Add 1.3 erase certificate feature for `SET_CERTIFICATE` by Wenxing-hou · Pull Request #2433 · DMTF/libspdm

Wenxing-hou · 2023-11-14T14:18:29Z

Add new 1.3 erase cert feature for set_certifcate;
Add unit_test for erase cert feature;

The code has passed the unit_test.

Wenxing-hou · 2023-12-12T02:17:27Z

@steven-bellock Hi Steven, could you review again? I have fixed the code based on your feedback.

steven-bellock · 2023-12-12T14:22:04Z

@Wenxing-hou the comment in https://github.com/DMTF/libspdm/pull/2433/files#r1400951233 is still valid. If the message was sent in a session then libspdm can check the exact size, else it cannot.

Wenxing-hou · 2023-12-18T02:00:35Z

@Wenxing-hou the comment in https://github.com/DMTF/libspdm/pull/2433/files#r1400951233 is still valid. If the message was sent in a session then libspdm can check the exact size, else it cannot.

Thanks. I have fixed the code based on the feedback.

Wenxing-hou · 2023-12-27T03:43:26Z

And I have added the table in code comment:

libspdm/include/internal/libspdm_responder_lib.h

Lines 678 to 690 in 02bed09

    
            *   |   Cert State in Slot  | Req(KeyPairID,CertMode) | Req(Erase) |   Res(KeyPairID,CertMode)   |           Action         | 
        
            *   |-----------------------|-------------------------|------------|-----------------------------|--------------------------| 
        
            *   |        Not exist      |            -            |      -     |              -              |           Invalid        | 
        
            *   |     exist and empty   |          Valid          |      No    |           Not exist         |          Provision       | 
        
            *   |     exist and empty   |          Valid          |      Yes   |           Not exist         |           Invalid        | 
        
            *   |     exist with key    |          Valid          |      No    |   KeyPairID/CertMode match  |          Provision       | 
        
            *   |     exist with key    |          Valid          |      Yes   |   KeyPairID/CertMode match  |           Invalid        | 
        
            *   |     exist with key    |          Valid          |      No    | KeyPairID/CertMode not match|    Invalid(or OverWrite) | 
        
            *   |     exist with key    |          Valid          |      Yes   | KeyPairID/CertMode not match|           Invalid        | 
        
            *   |exist with key and cert|          Valid          |      No    |   KeyPairID/CertMode match  |    Invalid(or OverWrite) | 
        
            *   |exist with key and cert|          Valid          |      Yes   |   KeyPairID/CertMode match  |           Erase Cert     | 
        
            *   |exist with key and cert|          Valid          |      No    | KeyPairID/CertMode not match|           Invalid        | 
        
            *   |exist with key and cert|          Valid          |      Yes   | KeyPairID/CertMode not match|           Invalid        |

Fix the issue: DMTF#2292 Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>

Wenxing-hou force-pushed the sync_setcert_1.3 branch 2 times, most recently from c7a9f75 to 118fd69 Compare November 15, 2023 01:40

jyao1 reviewed Nov 15, 2023

View reviewed changes

Comment thread include/library/spdm_requester_lib.h Outdated

jyao1 reviewed Nov 15, 2023

View reviewed changes

Comment thread include/hal/library/responder/setcertlib.h Outdated

Wenxing-hou force-pushed the sync_setcert_1.3 branch 2 times, most recently from ad26d56 to 0a8f7b7 Compare November 16, 2023 07:45