Google Git
Sign in
qemu / edk2 / 9912434785e4cffabd9989ab7fb4c65aa8b08d1d / . / MdePkg / Include / IndustryStandard / UefiTcgPlatform.h
blob: aaee5d6c88421e8b1692bc05571bee4057926f6f [file] [log] [blame]
/** @file
TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and
TCG PC Client Platform Firmware Profile Specification, Revision 1.06
Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __UEFI_TCG_PLATFORM_H__
#define __UEFI_TCG_PLATFORM_H__
#include <IndustryStandard/Tpm12.h>
#include <IndustryStandard/Tpm20.h>
#include <Uefi.h>
//
// Standard event types
//
#define EV_PREBOOT_CERT ((TCG_EVENTTYPE) 0x00000000)
#define EV_POST_CODE ((TCG_EVENTTYPE) 0x00000001)
#define EV_NO_ACTION ((TCG_EVENTTYPE) 0x00000003)
#define EV_SEPARATOR ((TCG_EVENTTYPE) 0x00000004)
#define EV_ACTION ((TCG_EVENTTYPE) 0x00000005)
#define EV_EVENT_TAG ((TCG_EVENTTYPE) 0x00000006)
#define EV_S_CRTM_CONTENTS ((TCG_EVENTTYPE) 0x00000007)
#define EV_S_CRTM_VERSION ((TCG_EVENTTYPE) 0x00000008)
#define EV_CPU_MICROCODE ((TCG_EVENTTYPE) 0x00000009)
#define EV_PLATFORM_CONFIG_FLAGS ((TCG_EVENTTYPE) 0x0000000A)
#define EV_TABLE_OF_DEVICES ((TCG_EVENTTYPE) 0x0000000B)
#define EV_COMPACT_HASH ((TCG_EVENTTYPE) 0x0000000C)
#define EV_NONHOST_CODE ((TCG_EVENTTYPE) 0x0000000F)
#define EV_NONHOST_CONFIG ((TCG_EVENTTYPE) 0x00000010)
#define EV_NONHOST_INFO ((TCG_EVENTTYPE) 0x00000011)
#define EV_OMIT_BOOT_DEVICE_EVENTS ((TCG_EVENTTYPE) 0x00000012)
//
// EFI specific event types
//
#define EV_EFI_EVENT_BASE ((TCG_EVENTTYPE) 0x80000000)
#define EV_EFI_VARIABLE_DRIVER_CONFIG (EV_EFI_EVENT_BASE + 1)
#define EV_EFI_VARIABLE_BOOT (EV_EFI_EVENT_BASE + 2)
#define EV_EFI_BOOT_SERVICES_APPLICATION (EV_EFI_EVENT_BASE + 3)
#define EV_EFI_BOOT_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 4)
#define EV_EFI_RUNTIME_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 5)
#define EV_EFI_GPT_EVENT (EV_EFI_EVENT_BASE + 6)
#define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7)
#define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8)
#define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9)
#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 (EV_EFI_EVENT_BASE + 0xA)
#define EV_EFI_HANDOFF_TABLES2 (EV_EFI_EVENT_BASE + 0xB)
#define EV_EFI_HCRTM_EVENT (EV_EFI_EVENT_BASE + 0x10)
#define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0)
#define EV_EFI_SPDM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 0xE1)
#define EV_EFI_SPDM_FIRMWARE_CONFIG (EV_EFI_EVENT_BASE + 0xE2)
#define EV_EFI_SPDM_DEVICE_BLOB EV_EFI_SPDM_FIRMWARE_BLOB
#define EV_EFI_SPDM_DEVICE_CONFIG EV_EFI_SPDM_FIRMWARE_CONFIG
//
// The SPDM policy database for SPDM verification.
// It goes to PCR7
//
#define EV_EFI_SPDM_DEVICE_POLICY (EV_EFI_EVENT_BASE + 0xE3)
//
// The SPDM policy authority for SPDM verification for the signature
// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7.
//
#define EV_EFI_SPDM_DEVICE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE4)
#define EFI_CALLING_EFI_APPLICATION \
"Calling EFI Application from Boot Option"
#define EFI_RETURNING_FROM_EFI_APPLICATION \
"Returning from EFI Application from Boot Option"
#define EFI_EXIT_BOOT_SERVICES_INVOCATION \
"Exit Boot Services Invocation"
#define EFI_EXIT_BOOT_SERVICES_FAILED \
"Exit Boot Services Returned with Failure"
#define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \
"Exit Boot Services Returned with Success"
#define EV_POSTCODE_INFO_POST_CODE "POST CODE"
#define POST_CODE_STR_LEN (sizeof(EV_POSTCODE_INFO_POST_CODE) - 1)
#define EV_POSTCODE_INFO_SMM_CODE "SMM CODE"
#define SMM_CODE_STR_LEN (sizeof(EV_POSTCODE_INFO_SMM_CODE) - 1)
#define EV_POSTCODE_INFO_ACPI_DATA "ACPI DATA"
#define ACPI_DATA_LEN (sizeof(EV_POSTCODE_INFO_ACPI_DATA) - 1)
#define EV_POSTCODE_INFO_BIS_CODE "BIS CODE"
#define BIS_CODE_LEN (sizeof(EV_POSTCODE_INFO_BIS_CODE) - 1)
#define EV_POSTCODE_INFO_UEFI_PI "UEFI PI"
#define UEFI_PI_LEN (sizeof(EV_POSTCODE_INFO_UEFI_PI) - 1)
#define EV_POSTCODE_INFO_OPROM "Embedded Option ROM"
#define OPROM_LEN (sizeof(EV_POSTCODE_INFO_OPROM) - 1)
#define EV_POSTCODE_INFO_EMBEDDED_UEFI_DRIVER "Embedded UEFI Driver"
#define EMBEDDED_UEFI_DRIVER_LEN (sizeof(EV_POSTCODE_INFO_EMBEDDED_UEFI_DRIVER) - 1)
#define FIRMWARE_DEBUGGER_EVENT_STRING "UEFI Debug Mode"
#define FIRMWARE_DEBUGGER_EVENT_STRING_LEN (sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1)
//
// Set structure alignment to 1-byte
//
#pragma pack (1)
typedef UINT32 TCG_EVENTTYPE;
typedef TPM_PCRINDEX TCG_PCRINDEX;
typedef TPM_DIGEST TCG_DIGEST;
///
/// Event Log Entry Structure Definition
///
typedef struct tdTCG_PCR_EVENT {
TCG_PCRINDEX PCRIndex; ///< PCRIndex event extended to
TCG_EVENTTYPE EventType; ///< TCG EFI event type
TCG_DIGEST Digest; ///< Value extended into PCRIndex
UINT32 EventSize; ///< Size of the event data
UINT8 Event[1]; ///< The event data
} TCG_PCR_EVENT;
#define TSS_EVENT_DATA_MAX_SIZE 256
///
/// TCG_PCR_EVENT_HDR
///
typedef struct tdTCG_PCR_EVENT_HDR {
TCG_PCRINDEX PCRIndex;
TCG_EVENTTYPE EventType;
TCG_DIGEST Digest;
UINT32 EventSize;
} TCG_PCR_EVENT_HDR;
///
/// EFI_PLATFORM_FIRMWARE_BLOB
///
/// BlobLength should be of type UINTN but we use UINT64 here
/// because PEI is 32-bit while DXE is 64-bit on x64 platforms
///
typedef struct tdEFI_PLATFORM_FIRMWARE_BLOB {
EFI_PHYSICAL_ADDRESS BlobBase;
UINT64 BlobLength;
} EFI_PLATFORM_FIRMWARE_BLOB;
///
/// UEFI_PLATFORM_FIRMWARE_BLOB
///
/// This structure is used in EV_EFI_PLATFORM_FIRMWARE_BLOB
/// event to facilitate the measurement of firmware volume.
///
typedef struct tdUEFI_PLATFORM_FIRMWARE_BLOB {
EFI_PHYSICAL_ADDRESS BlobBase;
UINT64 BlobLength;
} UEFI_PLATFORM_FIRMWARE_BLOB;
///
/// UEFI_PLATFORM_FIRMWARE_BLOB2
///
/// This structure is used in EV_EFI_PLATFORM_FIRMWARE_BLOB2
/// event to facilitate the measurement of firmware volume.
///
typedef struct tdUEFI_PLATFORM_FIRMWARE_BLOB2 {
UINT8 BlobDescriptionSize;
// UINT8 BlobDescription[BlobDescriptionSize];
// EFI_PHYSICAL_ADDRESS BlobBase;
// UINT64 BlobLength;
} UEFI_PLATFORM_FIRMWARE_BLOB2;
///
/// EFI_IMAGE_LOAD_EVENT
///
/// This structure is used in EV_EFI_BOOT_SERVICES_APPLICATION,
/// EV_EFI_BOOT_SERVICES_DRIVER and EV_EFI_RUNTIME_SERVICES_DRIVER
///
typedef struct tdEFI_IMAGE_LOAD_EVENT {
EFI_PHYSICAL_ADDRESS ImageLocationInMemory;
UINTN ImageLengthInMemory;
UINTN ImageLinkTimeAddress;
UINTN LengthOfDevicePath;
EFI_DEVICE_PATH_PROTOCOL DevicePath[1];
} EFI_IMAGE_LOAD_EVENT;
///
/// UEFI_IMAGE_LOAD_EVENT
///
/// This structure is used in EV_EFI_BOOT_SERVICES_APPLICATION,
/// EV_EFI_BOOT_SERVICES_DRIVER and EV_EFI_RUNTIME_SERVICES_DRIVER
///
typedef struct tdUEFI_IMAGE_LOAD_EVENT {
EFI_PHYSICAL_ADDRESS ImageLocationInMemory;
UINT64 ImageLengthInMemory;
UINT64 ImageLinkTimeAddress;
UINT64 LengthOfDevicePath;
EFI_DEVICE_PATH_PROTOCOL DevicePath[1];
} UEFI_IMAGE_LOAD_EVENT;
///
/// EFI_HANDOFF_TABLE_POINTERS
///
/// This structure is used in EV_EFI_HANDOFF_TABLES event to facilitate
/// the measurement of given configuration tables.
///
typedef struct tdEFI_HANDOFF_TABLE_POINTERS {
UINTN NumberOfTables;
EFI_CONFIGURATION_TABLE TableEntry[1];
} EFI_HANDOFF_TABLE_POINTERS;
///
/// UEFI_HANDOFF_TABLE_POINTERS
///
/// This structure is used in EV_EFI_HANDOFF_TABLES event to facilitate
/// the measurement of given configuration tables.
///
typedef struct tdUEFI_HANDOFF_TABLE_POINTERS {
UINT64 NumberOfTables;
EFI_CONFIGURATION_TABLE TableEntry[1];
} UEFI_HANDOFF_TABLE_POINTERS;
///
/// UEFI_HANDOFF_TABLE_POINTERS2
///
/// This structure is used in EV_EFI_HANDOFF_TABLES2 event to facilitate
/// the measurement of given configuration tables.
///
typedef struct tdUEFI_HANDOFF_TABLE_POINTERS2 {
UINT8 TableDescriptionSize;
// UINT8 TableDescription[TableDescriptionSize];
// UINT64 NumberOfTables;
// EFI_CONFIGURATION_TABLE TableEntry[1];
} UEFI_HANDOFF_TABLE_POINTERS2;
///
/// EFI_VARIABLE_DATA
///
/// This structure serves as the header for measuring variables. The name of the
/// variable (in Unicode format) should immediately follow, then the variable
/// data.
/// This is defined in TCG EFI Platform Spec for TPM1.1 or 1.2 V1.22
///
typedef struct tdEFI_VARIABLE_DATA {
EFI_GUID VariableName;
UINTN UnicodeNameLength;
UINTN VariableDataLength;
CHAR16 UnicodeName[1];
INT8 VariableData[1]; ///< Driver or platform-specific data
} EFI_VARIABLE_DATA;
///
/// UEFI_VARIABLE_DATA
///
/// This structure serves as the header for measuring variables. The name of the
/// variable (in Unicode format) should immediately follow, then the variable
/// data.
/// This is defined in TCG PC Client Firmware Profile Spec 00.21
///
typedef struct tdUEFI_VARIABLE_DATA {
EFI_GUID VariableName;
UINT64 UnicodeNameLength;
UINT64 VariableDataLength;
CHAR16 UnicodeName[1];
INT8 VariableData[1]; ///< Driver or platform-specific data
} UEFI_VARIABLE_DATA;
//
// For TrEE1.0 compatibility
//
typedef struct {
EFI_GUID VariableName;
UINT64 UnicodeNameLength; // The TCG Definition used UINTN
UINT64 VariableDataLength; // The TCG Definition used UINTN
CHAR16 UnicodeName[1];
INT8 VariableData[1];
} EFI_VARIABLE_DATA_TREE;
typedef struct tdEFI_GPT_DATA {
EFI_PARTITION_TABLE_HEADER EfiPartitionHeader;
UINTN NumberOfPartitions;
EFI_PARTITION_ENTRY Partitions[1];
} EFI_GPT_DATA;
typedef struct tdUEFI_GPT_DATA {
EFI_PARTITION_TABLE_HEADER EfiPartitionHeader;
UINT64 NumberOfPartitions;
EFI_PARTITION_ENTRY Partitions[1];
} UEFI_GPT_DATA;
#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE "SPDM Device Sec"
#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION 1
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_NULL 0
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI 1
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_USB 2
///
/// TCG_DEVICE_SECURITY_EVENT_DATA_HEADER
/// This is the header of TCG_DEVICE_SECURITY_EVENT_DATA, which is
/// used in EV_EFI_SPDM_FIRMWARE_BLOB and EV_EFI_SPDM_FIRMWARE_CONFIG.
///
typedef struct {
UINT8 Signature[16];
UINT16 Version;
UINT16 Length;
UINT32 SpdmHashAlgo;
UINT32 DeviceType;
// SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER;
#define TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION 0
///
/// TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
/// This is the PCI context data of TCG_DEVICE_SECURITY_EVENT_DATA, which is
/// used in EV_EFI_SPDM_FIRMWARE_BLOB and EV_EFI_SPDM_FIRMWARE_CONFIG.
///
typedef struct {
UINT16 Version;
UINT16 Length;
UINT16 VendorId;
UINT16 DeviceId;
UINT8 RevisionID;
UINT8 ClassCode[3];
UINT16 SubsystemVendorID;
UINT16 SubsystemID;
} TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT;
#define TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT_VERSION 0
///
/// TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
/// This is the USB context data of TCG_DEVICE_SECURITY_EVENT_DATA, which is
/// used in EV_EFI_SPDM_FIRMWARE_BLOB and EV_EFI_SPDM_FIRMWARE_CONFIG.
///
typedef struct {
UINT16 Version;
UINT16 Length;
// UINT8 DeviceDescriptor[DescLen];
// UINT8 BodDescriptor[DescLen];
// UINT8 ConfigurationDescriptor[DescLen][NumOfConfiguration];
} TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT;
//
// Crypto Agile Log Entry Format
//
typedef struct tdTCG_PCR_EVENT2 {
TCG_PCRINDEX PCRIndex;
TCG_EVENTTYPE EventType;
TPML_DIGEST_VALUES Digest;
UINT32 EventSize;
UINT8 Event[1];
} TCG_PCR_EVENT2;
//
// TCG PCR Event2 Header
// Follow TCG EFI Protocol Spec 5.2 Crypto Agile Log Entry Format
//
typedef struct tdTCG_PCR_EVENT2_HDR {
TCG_PCRINDEX PCRIndex;
TCG_EVENTTYPE EventType;
TPML_DIGEST_VALUES Digests;
UINT32 EventSize;
} TCG_PCR_EVENT2_HDR;
//
// Log Header Entry Data
//
typedef struct {
//
// TCG defined hashing algorithm ID.
//
UINT16 algorithmId;
//
// The size of the digest for the respective hashing algorithm.
//
UINT16 digestSize;
} TCG_EfiSpecIdEventAlgorithmSize;
#define TCG_EfiSpecIDEventStruct_SIGNATURE_02 "Spec ID Event02"
#define TCG_EfiSpecIDEventStruct_SIGNATURE_03 "Spec ID Event03"
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM12 1
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM12 2
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM12 2
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2 2
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105 105
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106 106
typedef struct {
UINT8 signature[16];
//
// The value for the Platform Class.
// The enumeration is defined in the TCG ACPI Specification Client Common Header.
//
UINT32 platformClass;
//
// The TCG EFI Platform Specification minor version number this BIOS supports.
// Any BIOS supporting version (1.22) MUST set this value to 02h.
// Any BIOS supporting version (2.0) SHALL set this value to 0x00.
//
UINT8 specVersionMinor;
//
// The TCG EFI Platform Specification major version number this BIOS supports.
// Any BIOS supporting version (1.22) MUST set this value to 01h.
// Any BIOS supporting version (2.0) SHALL set this value to 0x02.
//
UINT8 specVersionMajor;
//
// The TCG EFI Platform Specification errata for this specification this BIOS supports.
// Any BIOS supporting version and errata (1.22) MUST set this value to 02h.
// Any BIOS supporting version and errata (2.0) SHALL set this value to 0x00.
//
UINT8 specErrata;
//
// Specifies the size of the UINTN fields used in various data structures used in this specification.
// 0x01 indicates UINT32 and 0x02 indicates UINT64.
//
UINT8 uintnSize;
//
// This field is added in "Spec ID Event03".
// The number of hashing algorithms used in this event log (except the first event).
// All events in this event log use all hashing algorithms defined here.
//
// UINT32 numberOfAlgorithms;
//
// This field is added in "Spec ID Event03".
// An array of size numberOfAlgorithms of value pairs.
//
// TCG_EfiSpecIdEventAlgorithmSize digestSize[numberOfAlgorithms];
//
// Size in bytes of the VendorInfo field.
// Maximum value SHALL be FFh bytes.
//
// UINT8 vendorInfoSize;
//
// Provided for use by the BIOS implementer.
// The value might be used, for example, to provide more detailed information about the specific BIOS such as BIOS revision numbers, etc.
// The values within this field are not standardized and are implementer-specific.
// Platform-specific or -unique information SHALL NOT be provided in this field.
//
// UINT8 vendorInfo[vendorInfoSize];
} TCG_EfiSpecIDEventStruct;
typedef struct tdTCG_PCClientTaggedEvent {
UINT32 taggedEventID;
UINT32 taggedEventDataSize;
// UINT8 taggedEventData[taggedEventDataSize];
} TCG_PCClientTaggedEvent;
#define TCG_Sp800_155_PlatformId_Event_SIGNATURE "SP800-155 Event"
#define TCG_Sp800_155_PlatformId_Event2_SIGNATURE "SP800-155 Event2"
#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE "SP800-155 Event3"
typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
UINT8 Signature[16];
//
// Where Vendor ID is an integer defined
// at http://www.iana.org/assignments/enterprisenumbers
//
UINT32 VendorId;
//
// 16-byte identifier of a given platform's static configuration of code
//
EFI_GUID ReferenceManifestGuid;
//
// Below structure is newly added in TCG_Sp800_155_PlatformId_Event2.
//
// UINT8 PlatformManufacturerStrSize;
// UINT8 PlatformManufacturerStr[PlatformManufacturerStrSize];
// UINT8 PlatformModelSize;
// UINT8 PlatformModel[PlatformModelSize];
// UINT8 PlatformVersionSize;
// UINT8 PlatformVersion[PlatformVersionSize];
// UINT8 PlatformModelSize;
// UINT8 PlatformModel[PlatformModelSize];
// UINT8 FirmwareManufacturerStrSize;
// UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize];
// UINT32 FirmwareManufacturerId;
// UINT8 FirmwareVersion;
// UINT8 FirmwareVersion[FirmwareVersionSize];
} TCG_Sp800_155_PlatformId_Event2;
typedef struct tdTCG_Sp800_155_PlatformId_Event3 {
UINT8 Signature[16];
//
// Where Vendor ID is an integer defined
// at http://www.iana.org/assignments/enterprisenumbers
//
UINT32 VendorId;
//
// 16-byte identifier of a given platform's static configuration of code
//
EFI_GUID ReferenceManifestGuid;
// UINT8 PlatformManufacturerStrSize;
// UINT8 PlatformManufacturerStr[PlatformManufacturerStrSize];
// UINT8 PlatformModelSize;
// UINT8 PlatformModel[PlatformModelSize];
// UINT8 PlatformVersionSize;
// UINT8 PlatformVersion[PlatformVersionSize];
// UINT8 PlatformModelSize;
// UINT8 PlatformModel[PlatformModelSize];
// UINT8 FirmwareManufacturerStrSize;
// UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize];
// UINT32 FirmwareManufacturerId;
// UINT8 FirmwareVersion;
// UINT8 FirmwareVersion[FirmwareVersionSize];
//
// Below structure is newly added in TCG_Sp800_155_PlatformId_Event3
//
// UINT32 RimLocatorType;
// UINT32 RimLocatorLength;
// UINT8 RimLocator[RimLocatorLength];
// UINT32 PlatformCertLocatorType;
// UINT32 PlatformCertLocatorLength;
// UINT8 PlatformCertLocator[PlatformCertLocatorLength];
} TCG_Sp800_155_PlatformId_Event3;
#define TCG_EfiStartupLocalityEvent_SIGNATURE "StartupLocality"
//
// The Locality Indicator which sent the TPM2_Startup command
//
#define LOCALITY_0_INDICATOR 0x00
#define LOCALITY_3_INDICATOR 0x03
//
// Startup Locality Event
//
typedef struct tdTCG_EfiStartupLocalityEvent {
UINT8 Signature[16];
//
// The Locality Indicator which sent the TPM2_Startup command
//
UINT8 StartupLocality;
} TCG_EfiStartupLocalityEvent;
//
// Restore original structure alignment
//
#pragma pack ()
//
// ======================================================================================================================
// Event Type PCR Event Log Usage
// ======================================================================================================================
// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device
// EV_EFI_SPDM_DEVICE_CONFIG 3 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device
// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device
// EV_EFI_SPDM_DEVICE_POLICY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST Provisioned device public cert.
// EV_EFI_SPDM_DEVICE_AUTHORITY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA CHALLENGE_AUTH signature verification
// ======================================================================================================================
//
#define PCR_INDEX_FOR_SIGNATURE_DB 7
#pragma pack(1)
#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1 1
#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2 2
#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2 "SPDM Device Sec2"
typedef struct {
UINT8 Signature[16];
UINT16 Version;
UINT8 AuthState;
UINT8 Reserved;
UINT32 Length; // Length in bytes for all following structures.
UINT32 DeviceType;
UINT32 SubHeaderType;
UINT32 SubHeaderLength; // Length in bytes of the sub header followed by.
UINT64 SubHeaderUID; // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together.
// UINT64 DevicePathLength;
// UINT8 DevicePath[DevicePathLength];
} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2;
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS 0
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH 1
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING 2
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG 3
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID 4
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM 0xFF
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK 0
#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN 1
typedef struct {
UINT16 SpdmVersion;
UINT8 SpdmMeasurementBlockCount;
UINT8 Reserved;
UINT32 SpdmMeasurementHashAlgo;
// SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
typedef struct {
UINT16 SpdmVersion;
UINT8 SpdmSlotId;
UINT8 Reserved;
UINT32 SpdmHashAlgo;
// SPDM_CERT_CHAIN SpdmCertChain;
} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN;
typedef struct {
UINT32 Type;
UINT32 Length;
UINT8 Value[1];
} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT;
typedef union {
TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain;
TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement;
} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER;
typedef union {
TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT Pci;
TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT Usb;
} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
typedef struct {
TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader;
TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader;
TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
} TCG_DEVICE_SECURITY_EVENT_DATA2;
#pragma pack()
//
// EventType:EV_NO_ACTION
// ======================================================================================================================
// NVIndex Name PCR/NvIndex Event Log Usage
// ======================================================================================================================
// NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 NV_INDEX_INSTANCE_EVENT_LOG_STRUCT NV Extend Record for instance data (CertChain)
// NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT NV Extend Record for dynamic data (Nonce)
// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ExitPmAuth
// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ReadyToBoot
// ======================================================================================================================
//
#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200
#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201
#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202
#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203
#pragma pack(1)
#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE "NvIndexInstance"
#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION 1
typedef struct {
UINT8 Signature[16];
UINT16 Version;
UINT8 Reserved[6];
// TCG_DEVICE_SECURITY_EVENT_DATA2 Data;
} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT;
#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE "NvIndexDynamic "
#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION 1
#define TCG_SPDM_CHALLENGE_DESCRIPTION "SPDM CHALLENGE"
#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION "SPDM CHALLENGE_AUTH"
#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION "SPDM GET_MEASUREMENTS"
#define TCG_SPDM_MEASUREMENTS_DESCRIPTION "SPDM MEASUREMENTS"
typedef struct {
UINT8 Signature[16];
UINT16 Version;
UINT8 Reserved[6];
UINT64 Uid;
// UINT16 DescriptionSize;
// UINT8 Description[DescriptionSize];
// UINT16 DataSize;
// UINT8 Data[DataSize];
} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT;
typedef struct {
TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
UINT16 DescriptionSize;
UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)];
UINT16 DataSize;
UINT8 Data[32];
} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE;
typedef struct {
TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
UINT16 DescriptionSize;
UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)];
UINT16 DataSize;
UINT8 Data[32];
} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH;
typedef struct {
TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
UINT16 DescriptionSize;
UINT8 Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)];
UINT16 DataSize;
UINT8 Data[32];
} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS;
typedef struct {
TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header;
UINT16 DescriptionSize;
UINT8 Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)];
UINT16 DataSize;
UINT8 Data[32];
} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS;
#pragma pack()
#endif