[edk2-devel] [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures
Nate DeSimone
nathaniel.l.desimone at intel.com
Tue Jul 20 20:22:02 UTC 2021
Signed-off-by: Nate DeSimone <nathaniel.l.desimone at intel.com>
Cc: Isaac Oram <isaac.w.oram at intel.com>
Cc: Chasel Chiu <chasel.chiu at intel.com>
---
.../Include/Ppi/RasImcS3Data.h | 6 +
.../Include/Ppi/UpiPolicyPpi.h | 5 +-
.../WhitleySiliconPkg/Include/Upi/KtiHost.h | 250 +++++++++---------
.../SouthClusterLbg/Include/PchPolicyCommon.h | 9 +
.../SecurityIp/SecurityIpMkTme1v0_Inputs.h | 8 +-
.../SecurityIp/SecurityIpMkTme1v0_Outputs.h | 12 +-
.../SecurityIp/SecurityIpSgxTem1v0_Inputs.h | 43 +--
.../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h | 4 +-
.../Security/Include/Guid/SecurityPolicy.h | 29 ++
.../Include/Guid/SecurityPolicy_Flat.h | 4 +-
.../Library/SecurityPolicyDefinitions.h | 28 ++
11 files changed, 245 insertions(+), 153 deletions(-)
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
index 82725bc84..2198f8516 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
@@ -44,7 +44,13 @@ EFI_STATUS
OUT VOID *Data
);
+/**
+ RAS IMC S3 Data PPI
+**/
struct _RAS_IMC_S3_DATA_PPI {
+ /**
+ Retrieves data for S3 saved memory RAS features from non-volatile storage.
+ **/
RAS_IMC_S3_DATA_PPI_GET_IMC_S3_RAS_DATA GetImcS3RasData;
};
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
index e355dcaba..503c5c0ae 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
@@ -24,6 +24,9 @@
typedef struct _UPI_POLICY_PPI UPI_POLICY_PPI;
+/**
+ UPI Policy Structure
+**/
struct _UPI_POLICY_PPI {
/**
This member specifies the revision of the UPI_POLICY_PPI. This field is used to
@@ -32,7 +35,7 @@ struct _UPI_POLICY_PPI {
to correctly interpret the content of the INTERFACE fields.
**/
UINT32 Revision;
- KTI_HOST_IN Upi;
+ KTI_HOST_IN Upi; ///< KTIRC input structure
};
#endif // _UPI_POLICY_PPI_H_
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
index cf558b3d3..e793cc647 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
@@ -99,28 +99,31 @@ typedef struct {
KTI_RESERVED_2 Phy[MAX_FW_KTI_PORTS];
} KTI_RESERVED_4;
-//
-// PHY settings that are system dependent. Need 1 of these for each socket/link/freq.
-//
+/**
+ Per Lane PHY Configuration
+ These PHY settings are system dependent. Every socket/link/freq requires an instance of this structure.
+**/
typedef struct {
- UINT8 SocketID;
- UINT8 AllLanesUseSameTxeq;
- UINT8 Freq;
- UINT32 Link;
- UINT32 TXEQL[20];
- UINT32 CTLEPEAK[5];
+ UINT8 SocketID; ///< Socket ID
+ UINT8 AllLanesUseSameTxeq; ///< Use same TXEQ on all lanes
+ UINT8 Freq; ///< The Link Speed these TXEQ settings should be used for
+ UINT32 Link; ///< Port Number
+ UINT32 TXEQL[20]; ///< TXEQ Settings
+ UINT32 CTLEPEAK[5]; ///< CTLE Peaking Settings
} PER_LANE_EPARAM_LINK_INFO;
-//
-// This is for full speed mode, all lanes have the same TXEQ setting
-//
+/**
+ All Lanes PHY Configuration
+
+ This is for full speed mode, all lanes have the same TXEQ setting
+**/
typedef struct {
- UINT8 SocketID;
- UINT8 Freq;
- UINT32 Link;
- UINT32 AllLanesTXEQ;
- UINT8 CTLEPEAK;
+ UINT8 SocketID; ///< Socket ID
+ UINT8 Freq; ///< The Link Speed these TXEQ settings should be used for
+ UINT32 Link; ///< Port Number
+ UINT32 AllLanesTXEQ; ///< TXEQ Setting
+ UINT8 CTLEPEAK; ///< CTLE Peaking Setting
} ALL_LANES_EPARAM_LINK_INFO;
#define ADAPTIVE_CTLE 0x3f
@@ -173,130 +176,141 @@ typedef struct {
KTI_CPU_PHY_SETTING Phy[MAX_FW_KTI_PORTS];
} KTI_CPU_SETTING;
-//
-// KTIRC input structure
-//
+/**
+ KTIRC input structure
+**/
typedef struct {
//
// Protocol layer and other general options; note that "Auto" is provided only options whose value will change depending
// on the topology, not for all options.
//
- //
- // Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's IIO.
- // Value 0 indicates, that CPU is not relevant for the system. If resource is
- // requested for an CPU that is not currently populated, KTIRC will assume
- // that the ratio is 0 for that CPU and won't allocate any resources for it.
- // If resource is not requested for an CPU that is populated, KTIRC will force
- // the ratio for that CPU to 1.
- //
-
-
+ /**
+ Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's IIO.
+ Value 0 indicates, that CPU is not relevant for the system. If resource is
+ requested for an CPU that is not currently populated, KTIRC will assume
+ that the ratio is 0 for that CPU and won't allocate any resources for it.
+ If resource is not requested for an CPU that is populated, KTIRC will force
+ the ratio for that CPU to 1.
+ **/
UINT8 BusRatio[MAX_SOCKET];
- UINT8 D2KCreditConfig; // 1 - Min, 2 - Med (Default), 3- Max
- UINT8 SnoopThrottleConfig; // 0 - Disabled (Default), 1 - Min, 2 - Med, 3- Max
- UINT8 SnoopAllCores; // 0 - Disabled, 1 - Enabled, 2 - Auto
- UINT8 LegacyVgaSoc; // Socket that claims the legacy VGA range; valid values are 0-7; 0 is default.
- UINT8 LegacyVgaStack; // Stack that claims the legacy VGA range; valid values are 0-3; 0 is default.
- UINT8 ColdResetRequestStart;
- UINT8 P2pRelaxedOrdering; // 0 - Disable(default) 1 - Enable
- UINT8 DebugPrintLevel; // Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
- UINT8 SncEn; // 0 - Disable, (default) 1 - Enable
- UINT8 UmaClustering; // 0 - Disable, 2 - 2Clusters UMA, 4 - 4Clusters UMA
- UINT8 IoDcMode; // 0 - Disable IODC, 1 - AUTO (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
- // 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
- UINT8 DegradePrecedence; // Use DEGRADE_PRECEDENCE definition; TOPOLOGY_PRECEDENCE is default
- UINT8 Degrade4SPreference;// 4S1LFullConnect topology is default; another option is 4S2LRing topology.
- UINT8 DirectoryModeEn; // 0 - Disable; 1 - Enable (default)
- UINT8 XptPrefetchEn; // Xpt Prefetch : 1 - Enable; 0 - Disable; 2 - Auto (default)
- UINT8 KtiPrefetchEn; // Kti Prefetch : 1 - Enable; 0 - Disable; 2 - Auto (default)
- UINT8 XptRemotePrefetchEn; // Xpt Remote Prefetch : 1 - Enable; 0 - Disable; 2 - Auto (default) (ICX only)
- UINT8 RdCurForXptPrefetchEn; // RdCur for XPT Prefetch : 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiFpgaEnable[MAX_SOCKET]; // Indicate if should enable Fpga device found in this socket : 0 - Disable, 1 - Enable, 2- Auto
- UINT8 DdrtQosMode; // DDRT QoS Feature: 0 - Disable (default), 1 - M2M QoS Enable, Cha QoS Disable
- // 2 - M2M QoS Enable, Cha QoS Enable
+ UINT8 D2KCreditConfig; ///< 1 - Min, 2 - Med (Default), 3- Max
+ UINT8 SnoopThrottleConfig; ///< 0 - Disabled (Default), 1 - Min, 2 - Med, 3- Max
+ UINT8 SnoopAllCores; ///< 0 - Disabled, 1 - Enabled, 2 - Auto
+ UINT8 LegacyVgaSoc; ///< Socket that claims the legacy VGA range; valid values are 0-7; 0 is default.
+ UINT8 LegacyVgaStack; ///< Stack that claims the legacy VGA range; valid values are 0-3; 0 is default.
+ UINT8 ColdResetRequestStart; ///< @deprecated Reserved.
+ UINT8 P2pRelaxedOrdering; ///< 0 - Disable(default) 1 - Enable
+ UINT8 DebugPrintLevel; ///< Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
+ UINT8 SncEn; ///< 0 - Disable, (default) 1 - Enable
+ UINT8 UmaClustering; ///< 0 - Disable, 2 - 2Clusters UMA, 4 - 4Clusters UMA
+ UINT8 IoDcMode; ///< 0 - Disable IODC, 1 - AUTO (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
+ ///< 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
+ UINT8 DegradePrecedence; ///< Use DEGRADE_PRECEDENCE definition; TOPOLOGY_PRECEDENCE is default
+ UINT8 Degrade4SPreference; ///< 4S1LFullConnect topology is default; another option is 4S2LRing topology.
+ UINT8 DirectoryModeEn; ///< 0 - Disable; 1 - Enable (default)
+ UINT8 XptPrefetchEn; ///< Xpt Prefetch : 1 - Enable; 0 - Disable; 2 - Auto (default)
+ UINT8 KtiPrefetchEn; ///< Kti Prefetch : 1 - Enable; 0 - Disable; 2 - Auto (default)
+ UINT8 XptRemotePrefetchEn; ///< Xpt Remote Prefetch : 1 - Enable; 0 - Disable; 2 - Auto (default) (ICX only)
+ UINT8 RdCurForXptPrefetchEn; ///< RdCur for XPT Prefetch : 0 - Disable, 1 - Enable, 2- Auto (default)
+ UINT8 KtiFpgaEnable[MAX_SOCKET]; ///< Indicate if should enable Fpga device found in this socket : 0 - Disable, 1 - Enable, 2- Auto
+ UINT8 DdrtQosMode; ///< DDRT QoS Feature: 0 - Disable (default), 1 - M2M QoS Enable, Cha QoS Disable
+ ///< 2 - M2M QoS Enable, Cha QoS Enable
//
// Phy/Link Layer Options (System-wide and per socket)
//
- UINT8 KtiLinkSpeedMode; // Link speed mode selection; 0 - Slow Speed; 1- Full Speed (default)
- UINT8 KtiLinkSpeed; // Use KTI_LINKSPEED definition
- UINT8 KtiAdaptationEn; // 0 - Disable, 1 - Enable
- UINT8 KtiAdaptationSpeed; // Use KTI_LINK_SPEED definition; MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
- UINT8 KtiLinkL0pEn; // 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiLinkL1En; // 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiFailoverEn; // 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiLbEn; // 0 - Disable(default), 1 - Enable
- UINT8 KtiCrcMode; // CRC_MODE_16BIT, CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
-
- UINT8 KtiCpuSktHotPlugEn; // 0 - Disable (default), 1 - Enable
- UINT8 KtiCpuSktHotPlugTopology; // 0 - 4S Topology (default), 1 - 8S Topology
- UINT8 KtiSkuMismatchCheck; // 0 - No, 1 - Yes (default)
- UINT8 IrqThreshold; // IRQ Threshold setting
- UINT8 TorThresLoctoremNorm; // TOR threshold - Loctorem threshold normal
- UINT8 TorThresLoctoremEmpty; // TOR threshold - Loctorem threshold empty
- UINT8 MbeBwCal; // 0 - Linear, 1 - Biased, 2 - Legacy, 3 - AUTO (default = Linear)
- UINT8 TscSyncEn; // TSC sync in sockets: 0 - Disable, 1 - Enable, 2 - AUTO (Default)
- UINT8 StaleAtoSOptEn; // HA A to S directory optimization: 1 - Enable; 0 - Disable; 2 - Auto (Default)
- UINT8 LLCDeadLineAlloc; // LLC dead line alloc: 1 - Enable(Default); 0 - Disable
- UINT8 SplitLock;
- UINT8 ColdResetRequestEnd;
-
- //
- // Phy/Link Layer Options (per Port)
- //
+ UINT8 KtiLinkSpeedMode; ///< Link speed mode selection; 0 - Slow Speed; 1- Full Speed (default)
+ UINT8 KtiLinkSpeed; ///< Use KTI_LINKSPEED definition
+ UINT8 KtiAdaptationEn; ///< 0 - Disable, 1 - Enable
+ UINT8 KtiAdaptationSpeed; ///< Use KTI_LINK_SPEED definition; MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
+ UINT8 KtiLinkL0pEn; ///< 0 - Disable, 1 - Enable, 2- Auto (default)
+ UINT8 KtiLinkL1En; ///< 0 - Disable, 1 - Enable, 2- Auto (default)
+ UINT8 KtiFailoverEn; ///< 0 - Disable, 1 - Enable, 2- Auto (default)
+ UINT8 KtiLbEn; ///< 0 - Disable(default), 1 - Enable
+ UINT8 KtiCrcMode; ///< CRC_MODE_16BIT, CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
+
+ UINT8 KtiCpuSktHotPlugEn; ///< 0 - Disable (default), 1 - Enable
+ UINT8 KtiCpuSktHotPlugTopology; ///< 0 - 4S Topology (default), 1 - 8S Topology
+ UINT8 KtiSkuMismatchCheck; ///< 0 - No, 1 - Yes (default)
+ UINT8 IrqThreshold; ///< IRQ Threshold setting
+ UINT8 TorThresLoctoremNorm; ///< TOR threshold - Loctorem threshold normal
+ UINT8 TorThresLoctoremEmpty; ///< TOR threshold - Loctorem threshold empty
+ UINT8 MbeBwCal; ///< 0 - Linear, 1 - Biased, 2 - Legacy, 3 - AUTO (default = Linear)
+ UINT8 TscSyncEn; ///< TSC sync in sockets: 0 - Disable, 1 - Enable, 2 - AUTO (Default)
+ UINT8 StaleAtoSOptEn; ///< HA A to S directory optimization: 1 - Enable; 0 - Disable; 2 - Auto (Default)
+ UINT8 LLCDeadLineAlloc; ///< LLC dead line alloc: 1 - Enable(Default); 0 - Disable
+ UINT8 SplitLock; ///< @deprecated Reserved, must be set to 0.
+ UINT8 ColdResetRequestEnd; ///< @deprecated Reserved.
+
+ ///
+ /// Phy/Link Layer Options (per Port)
+ ///
KTI_CPU_SETTING PhyLinkPerPortSetting[MAX_SOCKET];
- UINT8 mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
- UINT8 mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
- UINT32 mmiolBase; ///< MMIOL Base address, must be 64MB aligned
- UINT32 mmiolSize; ///< MMIOL Size address
- UINT32 mmiohBase; ///< Address bits above 4GB, i,e, the hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
- UINT8 CpuPaLimit; ///< Limits the max address to 46bits. This will take precedence over mmiohBase
- UINT8 lowGap;
- UINT8 highGap;
- UINT16 mmiohSize; ////<< Number of 1GB contiguous regions to be assigned for MMIOH space per CPU. Range 1-1024
- UINT8 isocEn; ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
- UINT8 dcaEn; ///< 1 - Enable; 0 - Disable
+ UINT8 mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
+ UINT8 mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
+ UINT32 mmiolBase; ///< MMIOL Base address, must be 64MB aligned
+ UINT32 mmiolSize; ///< MMIOL Size address
+ UINT32 mmiohBase; ///< Address bits above 4GB, i,e, the hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
+ UINT8 CpuPaLimit; ///< Limits the max address to 46bits. This will take precedence over mmiohBase
+ UINT8 lowGap; ///< @deprecated Reserved.
+ UINT8 highGap; ///< @deprecated Reserved.
+ UINT16 mmiohSize; ///< Number of 1GB contiguous regions to be assigned for MMIOH space per CPU. Range 1-1024
+ UINT8 isocEn; ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
+ UINT8 dcaEn; ///< 1 - Enable; 0 - Disable
- /*
+ /**
BoardTypeBitmask:
- Bits[3:0] - Socket0
- Bits[7:4] - Socket1
- Bits[11:8] - Socket2
- Bits[15:12] - Socket3
- Bits[19:16] - Socket4
- Bits[23:20] - Socket5
- Bits[27:24] - Socket6
- Bits[31:28] - Socket7
+ - Bits[3:0] - Socket0
+ - Bits[7:4] - Socket1
+ - Bits[11:8] - Socket2
+ - Bits[15:12] - Socket3
+ - Bits[19:16] - Socket4
+ - Bits[23:20] - Socket5
+ - Bits[27:24] - Socket6
+ - Bits[31:28] - Socket7
Within each Socket-specific field, bits mean:
- Bit0 = CPU_TYPE_STD support; always 1 on Socket0
- Bit1 = CPU_TYPE_F support
- Bit2 = CPU_TYPE_P support
- Bit3 = reserved
- */
+ - Bit0 = CPU_TYPE_STD support; always 1 on Socket0
+ - Bit1 = CPU_TYPE_F support
+ - Bit2 = CPU_TYPE_P support
+ - Bit3 = reserved
+ **/
UINT32 BoardTypeBitmask;
- UINT32 AllLanesPtr;
- UINT32 PerLanePtr;
- UINT32 AllLanesSizeOfTable;
- UINT32 PerLaneSizeOfTable;
- UINT32 WaitTimeForPSBP; // the wait time in units of 1000us for PBSP to check in.
- BOOLEAN IsKtiNvramDataReady;
- UINT32 OemHookPostTopologyDiscovery;
- UINT32 OemGetResourceMapUpdate;
- UINT32 OemGetAdaptedEqSettings;
- UINT32 OemCheckCpuPartsChangeSwap;
-
- BOOLEAN WaSerializationEn; // Enable BIOS serialization WA by PcdWaSerializationEn
+ UINT32 AllLanesPtr; ///< Pointer to an array of ALL_LANES_EPARAM_LINK_INFO structures.
+ UINT32 PerLanePtr; ///< Pointer to an array of PER_LANE_EPARAM_LINK_INFO structures.
+ UINT32 AllLanesSizeOfTable; ///< Number of elements in array pointed to by AllLanesPtr
+ UINT32 PerLaneSizeOfTable; ///< Number of elements in array pointed to by PerLanePtr
+ UINT32 WaitTimeForPSBP; ///< the wait time in units of 1000us for PBSP to check in.
+ BOOLEAN IsKtiNvramDataReady; ///< Used internally, Reserved.
+ UINT32 OemHookPostTopologyDiscovery; ///< OEM_HOOK_POST_TOPOLOGY_DISCOVERY function pointer. Invoked at the end of topology discovery, used for error reporting.
+ UINT32 OemGetResourceMapUpdate; ///< OEM_GET_RESOURCE_MAP_UPDATE function pointer. Allows platform code to adjust the resource map.
+ UINT32 OemGetAdaptedEqSettings; ///< @deprecated Reserved, must be set to 0.
+ UINT32 OemCheckCpuPartsChangeSwap; ///< @deprecated Reserved, must be set to 0.
+
+ BOOLEAN WaSerializationEn; ///< Enable BIOS serialization WA by PcdWaSerializationEn
KTI_RESERVED_3 Reserved166;
KTI_RESERVED_4 Reserved167[MAX_SOCKET];
- UINT8 KtiInEnableMktme; // 0 - Disabled; 1 - Enabled; MkTme status decides D2Kti feature state
+ UINT8 KtiInEnableMktme; ///< 0 - Disabled; 1 - Enabled; MkTme status decides D2Kti feature state
+ /**
+ Pointers to the location of the CFR/SINIT binaries.
+
+ Contains a pointer to a 24 byte fixed length array.
+ The array contains the 3 instances of the following c-struct
+ ~~~
+ typedef struct {
+ UINT32 CfrImagePtr;
+ UINT32 CfrImageSize;
+ }
+ ~~~
+ This allows a maximum of 3 CFR/SINIT binaries to be provided by platform code.
+ **/
UINT32 CFRImagePtr;
- UINT8 S3mCFRCommit; // 0 - Disable S3m CFR flow. 1 - Provision S3m CFR but not Commit. 2 - Provsion and Commit S3M CFR.
- UINT8 PucodeCFRCommit; // 0 - Disable Pucode CFR flow. 1 - Provision Pucode CFR but not Commit. 2 - Provsion and Commit Pucode CFR.
+ UINT8 S3mCFRCommit; ///< 0 - Disable S3m CFR flow. 1 - Provision S3m CFR but not Commit. 2 - Provision and Commit S3M CFR.
+ UINT8 PucodeCFRCommit; ///< 0 - Disable Pucode CFR flow. 1 - Provision Pucode CFR but not Commit. 2 - Provision and Commit Pucode CFR.
} KTI_HOST_IN;
#pragma pack()
diff --git a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
index f5861ccaf..0e10d0b8f 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
@@ -23,6 +23,9 @@ extern EFI_GUID gFlashProtectionConfigGuid;
// ---------------------------- PCH General Config -------------------------------
//
+/**
+ PCH General Configuration
+**/
typedef struct {
/**
Subsystem Vendor ID and Subsystem ID of the PCH devices.
@@ -775,6 +778,9 @@ typedef enum {
PchHdaIDispMode1T = 1
} PCH_HDAUDIO_IDISP_TMODE;
+/**
+ This structure contains the policies which are related to HD Audio device (cAVS).
+**/
typedef struct {
/**
This member describes whether or not Intel HD Audio (Azalia) should be enabled.
@@ -1674,6 +1680,9 @@ typedef struct {
UINT16 ProtectedRangeBase;
} PROTECTED_RANGE;
+/**
+ PCH Flash Protection Configuration
+**/
typedef struct {
PROTECTED_RANGE ProtectRange[PCH_FLASH_PROTECTED_RANGES];
} PCH_FLASH_PROTECTION_CONFIG;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
index 4c48ca19e..84197b8c8 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
@@ -8,15 +8,15 @@
**/
//
-// TME
+// TME (Total Memory Encryption)
//
-UINT8 EnableTme; // TME Enable
-UINT8 EnableTmeCR; // Exclude Crystal Ridge memory from encryption.
+UINT8 EnableTme; ///< TME Enable
+UINT8 EnableTmeCR; ///< TME for Optane Persistent Memory. Set to 0 exclude Optane from encryption.
//
// MK-TME
//
-UINT8 EnableMktme; // MK-TME Enable
+UINT8 EnableMktme; ///< MK-TME Enable
UINT8 ReservedS234;
UINT8 ReservedS235;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
index 3a6262a65..201cdd9a9 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
@@ -10,9 +10,9 @@
//
// MK-TME
//
-// NAK - Not a knob, used just for indication
-UINT8 TmeCapability; // TME Capable
-UINT8 TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
-UINT8 MktmeCapability; // MK-TME Capable
-UINT16 MktmeMaxKeys; // Max number of keys used for encryption
-UINT8 MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
+// NAK (Not a knob) - Used just for indication
+UINT8 TmeCapability; // NAK (Not a knob) - TME Capable
+UINT8 TmeCrSupport; // NAK (Not a knob) - Flag used to check if Crystal Ridge is supported in UEFI
+UINT8 MktmeCapability; // NAK (Not a knob) - MK-TME Capable
+UINT16 MktmeMaxKeys; // NAK (Not a knob) - Max number of keys used for encryption
+UINT8 MkTmeKeyIdBits; // NAK (Not a knob) - Used to suppress setup menu key-splits
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
index 2deabd0b5..c46434392 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
@@ -10,27 +10,30 @@
//
// SGX
//
-UINT8 EnableSgx;
-UINT8 SgxFactoryReset; // Delete all registration data, if SGX enabled force IPE/FirstBinding flow
-UINT64 PrmrrSize; // SGX PRMRR size
+UINT8 EnableSgx; ///< Enable SGX
+UINT8 SgxFactoryReset; ///< Delete all registration data, if SGX enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize; ///< SGX PRMRR size
UINT64 ReservedS239;
-UINT8 SgxQoS; // SGX Quality of Service
-UINT8 SgxAutoRegistrationAgent;
-UINT8 SgxPackageInfoInBandAccess; // Expose Package Info to OS
-UINT8 EpochUpdate;
-UINT64 SgxEpoch0; // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT64 SgxEpoch1; // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT8 SgxLeWr; // Flexible Launch Enclave Policy (Wr En)
-UINT64 SgxLePubKeyHash0; // Launch Enclave Hash 0
-UINT64 SgxLePubKeyHash1; // Launch Enclave Hash 1
-UINT64 SgxLePubKeyHash2; // Launch Enclave Hash 2
-UINT64 SgxLePubKeyHash3; // Launch Enclave Hash 3
-// Client SGX - unused in server
-UINT8 SgxSinitNvsData; // SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
- // Pass value of zero if there is not data saved or when SGX is disabled.
-UINT8 SgxSinitDataFromTpm; // SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
- // is present in TPM.
-UINT8 SgxDebugMode;
+UINT8 SgxQoS; ///< SGX Quality of Service
+UINT8 SgxAutoRegistrationAgent; ///< SGX Auto Registration Agent
+UINT8 SgxPackageInfoInBandAccess; ///< SGX Expose Package Info to OS
+UINT8 EpochUpdate; ///< SGX EPOCH Update
+UINT64 SgxEpoch0; ///< SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1; ///< SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT8 SgxLeWr; ///< Flexible Launch Enclave Policy (Wr En)
+UINT64 SgxLePubKeyHash0; ///< Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1; ///< Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2; ///< Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3; ///< Launch Enclave Hash 3
+
+//
+// DEPRECATED
+//
+UINT8 SgxSinitNvsData; ///< @deprecated SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+ /// Pass value of zero if there is not data saved or when SGX is disabled.
+UINT8 SgxSinitDataFromTpm; ///< @deprecated SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
+ /// is present in TPM.
+UINT8 SgxDebugMode; ///< @deprecated
UINT8 ReservedS240;
UINT8 ReservedS241;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
index db5081c0a..79369f989 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
@@ -7,7 +7,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-UINT8 EnableTdx; // TDX Enable
-UINT8 KeySplit; // TDX/MK-TME key split
+UINT8 EnableTdx; ///< TDX Enable
+UINT8 KeySplit; ///< TDX/MK-TME key split
UINT8 ReservedS245;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
new file mode 100644
index 000000000..0beb26704
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
@@ -0,0 +1,29 @@
+/** @file
+ Provides data structure information used by ServerSecurity features in Mtkme etc.
+
+ @copyright
+ Copyright 2018 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _SECURITY_POLICY_H_
+#define _SECURITY_POLICY_H_
+
+extern EFI_GUID gSecurityPolicyDataGuid;
+#include <Library/SecurityPolicyDefinitions.h>
+
+#pragma pack(1)
+
+/**
+ Security Policy
+**/
+typedef struct {
+ /**
+ * Please put common definitions inside the SecurityPolicy_Flat.h *
+ **/
+ #include "SecurityPolicy_Flat.h"
+} SECURITY_POLICY;
+
+#pragma pack()
+#endif
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
index ba62b8c3a..09dacdf62 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -1,6 +1,6 @@
/** @file
Provides data structure information used by ServerSecurity features in literally all products
- Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+ Header is flat and injected directly in SecurityPolicy structure and SOCKET_PROCESSORCORE_CONFIGURATION.
@copyright
Copyright 2020 - 2021 Intel Corporation. <BR>
@@ -8,7 +8,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
- // Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+ // Header is flat and injected directly in SecurityPolicy structure and SOCKET_PROCESSORCORE_CONFIGURATION.
// Put common definitons here either directly or via intermediate header file..
// SECURITY_IP_MKTME_1V0 MkTme;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
new file mode 100644
index 000000000..700f5abb4
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
@@ -0,0 +1,28 @@
+/**@file
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef __SECURITY_POLICY_DEFINITIONS_H__
+#define __SECURITY_POLICY_DEFINITIONS_H__
+
+//
+// Security Policy definitions
+//
+
+//
+// Values for capable/incapable == supported/unsupported
+//
+#define SECURITY_POLICY_UNSUPPORTED 0
+#define SECURITY_POLICY_SUPPORTED 1
+
+//
+// Values for enable/disable options
+//
+#define SECURITY_POLICY_DISABLE 0
+#define SECURITY_POLICY_ENABLE 1
+#define SECURITY_POLICY_AUTO 2
+
+#endif
--
2.27.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77987): https://edk2.groups.io/g/devel/message/77987
Mute This Topic: https://groups.io/mt/84342134/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list