├── LICENSE ├── README.md ├── SECURITY.md ├── attestation.rst ├── meter-certificate.rst ├── os-interface.rst └── state-certificate-encoding.rst /LICENSE: -------------------------------------------------------------------------------- 1 | # License 2 | 3 | This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0). 4 | 5 | Copyright (C) Intel Corporation 2022-2024. "Intel® On Demand (formerly known as Software Defined Silicon or SDSi) documentation". 6 | 7 | Available at https://github.com/intel/intel-sdsi 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | Intel® Xeon® family processors with support for Intel® On Demand (formerly 4 | known as Software Defined Silicon or SDSi) allow the configuration of 5 | additional CPU features through a license activation process. 6 | 7 | Documentation in this repository provides information about the OS interface 8 | used to communicate with On Demand hardware/firmware to perform CPU provisioning 9 | and other related tasks. 10 | 11 | # Documents 12 | 13 | * [os-interface.rst](os-interface.rst) describes On Demand enumeration, mailbox structure, mailbox commands, and registers. 14 | * [state-certificate-encoding.rst](state-certificate-encoding.rst) describes the structure of the state certificate. 15 | * [meter-certificate.rst](meter-certificate.rst) describes the structure of the meter certificate. 16 | * [attestation.rst](attestation.rst) describes the attestation services. 17 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. 3 | 4 | ## Reporting a Vulnerability 5 | Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html). 6 | -------------------------------------------------------------------------------- /attestation.rst: -------------------------------------------------------------------------------- 1 | Intel On Demand Attestation Service 2 | ----------------------------------- 3 | 4 | Attestation support is indicated when the ATTESTATION_ENABLE bit is set in the 5 | ENABLED_FEATURES register. Intel On Demand uses the Security Protocol and Data 6 | Model Specification (SPDM) to perform the attestation service. This service 7 | is based on the `SPDM 1.0`__ protocol. The attestation service allows for the 8 | authentication of the Intel On Demand hardware and verification of its firmware 9 | measurements. The Intel On Demand measurements that can be verified are the 10 | state certificate and meter certificate. 11 | 12 | .. __: https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.0.pdf 13 | 14 | SPDM attestation is performed through the mailbox operation using the 15 | ATTESTATION command. The Mailbox DATA will contain the SPDM message. The 16 | following SPDM messages are supported by Intel On Demand hardware when the 17 | ATTESTATION_ENABLE bit is set: 18 | 19 | * GET_VERSION 20 | * GET_DIGESTS 21 | * GET_CERTIFICATE 22 | * CHALLENGE 23 | * GET_MEASUREMENTS 24 | * GET_CAPABILITIES 25 | * NEGOTIATE_ALGORITHMS 26 | 27 | The attestation flow is the sequence of commands and corresponding responses 28 | exchanged between the Platform Root of Trust (Requester) and Intel On Demand 29 | hardware (Responder). The valid command order is defined by the SPDM standard. 30 | Per the standard, the possible request orderings after Power on Reset are listed 31 | below explicitly: 32 | 33 | * GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHMS, GET_DIGESTS, GET_CERTIFICATE, CHALLENGE 34 | * GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHMS, GET_DIGESTS, CHALLENGE 35 | * GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHMS, CHALLENGE 36 | 37 | Intel On Demand hardware doesn't support caching capability over reset (reported 38 | in the GET_CAPABILITIES response, CACHE_CAP flag). As a result, after reset 39 | sequences shall start with the GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHMS 40 | command sequence. Following one successful negotiation, the ordering below will 41 | be supported as well: 42 | 43 | * GET_DIGESTS, GET_CERTIFICATE, CHALLENGE 44 | * GET_DIGESTS, CHALLENGE 45 | * GET_DIGESTS 46 | * CHALLENGE 47 | 48 | After reset, the negotiation steps (GET_VERSION, GET_CAPABILITY, 49 | NEGOTIATE_ALGORITHMS) must be repeated. 50 | 51 | Structure of SPDM messages in the On Demand mailbox 52 | --------------------------------------------------- 53 | 54 | Because the mailbox requires QWORD alignment, padding needs to added at the end 55 | of the SPDM message as needed to ensure an 8-byte alignment. Because of the 56 | variable size of some SPDM messages, an additional 8-byte field is used to 57 | indicate the actual non-padded size of the SPDM message so that the correct data 58 | and length may be sent. After this field, the last field is the ATTESTATION 59 | mailbox command. 60 | 61 | Example for a GET_VERSION Request: 62 | 63 | +---------------+---------------+---------------+---------------+-------+ 64 | | Byte 3 | Byte 2 | Byte 1 | Byte 0 | DWORD | 65 | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=======+ 66 | |7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0| | 67 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------+ 68 | | GET_VERSION requestor message (4 bytes) | 0 | 69 | +---------------------------------------------------------------+-------+ 70 | | Padding (4 bytes) | 1 | 71 | +---------------------------------------------------------------+-------+ 72 | | SPDM command length = 4 | 2 | 73 | | +-------+ 74 | | | 3 | 75 | +---------------------------------------------------------------+-------+ 76 | | ATTESTATION mailbox command = 0x1012 | 4 | 77 | | +-------+ 78 | | | 5 | 79 | +---------------------------------------------------------------+-------+ 80 | 81 | * The GET_VERSION message is only 4 bytes and requires an additional 4 bytes of padding. 82 | * The next QWORD contains the actual length of the GET_VERSION message, 4 bytes. 83 | * The last QWORD contamailbox command 84 | * Note: The total size of the mailbox message is 24 bytes. This is the value set for both the packet size and message size fields in the mailbox control register. 85 | 86 | Supported Algorithms 87 | -------------------- 88 | 89 | Supported algorithms will be indicated in the NEGOTIATE_ALGORITHMS response. 90 | The following are the current algorithms supported by the attestation service. 91 | 92 | +------------------------------------------+-----------------------------+ 93 | | Measurement Hash Algorithm | TPM_ALG_SHA_384 | 94 | +------------------------------------------+-----------------------------+ 95 | | Base Asymmetric Key Signature Algorithms | TPM_ALG_ECDSA_ECC_NIST_P384 | 96 | +------------------------------------------+-----------------------------+ 97 | | Base Hashing Algorithms | TPM_ALG_SHA_384 | 98 | +------------------------------------------+-----------------------------+ 99 | 100 | Certificate Chains 101 | ------------------- 102 | 103 | A single certificate is supported and is retrievable from the first slot of the 104 | GET_CERTIFICATE message. A hash of this certificate chain is retrievable in the 105 | first slot of the GET_DIGESTS message response. 106 | 107 | Measurements 108 | ------------ 109 | 110 | Upon successful completion of the attestation flow, hardware measurements may be 111 | collected using the GET_MEASUREMENTS command. Intel On Demand hardware supports 112 | measurement for two entries, entry 0 which is a hash of the NVRAM region used 113 | to store the state certificate, and entry 1 which is a hash of the region used 114 | to store the meter certificate. Measurements may be signed if requested with 115 | support indicated in the CAPABILITIES response. 116 | -------------------------------------------------------------------------------- /meter-certificate.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | Meter Certificate Encoding 3 | ========================== 4 | 5 | +-------------------+----------------+--------+-------------------------------------------------+ 6 | | Name | Offset | Byte | Description  | 7 | | |  | Length | | 8 | +===================+================+========+=================================================+ 9 | | Meter Data Block | 0x00 | 4 | The meter data block signature. ASCII encoded | 10 | | Signature  | | | 'MTDB' | 11 | +-------------------+----------------+--------+-------------------------------------------------+ 12 | | Meter Data Block | 0x04 | 4 | Version used to distinguish different set of | 13 | | Version  | | | counters. | 14 | +-------------------+----------------+--------+-------------------------------------------------+ 15 | | PPIN  | 0x08  | 8  | Protected Processor Inventory Number   | 16 | +-------------------+----------------+--------+-------------------------------------------------+ 17 | | Meter Counter | 0x10  | 4  | Counter tick units in milliseconds. Each unit | 18 | | Unit | | | of the counter in the counter data below | 19 | | | | | corresponds to the milli seconds value | 20 | | | | | identified here.  | 21 | | | | | Default value is 1000 ms   | 22 | +-------------------+----------------+--------+-------------------------------------------------+ 23 | | Feature Bundle | 0x14  | 4  | Length of the encodings and meter data in this | 24 | | Length | | | data block in bytes. | 25 | +-------------------+----------------+--------+-------------------------------------------------+ 26 | | Reserved  | 0x18  | 8  | Reserved | 27 | +-------------------+----------------+--------+-------------------------------------------------+ 28 | | MASTER REFERENCE | 0x20  | 4  | Master meter reference counter. This is an ever | 29 | | METER ENCODING | | | incrementing running counter identifier that | 30 | | | | | counts units of CPU power up time. ASCII | 31 | | | | | encoded ‘MMRC’.  | 32 | +-------------------+----------------+--------+-------------------------------------------------+ 33 | | MASTER REFERENCE | 0x24  | 4  | Actual master meter reference counter running | 34 | | METER COUNTER | | | value | 35 | +-------------------+----------------+--------+-------------------------------------------------+ 36 | | FUSE BUNDLE | 0x28  | 4  | 32 bit ASCII encoding for the feature being | 37 | | ENCODING 0  | | | counted. (For example “CC02”)  | 38 | +-------------------+----------------+--------+-------------------------------------------------+ 39 | | FUSE BUNDLE | 0x2C  | 4  | Encoding 0 counter data  | 40 | | ENCODING 0 | | | | 41 | | COUNTER  | | | | 42 | +-------------------+----------------+--------+-------------------------------------------------+ 43 | | …  | …  | …  | …  | 44 | +-------------------+----------------+--------+-------------------------------------------------+ 45 | | FUSE BUNDLE | [Bundle length | 4 | 32 bit ASCII encoding for the feature being | 46 | | ENCODING N  | \- 0x8 bytes] | | counted. | 47 | | | | | | 48 | +-------------------+----------------+--------+-------------------------------------------------+ 49 | | FUSE BUNDLE | [Bundle length | 4  | Encoding N counter data  | 50 | | ENCODING N | \- 0x4 bytes]  | | | 51 | | COUNTER  | | | | 52 | +-------------------+----------------+--------+-------------------------------------------------+ 53 | 54 | 55 | -------------------------------------------------------------------------------- /os-interface.rst: -------------------------------------------------------------------------------- 1 | ================================== 2 | Intel® On Demand In-band Interface 3 | ================================== 4 | 5 | On Demand Capability Enumeration 6 | -------------------------------- 7 | 8 | Intel On Demand is enumerated, per socket, as a PCI Express Vendor Specific 9 | Capability (VSEC) on a PCIe endpoint device. The table below shows the entire 10 | VSEC header for On Demand including the PCI Express Extended capability header. 11 | The VSEC is used by software to locate the On Demand discovery structure. 12 | 13 | Refer to the PCI Express Specification for details on the Vendor Specific 14 | Capability definitions. 15 | 16 | +---------------+---------------+---------------+---------------+ 17 | | Byte 3 | Byte 2 | Byte 1 | Byte 0 | 18 | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 19 | |7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0| 20 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 21 | | Next | Cap | PCI Express Extended | 22 | | Capability | Ver = | Capability ID = 000Bh | 23 | | Offset | 1h | | 24 | +-----------------------+-------+-------------------------------+ 25 | | | VSEC | | 26 | | VSEC Length = 10h | REV = | VSEC ID = 0041h | 27 | | | 1h | (On Demand Capability No.) | 28 | +---------------+-------+-------+-------------------------------+ 29 | | Entry Size | Number of | | 30 | | = 4 (MMIO size| Entries = 1 | Reserved | 31 | | in DWORDS) | | | 32 | +---------------+---------------+-------------------------+-----+ 33 | | | | 34 | | Offset | TBIR| 35 | +---------------------------------------------------------+-----+ 36 | 37 | On Demand discovery structure 38 | ----------------------------- 39 | 40 | The On Demand discovery structure provides the location of the memory mapped 41 | region used to access the On Demand mailbox and hardware registers. 42 | 43 | +---------------+---------------+---------------+---------------+ 44 | | Byte 3 | Byte 2 | Byte 1 | Byte 0 | 45 | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 46 | |7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0| 47 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 48 | | RSVD | Size in DWORDS | Type = 3 | Access| 49 | | | | | Type | 50 | +-------+-------------------------------+---------------+-------+ 51 | | GUID | 52 | +---------------------------------------------------------+-----+ 53 | | | | 54 | | BAR Offset from TBIR | TBIR| 55 | +---------------------------------------------------------+-----+ 56 | 57 | Access Type = 2: MMIO space is at BAR[TBIR] + Offset 58 | 59 | Access Type = 3: MMIO space is at OFFSET + 10h from the from the address of the On Demand discover structure 60 | 61 | GUID: An ID that identifies the memory layout of the registers in the On Demand MMIO space. 62 | 63 | 64 | On Demand MMIO layout for GUID = 006DD191h 65 | ------------------------------------------ 66 | 67 | +--------------------+-----+---------+----------+---------------------------------------+ 68 | | Name | R/W | Size | Offset | Description | 69 | | | | (Bytes) | (DWORDS) | | 70 | +====================+=====+=========+==========+=======================================+ 71 | | Control Structure | R/W | 8 | 0 | Control for mailbox (see below) | 72 | +--------------------+-----+---------+----------+---------------------------------------+ 73 | | Mailbox | R/W | 1024 | 2 | Mailbox buffer (see below) | 74 | +--------------------+-----+---------+----------+---------------------------------------+ 75 | | PPIN | R | 8 | 258 | Protected Processor Inventory Number | 76 | +--------------------+-----+---------+----------+---------------------------------------+ 77 | | Registers | R | 48 | 260 | On Demand registers (see below) | 78 | +--------------------+-----+---------+----------+---------------------------------------+ 79 | | PCU_CR3_CAPID1_CFG | R | 8 | 272 | | 80 | +--------------------+-----+---------+----------+---------------------------------------+ 81 | | Socket ID | R | 8 | 274 | Socket ID is bits 3:0 | 82 | +--------------------+-----+---------+----------+---------------------------------------+ 83 | 84 | 85 | On Demand MMIO layout for GUID = F210D9EFh 86 | ------------------------------------------ 87 | 88 | +--------------------+-----+---------+----------+---------------------------------------+ 89 | | Name | R/W | Size | Offset | Description | 90 | | | | (Bytes) | (DWORDS) | | 91 | +====================+=====+=========+==========+=======================================+ 92 | | Control Structure | R/W | 16 | 0 | Control for mailbox (see below) | 93 | +--------------------+-----+---------+----------+---------------------------------------+ 94 | | Mailbox | R/W | 1024 | 4 | Mailbox buffer (see below) | 95 | +--------------------+-----+---------+----------+---------------------------------------+ 96 | | PPIN | R | 8 | 260 | Protected Processor Inventory Number | 97 | +--------------------+-----+---------+----------+---------------------------------------+ 98 | | Registers | R | 48 | 262 | On Demand registers (see below) | 99 | +--------------------+-----+---------+----------+---------------------------------------+ 100 | | PCU_CR3_CAPID1_CFG | R | 4 | 274 | | 101 | +--------------------+-----+---------+----------+---------------------------------------+ 102 | | RESERVED | R | 4 | 275 | | 103 | +--------------------+-----+---------+----------+---------------------------------------+ 104 | | Socket ID | R | 4 | 276 | Socket ID is bits 3:0 | 105 | +--------------------+-----+---------+----------+---------------------------------------+ 106 | 107 | 108 | On Demand MMIO details 109 | ---------------------- 110 | 111 | Control Structure for GUID = 006DD191h 112 | ++++++++++++++++++++++++++++++++++++++ 113 | 114 | +---------------+---------------+---------------+-------------------------------+ 115 | | Byte 3 | Byte 2 | Byte 1 | Byte 0 | 116 | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+===+===+===+===+===+===+===+ 117 | |7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 118 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---+---+---+---+---+---+---+---+ 119 | | Packet Size | Status |RDY|CPL| Owner |EOM|SOM|R/W|RUN| 120 | | | Code | | | | | | |BSY| 121 | | | | | | | | | | | 122 | | | | | | | | | | | 123 | | | | | | | | | | | 124 | | | | | | | | | | | 125 | | | | | | | | | | | 126 | | | | | | | | | | | 127 | +-------------------------------+---------------+---+---+-------+---+---+---+---+ 128 | | Message Size | Reserved | 129 | +-------------------------------+-----------------------------------------------+ 130 | 131 | Control Structure for GUID = F210D9EFh 132 | ++++++++++++++++++++++++++++++++++++++ 133 | 134 | +---------------+---------------+---------------+-------------------------------+ 135 | | Byte 3 | Byte 2 | Byte 1 | Byte 0 | 136 | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+===+===+===+===+===+===+===+ 137 | |7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 138 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---+---+---+---+---+---+---+---+ 139 | | Packet Size | Status |RDY|CPL| Owner |EOM|SOM|R/W|RUN| 140 | | | Code | | | | | | |BSY| 141 | | | | | | | | | | | 142 | | | | | | | | | | | 143 | | | | | | | | | | | 144 | | | | | | | | | | | 145 | | | | | | | | | | | 146 | | | | | | | | | | | 147 | +-------------------------------+---------------+---+---+-------+---+---+---+---+ 148 | | Message Size | Reserved | I | 149 | | | | B | 150 | | | | L | 151 | | | | O | 152 | | | | C | 153 | | | | K | 154 | +-------------------------------+-------------------------------------------+---+ 155 | | Reserved | Metering update period | 156 | +-------------------------------+-----------------------------------------------+ 157 | | Reserved | 158 | +-------------------------------+-----------------------------------------------+ 159 | 160 | CONTROL FIELDS 161 | 162 | +--------+----------+---------------+-----+---------------------------------------------------------+ 163 | | Bits | Field | Default value | R/W | Description | 164 | +========+==========+===============+=====+=========================================================+ 165 | | 0 | RUN/BUSY | 0 | R/W | Flag is set by requester to initiate data transmission. | 166 | | | | | | On Demand firmware clears this flag when the | 167 | | | | | | transmission has ended. | 168 | +--------+----------+---------------+-----+---------------------------------------------------------+ 169 | | 1 | Read/ | 0 | R/W | Determines whether read from or write to mailbox shall | 170 | | | Write | | | be performed: | 171 | | | Command | | | | 172 | | | | | | = 0 for read | 173 | | | | | | | 174 | | | | | | = 1 for write | 175 | +--------+----------+---------------+-----+---------------------------------------------------------+ 176 | | 2 | SOM | 0 | R/W | When data is ready to be read, this bit is set by | 177 | | | | | | firmware to indicate that the data in the mailbox is | 178 | | | | | | the first packet. | 179 | +--------+----------+---------------+-----+---------------------------------------------------------+ 180 | | 3 | EOM | 0 | R/W | When data is ready to be read, this bit is set by | 181 | | | | | | firmware to indicate that the data in the mailbox is | 182 | | | | | | the last packet. | 183 | +--------+----------+---------------+-----+---------------------------------------------------------+ 184 | | 5:4 | Owner | 0 | R | Mailbox ownership – read only: | 185 | | | | | | | 186 | | | | | | 2’b00 – None – Mailbox is free to use | 187 | | | | | | | 188 | | | | | | 2’b01 – In-band agent | 189 | | | | | | | 190 | | | | | | 2’b10 – Out-of-band agent | 191 | | | | | | | 192 | | | | | | 2’b11 – Reserved | 193 | +--------+----------+---------------+-----+---------------------------------------------------------+ 194 | | 6 | CPL | 0 | R/W | Complete bit. | 195 | | | | | | | 196 | | | | | | At the end of data transmission, used to indicate to | 197 | | | | | | firmware that processing is complete and ownership of | 198 | | | | | | the mailbox is relinquished. | 199 | | | | | | | 200 | | | | | | Read command: For reads greater than 1024B, setting | 201 | | | | | | this bit also adjusts the buffer read position forward | 202 | | | | | | by 1024B. | 203 | +--------+----------+---------------+-----+---------------------------------------------------------+ 204 | | 7 | RDY | 0 | R | Read command only. This bit is set by firmware when a | 205 | | | | | | packet is ready to be read. | 206 | +--------+----------+---------------+-----+---------------------------------------------------------+ 207 | | 15:8 | Status | 0 | R | Status of mailbox operation filled by firmware at the | 208 | | | Code | | | end of a read or write operation. | 209 | | | | | | | 210 | | | | | | = 0x40 – Success | 211 | | | | | | | 212 | | | | | | = 0x80 – Timeout | 213 | | | | | | | 214 | | | | | | = 0x90 – Failure | 215 | +--------+----------+---------------+-----+---------------------------------------------------------+ 216 | | 31:16 | Packet | 0 | R/W | Mailbox packet size in bytes. Written by the requester | 217 | | | Size | | | at start of transmission. Written by the firmware when | 218 | | | | | | data is ready to be read. | 219 | +--------+----------+---------------+-----+---------------------------------------------------------+ 220 | | 32 | In-Band | 0 | | If set, indicates in-band access is locked by BIOS. | 221 | | | Lock | | | | 222 | +--------+----------+---------------+-----+---------------------------------------------------------+ 223 | | 47:33 | Reserved | | | | 224 | +--------+----------+---------------+-----+---------------------------------------------------------+ 225 | | 63:48 | Message | 0 | R | Read command only. Total message size in bytes. Set by | 226 | | | Size | | | firmware when data is greater than 1024B. Size is QWORD | 227 | | | | | | aligned. | 228 | +--------+----------+---------------+-----+---------------------------------------------------------+ 229 | | 79:64 | Metering | | | | 230 | | | Update | | | | 231 | | | Period | | | | 232 | +--------+----------+---------------+-----+---------------------------------------------------------+ 233 | | 127:80 | Reserved | | | | 234 | +--------+----------+---------------+-----+---------------------------------------------------------+ 235 | 236 | Mailbox 237 | +++++++ 238 | 239 | +---------------+---------------+---------------+---------------+-------+ 240 | | Byte 3 | Byte 2 | Byte 1 | Byte 0 | DWORD | 241 | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=======+ 242 | |7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0|7|6|5|4|3|2|1|0| | 243 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------+ 244 | | (63:0) Data 0 | 0 | 245 | | +-------+ 246 | | | 1 | 247 | +---------------------------------------------------------------+-------+ 248 | | ... | 249 | +---------------------------------------------------------------+-------+ 250 | | (8191:8128) Data 127 | 254 | 251 | | +-------+ 252 | | | 255 | 253 | +---------------------------------------------------------------+-------+ 254 | 255 | MAILBOX COMMANDS 256 | 257 | +------------------+------------+---------------------------------------------------------+ 258 | | Command Name | Command ID | Description | 259 | +==================+============+=========================================================+ 260 | | PROVISION_AKC | 0x04 | Write the authentication key certificate (AKC) in the | 261 | | | | mailbox to On Demand hardware. | 262 | +------------------+------------+---------------------------------------------------------+ 263 | | PROVISION_CAP | 0x08 | Write the capability activation payload (CAP) in the | 264 | | | | mailbox to On Demand hardware. | 265 | +------------------+------------+---------------------------------------------------------+ 266 | | READ_STATE_CERT | 0x10 | Read the state certificate from the On Demand hardware | 267 | | | | to mailbox. | 268 | +------------------+------------+---------------------------------------------------------+ 269 | | READ_METER_CERT | 0x14 | Read the meter certificate from the On Demand hardware | 270 | | | | to mailbox. | 271 | +------------------+------------+---------------------------------------------------------+ 272 | 273 | Mailbox commands are written to the Mailbox buffer in the last QWORD following a 274 | payload, if applicable. 275 | 276 | On Demand Registers 277 | +++++++++++++++++++ 278 | 279 | +--------+---------+---------------------------------+---------------------------------+ 280 | | Offset | Size | Name | Description | 281 | | | (bytes) | | | 282 | +========+=========+=================================+=================================+ 283 | | 0x00 | 8 | CONTENT_AUTH_ERROR_STATUS | Content authorization error | 284 | | | | | status | 285 | +--------+---------+---------------------------------+---------------------------------+ 286 | | 0x08 | 8 | ENABLED_FEATURES | Enabled features (see below) | 287 | +--------+---------+---------------------------------+---------------------------------+ 288 | | 0x10 | 8 | KEY_PROVISIONING_STATUS | Key provisioning status | 289 | +--------+---------+---------------------------------+---------------------------------+ 290 | | 0x18 | 8 | PROVISIONING_AUTH_FAILURE_COUNT | Failure counts (see below) | 291 | +--------+---------+---------------------------------+---------------------------------+ 292 | | 0x20 | 8 | PROVISIONING_AVAILABILITY | Provisioning availability (see | 293 | | | | | below) | 294 | +--------+---------+---------------------------------+---------------------------------+ 295 | | 0x28 | 8 | NVRAM_UPDATE_LIMITS | NVRAM update limits | 296 | +--------+---------+---------------------------------+---------------------------------+ 297 | 298 | CONTENT_AUTH_ERROR_STATUS 299 | 300 | +--------+-------+------------------------------------+--------------------------------+ 301 | | Bit | Bit | Name | Description | 302 | | Offset | Width | | | 303 | +========+=======+====================================+================================+ 304 | | 63:6 | 58 | RESERVED | | 305 | +--------+-------+------------------------------------+--------------------------------+ 306 | | 5 | 1 | METERING_AUTH_ERROR | Metering authentication failed | 307 | +--------+-------+------------------------------------+--------------------------------+ 308 | | 4 | 1 | RESERVED | | 309 | +--------+-------+------------------------------------+--------------------------------+ 310 | | 3 | 1 | CONTENT_AUTH_ERROR | Provisioning authentication | 311 | | | | | failed | 312 | +--------+-------+------------------------------------+--------------------------------+ 313 | | 2:0 | 3 | RESERVED | | 314 | +--------+-------+------------------------------------+--------------------------------+ 315 | 316 | KEY_PROVISIONING_STATUS 317 | 318 | +--------+-------+------------------------------------+--------------------------------+ 319 | | Bit | Bit | Name | Description | 320 | | Offset | Width | | | 321 | +========+=======+====================================+================================+ 322 | | 63:2 | 62 | RESERVED | | 323 | +--------+-------+------------------------------------+--------------------------------+ 324 | | 1 | 1 | LICENSE_KEY_PROVISIONED | License key is provisioned | 325 | +--------+-------+------------------------------------+--------------------------------+ 326 | | 0 | 1 | RESERVED | | 327 | +--------+-------+------------------------------------+--------------------------------+ 328 | 329 | ENABLED_FEATURES 330 | 331 | +--------+-------+------------------------------------+--------------------------------+ 332 | | Bit | Bit | Name | Description | 333 | | Offset | Width | | | 334 | +========+=======+====================================+================================+ 335 | | 63:27 | 37 | RESERVED | | 336 | +--------+-------+------------------------------------+--------------------------------+ 337 | | 26 | 1 | METERING | Metering is enabled | 338 | +--------+-------+------------------------------------+--------------------------------+ 339 | | 25:13 | 13 | RESERVED | | 340 | +--------+-------+------------------------------------+--------------------------------+ 341 | | 12 | 1 | ATTESTATION | Attestation is enabled | 342 | +--------+-------+------------------------------------+--------------------------------+ 343 | | 11:4 | 8 | RESERVED | | 344 | +--------+-------+------------------------------------+--------------------------------+ 345 | | 3 | 1 | ON_DEMAND | Provisioning is enabled | 346 | +--------+-------+------------------------------------+--------------------------------+ 347 | | 2:0 | 3 | RESERVED | | 348 | +--------+-------+------------------------------------+--------------------------------+ 349 | 350 | PROVISIONING_AUTH_FAILURE_COUNT 351 | 352 | +--------+-------+------------------------------------+--------------------------------+ 353 | | Bit | Bit | Name | Description | 354 | | Offset | Width | | | 355 | +========+=======+====================================+================================+ 356 | | 63:12 | 52 | RESERVED | | 357 | +--------+-------+------------------------------------+--------------------------------+ 358 | | 11:9 | 3 | LICENSE_AUTH_FAILURE_THRESHOLD | Capability activation payload | 359 | | | | | provisioning failure threshold | 360 | | | | | between power cycles | 361 | +--------+-------+------------------------------------+--------------------------------+ 362 | | 8:6 | 3 | LICENSE_AUTH_FAILURE_COUNT | Number of times capability | 363 | | | | | activation payload provisioning| 364 | | | | | failed in a power cycle | 365 | +--------+-------+------------------------------------+--------------------------------+ 366 | | 5:3 | 3 | LICENSE_KEY_AUTH_FAILURE_THRESHOLD | Authentication key certificate | 367 | | | | | provisioning failure threshold | 368 | | | | | between power cycles | 369 | +--------+-------+------------------------------------+--------------------------------+ 370 | | 2:0 | 3 | LICENSE_KEY_AUTH_FAILURE_COUNT | Number of times authentication | 371 | | | | | key certificate provisioning | 372 | | | | | failed in a power cycle | 373 | +--------+-------+------------------------------------+--------------------------------+ 374 | 375 | PROVISIONING_AVAILABILITY 376 | 377 | +--------+-------+------------------------------------+--------------------------------+ 378 | | Bit | Bit | Name | Description | 379 | | Offset | Width | | | 380 | +========+=======+====================================+================================+ 381 | | 63:54 | 10 | RESERVED | | 382 | +--------+-------+------------------------------------+--------------------------------+ 383 | | 53:51 | 3 | UPDATES_THRESHOLD | Maximum number of provision | 384 | | | | | operations allowed between | 385 | | | | | power cycles | 386 | +--------+-------+------------------------------------+--------------------------------+ 387 | | 50:48 | 3 | UPDATES_AVAILABLE | Number of provision operations | 388 | | | | | left before power cycle | 389 | | | | | required | 390 | +--------+-------+------------------------------------+--------------------------------+ 391 | | 47:0 | 48 | RESERVED | | 392 | +--------+-------+------------------------------------+--------------------------------+ 393 | 394 | NVRAM_UPDATE_LIMITS 395 | 396 | +--------+-------+------------------------------------+--------------------------------+ 397 | | Bit | Bit | Name | Description | 398 | | Offset | Width | | | 399 | +========+=======+====================================+================================+ 400 | | 63:15 | 49 | RESERVED | | 401 | +--------+-------+------------------------------------+--------------------------------+ 402 | | 14 | 1 | NVRAM_90_PCT | NVRAM reached 90% update | 403 | | | | | limits. | 404 | +--------+-------+------------------------------------+--------------------------------+ 405 | | 13 | 1 | NVRAM_75_PCT | NVRAM reached 75% update | 406 | | | | | limits. | 407 | +--------+-------+------------------------------------+--------------------------------+ 408 | | 12 | 1 | NVRAM_50_PCT | NVRAM reached 50% update | 409 | | | | | limits. | 410 | +--------+-------+------------------------------------+--------------------------------+ 411 | | 11:0 | 12 | RESERVED | | 412 | +--------+-------+------------------------------------+--------------------------------+ 413 | -------------------------------------------------------------------------------- /state-certificate-encoding.rst: -------------------------------------------------------------------------------- 1 | ========================== 2 | State Certificate Encoding 3 | ========================== 4 | 5 | License Region NVRAM Format 6 | --------------------------- 7 | 8 | +-----------------+---------------------+----------+-------------------------------------------------+ 9 | | Name | Region Offset | Bytes | Description | 10 | +=================+=====================+==========+=================================================+ 11 | | Content type | 0x00 | 4 | Specific to what is stored in this area. | 12 | | | | | | 13 | | | | | 0xD: License key encoding | 14 | | | | | | 15 | | | | | 0xE: License key + blob encoding | 16 | +-----------------+---------------------+----------+-------------------------------------------------+ 17 | | Region rev ID | 0x04 | 4 | Region revision ID | 18 | +-----------------+---------------------+----------+-------------------------------------------------+ 19 | | Header size | 0x08 | 4 | Size of the entire header in DWORDS | 20 | +-----------------+---------------------+----------+-------------------------------------------------+ 21 | | Total size | 0x0C | 4 | Size of the license region | 22 | +-----------------+---------------------+----------+-------------------------------------------------+ 23 | | Key size | 0x10 | 4 | Size of the OEM key in DWORDS | 24 | +-----------------+---------------------+----------+-------------------------------------------------+ 25 | | NUM_OF_LICENSES | 0x14 | 4 | Number of licenses. Increments from last known | 26 | | | | | value - always goes up | 27 | +-----------------+---------------------+----------+-------------------------------------------------+ 28 | | License 0 | 0x14 + 1*4 | 4 | Size of the license blob in DWORDS (This is the | 29 | | blob bize | | | size of license blob derived from the license | 30 | | | | | blob provision. All 0s indicates that there is | 31 | | | | | no license blob content provisioned. | 32 | | | | | Bit[31] is always dedicated to License Valid | 33 | +-----------------+---------------------+----------+-------------------------------------------------+ 34 | | License 1 | 0x14 + 2*4 | 4 | Size of the license blob in DWORDS (This is the | 35 | | blob size | | | size of license blob derived from the license | 36 | | | | | blob provision. All 0s indicates that there is | 37 | | | | | no license blob content provisioned. | 38 | | | | | Bit[31] is always dedicated to License Valid | 39 | +-----------------+---------------------+----------+-------------------------------------------------+ 40 | | License N | 0x14 | 4 | Size of the license blob in DWORDS (This is the | 41 | | blob size | NUM_LICENSES * 4 | | size of license blob derived from the license | 42 | | | | | blob provision. All 0s indicates that there is | 43 | | | | | no license blob content provisioned. | 44 | | | | | Bit[31] is always dedicated to License Valid | 45 | +-----------------+---------------------+----------+-------------------------------------------------+ 46 | | Body | 0x14 | variable | License key revision ID - 4 bytes | 47 | | | + NUM_OF_LICENSES*4 | | | 48 | | | + 4 | | License key image's content which is a 384 bit | 49 | | | | | hash of the OEM's ECDSA384 key that comes as a | 50 | | | | | part of license blob provision image | 51 | | +---------------------+ +-------------------------------------------------+ 52 | | | 0x14 | | License blob content | 53 | | | + NUM_OF_LICENSES*4 | | | 54 | | | + 4 + Key size | | | 55 | | | + Sum of all | | | 56 | | | license blob sizes) | | | 57 | +-----------------+---------------------+----------+-------------------------------------------------+ 58 | | Padding | | variable | | 59 | | | | up to 15 | | 60 | +-----------------+---------------------+----------+-------------------------------------------------+ 61 | 62 | License Blob Format 63 | ------------------- 64 | 65 | +-------------------+-------------------+----------+-------------------------------------------------+ 66 | | Name | Region Offset | Bytes | Description | 67 | | | | | | 68 | +===================+===================+==========+=================================================+ 69 | | License blob | START POINTER | 4 | License blob type | 70 | | type | from Header | | | 71 | | | | | 0x1: One time upgrade license blob | 72 | | | | | | 73 | | | | | 0x2: Metered upgrade license blob | 74 | +-------------------+-------------------+----------+-------------------------------------------------+ 75 | | License blob ID | | 8 | 64 bit GUID for this license. This is how a | 76 | | | | | license is tracked and can potentially migrate | 77 | | | | | from one CPU to another. | 78 | +-------------------+-------------------+----------+-------------------------------------------------+ 79 | | PPIN | | 8 | Protected Processor Inventory Number | 80 | +-------------------+-------------------+----------+-------------------------------------------------+ 81 | | RESERVED | | 8 | | 82 | +-------------------+-------------------+----------+-------------------------------------------------+ 83 | | License blob | | 4 | | 84 | | revision ID | | | | 85 | | | | | | 86 | +-------------------+-------------------+----------+-------------------------------------------------+ 87 | | Number of | | 4 | Number of encodings in the license blob | 88 | | feature bundles | | | | 89 | +-------------------+-------------------+----------+-------------------------------------------------+ 90 | | FUSE BUNDLE | | | | 91 | | ENCODING 0 | | 4 | | 92 | +-------------------+-------------------+----------+-------------------------------------------------+ 93 | | FUSE BUNDLES | | 28 | License blob may or may not come with any | 94 | | ENCODING 0 RSVD | | | content in here but it is part of the | 95 | | | | | signature. Intel On Demand firmware ignores | 96 | | | | | this field. | 97 | +-------------------+-------------------+----------+-------------------------------------------------+ 98 | | FUSE BUNDLE | | | | 99 | | ENCODING N | | 4 | | 100 | +-------------------+-------------------+----------+-------------------------------------------------+ 101 | | FUSE BUNDLES | | 28 | License blob may or may not come with any | 102 | | ENCODING N RSVD | | | content in here but it is part of the | 103 | | | | | signature. Intel On Demand firmware ignores | 104 | | | | | this field. | 105 | +-------------------+-------------------+----------+-------------------------------------------------+ 106 | --------------------------------------------------------------------------------