Address feedback copilot x daniele - NOT TESTED YET NEED TO TEST CHANGES

aidangarske · aidangarske · commit c8dcf5b89913 · 2026-04-06T11:22:11.000-07:00
- NATIONS_PSK mode check (tpm2_spdm.c) - Only affects PSK mode which was already broken (raw path instead of VENDOR_DEFINED)
  - END_SESSION (tpm2_wrap.c) - New behavior but only adds an END_SESSION before the existing cleanup. If it fails, cleanup still proceeds.
  - Nations auto-connect (tpm2_wrap.c:279) - Only fires when spdmOnlyDetected is true (TPM locked in SPDM-only mode and TPM2_Startup returned
  TPM_RC_DISABLED). Normal operation never hits this path.
  - VdCode validation (spdm_tcg.c) - This one could theoretically break something if a response VdCode doesn't match. But all callers like
  wolfSPDM_TCG_GetPubKey() already validate VdCode independently (line 316-321), so the existing code was already checking this for specific commands.
  - VCA skip in PSK (spdm_psk.c) - Changes the transcript hash. Needs firmware 0.1.0.16 + NS350 to also skip VCA. Vision confirmed this works.
  - TPM_CMD_Lx defines / comments - No behavioral change.
diff --git a/examples/spdm/spdm_ctrl.c b/examples/spdm/spdm_ctrl.c
@@ -621,8 +621,8 @@ int TPM2_SPDM_Ctrl(void* userCtx, int argc, char *argv[])
         if (rc != 0) break;
     }
 
-    wolfTPM2_Cleanup(&dev);  /* Shutdown goes through SPDM if session active */
-    wolfTPM2_SpdmCleanup(&dev);
+    wolfTPM2_Cleanup(&dev);  /* TPM2_Shutdown + END_SESSION via SPDM, then free */
+    wolfTPM2_SpdmCleanup(&dev);  /* no-op safety net (already freed by Cleanup) */
     return rc;
 }
 
diff --git a/src/spdm/spdm_psk.c b/src/spdm/spdm_psk.c
@@ -349,15 +349,11 @@ int wolfSPDM_ConnectPsk(WOLFSPDM_CTX* ctx)
     SPDM_CONNECT_STEP(ctx, "PSK Step 1: GET_VERSION\n",
         wolfSPDM_GetVersion(ctx));
 
-    /* Step 2: GET_CAPABILITIES (with PSK_CAP flag) */
-    SPDM_CONNECT_STEP(ctx, "PSK Step 2: GET_CAPABILITIES\n",
-        wolfSPDM_TCG_GetCapabilities(ctx, WOLFSPDM_TCG_CAPS_FLAGS_PSK));
+    /* Steps 2-3: GET_CAPABILITIES + NEGOTIATE_ALGORITHMS
+     * Not mandatory for PSK mode per TCG PC Client PSK spec.
+     * NS350 supports direct GET_VERSION -> PSK_EXCHANGE. */
 
-    /* Step 3: NEGOTIATE_ALGORITHMS */
-    SPDM_CONNECT_STEP(ctx, "PSK Step 3: NEGOTIATE_ALGORITHMS\n",
-        wolfSPDM_TCG_NegotiateAlgorithms(ctx));
-
-    /* Step 4: PSK_EXCHANGE / PSK_EXCHANGE_RSP */
+    /* Step 2: PSK_EXCHANGE / PSK_EXCHANGE_RSP */
     {
         byte txBuf[128];
         byte rxBuf[WOLFSPDM_VENDOR_RX_SZ];
diff --git a/src/spdm/spdm_tcg.c b/src/spdm/spdm_tcg.c
@@ -73,8 +73,10 @@ int wolfSPDM_TCG_VendorCmdClear(WOLFSPDM_CTX* ctx, const char* vdCode,
         if (rc < 0) {
             return rc;
         }
-        /* Verify response vendor code matches expected */
+        /* Validate response VdCode matches the request */
         if (XMEMCMP(rsp->vdCode, vdCode, WOLFSPDM_VDCODE_LEN) != 0) {
+            wolfSPDM_DebugPrint(ctx, "%s: unexpected VdCode '%.8s'\n",
+                vdCode, rsp->vdCode);
             return WOLFSPDM_E_PEER_ERROR;
         }
     }
diff --git a/src/tpm2_spdm.c b/src/tpm2_spdm.c
@@ -211,7 +211,8 @@ int wolfTPM2_SPDM_SecuredExchange(
      * accepts SPDM messages (starting with version byte 0x13), not raw TPM
      * commands (starting with tag 0x80 0x01). */
     if (wolfSPDM_GetMode(ctx->spdmCtx) == WOLFSPDM_MODE_NUVOTON ||
-        wolfSPDM_GetMode(ctx->spdmCtx) == WOLFSPDM_MODE_NATIONS) {
+        wolfSPDM_GetMode(ctx->spdmCtx) == WOLFSPDM_MODE_NATIONS ||
+        wolfSPDM_GetMode(ctx->spdmCtx) == WOLFSPDM_MODE_NATIONS_PSK) {
         byte vdMsg[WOLFSPDM_MAX_MSG_SIZE];
         byte vdRsp[WOLFSPDM_MAX_MSG_SIZE];
         word32 vdRspSz = sizeof(vdRsp);
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -317,7 +317,7 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)
         }
         rc = TPM_RC_SUCCESS;
     }
-#endif /* WOLFTPM_SPDM && WOLFSPDM_NUVOTON */
+#endif /* WOLFTPM_SPDM && WOLFTPM_SPDM_TCG */
 
     return rc;
 }
@@ -1953,7 +1953,13 @@ int wolfTPM2_Cleanup_ex(WOLFTPM2_DEV* dev, int doShutdown)
     }
 
 #ifdef WOLFTPM_SPDM
-    /* Clean up SPDM context if it was auto-established */
+    /* Send END_SESSION to gracefully terminate SPDM session
+     * (TCG spec 5.5.1.6, Table 2: mandatory) */
+    if (dev->spdmCtx != NULL && dev->spdmCtx->spdmCtx != NULL &&
+        wolfSPDM_IsConnected(dev->spdmCtx->spdmCtx)) {
+        (void)wolfTPM2_SpdmDisconnect(dev);
+    }
+    /* Clean up SPDM context */
     wolfTPM2_SpdmCleanup(dev);
 #endif
 
diff --git a/wolftpm/spdm/spdm_tcg.h b/wolftpm/spdm/spdm_tcg.h
@@ -60,6 +60,15 @@ extern "C" {
 #define WOLFSPDM_VDCODE_LEN             8
 
 #define WOLFSPDM_VDCODE_TPM2_CMD        "TPM2_CMD"  /* TPM command over SPDM */
+
+/* Locality-aware TPM command VdCodes (TCG spec Table 11, optional).
+ * Response to all TPM_CMD_L* is TPM_RSP with VdCode "TPM2_CMD".
+ * Not currently used -- our code sends TPM2_CMD for all localities. */
+#define WOLFSPDM_VDCODE_TPM2CMD0        "TPM2CMD0"  /* TPM_CMD_L0: locality 0 */
+#define WOLFSPDM_VDCODE_TPM2CMD1        "TPM2CMD1"  /* TPM_CMD_L1: locality 1 */
+#define WOLFSPDM_VDCODE_TPM2CMD2        "TPM2CMD2"  /* TPM_CMD_L2: locality 2 */
+#define WOLFSPDM_VDCODE_TPM2CMD3        "TPM2CMD3"  /* TPM_CMD_L3: locality 3 */
+#define WOLFSPDM_VDCODE_TPM2CMD4        "TPM2CMD4"  /* TPM_CMD_L4: locality 4 */
 #define WOLFSPDM_VDCODE_GET_PUBK        "GET_PUBK"  /* Get TPM's identity key */
 #define WOLFSPDM_VDCODE_GIVE_PUB        "GIVE_PUB"  /* Give host's identity key */
 #define WOLFSPDM_VDCODE_GET_STS         "GET_STS_"  /* Get SPDM status */

Original file line number	Diff line number	Diff line change
`@@ -621,8 +621,8 @@ int TPM2_SPDM_Ctrl(void* userCtx, int argc, char *argv[])`
`621`	`621`	`if (rc != 0) break;`
`622`	`622`	`}`
`623`	`623`
`624`		`- wolfTPM2_Cleanup(&dev); /* Shutdown goes through SPDM if session active */`
`625`		`- wolfTPM2_SpdmCleanup(&dev);`
	`624`	`+ wolfTPM2_Cleanup(&dev); /* TPM2_Shutdown + END_SESSION via SPDM, then free */`
	`625`	`+ wolfTPM2_SpdmCleanup(&dev); /* no-op safety net (already freed by Cleanup) */`
`626`	`626`	`return rc;`
`627`	`627`	`}`
`628`	`628`
Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,10 @@ int wolfSPDM_TCG_VendorCmdClear(WOLFSPDM_CTX* ctx, const char* vdCode,`
`73`	`73`	`if (rc < 0) {`
`74`	`74`	`return rc;`
`75`	`75`	`}`
`76`		`- /* Verify response vendor code matches expected */`
	`76`	`+ /* Validate response VdCode matches the request */`
`77`	`77`	`if (XMEMCMP(rsp->vdCode, vdCode, WOLFSPDM_VDCODE_LEN) != 0) {`
	`78`	`+ wolfSPDM_DebugPrint(ctx, "%s: unexpected VdCode '%.8s'\n",`
	`79`	`+ vdCode, rsp->vdCode);`
`78`	`80`	`return WOLFSPDM_E_PEER_ERROR;`
`79`	`81`	`}`
`80`	`82`	`}`
Original file line number	Diff line number	Diff line change
`@@ -317,7 +317,7 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)`
`317`	`317`	`}`
`318`	`318`	`rc = TPM_RC_SUCCESS;`
`319`	`319`	`}`
`320`		`-#endif /* WOLFTPM_SPDM && WOLFSPDM_NUVOTON */`
	`320`	`+#endif /* WOLFTPM_SPDM && WOLFTPM_SPDM_TCG */`
`321`	`321`
`322`	`322`	`return rc;`
`323`	`323`	`}`
`@@ -1953,7 +1953,13 @@ int wolfTPM2_Cleanup_ex(WOLFTPM2_DEV* dev, int doShutdown)`
`1953`	`1953`	`}`
`1954`	`1954`
`1955`	`1955`	`#ifdef WOLFTPM_SPDM`
`1956`		`- /* Clean up SPDM context if it was auto-established */`
	`1956`	`+ /* Send END_SESSION to gracefully terminate SPDM session`
	`1957`	`+ * (TCG spec 5.5.1.6, Table 2: mandatory) */`
	`1958`	`+ if (dev->spdmCtx != NULL && dev->spdmCtx->spdmCtx != NULL &&`
	`1959`	`+ wolfSPDM_IsConnected(dev->spdmCtx->spdmCtx)) {`
	`1960`	`+ (void)wolfTPM2_SpdmDisconnect(dev);`
	`1961`	`+ }`
	`1962`	`+ /* Clean up SPDM context */`
`1957`	`1963`	`wolfTPM2_SpdmCleanup(dev);`
`1958`	`1964`	`#endif`
`1959`	`1965`