[edk2-devel] [edk2-platforms] [PATCH V1 08/17] WhitleySiliconPkg: Add Security Includes
Nate DeSimone
nathaniel.l.desimone at intel.com
Tue Jul 13 00:41:22 UTC 2021
Signed-off-by: Nate DeSimone <nathaniel.l.desimone at intel.com>
Co-authored-by: Isaac Oram <isaac.w.oram at intel.com>
Co-authored-by: Mohamed Abbas <mohamed.abbas at intel.com>
Cc: Chasel Chiu <chasel.chiu at intel.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Isaac Oram <isaac.w.oram at intel.com>
Cc: Mohamed Abbas <mohamed.abbas at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Eric Dong <eric.dong at intel.com>
Cc: Michael Kubacki <Michael.Kubacki at microsoft.com>
---
.../SecurityIp/SecurityIpMkTme1v0_Inputs.h | 25 ++++++++++++
.../SecurityIp/SecurityIpMkTme1v0_Outputs.h | 18 +++++++++
.../SecurityIp/SecurityIpSgxTem1v0_Inputs.h | 39 +++++++++++++++++++
.../SecurityIp/SecurityIpSgxTem1v0_Outputs.h | 22 +++++++++++
.../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h | 13 +++++++
.../SecurityIp/SecurityIpTdx1v0_Outputs.h | 11 ++++++
.../Include/Guid/SecurityPolicy_Flat.h | 22 +++++++++++
7 files changed, 150 insertions(+)
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
new file mode 100644
index 0000000000..4c48ca19ee
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
@@ -0,0 +1,25 @@
+/** @file
+ Provides data structure information used by SiliconIp MK-TME
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// TME
+//
+UINT8 EnableTme; // TME Enable
+UINT8 EnableTmeCR; // Exclude Crystal Ridge memory from encryption.
+
+//
+// MK-TME
+//
+UINT8 EnableMktme; // MK-TME Enable
+
+UINT8 ReservedS234;
+UINT8 ReservedS235;
+UINT64 ReservedS236;
+UINT64 ReservedS237;
+UINT8 ReservedS238;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
new file mode 100644
index 0000000000..3a6262a658
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
@@ -0,0 +1,18 @@
+/** @file
+ Provides data structure information used by SiliconIp MK-TME
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// MK-TME
+//
+// NAK - Not a knob, used just for indication
+UINT8 TmeCapability; // TME Capable
+UINT8 TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
+UINT8 MktmeCapability; // MK-TME Capable
+UINT16 MktmeMaxKeys; // Max number of keys used for encryption
+UINT8 MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
new file mode 100644
index 0000000000..2deabd0b50
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
@@ -0,0 +1,39 @@
+/** @file
+ Provides data structure information used by SiliconIp SGX-TEM
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// SGX
+//
+UINT8 EnableSgx;
+UINT8 SgxFactoryReset; // Delete all registration data, if SGX enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize; // SGX PRMRR size
+UINT64 ReservedS239;
+UINT8 SgxQoS; // SGX Quality of Service
+UINT8 SgxAutoRegistrationAgent;
+UINT8 SgxPackageInfoInBandAccess; // Expose Package Info to OS
+UINT8 EpochUpdate;
+UINT64 SgxEpoch0; // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1; // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT8 SgxLeWr; // Flexible Launch Enclave Policy (Wr En)
+UINT64 SgxLePubKeyHash0; // Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1; // Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2; // Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3; // Launch Enclave Hash 3
+// Client SGX - unused in server
+UINT8 SgxSinitNvsData; // SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+ // Pass value of zero if there is not data saved or when SGX is disabled.
+UINT8 SgxSinitDataFromTpm; // SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
+ // is present in TPM.
+UINT8 SgxDebugMode;
+
+UINT8 ReservedS240;
+UINT8 ReservedS241;
+UINT8 ReservedS242;
+UINT8 ReservedS243;
+UINT8 ReservedS244;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
new file mode 100644
index 0000000000..45b63b21c5
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
@@ -0,0 +1,22 @@
+/** @file
+ Provides data structure information used by SiliconIp SGX-TEM
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+// NAK - Not a knob, used just for indication
+UINT8 IsSgxCapable;
+UINT8 IsHwCongifSupportedBySgx; // ## PRODUCED by SgxPreMemInit
+UINT8 CrDimmsPresent;
+UINT64 ValidPrmrrBitMap;
+UINT64 SprspOrLaterPrmSizeBitmap; // ## PRODUCED by SgxPreMemInit
+UINT8 ShowEpoch;
+UINT8 SkipSignalPpmDone; // ## PRODUCED by SgxEarlyInit
+
+UINT8 SprspOrLaterIsPrmSizeInvalidated; // ## PRODUCED by SgxPreMemInit
+UINT8 SprspOrLaterAreHardwarePreconditionsMet; // ## PRODUCED by SgxPreMemInit
+UINT8 SprspOrLaterAreMemoryPreconditionsMet; // ## PRODUCED by SgxPreMeminit
+UINT8 SprspOrLaterAreSetupPreconditionsMet; // ## PRODUCED by SgxPreMemInit
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
new file mode 100644
index 0000000000..db5081c0aa
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
@@ -0,0 +1,13 @@
+/** @file
+ Provides data structure information used by SiliconIp TDX
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+UINT8 EnableTdx; // TDX Enable
+UINT8 KeySplit; // TDX/MK-TME key split
+
+UINT8 ReservedS245;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
new file mode 100644
index 0000000000..d744baefb5
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
@@ -0,0 +1,11 @@
+/** @file
+ Provides data structure information used by SiliconIp TDX
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+// NAK - Not a knob, used just for indication
+UINT8 TdxCapability; // TDX socket capability
\ No newline at end of file
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
new file mode 100644
index 0000000000..ba62b8c3ab
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -0,0 +1,22 @@
+/** @file
+ Provides data structure information used by ServerSecurity features in literally all products
+ Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+ // Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+ // Put common definitons here either directly or via intermediate header file..
+
+// SECURITY_IP_MKTME_1V0 MkTme;
+#include "SecurityIp/SecurityIpMkTme1v0_Inputs.h"
+#include "SecurityIp/SecurityIpMkTme1v0_Outputs.h"
+// SECURITY_IP_SGXTEM_1V0 SgxTem;
+#include "SecurityIp/SecurityIpSgxTem1v0_Inputs.h"
+#include "SecurityIp/SecurityIpSgxTem1v0_Outputs.h"
+// SECURITY_IP_TDX_1V0 Tdx;
+#include "SecurityIp/SecurityIpTdx1v0_Inputs.h"
+#include "SecurityIp/SecurityIpTdx1v0_Outputs.h"
\ No newline at end of file
--
2.27.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77712): https://edk2.groups.io/g/devel/message/77712
Mute This Topic: https://groups.io/mt/84168624/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list