@@ -43,3 +43,6 @@
[submodule "tests/lcitool/libvirt-ci"]
path = tests/lcitool/libvirt-ci
url = https://gitlab.com/libvirt/libvirt-ci.git
+[submodule "subprojects/libspdm"]
+ path = subprojects/libspdm
+ url = https://github.com/DMTF/libspdm.git
@@ -23,6 +23,9 @@ config IVSHMEM
config TPM
bool
+config SPDM
+ bool
+
config FDT
bool
@@ -17,6 +17,7 @@ not_found = dependency('', required: false)
keyval = import('keyval')
ss = import('sourceset')
fs = import('fs')
+cmake = import('cmake')
host_os = host_machine.system()
config_host = keyval.load(meson.current_build_dir() / 'config-host.mak')
@@ -163,6 +164,10 @@ have_tpm = get_option('tpm') \
.require(host_os != 'windows', error_message: 'TPM emulation only available on POSIX systems') \
.allowed()
+have_libspdm = get_option('libspdm') \
+ .require(host_os == 'linux', error_message: 'LibSPDM is supported only on Linux') \
+ .allowed()
+
# vhost
have_vhost_user = get_option('vhost_user') \
.disable_auto_if(host_os != 'linux') \
@@ -280,6 +285,65 @@ if host_os != 'darwin'
modular_tcg = ['i386-softmmu', 'x86_64-softmmu']
endif
+libspdm_dep_targets = [
+ 'debuglib',
+ 'malloclib',
+ 'memlib',
+ 'platform_lib',
+ 'rnglib',
+ 'spdm_cert_verify_callback_sample',
+ 'spdm_common_lib',
+ 'spdm_crypt_ext_lib',
+ 'spdm_crypt_lib',
+ 'spdm_device_secret_lib_sample',
+ 'spdm_requester_lib',
+ 'spdm_responder_lib',
+ 'spdm_secured_message_lib',
+ 'spdm_transport_mctp_lib',
+ 'spdm_transport_pcidoe_lib',
+ ]
+
+if cpu not in supported_cpus
+ libspdm_host_arch = 'unknown'
+ message(f'LibSPDM will not compile with CMake defines: -DARCH=@libspdm_host_arch@')
+elif cpu == 'x86_64'
+ libspdm_host_arch = 'x64'
+elif cpu == 'x86'
+ libspdm_host_arch = 'ia32'
+elif cpu == 'arm'
+ libspdm_host_arch = 'arm'
+elif cpu == 'aarch64'
+ libspdm_host_arch = 'aarch64'
+else
+ libspdm_host_arch = cpu
+endif
+
+if get_option('debug')
+ libspdm_target = 'Debug'
+else
+ libspdm_target = 'Release'
+endif
+
+if get_option('libspdm-crypto') == 'openssl'
+ libspdm_dep_targets += [
+ 'cryptlib_openssl',
+ 'openssllib',
+ ]
+elif get_option('libspdm-crypto') == 'mbedtls'
+ libspdm_dep_targets += [
+ 'cryptlib_mbedtls',
+ 'mbedcrypto',
+ 'mbedtls',
+ 'mbedx509',
+ ]
+endif
+
+if get_option('b_coverage')
+ libspdm_gcov = 'ON'
+else
+ libspdm_gcov = 'OFF'
+endif
+
##################
# Compiler flags #
##################
@@ -2409,6 +2473,7 @@ if get_option('tcg').allowed()
config_host_data.set('CONFIG_TCG', 1)
config_host_data.set('CONFIG_TCG_INTERPRETER', tcg_arch == 'tci')
endif
+config_host_data.set('CONFIG_LIBSPDM', have_libspdm)
config_host_data.set('CONFIG_TPM', have_tpm)
config_host_data.set('CONFIG_TSAN', get_option('tsan'))
config_host_data.set('CONFIG_USB_LIBUSB', libusb.found())
@@ -3310,6 +3375,23 @@ if have_libvduse
libvduse = libvduse_proj.get_variable('libvduse_dep')
endif
+spdm = []
+if have_libspdm
+ libspdm_opt = cmake.subproject_options()
+ libspdm_opt.add_cmake_defines({'ARCH': libspdm_host_arch, \
+ 'TOOLCHAIN': get_option('libspdm-toolchain'), \
+ 'TARGET': libspdm_target, \
+ 'CRYPTO': get_option('libspdm-crypto'), \
+ 'DISABLE_TESTS': 1, \
+ 'GCOV': libspdm_gcov, \
+ 'BUILD_LINUX_SHARED_LIB': 'ON'})
+ libspdm_proj = cmake.subproject('libspdm', options: libspdm_opt)
+
+ foreach dep : libspdm_dep_targets
+ spdm += libspdm_proj.dependency(dep)
+ endforeach
+endif
+
#####################
# Generated sources #
#####################
@@ -3892,6 +3974,7 @@ common_ss.add(hwcore)
###########
system_ss.add(authz, blockdev, chardev, crypto, io, qmp)
+system_ss.add(when: spdm, if_true: spdm)
common_ss.add(qom, qemuutil)
common_ss.add_all(when: 'CONFIG_SYSTEM_ONLY', if_true: [system_ss])
@@ -4574,6 +4657,7 @@ summary_info += {'AF_ALG support': have_afalg}
summary_info += {'rng-none': get_option('rng_none')}
summary_info += {'Linux keyring': have_keyring}
summary_info += {'Linux keyutils': keyutils}
+summary_info += {'LibSPDM algorithm': get_option('libspdm-crypto')}
summary(summary_info, bool_yn: true, section: 'Crypto')
# UI
@@ -376,3 +376,11 @@ option('x86_version', type : 'combo', choices : ['0', '1', '2', '3', '4'], value
option('rust', type: 'feature', value: 'disabled',
description: 'Rust support')
+
+option('libspdm', type: 'feature', value: 'disabled',
+ description: 'LibSPDM support')
+option('libspdm-crypto', type: 'combo', value: 'mbedtls',
+ choices: ['mbedtls', 'openssl'],
+ description: 'set LibSPDM crypto algorithm')
+option('libspdm-toolchain', type: 'string', value: 'GCC',
+ description: 'toolchain to use for LibSPDM compilation')
@@ -1,17 +1,18 @@
#! /bin/sh
if test $# = 0; then
- exit 0
+ exit 0
fi
# Create list of config switches that should be poisoned in common code,
# but filter out several which are handled manually.
exec sed -n \
- -e' /CONFIG_TCG/d' \
- -e '/CONFIG_USER_ONLY/d' \
- -e '/CONFIG_SOFTMMU/d' \
- -e '/^#define / {' \
- -e 's///' \
- -e 's/ .*//' \
- -e 's/^/#pragma GCC poison /p' \
- -e '}' "$@" | sort -u
+ -e' /CONFIG_TCG/d' \
+ -e '/CONFIG_USER_ONLY/d' \
+ -e '/CONFIG_SOFTMMU/d' \
+ -e '/CONFIG_SPDM/d' \
+ -e '/^#define / {' \
+ -e 's///' \
+ -e 's/ .*//' \
+ -e 's/^/#pragma GCC poison /p' \
+ -e '}' "$@" | sort -u
@@ -62,6 +62,10 @@ meson_options_help() {
printf "%s\n" ' cpu name [/usr/gnemul/qemu-%M]'
printf "%s\n" ' --libdir=VALUE Library directory [system default]'
printf "%s\n" ' --libexecdir=VALUE Library executable directory [libexec]'
+ printf "%s\n" ' --libspdm-crypto=CHOICE set LibSPDM crypto algorithm [mbedtls] (choices:'
+ printf "%s\n" ' mbedtls/openssl)'
+ printf "%s\n" ' --libspdm-toolchain=VALUE'
+ printf "%s\n" ' toolchain to use for LibSPDM compilation [GCC]'
printf "%s\n" ' --localedir=VALUE Locale data directory [share/locale]'
printf "%s\n" ' --localstatedir=VALUE Localstate data directory [/var/local]'
printf "%s\n" ' --mandir=VALUE Manual page directory [share/man]'
@@ -139,6 +143,7 @@ meson_options_help() {
printf "%s\n" ' libkeyutils Linux keyutils support'
printf "%s\n" ' libnfs libnfs block device driver'
printf "%s\n" ' libpmem libpmem support'
+ printf "%s\n" ' libspdm LibSPDM support'
printf "%s\n" ' libssh ssh block device support'
printf "%s\n" ' libudev Use libudev to enumerate host devices'
printf "%s\n" ' libusb libusb support for USB passthrough'
@@ -372,6 +377,10 @@ _meson_option_parse() {
--disable-libnfs) printf "%s" -Dlibnfs=disabled ;;
--enable-libpmem) printf "%s" -Dlibpmem=enabled ;;
--disable-libpmem) printf "%s" -Dlibpmem=disabled ;;
+ --enable-libspdm) printf "%s" -Dlibspdm=enabled ;;
+ --disable-libspdm) printf "%s" -Dlibspdm=disabled ;;
+ --libspdm-crypto=*) quote_sh "-Dlibspdm-crypto=$2" ;;
+ --libspdm-toolchain=*) quote_sh "-Dlibspdm-toolchain=$2" ;;
--enable-libssh) printf "%s" -Dlibssh=enabled ;;
--disable-libssh) printf "%s" -Dlibssh=disabled ;;
--enable-libudev) printf "%s" -Dlibudev=enabled ;;
Signed-off-by: htafr <htafreit@gmail.com> --- .gitmodules | 3 ++ Kconfig.host | 3 ++ meson.build | 84 +++++++++++++++++++++++++++++++++++ meson_options.txt | 8 ++++ scripts/make-config-poison.sh | 19 ++++---- scripts/meson-buildoptions.sh | 9 ++++ 6 files changed, 117 insertions(+), 9 deletions(-)