feat(da): add libspdm version 3.3.0
libspdm is a sample implementation that follows the DMTF SPDM
specifications DSP0274 [1].
libspdm project provides libraries that RMM imports as an interface
library named rmm-lib-spdm_requester to implement SPMD requester.
There are few patch files added in libspdm for below changes:
- Includes mbedtls headers, config file from RMM Mbed TLS
- Compiles cryptlib_mbedtls library with RMM Mbed TLS config
[1] https://www.dmtf.org/dsp/DSP0274
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I977877de39d6fca65c4a6e03ed679221c8a4bb47
diff --git a/.gitignore b/.gitignore
index abbfa14..2b859d9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@
*~
*.patch
*.swp
+ext/libspdm
diff --git a/cmake/CommonConfigs.cmake b/cmake/CommonConfigs.cmake
index d8c3e68..2d57c8c 100644
--- a/cmake/CommonConfigs.cmake
+++ b/cmake/CommonConfigs.cmake
@@ -59,6 +59,12 @@
TYPE STRING
DEFAULT 1)
+arm_config_option(
+ NAME RMM_CCA_DA
+ HELP "Enable Device Assignment support in RMM (experimental)"
+ TYPE BOOL
+ DEFAULT OFF)
+
#
# Introduce a pseudo-library purely for applying flags to RMM's libraries.
# This is applied to any targets created after this point.
@@ -126,4 +132,10 @@
target_compile_definitions(rmm-common
INTERFACE "COMMIT_INFO=\"${COMMIT_INFO}\"")
+if(RMM_CCA_DA)
+ message(WARNING "DA is an experimental feature")
+ target_compile_definitions(rmm-common
+ INTERFACE "RMM_CCA_DA=1")
+endif()
+
link_libraries(rmm-common)
diff --git a/configs/libspdm/0001-cryptlib_mbedtls-use-external-Mbed-TLS.patch b/configs/libspdm/0001-cryptlib_mbedtls-use-external-Mbed-TLS.patch
new file mode 100644
index 0000000..1282d5d
--- /dev/null
+++ b/configs/libspdm/0001-cryptlib_mbedtls-use-external-Mbed-TLS.patch
@@ -0,0 +1,58 @@
+From dc3ce817bb479bdf1317c68e5496b93dbbbcb310 Mon Sep 17 00:00:00 2001
+From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+Date: Wed, 3 Apr 2024 14:13:44 +0100
+Subject: [PATCH] cryptlib_mbedtls: use external Mbed TLS
+
+Do not include mbedtls headers files from libspdm fork of Mbed TLS.
+This change is RMM specific, for building cryptlib_mbedtls library
+from RMM.
+
+crt_wrapper_host.c: duplicate symbols
+Rename mbedtls_platform_zeroize as it conflicts with RMM MbedTLS
+
+Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+---
+ os_stub/cryptlib_mbedtls/CMakeLists.txt | 9 ---------
+ os_stub/cryptlib_mbedtls/sys_call/crt_wrapper_host.c | 2 +-
+ 2 files changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/os_stub/cryptlib_mbedtls/CMakeLists.txt b/os_stub/cryptlib_mbedtls/CMakeLists.txt
+index fc87e2cf54..0e8e2248d2 100644
+--- a/os_stub/cryptlib_mbedtls/CMakeLists.txt
++++ b/os_stub/cryptlib_mbedtls/CMakeLists.txt
+@@ -9,10 +9,6 @@ INCLUDE_DIRECTORIES(${LIBSPDM_DIR}/include
+ ${LIBSPDM_DIR}/os_stub/include
+ ${LIBSPDM_DIR}/os_stub
+ ${LIBSPDM_DIR}/os_stub/cryptlib_mbedtls
+- ${LIBSPDM_DIR}/os_stub/mbedtlslib/include
+- ${LIBSPDM_DIR}/os_stub/mbedtlslib/include/mbedtls
+- ${LIBSPDM_DIR}/os_stub/mbedtlslib/mbedtls/include
+- ${LIBSPDM_DIR}/os_stub/mbedtlslib/mbedtls/include/mbedtls
+ )
+
+ SET(src_cryptlib_mbedtls
+@@ -48,8 +44,3 @@ if(CMAKE_SYSTEM_NAME MATCHES "Windows")
+ TARGET_COMPILE_OPTIONS(cryptlib_mbedtls PRIVATE /wd4090 /wd4200)
+ endif()
+ endif()
+-
+-if(MBEDTLS_CONFIG_FILE)
+-else()
+- TARGET_COMPILE_DEFINITIONS(cryptlib_mbedtls PRIVATE -DMBEDTLS_CONFIG_FILE=<libspdm_mbedtls_config.h>)
+-endif()
+diff --git a/os_stub/cryptlib_mbedtls/sys_call/crt_wrapper_host.c b/os_stub/cryptlib_mbedtls/sys_call/crt_wrapper_host.c
+index 9ce520c7c5..72decdba7d 100644
+--- a/os_stub/cryptlib_mbedtls/sys_call/crt_wrapper_host.c
++++ b/os_stub/cryptlib_mbedtls/sys_call/crt_wrapper_host.c
+@@ -25,7 +25,7 @@ int my_snprintf(char *str, size_t size, const char *format, ...)
+ return 0;
+ }
+
+-void mbedtls_platform_zeroize(void *buf, size_t len)
++void my_mbedtls_platform_zeroize(void *buf, size_t len)
+ {
+ libspdm_zero_mem(buf, len);
+ }
+--
+2.39.2
+
diff --git a/configs/libspdm/rmm_libspdm_config.h b/configs/libspdm/rmm_libspdm_config.h
new file mode 100644
index 0000000..7640009
--- /dev/null
+++ b/configs/libspdm/rmm_libspdm_config.h
@@ -0,0 +1,172 @@
+/*
+ * SPDX-License-Identifier: BSD-3-Clause
+ * SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
+ */
+
+#ifndef LIBSPDM_CONFIG_H
+#define LIBSPDM_CONFIG_H
+
+/* Disable FIPS 140-3 mode. */
+#define LIBSPDM_FIPS_MODE 0
+
+/* Based on RMM build type, set libspdm DEBUG flag */
+#ifdef DEBUG
+#define LIBSPDM_DEBUG_ENABLE 1
+#else
+#define LIBSPDM_DEBUG_ENABLE 0
+#endif
+
+/*
+ * For a Requester this value specifies the maximum number of entries that
+ * libspdm will tolerate in a `VERSION` response before returning an error.
+ */
+#define LIBSPDM_MAX_VERSION_COUNT 5
+
+/*
+ * This value specifies the maximum size, in bytes, of the
+ * `PSK_EXCHANGE.PSKHint` field. Although RMM disables PSK capability, this
+ * macro mut be defined as libspdm_secured_message_context_t uses this macro.
+ */
+#define LIBSPDM_PSK_MAX_HINT_LENGTH 16
+
+/*
+ * This value specifies the maximum number of root certificates that libspdm
+ * can support.
+ */
+#define LIBSPDM_MAX_ROOT_CERT_SUPPORT 10
+
+/* Only one session per device is supported by RMM Specification */
+#define LIBSPDM_MAX_SESSION_COUNT 1
+
+/*
+ * This value specifies the maximum size, in bytes, of a certificate chain or
+ * measurements that can be stored in a libspdm context.
+ */
+#define LIBSPDM_MAX_CERT_CHAIN_SIZE 0x1000
+#define LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE 0x1000
+
+/*
+ * Partial certificates can be retrieved from a Responder and through multiple
+ * messages the complete certificate chain can be constructed. This value
+ * specifies the maximum size, in bytes, of a partial certificate that can be
+ * received.
+ */
+#define LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN 1024
+
+/*
+ * This value specifies whether libspdm will use a running calculation over the
+ * transcript, where requests and responses are discarded as they are
+ * cryptographically consumed, or whether libspdm will buffer the entire
+ * transcript before calculating the digest or signature.
+ */
+#define LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 0
+
+/* This can be set to 0 for the device which does not need X509 parser. */
+#define LIBSPDM_CERT_PARSE_SUPPORT 1
+
+/*
+ * Enable only the cryptography configuration that are required for SPDM
+ * requester for DA. todo: Disable more cryptography configuration.
+ */
+#define LIBSPDM_RSA_SSA_2048_SUPPORT 1
+#define LIBSPDM_RSA_SSA_3072_SUPPORT 1
+#define LIBSPDM_RSA_SSA_4096_SUPPORT 1
+
+#define LIBSPDM_RSA_PSS_2048_SUPPORT 1
+#define LIBSPDM_RSA_PSS_3072_SUPPORT 1
+#define LIBSPDM_RSA_PSS_4096_SUPPORT 1
+
+#define LIBSPDM_ECDSA_P256_SUPPORT 1
+#define LIBSPDM_ECDSA_P384_SUPPORT 1
+#define LIBSPDM_ECDSA_P521_SUPPORT 1
+
+#define LIBSPDM_SM2_DSA_P256_SUPPORT 0
+
+#define LIBSPDM_EDDSA_ED25519_SUPPORT 0
+#define LIBSPDM_EDDSA_ED448_SUPPORT 0
+
+#define LIBSPDM_FFDHE_2048_SUPPORT 1
+#define LIBSPDM_FFDHE_3072_SUPPORT 1
+#define LIBSPDM_FFDHE_4096_SUPPORT 1
+
+#define LIBSPDM_ECDHE_P256_SUPPORT 1
+#define LIBSPDM_ECDHE_P384_SUPPORT 1
+#define LIBSPDM_ECDHE_P521_SUPPORT 1
+
+#define LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 0
+
+#define LIBSPDM_AEAD_AES_128_GCM_SUPPORT 1
+#define LIBSPDM_AEAD_AES_256_GCM_SUPPORT 1
+
+#define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 1
+
+#define LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 0
+
+#define LIBSPDM_SHA256_SUPPORT 1
+#define LIBSPDM_SHA384_SUPPORT 1
+#define LIBSPDM_SHA512_SUPPORT 1
+
+#define LIBSPDM_SHA3_256_SUPPORT 0
+#define LIBSPDM_SHA3_384_SUPPORT 0
+#define LIBSPDM_SHA3_512_SUPPORT 0
+
+#define LIBSPDM_SM3_256_SUPPORT 0
+
+/* Enable only the capabilities that are required for SPDM requester for DA */
+#define LIBSPDM_ENABLE_CAPABILITY_CERT_CAP 1
+#define LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP 1
+#define LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP 1
+#define LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 1
+#define LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_PSK_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX 0
+#define LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP 0
+#define LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP 0
+
+/* Required for IDE_KM and TDISP VDM messages */
+#define LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES 1
+
+/*
+ * If 1 then endpoint supports sending GET_CERTIFICATE and GET_DIGESTS requests.
+ */
+#define LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT 1
+
+/* If 1 then endpoint supports sending CHALLENGE request. */
+#define LIBSPDM_SEND_CHALLENGE_SUPPORT 0
+
+/*
+ * If 1 then endpoint supports sending the GET_SUPPORTED_EVENT_TYPES,
+ * SUBSCRIBE_EVENT_TYPES, and encapsulated EVENT_ACK messages. In addition,
+ * LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP must also be 1.
+ */
+#define LIBSPDM_EVENT_RECIPIENT_SUPPORT 0
+
+/*
+ * When LIBSPDM_RESPOND_IF_READY_SUPPORT is 0 then
+ * - For a Requester, if the Responder sends a ResponseNotReady ERROR response
+ * then the error is immediately returned to the Integrator. The Requester
+ * cannot send a RESPOND_IF_READY request.
+ * When LIBSPDM_RESPOND_IF_READY_SUPPORT is 1 then
+ * - For a Requester, if the Responder sends a ResponseNotReady ERROR response
+ * then libspdm waits an amount of time, as specified by the RDTExponent
+ * parameter, before sending RESPOND_IF_READY.
+ */
+#define LIBSPDM_RESPOND_IF_READY_SUPPORT 1
+
+/* Enable message logging. */
+#define LIBSPDM_ENABLE_MSG_LOG 0
+
+/* Enable libspdm configs macro checking during compilation. */
+#define LIBSPDM_CHECK_MACRO 1
+
+/* Enable checks to the SPDM context during runtime. */
+#define LIBSPDM_CHECK_SPDM_CONTEXT 1
+
+/* Enable passing the SPDM context to HAL functions. */
+#define LIBSPDM_HAL_PASS_SPDM_CONTEXT 0
+
+#endif /* LIBSPDM_CONFIG_H */
diff --git a/configs/mbedtls/rmm_mbedtls_config.h b/configs/mbedtls/rmm_mbedtls_config.h
index c0e1c17..b7f713d 100644
--- a/configs/mbedtls/rmm_mbedtls_config.h
+++ b/configs/mbedtls/rmm_mbedtls_config.h
@@ -14,6 +14,12 @@
* [1] https://github.com/Mbed-TLS/mbedtls/blob/v3.6.0/docs/3.0-migration-guide.md
*/
+#include <limits.h>
+/* This is needed for size_t */
+#include <stddef.h>
+/* For snprintf function declaration */
+#include <stdio.h>
+
/* This file is compatible with release 3.6.0 */
#define MBEDTLS_CONFIG_VERSION 0x03060000
@@ -89,8 +95,39 @@
#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
#endif
-/* This is needed for size_t used below */
-#include <stddef.h>
+/* Configs required by SPDM requester used by RMM_CCA_DA */
+#ifdef RMM_CCA_DA
+#define MBEDTLS_OID_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
+#define MBEDTLS_GENPRIME
+
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
+#define MBEDTLS_X509_CREATE_C
+#define MBEDTLS_X509_CSR_WRITE_C
+
+#define MBEDTLS_AES_C
+#define MBEDTLS_GCM_C
+
+#define MBEDTLS_CHACHA20_C
+#define MBEDTLS_POLY1305_C
+#define MBEDTLS_CHACHAPOLY_C
+
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_DHM_C
+
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif /* RMM_CCA_DA */
/*
* Declare memory allocation primitives to be used by MbedTLS
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 0424287..b02f788 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -290,6 +290,7 @@
RMM_HTML_COV_REPORT ,ON | OFF ,ON ,"Enable HTML output report for coverage analysis"
RMM_CBMC_VIEWER_OUTPUT ,ON | OFF ,OFF ,"Generate report of CBMC results using the tool cbmc-viewer"
RMM_CBMC_SINGLE_TESTBENCH , ,OFF ,"Run CBMC on a single testbench instead on all of them"
+ RMM_CCA_DA ,ON | OFF ,OFF ,"Enable Device Assignment support in RMM (experimental)"
.. _llvm_build:
diff --git a/docs/readme.rst b/docs/readme.rst
index 3278e46..0383d1c 100644
--- a/docs/readme.rst
+++ b/docs/readme.rst
@@ -71,8 +71,9 @@
The `TF-RMM`_ project requires to be linked with certain other 3rd party
projects and they are to be cloned from their repositories into ``ext`` folder
-before building. The projects are `MbedTLS`_, `t_cose`_, `QCBOR`_ and
-`CppUTest`_.
+before building. The projects are `MbedTLS`_, `t_cose`_, `QCBOR`_,
+`CppUTest`_ and `libspdm`_. `libspdm`_ repository is fetched during config phase
+when RMM_CCA_DA build option is enabled.
The project also contains files which are imported from other projects
into the source tree and may have a different license. Such files with
@@ -128,5 +129,6 @@
.. _License and Copyright for Contributions: https://tf-rmm.readthedocs.io/en/latest/process/contributing.html#license-and-copyright-for-contributions
.. _Contributor's Guide: https://tf-rmm.readthedocs.io/en/latest/process/contributing.html
.. _CppUTest: https://github.com/cpputest/cpputest.git
+.. _libspdm: https://github.com/DMTF/libspdm.git
.. _Trusted Firmware: https://www.trustedfirmware.org/
.. _TF-RMM: https://www.trustedfirmware.org/projects/tf-rmm/
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 974c95f..ac8aa28 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -39,3 +39,8 @@
add_subdirectory("slot_buf")
add_subdirectory("t_cose")
add_subdirectory("xlat")
+
+if(RMM_CCA_DA)
+ target_link_libraries(rmm-lib INTERFACE rmm-lib-spdm_requester)
+ add_subdirectory("spdm_requester")
+endif()
diff --git a/lib/mbedtls/CMakeLists.txt b/lib/mbedtls/CMakeLists.txt
index ee0977c..b100e06 100644
--- a/lib/mbedtls/CMakeLists.txt
+++ b/lib/mbedtls/CMakeLists.txt
@@ -49,7 +49,6 @@
EXCLUDE_FROM_ALL)
endif()
-# Include targets mbedcrypto
add_library(rmm-mbedtls INTERFACE)
target_include_directories(rmm-mbedtls INTERFACE
"${RMM_SOURCE_DIR}/configs/mbedtls"
@@ -57,9 +56,17 @@
target_compile_definitions(rmm-mbedtls INTERFACE
"-DMBEDTLS_CONFIG_FILE=<rmm_mbedtls_config.h>")
-target_include_directories(mbedcrypto PUBLIC
- "${RMM_SOURCE_DIR}/configs/mbedtls"
- "${MBEDTLS_SRC_DIR}/include")
-target_compile_definitions(mbedcrypto PUBLIC
- "-DMBEDTLS_CONFIG_FILE=<rmm_mbedtls_config.h>")
-target_link_libraries(rmm-mbedtls INTERFACE mbedcrypto)
+# Include targets mbedcrypto, mbedx509
+set(MBEDTLS_LIBS mbedcrypto)
+if(RMM_CCA_DA)
+ list(APPEND MBEDTLS_LIBS mbedx509)
+endif()
+
+foreach(MBEDTLS_LIB IN ITEMS ${MBEDTLS_LIBS})
+ target_include_directories(${MBEDTLS_LIB} PUBLIC
+ "${RMM_SOURCE_DIR}/configs/mbedtls"
+ "${MBEDTLS_SRC_DIR}/include")
+ target_compile_definitions(${MBEDTLS_LIB} PUBLIC
+ "-DMBEDTLS_CONFIG_FILE=<rmm_mbedtls_config.h>")
+ target_link_libraries(rmm-mbedtls INTERFACE ${MBEDTLS_LIB})
+endforeach()
diff --git a/lib/spdm_requester/CMakeLists.txt b/lib/spdm_requester/CMakeLists.txt
new file mode 100644
index 0000000..22ac101
--- /dev/null
+++ b/lib/spdm_requester/CMakeLists.txt
@@ -0,0 +1,98 @@
+#
+# SPDX-License-Identifier: BSD-3-Clause
+# SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
+#
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/tools/common")
+include(GitUtils)
+include(FetchContent)
+
+# Skip rmm-lib-spdm_requester from CMBC analysis
+if(RMM_CBMC_STATIC_ANALYSIS)
+ add_library(rmm-lib-spdm_requester INTERFACE)
+ return()
+endif()
+
+#
+# Git clone libspdm. We manually clone instead of adding this as a submodule
+# because adding libspdm as a submodule causes recursive clone to fetch all
+# dependency projects by libspdm.
+#
+# LIBSPDM_SHA points to v3.3.0 + mbedtls 3.6.0
+#
+set(LIBSPDM_URL "https://github.com/DMTF/libspdm.git")
+set(LIBSPDM_SHA "e5eb4484705fb3fb5cd25e773477c456096bd837")
+set(LIBSPDM_SRC "${RMM_SOURCE_DIR}/ext/libspdm")
+
+FetchContent_Declare(libspdm
+ GIT_REPOSITORY ${LIBSPDM_URL}
+ GIT_TAG ${LIBSPDM_SHA}
+ SOURCE_DIR ${LIBSPDM_SRC}
+ GIT_SUBMODULES ""
+ GIT_PROGRESS 1)
+
+FetchContent_GetProperties(libspdm)
+if(NOT libspdm_POPULATED)
+ message("Fetching: ${LIBSPDM_URL} SHA: ${LIBSPDM_SHA}")
+ FetchContent_Populate(libspdm)
+ message("libspdm SRC: ${LIBSPDM_SRC}")
+endif()
+
+# Set LIBSPDM_DIR. Note: This variable is used by libspdm CMake.
+# libspdm is fetched to ext/libspdm in RMM source.
+set(LIBSPDM_DIR ${LIBSPDM_SRC})
+set(LIBSPDM_BIN_DIR "${CMAKE_BINARY_DIR}/ext/libspdm")
+set(MBEDTLS_SRC_DIR "${RMM_SOURCE_DIR}/ext/mbedtls")
+
+# Apply RMM specific patches to libspdm once cloned.
+set(LIBSPDM_PATCH_DIR "${RMM_SOURCE_DIR}/configs/libspdm")
+set(LIBSPDM_PATCH_FILES
+ "${LIBSPDM_PATCH_DIR}/0001-cryptlib_mbedtls-use-external-Mbed-TLS.patch"
+ )
+Git_Apply_Patches(${LIBSPDM_DIR} "${LIBSPDM_PATCH_FILES}")
+
+#
+# This compiles libraries in ext/libspdm project to add SPDM requester protocol
+# support in RMM.
+#
+add_library(rmm-lib-spdm_requester INTERFACE)
+
+# Set libspdm config file
+set(LIBSPDM_CONFIG "LIBSPDM_CONFIG=<rmm_libspdm_config.h>")
+
+# Below are the list of core SPDM libraries required for requester side protocol.
+set(SOURCE_DIRS
+ ${LIBSPDM_DIR}/library/spdm_common_lib
+ ${LIBSPDM_DIR}/library/spdm_crypt_lib
+ ${LIBSPDM_DIR}/library/spdm_requester_lib
+ ${LIBSPDM_DIR}/library/spdm_secured_message_lib)
+
+#
+# Below are the list of os_stub libraries in libspdm that LIBSPDM_CORE_LIBS
+# depends on.
+#
+set(SOURCE_DIRS
+ ${SOURCE_DIRS}
+ ${LIBSPDM_DIR}/os_stub/cryptlib_mbedtls
+ ${LIBSPDM_DIR}/os_stub/memlib)
+
+# Add all source directories
+foreach(SOURCE_DIR IN LISTS SOURCE_DIRS)
+ # Get the library basename
+ get_filename_component(SPDM_LIB "${SOURCE_DIR}" NAME)
+
+ # Add the source directory
+ add_subdirectory(${SOURCE_DIR} ${LIBSPDM_BIN_DIR}/${SPDM_LIB})
+
+ target_include_directories(${SPDM_LIB} PRIVATE
+ "${RMM_SOURCE_DIR}/configs/libspdm"
+ "${RMM_SOURCE_DIR}/configs/mbedtls"
+ "${MBEDTLS_SRC_DIR}/include")
+ target_compile_definitions(${SPDM_LIB} PRIVATE
+ ${LIBSPDM_CONFIG}
+ "-DMBEDTLS_CONFIG_FILE=<rmm_mbedtls_config.h>")
+ target_compile_options(${SPDM_LIB} PRIVATE
+ "-Wno-incompatible-pointer-types")
+
+ target_link_libraries(rmm-lib-spdm_requester INTERFACE ${SPDM_LIB})
+endforeach()