Steven Bellock comments

Results 236 comments of


                                            Steven Bellock

Github Actions Warnings

#1290 seems to have fixed all the warning that we control. The warnings for CodeQL and the other actions we use should be fixed upstream. I will keep this issue...

All functions that access the cryptography module need to return libspdm_return_t

@steven-bellock to provide a proposal. May also propose an acquire / release pattern for accessing cryptography operations.

Have certificate parsing and processing be its own library

Related issues https://github.com/DMTF/libspdm/issues/184 https://github.com/DMTF/libspdm/issues/496

Have certificate parsing and processing be its own library

Hi @liyi77. Yes it would be something like this, although as you know we'd need to fix #1117 before this could be implemented. Also, we should have the requirement that...

Document libspdm requirements and assumptions for target compiler and system

Need a document in the doc/ folder that goes over assumptions.

Document libspdm requirements and assumptions for target compiler and system

libspdm also assumes that the underlying encoding of character constants is ASCII.

Document libspdm requirements and assumptions for target compiler and system

libspdm also assumes that the compiler supports `pragma pack`.

Improve VCA request / response validation

Also in `libspdm_try_get_version` we need to validate that the major / minor version numbers are legal; 1.0, 1.1, 1.2, etc.

Improve VCA request / response validation

In `NEGOTIATE_ALGORITHMS` libspdm needs to check `struct_table->alg_type`.

Need update export master secrete during key update.

[We talked about this at the VF2F ](https://github.com/DMTF/Security-TF/issues/1900) and it is considered implementation-defined behavior.