From 0321f030ea917acd0b0de689df3b943661bf120a Mon Sep 17 00:00:00 2001
From: Liqi Qi <liqiqi@microsoft.com>
Date: Thu, 15 May 2025 13:20:09 -0700
Subject: [PATCH] SPDM related fix based on real hardware testing - SecurityPkg

Implemented SPDM functionality on real hardware, and here is the bug fix in SecurityPkg.

Signed-off-by: Liqi Qi <liqiqi@microsoft.com>
---
 .../DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c   | 4 +++-
 .../DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c   | 8 ++++++++
 SecurityPkg/SecurityPkg.dec                               | 2 --
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
index 86cf9b225c..0b2a90a2bb 100644
--- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
+++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
@@ -565,7 +565,9 @@ DoDeviceCertificate (
       ZeroMem (CertChain, sizeof (CertChain));
       SpdmReturn = SpdmGetCertificateEx (SpdmContext, NULL, SlotId, &CertChainSize, CertChain, (CONST VOID **)&TrustAnchor, &TrustAnchorSize);
       if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) {
-        *IsValidCertChain = TRUE;
+        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_SUCCESS;
+        *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS;
+        *IsValidCertChain                  = TRUE;
         break;
       } else if (SpdmReturn == LIBSPDM_STATUS_VERIF_FAIL) {
         *IsValidCertChain                  = FALSE;
diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
index d61aa01698..ad908be9ce 100644
--- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
+++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c
@@ -418,6 +418,14 @@ CreateSpdmDeviceContext (
     goto Error;
   }
 
+  Data8 = SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
+  SpdmSetData (SpdmContext, SpdmDataOtherParamsSupport, &Parameter, &Data8, sizeof (Data8));
+  if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
+    DEBUG ((DEBUG_ERROR, "SpdmSetDataOtherParamsSupport - %p\n", SpdmReturn));
+    ASSERT (FALSE);
+    goto Error;
+  }
+
   SpdmReturn = SpdmInitConnection (SpdmContext, FALSE);
   if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
     DEBUG ((DEBUG_ERROR, "SpdmInitConnection - %p\n", SpdmReturn));
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 1a5152daba..696a94b871 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -22,8 +22,6 @@
 [Includes]
   Include
   Test/Mock/Include
-
-[Includes.Common.Private]
   DeviceSecurity/SpdmLib/Include
   DeviceSecurity/SpdmLib/libspdm/include