diff options
Diffstat (limited to 'MdePkg/Include')
| -rw-r--r-- | MdePkg/Include/Guid/GlobalVariable.h | 8 | ||||
| -rw-r--r-- | MdePkg/Include/Guid/ImageAuthentication.h | 5 | ||||
| -rwxr-xr-x | MdePkg/Include/IndustryStandard/Cxl.h | 2 | ||||
| -rw-r--r-- | MdePkg/Include/IndustryStandard/Cxl30.h | 316 | ||||
| -rw-r--r-- | MdePkg/Include/IndustryStandard/IpmiNetFnOem.h | 18 | ||||
| -rw-r--r-- | MdePkg/Include/IndustryStandard/IpmiNetFnSensorEvent.h | 46 | ||||
| -rw-r--r-- | MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h | 32 | ||||
| -rw-r--r-- | MdePkg/Include/IndustryStandard/Spdm.h | 1112 | ||||
| -rw-r--r-- | MdePkg/Include/IndustryStandard/UefiTcgPlatform.h | 224 | ||||
| -rw-r--r-- | MdePkg/Include/Pi/PiDxeCis.h | 13 | ||||
| -rw-r--r-- | MdePkg/Include/Pi/PiHob.h | 14 | ||||
| -rw-r--r-- | MdePkg/Include/Ppi/DelayedDispatch.h | 24 | ||||
| -rw-r--r-- | MdePkg/Include/Protocol/DevicePath.h | 22 | ||||
| -rw-r--r-- | MdePkg/Include/Protocol/SpiConfiguration.h | 4 | ||||
| -rw-r--r-- | MdePkg/Include/Register/Amd/Cpuid.h | 4 | ||||
| -rw-r--r-- | MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 8 |
16 files changed, 1770 insertions, 82 deletions
diff --git a/MdePkg/Include/Guid/GlobalVariable.h b/MdePkg/Include/Guid/GlobalVariable.h index eb2ce6aaf2..eb6e5a043e 100644 --- a/MdePkg/Include/Guid/GlobalVariable.h +++ b/MdePkg/Include/Guid/GlobalVariable.h @@ -1,7 +1,7 @@ /** @file
GUID for EFI (NVRAM) Variables.
- Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Revision Reference:
@@ -183,4 +183,10 @@ extern EFI_GUID gEfiGlobalVariableGuid; ///
#define EFI_VENDOR_KEYS_VARIABLE_NAME L"VendorKeys"
+///
+/// Whether the platform firmware is operating in device authentication boot mode (1) or not (0).
+/// The content is UINT8.
+///
+#define EFI_DEVICE_AUTH_BOOT_MODE_NAME L"devAuthBoot"
+
#endif
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h index fe83596571..f95255c0fb 100644 --- a/MdePkg/Include/Guid/ImageAuthentication.h +++ b/MdePkg/Include/Guid/ImageAuthentication.h @@ -1,7 +1,7 @@ /** @file
Image signature database are defined for the signed image validation.
- Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Revision Reference:
@@ -41,6 +41,9 @@ #define SETUP_MODE 1
#define USER_MODE 0
+#define DEVICE_AUTH_BOOT_MODE_ENABLE 1
+#define DEVICE_AUTH_BOOT_MODE_DISABLE 0
+
// ***********************************************************************
// Signature Database
// ***********************************************************************
diff --git a/MdePkg/Include/IndustryStandard/Cxl.h b/MdePkg/Include/IndustryStandard/Cxl.h index 9ad3242e25..cb623a355d 100755 --- a/MdePkg/Include/IndustryStandard/Cxl.h +++ b/MdePkg/Include/IndustryStandard/Cxl.h @@ -12,7 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #ifndef _CXL_MAIN_H_
#define _CXL_MAIN_H_
-#include <IndustryStandard/Cxl20.h>
+#include <IndustryStandard/Cxl30.h>
//
// CXL assigned new Vendor ID
//
diff --git a/MdePkg/Include/IndustryStandard/Cxl30.h b/MdePkg/Include/IndustryStandard/Cxl30.h new file mode 100644 index 0000000000..7a9a6d6940 --- /dev/null +++ b/MdePkg/Include/IndustryStandard/Cxl30.h @@ -0,0 +1,316 @@ +/** @file
+ CXL 3.0 Register definitions
+
+ This file contains the register definitions based on the Compute Express Link
+ (CXL) Specification Revision 3.0.
+
+ Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef CXL30_H_
+#define CXL30_H_
+
+#include <IndustryStandard/Cxl20.h>
+
+//
+// CXL Cache Memory Capability IDs
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4 Table 8-22
+//
+#define CXL_CACHE_MEM_CAPABILITY_ID_TIMEOUT_AND_ISOLATION 0x0009
+#define CXL_CACHE_MEM_CAPABILITY_ID_EXTENDED 0x000A
+#define CXL_CACHE_MEM_CAPABILITY_ID_BI_ROUTE_TABLE 0x000B
+#define CXL_CACHE_MEM_CAPABILITY_ID_BI_DECODER 0x000C
+#define CXL_CACHE_MEM_CAPABILITY_ID_CACHE_ID_ROUTE_TABLE 0x000D
+#define CXL_CACHE_MEM_CAPABILITY_ID_CACHE_ID_DECODER 0x000E
+#define CXL_CACHE_MEM_CAPABILITY_ID_EXTENDED_HDM_DECODER 0x000F
+
+//
+// CXL_Capability_Version
+// Compute Express ink Specification Revision 3.0 - Chapter 8.2.4.5
+//
+#define CXL_HDM_DECODER_VERSION_30 0x3
+
+//
+// CXL CXL HDM Decoder n Control
+// Compute Express Link Specification Revision 3.0 - 8.2.4.19.7
+//
+//
+// Bit4..7: Interleave Ways (IW)
+//
+#define CXL_HDM_16_WAY_INTERLEAVING 0x4
+#define CXL_HDM_3_WAY_INTERLEAVING 0x8
+#define CXL_HDM_6_WAY_INTERLEAVING 0x9
+#define CXL_HDM_12_WAY_INTERLEAVING 0xA
+
+//
+// Ensure proper structure formats
+//
+#pragma pack(1)
+
+//
+// CXL.cachemem Extended Register Capability
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4.24
+//
+typedef union {
+ struct {
+ UINT32 ExtendedRangesBitmap : 16; // Bit 0..15
+ UINT32 Reserved : 16; // Bit 16..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CM_EXTENTED_REGISTER_CAPABILITY;
+
+#define CXL_CM_EXTENTED_RANGES_BITMAP (BIT2 | BIT3 | BIT4 | BIT5 | BIT6 | BIT7 | BIT8 | BIT9 | BIT10 | BIT11 | BIT12 | BIT13 | BIT15)
+
+//
+// CXL BI Route Table Capability
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4.25
+//
+typedef union {
+ struct {
+ UINT32 ExplicitBiRtCommitRequired : 1; // bit 0
+ UINT32 Reserved : 31; // bit 1..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_BI_RT_CAPABILITY;
+
+typedef union {
+ struct {
+ UINT32 BiRtCommit : 1; // bit 0
+ UINT32 Reserved : 31; // bit 1..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_BI_RT_CONTROL;
+
+typedef union {
+ struct {
+ UINT32 BiRtCommitted : 1; // bit 0
+ UINT32 BiRtErrorNotCommitted : 1; // bit 1
+ UINT32 Reserved1 : 6; // bit 2..7
+ UINT32 BiRtCommitTimeoutScale : 4; // bit 8..11
+ UINT32 BiRtCommitTimeoutBase : 4; // bit 12..15
+ UINT32 Reserved2 : 16; // bit 16..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_BI_RT_STATUS;
+
+typedef struct {
+ CXL_BI_RT_CAPABILITY BiRtCap; // offset 0x00
+ CXL_BI_RT_CONTROL BiRtControl; // offset 0x04
+ CXL_BI_RT_STATUS BiRtStatus; // offset 0x08
+} CXL_BI_ROUTE_TABLE_CAPABILITY;
+
+//
+// CXL BI Decoder Capability
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4.26
+//
+typedef union {
+ struct {
+ UINT32 HdmDCapable : 1; // bit 0
+ UINT32 ExplicitBiDecoderCommitRequired : 1; // bit 1
+ UINT32 Reserved : 30; // bit 2..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_BI_DECODER_CAP;
+
+typedef union {
+ struct {
+ UINT32 BiForward : 1; // bit 0
+ UINT32 BiEnable : 1; // bit 1
+ UINT32 BiDecoderCommit : 1; // bit 2
+ UINT32 Reserved : 29; // bit 3..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_BI_DECODER_CONTROL;
+
+typedef union {
+ struct {
+ UINT32 BiDecoderCommitted : 1; // bit 0
+ UINT32 BiDecoderErrorNotCommitted : 1; // bit 1
+ UINT32 Reserved1 : 6; // bit 2..7
+ UINT32 BiDecoderCommitTimeoutScale : 4; // bit 8..11
+ UINT32 BiDecoderCommitTimeoutBase : 4; // bit 12..15
+ UINT32 Reserved2 : 16; // bit 16..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_BI_DECODER_STATUS;
+
+typedef struct {
+ CXL_BI_DECODER_CAP BiDecoderCap; // offset 0x00
+ CXL_BI_DECODER_CONTROL BiDecoderControl; // offset 0x04
+ CXL_BI_DECODER_STATUS BiDecoderStatus; // offset 0x08
+} CXL_BI_DECODER_CAPABILITY;
+
+//
+// CXL Cache ID Route Table Capability
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4.27
+//
+typedef union {
+ struct {
+ UINT32 CacheIdTargetCount : 5; // Bit 0..4
+ UINT32 Reserved1 : 3; // Bit 5..7
+ UINT32 HdmDType2DeviceMaxCount : 4; // Bit 8..11
+ UINT32 Reserved2 : 4; // Bit 12..15
+ UINT32 ExplicitCacheIdRtCommitRequired : 1; // Bit 16
+ UINT32 Reserved3 : 15; // Bit 17:31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CACHE_ID_RT_CAPABILITY;
+
+typedef union {
+ struct {
+ UINT32 CacheIdRtCommit : 1; // Bit 0
+ UINT32 Reserved : 31; // Bit 1..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CACHE_ID_RT_CONTROL;
+
+typedef union {
+ struct {
+ UINT32 CacheIdRtCommitted : 1; // Bit 0
+ UINT32 CacheIdRtErrNotCommitted : 1; // Bit 1
+ UINT32 Reserved1 : 6; // Bit 2..7
+ UINT32 CacheIdRtCommitTimeoutScale : 4; // Bit 8..11
+ UINT32 CacheIdRtCommitTimeoutBase : 4; // Bit 12..15
+ UINT32 Reserved2 : 16; // Bit 16..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CACHE_ID_RT_STATUS;
+
+typedef union {
+ struct {
+ UINT16 Valid : 1; // Bit 0
+ UINT16 Reserved : 7; // Bit 1..7
+ UINT16 PortNumber : 8; // Bit 8..15
+ } Bits;
+ UINT16 Uint16;
+} CXL_CACHE_ID_RT_TARGET;
+
+typedef struct {
+ CXL_CACHE_ID_RT_CAPABILITY CacheIdRtCap; // offset 0x00
+ CXL_CACHE_ID_RT_CONTROL CacheIdRtControl; // offset 0x04
+ CXL_CACHE_ID_RT_STATUS CacheIdRtStatus; // offset 0x08
+ UINT32 Reserved; // offset 0x0C
+ CXL_CACHE_ID_RT_TARGET CacheIdRtTarget[]; // offset 0x10
+} CXL_CACHE_ID_ROUTE_TABLE_CAPABILITY;
+
+//
+// CXL Cache ID Decoder Capability
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4.28
+//
+typedef union {
+ struct {
+ UINT32 ExplicitCacheIdDecoderCommitRequired : 1; // Bit 0
+ UINT32 Reserved : 31; // Bit 1..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CACHE_ID_DECODER_CAP;
+
+typedef union {
+ struct {
+ UINT32 ForwardCacheId : 1; // Bit 0
+ UINT32 AssignCacheId : 1; // Bit 1
+ UINT32 HdmDType2DevicePresent : 1; // Bit 2
+ UINT32 CacheIdDecoderCommit : 1; // Bit 3
+ UINT32 Reserved1 : 4; // Bit 4..7
+ UINT32 HdmDType2DeviceCacheId : 4; // Bit 8..11
+ UINT32 Reserved2 : 4; // Bit 12..15
+ UINT32 LocalCacheId : 4; // Bit 16..19
+ UINT32 Reserved3 : 4; // Bit 20..23
+ UINT32 TrustLevel : 2; // Bit 24..25
+ UINT32 Reserved4 : 6; // Bit 26..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CACHE_ID_DECODER_CONTROL;
+
+typedef union {
+ struct {
+ UINT32 CacheIdDecoderCommitted : 1; // Bit 0
+ UINT32 CacheIdDecoderErrorNotCommitted : 1; // Bit 1
+ UINT32 Reserved1 : 6; // Bit 2..7
+ UINT32 CacheIdDecoderCommitTimeoutScale : 4; // Bit 8..11
+ UINT32 CacheIdDecoderCommitTimeoutBase : 4; // Bit 12..15
+ UINT32 Reserved2 : 16; // Bit 16..31
+ } Bits;
+ UINT32 Uint32;
+} CXL_CACHE_ID_DECODER_STATUS;
+
+typedef struct {
+ CXL_CACHE_ID_DECODER_CAP CacheIdDecoderCap; // offset 0x00
+ CXL_CACHE_ID_DECODER_CONTROL CacheIdDecoderControl; // offset 0x04
+ CXL_CACHE_ID_DECODER_STATUS CacheIdDecoderStatus; // offset 0x08
+} CXL_CACHE_ID_DECODER_CAPABILITY;
+
+//
+// CXL Timeout and Isolation Capability Structure
+// Compute Express Link Specification Revision 3.0 - Chapter 8.2.4.23
+//
+typedef union {
+ struct {
+ UINT32 CxlmemTransactionTimeoutRangesSupported : 4; // Bits 3:0
+ UINT32 CxlmemTransactionTimeoutSupported : 1; // Bits 4
+ UINT32 Reserved1 : 3; // Bits 7:5
+ UINT32 CxlcacheTransactionTimeoutRangesSupported : 4; // Bits 11:8
+ UINT32 CxlcacheTransactionTimeoutSupported : 1; // Bits 12
+ UINT32 Reserved2 : 3; // Bits 15:13
+ UINT32 CxlmemIsolationSupported : 1; // Bits 16
+ UINT32 CxlmemIsolationLinkdownSupported : 1; // Bits 17
+ UINT32 CxlcacheIsolationSupported : 1; // Bits 18
+ UINT32 CxlcacheIsolationLinkdownSupported : 1; // Bits 19
+ UINT32 Reserved3 : 5; // Bits 24:20
+ UINT32 IsolationErrCorSignalingSupported : 1; // Bits 25
+ UINT32 IsolationInterruptSupported : 1; // Bits 26
+ UINT32 IsolationInterruptMessageNumber : 5; // Bits 31:27
+ } Bits;
+ UINT32 Uint32;
+} CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_CAPABILITY;
+
+typedef union {
+ struct {
+ UINT32 CxlmemTransactionTimeoutValue : 4; // Bits 3:0
+ UINT32 CxlmemTransactionTimeoutEnable : 1; // Bits 4
+ UINT32 Reserved1 : 3; // Bits 7:5
+ UINT32 CxlcacheTransactionTimeoutValue : 4; // Bits 11:8
+ UINT32 CxlcacheTransactionTimeoutEnable : 1; // Bits 12
+ UINT32 Reserved2 : 3; // Bits 15:13
+ UINT32 CxlmemIsolationEnable : 1; // Bits 16
+ UINT32 CxlmemIsolationLinkdownEnable : 1; // Bits 17
+ UINT32 CxlcacheIsolationEnable : 1; // Bits 18
+ UINT32 CxlcacheIsolationLinkdownEnable : 1; // Bits 19
+ UINT32 Reserved3 : 5; // Bits 24:20
+ UINT32 IsolationErrCorSignalingEnable : 1; // Bits 25
+ UINT32 IsolationInterruptEnable : 1; // Bits 26
+ UINT32 Reserved4 : 5; // Bits 31:27
+ } Bits;
+ UINT32 Uint32;
+} CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_CONTROL;
+
+typedef union {
+ struct {
+ UINT32 CxlmemTransactionTimeout : 1; // Bits 0
+ UINT32 Reserved1 : 3; // Bits 3:1
+ UINT32 CxlcacheTransactionTimeout : 1; // Bits 4
+ UINT32 Reserved2 : 3; // Bits 7:5
+ UINT32 CxlmemIsolationStatus : 1; // Bits 8
+ UINT32 CxlmemIsolationLinkdownStatus : 1; // Bits 9
+ UINT32 Reserved3 : 2; // Bits 11:10
+ UINT32 CxlcacheIsolationStatus : 1; // Bits 12
+ UINT32 CxlcacheIsolationLinkdownStatus : 1; // Bits 13
+ UINT32 CxlRpBusy : 1; // Bits 14
+ UINT32 Reserved4 : 17; // Bits 31:15
+ } Bits;
+ UINT32 Uint32;
+} CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_STATUS;
+
+typedef struct {
+ CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_CAPABILITY TimeoutAndIsolationCap;
+ UINT32 Reserved;
+ CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_CONTROL TimeoutAndIsolationControl;
+ CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_STATUS TimeoutAndIsolationStatus;
+} CXL_3_0_CXL_TIMEOUT_AND_ISOLATION_CAPABILITY_STRUCTURE;
+
+#pragma pack()
+
+#endif
diff --git a/MdePkg/Include/IndustryStandard/IpmiNetFnOem.h b/MdePkg/Include/IndustryStandard/IpmiNetFnOem.h new file mode 100644 index 0000000000..48c5dbd803 --- /dev/null +++ b/MdePkg/Include/IndustryStandard/IpmiNetFnOem.h @@ -0,0 +1,18 @@ +/** @file
+ IPMI 2.0 definitions from the IPMI Specification Version 2.0, Revision 1.1.
+
+ Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef IPMI_NET_FN_OEM_H_
+#define IPMI_NET_FN_OEM_H_
+
+//
+// Net function definition for OEM/Group command
+//
+#define IPMI_NETFN_OEM 0x2E
+#define IPMI_NETFN_OEM_GROUP 0x2F
+
+#endif
diff --git a/MdePkg/Include/IndustryStandard/IpmiNetFnSensorEvent.h b/MdePkg/Include/IndustryStandard/IpmiNetFnSensorEvent.h index b92958454f..93f625a32b 100644 --- a/MdePkg/Include/IndustryStandard/IpmiNetFnSensorEvent.h +++ b/MdePkg/Include/IndustryStandard/IpmiNetFnSensorEvent.h @@ -10,6 +10,7 @@ and Appendix H, Sub-function Assignments.
Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -42,5 +43,50 @@ typedef struct { UINT8 OEMEvData3;
} IPMI_PLATFORM_EVENT_MESSAGE_DATA_REQUEST;
+//
+// Definitions for Set Sensor Thresholds command
+//
+#define IPMI_SENSOR_SET_SENSOR_THRESHOLDS 0x26
+
+typedef union {
+ struct _SENSOR_BITS {
+ UINT8 LowerNonCriticalThreshold : 1;
+ UINT8 LowerCriticalThreshold : 1;
+ UINT8 LowerNonRecoverableThreshold : 1;
+ UINT8 UpperNonCriticalThreshold : 1;
+ UINT8 UpperCriticalThreshold : 1;
+ UINT8 UpperNonRecoverableThreshold : 1;
+ UINT8 Reserved : 2;
+ } Bits;
+ UINT8 Uint8;
+} SENSOR_BITS;
+
+typedef struct _IPMI_SENSOR_SET_SENSOR_THRESHOLD_REQUEST_DATA {
+ UINT8 SensorNumber;
+ SENSOR_BITS SetBitEnable;
+ UINT8 LowerNonCriticalThreshold;
+ UINT8 LowerCriticalThreshold;
+ UINT8 LowerNonRecoverableThreshold;
+ UINT8 UpperNonCriticalThreshold;
+ UINT8 UpperCriticalThreshold;
+ UINT8 UpperNonRecoverableThreshold;
+} IPMI_SENSOR_SET_SENSOR_THRESHOLD_REQUEST_DATA;
+
+//
+// Definitions for Get Sensor Thresholds command
+//
+#define IPMI_SENSOR_GET_SENSOR_THRESHOLDS 0x27
+
+typedef struct _IPMI_SENSOR_GET_SENSOR_THRESHOLD_RESPONSE_DATA {
+ UINT8 CompletionCode;
+ SENSOR_BITS GetBitEnable;
+ UINT8 LowerNonCriticalThreshold;
+ UINT8 LowerCriticalThreshold;
+ UINT8 LowerNonRecoverableThreshold;
+ UINT8 UpperNonCriticalThreshold;
+ UINT8 UpperCriticalThreshold;
+ UINT8 UpperNonRecoverableThreshold;
+} IPMI_SENSOR_GET_SENSOR_THRESHOLD_RESPONSE_DATA;
+
#pragma pack()
#endif
diff --git a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h index eb5ae28390..bf967880ab 100644 --- a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h +++ b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h @@ -23,6 +23,7 @@ ///
#define EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION 0x02
+#define EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION 0x04
///
/// Serial Port Console Redirection Table Format
///
@@ -50,6 +51,37 @@ typedef struct { UINT32 Reserved3;
} EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
+///
+/// Serial Port Console Redirection Table Format Revision 4
+///
+typedef struct {
+ EFI_ACPI_DESCRIPTION_HEADER Header;
+ UINT8 InterfaceType;
+ UINT8 Reserved1[3];
+ EFI_ACPI_5_0_GENERIC_ADDRESS_STRUCTURE BaseAddress;
+ UINT8 InterruptType;
+ UINT8 Irq;
+ UINT32 GlobalSystemInterrupt;
+ UINT8 BaudRate;
+ UINT8 Parity;
+ UINT8 StopBits;
+ UINT8 FlowControl;
+ UINT8 TerminalType;
+ UINT8 Reserved2;
+ UINT16 PciDeviceId;
+ UINT16 PciVendorId;
+ UINT8 PciBusNumber;
+ UINT8 PciDeviceNumber;
+ UINT8 PciFunctionNumber;
+ UINT32 PciFlags;
+ UINT8 PciSegment;
+ UINT32 UartClockFrequency;
+ UINT32 PreciseBaudRate;
+ UINT16 NameSpaceStrLength;
+ UINT16 NameSpaceStrOffset;
+ CHAR8 NameSpaceString[0];
+} EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
+
#pragma pack()
//
diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h index 4ec7a5ed1f..3d511b4768 100644 --- a/MdePkg/Include/IndustryStandard/Spdm.h +++ b/MdePkg/Include/IndustryStandard/Spdm.h @@ -1,8 +1,8 @@ /** @file
- Definitions of Security Protocol & Data Model Specification (SPDM)
- version 1.0.0 in Distributed Management Task Force (DMTF).
+ Definitions of DSP0274 Security Protocol & Data Model Specification (SPDM)
+ version 1.2.0 in Distributed Management Task Force (DMTF).
-Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2019 - 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -12,29 +12,72 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1)
+#define SPDM_MAX_SLOT_COUNT 8
+#define SPDM_MAX_OPAQUE_DATA_SIZE 1024
+#define SPDM_NONCE_SIZE 32
+#define SPDM_RANDOM_DATA_SIZE 32
///
-/// SPDM response code
+/// SPDM response code (1.0)
///
-#define SPDM_DIGESTS 0x01
-#define SPDM_CERTIFICATE 0x02
-#define SPDM_CHALLENGE_AUTH 0x03
-#define SPDM_VERSION 0x04
-#define SPDM_MEASUREMENTS 0x60
-#define SPDM_CAPABILITIES 0x61
-#define SPDM_SET_CERT_RESPONSE 0x62
-#define SPDM_ALGORITHMS 0x63
-#define SPDM_ERROR 0x7F
+#define SPDM_DIGESTS 0x01
+#define SPDM_CERTIFICATE 0x02
+#define SPDM_CHALLENGE_AUTH 0x03
+#define SPDM_VERSION 0x04
+#define SPDM_MEASUREMENTS 0x60
+#define SPDM_CAPABILITIES 0x61
+#define SPDM_ALGORITHMS 0x63
+#define SPDM_VENDOR_DEFINED_RESPONSE 0x7E
+#define SPDM_ERROR 0x7F
///
-/// SPDM request code
+/// SPDM response code (1.1)
///
-#define SPDM_GET_DIGESTS 0x81
-#define SPDM_GET_CERTIFICATE 0x82
-#define SPDM_CHALLENGE 0x83
-#define SPDM_GET_VERSION 0x84
-#define SPDM_GET_MEASUREMENTS 0xE0
-#define SPDM_GET_CAPABILITIES 0xE1
-#define SPDM_NEGOTIATE_ALGORITHMS 0xE3
-#define SPDM_RESPOND_IF_READY 0xFF
+#define SPDM_KEY_EXCHANGE_RSP 0x64
+#define SPDM_FINISH_RSP 0x65
+#define SPDM_PSK_EXCHANGE_RSP 0x66
+#define SPDM_PSK_FINISH_RSP 0x67
+#define SPDM_HEARTBEAT_ACK 0x68
+#define SPDM_KEY_UPDATE_ACK 0x69
+#define SPDM_ENCAPSULATED_REQUEST 0x6A
+#define SPDM_ENCAPSULATED_RESPONSE_ACK 0x6B
+#define SPDM_END_SESSION_ACK 0x6C
+///
+/// SPDM response code (1.2)
+///
+#define SPDM_CSR 0x6D
+#define SPDM_SET_CERTIFICATE_RSP 0x6E
+#define SPDM_CHUNK_SEND_ACK 0x05
+#define SPDM_CHUNK_RESPONSE 0x06
+///
+/// SPDM request code (1.0)
+///
+#define SPDM_GET_DIGESTS 0x81
+#define SPDM_GET_CERTIFICATE 0x82
+#define SPDM_CHALLENGE 0x83
+#define SPDM_GET_VERSION 0x84
+#define SPDM_GET_MEASUREMENTS 0xE0
+#define SPDM_GET_CAPABILITIES 0xE1
+#define SPDM_NEGOTIATE_ALGORITHMS 0xE3
+#define SPDM_VENDOR_DEFINED_REQUEST 0xFE
+#define SPDM_RESPOND_IF_READY 0xFF
+///
+/// SPDM request code (1.1)
+///
+#define SPDM_KEY_EXCHANGE 0xE4
+#define SPDM_FINISH 0xE5
+#define SPDM_PSK_EXCHANGE 0xE6
+#define SPDM_PSK_FINISH 0xE7
+#define SPDM_HEARTBEAT 0xE8
+#define SPDM_KEY_UPDATE 0xE9
+#define SPDM_GET_ENCAPSULATED_REQUEST 0xEA
+#define SPDM_DELIVER_ENCAPSULATED_RESPONSE 0xEB
+#define SPDM_END_SESSION 0xEC
+///
+/// SPDM request code (1.2)
+///
+#define SPDM_GET_CSR 0xED
+#define SPDM_SET_CERTIFICATE 0xEE
+#define SPDM_CHUNK_SEND 0x85
+#define SPDM_CHUNK_GET 0x86
///
/// SPDM message header
@@ -46,13 +89,18 @@ typedef struct { UINT8 Param2;
} SPDM_MESSAGE_HEADER;
-#define SPDM_MESSAGE_VERSION 0x10
+#define SPDM_MESSAGE_VERSION_10 0x10
+#define SPDM_MESSAGE_VERSION_11 0x11
+#define SPDM_MESSAGE_VERSION_12 0x12
+#define SPDM_MESSAGE_VERSION SPDM_MESSAGE_VERSION_10
///
/// SPDM GET_VERSION request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
} SPDM_GET_VERSION_REQUEST;
///
@@ -60,6 +108,8 @@ typedef struct { ///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
UINT8 Reserved;
UINT8 VersionNumberEntryCount;
// SPDM_VERSION_NUMBER VersionNumberEntry[VersionNumberEntryCount];
@@ -68,18 +118,32 @@ typedef struct { ///
/// SPDM VERSION structure
///
-typedef struct {
- UINT16 Alpha : 4;
- UINT16 UpdateVersionNumber : 4;
- UINT16 MinorVersion : 4;
- UINT16 MajorVersion : 4;
-} SPDM_VERSION_NUMBER;
+/// bit[15:12] major_version
+/// bit[11:8] minor_version
+/// bit[7:4] update_version_number
+/// bit[3:0] alpha
+typedef UINT16 SPDM_VERSION_NUMBER;
+#define SPDM_VERSION_NUMBER_SHIFT_BIT 8
+#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*"
+#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE \
+ (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1)
+#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100
///
/// SPDM GET_CAPABILITIES request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+ // Below field is added in 1.1.
+ UINT8 Reserved;
+ UINT8 CTExponent;
+ UINT16 Reserved2;
+ UINT32 Flags;
+ // Below field is added in 1.2.
+ UINT32 DataTransferSize;
+ UINT32 MaxSpdmMsgSize;
} SPDM_GET_CAPABILITIES_REQUEST;
///
@@ -87,14 +151,58 @@ typedef struct { ///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
UINT8 Reserved;
UINT8 CTExponent;
UINT16 Reserved2;
UINT32 Flags;
+ // Below field is added in 1.2.
+ UINT32 DataTransferSize;
+ UINT32 MaxSpdmMsgSize;
} SPDM_CAPABILITIES_RESPONSE;
+#define SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12 42
+
+///
+/// SPDM GET_CAPABILITIES request Flags (1.1)
+///
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP BIT1
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP BIT2
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP BIT6
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP BIT7
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP BIT8
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP BIT9
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP (BIT10 | BIT11)
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP_REQUESTER BIT10
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP BIT12
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP BIT13
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP BIT14
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP BIT15
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP BIT16
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK (\
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP)
+
+///
+/// SPDM GET_CAPABILITIES request Flags (1.2)
///
-/// SPDM GET_CAPABILITIES response Flags
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP BIT17
+#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK (\
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK | \
+ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP)
+///
+/// SPDM GET_CAPABILITIES response Flags (1.0)
///
#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP BIT0
#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP BIT1
@@ -103,27 +211,118 @@ typedef struct { #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG BIT3
#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG BIT4
#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP BIT5
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK (\
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP)
+///
+/// SPDM GET_CAPABILITIES response Flags (1.1)
+///
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP BIT6
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP BIT7
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP BIT8
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP BIT9
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP (BIT10 | BIT11)
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER BIT10
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT BIT11
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP BIT12
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP BIT13
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP BIT14
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP BIT15
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP BIT16
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK (\
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP)
+///
+/// SPDM GET_CAPABILITIES response Flags (1.2)
+///
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP BIT17
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP BIT18
///
+/// SPDM GET_CAPABILITIES response Flags (1.2.1)
+///
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP BIT19
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP BIT20
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP BIT21
+#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK (\
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP | \
+ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP)
+///
/// SPDM NEGOTIATE_ALGORITHMS request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == Number of Algorithms Structure Tables
+ // Param2 == RSVD
UINT16 Length;
UINT8 MeasurementSpecification;
- UINT8 Reserved;
+
+ // OtherParamsSupport is added in 1.2.
+ // BIT[0:3]=opaque_data_format support
+ // BIT[4:7]=Reserved
+ UINT8 OtherParamsSupport;
UINT32 BaseAsymAlgo;
UINT32 BaseHashAlgo;
UINT8 Reserved2[12];
UINT8 ExtAsymCount;
UINT8 ExtHashCount;
UINT16 Reserved3;
- // UINT32 ExtAsym[ExtAsymCount];
- // UINT32 ExtHash[ExtHashCount];
+ // SPDM_EXTENDED_ALGORITHM ExtAsym[ExtAsymCount];
+ // SPDM_EXTENDED_ALGORITHM ExtHash[ExtHashCount];
+ // Below field is added in 1.1.
+ // SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE AlgStruct[Param1];
} SPDM_NEGOTIATE_ALGORITHMS_REQUEST;
+#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_10 BIT6
+#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_11 BIT7
+#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_12 BIT7
+#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_10 BIT3
+#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_11 (BIT4 | BIT2)
+#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_12 (BIT4 | BIT2)
+
+typedef struct {
+ UINT8 AlgType;
+ UINT8 AlgCount; // BIT[0:3]=ExtAlgCount, BIT[4:7]=FixedAlgByteCount
+ // UINT8 AlgSupported[FixedAlgByteCount];
+ // UINT32 AlgExternal[ExtAlgCount];
+} SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE;
+
+typedef struct {
+ UINT8 ExtAlgCount : 4;
+ UINT8 FixedAlgByteCount : 4;
+} SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_COUNT;
+
+#define SPDM_NEGOTIATE_ALGORITHMS_MAX_NUM_STRUCT_TABLE_ALG 4
+
+#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_DHE 2
+#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_AEAD 3
+#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_REQ_BASE_ASYM_ALG 4
+#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_KEY_SCHEDULE 5
+
+typedef struct {
+ UINT8 AlgType;
+ UINT8 AlgCount;
+ UINT16 AlgSupported;
+} SPDM_NEGOTIATE_ALGORITHMS_COMMON_STRUCT_TABLE;
+
///
-/// SPDM NEGOTIATE_ALGORITHMS request BaseAsymAlgo
+/// SPDM NEGOTIATE_ALGORITHMS request BaseAsymAlgo/REQ_BASE_ASYM_ALG
///
#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 BIT0
#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 BIT1
@@ -136,6 +335,13 @@ typedef struct { #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 BIT8
///
+/// SPDM NEGOTIATE_ALGORITHMS request base_asym_algo/REQ_BASE_ASYM_ALG (1.2)
+///
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 BIT9
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 BIT10
+#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 BIT11
+
+///
/// SPDM NEGOTIATE_ALGORITHMS request BaseHashAlgo
///
#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 BIT0
@@ -146,13 +352,55 @@ typedef struct { #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 BIT5
///
+/// SPDM NEGOTIATE_ALGORITHMS request base_hash_algo (1.2)
+///
+#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 BIT6
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request DHE
+///
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048 BIT0
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072 BIT1
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096 BIT2
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 BIT3
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 BIT4
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1 BIT5
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request DHE (1.2)
+///
+#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256 BIT6
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request AEAD
+///
+#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM BIT0
+#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM BIT1
+#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 BIT2
+
+///
+/// SPDM NEGOTIATE_ALGORITHMS request AEAD (1.2)
+///
+#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM BIT3
+///
+/// SPDM NEGOTIATE_ALGORITHMS request KEY_SCHEDULE
+///
+#define SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH BIT0
+
+///
/// SPDM NEGOTIATE_ALGORITHMS response
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == Number of Algorithms Structure Tables
+ // Param2 == RSVD
UINT16 Length;
UINT8 MeasurementSpecificationSel;
- UINT8 Reserved;
+
+ // OtherParamsSelection is added in 1.2.
+ // BIT[0:3]=opaque_data_format select,
+ // BIT[4:7]=Reserved
+ UINT8 OtherParamsSelection;
UINT32 MeasurementHashAlgo;
UINT32 BaseAsymSel;
UINT32 BaseHashSel;
@@ -160,8 +408,10 @@ typedef struct { UINT8 ExtAsymSelCount;
UINT8 ExtHashSelCount;
UINT16 Reserved3;
- // UINT32 ExtAsymSel[ExtAsymSelCount];
- // UINT32 ExtHashSel[ExtHashSelCount];
+ // SPDM_EXTENDED_ALGORITHM ExtAsymSel[ExtAsymSelCount];
+ // SPDM_EXTENDED_ALGORITHM ExtHashSel[ExtHashSelCount];
+ // Below field is added in 1.1.
+ // SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE AlgStruct[Param1];
} SPDM_ALGORITHMS_RESPONSE;
///
@@ -176,10 +426,56 @@ typedef struct { #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_512 BIT6
///
+/// SPDM NEGOTIATE_ALGORITHMS response measurement_hash_algo (1.2)
+///
+#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SM3_256 BIT7
+
+///
+/// SPDM Opaque Data Format (1.2)
+///
+#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE 0x0
+#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x1
+#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x2
+#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK 0xF
+
+///
+/// SPDM Opaque Data Format 1 (1.2)
+///
+typedef struct {
+ UINT8 TotalElements;
+ UINT8 Reserved[3];
+ // opaque_element_table_t opaque_list[];
+} SPDM_GENERAL_OPAQUE_DATA_TABLE_HEADER;
+
+///
+/// SPDM extended algorithm
+///
+typedef struct {
+ UINT8 RegistryID;
+ UINT8 Reserved;
+ UINT16 AlgorithmID;
+} SPDM_EXTENDED_ALGORITHM;
+
+///
+/// SPDM RegistryID
+///
+#define SPDM_REGISTRY_ID_DMTF 0
+#define SPDM_REGISTRY_ID_TCG 1
+#define SPDM_REGISTRY_ID_USB 2
+#define SPDM_REGISTRY_ID_PCISIG 3
+#define SPDM_REGISTRY_ID_IANA 4
+#define SPDM_REGISTRY_ID_HDBASET 5
+#define SPDM_REGISTRY_ID_MIPI 6
+#define SPDM_REGISTRY_ID_CXL 7
+#define SPDM_REGISTRY_ID_JEDEC 8
+
+///
/// SPDM GET_DIGESTS request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
} SPDM_GET_DIGESTS_REQUEST;
///
@@ -187,33 +483,69 @@ typedef struct { ///
typedef struct {
SPDM_MESSAGE_HEADER Header;
- // UINT8 Digest[DigestSize];
+ // Param1 == RSVD
+ // Param2 == SlotMask
+ // UINT8 Digest[DigestSize][SlotCount];
} SPDM_DIGESTS_RESPONSE;
///
-/// SPDM GET_DIGESTS request
+/// SPDM GET_CERTIFICATE request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == SlotNum
+ // Param2 == RSVD
UINT16 Offset;
UINT16 Length;
} SPDM_GET_CERTIFICATE_REQUEST;
+#define SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF
///
-/// SPDM GET_DIGESTS response
+/// SPDM GET_CERTIFICATE response
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == SlotNum
+ // Param2 == RSVD
UINT16 PortionLength;
UINT16 RemainderLength;
- // UINT8 CertChain[CertChainSize];
+ // UINT8 CertChain[PortionLength];
} SPDM_CERTIFICATE_RESPONSE;
+#define SPDM_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF
+
+typedef struct {
+ //
+ // Total length of the certificate chain, in bytes,
+ // including all fields in this table.
+ //
+ UINT16 Length;
+ UINT16 Reserved;
+ //
+ // Digest of the Root Certificate.
+ // Note that Root Certificate is ASN.1 DER-encoded for this digest.
+ // The hash size is determined by the SPDM device.
+ //
+ // UINT8 RootHash[HashSize];
+ //
+ // One or more ASN.1 DER-encoded X509v3 certificates where the first certificate is signed by the Root
+ // Certificate or is the Root Certificate itself and each subsequent certificate is signed by the preceding
+ // certificate. The last certificate is the Leaf Certificate.
+ //
+ // UINT8 Certificates[Length - 4 - HashSize];
+} SPDM_CERT_CHAIN;
+
+///
+/// Maximum size, in bytes, of a certificate chain.
+///
+#define SPDM_MAX_CERTIFICATE_CHAIN_SIZE 65535
///
/// SPDM CHALLENGE request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == SlotNum
+ // Param2 == HashType
UINT8 Nonce[32];
} SPDM_CHALLENGE_REQUEST;
@@ -222,6 +554,8 @@ typedef struct { ///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == ResponseAttribute
+ // Param2 == SlotMask
// UINT8 CertChainHash[DigestSize];
// UINT8 Nonce[32];
// UINT8 MeasurementSummaryHash[DigestSize];
@@ -231,13 +565,74 @@ typedef struct { } SPDM_CHALLENGE_AUTH_RESPONSE;
///
+/// SPDM generic request measurement summary HashType
+///
+#define SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 0
+#define SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 1
+#define SPDM_REQUEST_ALL_MEASUREMENTS_HASH 0xFF
+
+///
+/// SPDM CHALLENGE request measurement summary HashType
+///
+#define SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
+#define SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
+ SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
+#define SPDM_CHALLENGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
+
+#define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_SLOT_ID_MASK 0xF
+
+typedef struct {
+ UINT8 SlotNum : 4;
+ UINT8 Reserved : 3;
+ UINT8 BasicMutAuthReq : 1;
+} SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE;
+
+///
+/// Deprecated in SPDM 1.2
+///
+#define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_BASIC_MUT_AUTH_REQ BIT7
+
+#define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT "responder-challenge_auth signing"
+#define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) - 1)
+#define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT "requester-challenge_auth signing"
+#define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT) - 1)
+
+///
/// SPDM GET_MEASUREMENTS request
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == Attributes
+ // Param2 == MeasurementOperation
UINT8 Nonce[32];
+ // Below field is added in 1.1.
+ UINT8 SlotIDParam; // BIT[0:3]=SlotNum, BIT[4:7]=Reserved
} SPDM_GET_MEASUREMENTS_REQUEST;
+typedef struct {
+ UINT8 SlotNum : 4;
+ UINT8 Reserved : 4;
+} SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_PARAMETER;
+
+#define SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_MASK 0xF
+
+///
+/// SPDM GET_MEASUREMENTS request Attributes
+///
+#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE BIT0
+#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_RAW_BIT_STREAM_REQUESTED BIT1
+#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_NEW_MEASUREMENT_REQUESTED BIT2
+
+///
+/// SPDM GET_MEASUREMENTS request MeasurementOperation
+///
+#define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_TOTAL_NUMBER_OF_MEASUREMENTS 0
+
+///
+/// SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_INDEX
+///
+#define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_ALL_MEASUREMENTS 0xFF
+
///
/// SPDM MEASUREMENTS block common header
///
@@ -259,6 +654,17 @@ typedef struct { // UINT8 DMTFSpecMeasurementValue[DMTFSpecMeasurementValueSize];
} SPDM_MEASUREMENT_BLOCK_DMTF_HEADER;
+typedef struct {
+ SPDM_MEASUREMENT_BLOCK_COMMON_HEADER MeasurementBlockCommonHeader;
+ SPDM_MEASUREMENT_BLOCK_DMTF_HEADER MeasurementBlockDmtfHeader;
+ // UINT8 HashValue[HashSize];
+} SPDM_MEASUREMENT_BLOCK_DMTF;
+
+typedef struct {
+ UINT8 Content : 7;
+ UINT8 Presentation : 1;
+} SPDM_MEASUREMENTS_BLOCK_MEASUREMENT_TYPE;
+
///
/// SPDM MEASUREMENTS block MeasurementValueType
///
@@ -266,13 +672,54 @@ typedef struct { #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE 1
#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION 2
#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION 3
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MEASUREMENT_MANIFEST 4
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_DEVICE_MODE 5
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_VERSION 6
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_SECURE_VERSION_NUMBER 7
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MASK 0x7
#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM BIT7
///
+/// SPDM MEASUREMENTS block index
+///
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST 0xFD
+#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_DEVICE_MODE 0xFE
+
+///
+/// SPDM MEASUREMENTS device mode
+///
+typedef struct {
+ UINT32 OperationalModeCapabilities;
+ UINT32 OperationalModeState;
+ UINT32 DeviceModeCapabilities;
+ UINT32 DeviceModeState;
+} SPDM_MEASUREMENT_DEVICE_MODE;
+
+#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_MANUFACTURING_MODE BIT0
+#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_VALIDATION_MODE BIT1
+#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_NORMAL_MODE BIT2
+#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RECOVERY_MODE BIT3
+#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RMA_MODE BIT4
+#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_DECOMMISSIONED_MODE BIT5
+
+#define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_IS_ACTIVE BIT0
+#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_IS_ACTIVE BIT1
+#define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE BIT2
+#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE BIT3
+#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE_AFTER_MFG BIT4
+
+///
+/// SPDM MEASUREMENTS SVN
+///
+typedef UINT64 SPDM_MEASUREMENTS_SECURE_VERSION_NUMBER;
+
+///
/// SPDM GET_MEASUREMENTS response
///
typedef struct {
SPDM_MESSAGE_HEADER Header;
+ // Param1 == TotalNumberOfMeasurement/RSVD
+ // Param2 == SlotNum
UINT8 NumberOfBlocks;
UINT8 MeasurementRecordLength[3];
// UINT8 MeasurementRecord[MeasurementRecordLength];
@@ -282,6 +729,21 @@ typedef struct { // UINT8 Signature[KeySize];
} SPDM_MEASUREMENTS_RESPONSE;
+#define SPDM_MEASUREMENTS_RESPONSE_SLOT_ID_MASK 0xF
+
+///
+/// SPDM MEASUREMENTS content changed
+///
+#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_MASK 0x30
+#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_NO_DETECTION 0x00
+#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED 0x10
+#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_NO_CHANGE_DETECTED 0x20
+
+#define SPDM_MEASUREMENTS_SIGN_CONTEXT "responder-measurements signing"
+#define SPDM_MEASUREMENTS_SIGN_CONTEXT_SIZE (sizeof(SPDM_MEASUREMENTS_SIGN_CONTEXT) - 1)
+
+#define SPDM_MEL_SPECIFICATION_DMTF BIT0
+
///
/// SPDM ERROR response
///
@@ -292,17 +754,69 @@ typedef struct { // UINT8 ExtendedErrorData[];
} SPDM_ERROR_RESPONSE;
+#define SPDM_EXTENDED_ERROR_DATA_MAX_SIZE 32
+
///
/// SPDM error code
///
-#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01
-#define SPDM_ERROR_CODE_BUSY 0x03
-#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04
-#define SPDM_ERROR_CODE_UNSPECIFIED 0x05
-#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07
-#define SPDM_ERROR_CODE_MAJOR_VERSION_MISMATCH 0x41
-#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42
-#define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43
+#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01
+#define SPDM_ERROR_CODE_BUSY 0x03
+#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04
+#define SPDM_ERROR_CODE_UNSPECIFIED 0x05
+#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07
+#define SPDM_ERROR_CODE_VERSION_MISMATCH 0x41
+#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42
+#define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43
+#define SPDM_ERROR_CODE_VENDOR_DEFINED 0xFF
+///
+/// SPDM error code (1.1)
+///
+#define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06
+#define SPDM_ERROR_CODE_REQUEST_IN_FLIGHT 0x08
+#define SPDM_ERROR_CODE_INVALID_RESPONSE_CODE 0x09
+#define SPDM_ERROR_CODE_SESSION_LIMIT_EXCEEDED 0x0A
+
+///
+/// SPDM error code (1.2)
+///
+#define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B
+#define SPDM_ERROR_CODE_RESET_REQUIRED 0x0C
+#define SPDM_ERROR_CODE_RESPONSE_TOO_LARGE 0x0D
+#define SPDM_ERROR_CODE_REQUEST_TOO_LARGE 0x0E
+#define SPDM_ERROR_CODE_LARGE_RESPONSE 0x0F
+#define SPDM_ERROR_CODE_MESSAGE_LOST 0x10
+///
+/// SPDM ResponseNotReady extended data
+///
+typedef struct {
+ UINT8 RDTExponent;
+ UINT8 RequestCode;
+ UINT8 Token;
+ UINT8 Rdtm;
+} SPDM_ERROR_DATA_RESPONSE_NOT_READY;
+
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == Error Code
+ // Param2 == Error Data
+ SPDM_ERROR_DATA_RESPONSE_NOT_READY ExtendErrorData;
+} SPDM_ERROR_RESPONSE_DATA_RESPONSE_NOT_READY;
+
+///
+/// SPDM LargeResponse extended data
+///
+typedef struct {
+ UINT8 Handle;
+} SPDM_ERROR_DATA_LARGE_RESPONSE;
+
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 == Error Code
+ // param2 == Error data
+ //
+ SPDM_ERROR_DATA_LARGE_RESPONSE ExtendErrorData;
+} SPDM_ERROR_RESPONSE_LARGE_RESPONSE;
///
/// SPDM RESPONSE_IF_READY request
@@ -313,6 +827,506 @@ typedef struct { // Param2 == Token
} SPDM_RESPONSE_IF_READY_REQUEST;
+///
+/// Maximum size of a vendor defined message data length
+/// limited by the length field size which is 2 bytes
+///
+#define SPDM_MAX_VENDOR_DEFINED_DATA_LEN 65535
+
+///
+/// Maximum size of a vendor defined vendor id length
+/// limited by the length field size which is 1 byte
+///
+#define SPDM_MAX_VENDOR_ID_LENGTH 255
+
+///
+/// SPDM VENDOR_DEFINED request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+ UINT16 StandardID;
+ UINT8 Len;
+ // UINT8 VendorID[Len];
+ // UINT16 PayloadLength;
+ // UINT8 VendorDefinedPayload[PayloadLength];
+} SPDM_VENDOR_DEFINED_REQUEST_MSG;
+
+///
+/// SPDM VENDOR_DEFINED response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+ UINT16 StandardID;
+ UINT8 Len;
+ // UINT8 VendorID[Len];
+ // UINT16 PayloadLength;
+ // UINT8 VendorDefinedPayload[PayloadLength];
+} SPDM_VENDOR_DEFINED_RESPONSE_MSG;
+
+//
+// Below command is defined in SPDM 1.1
+//
+
+///
+/// SPDM KEY_EXCHANGE request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == HashType
+ // Param2 == SlotNum
+ UINT16 ReqSessionID;
+ UINT16 Reserved;
+ UINT8 RandomData[32];
+ // UINT8 ExchangeData[D];
+ // UINT16 OpaqueLength;
+ // UINT8 OpaqueData[OpaqueLength];
+} SPDM_KEY_EXCHANGE_REQUEST;
+
+///
+/// SPDM KEY_EXCHANGE request session_policy
+///
+#define SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_TERMINATION_POLICY_RUNTIME_UPDATE BIT0
+
+///
+/// SPDM KEY_EXCHANGE request measurement summary HashType
+///
+#define SPDM_KEY_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \
+ SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
+#define SPDM_KEY_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
+ SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
+#define SPDM_KEY_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
+
+///
+/// SPDM KEY_EXCHANGE response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == HeartbeatPeriod
+ // Param2 == RSVD
+ UINT16 RspSessionID;
+ UINT8 MutAuthRequested;
+ UINT8 ReqSlotIDParam;
+ UINT8 RandomData[32];
+ // UINT8 ExchangeData[D];
+ // UINT8 MeasurementSummaryHash[DigestSize];
+ // UINT16 OpaqueLength;
+ // UINT8 OpaqueData[OpaqueLength];
+ // UINT8 Signature[S];
+ // UINT8 ResponderVerifyData[H];
+} SPDM_KEY_EXCHANGE_RESPONSE;
+
+///
+/// SPDM KEY_EXCHANGE response MutAuthRequested
+///
+#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED BIT0
+#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST BIT1
+#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS BIT2
+
+#define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT "responder-key_exchange_rsp signing"
+#define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT_SIZE \
+ (sizeof(SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) - 1)
+
+#define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT "Requester-KEP-dmtf-spdm-v1.2"
+#define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT_SIZE \
+ (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT) - 1)
+
+#define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT "Responder-KEP-dmtf-spdm-v1.2"
+#define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT_SIZE \
+ (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT) - 1)
+
+///
+/// SPDM FINISH request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == SignatureIncluded
+ // Param2 == ReqSlotNum
+ // UINT8 Signature[S];
+ // UINT8 RequesterVerifyData[H];
+} SPDM_FINISH_REQUEST;
+
+///
+/// SPDM FINISH request SignatureIncluded
+///
+#define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED BIT0
+
+///
+/// SPDM FINISH response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+ // UINT8 ResponderVerifyData[H];
+} SPDM_FINISH_RESPONSE;
+
+#define SPDM_FINISH_SIGN_CONTEXT "requester-finish signing"
+#define SPDM_FINISH_SIGN_CONTEXT_SIZE (sizeof(SPDM_FINISH_SIGN_CONTEXT) - 1)
+
+///
+/// SPDM PSK_EXCHANGE request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == HashType
+ // Param2 == RSVD/session_policy (1.2)
+ UINT16 ReqSessionID;
+ UINT16 PSKHintLength;
+ UINT16 RequesterContextLength;
+ UINT16 OpaqueLength;
+ // UINT8 PSKHint[PSKHintLength];
+ // UINT8 RequesterContext[RequesterContextLength];
+ // UINT8 OpaqueData[OpaqueLength];
+} SPDM_PSK_EXCHANGE_REQUEST;
+
+///
+/// SPDM PSK_EXCHANGE request measurement summary HashType
+///
+#define SPDM_PSK_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \
+ SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
+#define SPDM_PSK_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
+ SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
+#define SPDM_PSK_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
+
+///
+/// SPDM PSK_EXCHANGE response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == HeartbeatPeriod
+ // Param2 == RSVD
+ UINT16 RspSessionID;
+ UINT16 Reserved;
+ UINT16 ResponderContextLength;
+ UINT16 OpaqueLength;
+ // UINT8 MeasurementSummaryHash[DigestSize];
+ // UINT8 ResponderContext[ResponderContextLength];
+ // UINT8 OpaqueData[OpaqueLength];
+ // UINT8 ResponderVerifyData[H];
+} SPDM_PSK_EXCHANGE_RESPONSE;
+
+///
+/// SPDM PSK_FINISH request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+ // UINT8 RequesterVerifyData[H];
+} SPDM_PSK_FINISH_REQUEST;
+
+///
+/// SPDM PSK_FINISH response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+} SPDM_PSK_FINISH_RESPONSE;
+
+///
+/// SPDM HEARTBEAT request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+} SPDM_HEARTBEAT_REQUEST;
+
+///
+/// SPDM HEARTBEAT response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+} SPDM_HEARTBEAT_RESPONSE;
+
+///
+/// SPDM KEY_UPDATE request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == KeyOperation
+ // Param2 == Tag
+} SPDM_KEY_UPDATE_REQUEST;
+
+///
+/// SPDM KEY_UPDATE Operations Table
+///
+#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY 1
+#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS 2
+#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY 3
+
+///
+/// SPDM KEY_UPDATE response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == KeyOperation
+ // Param2 == Tag
+} SPDM_KEY_UPDATE_RESPONSE;
+
+///
+/// SPDM GET_ENCAPSULATED_REQUEST request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+} SPDM_GET_ENCAPSULATED_REQUEST_REQUEST;
+
+///
+/// SPDM ENCAPSULATED_REQUEST response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RequestID
+ // Param2 == RSVD
+ // UINT8 EncapsulatedRequest[];
+} SPDM_ENCAPSULATED_REQUEST_RESPONSE;
+
+///
+/// SPDM DELIVER_ENCAPSULATED_RESPONSE request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RequestID
+ // Param2 == RSVD
+ // UINT8 EncapsulatedResponse[];
+} SPDM_DELIVER_ENCAPSULATED_RESPONSE_REQUEST;
+
+///
+/// SPDM ENCAPSULATED_RESPONSE_ACK response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RequestID
+ // Param2 == PayloadType
+ // below 4 bytes are added in 1.2.
+ UINT8 AckRequestId;
+ UINT8 Reserved[3];
+ // UINT8 EncapsulatedRequest[];
+} SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE;
+
+///
+/// SPDM ENCAPSULATED_RESPONSE_ACK_RESPONSE Payload Type
+///
+#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_ABSENT 0
+#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_PRESENT 1
+#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_REQ_SLOT_NUMBER 2
+
+///
+/// SPDM END_SESSION request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == EndSessionRequestAttributes
+ // Param2 == RSVD
+} SPDM_END_SESSION_REQUEST;
+
+///
+/// SPDM END_SESSION request Attributes
+///
+#define SPDM_END_SESSION_REQUEST_ATTRIBUTES_PRESERVE_NEGOTIATED_STATE_CLEAR BIT0
+
+///
+/// SPDM END_SESSION response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ // Param1 == RSVD
+ // Param2 == RSVD
+} SPDM_END_SESSION_RESPONSE;
+
+//
+// Below command is defined in SPDM 1.2
+//
+
+///
+/// SPDM SET_CERTIFICATE request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
+ // param2 == RSVD
+ // param1 and param2 are updated in 1.3
+ // param1 == Request attributes, BIT[0:3]=slot_id, BIT[4:6]=SetCertModel, BIT[7]=Erase
+ // param2 == KeyPairID
+ // void * CertChain
+} SPDM_SET_CERTIFICATE_REQUEST;
+
+#define SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF
+
+///
+/// SPDM SET_CERTIFICATE request Attributes
+///
+#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_MASK 0x70
+#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET 4
+#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE 0x80
+
+///
+/// SPDM SET_CERTIFICATE_RSP response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
+ // param2 == RSVD
+} SPDM_SET_CERTIFICATE_RESPONSE;
+
+#define SPDM_SET_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF
+
+///
+/// SPDM GET_CSR request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+ UINT16 RequesterInfoLength;
+ UINT16 OpaqueDataLength;
+
+ // UINT8 RequesterInfo[RequesterInfoLength];
+ // UINT8 OpaqueData[OpaqueDataLength];
+} SPDM_GET_CSR_REQUEST;
+
+///
+/// SPDM GET_CSR request Attributes
+///
+#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CERT_MODEL_MASK 0x07
+#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_MASK 0x38
+#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_OFFSET 3
+#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_OVERWRITE 0x80
+#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_MAX_CSR_CERT_MODEL 4
+
+///
+/// Maximum size, in bytes, of a CSR.
+///
+#define SPDM_MAX_CSR_SIZE 65535
+
+///
+/// SPDM CSR response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 == RSVD
+ // param2 == RSVD
+ UINT16 CsrLength;
+ UINT16 Reserved;
+} SPDM_CSR_RESPONSE;
+
+///
+/// SPDM CHUNK_SEND request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 - Request Attributes
+ // param2 - Handle
+ UINT16 ChunkSeqNo;
+ UINT16 Reserved;
+ UINT32 ChunkSize;
+
+ // UINT32 LargeMessageSize;
+ // UINT8 SpdmChunk[ChunkSize];
+} SPDM_CHUNK_SEND_REQUEST;
+
+#define SPDM_CHUNK_SEND_REQUEST_ATTRIBUTE_LAST_CHUNK (1 << 0)
+
+///
+/// SPDM CHUNK_SEND_ACK response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 - Response Attributes
+ // param2 - Handle
+ UINT16 ChunkSeqNo;
+ // UINT8 response_to_large_request[variable]
+} SPDM_CHUNK_SEND_ACK_RESPONSE;
+
+#define SPDM_CHUNK_SEND_ACK_RESPONSE_ATTRIBUTE_EARLY_ERROR_DETECTED (1 << 0)
+
+///
+/// SPDM CHUNK_GET request
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 - Reserved
+ // param2 - Handle
+ UINT16 ChunkSeqNo;
+} SPDM_CHUNK_GET_REQUEST;
+
+///
+/// SPDM CHUNK_RESPONSE response
+///
+typedef struct {
+ SPDM_MESSAGE_HEADER Header;
+
+ // param1 - Response Attributes
+ // param2 - Handle
+ UINT16 ChunkSeqNo;
+ UINT16 Reserved;
+ UINT32 ChunkSize;
+
+ // UINT32 LargeMessageSize;
+ // UINT8 SpdmChunk[ChunkSize];
+} SPDM_CHUNK_RESPONSE_RESPONSE;
+
+#define SPDM_CHUNK_GET_RESPONSE_ATTRIBUTE_LAST_CHUNK (1 << 0)
#pragma pack()
+#define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 "
+#define SPDM_VERSION_1_2_BIN_CONCAT_LABEL "spdm1.2 "
+#define SPDM_BIN_STR_0_LABEL "derived"
+#define SPDM_BIN_STR_1_LABEL "req hs data"
+#define SPDM_BIN_STR_2_LABEL "rsp hs data"
+#define SPDM_BIN_STR_3_LABEL "req app data"
+#define SPDM_BIN_STR_4_LABEL "rsp app data"
+#define SPDM_BIN_STR_5_LABEL "key"
+#define SPDM_BIN_STR_6_LABEL "iv"
+#define SPDM_BIN_STR_7_LABEL "finished"
+#define SPDM_BIN_STR_8_LABEL "exp master"
+#define SPDM_BIN_STR_9_LABEL "traffic upd"
+
+///
+/// The maximum amount of time in microseconds the Responder has to provide a response
+/// to requests that do not require cryptographic processing.
+///
+#define SPDM_ST1_VALUE_US 100000
+
+///
+/// id-DMTF 1.3.6.1.4.1.412.
+/// These OID are defiend in ANNEX C (informative) OID reference section from the DMTF SPDM spec.
+/// https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.2.pdf
+///
+#define SPDM_OID_DMTF \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C }
+// id-DMTF-spdm, { id-DMTF 274 }, 1.3.6.1.4.1.412.274
+#define SPDM_OID_DMTF_SPDM \
+ {0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12 }
+// id-DMTF-device-info, { id-DMTF-spdm 1 }, 1.3.6.1.4.1.412.274.1
+#define SPDM_OID_DMTF_DEVICE_INFO \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x01 }
+// id-DMTF-hardware-identity, { id-DMTF-spdm 2 }, 1.3.6.1.4.1.412.274.2
+#define SPDM_OID_DMTF_HARDWARE_IDENTITY \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x02 }
+// id-DMTF-eku-responder-auth, { id-DMTF-spdm 3 }, 1.3.6.1.4.1.412.274.3
+#define SPDM_OID_DMTF_EKU_RESPONDER_AUTH \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x03 }
+// id-DMTF-eku-requester-auth, { id-DMTF-spdm 4 }, 1.3.6.1.4.1.412.274.4
+#define SPDM_OID_DMTF_EKU_REQUESTER_AUTH \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04 }
+// id-DMTF-mutable-certificate, { id-DMTF-spdm 5 }, 1.3.6.1.4.1.412.274.5
+#define SPDM_OID_DMTF_MUTABLE_CERTIFICATE \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x05 }
+// id-DMTF-SPDM-extension, { id-DMTF-spdm 6 }, 1.3.6.1.4.1.412.274.6
+#define SPDM_OID_DMTF_SPDM_EXTENSION \
+ {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x06 }
#endif
diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h index e07840c9dd..aaee5d6c88 100644 --- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h +++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h @@ -1,8 +1,8 @@ /** @file
TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and
- TCG PC Client Platform Firmware Profile Specification, Revision 1.05
+ TCG PC Client Platform Firmware Profile Specification, Revision 1.06
- Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -53,6 +53,18 @@ #define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0)
#define EV_EFI_SPDM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 0xE1)
#define EV_EFI_SPDM_FIRMWARE_CONFIG (EV_EFI_EVENT_BASE + 0xE2)
+#define EV_EFI_SPDM_DEVICE_BLOB EV_EFI_SPDM_FIRMWARE_BLOB
+#define EV_EFI_SPDM_DEVICE_CONFIG EV_EFI_SPDM_FIRMWARE_CONFIG
+//
+// The SPDM policy database for SPDM verification.
+// It goes to PCR7
+//
+#define EV_EFI_SPDM_DEVICE_POLICY (EV_EFI_EVENT_BASE + 0xE3)
+//
+// The SPDM policy authority for SPDM verification for the signature
+// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7.
+//
+#define EV_EFI_SPDM_DEVICE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE4)
#define EFI_CALLING_EFI_APPLICATION \
"Calling EFI Application from Boot Option"
@@ -374,6 +386,7 @@ typedef struct { #define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105 105
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106 106
typedef struct {
UINT8 signature[16];
@@ -438,6 +451,7 @@ typedef struct tdTCG_PCClientTaggedEvent { #define TCG_Sp800_155_PlatformId_Event_SIGNATURE "SP800-155 Event"
#define TCG_Sp800_155_PlatformId_Event2_SIGNATURE "SP800-155 Event2"
+#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE "SP800-155 Event3"
typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
UINT8 Signature[16];
@@ -465,9 +479,44 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 { // UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize];
// UINT32 FirmwareManufacturerId;
// UINT8 FirmwareVersion;
- // UINT8 FirmwareVersion[FirmwareVersionSize]];
+ // UINT8 FirmwareVersion[FirmwareVersionSize];
} TCG_Sp800_155_PlatformId_Event2;
+typedef struct tdTCG_Sp800_155_PlatformId_Event3 {
+ UINT8 Signature[16];
+ //
+ // Where Vendor ID is an integer defined
+ // at http://www.iana.org/assignments/enterprisenumbers
+ //
+ UINT32 VendorId;
+ //
+ // 16-byte identifier of a given platform's static configuration of code
+ //
+ EFI_GUID ReferenceManifestGuid;
+ // UINT8 PlatformManufacturerStrSize;
+ // UINT8 PlatformManufacturerStr[PlatformManufacturerStrSize];
+ // UINT8 PlatformModelSize;
+ // UINT8 PlatformModel[PlatformModelSize];
+ // UINT8 PlatformVersionSize;
+ // UINT8 PlatformVersion[PlatformVersionSize];
+ // UINT8 PlatformModelSize;
+ // UINT8 PlatformModel[PlatformModelSize];
+ // UINT8 FirmwareManufacturerStrSize;
+ // UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize];
+ // UINT32 FirmwareManufacturerId;
+ // UINT8 FirmwareVersion;
+ // UINT8 FirmwareVersion[FirmwareVersionSize];
+ //
+ // Below structure is newly added in TCG_Sp800_155_PlatformId_Event3
+ //
+ // UINT32 RimLocatorType;
+ // UINT32 RimLocatorLength;
+ // UINT8 RimLocator[RimLocatorLength];
+ // UINT32 PlatformCertLocatorType;
+ // UINT32 PlatformCertLocatorLength;
+ // UINT8 PlatformCertLocator[PlatformCertLocatorLength];
+} TCG_Sp800_155_PlatformId_Event3;
+
#define TCG_EfiStartupLocalityEvent_SIGNATURE "StartupLocality"
//
@@ -492,4 +541,173 @@ typedef struct tdTCG_EfiStartupLocalityEvent { //
#pragma pack ()
+//
+// ======================================================================================================================
+// Event Type PCR Event Log Usage
+// ======================================================================================================================
+// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device
+// EV_EFI_SPDM_DEVICE_CONFIG 3 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device
+// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device
+
+// EV_EFI_SPDM_DEVICE_POLICY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST Provisioned device public cert.
+// EV_EFI_SPDM_DEVICE_AUTHORITY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA CHALLENGE_AUTH signature verification
+// ======================================================================================================================
+//
+
+#define PCR_INDEX_FOR_SIGNATURE_DB 7
+
+#pragma pack(1)
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1 1
+#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2 2
+#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2 "SPDM Device Sec2"
+
+typedef struct {
+ UINT8 Signature[16];
+ UINT16 Version;
+ UINT8 AuthState;
+ UINT8 Reserved;
+ UINT32 Length; // Length in bytes for all following structures.
+ UINT32 DeviceType;
+ UINT32 SubHeaderType;
+ UINT32 SubHeaderLength; // Length in bytes of the sub header followed by.
+ UINT64 SubHeaderUID; // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together.
+ // UINT64 DevicePathLength;
+ // UINT8 DevicePath[DevicePathLength];
+} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2;
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS 0
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH 1
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING 2
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG 3
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID 4
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM 0xFF
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK 0
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN 1
+
+typedef struct {
+ UINT16 SpdmVersion;
+ UINT8 SpdmMeasurementBlockCount;
+ UINT8 Reserved;
+ UINT32 SpdmMeasurementHashAlgo;
+ // SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
+
+typedef struct {
+ UINT16 SpdmVersion;
+ UINT8 SpdmSlotId;
+ UINT8 Reserved;
+ UINT32 SpdmHashAlgo;
+ // SPDM_CERT_CHAIN SpdmCertChain;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN;
+
+typedef struct {
+ UINT32 Type;
+ UINT32 Length;
+ UINT8 Value[1];
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT;
+
+typedef union {
+ TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
+ TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain;
+ TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER;
+
+typedef union {
+ TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT Pci;
+ TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT Usb;
+} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
+
+typedef struct {
+ TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader;
+ TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader;
+ TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
+} TCG_DEVICE_SECURITY_EVENT_DATA2;
+
+#pragma pack()
+
+//
+// EventType:EV_NO_ACTION
+// ======================================================================================================================
+// NVIndex Name PCR/NvIndex Event Log Usage
+// ======================================================================================================================
+// NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 NV_INDEX_INSTANCE_EVENT_LOG_STRUCT NV Extend Record for instance data (CertChain)
+// NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT NV Extend Record for dynamic data (Nonce)
+
+// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ExitPmAuth
+// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ReadyToBoot
+// ======================================================================================================================
+//
+
+#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200
+#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201
+#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202
+#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203
+
+#pragma pack(1)
+
+#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE "NvIndexInstance"
+#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION 1
+
+typedef struct {
+ UINT8 Signature[16];
+ UINT16 Version;
+ UINT8 Reserved[6];
+ // TCG_DEVICE_SECURITY_EVENT_DATA2 Data;
+} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT;
+
+#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE "NvIndexDynamic "
+#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION 1
+
+#define TCG_SPDM_CHALLENGE_DESCRIPTION "SPDM CHALLENGE"
+#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION "SPDM CHALLENGE_AUTH"
+#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION "SPDM GET_MEASUREMENTS"
+#define TCG_SPDM_MEASUREMENTS_DESCRIPTION "SPDM MEASUREMENTS"
+
+typedef struct {
+ UINT8 Signature[16];
+ UINT16 Version;
+ UINT8 Reserved[6];
+ UINT64 Uid;
+ // UINT16 DescriptionSize;
+ // UINT8 Description[DescriptionSize];
+ // UINT16 DataSize;
+ // UINT8 Data[DataSize];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT;
+
+typedef struct {
+ TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
+ UINT16 DescriptionSize;
+ UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)];
+ UINT16 DataSize;
+ UINT8 Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE;
+
+typedef struct {
+ TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
+ UINT16 DescriptionSize;
+ UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)];
+ UINT16 DataSize;
+ UINT8 Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH;
+
+typedef struct {
+ TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
+ UINT16 DescriptionSize;
+ UINT8 Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)];
+ UINT16 DataSize;
+ UINT8 Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS;
+
+typedef struct {
+ TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
+ UINT16 DescriptionSize;
+ UINT8 Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)];
+ UINT16 DataSize;
+ UINT8 Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS;
+
+#pragma pack()
+
#endif
diff --git a/MdePkg/Include/Pi/PiDxeCis.h b/MdePkg/Include/Pi/PiDxeCis.h index bb7fb2c38a..04410c5a1a 100644 --- a/MdePkg/Include/Pi/PiDxeCis.h +++ b/MdePkg/Include/Pi/PiDxeCis.h @@ -56,14 +56,11 @@ typedef enum { /// system. If all memory has the same reliability, then this bit is not used.
///
EfiGcdMemoryTypeMoreReliable,
- // ///
- // /// A memory region that describes system memory that has not been accepted
- // /// by a corresponding call to the underlying isolation architecture.
- // ///
- // /// Please be noted:
- // /// EfiGcdMemoryTypeUnaccepted is defined in PrePiDxeCis.h because it has not been
- // /// defined in PI spec.
- // EfiGcdMemoryTypeUnaccepted,
+ ///
+ /// A memory region that describes system memory that has not been accepted
+ /// by a corresponding call to the underlying isolation architecture.
+ ///
+ EfiGcdMemoryTypeUnaccepted,
EfiGcdMemoryTypeMaximum = 7
} EFI_GCD_MEMORY_TYPE;
diff --git a/MdePkg/Include/Pi/PiHob.h b/MdePkg/Include/Pi/PiHob.h index 4605da56e2..9e49421afa 100644 --- a/MdePkg/Include/Pi/PiHob.h +++ b/MdePkg/Include/Pi/PiHob.h @@ -232,16 +232,8 @@ typedef UINT32 EFI_RESOURCE_TYPE; #define EFI_RESOURCE_MEMORY_MAPPED_IO_PORT 0x00000004
#define EFI_RESOURCE_MEMORY_RESERVED 0x00000005
#define EFI_RESOURCE_IO_RESERVED 0x00000006
-//
-// BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED is defined for unaccepted memory.
-// But this defitinion has not been officially in the PI spec. Base
-// on the code-first we define BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED at
-// MdeModulePkg/Include/Pi/PrePiHob.h and update EFI_RESOURCE_MAX_MEMORY_TYPE
-// to 8. After BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED is officially published
-// in PI spec, we will re-visit here.
-//
-// #define BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007
-#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008
+#define EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007
+#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008
///
/// A type of recount attribute type.
@@ -297,6 +289,8 @@ typedef UINT32 EFI_RESOURCE_ATTRIBUTE_TYPE; #define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTED 0x00040000
#define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTABLE 0x00080000
+#define EFI_RESOURCE_ATTRIBUTE_ENCRYPTED 0x04000000
+#define EFI_RESOURCE_ATTRIBUTE_SPECIAL_PURPOSE 0x08000000
//
// Physical memory relative reliability attribute. This
// memory provides higher reliability relative to other
diff --git a/MdePkg/Include/Ppi/DelayedDispatch.h b/MdePkg/Include/Ppi/DelayedDispatch.h index f9b4fed30f..1c2068404c 100644 --- a/MdePkg/Include/Ppi/DelayedDispatch.h +++ b/MdePkg/Include/Ppi/DelayedDispatch.h @@ -49,6 +49,7 @@ This service is the single member function of the EFI_DELAYED_DISPATCH_PPI @param This Pointer to the EFI_DELAYED_DISPATCH_PPI instance
@param Function Function to call back
@param Context Context data
+ @param UniqueId UniqueId
@param Delay Delay interval
@retval EFI_SUCCESS Function successfully loaded
@@ -62,9 +63,29 @@ EFI_STATUS IN EFI_DELAYED_DISPATCH_PPI *This,
IN EFI_DELAYED_DISPATCH_FUNCTION Function,
IN UINT64 Context,
+ IN EFI_GUID *UniqueId OPTIONAL,
OUT UINT32 Delay
);
+/**
+Function invoked by a PEIM to wait until all specified UniqueId events have been dispatched. The other events
+will continue to dispatch while this process is being paused
+
+ @param This Pointer to the EFI_DELAYED_DISPATCH_PPI instance
+ @param UniqueId Delayed dispatch request ID the caller will wait on
+
+ @retval EFI_SUCCESS Function successfully invoked
+ @retval EFI_INVALID_PARAMETER One of the Arguments is not supported
+
+**/
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_DELAYED_DISPATCH_WAIT_ON_EVENT)(
+ IN EFI_DELAYED_DISPATCH_PPI *This,
+ IN EFI_GUID UniqueId
+ );
+
///
/// This PPI is a pointer to the Delayed Dispatch Service.
/// This service will be published by the Pei Foundation. The PEI Foundation
@@ -72,7 +93,8 @@ EFI_STATUS /// execution.
///
struct _EFI_DELAYED_DISPATCH_PPI {
- EFI_DELAYED_DISPATCH_REGISTER Register;
+ EFI_DELAYED_DISPATCH_REGISTER Register;
+ EFI_DELAYED_DISPATCH_WAIT_ON_EVENT WaitOnEvent;
};
extern EFI_GUID gEfiPeiDelayedDispatchPpiGuid;
diff --git a/MdePkg/Include/Protocol/DevicePath.h b/MdePkg/Include/Protocol/DevicePath.h index 9060dd782e..35008ddcdf 100644 --- a/MdePkg/Include/Protocol/DevicePath.h +++ b/MdePkg/Include/Protocol/DevicePath.h @@ -838,6 +838,26 @@ typedef struct { } NVME_NAMESPACE_DEVICE_PATH;
///
+/// NVMe over Fabric (NVMe-oF) Namespace Device Path SubType.
+///
+#define MSG_NVME_OF_NAMESPACE_DP 0x22
+typedef struct {
+ EFI_DEVICE_PATH_PROTOCOL Header;
+ ///
+ /// Namespace Identifier Type (NIDT)
+ ///
+ UINT8 NamespaceIdType;
+ ///
+ /// Namespace Identifier (NID)
+ ///
+ UINT8 NamespaceId[16];
+ ///
+ /// Unique identifier of an NVM subsystem
+ ///
+ CHAR8 SubsystemNqn[];
+} NVME_OF_NAMESPACE_DEVICE_PATH;
+
+///
/// DNS Device Path SubType
///
#define MSG_DNS_DP 0x1F
@@ -1287,6 +1307,7 @@ typedef union { SAS_DEVICE_PATH Sas;
SASEX_DEVICE_PATH SasEx;
NVME_NAMESPACE_DEVICE_PATH NvmeNamespace;
+ NVME_OF_NAMESPACE_DEVICE_PATH NvmeOfNamespace;
DNS_DEVICE_PATH Dns;
URI_DEVICE_PATH Uri;
BLUETOOTH_DEVICE_PATH Bluetooth;
@@ -1343,6 +1364,7 @@ typedef union { SAS_DEVICE_PATH *Sas;
SASEX_DEVICE_PATH *SasEx;
NVME_NAMESPACE_DEVICE_PATH *NvmeNamespace;
+ NVME_OF_NAMESPACE_DEVICE_PATH *NvmeOfNamespace;
DNS_DEVICE_PATH *Dns;
URI_DEVICE_PATH *Uri;
BLUETOOTH_DEVICE_PATH *Bluetooth;
diff --git a/MdePkg/Include/Protocol/SpiConfiguration.h b/MdePkg/Include/Protocol/SpiConfiguration.h index 120b54bbad..cd7c1dd71e 100644 --- a/MdePkg/Include/Protocol/SpiConfiguration.h +++ b/MdePkg/Include/Protocol/SpiConfiguration.h @@ -173,8 +173,8 @@ typedef struct _EFI_SPI_BUS { /// Definitions of SPI Part Attributes.
///
#define SPI_PART_SUPPORTS_2_BIT_DATA_BUS_WIDTH BIT0
-#define SPI_PART_SUPPORTS_4_B1T_DATA_BUS_WIDTH BIT1
-#define SPI_PART_SUPPORTS_8_B1T_DATA_BUS_WIDTH BIT2
+#define SPI_PART_SUPPORTS_4_BIT_DATA_BUS_WIDTH BIT1
+#define SPI_PART_SUPPORTS_8_BIT_DATA_BUS_WIDTH BIT2
///
/// The EFI_SPI_PERIPHERAL data structure describes how a specific block of
diff --git a/MdePkg/Include/Register/Amd/Cpuid.h b/MdePkg/Include/Register/Amd/Cpuid.h index add43c40aa..51fa9f235c 100644 --- a/MdePkg/Include/Register/Amd/Cpuid.h +++ b/MdePkg/Include/Register/Amd/Cpuid.h @@ -46,9 +46,9 @@ CPUID Signature Information CPUID Extended Topology Enumeration
@note
- Reference: AMD64 Architecture Programmer’s Manual Volume 3: General-Purpose and System Instructions,
+ Reference: AMD64 Architecture Programmer's Manual Volume 3: General-Purpose and System Instructions,
Revision 3.35 Appendix E,
- E.4.24 Function 8000_0026—Extended CPU Topology:
+ E.4.24 Function 8000_0026-Extended CPU Topology:
CPUID Fn8000_0026 reports extended topology information for logical processors, including
asymmetric and heterogenous topology descriptions. Individual logical processors may report
different values in systems with asynchronous and heterogeneous topologies.
diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h index 756e7c86ec..4715c59dc4 100644 --- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h +++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h @@ -5733,9 +5733,9 @@ typedef union { /// [Bit 7:4] TME Policy/Encryption Algorithm: Only algorithms enumerated in
/// IA32_TME_CAPABILITY are allowed.
/// For example:
- /// 0000 – AES-XTS-128.
- /// 0001 – AES-XTS-128 with integrity.
- /// 0010 – AES-XTS-256.
+ /// 0000 - AES-XTS-128.
+ /// 0001 - AES-XTS-128 with integrity.
+ /// 0010 - AES-XTS-256.
/// Other values are invalid.
///
UINT32 TmePolicy : 4;
@@ -5756,7 +5756,7 @@ typedef union { /// Similar to enumeration, this is an encoded value.
/// Writing a value greater than MK_TME_MAX_KEYID_BITS will result in #GP.
/// Writing a non-zero value to this field will #GP if bit 1 of EAX (Hardware
- /// Encryption Enable) is not also set to ‘1, as encryption hardware must be
+ /// Encryption Enable) is not also set to 1, as encryption hardware must be
/// enabled to use MKTME.
/// Example: To support 255 keys, this field would be set to a value of 8.
///
|