SecurityPkg: Added SecurityPkg to CI.

This commit is contained in:
Mikhail Krichanov 2024-11-01 17:15:11 +03:00 committed by MikhailKrichanov
parent 5036d5bd58
commit 14db728651
7 changed files with 99 additions and 39 deletions

View File

@ -135,6 +135,15 @@ jobs:
SKIP_TESTS: 1 SKIP_TESTS: 1
SKIP_PACKAGE: 1 SKIP_PACKAGE: 1
- name: Build SecurityPkg
if: always()
run: ./efibuild.sh
env:
SELFPKG: SecurityPkg
ARCHS: IA32,X64
SKIP_TESTS: 1
SKIP_PACKAGE: 1
build-windows: build-windows:
name: Windows VS2019 name: Windows VS2019
runs-on: windows-latest runs-on: windows-latest
@ -249,6 +258,15 @@ jobs:
SKIP_TESTS: 1 SKIP_TESTS: 1
SKIP_PACKAGE: 1 SKIP_PACKAGE: 1
- name: Build SecurityPkg
if: always()
run: ./efibuild.sh
env:
SELFPKG: SecurityPkg
ARCHS: IA32,X64
SKIP_TESTS: 1
SKIP_PACKAGE: 1
build-linux-clangpdb: build-linux-clangpdb:
name: Linux CLANGPDB name: Linux CLANGPDB
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -373,6 +391,18 @@ jobs:
SKIP_TESTS: 1 SKIP_TESTS: 1
SKIP_PACKAGE: 1 SKIP_PACKAGE: 1
- name: Build SecurityPkg
if: always()
run: docker compose run build-package
env:
SELFPKG: SecurityPkg
SELFPKG_DIR: SecurityPkg
TOOLCHAINS: CLANGPDB
ARCHS: IA32,X64
TARGETS: RELEASE,DEBUG,NOOPT
SKIP_TESTS: 1
SKIP_PACKAGE: 1
build-linux-clangdwarf: build-linux-clangdwarf:
name: Linux CLANGDWARF name: Linux CLANGDWARF
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -497,6 +527,18 @@ jobs:
SKIP_TESTS: 1 SKIP_TESTS: 1
SKIP_PACKAGE: 1 SKIP_PACKAGE: 1
- name: Build SecurityPkg
if: always()
run: docker compose run build-package
env:
SELFPKG: SecurityPkg
SELFPKG_DIR: SecurityPkg
TOOLCHAINS: CLANGDWARF
ARCHS: IA32,X64
TARGETS: RELEASE,DEBUG,NOOPT
SKIP_TESTS: 1
SKIP_PACKAGE: 1
build-linux-gcc5: build-linux-gcc5:
name: Linux GCC name: Linux GCC
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -620,3 +662,15 @@ jobs:
TARGETS: RELEASE,DEBUG,NOOPT TARGETS: RELEASE,DEBUG,NOOPT
SKIP_TESTS: 1 SKIP_TESTS: 1
SKIP_PACKAGE: 1 SKIP_PACKAGE: 1
- name: Build SecurityPkg
if: always()
run: docker compose run build-package
env:
SELFPKG: SecurityPkg
SELFPKG_DIR: SecurityPkg
TOOLCHAINS: GCC
ARCHS: IA32,X64
TARGETS: RELEASE,DEBUG,NOOPT
SKIP_TESTS: 1
SKIP_PACKAGE: 1

View File

@ -61,7 +61,7 @@
| $${\color{lightblue}RedfishPkg/}$$ | | $${\color{lightblue}RedfishPkg/}$$ |
| RedfishPkg.dsc | IA32 X64 ARM AARCH64 RISCV64 | DEBUG RELEASE NOOPT | ❓ | ❌ | | RedfishPkg.dsc | IA32 X64 ARM AARCH64 RISCV64 | DEBUG RELEASE NOOPT | ❓ | ❌ |
| $${\color{lightblue}SecurityPkg/}$$ | | $${\color{lightblue}SecurityPkg/}$$ |
| SecurityPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | | ❌ | | SecurityPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | GCC CLANGDWARF CLANGPDB VS2019 XCODE5 | ❌ |
| Test/SecurityPkgHostTest.dsc | IA32 X64 | NOOPT | ❓ | ❌ | | Test/SecurityPkgHostTest.dsc | IA32 X64 | NOOPT | ❓ | ❌ |
| $${\color{lightblue}ShellPkg/}$$ | | $${\color{lightblue}ShellPkg/}$$ |
| ShellPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | ❓ | ❌ | | ShellPkg.dsc | IA32 X64 EBC ARM AARCH64 RISCV64 LOONGARCH64 | DEBUG RELEASE NOOPT | ❓ | ❌ |

View File

@ -43,3 +43,8 @@
BaseCryptLib BaseCryptLib
RngLib RngLib
MemLibWrapper MemLibWrapper
[BuildOptions]
CLANGPDB:*_*_*_CC_FLAGS = -Wno-non-literal-null-conversion
GCC:*_*_*_CC_FLAGS = -Wno-non-literal-null-conversion
XCODE:*_*_*_CC_FLAGS = -Wno-non-literal-null-conversion

View File

@ -136,9 +136,9 @@ ExtendCertificate (
EventLog = NULL; EventLog = NULL;
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationConnection; Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection;
DataSize = sizeof (BaseHashAlgo); DataSize = sizeof (BaseHashAlgo);
Status = SpdmGetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &BaseHashAlgo, &DataSize); Status = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataBaseHashAlgo, &Parameter, &BaseHashAlgo, &DataSize);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
DeviceContextSize = GetDeviceMeasurementContextSize (SpdmDeviceContext); DeviceContextSize = GetDeviceMeasurementContextSize (SpdmDeviceContext);
@ -520,9 +520,9 @@ DoDeviceCertificate (
SpdmContext = SpdmDeviceContext->SpdmContext; SpdmContext = SpdmDeviceContext->SpdmContext;
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationConnection; Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection;
DataSize = sizeof (CapabilityFlags); DataSize = sizeof (CapabilityFlags);
SpdmReturn = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); SpdmReturn = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize);
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
@ -641,9 +641,9 @@ DoDeviceAuthentication (
SpdmContext = SpdmDeviceContext->SpdmContext; SpdmContext = SpdmDeviceContext->SpdmContext;
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationConnection; Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection;
DataSize = sizeof (CapabilityFlags); DataSize = sizeof (CapabilityFlags);
SpdmReturn = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); SpdmReturn = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize);
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;

View File

@ -338,8 +338,8 @@ CreateSpdmDeviceContext (
DataSize = DbList->SignatureSize - sizeof (EFI_GUID); DataSize = DbList->SignatureSize - sizeof (EFI_GUID);
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationLocal; Parameter.location = (libspdm_data_location_t)SpdmDataLocationLocal;
SpdmReturn = SpdmSetData (SpdmContext, SpdmDataPeerPublicRootCert, &Parameter, Data, DataSize); SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataPeerPublicRootCert, &Parameter, Data, DataSize);
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
if (SpdmReturn == LIBSPDM_STATUS_BUFFER_FULL) { if (SpdmReturn == LIBSPDM_STATUS_BUFFER_FULL) {
Status = RecordConnectionFailureStatus ( Status = RecordConnectionFailureStatus (
@ -366,22 +366,22 @@ CreateSpdmDeviceContext (
Data8 = 0; Data8 = 0;
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationLocal; Parameter.location = (libspdm_data_location_t)SpdmDataLocationLocal;
SpdmReturn = SpdmSetData (SpdmContext, SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof (Data8)); SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof (Data8));
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
ASSERT (FALSE); ASSERT (FALSE);
goto Error; goto Error;
} }
Data32 = 0; Data32 = 0;
SpdmReturn = SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32));
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
ASSERT (FALSE); ASSERT (FALSE);
goto Error; goto Error;
} }
Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF;
SpdmReturn = SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8));
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
ASSERT (FALSE); ASSERT (FALSE);
goto Error; goto Error;
@ -398,7 +398,7 @@ CreateSpdmDeviceContext (
SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521; SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521;
} }
SpdmReturn = SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32));
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
ASSERT (FALSE); ASSERT (FALSE);
goto Error; goto Error;
@ -412,7 +412,7 @@ CreateSpdmDeviceContext (
SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512;
} }
SpdmReturn = SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); SpdmReturn = SpdmSetData (SpdmContext, (libspdm_data_type_t)SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32));
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
ASSERT (FALSE); ASSERT (FALSE);
goto Error; goto Error;
@ -433,9 +433,9 @@ CreateSpdmDeviceContext (
} }
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationConnection; Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection;
DataSize = sizeof (Data16); DataSize = sizeof (Data16);
SpdmReturn = SpdmGetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &Data16, &DataSize); SpdmReturn = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataSpdmVersion, &Parameter, &Data16, &DataSize);
if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
DEBUG ((DEBUG_ERROR, "SpdmGetData - %p\n", SpdmReturn)); DEBUG ((DEBUG_ERROR, "SpdmGetData - %p\n", SpdmReturn));
goto Error; goto Error;

View File

@ -209,9 +209,9 @@ ExtendMeasurement (
EventLog = NULL; EventLog = NULL;
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationConnection; Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection;
DataSize = sizeof (MeasurementHashAlgo); DataSize = sizeof (MeasurementHashAlgo);
Status = SpdmGetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &MeasurementHashAlgo, &DataSize); Status = SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataMeasurementHashAlgo, &Parameter, &MeasurementHashAlgo, &DataSize);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
if (MeasurementRecord != NULL) { if (MeasurementRecord != NULL) {
@ -531,9 +531,9 @@ DoDeviceMeasurement (
SpdmContext = SpdmDeviceContext->SpdmContext; SpdmContext = SpdmDeviceContext->SpdmContext;
ZeroMem (&Parameter, sizeof (Parameter)); ZeroMem (&Parameter, sizeof (Parameter));
Parameter.location = SpdmDataLocationConnection; Parameter.location = (libspdm_data_location_t)SpdmDataLocationConnection;
DataSize = sizeof (CapabilityFlags); DataSize = sizeof (CapabilityFlags);
SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); SpdmGetData (SpdmContext, (libspdm_data_type_t)SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize);
if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG) == 0) { if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG) == 0) {
AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG; AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG;

View File

@ -59,10 +59,10 @@ Tpm2GetAlgoFromHashMask (
@retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
@retval EFI_OUT_OF_RESOURCES No enough resource to start hash. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
HashStart ( HashStart (
OUT VOID **HashHandle OUT HASH_HANDLE *HashHandle
) )
{ {
TPMI_DH_OBJECT SequenceHandle; TPMI_DH_OBJECT SequenceHandle;
@ -72,12 +72,13 @@ HashStart (
AlgoId = Tpm2GetAlgoFromHashMask (); AlgoId = Tpm2GetAlgoFromHashMask ();
Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle); Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle);
if (!EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
*HashHandle = (VOID *)(UINTN)SequenceHandle; return Status;
return TRUE;
} }
return FALSE; *HashHandle = (HASH_HANDLE)SequenceHandle;
return EFI_SUCCESS;
} }
/** /**
@ -89,11 +90,11 @@ HashStart (
@retval EFI_SUCCESS Hash sequence updated. @retval EFI_SUCCESS Hash sequence updated.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
HashUpdate ( HashUpdate (
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
IN CONST VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen IN UINTN DataToHashLen
) )
{ {
@ -108,9 +109,9 @@ HashUpdate (
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer); Buffer += sizeof (HashBuffer.buffer);
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)(UINTN)HashHandle, &HashBuffer); Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return FALSE; return Status;
} }
} }
@ -119,12 +120,12 @@ HashUpdate (
// //
HashBuffer.size = (UINT16)HashLen; HashBuffer.size = (UINT16)HashLen;
CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen); CopyMem (HashBuffer.buffer, Buffer, (UINTN)HashLen);
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)(UINTN)HashHandle, &HashBuffer); Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return FALSE; return Status;
} }
return TRUE; return EFI_SUCCESS;
} }
/** /**
@ -141,7 +142,7 @@ HashUpdate (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
HashCompleteAndExtend ( HashCompleteAndExtend (
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex, IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen, IN UINTN DataToHashLen,
@ -163,7 +164,7 @@ HashCompleteAndExtend (
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer)); CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer); Buffer += sizeof (HashBuffer.buffer);
Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)(UINTN)HashHandle, &HashBuffer); Status = Tpm2SequenceUpdate ((TPMI_DH_OBJECT)HashHandle, &HashBuffer);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
@ -181,13 +182,13 @@ HashCompleteAndExtend (
if (AlgoId == TPM_ALG_NULL) { if (AlgoId == TPM_ALG_NULL) {
Status = Tpm2EventSequenceComplete ( Status = Tpm2EventSequenceComplete (
PcrIndex, PcrIndex,
(TPMI_DH_OBJECT)(UINTN)HashHandle, (TPMI_DH_OBJECT)HashHandle,
&HashBuffer, &HashBuffer,
DigestList DigestList
); );
} else { } else {
Status = Tpm2SequenceComplete ( Status = Tpm2SequenceComplete (
(TPMI_DH_OBJECT)(UINTN)HashHandle, (TPMI_DH_OBJECT)HashHandle,
&HashBuffer, &HashBuffer,
&Result &Result
); );