From 6fa3d851e1b0c7d2f3419c7fd48c45bb4ae6618a Mon Sep 17 00:00:00 2001
From: Wenxing Hou <wenxing.hou@intel.com>
Date: Tue, 29 Aug 2023 09:44:02 +0800
Subject: [PATCH] SecurityPkg: get the valid CertChain and CertChainSize

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 .../DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
index 0fc3b9917aa..d737f33b3af 100644
--- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
+++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c
@@ -591,6 +591,14 @@ DoDeviceAuthentication (
     }
 
     DEBUG ((DEBUG_INFO, "SpdmGetCertificateEx - SpdmReturn %p, TrustAnchorSize 0x%x, RootCertMatch %d\n", SpdmReturn, TrustAnchorSize, RootCertMatch));
+
+    //get the valid CertChain
+    CertChainSize = sizeof (CertChain);
+    ZeroMem (CertChain, sizeof (CertChain));
+    SpdmReturn = SpdmGetCertificateEx (SpdmContext, NULL, *ValidSlotId, &CertChainSize, CertChain, (CONST VOID **)&TrustAnchor, &TrustAnchorSize);
+    if ((!LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) && (!(SpdmReturn == LIBSPDM_STATUS_VERIF_NO_AUTHORITY))) {
+      return EFI_DEVICE_ERROR;
+    }
   }
 
   if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP) == 0) {