TianoCore EDK2 master
Loading...
Searching...
No Matches
Spdm.h
Go to the documentation of this file.
1
10#ifndef __SPDM_H__
11#define __SPDM_H__
12
13#pragma pack(1)
14
15#define SPDM_MAX_SLOT_COUNT 8
16#define SPDM_MAX_OPAQUE_DATA_SIZE 1024
17#define SPDM_NONCE_SIZE 32
18#define SPDM_RANDOM_DATA_SIZE 32
22#define SPDM_DIGESTS 0x01
23#define SPDM_CERTIFICATE 0x02
24#define SPDM_CHALLENGE_AUTH 0x03
25#define SPDM_VERSION 0x04
26#define SPDM_MEASUREMENTS 0x60
27#define SPDM_CAPABILITIES 0x61
28#define SPDM_ALGORITHMS 0x63
29#define SPDM_VENDOR_DEFINED_RESPONSE 0x7E
30#define SPDM_ERROR 0x7F
34#define SPDM_KEY_EXCHANGE_RSP 0x64
35#define SPDM_FINISH_RSP 0x65
36#define SPDM_PSK_EXCHANGE_RSP 0x66
37#define SPDM_PSK_FINISH_RSP 0x67
38#define SPDM_HEARTBEAT_ACK 0x68
39#define SPDM_KEY_UPDATE_ACK 0x69
40#define SPDM_ENCAPSULATED_REQUEST 0x6A
41#define SPDM_ENCAPSULATED_RESPONSE_ACK 0x6B
42#define SPDM_END_SESSION_ACK 0x6C
46#define SPDM_CSR 0x6D
47#define SPDM_SET_CERTIFICATE_RSP 0x6E
48#define SPDM_CHUNK_SEND_ACK 0x05
49#define SPDM_CHUNK_RESPONSE 0x06
53#define SPDM_GET_DIGESTS 0x81
54#define SPDM_GET_CERTIFICATE 0x82
55#define SPDM_CHALLENGE 0x83
56#define SPDM_GET_VERSION 0x84
57#define SPDM_GET_MEASUREMENTS 0xE0
58#define SPDM_GET_CAPABILITIES 0xE1
59#define SPDM_NEGOTIATE_ALGORITHMS 0xE3
60#define SPDM_VENDOR_DEFINED_REQUEST 0xFE
61#define SPDM_RESPOND_IF_READY 0xFF
65#define SPDM_KEY_EXCHANGE 0xE4
66#define SPDM_FINISH 0xE5
67#define SPDM_PSK_EXCHANGE 0xE6
68#define SPDM_PSK_FINISH 0xE7
69#define SPDM_HEARTBEAT 0xE8
70#define SPDM_KEY_UPDATE 0xE9
71#define SPDM_GET_ENCAPSULATED_REQUEST 0xEA
72#define SPDM_DELIVER_ENCAPSULATED_RESPONSE 0xEB
73#define SPDM_END_SESSION 0xEC
77#define SPDM_GET_CSR 0xED
78#define SPDM_SET_CERTIFICATE 0xEE
79#define SPDM_CHUNK_SEND 0x85
80#define SPDM_CHUNK_GET 0x86
81
85typedef struct {
86 UINT8 SPDMVersion;
87 UINT8 RequestResponseCode;
88 UINT8 Param1;
89 UINT8 Param2;
90} SPDM_MESSAGE_HEADER;
91
92#define SPDM_MESSAGE_VERSION_10 0x10
93#define SPDM_MESSAGE_VERSION_11 0x11
94#define SPDM_MESSAGE_VERSION_12 0x12
95#define SPDM_MESSAGE_VERSION SPDM_MESSAGE_VERSION_10
96
100typedef struct {
101 SPDM_MESSAGE_HEADER Header;
102 // Param1 == RSVD
103 // Param2 == RSVD
104} SPDM_GET_VERSION_REQUEST;
105
109typedef struct {
110 SPDM_MESSAGE_HEADER Header;
111 // Param1 == RSVD
112 // Param2 == RSVD
113 UINT8 Reserved;
114 UINT8 VersionNumberEntryCount;
115 // SPDM_VERSION_NUMBER VersionNumberEntry[VersionNumberEntryCount];
116} SPDM_VERSION_RESPONSE;
117
125typedef UINT16 SPDM_VERSION_NUMBER;
126#define SPDM_VERSION_NUMBER_SHIFT_BIT 8
127
128#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*"
129#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE \
130 (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1)
131#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100
135typedef struct {
136 SPDM_MESSAGE_HEADER Header;
137 // Param1 == RSVD
138 // Param2 == RSVD
139 // Below field is added in 1.1.
140 UINT8 Reserved;
141 UINT8 CTExponent;
142 UINT16 Reserved2;
143 UINT32 Flags;
144 // Below field is added in 1.2.
145 UINT32 DataTransferSize;
146 UINT32 MaxSpdmMsgSize;
147} SPDM_GET_CAPABILITIES_REQUEST;
148
152typedef struct {
153 SPDM_MESSAGE_HEADER Header;
154 // Param1 == RSVD
155 // Param2 == RSVD
156 UINT8 Reserved;
157 UINT8 CTExponent;
158 UINT16 Reserved2;
159 UINT32 Flags;
160 // Below field is added in 1.2.
161 UINT32 DataTransferSize;
162 UINT32 MaxSpdmMsgSize;
163} SPDM_CAPABILITIES_RESPONSE;
164
165#define SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12 42
166
170#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP BIT1
171#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP BIT2
172#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP BIT6
173#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP BIT7
174#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP BIT8
175#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP BIT9
176#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP (BIT10 | BIT11)
177#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP_REQUESTER BIT10
178#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP BIT12
179#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP BIT13
180#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP BIT14
181#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP BIT15
182#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP BIT16
183#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK (\
184 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP | \
185 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP | \
186 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | \
187 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | \
188 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP | \
189 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP | \
190 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP | \
191 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP | \
192 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP | \
193 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP | \
194 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \
195 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP)
196
200#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP BIT17
201#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK (\
202 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK | \
203 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP)
207#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP BIT0
208#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP BIT1
209#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP BIT2
210#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP (BIT3 | BIT4)
211#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG BIT3
212#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG BIT4
213#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP BIT5
214#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK (\
215 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP | \
216 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | \
217 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | \
218 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP | \
219 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP)
223#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP BIT6
224#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP BIT7
225#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP BIT8
226#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP BIT9
227#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP (BIT10 | BIT11)
228#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER BIT10
229#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT BIT11
230#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP BIT12
231#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP BIT13
232#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP BIT14
233#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP BIT15
234#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP BIT16
235#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK (\
236 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK | \
237 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | \
238 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | \
239 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | \
240 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | \
241 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP | \
242 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | \
243 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | \
244 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | \
245 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \
246 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP)
250#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP BIT17
251#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP BIT18
252
256#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP BIT19
257#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP BIT20
258#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP BIT21
259#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK (\
260 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK | \
261 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP | \
262 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP | \
263 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP | \
264 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP | \
265 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP)
269typedef struct {
270 SPDM_MESSAGE_HEADER Header;
271 // Param1 == Number of Algorithms Structure Tables
272 // Param2 == RSVD
273 UINT16 Length;
274 UINT8 MeasurementSpecification;
275
276 // OtherParamsSupport is added in 1.2.
277 // BIT[0:3]=opaque_data_format support
278 // BIT[4:7]=Reserved
279 UINT8 OtherParamsSupport;
280 UINT32 BaseAsymAlgo;
281 UINT32 BaseHashAlgo;
282 UINT8 Reserved2[12];
283 UINT8 ExtAsymCount;
284 UINT8 ExtHashCount;
285 UINT16 Reserved3;
286 // SPDM_EXTENDED_ALGORITHM ExtAsym[ExtAsymCount];
287 // SPDM_EXTENDED_ALGORITHM ExtHash[ExtHashCount];
288 // Below field is added in 1.1.
289 // SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE AlgStruct[Param1];
290} SPDM_NEGOTIATE_ALGORITHMS_REQUEST;
291
292#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_10 BIT6
293#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_11 BIT7
294#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_12 BIT7
295#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_10 BIT3
296#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_11 (BIT4 | BIT2)
297#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_12 (BIT4 | BIT2)
298
299typedef struct {
300 UINT8 AlgType;
301 UINT8 AlgCount; // BIT[0:3]=ExtAlgCount, BIT[4:7]=FixedAlgByteCount
302 // UINT8 AlgSupported[FixedAlgByteCount];
303 // UINT32 AlgExternal[ExtAlgCount];
304} SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE;
305
306typedef struct {
307 UINT8 ExtAlgCount : 4;
308 UINT8 FixedAlgByteCount : 4;
309} SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_COUNT;
310
311#define SPDM_NEGOTIATE_ALGORITHMS_MAX_NUM_STRUCT_TABLE_ALG 4
312
313#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_DHE 2
314#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_AEAD 3
315#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_REQ_BASE_ASYM_ALG 4
316#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_KEY_SCHEDULE 5
317
318typedef struct {
319 UINT8 AlgType;
320 UINT8 AlgCount;
321 UINT16 AlgSupported;
322} SPDM_NEGOTIATE_ALGORITHMS_COMMON_STRUCT_TABLE;
323
327#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 BIT0
328#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 BIT1
329#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 BIT2
330#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 BIT3
331#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 BIT4
332#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 BIT5
333#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 BIT6
334#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 BIT7
335#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 BIT8
336
340#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 BIT9
341#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 BIT10
342#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 BIT11
343
347#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 BIT0
348#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 BIT1
349#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 BIT2
350#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 BIT3
351#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 BIT4
352#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 BIT5
353
357#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 BIT6
358
362#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048 BIT0
363#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072 BIT1
364#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096 BIT2
365#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 BIT3
366#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 BIT4
367#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1 BIT5
368
372#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256 BIT6
373
377#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM BIT0
378#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM BIT1
379#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 BIT2
380
384#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM BIT3
388#define SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH BIT0
389
393typedef struct {
394 SPDM_MESSAGE_HEADER Header;
395 // Param1 == Number of Algorithms Structure Tables
396 // Param2 == RSVD
397 UINT16 Length;
398 UINT8 MeasurementSpecificationSel;
399
400 // OtherParamsSelection is added in 1.2.
401 // BIT[0:3]=opaque_data_format select,
402 // BIT[4:7]=Reserved
403 UINT8 OtherParamsSelection;
404 UINT32 MeasurementHashAlgo;
405 UINT32 BaseAsymSel;
406 UINT32 BaseHashSel;
407 UINT8 Reserved2[12];
408 UINT8 ExtAsymSelCount;
409 UINT8 ExtHashSelCount;
410 UINT16 Reserved3;
411 // SPDM_EXTENDED_ALGORITHM ExtAsymSel[ExtAsymSelCount];
412 // SPDM_EXTENDED_ALGORITHM ExtHashSel[ExtHashSelCount];
413 // Below field is added in 1.1.
414 // SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE AlgStruct[Param1];
415} SPDM_ALGORITHMS_RESPONSE;
416
420#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_RAW_BIT_STREAM_ONLY BIT0
421#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256 BIT1
422#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_384 BIT2
423#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_512 BIT3
424#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_256 BIT4
425#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_384 BIT5
426#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_512 BIT6
427
431#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SM3_256 BIT7
432
436#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE 0x0
437#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x1
438#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x2
439#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK 0xF
440
444typedef struct {
445 UINT8 TotalElements;
446 UINT8 Reserved[3];
447 // opaque_element_table_t opaque_list[];
448} SPDM_GENERAL_OPAQUE_DATA_TABLE_HEADER;
449
453typedef struct {
454 UINT8 RegistryID;
455 UINT8 Reserved;
456 UINT16 AlgorithmID;
457} SPDM_EXTENDED_ALGORITHM;
458
462#define SPDM_REGISTRY_ID_DMTF 0
463#define SPDM_REGISTRY_ID_TCG 1
464#define SPDM_REGISTRY_ID_USB 2
465#define SPDM_REGISTRY_ID_PCISIG 3
466#define SPDM_REGISTRY_ID_IANA 4
467#define SPDM_REGISTRY_ID_HDBASET 5
468#define SPDM_REGISTRY_ID_MIPI 6
469#define SPDM_REGISTRY_ID_CXL 7
470#define SPDM_REGISTRY_ID_JEDEC 8
471
475typedef struct {
476 SPDM_MESSAGE_HEADER Header;
477 // Param1 == RSVD
478 // Param2 == RSVD
479} SPDM_GET_DIGESTS_REQUEST;
480
484typedef struct {
485 SPDM_MESSAGE_HEADER Header;
486 // Param1 == RSVD
487 // Param2 == SlotMask
488 // UINT8 Digest[DigestSize][SlotCount];
489} SPDM_DIGESTS_RESPONSE;
490
494typedef struct {
495 SPDM_MESSAGE_HEADER Header;
496 // Param1 == SlotNum
497 // Param2 == RSVD
498 UINT16 Offset;
499 UINT16 Length;
500} SPDM_GET_CERTIFICATE_REQUEST;
501
502#define SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF
506typedef struct {
507 SPDM_MESSAGE_HEADER Header;
508 // Param1 == SlotNum
509 // Param2 == RSVD
510 UINT16 PortionLength;
511 UINT16 RemainderLength;
512 // UINT8 CertChain[PortionLength];
513} SPDM_CERTIFICATE_RESPONSE;
514
515#define SPDM_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF
516
517typedef struct {
518 //
519 // Total length of the certificate chain, in bytes,
520 // including all fields in this table.
521 //
522 UINT16 Length;
523 UINT16 Reserved;
524 //
525 // Digest of the Root Certificate.
526 // Note that Root Certificate is ASN.1 DER-encoded for this digest.
527 // The hash size is determined by the SPDM device.
528 //
529 // UINT8 RootHash[HashSize];
530 //
531 // One or more ASN.1 DER-encoded X509v3 certificates where the first certificate is signed by the Root
532 // Certificate or is the Root Certificate itself and each subsequent certificate is signed by the preceding
533 // certificate. The last certificate is the Leaf Certificate.
534 //
535 // UINT8 Certificates[Length - 4 - HashSize];
536} SPDM_CERT_CHAIN;
537
541#define SPDM_MAX_CERTIFICATE_CHAIN_SIZE 65535
545typedef struct {
546 SPDM_MESSAGE_HEADER Header;
547 // Param1 == SlotNum
548 // Param2 == HashType
549 UINT8 Nonce[32];
550} SPDM_CHALLENGE_REQUEST;
551
555typedef struct {
556 SPDM_MESSAGE_HEADER Header;
557 // Param1 == ResponseAttribute
558 // Param2 == SlotMask
559 // UINT8 CertChainHash[DigestSize];
560 // UINT8 Nonce[32];
561 // UINT8 MeasurementSummaryHash[DigestSize];
562 // UINT16 OpaqueLength;
563 // UINT8 OpaqueData[OpaqueLength];
564 // UINT8 Signature[KeySize];
565} SPDM_CHALLENGE_AUTH_RESPONSE;
566
570#define SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 0
571#define SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 1
572#define SPDM_REQUEST_ALL_MEASUREMENTS_HASH 0xFF
573
577#define SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
578#define SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
579 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
580#define SPDM_CHALLENGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
581
582#define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_SLOT_ID_MASK 0xF
583
584typedef struct {
585 UINT8 SlotNum : 4;
586 UINT8 Reserved : 3;
587 UINT8 BasicMutAuthReq : 1;
588} SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE;
589
593#define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_BASIC_MUT_AUTH_REQ BIT7
594
595#define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT "responder-challenge_auth signing"
596#define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) - 1)
597#define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT "requester-challenge_auth signing"
598#define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT) - 1)
599
603typedef struct {
604 SPDM_MESSAGE_HEADER Header;
605 // Param1 == Attributes
606 // Param2 == MeasurementOperation
607 UINT8 Nonce[32];
608 // Below field is added in 1.1.
609 UINT8 SlotIDParam; // BIT[0:3]=SlotNum, BIT[4:7]=Reserved
610} SPDM_GET_MEASUREMENTS_REQUEST;
611
612typedef struct {
613 UINT8 SlotNum : 4;
614 UINT8 Reserved : 4;
615} SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_PARAMETER;
616
617#define SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_MASK 0xF
618
622#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE BIT0
623#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_RAW_BIT_STREAM_REQUESTED BIT1
624#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_NEW_MEASUREMENT_REQUESTED BIT2
625
629#define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_TOTAL_NUMBER_OF_MEASUREMENTS 0
630
634#define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_ALL_MEASUREMENTS 0xFF
635
639typedef struct {
640 UINT8 Index;
641 UINT8 MeasurementSpecification;
642 UINT16 MeasurementSize;
643 // UINT8 Measurement[MeasurementSize];
644} SPDM_MEASUREMENT_BLOCK_COMMON_HEADER;
645
646#define SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_DMTF BIT0
647
651typedef struct {
652 UINT8 DMTFSpecMeasurementValueType;
653 UINT16 DMTFSpecMeasurementValueSize;
654 // UINT8 DMTFSpecMeasurementValue[DMTFSpecMeasurementValueSize];
655} SPDM_MEASUREMENT_BLOCK_DMTF_HEADER;
656
657typedef struct {
658 SPDM_MEASUREMENT_BLOCK_COMMON_HEADER MeasurementBlockCommonHeader;
659 SPDM_MEASUREMENT_BLOCK_DMTF_HEADER MeasurementBlockDmtfHeader;
660 // UINT8 HashValue[HashSize];
661} SPDM_MEASUREMENT_BLOCK_DMTF;
662
663typedef struct {
664 UINT8 Content : 7;
665 UINT8 Presentation : 1;
666} SPDM_MEASUREMENTS_BLOCK_MEASUREMENT_TYPE;
667
671#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM 0
672#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE 1
673#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION 2
674#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION 3
675#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MEASUREMENT_MANIFEST 4
676#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_DEVICE_MODE 5
677#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_VERSION 6
678#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_SECURE_VERSION_NUMBER 7
679#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MASK 0x7
680#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM BIT7
681
685#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST 0xFD
686#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_DEVICE_MODE 0xFE
687
691typedef struct {
692 UINT32 OperationalModeCapabilities;
693 UINT32 OperationalModeState;
694 UINT32 DeviceModeCapabilities;
695 UINT32 DeviceModeState;
696} SPDM_MEASUREMENT_DEVICE_MODE;
697
698#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_MANUFACTURING_MODE BIT0
699#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_VALIDATION_MODE BIT1
700#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_NORMAL_MODE BIT2
701#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RECOVERY_MODE BIT3
702#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RMA_MODE BIT4
703#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_DECOMMISSIONED_MODE BIT5
704
705#define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_IS_ACTIVE BIT0
706#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_IS_ACTIVE BIT1
707#define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE BIT2
708#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE BIT3
709#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE_AFTER_MFG BIT4
710
714typedef UINT64 SPDM_MEASUREMENTS_SECURE_VERSION_NUMBER;
715
719typedef struct {
720 SPDM_MESSAGE_HEADER Header;
721 // Param1 == TotalNumberOfMeasurement/RSVD
722 // Param2 == SlotNum
723 UINT8 NumberOfBlocks;
724 UINT8 MeasurementRecordLength[3];
725 // UINT8 MeasurementRecord[MeasurementRecordLength];
726 // UINT8 Nonce[32];
727 // UINT16 OpaqueLength;
728 // UINT8 OpaqueData[OpaqueLength];
729 // UINT8 Signature[KeySize];
730} SPDM_MEASUREMENTS_RESPONSE;
731
732#define SPDM_MEASUREMENTS_RESPONSE_SLOT_ID_MASK 0xF
733
737#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_MASK 0x30
738#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_NO_DETECTION 0x00
739#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED 0x10
740#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_NO_CHANGE_DETECTED 0x20
741
742#define SPDM_MEASUREMENTS_SIGN_CONTEXT "responder-measurements signing"
743#define SPDM_MEASUREMENTS_SIGN_CONTEXT_SIZE (sizeof(SPDM_MEASUREMENTS_SIGN_CONTEXT) - 1)
744
745#define SPDM_MEL_SPECIFICATION_DMTF BIT0
746
750typedef struct {
751 SPDM_MESSAGE_HEADER Header;
752 // Param1 == Error Code
753 // Param2 == Error Data
754 // UINT8 ExtendedErrorData[];
755} SPDM_ERROR_RESPONSE;
756
757#define SPDM_EXTENDED_ERROR_DATA_MAX_SIZE 32
758
762#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01
763#define SPDM_ERROR_CODE_BUSY 0x03
764#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04
765#define SPDM_ERROR_CODE_UNSPECIFIED 0x05
766#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07
767#define SPDM_ERROR_CODE_VERSION_MISMATCH 0x41
768#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42
769#define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43
770#define SPDM_ERROR_CODE_VENDOR_DEFINED 0xFF
774#define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06
775#define SPDM_ERROR_CODE_REQUEST_IN_FLIGHT 0x08
776#define SPDM_ERROR_CODE_INVALID_RESPONSE_CODE 0x09
777#define SPDM_ERROR_CODE_SESSION_LIMIT_EXCEEDED 0x0A
778
782#define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B
783#define SPDM_ERROR_CODE_RESET_REQUIRED 0x0C
784#define SPDM_ERROR_CODE_RESPONSE_TOO_LARGE 0x0D
785#define SPDM_ERROR_CODE_REQUEST_TOO_LARGE 0x0E
786#define SPDM_ERROR_CODE_LARGE_RESPONSE 0x0F
787#define SPDM_ERROR_CODE_MESSAGE_LOST 0x10
791typedef struct {
792 UINT8 RDTExponent;
793 UINT8 RequestCode;
794 UINT8 Token;
795 UINT8 Rdtm;
796} SPDM_ERROR_DATA_RESPONSE_NOT_READY;
797
798typedef struct {
799 SPDM_MESSAGE_HEADER Header;
800 // Param1 == Error Code
801 // Param2 == Error Data
802 SPDM_ERROR_DATA_RESPONSE_NOT_READY ExtendErrorData;
803} SPDM_ERROR_RESPONSE_DATA_RESPONSE_NOT_READY;
804
808typedef struct {
809 UINT8 Handle;
810} SPDM_ERROR_DATA_LARGE_RESPONSE;
811
812typedef struct {
813 SPDM_MESSAGE_HEADER Header;
814
815 // param1 == Error Code
816 // param2 == Error data
817 //
818 SPDM_ERROR_DATA_LARGE_RESPONSE ExtendErrorData;
819} SPDM_ERROR_RESPONSE_LARGE_RESPONSE;
820
824typedef struct {
825 SPDM_MESSAGE_HEADER Header;
826 // Param1 == RequestCode
827 // Param2 == Token
828} SPDM_RESPONSE_IF_READY_REQUEST;
829
834#define SPDM_MAX_VENDOR_DEFINED_DATA_LEN 65535
835
840#define SPDM_MAX_VENDOR_ID_LENGTH 255
841
845typedef struct {
846 SPDM_MESSAGE_HEADER Header;
847 // Param1 == RSVD
848 // Param2 == RSVD
849 UINT16 StandardID;
850 UINT8 Len;
851 // UINT8 VendorID[Len];
852 // UINT16 PayloadLength;
853 // UINT8 VendorDefinedPayload[PayloadLength];
854} SPDM_VENDOR_DEFINED_REQUEST_MSG;
855
859typedef struct {
860 SPDM_MESSAGE_HEADER Header;
861 // Param1 == RSVD
862 // Param2 == RSVD
863 UINT16 StandardID;
864 UINT8 Len;
865 // UINT8 VendorID[Len];
866 // UINT16 PayloadLength;
867 // UINT8 VendorDefinedPayload[PayloadLength];
868} SPDM_VENDOR_DEFINED_RESPONSE_MSG;
869
870//
871// Below command is defined in SPDM 1.1
872//
873
877typedef struct {
878 SPDM_MESSAGE_HEADER Header;
879 // Param1 == HashType
880 // Param2 == SlotNum
881 UINT16 ReqSessionID;
882 UINT16 Reserved;
883 UINT8 RandomData[32];
884 // UINT8 ExchangeData[D];
885 // UINT16 OpaqueLength;
886 // UINT8 OpaqueData[OpaqueLength];
887} SPDM_KEY_EXCHANGE_REQUEST;
888
892#define SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_TERMINATION_POLICY_RUNTIME_UPDATE BIT0
893
897#define SPDM_KEY_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \
898 SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
899#define SPDM_KEY_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
900 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
901#define SPDM_KEY_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
902
906typedef struct {
907 SPDM_MESSAGE_HEADER Header;
908 // Param1 == HeartbeatPeriod
909 // Param2 == RSVD
910 UINT16 RspSessionID;
911 UINT8 MutAuthRequested;
912 UINT8 ReqSlotIDParam;
913 UINT8 RandomData[32];
914 // UINT8 ExchangeData[D];
915 // UINT8 MeasurementSummaryHash[DigestSize];
916 // UINT16 OpaqueLength;
917 // UINT8 OpaqueData[OpaqueLength];
918 // UINT8 Signature[S];
919 // UINT8 ResponderVerifyData[H];
920} SPDM_KEY_EXCHANGE_RESPONSE;
921
925#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED BIT0
926#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST BIT1
927#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS BIT2
928
929#define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT "responder-key_exchange_rsp signing"
930#define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT_SIZE \
931 (sizeof(SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) - 1)
932
933#define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT "Requester-KEP-dmtf-spdm-v1.2"
934#define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT_SIZE \
935 (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT) - 1)
936
937#define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT "Responder-KEP-dmtf-spdm-v1.2"
938#define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT_SIZE \
939 (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT) - 1)
940
944typedef struct {
945 SPDM_MESSAGE_HEADER Header;
946 // Param1 == SignatureIncluded
947 // Param2 == ReqSlotNum
948 // UINT8 Signature[S];
949 // UINT8 RequesterVerifyData[H];
950} SPDM_FINISH_REQUEST;
951
955#define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED BIT0
956
960typedef struct {
961 SPDM_MESSAGE_HEADER Header;
962 // Param1 == RSVD
963 // Param2 == RSVD
964 // UINT8 ResponderVerifyData[H];
965} SPDM_FINISH_RESPONSE;
966
967#define SPDM_FINISH_SIGN_CONTEXT "requester-finish signing"
968#define SPDM_FINISH_SIGN_CONTEXT_SIZE (sizeof(SPDM_FINISH_SIGN_CONTEXT) - 1)
969
973typedef struct {
974 SPDM_MESSAGE_HEADER Header;
975 // Param1 == HashType
976 // Param2 == RSVD/session_policy (1.2)
977 UINT16 ReqSessionID;
978 UINT16 PSKHintLength;
979 UINT16 RequesterContextLength;
980 UINT16 OpaqueLength;
981 // UINT8 PSKHint[PSKHintLength];
982 // UINT8 RequesterContext[RequesterContextLength];
983 // UINT8 OpaqueData[OpaqueLength];
984} SPDM_PSK_EXCHANGE_REQUEST;
985
989#define SPDM_PSK_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \
990 SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
991#define SPDM_PSK_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
992 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
993#define SPDM_PSK_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
994
998typedef struct {
999 SPDM_MESSAGE_HEADER Header;
1000 // Param1 == HeartbeatPeriod
1001 // Param2 == RSVD
1002 UINT16 RspSessionID;
1003 UINT16 Reserved;
1004 UINT16 ResponderContextLength;
1005 UINT16 OpaqueLength;
1006 // UINT8 MeasurementSummaryHash[DigestSize];
1007 // UINT8 ResponderContext[ResponderContextLength];
1008 // UINT8 OpaqueData[OpaqueLength];
1009 // UINT8 ResponderVerifyData[H];
1010} SPDM_PSK_EXCHANGE_RESPONSE;
1011
1015typedef struct {
1016 SPDM_MESSAGE_HEADER Header;
1017 // Param1 == RSVD
1018 // Param2 == RSVD
1019 // UINT8 RequesterVerifyData[H];
1020} SPDM_PSK_FINISH_REQUEST;
1021
1025typedef struct {
1026 SPDM_MESSAGE_HEADER Header;
1027 // Param1 == RSVD
1028 // Param2 == RSVD
1029} SPDM_PSK_FINISH_RESPONSE;
1030
1034typedef struct {
1035 SPDM_MESSAGE_HEADER Header;
1036 // Param1 == RSVD
1037 // Param2 == RSVD
1038} SPDM_HEARTBEAT_REQUEST;
1039
1043typedef struct {
1044 SPDM_MESSAGE_HEADER Header;
1045 // Param1 == RSVD
1046 // Param2 == RSVD
1047} SPDM_HEARTBEAT_RESPONSE;
1048
1052typedef struct {
1053 SPDM_MESSAGE_HEADER Header;
1054 // Param1 == KeyOperation
1055 // Param2 == Tag
1056} SPDM_KEY_UPDATE_REQUEST;
1057
1061#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY 1
1062#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS 2
1063#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY 3
1064
1068typedef struct {
1069 SPDM_MESSAGE_HEADER Header;
1070 // Param1 == KeyOperation
1071 // Param2 == Tag
1072} SPDM_KEY_UPDATE_RESPONSE;
1073
1077typedef struct {
1078 SPDM_MESSAGE_HEADER Header;
1079 // Param1 == RSVD
1080 // Param2 == RSVD
1081} SPDM_GET_ENCAPSULATED_REQUEST_REQUEST;
1082
1086typedef struct {
1087 SPDM_MESSAGE_HEADER Header;
1088 // Param1 == RequestID
1089 // Param2 == RSVD
1090 // UINT8 EncapsulatedRequest[];
1091} SPDM_ENCAPSULATED_REQUEST_RESPONSE;
1092
1096typedef struct {
1097 SPDM_MESSAGE_HEADER Header;
1098 // Param1 == RequestID
1099 // Param2 == RSVD
1100 // UINT8 EncapsulatedResponse[];
1101} SPDM_DELIVER_ENCAPSULATED_RESPONSE_REQUEST;
1102
1106typedef struct {
1107 SPDM_MESSAGE_HEADER Header;
1108 // Param1 == RequestID
1109 // Param2 == PayloadType
1110 // below 4 bytes are added in 1.2.
1111 UINT8 AckRequestId;
1112 UINT8 Reserved[3];
1113 // UINT8 EncapsulatedRequest[];
1114} SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE;
1115
1119#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_ABSENT 0
1120#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_PRESENT 1
1121#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_REQ_SLOT_NUMBER 2
1122
1126typedef struct {
1127 SPDM_MESSAGE_HEADER Header;
1128 // Param1 == EndSessionRequestAttributes
1129 // Param2 == RSVD
1130} SPDM_END_SESSION_REQUEST;
1131
1135#define SPDM_END_SESSION_REQUEST_ATTRIBUTES_PRESERVE_NEGOTIATED_STATE_CLEAR BIT0
1136
1140typedef struct {
1141 SPDM_MESSAGE_HEADER Header;
1142 // Param1 == RSVD
1143 // Param2 == RSVD
1144} SPDM_END_SESSION_RESPONSE;
1145
1146//
1147// Below command is defined in SPDM 1.2
1148//
1149
1153typedef struct {
1154 SPDM_MESSAGE_HEADER Header;
1155
1156 // param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
1157 // param2 == RSVD
1158 // param1 and param2 are updated in 1.3
1159 // param1 == Request attributes, BIT[0:3]=slot_id, BIT[4:6]=SetCertModel, BIT[7]=Erase
1160 // param2 == KeyPairID
1161 // void * CertChain
1162} SPDM_SET_CERTIFICATE_REQUEST;
1163
1164#define SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF
1165
1169#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_MASK 0x70
1170#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET 4
1171#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE 0x80
1172
1176typedef struct {
1177 SPDM_MESSAGE_HEADER Header;
1178
1179 // param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
1180 // param2 == RSVD
1181} SPDM_SET_CERTIFICATE_RESPONSE;
1182
1183#define SPDM_SET_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF
1184
1188typedef struct {
1189 SPDM_MESSAGE_HEADER Header;
1190 UINT16 RequesterInfoLength;
1191 UINT16 OpaqueDataLength;
1192
1193 // UINT8 RequesterInfo[RequesterInfoLength];
1194 // UINT8 OpaqueData[OpaqueDataLength];
1195} SPDM_GET_CSR_REQUEST;
1196
1200#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CERT_MODEL_MASK 0x07
1201#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_MASK 0x38
1202#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_OFFSET 3
1203#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_OVERWRITE 0x80
1204#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_MAX_CSR_CERT_MODEL 4
1205
1209#define SPDM_MAX_CSR_SIZE 65535
1210
1214typedef struct {
1215 SPDM_MESSAGE_HEADER Header;
1216
1217 // param1 == RSVD
1218 // param2 == RSVD
1219 UINT16 CsrLength;
1220 UINT16 Reserved;
1221} SPDM_CSR_RESPONSE;
1222
1226typedef struct {
1227 SPDM_MESSAGE_HEADER Header;
1228
1229 // param1 - Request Attributes
1230 // param2 - Handle
1231 UINT16 ChunkSeqNo;
1232 UINT16 Reserved;
1233 UINT32 ChunkSize;
1234
1235 // UINT32 LargeMessageSize;
1236 // UINT8 SpdmChunk[ChunkSize];
1237} SPDM_CHUNK_SEND_REQUEST;
1238
1239#define SPDM_CHUNK_SEND_REQUEST_ATTRIBUTE_LAST_CHUNK (1 << 0)
1240
1244typedef struct {
1245 SPDM_MESSAGE_HEADER Header;
1246
1247 // param1 - Response Attributes
1248 // param2 - Handle
1249 UINT16 ChunkSeqNo;
1250 // UINT8 response_to_large_request[variable]
1251} SPDM_CHUNK_SEND_ACK_RESPONSE;
1252
1253#define SPDM_CHUNK_SEND_ACK_RESPONSE_ATTRIBUTE_EARLY_ERROR_DETECTED (1 << 0)
1254
1258typedef struct {
1259 SPDM_MESSAGE_HEADER Header;
1260
1261 // param1 - Reserved
1262 // param2 - Handle
1263 UINT16 ChunkSeqNo;
1264} SPDM_CHUNK_GET_REQUEST;
1265
1269typedef struct {
1270 SPDM_MESSAGE_HEADER Header;
1271
1272 // param1 - Response Attributes
1273 // param2 - Handle
1274 UINT16 ChunkSeqNo;
1275 UINT16 Reserved;
1276 UINT32 ChunkSize;
1277
1278 // UINT32 LargeMessageSize;
1279 // UINT8 SpdmChunk[ChunkSize];
1280} SPDM_CHUNK_RESPONSE_RESPONSE;
1281
1282#define SPDM_CHUNK_GET_RESPONSE_ATTRIBUTE_LAST_CHUNK (1 << 0)
1283#pragma pack()
1284
1285#define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 "
1286#define SPDM_VERSION_1_2_BIN_CONCAT_LABEL "spdm1.2 "
1287#define SPDM_BIN_STR_0_LABEL "derived"
1288#define SPDM_BIN_STR_1_LABEL "req hs data"
1289#define SPDM_BIN_STR_2_LABEL "rsp hs data"
1290#define SPDM_BIN_STR_3_LABEL "req app data"
1291#define SPDM_BIN_STR_4_LABEL "rsp app data"
1292#define SPDM_BIN_STR_5_LABEL "key"
1293#define SPDM_BIN_STR_6_LABEL "iv"
1294#define SPDM_BIN_STR_7_LABEL "finished"
1295#define SPDM_BIN_STR_8_LABEL "exp master"
1296#define SPDM_BIN_STR_9_LABEL "traffic upd"
1297
1302#define SPDM_ST1_VALUE_US 100000
1303
1309#define SPDM_OID_DMTF \
1310 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C }
1311// id-DMTF-spdm, { id-DMTF 274 }, 1.3.6.1.4.1.412.274
1312#define SPDM_OID_DMTF_SPDM \
1313 {0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12 }
1314// id-DMTF-device-info, { id-DMTF-spdm 1 }, 1.3.6.1.4.1.412.274.1
1315#define SPDM_OID_DMTF_DEVICE_INFO \
1316 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x01 }
1317// id-DMTF-hardware-identity, { id-DMTF-spdm 2 }, 1.3.6.1.4.1.412.274.2
1318#define SPDM_OID_DMTF_HARDWARE_IDENTITY \
1319 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x02 }
1320// id-DMTF-eku-responder-auth, { id-DMTF-spdm 3 }, 1.3.6.1.4.1.412.274.3
1321#define SPDM_OID_DMTF_EKU_RESPONDER_AUTH \
1322 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x03 }
1323// id-DMTF-eku-requester-auth, { id-DMTF-spdm 4 }, 1.3.6.1.4.1.412.274.4
1324#define SPDM_OID_DMTF_EKU_REQUESTER_AUTH \
1325 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04 }
1326// id-DMTF-mutable-certificate, { id-DMTF-spdm 5 }, 1.3.6.1.4.1.412.274.5
1327#define SPDM_OID_DMTF_MUTABLE_CERTIFICATE \
1328 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x05 }
1329// id-DMTF-SPDM-extension, { id-DMTF-spdm 6 }, 1.3.6.1.4.1.412.274.6
1330#define SPDM_OID_DMTF_SPDM_EXTENSION \
1331 {0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x06 }
1332#endif
SPDM_VERSION_NUMBER
UINT16 SPDM_VERSION_NUMBER
Definition: Spdm.h:125
SPDM_MEASUREMENTS_SECURE_VERSION_NUMBER
UINT64 SPDM_MEASUREMENTS_SECURE_VERSION_NUMBER
Definition: Spdm.h:714
SPDM_ALGORITHMS_RESPONSE
Definition: Spdm.h:393
SPDM_CAPABILITIES_RESPONSE
Definition: Spdm.h:152
SPDM_CERT_CHAIN
Definition: Spdm.h:517
SPDM_CERTIFICATE_RESPONSE
Definition: Spdm.h:506
SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE
Definition: Spdm.h:584
SPDM_CHALLENGE_AUTH_RESPONSE
Definition: Spdm.h:555
SPDM_CHALLENGE_REQUEST
Definition: Spdm.h:545
SPDM_CHUNK_GET_REQUEST
Definition: Spdm.h:1258
SPDM_CHUNK_RESPONSE_RESPONSE
Definition: Spdm.h:1269
SPDM_CHUNK_SEND_ACK_RESPONSE
Definition: Spdm.h:1244
SPDM_CHUNK_SEND_REQUEST
Definition: Spdm.h:1226
SPDM_CSR_RESPONSE
Definition: Spdm.h:1214
SPDM_DELIVER_ENCAPSULATED_RESPONSE_REQUEST
Definition: Spdm.h:1096
SPDM_DIGESTS_RESPONSE
Definition: Spdm.h:484
SPDM_ENCAPSULATED_REQUEST_RESPONSE
Definition: Spdm.h:1086
SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE
Definition: Spdm.h:1106
SPDM_END_SESSION_REQUEST
Definition: Spdm.h:1126
SPDM_END_SESSION_RESPONSE
Definition: Spdm.h:1140
SPDM_ERROR_DATA_LARGE_RESPONSE
Definition: Spdm.h:808
SPDM_ERROR_DATA_RESPONSE_NOT_READY
Definition: Spdm.h:791
SPDM_ERROR_RESPONSE_DATA_RESPONSE_NOT_READY
Definition: Spdm.h:798
SPDM_ERROR_RESPONSE_LARGE_RESPONSE
Definition: Spdm.h:812
SPDM_ERROR_RESPONSE
Definition: Spdm.h:750
SPDM_EXTENDED_ALGORITHM
Definition: Spdm.h:453
SPDM_FINISH_REQUEST
Definition: Spdm.h:944
SPDM_FINISH_RESPONSE
Definition: Spdm.h:960
SPDM_GENERAL_OPAQUE_DATA_TABLE_HEADER
Definition: Spdm.h:444
SPDM_GET_CAPABILITIES_REQUEST
Definition: Spdm.h:135
SPDM_GET_CERTIFICATE_REQUEST
Definition: Spdm.h:494
SPDM_GET_CSR_REQUEST
Definition: Spdm.h:1188
SPDM_GET_DIGESTS_REQUEST
Definition: Spdm.h:475
SPDM_GET_ENCAPSULATED_REQUEST_REQUEST
Definition: Spdm.h:1077
SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_PARAMETER
Definition: Spdm.h:612
SPDM_GET_MEASUREMENTS_REQUEST
Definition: Spdm.h:603
SPDM_GET_VERSION_REQUEST
Definition: Spdm.h:100
SPDM_HEARTBEAT_REQUEST
Definition: Spdm.h:1034
SPDM_HEARTBEAT_RESPONSE
Definition: Spdm.h:1043
SPDM_KEY_EXCHANGE_REQUEST
Definition: Spdm.h:877
SPDM_KEY_EXCHANGE_RESPONSE
Definition: Spdm.h:906
SPDM_KEY_UPDATE_REQUEST
Definition: Spdm.h:1052
SPDM_KEY_UPDATE_RESPONSE
Definition: Spdm.h:1068
SPDM_MEASUREMENT_BLOCK_COMMON_HEADER
Definition: Spdm.h:639
SPDM_MEASUREMENT_BLOCK_DMTF_HEADER
Definition: Spdm.h:651
SPDM_MEASUREMENT_BLOCK_DMTF
Definition: Spdm.h:657
SPDM_MEASUREMENT_DEVICE_MODE
Definition: Spdm.h:691
SPDM_MEASUREMENTS_BLOCK_MEASUREMENT_TYPE
Definition: Spdm.h:663
SPDM_MEASUREMENTS_RESPONSE
Definition: Spdm.h:719
SPDM_MESSAGE_HEADER
Definition: Spdm.h:85
SPDM_NEGOTIATE_ALGORITHMS_COMMON_STRUCT_TABLE
Definition: Spdm.h:318
SPDM_NEGOTIATE_ALGORITHMS_REQUEST
Definition: Spdm.h:269
SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_COUNT
Definition: Spdm.h:306
SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE
Definition: Spdm.h:299
SPDM_PSK_EXCHANGE_REQUEST
Definition: Spdm.h:973
SPDM_PSK_EXCHANGE_RESPONSE
Definition: Spdm.h:998
SPDM_PSK_FINISH_REQUEST
Definition: Spdm.h:1015
SPDM_PSK_FINISH_RESPONSE
Definition: Spdm.h:1025
SPDM_RESPONSE_IF_READY_REQUEST
Definition: Spdm.h:824
SPDM_SET_CERTIFICATE_REQUEST
Definition: Spdm.h:1153
SPDM_SET_CERTIFICATE_RESPONSE
Definition: Spdm.h:1176
SPDM_VENDOR_DEFINED_REQUEST_MSG
Definition: Spdm.h:845
SPDM_VENDOR_DEFINED_RESPONSE_MSG
Definition: Spdm.h:859
SPDM_VERSION_RESPONSE
Definition: Spdm.h:109