (TPMI_DH_OBJECT)(UINTN)HashHandle, + (TPMI_DH_OBJECT)HashHandle, &HashBuffer, DigestList ); } else { Status = Tpm2SequenceComplete ( - (TPMI_DH_OBJECT)(UINTN)HashHandle, + (TPMI_DH_OBJECT)HashHandle, &HashBuffer, &Result );