SecurityPkg: Temporarily remove DeviceSecurity (and libspdm) from build

The SecurityPkg/DeviceSecurity/SpdmLib/libspdm submodule contains a unit_test/cmockalib/cmocka submodule to https://git.cryptomilk.org/projects/cmocka.git. cryptomilk.org is very unreliable and breaking all builds right now. Since the DeviceSecurity content is not actively used in any main branches, this change removes the libspdm submodule from the package which, in turn, leads to removal of the content dependent on the submodule. These changes are made such that this commit can be reverted in the future to easily restore everything after the libspdm submodule can find a more reliable host than cryptomilk.org. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
microsoft · May 22, 2024 · 11506d5 · 11506d5
1 parent 966c4ee
commit 11506d5
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 37 deletions.
diff --git a/.gitmodules b/.gitmodules
diff --git a/.markdownlintignore b/.markdownlintignore
@@ -7,5 +7,11 @@
 # Ignore cloned dependencies
 /MU_BASECORE
 
+# MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka
+#                    submodule in the libspdm submodule is stable
+#                    (on github)
 # Ignore libspdm submodule
-/SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+# /SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+# MU_CHANGE [END]: Remove SPDM from the build until the cmocka
+#                  submodule in the libspdm submodule is stable
+#                  (on github)
diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
@@ -171,8 +171,14 @@ def GetRequiredSubmodules(self):
         If no RequiredSubmodules return an empty iterable
         '''
         rs = []
-        rs.append(RequiredSubmodule(
-            "SecurityPkg/DeviceSecurity/SpdmLib/libspdm", False))
+        # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka
+        #                    submodule in the libspdm submodule is stable
+        #                    (on github)
+        # rs.append(RequiredSubmodule(
+        #     "SecurityPkg/DeviceSecurity/SpdmLib/libspdm", False))
+        # MU_CHANGE [END]: Remove SPDM from the build until the cmocka
+        #                  submodule in the libspdm submodule is stable
+        #                  (on github)
         return rs
 
     def GetName(self):

diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/libspdm b/SecurityPkg/DeviceSecurity/SpdmLib/libspdm
diff --git a/SecurityPkg/SecurityPkg.ci.yaml b/SecurityPkg/SecurityPkg.ci.yaml
@@ -68,7 +68,15 @@
     },
     "DscCompleteCheck": {
         "DscPath": "SecurityPkg.dsc",
-        "IgnoreInf": []
+        "IgnoreInf": [
+            # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka
+            #                    submodule in the libspdm submodule is stable
+            #                    (on github)
+            SecurityPkg/DeviceSecurity/**
+            # MU_CHANGE [END]: Remove SPDM from the build until the cmocka
+            #                  submodule in the libspdm submodule is stable
+            #                  (on github)
+        ]
     },
     ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck
     "HostUnitTestDscCompleteCheck": {
@@ -86,7 +94,13 @@
     "LibraryClassCheck": {
         "IgnoreHeaderFile": [
             "DeviceSecurity/SpdmLib/Include/library",
-            "DeviceSecurity/SpdmLib/libspdm/include/library",
+            # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka
+            #                    submodule in the libspdm submodule is stable
+            #                    (on github)
+            # "DeviceSecurity/SpdmLib/libspdm/include/library",
+            # MU_CHANGE [END]: Remove SPDM from the build until the cmocka
+            #                  submodule in the libspdm submodule is stable
+            #                  (on github)
         ],
         "skip": True
     },
@@ -148,9 +162,15 @@
             "loongson"
         ],
         "IgnoreStandardPaths": [],   # Standard Plugin defined paths that should be ignore
-        "IgnoreFiles": [
-          "DeviceSecurity/SpdmLib/libspdm"
-        ],
+        # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka
+        #                    submodule in the libspdm submodule is stable
+        #                    (on github)
+        # "IgnoreFiles": [
+        #   "DeviceSecurity/SpdmLib/libspdm"
+        # ],
+        # MU_CHANGE [END]: Remove SPDM from the build until the cmocka
+        #                  submodule in the libspdm submodule is stable
+        #                  (on github)
         "AdditionalIncludePaths": [] # Additional paths to spell check (wildcards supported)
     },
 

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
@@ -25,7 +25,13 @@
 
 [Includes.Common.Private]
   DeviceSecurity/SpdmLib/Include
-  DeviceSecurity/SpdmLib/libspdm/include
+  # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka
+  #                    submodule in the libspdm submodule is stable
+  #                    (on github)
+  # DeviceSecurity/SpdmLib/libspdm/include
+  # MU_CHANGE [END]: Remove SPDM from the build until the cmocka
+  #                  submodule in the libspdm submodule is stable
+  #                  (on github)
 
 [LibraryClasses]
   ##  @libraryclass  Provides hash interfaces from different implementations.

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
@@ -78,18 +78,22 @@
   SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
-  SpdmSecurityLib|SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
-  SpdmDeviceSecretLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
-  SpdmCryptLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
-  SpdmCommonLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
-  SpdmRequesterLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
-  SpdmResponderLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
-  SpdmSecuredMessageLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
-  SpdmTransportMctpLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
-  SpdmTransportPciDoeLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
-  CryptlibWrapper|SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
-  PlatformLibWrapper|SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
-  MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
+  # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka submodule in the
+  #                    libspdm submodule is stable (on github)
+  # SpdmSecurityLib|SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
+  # SpdmDeviceSecretLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
+  # SpdmCryptLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
+  # SpdmCommonLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
+  # SpdmRequesterLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
+  # SpdmResponderLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
+  # SpdmSecuredMessageLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
+  # SpdmTransportMctpLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
+  # SpdmTransportPciDoeLib|SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
+  # CryptlibWrapper|SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
+  # PlatformLibWrapper|SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
+  # MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
+  # MU_CHANGE [END]: Remove SPDM from the build until the cmocka submodule in the
+  #                  libspdm submodule is stable (on github)
   OemTpm2InitLib|SecurityPkg/Library/OemTpm2InitLibNull/OemTpm2InitLib.inf               ## MS_CHANGE_?
   SourceDebugEnabledLib|SourceLevelDebugPkg/Library/SourceDebugEnabled/SourceDebugEnabledLib.inf ## MS_CHANGE_?
   Hash2CryptoLib|SecurityPkg/Library/BaseHash2CryptoLibNull/BaseHash2CryptoLibNull.inf   ## MU_CHANGE
@@ -314,18 +318,22 @@
   #
   # SPDM
   #
-  SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
-  SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
-  SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
-  SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
-  SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
+  # MU_CHANGE [BEGIN]: Remove SPDM from the build until the cmocka submodule in the
+  #                    libspdm submodule is stable (on github)
+  # SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf
+  # SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf
+  # SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf
+  # SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
+  # SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
+  # MU_CHANGE [END]: Remove SPDM from the build until the cmocka submodule in the
+  #                  libspdm submodule is stable (on github)
 
 [Components.IA32, Components.X64]
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf