transport: storage: add nvme support

Using the DSP0286, this patch adds support for communicating with an
NVMe device with the NVME admin SECURITY SEND/RECEIVE commands for SPDM.
`libnvme` is used to interact with the device specified.

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

Author: twilfredo

.github/workflows/ci.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Install dependencies
         run: |
           sudo apt-get update; \
-          sudo apt-get install -y cmake libclang-dev libpci-dev libssl-dev python3-dev gem; \
+          sudo apt-get install -y cmake libclang-dev libpci-dev libssl-dev python3-dev gem libnvme-dev; \
           sudo gem install cbor-diag;
 
       - name: Build libspdm

Cargo.toml

@@ -35,7 +35,6 @@ std = [
     "inquire",
     "page_size",
 ]
-page_size = ["dep:page_size"]
 
 [lib]
 name = "libspdm"
@@ -75,7 +74,7 @@ minicbor-derive = { version = "0.15", features = [
 ], optional = true }
 async-std = { version = "1.12", features = ["attributes"], optional = true }
 futures = { version = "0.3", optional = true }
-nix = { version = "0.29", features = ["user"], optional = true }
+nix = { version = "0.29", features = ["user", "fs", "ioctl"], optional = true }
 libmctp = { version = "0.2" }
 inquire = { version = "0.7.5", optional = true}
 

README.md

@@ -57,11 +57,11 @@ Note: `dnf` commands are for Fedora, and `apt` is used for Debian/Ubuntu based
 distributions.
 
 ```shell
-$ sudo dnf install cmake clang-libs clang-devel pciutils-devel openssl openssl-devel python3-devel systemd-devel
+$ sudo dnf install cmake clang-libs clang-devel pciutils-devel openssl openssl-devel python3-devel systemd-devel libnvme
 
 or
 
-$ sudo apt install cmake clang libclang-dev pciutils libpci-dev openssl libssl-dev libsystemd-dev python3-dev pkg-config
+$ sudo apt install cmake clang libclang-dev pciutils libpci-dev openssl libssl-dev libsystemd-dev python3-dev pkg-config libnvme
 ```
 
 ### Ruby
@@ -298,6 +298,14 @@ invoked as below:
 ```shell
 ./target/debug/spdm_utils --pcie-vid <VendorID> --pcie-devid <DeviceID> --doe-pci-cfg request get-digests
 ```
+### SPDM for NVMe over the SPDM Storage Transport
+
+SPDM-utils supports the SPDM over storage transport as defined by the DMTF DSP0286.
+For example, the following command can be used to interact with an NVMe device.
+
+```shell
+$ ./target/debug/spdm_utils --blk-dev-path /dev/nvme0 --nvme --no-session request get-version,get-capabilities
+```
 
 ## Retrieving Certificates
 

build.rs

@@ -22,6 +22,7 @@ fn main() {
     println!("cargo:rustc-link-arg=-Wl,--start-group");
 
     println!("cargo:rustc-link-arg=-lpci");
+    println!("cargo:rustc-link-arg=-lnvme");
 
     println!("cargo:rustc-link-arg=-lmemlib");
     println!("cargo:rustc-link-arg=-lmalloclib");
@@ -41,6 +42,7 @@ fn main() {
     println!("cargo:rustc-link-arg=-lspdm_crypt_ext_lib");
     println!("cargo:rustc-link-arg=-lspdm_transport_pcidoe_lib");
     println!("cargo:rustc-link-arg=-lspdm_transport_mctp_lib");
+    println!("cargo:rustc-link-arg=-lspdm_transport_storage_lib");
 
     // Link SPDM Test Libraries
     let mut builder = if cfg!(feature = "libspdm_tests") {

src/libspdm/spdm.rs

@@ -277,6 +277,8 @@ pub enum TransportLayer {
     Doe,
     /// DMTF Management Component Transport Protocol
     Mctp,
+    /// SCSI Security Protocol In/Out commands
+    Storage,
 }
 
 #[cfg(feature = "no_std")]
@@ -506,6 +508,18 @@ pub unsafe fn setup_transport_layer(
                 )
             };
         }
+        TransportLayer::Storage => {
+            unsafe {
+                libspdm_register_transport_layer_func(
+                    context,
+                    libspdm_max_spdm_msg_size,
+                    LIBSPDM_STORAGE_TRANSPORT_HEADER_SIZE,
+                    LIBSPDM_STORAGE_TRANSPORT_TAIL_SIZE,
+                    Some(libspdm_transport_storage_encode_message),
+                    Some(libspdm_transport_storage_decode_message),
+                )
+            };
+        }
     }
 
     let libspdm_scratch_buffer_size =

src/main.rs

@@ -22,17 +22,20 @@ use std::path::Path;
 extern crate log;
 use env_logger::Env;
 use libspdm::{responder, responder::CertModel, spdm};
+use nix::errno::Errno;
 use once_cell::sync::Lazy;
 
 pub static SOCKET_PATH: &str = "SPDM-Utils-loopback-socket";
 
 mod cli_helpers;
 mod doe_pci_cfg;
 mod io_buffers;
+mod nvme;
 mod qemu_server;
 mod request;
 mod socket_client;
 mod socket_server;
+mod storage_standards;
 mod tcg_concise_evidence_binding;
 mod test_suite;
 mod usb_i2c;
@@ -43,6 +46,18 @@ struct Args {
     #[command(subcommand)]
     command: Commands,
 
+    /// Use NVMe commands for the target device
+    #[arg(short, long, requires_ifs([("true", "blk_dev_path")]))]
+    nvme: bool,
+
+    /// NVME NameSpace Identifier
+    #[arg(long, default_value_t = 1)]
+    nsid: u32,
+
+    /// Path to the block device
+    #[arg(long)]
+    blk_dev_path: Option<String>,
+
     /// Use the Linux PCIe extended configuration backend
     /// This is generally run on the Linux host machine
     #[arg(short, long)]
@@ -642,6 +657,10 @@ async fn main() -> Result<(), ()> {
 
     let mut count = 0;
 
+    cli.nvme.then(|| {
+        count += 1;
+    });
+
     cli.doe_pci_cfg.then(|| {
         count += 1;
     });
@@ -706,12 +725,21 @@ async fn main() -> Result<(), ()> {
         }
 
         usb_i2c::register_device(cntx_ptr, cli.usb_i2c_dev, cli.usb_i2c_baud)?;
+    } else if cli.nvme {
+        if let Err(e) = nvme::nvme_get_sec_info(&cli.blk_dev_path.clone().unwrap(), cli.nsid) {
+            if e == Errno::ENOTSUP {
+                error!("SPDM is not supported by this NVMe device");
+            }
+            return Err(());
+        }
+        nvme::register_device(cntx_ptr, &cli.blk_dev_path.clone().unwrap(), cli.nsid).unwrap();
     } else if cli.qemu_server {
         if let Commands::Request { .. } = cli.command {
             error!("QEMU Server does not support running an SPDM requester");
             return Err(());
         }
         if let Some(proto) = cli.spdm_transport_protocol {
+            info!("Using {:?} transport for QEMU", proto);
             qemu_server::register_device(cntx_ptr, cli.qemu_port, proto)?;
         } else {
             qemu_server::register_device(cntx_ptr, cli.qemu_port, spdm::TransportLayer::Doe)?;
@@ -723,13 +751,21 @@ async fn main() -> Result<(), ()> {
 
     unsafe {
         if let Some(proto) = cli.spdm_transport_protocol {
+            info!("Using {:?} transport", proto);
             spdm::setup_transport_layer(cntx_ptr, proto, spdm::LIBSPDM_MAX_SPDM_MSG_SIZE)?;
         } else if cli.usb_i2c {
             spdm::setup_transport_layer(
                 cntx_ptr,
                 spdm::TransportLayer::Mctp,
                 spdm::LIBSPDM_MAX_SPDM_MSG_SIZE,
             )?;
+        } else if cli.nvme {
+            spdm::setup_transport_layer(
+                cntx_ptr,
+                spdm::TransportLayer::Storage,
+                spdm::LIBSPDM_MAX_SPDM_MSG_SIZE,
+            )
+            .unwrap();
         } else {
             spdm::setup_transport_layer(
                 cntx_ptr,