From: "Nate DeSimone" <nathaniel.l.desimone@intel.com>
To: devel@edk2.groups.io
Cc: Isaac Oram <isaac.w.oram@intel.com>,
Mohamed Abbas <mohamed.abbas@intel.com>,
Chasel Chiu <chasel.chiu@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Eric Dong <eric.dong@intel.com>,
Michael Kubacki <Michael.Kubacki@microsoft.com>
Subject: [edk2-platforms] [PATCH V1 08/17] WhitleySiliconPkg: Add Security Includes
Date: Mon, 12 Jul 2021 17:41:22 -0700 [thread overview]
Message-ID: <20210713004131.1782-9-nathaniel.l.desimone@intel.com> (raw)
In-Reply-To: <20210713004131.1782-1-nathaniel.l.desimone@intel.com>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Co-authored-by: Isaac Oram <isaac.w.oram@intel.com>
Co-authored-by: Mohamed Abbas <mohamed.abbas@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Isaac Oram <isaac.w.oram@intel.com>
Cc: Mohamed Abbas <mohamed.abbas@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Michael Kubacki <Michael.Kubacki@microsoft.com>
---
.../SecurityIp/SecurityIpMkTme1v0_Inputs.h | 25 ++++++++++++
.../SecurityIp/SecurityIpMkTme1v0_Outputs.h | 18 +++++++++
.../SecurityIp/SecurityIpSgxTem1v0_Inputs.h | 39 +++++++++++++++++++
.../SecurityIp/SecurityIpSgxTem1v0_Outputs.h | 22 +++++++++++
.../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h | 13 +++++++
.../SecurityIp/SecurityIpTdx1v0_Outputs.h | 11 ++++++
.../Include/Guid/SecurityPolicy_Flat.h | 22 +++++++++++
7 files changed, 150 insertions(+)
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
new file mode 100644
index 0000000000..4c48ca19ee
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
@@ -0,0 +1,25 @@
+/** @file
+ Provides data structure information used by SiliconIp MK-TME
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// TME
+//
+UINT8 EnableTme; // TME Enable
+UINT8 EnableTmeCR; // Exclude Crystal Ridge memory from encryption.
+
+//
+// MK-TME
+//
+UINT8 EnableMktme; // MK-TME Enable
+
+UINT8 ReservedS234;
+UINT8 ReservedS235;
+UINT64 ReservedS236;
+UINT64 ReservedS237;
+UINT8 ReservedS238;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
new file mode 100644
index 0000000000..3a6262a658
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
@@ -0,0 +1,18 @@
+/** @file
+ Provides data structure information used by SiliconIp MK-TME
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// MK-TME
+//
+// NAK - Not a knob, used just for indication
+UINT8 TmeCapability; // TME Capable
+UINT8 TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
+UINT8 MktmeCapability; // MK-TME Capable
+UINT16 MktmeMaxKeys; // Max number of keys used for encryption
+UINT8 MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
new file mode 100644
index 0000000000..2deabd0b50
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
@@ -0,0 +1,39 @@
+/** @file
+ Provides data structure information used by SiliconIp SGX-TEM
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// SGX
+//
+UINT8 EnableSgx;
+UINT8 SgxFactoryReset; // Delete all registration data, if SGX enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize; // SGX PRMRR size
+UINT64 ReservedS239;
+UINT8 SgxQoS; // SGX Quality of Service
+UINT8 SgxAutoRegistrationAgent;
+UINT8 SgxPackageInfoInBandAccess; // Expose Package Info to OS
+UINT8 EpochUpdate;
+UINT64 SgxEpoch0; // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1; // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT8 SgxLeWr; // Flexible Launch Enclave Policy (Wr En)
+UINT64 SgxLePubKeyHash0; // Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1; // Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2; // Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3; // Launch Enclave Hash 3
+// Client SGX - unused in server
+UINT8 SgxSinitNvsData; // SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+ // Pass value of zero if there is not data saved or when SGX is disabled.
+UINT8 SgxSinitDataFromTpm; // SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
+ // is present in TPM.
+UINT8 SgxDebugMode;
+
+UINT8 ReservedS240;
+UINT8 ReservedS241;
+UINT8 ReservedS242;
+UINT8 ReservedS243;
+UINT8 ReservedS244;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
new file mode 100644
index 0000000000..45b63b21c5
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
@@ -0,0 +1,22 @@
+/** @file
+ Provides data structure information used by SiliconIp SGX-TEM
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+// NAK - Not a knob, used just for indication
+UINT8 IsSgxCapable;
+UINT8 IsHwCongifSupportedBySgx; // ## PRODUCED by SgxPreMemInit
+UINT8 CrDimmsPresent;
+UINT64 ValidPrmrrBitMap;
+UINT64 SprspOrLaterPrmSizeBitmap; // ## PRODUCED by SgxPreMemInit
+UINT8 ShowEpoch;
+UINT8 SkipSignalPpmDone; // ## PRODUCED by SgxEarlyInit
+
+UINT8 SprspOrLaterIsPrmSizeInvalidated; // ## PRODUCED by SgxPreMemInit
+UINT8 SprspOrLaterAreHardwarePreconditionsMet; // ## PRODUCED by SgxPreMemInit
+UINT8 SprspOrLaterAreMemoryPreconditionsMet; // ## PRODUCED by SgxPreMeminit
+UINT8 SprspOrLaterAreSetupPreconditionsMet; // ## PRODUCED by SgxPreMemInit
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
new file mode 100644
index 0000000000..db5081c0aa
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
@@ -0,0 +1,13 @@
+/** @file
+ Provides data structure information used by SiliconIp TDX
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+UINT8 EnableTdx; // TDX Enable
+UINT8 KeySplit; // TDX/MK-TME key split
+
+UINT8 ReservedS245;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
new file mode 100644
index 0000000000..d744baefb5
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
@@ -0,0 +1,11 @@
+/** @file
+ Provides data structure information used by SiliconIp TDX
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+// NAK - Not a knob, used just for indication
+UINT8 TdxCapability; // TDX socket capability
\ No newline at end of file
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
new file mode 100644
index 0000000000..ba62b8c3ab
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -0,0 +1,22 @@
+/** @file
+ Provides data structure information used by ServerSecurity features in literally all products
+ Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+ // Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+ // Put common definitons here either directly or via intermediate header file..
+
+// SECURITY_IP_MKTME_1V0 MkTme;
+#include "SecurityIp/SecurityIpMkTme1v0_Inputs.h"
+#include "SecurityIp/SecurityIpMkTme1v0_Outputs.h"
+// SECURITY_IP_SGXTEM_1V0 SgxTem;
+#include "SecurityIp/SecurityIpSgxTem1v0_Inputs.h"
+#include "SecurityIp/SecurityIpSgxTem1v0_Outputs.h"
+// SECURITY_IP_TDX_1V0 Tdx;
+#include "SecurityIp/SecurityIpTdx1v0_Inputs.h"
+#include "SecurityIp/SecurityIpTdx1v0_Outputs.h"
\ No newline at end of file
--
2.27.0.windows.1
next prev parent reply other threads:[~2021-07-13 0:42 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-13 0:41 [edk2-platforms] [PATCH V1 00/17] Add IceLake-SP and CooperLake Support to MinPlatform Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 01/17] WhitleySiliconPkg: Add DEC and DSC files Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 02/17] WhitleySiliconPkg: Add Includes and Libraries Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 03/17] WhitleySiliconPkg: Add Cpu Includes Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 04/17] WhitleySiliconPkg: Add Me Includes Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 05/17] WhitleySiliconPkg: Add PCH Register Includes Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 06/17] WhitleySiliconPkg: Add PCH Includes Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 07/17] WhitleySiliconPkg: Add PCH Libraries Nate DeSimone
2021-07-13 0:41 ` Nate DeSimone [this message]
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 09/17] WhitleySiliconPkg: Add SiliconPolicyInit Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 10/17] WhitleyOpenBoardPkg: Add Includes and Libraries Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 11/17] WhitleyOpenBoardPkg: Add Platform Modules Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 12/17] WhitleyOpenBoardPkg: Add Feature Modules Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 13/17] WhitleyOpenBoardPkg: Add UBA Modules Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 14/17] WhitleyOpenBoardPkg: Add build scripts and package metadata Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 15/17] Platform/Intel: Add WhitleyOpenBoardPkg to build_bios.py Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 16/17] Readme.md: Add WhitleyOpenBoardPkg Nate DeSimone
2021-07-13 0:41 ` [edk2-platforms] [PATCH V1 17/17] Maintainers.txt: Add WhitleyOpenBoardPkg and WhitleySiliconPkg Nate DeSimone
2021-07-13 1:35 ` [edk2-platforms] [PATCH V1 00/17] Add IceLake-SP and CooperLake Support to MinPlatform Oram, Isaac W
2021-07-14 2:03 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210713004131.1782-9-nathaniel.l.desimone@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox