SPDM related fix based on real hardware testing - SecurityPkg

Implemented SPDM functionality on real hardware, and here is the bug fix in SecurityPkg.

Signed-off-by: Liqi Qi <liqiqi@microsoft.com>

SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c

@@ -565,7 +565,9 @@ DoDeviceCertificate (
       ZeroMem (CertChain, sizeof (CertChain));
       SpdmReturn = SpdmGetCertificateEx (SpdmContext, NULL, SlotId, &CertChainSize, CertChain, (CONST VOID **)&TrustAnchor, &TrustAnchorSize);
       if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) {
-        *IsValidCertChain = TRUE;
+        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_SUCCESS;
+        *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS;
+        *IsValidCertChain                  = TRUE;
         break;
       } else if (SpdmReturn == LIBSPDM_STATUS_VERIF_FAIL) {
         *IsValidCertChain                  = FALSE;

SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c

@@ -418,6 +418,14 @@ CreateSpdmDeviceContext (
     goto Error;
   }
 
+  Data8 = SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
+  SpdmSetData (SpdmContext, SpdmDataOtherParamsSupport, &Parameter, &Data8, sizeof (Data8));
+  if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
+    DEBUG ((DEBUG_ERROR, "SpdmSetDataOtherParamsSupport - %p\n", SpdmReturn));
+    ASSERT (FALSE);
+    goto Error;
+  }
+
   SpdmReturn = SpdmInitConnection (SpdmContext, FALSE);
   if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {
     DEBUG ((DEBUG_ERROR, "SpdmInitConnection - %p\n", SpdmReturn));

SecurityPkg/SecurityPkg.dec

@@ -22,8 +22,6 @@
 [Includes]
   Include
   Test/Mock/Include
-
-[Includes.Common.Private]
   DeviceSecurity/SpdmLib/Include
   DeviceSecurity/SpdmLib/libspdm/include