[edk2-devel] [edk2-platforms] [PATCH V1 08/17] WhitleySiliconPkg: Add Security Includes

Mon, 12 Jul 2021 17:42:11 -0700 

Signed-off-by: Nate DeSimone <nathaniel.l.desim...@intel.com>
Co-authored-by: Isaac Oram <isaac.w.o...@intel.com>
Co-authored-by: Mohamed Abbas <mohamed.ab...@intel.com>
Cc: Chasel Chiu <chasel.c...@intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Cc: Isaac Oram <isaac.w.o...@intel.com>
Cc: Mohamed Abbas <mohamed.ab...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Eric Dong <eric.d...@intel.com>
Cc: Michael Kubacki <michael.kuba...@microsoft.com>
---
 .../SecurityIp/SecurityIpMkTme1v0_Inputs.h    | 25 ++++++++++++
 .../SecurityIp/SecurityIpMkTme1v0_Outputs.h   | 18 +++++++++
 .../SecurityIp/SecurityIpSgxTem1v0_Inputs.h   | 39 +++++++++++++++++++
 .../SecurityIp/SecurityIpSgxTem1v0_Outputs.h  | 22 +++++++++++
 .../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h | 13 +++++++
 .../SecurityIp/SecurityIpTdx1v0_Outputs.h     | 11 ++++++
 .../Include/Guid/SecurityPolicy_Flat.h        | 22 +++++++++++
 7 files changed, 150 insertions(+)
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
 create mode 100644 
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h

diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
new file mode 100644
index 0000000000..4c48ca19ee
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
@@ -0,0 +1,25 @@
+/** @file
+  Provides data structure information used by SiliconIp MK-TME
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// TME
+//
+UINT8  EnableTme;                      // TME Enable
+UINT8  EnableTmeCR;                    // Exclude Crystal Ridge memory from 
encryption.
+
+//
+// MK-TME
+//
+UINT8  EnableMktme;                    // MK-TME Enable
+
+UINT8  ReservedS234;
+UINT8  ReservedS235;
+UINT64 ReservedS236;
+UINT64 ReservedS237;
+UINT8  ReservedS238;
diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
new file mode 100644
index 0000000000..3a6262a658
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
@@ -0,0 +1,18 @@
+/** @file
+  Provides data structure information used by SiliconIp MK-TME
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// MK-TME
+//
+// NAK - Not a knob, used just for indication
+UINT8  TmeCapability; // TME Capable
+UINT8  TmeCrSupport; // Flag used to check if Crystal Ridge is supported in 
UEFI
+UINT8  MktmeCapability; // MK-TME Capable
+UINT16 MktmeMaxKeys; // Max number of keys used for encryption
+UINT8  MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
new file mode 100644
index 0000000000..2deabd0b50
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
@@ -0,0 +1,39 @@
+/** @file
+  Provides data structure information used by SiliconIp SGX-TEM
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+//
+// SGX
+//
+UINT8  EnableSgx;
+UINT8  SgxFactoryReset;                // Delete all registration data, if SGX 
enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize;                      // SGX PRMRR size
+UINT64 ReservedS239;
+UINT8  SgxQoS;                         // SGX Quality of Service
+UINT8  SgxAutoRegistrationAgent;
+UINT8  SgxPackageInfoInBandAccess;     // Expose Package Info to OS
+UINT8  EpochUpdate;
+UINT64 SgxEpoch0;                      // SGX EPOCH0 value {0 - 
0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1;                      // SGX EPOCH1 value {0 - 
0xFFFFFFFFFFFFFFFF}
+UINT8  SgxLeWr;                        // Flexible Launch Enclave Policy (Wr 
En)
+UINT64 SgxLePubKeyHash0;               // Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1;               // Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2;               // Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3;               // Launch Enclave Hash 3
+// Client SGX - unused in server
+UINT8  SgxSinitNvsData;                // SGX NVS data from Flash passed 
during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+                                       // Pass value of zero if there is not 
data saved or when SGX is disabled.
+UINT8  SgxSinitDataFromTpm;            // SGX SVN data from TPM; 0: when SGX 
is disabled or TPM is not present or no data
+                                       // is present in TPM.
+UINT8  SgxDebugMode;
+
+UINT8  ReservedS240;
+UINT8  ReservedS241;
+UINT8  ReservedS242;
+UINT8  ReservedS243;
+UINT8  ReservedS244;
diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
new file mode 100644
index 0000000000..45b63b21c5
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Outputs.h
@@ -0,0 +1,22 @@
+/** @file
+  Provides data structure information used by SiliconIp SGX-TEM
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+// NAK - Not a knob, used just for indication
+UINT8  IsSgxCapable;
+UINT8  IsHwCongifSupportedBySgx;                // ## PRODUCED by SgxPreMemInit
+UINT8  CrDimmsPresent;
+UINT64 ValidPrmrrBitMap;
+UINT64 SprspOrLaterPrmSizeBitmap;               // ## PRODUCED by SgxPreMemInit
+UINT8  ShowEpoch;
+UINT8  SkipSignalPpmDone;                       // ## PRODUCED by SgxEarlyInit
+
+UINT8  SprspOrLaterIsPrmSizeInvalidated;        // ## PRODUCED by SgxPreMemInit
+UINT8  SprspOrLaterAreHardwarePreconditionsMet; // ## PRODUCED by SgxPreMemInit
+UINT8  SprspOrLaterAreMemoryPreconditionsMet;   // ## PRODUCED by SgxPreMeminit
+UINT8  SprspOrLaterAreSetupPreconditionsMet;    // ## PRODUCED by SgxPreMemInit
diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
new file mode 100644
index 0000000000..db5081c0aa
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
@@ -0,0 +1,13 @@
+/** @file
+  Provides data structure information used by SiliconIp TDX
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+UINT8  EnableTdx; // TDX Enable
+UINT8  KeySplit; // TDX/MK-TME key split
+
+UINT8  ReservedS245;
diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
new file mode 100644
index 0000000000..d744baefb5
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Outputs.h
@@ -0,0 +1,11 @@
+/** @file
+  Provides data structure information used by SiliconIp TDX
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+// NAK - Not a knob, used just for indication
+UINT8  TdxCapability; // TDX socket capability
\ No newline at end of file
diff --git 
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
new file mode 100644
index 0000000000..ba62b8c3ab
--- /dev/null
+++ 
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -0,0 +1,22 @@
+/** @file
+  Provides data structure information used by ServerSecurity features in 
literally all products
+  Header is flat and injected directly in SecurityPolicy sructuture and 
SOCKET_PROCESSORCORE_CONFIGURATION.
+
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+  // Header is flat and injected directly in SecurityPolicy sructuture and 
SOCKET_PROCESSORCORE_CONFIGURATION.
+  // Put common definitons here either directly or via intermediate header 
file..
+
+// SECURITY_IP_MKTME_1V0  MkTme;
+#include "SecurityIp/SecurityIpMkTme1v0_Inputs.h"
+#include "SecurityIp/SecurityIpMkTme1v0_Outputs.h"
+// SECURITY_IP_SGXTEM_1V0 SgxTem;
+#include "SecurityIp/SecurityIpSgxTem1v0_Inputs.h"
+#include "SecurityIp/SecurityIpSgxTem1v0_Outputs.h"
+// SECURITY_IP_TDX_1V0    Tdx;
+#include "SecurityIp/SecurityIpTdx1v0_Inputs.h"
+#include "SecurityIp/SecurityIpTdx1v0_Outputs.h"
\ No newline at end of file
-- 
2.27.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77712): https://edk2.groups.io/g/devel/message/77712
Mute This Topic: https://groups.io/mt/84168624/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to