public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures
@ 2021-07-20 20:22 Nate DeSimone
  2021-07-21  4:07 ` Chiu, Chasel
  0 siblings, 1 reply; 3+ messages in thread
From: Nate DeSimone @ 2021-07-20 20:22 UTC (permalink / raw)
  To: devel; +Cc: Isaac Oram, Chasel Chiu

Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Isaac Oram <isaac.w.oram@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
---
 .../Include/Ppi/RasImcS3Data.h                |   6 +
 .../Include/Ppi/UpiPolicyPpi.h                |   5 +-
 .../WhitleySiliconPkg/Include/Upi/KtiHost.h   | 250 +++++++++---------
 .../SouthClusterLbg/Include/PchPolicyCommon.h |   9 +
 .../SecurityIp/SecurityIpMkTme1v0_Inputs.h    |   8 +-
 .../SecurityIp/SecurityIpMkTme1v0_Outputs.h   |  12 +-
 .../SecurityIp/SecurityIpSgxTem1v0_Inputs.h   |  43 +--
 .../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h |   4 +-
 .../Security/Include/Guid/SecurityPolicy.h    |  29 ++
 .../Include/Guid/SecurityPolicy_Flat.h        |   4 +-
 .../Library/SecurityPolicyDefinitions.h       |  28 ++
 11 files changed, 245 insertions(+), 153 deletions(-)
 create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
 create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h

diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
index 82725bc84..2198f8516 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
@@ -44,7 +44,13 @@ EFI_STATUS
   OUT       VOID                            *Data
   );
 
+/**
+ RAS IMC S3 Data PPI
+**/
 struct _RAS_IMC_S3_DATA_PPI {
+  /**
+    Retrieves data for S3 saved memory RAS features from non-volatile storage.
+  **/
   RAS_IMC_S3_DATA_PPI_GET_IMC_S3_RAS_DATA  GetImcS3RasData;
 };
 
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
index e355dcaba..503c5c0ae 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
@@ -24,6 +24,9 @@
 
 typedef struct _UPI_POLICY_PPI UPI_POLICY_PPI;
 
+/**
+  UPI Policy Structure
+**/
 struct _UPI_POLICY_PPI {
   /**
     This member specifies the revision of the UPI_POLICY_PPI. This field is used to
@@ -32,7 +35,7 @@ struct _UPI_POLICY_PPI {
     to correctly interpret the content of the INTERFACE fields.
   **/
   UINT32        Revision;
-  KTI_HOST_IN   Upi;
+  KTI_HOST_IN   Upi;        ///< KTIRC input structure
 };
 
 #endif  // _UPI_POLICY_PPI_H_
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
index cf558b3d3..e793cc647 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
@@ -99,28 +99,31 @@ typedef struct {
   KTI_RESERVED_2  Phy[MAX_FW_KTI_PORTS];
 } KTI_RESERVED_4;
 
-//
-// PHY settings that are system dependent.   Need 1 of these for each socket/link/freq.
-//
+/**
+  Per Lane PHY Configuration
 
+  These PHY settings are system dependent. Every socket/link/freq requires an instance of this structure.
+**/
 typedef struct {
-  UINT8  SocketID;
-  UINT8  AllLanesUseSameTxeq;
-  UINT8  Freq;
-  UINT32 Link;
-  UINT32 TXEQL[20];
-  UINT32 CTLEPEAK[5];
+  UINT8  SocketID;              ///< Socket ID
+  UINT8  AllLanesUseSameTxeq;   ///< Use same TXEQ on all lanes
+  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used for
+  UINT32 Link;                  ///< Port Number
+  UINT32 TXEQL[20];             ///< TXEQ Settings
+  UINT32 CTLEPEAK[5];           ///< CTLE Peaking Settings
 } PER_LANE_EPARAM_LINK_INFO;
 
-//
-// This is for full speed mode, all lanes have the same TXEQ setting
-//
+/**
+  All Lanes PHY Configuration
+
+  This is for full speed mode, all lanes have the same TXEQ setting
+**/
 typedef struct {
-  UINT8  SocketID;
-  UINT8  Freq;
-  UINT32 Link;
-  UINT32 AllLanesTXEQ;
-  UINT8  CTLEPEAK;
+  UINT8  SocketID;              ///< Socket ID
+  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used for
+  UINT32 Link;                  ///< Port Number
+  UINT32 AllLanesTXEQ;          ///< TXEQ Setting
+  UINT8  CTLEPEAK;              ///< CTLE Peaking Setting
 } ALL_LANES_EPARAM_LINK_INFO;
 
 #define ADAPTIVE_CTLE 0x3f
@@ -173,130 +176,141 @@ typedef struct {
   KTI_CPU_PHY_SETTING   Phy[MAX_FW_KTI_PORTS];
 } KTI_CPU_SETTING;
 
-//
-// KTIRC input structure
-//
+/**
+  KTIRC input structure
+**/
 typedef struct {
   //
   // Protocol layer and other general options; note that "Auto" is provided only options whose value will change depending
   // on the topology, not for all options.
   //
 
-  //
-  // Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's IIO.
-  // Value 0 indicates, that CPU is not relevant for the system. If resource is
-  // requested for an CPU that is not currently populated, KTIRC will assume
-  // that the ratio is 0 for that CPU and won't allocate any resources for it.
-  // If resource is not requested for an CPU that is populated, KTIRC will force
-  // the ratio for that CPU to 1.
-  //
-
-
+  /**
+   Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's IIO.
+    Value 0 indicates, that CPU is not relevant for the system. If resource is
+    requested for an CPU that is not currently populated, KTIRC will assume
+    that the ratio is 0 for that CPU and won't allocate any resources for it.
+    If resource is not requested for an CPU that is populated, KTIRC will force
+    the ratio for that CPU to 1.
+  **/
   UINT8               BusRatio[MAX_SOCKET];
 
-  UINT8               D2KCreditConfig;             // 1 - Min, 2 - Med (Default), 3- Max
-  UINT8               SnoopThrottleConfig;  // 0 - Disabled (Default), 1 - Min, 2 - Med, 3- Max
-  UINT8               SnoopAllCores;        // 0 - Disabled, 1 - Enabled, 2 - Auto
-  UINT8               LegacyVgaSoc;       // Socket that claims the legacy VGA range; valid values are 0-7; 0 is default.
-  UINT8               LegacyVgaStack;     // Stack that claims the legacy VGA range; valid values are 0-3; 0 is default.
-  UINT8               ColdResetRequestStart;
-  UINT8               P2pRelaxedOrdering; // 0 - Disable(default) 1 - Enable
-  UINT8               DebugPrintLevel;    // Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
-  UINT8               SncEn;              // 0 - Disable, (default) 1 - Enable
-  UINT8               UmaClustering;      // 0 - Disable, 2 - 2Clusters UMA, 4 - 4Clusters UMA
-  UINT8               IoDcMode;           // 0 - Disable IODC,  1 - AUTO (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
-                                          // 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
-  UINT8               DegradePrecedence;  // Use DEGRADE_PRECEDENCE definition; TOPOLOGY_PRECEDENCE is default
-  UINT8               Degrade4SPreference;// 4S1LFullConnect topology is default; another option is 4S2LRing topology.
-  UINT8               DirectoryModeEn;    // 0 - Disable; 1 - Enable (default)
-  UINT8               XptPrefetchEn;      // Xpt Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
-  UINT8               KtiPrefetchEn;      // Kti Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
-  UINT8               XptRemotePrefetchEn;     // Xpt Remote Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)   (ICX only)
-  UINT8               RdCurForXptPrefetchEn;   // RdCur for XPT Prefetch :  0 - Disable, 1 - Enable, 2- Auto (default)
-  UINT8               KtiFpgaEnable[MAX_SOCKET];  // Indicate if should enable Fpga device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
-  UINT8               DdrtQosMode;          // DDRT QoS Feature:  0 - Disable (default), 1 - M2M QoS Enable, Cha QoS Disable
-                                            // 2 - M2M QoS Enable, Cha QoS Enable
+  UINT8               D2KCreditConfig;                ///< 1 - Min, 2 - Med (Default), 3- Max
+  UINT8               SnoopThrottleConfig;            ///< 0 - Disabled (Default), 1 - Min, 2 - Med, 3- Max
+  UINT8               SnoopAllCores;                  ///< 0 - Disabled, 1 - Enabled, 2 - Auto
+  UINT8               LegacyVgaSoc;                   ///< Socket that claims the legacy VGA range; valid values are 0-7; 0 is default.
+  UINT8               LegacyVgaStack;                 ///< Stack that claims the legacy VGA range; valid values are 0-3; 0 is default.
+  UINT8               ColdResetRequestStart;          ///< @deprecated Reserved.
+  UINT8               P2pRelaxedOrdering;             ///< 0 - Disable(default) 1 - Enable
+  UINT8               DebugPrintLevel;                ///< Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
+  UINT8               SncEn;                          ///< 0 - Disable, (default) 1 - Enable
+  UINT8               UmaClustering;                  ///< 0 - Disable, 2 - 2Clusters UMA, 4 - 4Clusters UMA
+  UINT8               IoDcMode;                       ///< 0 - Disable IODC,  1 - AUTO (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
+                                                      ///< 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
+  UINT8               DegradePrecedence;              ///< Use DEGRADE_PRECEDENCE definition; TOPOLOGY_PRECEDENCE is default
+  UINT8               Degrade4SPreference;            ///< 4S1LFullConnect topology is default; another option is 4S2LRing topology.
+  UINT8               DirectoryModeEn;                ///< 0 - Disable; 1 - Enable (default)
+  UINT8               XptPrefetchEn;                  ///< Xpt Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
+  UINT8               KtiPrefetchEn;                  ///< Kti Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
+  UINT8               XptRemotePrefetchEn;            ///< Xpt Remote Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)   (ICX only)
+  UINT8               RdCurForXptPrefetchEn;          ///< RdCur for XPT Prefetch :  0 - Disable, 1 - Enable, 2- Auto (default)
+  UINT8               KtiFpgaEnable[MAX_SOCKET];      ///< Indicate if should enable Fpga device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
+  UINT8               DdrtQosMode;                    ///< DDRT QoS Feature:  0 - Disable (default), 1 - M2M QoS Enable, Cha QoS Disable
+                                                      ///< 2 - M2M QoS Enable, Cha QoS Enable
 
   //
   // Phy/Link Layer Options (System-wide and per socket)
   //
-  UINT8               KtiLinkSpeedMode;   // Link speed mode selection; 0 - Slow Speed; 1- Full Speed (default)
-  UINT8               KtiLinkSpeed;       // Use KTI_LINKSPEED definition
-  UINT8               KtiAdaptationEn;    // 0 - Disable, 1 - Enable
-  UINT8               KtiAdaptationSpeed; // Use KTI_LINK_SPEED definition; MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
-  UINT8               KtiLinkL0pEn;       // 0 - Disable, 1 - Enable, 2- Auto  (default)
-  UINT8               KtiLinkL1En;        // 0 - Disable, 1 - Enable, 2- Auto  (default)
-  UINT8               KtiFailoverEn;      // 0 - Disable, 1 - Enable, 2- Auto (default)
-  UINT8               KtiLbEn;            // 0 - Disable(default), 1 - Enable
-  UINT8               KtiCrcMode;         // CRC_MODE_16BIT, CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
-
-  UINT8               KtiCpuSktHotPlugEn;       // 0 - Disable (default), 1 - Enable
-  UINT8               KtiCpuSktHotPlugTopology; // 0 - 4S Topology (default), 1 - 8S Topology
-  UINT8               KtiSkuMismatchCheck;      // 0 - No, 1 - Yes (default)
-  UINT8               IrqThreshold;             // IRQ Threshold setting
-  UINT8               TorThresLoctoremNorm;     // TOR threshold - Loctorem threshold normal
-  UINT8               TorThresLoctoremEmpty;    // TOR threshold - Loctorem threshold empty
-  UINT8               MbeBwCal;                 // 0 - Linear, 1 - Biased, 2 - Legacy, 3 - AUTO (default = Linear)
-  UINT8               TscSyncEn;                // TSC sync in sockets: 0 - Disable, 1 - Enable, 2 - AUTO (Default)
-  UINT8               StaleAtoSOptEn;           // HA A to S directory optimization: 1 - Enable; 0 - Disable; 2 - Auto (Default)
-  UINT8               LLCDeadLineAlloc;         // LLC dead line alloc: 1 - Enable(Default); 0 - Disable
-  UINT8               SplitLock;
-  UINT8               ColdResetRequestEnd;
-
-  //
-  // Phy/Link Layer Options (per Port)
-  //
+  UINT8               KtiLinkSpeedMode;               ///< Link speed mode selection; 0 - Slow Speed; 1- Full Speed (default)
+  UINT8               KtiLinkSpeed;                   ///< Use KTI_LINKSPEED definition
+  UINT8               KtiAdaptationEn;                ///< 0 - Disable, 1 - Enable
+  UINT8               KtiAdaptationSpeed;             ///< Use KTI_LINK_SPEED definition; MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
+  UINT8               KtiLinkL0pEn;                   ///< 0 - Disable, 1 - Enable, 2- Auto  (default)
+  UINT8               KtiLinkL1En;                    ///< 0 - Disable, 1 - Enable, 2- Auto  (default)
+  UINT8               KtiFailoverEn;                  ///< 0 - Disable, 1 - Enable, 2- Auto (default)
+  UINT8               KtiLbEn;                        ///< 0 - Disable(default), 1 - Enable
+  UINT8               KtiCrcMode;                     ///< CRC_MODE_16BIT, CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
+
+  UINT8               KtiCpuSktHotPlugEn;             ///< 0 - Disable (default), 1 - Enable
+  UINT8               KtiCpuSktHotPlugTopology;       ///< 0 - 4S Topology (default), 1 - 8S Topology
+  UINT8               KtiSkuMismatchCheck;            ///< 0 - No, 1 - Yes (default)
+  UINT8               IrqThreshold;                   ///< IRQ Threshold setting
+  UINT8               TorThresLoctoremNorm;           ///< TOR threshold - Loctorem threshold normal
+  UINT8               TorThresLoctoremEmpty;          ///< TOR threshold - Loctorem threshold empty
+  UINT8               MbeBwCal;                       ///< 0 - Linear, 1 - Biased, 2 - Legacy, 3 - AUTO (default = Linear)
+  UINT8               TscSyncEn;                      ///< TSC sync in sockets: 0 - Disable, 1 - Enable, 2 - AUTO (Default)
+  UINT8               StaleAtoSOptEn;                 ///< HA A to S directory optimization: 1 - Enable; 0 - Disable; 2 - Auto (Default)
+  UINT8               LLCDeadLineAlloc;               ///< LLC dead line alloc: 1 - Enable(Default); 0 - Disable
+  UINT8               SplitLock;                      ///< @deprecated Reserved, must be set to 0.
+  UINT8               ColdResetRequestEnd;            ///< @deprecated Reserved.
+
+  ///
+  /// Phy/Link Layer Options (per Port)
+  ///
   KTI_CPU_SETTING     PhyLinkPerPortSetting[MAX_SOCKET];
 
 
-  UINT8               mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
-  UINT8               mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
-  UINT32              mmiolBase; ///< MMIOL Base address, must be 64MB aligned
-  UINT32              mmiolSize; ///< MMIOL Size address
-  UINT32              mmiohBase; ///< Address bits above 4GB, i,e, the hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
-  UINT8               CpuPaLimit; ///< Limits the max address to 46bits. This will take precedence over mmiohBase
-  UINT8               lowGap;
-  UINT8               highGap;
-  UINT16              mmiohSize; ////<< Number of 1GB contiguous regions to be assigned for MMIOH space per CPU.  Range 1-1024
-  UINT8               isocEn;    ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
-  UINT8               dcaEn;     ///< 1 - Enable; 0 - Disable
+  UINT8               mmCfgBase;                      ///< MMCFG Base address, must be 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
+  UINT8               mmCfgSize;                      ///< MMCFG Size address, must be 64M, 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
+  UINT32              mmiolBase;                      ///< MMIOL Base address, must be 64MB aligned
+  UINT32              mmiolSize;                      ///< MMIOL Size address
+  UINT32              mmiohBase;                      ///< Address bits above 4GB, i,e, the hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
+  UINT8               CpuPaLimit;                     ///< Limits the max address to 46bits. This will take precedence over mmiohBase
+  UINT8               lowGap;                         ///< @deprecated Reserved.
+  UINT8               highGap;                        ///< @deprecated Reserved.
+  UINT16              mmiohSize;                      ///< Number of 1GB contiguous regions to be assigned for MMIOH space per CPU.  Range 1-1024
+  UINT8               isocEn;                         ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
+  UINT8               dcaEn;                          ///< 1 - Enable; 0 - Disable
 
-  /*
+  /**
   BoardTypeBitmask:
-    Bits[3:0]   - Socket0
-    Bits[7:4]   - Socket1
-    Bits[11:8]  - Socket2
-    Bits[15:12] - Socket3
-    Bits[19:16] - Socket4
-    Bits[23:20] - Socket5
-    Bits[27:24] - Socket6
-    Bits[31:28] - Socket7
+  - Bits[3:0]   - Socket0
+  - Bits[7:4]   - Socket1
+  - Bits[11:8]  - Socket2
+  - Bits[15:12] - Socket3
+  - Bits[19:16] - Socket4
+  - Bits[23:20] - Socket5
+  - Bits[27:24] - Socket6
+  - Bits[31:28] - Socket7
 
   Within each Socket-specific field, bits mean:
-    Bit0 = CPU_TYPE_STD support; always 1 on Socket0
-    Bit1 = CPU_TYPE_F support
-    Bit2 = CPU_TYPE_P support
-    Bit3 = reserved
-  */
+  - Bit0 = CPU_TYPE_STD support; always 1 on Socket0
+  - Bit1 = CPU_TYPE_F support
+  - Bit2 = CPU_TYPE_P support
+  - Bit3 = reserved
+  **/
   UINT32              BoardTypeBitmask;
-  UINT32              AllLanesPtr;
-  UINT32              PerLanePtr;
-  UINT32              AllLanesSizeOfTable;
-  UINT32              PerLaneSizeOfTable;
-  UINT32              WaitTimeForPSBP; // the wait time in units of 1000us for PBSP to check in.
-  BOOLEAN             IsKtiNvramDataReady;
-  UINT32              OemHookPostTopologyDiscovery;
-  UINT32              OemGetResourceMapUpdate;
-  UINT32              OemGetAdaptedEqSettings;
-  UINT32              OemCheckCpuPartsChangeSwap;
-
-  BOOLEAN             WaSerializationEn;      // Enable BIOS serialization WA by PcdWaSerializationEn
+  UINT32              AllLanesPtr;                    ///< Pointer to an array of ALL_LANES_EPARAM_LINK_INFO structures.
+  UINT32              PerLanePtr;                     ///< Pointer to an array of PER_LANE_EPARAM_LINK_INFO structures.
+  UINT32              AllLanesSizeOfTable;            ///< Number of elements in array pointed to by AllLanesPtr
+  UINT32              PerLaneSizeOfTable;             ///< Number of elements in array pointed to by PerLanePtr
+  UINT32              WaitTimeForPSBP;                ///< the wait time in units of 1000us for PBSP to check in.
+  BOOLEAN             IsKtiNvramDataReady;            ///< Used internally, Reserved.
+  UINT32              OemHookPostTopologyDiscovery;   ///< OEM_HOOK_POST_TOPOLOGY_DISCOVERY function pointer. Invoked at the end of topology discovery, used for error reporting.
+  UINT32              OemGetResourceMapUpdate;        ///< OEM_GET_RESOURCE_MAP_UPDATE function pointer. Allows platform code to adjust the resource map.
+  UINT32              OemGetAdaptedEqSettings;        ///< @deprecated Reserved, must be set to 0.
+  UINT32              OemCheckCpuPartsChangeSwap;     ///< @deprecated Reserved, must be set to 0.
+
+  BOOLEAN             WaSerializationEn;              ///< Enable BIOS serialization WA by PcdWaSerializationEn
   KTI_RESERVED_3      Reserved166;
   KTI_RESERVED_4      Reserved167[MAX_SOCKET];
-  UINT8               KtiInEnableMktme;       // 0 - Disabled; 1 - Enabled; MkTme status decides D2Kti feature state
+  UINT8               KtiInEnableMktme;               ///< 0 - Disabled; 1 - Enabled; MkTme status decides D2Kti feature state
+  /**
+    Pointers to the location of the CFR/SINIT binaries.
+
+    Contains a pointer to a 24 byte fixed length array.
+    The array contains the 3 instances of the following c-struct
+    ~~~
+    typedef struct {
+      UINT32  CfrImagePtr;
+      UINT32  CfrImageSize;
+    }
+    ~~~
+    This allows a maximum of 3 CFR/SINIT binaries to be provided by platform code.
+  **/
   UINT32              CFRImagePtr;
-  UINT8               S3mCFRCommit;           // 0 - Disable S3m CFR flow.    1 - Provision S3m CFR but not Commit.    2 - Provsion and Commit S3M CFR.
-  UINT8               PucodeCFRCommit;        // 0 - Disable Pucode CFR flow. 1 - Provision Pucode CFR but not Commit. 2 - Provsion and Commit Pucode CFR.
+  UINT8               S3mCFRCommit;                   ///< 0 - Disable S3m CFR flow.    1 - Provision S3m CFR but not Commit.    2 - Provision and Commit S3M CFR.
+  UINT8               PucodeCFRCommit;                ///< 0 - Disable Pucode CFR flow. 1 - Provision Pucode CFR but not Commit. 2 - Provision and Commit Pucode CFR.
 } KTI_HOST_IN;
 
 #pragma pack()
diff --git a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
index f5861ccaf..0e10d0b8f 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
@@ -23,6 +23,9 @@ extern EFI_GUID gFlashProtectionConfigGuid;
 // ---------------------------- PCH General Config -------------------------------
 //
 
+/**
+  PCH General Configuration
+**/
 typedef struct {
   /**
     Subsystem Vendor ID and Subsystem ID of the PCH devices.
@@ -775,6 +778,9 @@ typedef enum  {
   PchHdaIDispMode1T = 1
 } PCH_HDAUDIO_IDISP_TMODE;
 
+/**
+  This structure contains the policies which are related to HD Audio device (cAVS).
+**/
 typedef struct {
   /**
     This member describes whether or not Intel HD Audio (Azalia) should be enabled.
@@ -1674,6 +1680,9 @@ typedef struct {
   UINT16                ProtectedRangeBase;
 } PROTECTED_RANGE;
 
+/**
+  PCH Flash Protection Configuration
+**/
 typedef struct {
   PROTECTED_RANGE       ProtectRange[PCH_FLASH_PROTECTED_RANGES];
 } PCH_FLASH_PROTECTION_CONFIG;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
index 4c48ca19e..84197b8c8 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
@@ -8,15 +8,15 @@
 **/
 
 //
-// TME
+// TME (Total Memory Encryption)
 //
-UINT8  EnableTme;                      // TME Enable
-UINT8  EnableTmeCR;                    // Exclude Crystal Ridge memory from encryption.
+UINT8  EnableTme;                               ///< TME Enable
+UINT8  EnableTmeCR;                             ///< TME for Optane Persistent Memory. Set to 0 exclude Optane from encryption.
 
 //
 // MK-TME
 //
-UINT8  EnableMktme;                    // MK-TME Enable
+UINT8  EnableMktme;                             ///< MK-TME Enable
 
 UINT8  ReservedS234;
 UINT8  ReservedS235;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
index 3a6262a65..201cdd9a9 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
@@ -10,9 +10,9 @@
 //
 // MK-TME
 //
-// NAK - Not a knob, used just for indication
-UINT8  TmeCapability; // TME Capable
-UINT8  TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
-UINT8  MktmeCapability; // MK-TME Capable
-UINT16 MktmeMaxKeys; // Max number of keys used for encryption
-UINT8  MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
+// NAK (Not a knob) - Used just for indication
+UINT8  TmeCapability;                           // NAK (Not a knob) - TME Capable
+UINT8  TmeCrSupport;                            // NAK (Not a knob) - Flag used to check if Crystal Ridge is supported in UEFI
+UINT8  MktmeCapability;                         // NAK (Not a knob) - MK-TME Capable
+UINT16 MktmeMaxKeys;                            // NAK (Not a knob) - Max number of keys used for encryption
+UINT8  MkTmeKeyIdBits;                          // NAK (Not a knob) - Used to suppress setup menu key-splits
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
index 2deabd0b5..c46434392 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
@@ -10,27 +10,30 @@
 //
 // SGX
 //
-UINT8  EnableSgx;
-UINT8  SgxFactoryReset;                // Delete all registration data, if SGX enabled force IPE/FirstBinding flow
-UINT64 PrmrrSize;                      // SGX PRMRR size
+UINT8  EnableSgx;                               ///< Enable SGX
+UINT8  SgxFactoryReset;                         ///< Delete all registration data, if SGX enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize;                               ///< SGX PRMRR size
 UINT64 ReservedS239;
-UINT8  SgxQoS;                         // SGX Quality of Service
-UINT8  SgxAutoRegistrationAgent;
-UINT8  SgxPackageInfoInBandAccess;     // Expose Package Info to OS
-UINT8  EpochUpdate;
-UINT64 SgxEpoch0;                      // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT64 SgxEpoch1;                      // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT8  SgxLeWr;                        // Flexible Launch Enclave Policy (Wr En)
-UINT64 SgxLePubKeyHash0;               // Launch Enclave Hash 0
-UINT64 SgxLePubKeyHash1;               // Launch Enclave Hash 1
-UINT64 SgxLePubKeyHash2;               // Launch Enclave Hash 2
-UINT64 SgxLePubKeyHash3;               // Launch Enclave Hash 3
-// Client SGX - unused in server
-UINT8  SgxSinitNvsData;                // SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
-                                       // Pass value of zero if there is not data saved or when SGX is disabled.
-UINT8  SgxSinitDataFromTpm;            // SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
-                                       // is present in TPM.
-UINT8  SgxDebugMode;
+UINT8  SgxQoS;                                  ///< SGX Quality of Service
+UINT8  SgxAutoRegistrationAgent;                ///< SGX Auto Registration Agent
+UINT8  SgxPackageInfoInBandAccess;              ///< SGX Expose Package Info to OS
+UINT8  EpochUpdate;                             ///< SGX EPOCH Update
+UINT64 SgxEpoch0;                               ///< SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1;                               ///< SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT8  SgxLeWr;                                 ///< Flexible Launch Enclave Policy (Wr En)
+UINT64 SgxLePubKeyHash0;                        ///< Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1;                        ///< Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2;                        ///< Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3;                        ///< Launch Enclave Hash 3
+
+//
+// DEPRECATED
+//
+UINT8  SgxSinitNvsData;                         ///< @deprecated SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+                                                ///              Pass value of zero if there is not data saved or when SGX is disabled.
+UINT8  SgxSinitDataFromTpm;                     ///< @deprecated SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
+                                                ///              is present in TPM.
+UINT8  SgxDebugMode;                            ///< @deprecated
 
 UINT8  ReservedS240;
 UINT8  ReservedS241;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
index db5081c0a..79369f989 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
@@ -7,7 +7,7 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
-UINT8  EnableTdx; // TDX Enable
-UINT8  KeySplit; // TDX/MK-TME key split
+UINT8  EnableTdx;                               ///< TDX Enable
+UINT8  KeySplit;                                ///< TDX/MK-TME key split
 
 UINT8  ReservedS245;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
new file mode 100644
index 000000000..0beb26704
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
@@ -0,0 +1,29 @@
+/** @file
+  Provides data structure information used by ServerSecurity features in Mtkme etc.
+
+  @copyright
+  Copyright 2018 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _SECURITY_POLICY_H_
+#define _SECURITY_POLICY_H_
+
+extern EFI_GUID gSecurityPolicyDataGuid;
+#include <Library/SecurityPolicyDefinitions.h>
+
+#pragma pack(1)
+
+/**
+  Security Policy
+**/
+typedef struct {
+  /**
+   * Please put common definitions inside the SecurityPolicy_Flat.h *
+  **/
+  #include "SecurityPolicy_Flat.h"
+} SECURITY_POLICY;
+
+#pragma pack()
+#endif
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
index ba62b8c3a..09dacdf62 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -1,6 +1,6 @@
 /** @file
   Provides data structure information used by ServerSecurity features in literally all products
-  Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+  Header is flat and injected directly in SecurityPolicy structure and SOCKET_PROCESSORCORE_CONFIGURATION.
 
   @copyright
   Copyright 2020 - 2021 Intel Corporation. <BR>
@@ -8,7 +8,7 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
-  // Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+  // Header is flat and injected directly in SecurityPolicy structure and SOCKET_PROCESSORCORE_CONFIGURATION.
   // Put common definitons here either directly or via intermediate header file..
 
 // SECURITY_IP_MKTME_1V0  MkTme;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
new file mode 100644
index 000000000..700f5abb4
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
@@ -0,0 +1,28 @@
+/**@file
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef __SECURITY_POLICY_DEFINITIONS_H__
+#define __SECURITY_POLICY_DEFINITIONS_H__
+
+//
+// Security Policy definitions
+//
+
+//
+// Values for capable/incapable == supported/unsupported
+//
+#define SECURITY_POLICY_UNSUPPORTED                0
+#define SECURITY_POLICY_SUPPORTED                  1
+
+//
+// Values for enable/disable options
+//
+#define SECURITY_POLICY_DISABLE                    0
+#define SECURITY_POLICY_ENABLE                     1
+#define SECURITY_POLICY_AUTO                       2
+
+#endif
-- 
2.27.0.windows.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-12  0:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-20 20:22 [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures Nate DeSimone
2021-07-21  4:07 ` Chiu, Chasel
2021-08-12  0:38   ` Nate DeSimone

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox