From 58410f31f1f780eb9f8ddc28c7956e1b79d446a0 Mon Sep 17 00:00:00 2001
From: Oliver Smith-Denny <osde@microsoft.com>
Date: Fri, 22 Nov 2024 07:46:36 -0800
Subject: [PATCH] [CHERRY-PICK] SecurityPkg: Update libspdm

This patch updates libspdm to pull in various bug fixes,
but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b
which updates libspdm's MbedTLS submodule to v3.6.2, fixing
CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there.
This CVE does not affect libspdm or edk2, but automatic
CVE scanning tools see the bad version of the certifi
pip module in the edk2/libspdm code trees and flag these
projects as failing.
libspdm has been updated to pull in the newer MbedTLS that
fixes this issue and this patch updates edk2 to pull in
the newer libspdm.

Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
---
 SecurityPkg/DeviceSecurity/SpdmLib/libspdm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/libspdm b/SecurityPkg/DeviceSecurity/SpdmLib/libspdm
index 50924a4c81..98ef964e1e 160000
--- a/SecurityPkg/DeviceSecurity/SpdmLib/libspdm
+++ b/SecurityPkg/DeviceSecurity/SpdmLib/libspdm
@@ -1 +1 @@
-Subproject commit 50924a4c8145fc721e17208f55814d2b38766fe6
+Subproject commit 98ef964e1e9a0c39c7efb67143d3a13a819432e0