diff options
Diffstat (limited to 'Silicon/Intel/KabylakeSiliconPkg/Include/HstiFeatureBit.h')
| -rw-r--r-- | Silicon/Intel/KabylakeSiliconPkg/Include/HstiFeatureBit.h | 183 |
1 files changed, 183 insertions, 0 deletions
diff --git a/Silicon/Intel/KabylakeSiliconPkg/Include/HstiFeatureBit.h b/Silicon/Intel/KabylakeSiliconPkg/Include/HstiFeatureBit.h new file mode 100644 index 0000000000..cdbe75ae18 --- /dev/null +++ b/Silicon/Intel/KabylakeSiliconPkg/Include/HstiFeatureBit.h @@ -0,0 +1,183 @@ +/** @file
+ This file contains various definitions for IHV HSTI implementation
+ including error string definitions
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __HSTI_FEATURE_BIT_H__
+#define __HSTI_FEATURE_BIT_H__
+
+#define HSTI_SECURITY_FEATURE_SIZE 3
+
+#define HSTI_ERROR L"Error "
+#define HSTI_PLATFORM_SECURITY_SPECIFICATION L" Platform Security Specification"
+#define HSTI_BOOTGUARD_CONFIGURATION L" - Boot Guard Configuration - "
+#define HSTI_SPI_FLASH_CONFIGURATION L" - SPI Flash Configuration - "
+#define HSTI_PCH_SECURITY_CONFIGURATION L" - PCH Security Configuration - "
+#define HSTI_BIOS_GUARD_SECURITY_CONFIGURATION L" - BIOS Guard Security Configuration - "
+#define HSTI_MEASURED_BOOT_CONFIGURATION L" - Measured Boot Configuration - "
+#define HSTI_INTEGRATED_DEVICE_DMA_PROTECTION L" - Integrated Device DMA Protection - "
+#define HSTI_CPU_SECURITY_CONFIGURATION L" - CPU Security Configuration - "
+#define HSTI_SYSTEM_AGENT_SECURITY_CONFIGURATION L" - Secure System Agent Security Configuration - "
+#define HSTI_MEMORY_MAP_SECURITY_CONFIGURATION L" - Memory Map Security Configuration - "
+#define HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION L" - Processor Graphics Security Configuration - "
+#define HSTI_PROCESSOR_SPD_SECURITY_CONFIGURATION L" - SPD Security Configuration - "
+
+
+#define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY BIT0
+#define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_CODE_1 L"0x00000001"
+#define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_STRING_1 L"Boot Guard configured without Verified Boot\r\n"
+#define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_CODE_2 L"0x00000002"
+#define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_STRING_2 L"Boot Guard disabled\r\n"
+
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION BIT1
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_1 L"0x00010001"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_1 L"SPI Flash not write protected\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_2 L"0x00010002"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_2 L"SPI Flash descriptor overridden\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_3 L"0x00010003"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_3 L"SPI Controller configuration unlocked\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_4 L"0x00010004"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_4 L"SPI Controller BIOS Interface unlocked\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_5 L"0x00010005"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_5 L"Top Swap enabled\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_6 L"0x00010006"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_6 L"SPI Vendor Specific Component Capabilities unlocked\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_7 L"0x00010007"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_7 L"SPI Controller GbE Interface unlocked\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_8 L"0x00010008"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_8 L"ME FW not in Normal Working State\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_9 L"0x00010009"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_9 L"Flash Descriptor Invalid\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_A L"0x0001000A"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_A L"SPI Region Access Rights Invalid\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_B L"0x0001000B"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_B L"SPI SW Sequencing OPCODEs insufficiently restrained\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_C L"0x0001000C"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_C L"Allowed SPI SW Sequencing OPCODE configuration incorrect\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_D L"0x0001000D"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_D L"Global SMI not enabled and locked\r\n"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_E L"0x0001000E"
+#define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_E L"TCO SMI not enabled and locked\r\n"
+
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE BIT2
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_CODE_1 L"0x00020001"
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_STRING_1 L"BIOS Guard unsupported\r\n"
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_CODE_2 L"0x00020002"
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_STRING_2 L"BIOS Guard configuration unlocked\r\n"
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_CODE_3 L"0x00020001"
+#define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_STRING_3 L"BIOS Guard disabled\r\n"
+
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT BIT3
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_1 L"0x00030001"
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_1 L"Chipset supports FW TPM, however no TPM enabled\r\n"
+
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_2 L"0x00030002"
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_2 L"PCR[7] is not initialized\r\n"
+
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_3 L"0x00030003"
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_3 L"Event Log is not published or invalid\r\n"
+
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_4 L"0x00030004"
+#define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_4 L"Platform Auth accessible via 0x00000000\r\n"
+
+
+#define HSTI_BYTE0_INTEGRATED_DEVICE_DMA_PROTECTION BIT4
+#define HSTI_BYTE0_INTEGRATED_DEVICE_DMA_PROTECTION_ERROR_CODE_1 L"0x00040001"
+#define HSTI_BYTE0_INTEGRATED_DEVICE_DMA_PROTECTION_ERROR_STRING_1 L"Bus Mastering Enabled for non-boot, integrated device\r\n"
+
+#define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION BIT5
+#define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_CODE_1 L"0x00050001"
+#define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_STRING_1 L"Debug MSR enabled\r\n"
+
+#define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_CODE_2 L"0x00050002"
+#define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_STRING_2 L"Debug interface unlocked\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION BIT6
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_1 L"0x00060001"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_1 L" Minimum uCode patch revision not met\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_2 L"0x00060002"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_2 L" Pre-production silicon in use\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_3 L"0x00060003"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_3 L"VMX & Senter feature configuration unlocked\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_4 L"0x00060004"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_4 L" SMM Code Fetch feature configuration unlocked\r\n"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_4A L" SMM Code Fetch outside SMRAM detection feature is disabled\r\n"
+
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_5 L"0x00060005"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_5 L" AES-NI Feature configuration unlocked\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_6 L"0x00060006"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_6 L" FIT table not present\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_7 L"0x00060007"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_7 L" MicrocodeRangeRegisters improperly configured or unlocked\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_8 L"0x00060008"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_8 L" SMM COnfiguration Unlocked\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_9 L"0x00060009"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_9 L" TSEG not naturally aligned\r\n"
+
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_A L"0x0006000A"
+#define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_A L" Improper SMRR configuration\r\n"
+
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION BIT7
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_1 L"0x00070001"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_1 L"Intel TXT configuration unlocked\r\n"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_2 L"0x00070002"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_2 L"Memory Controller configuration unlocked\r\n"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_3 L"0x00070003"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_3 L"System Agent configuration unlocked\r\n"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_4 L"0x00070004"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_4 L"Graphics memory configuration unlocked\r\n"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_5 L"0x00070005"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_5 L"VT-d configuration unlocked\r\n"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_6 L"0x00070006"
+#define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_6 L"Power Plane 0 Current Config unlocked\r\n"
+
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION BIT0
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_1 L"0x00080001"
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_1 L" Memory BAR configuration unlocked\r\n"
+
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_2 L"0x00080002"
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_2 L" Fixed MMIO regions overlap\r\n"
+
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_3 L"0x00080003"
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_3 L" Non lockable MMIO ranges overlap other critical regions\r\n"
+
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_4 L"0x00080004"
+#define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_4 L" SPD not write protected\r\n"
+
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION BIT1
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 L"0x00090001"
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1 L" Graphics configuration unlocked\r\n"
+
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_2 L"0x00090002"
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_2 L"Invalid Graphics Memory Alignment\r\n"
+
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_3 L"0x00090003"
+#define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_3 L" Reserved Check failed\r\n"
+
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION BIT2
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_1 L"0x000A0001"
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_1 L" Thermal Configuration unlocked\r\n"
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_2 L"0x000A0002"
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_2 L"BAR's unlocked\r\n"
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_3 L"0x000A0003"
+#define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_3 L" Reserved Check failure\r\n"
+
+#endif
|