TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / tf-a-tests.git / refs/heads/openci-migration / . / include / lib / spdm / spdm.h
blob: 9e41c52f0d8c50435dbb20fd9e950216583d702e [file] [log] [blame]
AlexeiFedorov9f2de632024-09-10 11:48:22 +0100[diff] [blame]1/**
2 * Copyright Notice:
3 * Copyright 2021-2024 DMTF. All rights reserved.
4 * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 **/
6
7/** @file
8 * Definitions of DSP0274 Security Protocol & data Model Specification (SPDM)
9 * version 1.2.0 in Distributed Management Task Force (DMTF).
10 **/
11
12#ifndef SPDM_H
13#define SPDM_H
14
15#pragma pack(1)
16
17/* 4 means SPDM spec 1.0, 1.1, 1.2, 1.3 */
18#define SPDM_MAX_VERSION_COUNT 4
19#define SPDM_MAX_SLOT_COUNT 8
20#define SPDM_MAX_OPAQUE_DATA_SIZE 1024
21#define SPDM_MAX_CSR_TRACKING_TAG 7
22/* MeasurementRecordLength is 3 bytes. */
23#define SPDM_MAX_MEASUREMENT_RECORD_LENGTH 0xFFFFFF
24
25#define SPDM_NONCE_SIZE 32
26#define SPDM_RANDOM_DATA_SIZE 32
27#define SPDM_REQ_CONTEXT_SIZE 8
28
29/* SPDM response code (1.0) */
30#define SPDM_DIGESTS 0x01
31#define SPDM_CERTIFICATE 0x02
32#define SPDM_CHALLENGE_AUTH 0x03
33#define SPDM_VERSION 0x04
34#define SPDM_MEASUREMENTS 0x60
35#define SPDM_CAPABILITIES 0x61
36#define SPDM_ALGORITHMS 0x63
37#define SPDM_VENDOR_DEFINED_RESPONSE 0x7E
38#define SPDM_ERROR 0x7F
39
40/* SPDM response code (1.1) */
41#define SPDM_KEY_EXCHANGE_RSP 0x64
42#define SPDM_FINISH_RSP 0x65
43#define SPDM_PSK_EXCHANGE_RSP 0x66
44#define SPDM_PSK_FINISH_RSP 0x67
45#define SPDM_HEARTBEAT_ACK 0x68
46#define SPDM_KEY_UPDATE_ACK 0x69
47#define SPDM_ENCAPSULATED_REQUEST 0x6A
48#define SPDM_ENCAPSULATED_RESPONSE_ACK 0x6B
49#define SPDM_END_SESSION_ACK 0x6C
50
51/* SPDM response code (1.2) */
52#define SPDM_CSR 0x6D
53#define SPDM_SET_CERTIFICATE_RSP 0x6E
54#define SPDM_CHUNK_SEND_ACK 0x05
55#define SPDM_CHUNK_RESPONSE 0x06
56
57/* SPDM response code (1.3) */
58#define SPDM_SUPPORTED_EVENT_TYPES 0x62
59
60/* SPDM request code (1.0) */
61#define SPDM_GET_DIGESTS 0x81
62#define SPDM_GET_CERTIFICATE 0x82
63#define SPDM_CHALLENGE 0x83
64#define SPDM_GET_VERSION 0x84
65#define SPDM_GET_MEASUREMENTS 0xE0
66#define SPDM_GET_CAPABILITIES 0xE1
67#define SPDM_NEGOTIATE_ALGORITHMS 0xE3
68#define SPDM_VENDOR_DEFINED_REQUEST 0xFE
69#define SPDM_RESPOND_IF_READY 0xFF
70
71/* SPDM request code (1.1) */
72#define SPDM_KEY_EXCHANGE 0xE4
73#define SPDM_FINISH 0xE5
74#define SPDM_PSK_EXCHANGE 0xE6
75#define SPDM_PSK_FINISH 0xE7
76#define SPDM_HEARTBEAT 0xE8
77#define SPDM_KEY_UPDATE 0xE9
78#define SPDM_GET_ENCAPSULATED_REQUEST 0xEA
79#define SPDM_DELIVER_ENCAPSULATED_RESPONSE 0xEB
80#define SPDM_END_SESSION 0xEC
81
82/* SPDM request code (1.2) */
83#define SPDM_GET_CSR 0xED
84#define SPDM_SET_CERTIFICATE 0xEE
85#define SPDM_CHUNK_SEND 0x85
86#define SPDM_CHUNK_GET 0x86
87
88/* SPDM request code (1.3) */
89#define SPDM_GET_SUPPORTED_EVENT_TYPES 0xE2
90
91/* SPDM message header*/
92typedef struct {
93 uint8_t spdm_version;
94 uint8_t request_response_code;
95 uint8_t param1;
96 uint8_t param2;
97} spdm_message_header_t;
98
99#define SPDM_MESSAGE_VERSION_10 0x10
100#define SPDM_MESSAGE_VERSION_11 0x11
101#define SPDM_MESSAGE_VERSION_12 0x12
102#define SPDM_MESSAGE_VERSION_13 0x13
103#define SPDM_MESSAGE_VERSION SPDM_MESSAGE_VERSION_10
104
105/* SPDM GET_VERSION request */
106typedef struct {
107 spdm_message_header_t header;
108 /* param1 == RSVD
109 * param2 == RSVD*/
110} spdm_get_version_request_t;
111
112
113/* SPDM GET_VERSION response */
114typedef struct {
115 spdm_message_header_t header;
116 /* param1 == RSVD
117 * param2 == RSVD*/
118 uint8_t reserved;
119 uint8_t version_number_entry_count;
120 /*spdm_version_number_t version_number_entry[version_number_entry_count];*/
121} spdm_version_response_t;
122
123/* SPDM VERSION structure
124 * bit[15:12] major_version
125 * bit[11:8] minor_version
126 * bit[7:4] update_version_number
127 * bit[3:0] alpha*/
128typedef uint16_t spdm_version_number_t;
129#define SPDM_VERSION_NUMBER_SHIFT_BIT 8
130
131#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*"
132#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE \
133 (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1)
134#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100
135
136/* SPDM GET_CAPABILITIES request */
137typedef struct {
138 spdm_message_header_t header;
139 /* param1 == RSVD
140 * param2 == RSVD
141 * Below field is added in 1.1.*/
142 uint8_t reserved;
143 uint8_t ct_exponent;
144 uint16_t reserved2;
145 uint32_t flags;
146 /* Below field is added in 1.2.*/
147 uint32_t data_transfer_size;
148 uint32_t max_spdm_msg_size;
149} spdm_get_capabilities_request_t;
150
151/* SPDM GET_CAPABILITIES response*/
152
153typedef struct {
154 spdm_message_header_t header;
155 /* param1 == RSVD
156 * param2 == RSVD*/
157 uint8_t reserved;
158 uint8_t ct_exponent;
159 uint16_t reserved2;
160 uint32_t flags;
161 /* Below field is added in 1.2.*/
162 uint32_t data_transfer_size;
163 uint32_t max_spdm_msg_size;
164} spdm_capabilities_response_t;
165
166#define SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12 42
167
168/* SPDM GET_CAPABILITIES request flags (1.1) */
169#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP 0x00000002
170#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP 0x00000004
171#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP 0x00000040
172#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080
173#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP 0x00000100
174#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200
175#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP (0x00000400 | 0x00000800)
176#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP_REQUESTER 0x00000400
177#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP 0x00001000
178#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP 0x00002000
179#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP 0x00004000
180#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000
181#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP 0x00010000
182#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK ( \
183 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP | \
184 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP | \
185 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | \
186 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | \
187 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP | \
188 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP | \
189 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP | \
190 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP | \
191 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP | \
192 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP | \
193 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \
194 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP)
195
196/* SPDM GET_CAPABILITIES request flags (1.2) */
197#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP 0x00020000
198#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK ( \
199 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK | \
200 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP)
201
202/* SPDM GET_CAPABILITIES request flags (1.3) */
203#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP (0x00400000 | 0x00800000)
204#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP_NO_SIG 0x00400000
205#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP_SIG 0x00800000
206#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EVENT_CAP 0x02000000
207#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP (0x04000000 | 0x08000000)
208#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_ONLY 0x04000000
209#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_NEG 0x08000000
210#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_13_MASK ( \
211 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK | \
212 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP | \
213 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EVENT_CAP | \
214 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP)
215
216/* SPDM GET_CAPABILITIES response flags (1.0) */
217#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP 0x00000001
218#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP 0x00000002
219#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP 0x00000004
220#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP (0x00000008 | 0x00000010)
221#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG 0x00000008
222#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG 0x00000010
223#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP 0x00000020
224#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK ( \
225 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP | \
226 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | \
227 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | \
228 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP | \
229 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP)
230
231/* SPDM GET_CAPABILITIES response flags (1.1) */
232#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP 0x00000040
233#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP 0x00000080
234#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP 0x00000100
235#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200
236#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP (0x00000400 | 0x00000800)
237#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER 0x00000400
238#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT 0x00000800
239#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP 0x00001000
240#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP 0x00002000
241#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP 0x00004000
242#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000
243#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP 0x00010000
244#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK ( \
245 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK | \
246 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | \
247 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | \
248 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | \
249 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | \
250 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP | \
251 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | \
252 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | \
253 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | \
254 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \
255 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP)
256
257/* SPDM GET_CAPABILITIES request flags (1.2) */
258#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP 0x00020000
259#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP 0x00040000
260
261/* SPDM GET_CAPABILITIES response flags (1.2.1)*/
262#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP 0x00080000
263#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP 0x00100000
264#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP 0x00200000
265#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK ( \
266 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK | \
267 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP | \
268 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP | \
269 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP | \
270 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP | \
271 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP)
272
273/* SPDM GET_CAPABILITIES response flags (1.3) */
274#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP (0x00400000 | 0x00800000)
275#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG 0x00400000
276#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_SIG 0x00800000
277#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP 0x01000000
278#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP 0x02000000
279#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP (0x04000000 | 0x08000000)
280#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_ONLY 0x04000000
281#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_NEG 0x08000000
282#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP 0x10000000
283#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP 0x20000000
284#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_13_MASK ( \
285 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK | \
286 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP | \
287 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP | \
288 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP | \
289 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP | \
290 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP | \
291 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP)
292
293/* SPDM NEGOTIATE_ALGORITHMS request */
294typedef struct {
295 spdm_message_header_t header;
296 /* param1 == Number of Algorithms Structure Tables
297 * param2 == RSVD*/
298 uint16_t length;
299 uint8_t measurement_specification;
300 /* other_params_support is added in 1.2.
301 * BIT[0:3]=opaque_data_format support
302 * BIT[4]=ResponderMultiKeyConn, added in 1.3
303 * BIT[5:7]=reserved*/
304 uint8_t other_params_support;
305 uint32_t base_asym_algo;
306 uint32_t base_hash_algo;
307 uint8_t reserved2[12];
308 uint8_t ext_asym_count;
309 uint8_t ext_hash_count;
310 uint8_t reserved3;
311 uint8_t mel_specification;
312 /*spdm_extended_algorithm_t ext_asym[ext_asym_count];
313 * spdm_extended_algorithm_t ext_hash[ext_hash_count];
314 * Below field is added in 1.1.
315 * spdm_negotiate_algorithms_struct_table_t alg_struct[param1];*/
316} spdm_negotiate_algorithms_request_t;
317
318#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_10 0x40
319#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_11 0x80
320#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_12 0x80
321#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_10 0x08
322#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_11 0x14
323#define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_12 0x14
324
325typedef struct {
326 uint8_t alg_type;
327 uint8_t alg_count; /* BIT[0:3]=ext_alg_count, BIT[4:7]=fixed_alg_byte_count*/
328 /*uint8_t alg_supported[fixed_alg_byte_count];
329 * uint32_t alg_external[ext_alg_count];*/
330} spdm_negotiate_algorithms_struct_table_t;
331
332#define SPDM_NEGOTIATE_ALGORITHMS_MAX_NUM_STRUCT_TABLE_ALG 4
333#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_DHE 2
334#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_AEAD 3
335#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_REQ_BASE_ASYM_ALG 4
336#define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_KEY_SCHEDULE 5
337
338typedef struct {
339 uint8_t alg_type;
340 uint8_t alg_count;
341 uint16_t alg_supported;
342} spdm_negotiate_algorithms_common_struct_table_t;
343
344
345/* SPDM NEGOTIATE_ALGORITHMS request base_asym_algo/REQ_BASE_ASYM_ALG */
346#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001
347#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002
348#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004
349#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008
350#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010
351#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020
352#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040
353#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080
354#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100
355
356/* SPDM NEGOTIATE_ALGORITHMS request base_asym_algo/REQ_BASE_ASYM_ALG (1.2) */
357#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200
358#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400
359#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800
360
361/* SPDM NEGOTIATE_ALGORITHMS request base_hash_algo */
362#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001
363#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002
364#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004
365#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008
366#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010
367#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020
368
369/* SPDM NEGOTIATE_ALGORITHMS request base_hash_algo (1.2) */
370#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040
371
372/* SPDM NEGOTIATE_ALGORITHMS request DHE */
373#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048 0x00000001
374#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072 0x00000002
375#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096 0x00000004
376#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 0x00000008
377#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 0x00000010
378#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1 0x00000020
379
380/* SPDM NEGOTIATE_ALGORITHMS request DHE (1.2) */
381#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256 0x00000040
382
383/* SPDM NEGOTIATE_ALGORITHMS request AEAD */
384#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001
385#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002
386#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004
387
388/* SPDM NEGOTIATE_ALGORITHMS request AEAD (1.2) */
389#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008
390
391/* SPDM NEGOTIATE_ALGORITHMS request KEY_SCHEDULE */
392#define SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH 0x00000001
393
394/* SPDM NEGOTIATE_ALGORITHMS response */
395typedef struct {
396 spdm_message_header_t header;
397 /* param1 == Number of Algorithms Structure Tables
398 * param2 == RSVD*/
399 uint16_t length;
400 uint8_t measurement_specification_sel;
401 /* other_params_selection is added in 1.2.
402 * BIT[0:3]=opaque_data_format select,
403 * BIT[4]=RequesterMultiKeyConnSel, added in 1.3
404 * BIT[5:7]=reserved*/
405 uint8_t other_params_selection;
406 uint32_t measurement_hash_algo;
407 uint32_t base_asym_sel;
408 uint32_t base_hash_sel;
409 uint8_t reserved2[11];
410 uint8_t mel_specification_sel;
411 uint8_t ext_asym_sel_count;
412 uint8_t ext_hash_sel_count;
413 uint16_t reserved3;
414 /*spdm_extended_algorithm_t ext_asym_sel[ext_asym_sel_count];
415 * spdm_extended_algorithm_t ext_hash_sel[ext_hash_sel_count];
416 * Below field is added in 1.1.
417 * spdm_negotiate_algorithms_struct_table_t alg_struct[param1];*/
418} spdm_algorithms_response_t;
419
420/* SPDM NEGOTIATE_ALGORITHMS response measurement_hash_algo */
421#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_RAW_BIT_STREAM_ONLY 0x00000001
422#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256 0x00000002
423#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_384 0x00000004
424#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_512 0x00000008
425#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_256 0x00000010
426#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_384 0x00000020
427#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_512 0x00000040
428
429/* SPDM NEGOTIATE_ALGORITHMS response measurement_hash_algo (1.2) */
430#define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SM3_256 0x00000080
431
432/* SPDM Opaque Data Format (1.2) */
433#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE 0x0
434#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x1
435#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x2
436#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK 0xF
437/* SPDM Multi-Connection Selection (1.3) */
438#define SPDM_ALGORITHMS_MULTI_KEY_CONN 0x10
439
440/* SPDM Opaque Data Format 1 (1.2) */
441typedef struct {
442 uint8_t total_elements;
443 uint8_t reserved[3];
444 /*opaque_element_table_t opaque_list[];*/
445} spdm_general_opaque_data_table_header_t;
446
447/* SPDM extended algorithm */
448typedef struct {
449 uint8_t registry_id;
450 uint8_t reserved;
451 uint16_t algorithm_id;
452} spdm_extended_algorithm_t;
453
454/* SPDM registry_id */
455#define SPDM_REGISTRY_ID_DMTF 0x0
456#define SPDM_REGISTRY_ID_TCG 0x1
457#define SPDM_REGISTRY_ID_USB 0x2
458#define SPDM_REGISTRY_ID_PCISIG 0x3
459#define SPDM_REGISTRY_ID_IANA 0x4
460#define SPDM_REGISTRY_ID_HDBASET 0x5
461#define SPDM_REGISTRY_ID_MIPI 0x6
462#define SPDM_REGISTRY_ID_CXL 0x7
463#define SPDM_REGISTRY_ID_JEDEC 0x8
464#define SPDM_REGISTRY_ID_VESA 0x9
465#define SPDM_REGISTRY_ID_IANA_CBOR 0xa
466#define SPDM_REGISTRY_ID_MAX 0xa
467
468/* SPDM GET_DIGESTS request */
469typedef struct {
470 spdm_message_header_t header;
471 /* param1 == RSVD
472 * param2 == RSVD*/
473} spdm_get_digest_request_t;
474
475/* SPDM GET_DIGESTS response */
476typedef struct {
477 spdm_message_header_t header;
478 /* param1 == RSVD (supported_slot_mask in 1.3)
479 * param2 == slot_mask (provisioned_slot_mask in 1.3) determing slot_count
480 * cert slot state:
481 * 1) not exist: supported_slot_mask[slot_id] = 0
482 * 2) exist and empty: supported_slot_mask[slot_id] = 1 && provisioned_slot_mask[slot_id] = 0
483 * 3) exist with key: supported_slot_mask[slot_id] = 1 && provisioned_slot_mask[slot_id] = 1 && cert_model = 0
484 * 4) exist with key/cert: supported_slot_mask[slot_id] = 1 && provisioned_slot_mask[slot_id] = 1 && cert_model = !0
485 *
486 * uint8_t digest[digest_size][slot_count];
487 *
488 * Below field is added in 1.3. Present if MULTI_KEY_CONN is 1.
489 * spdm_key_pair_id_t key_pair_id[slot_count];
490 * spdm_certificate_info_t certificate_info[slot_count];
491 * spdm_key_usage_bit_mask_t key_usage_bit_mask[slot_count];*/
492} spdm_digest_response_t;
493
494typedef uint8_t spdm_key_pair_id_t;
495
496typedef uint8_t spdm_certificate_info_t;
497#define SPDM_CERTIFICATE_INFO_CERT_MODEL_MASK 0x7
498#define SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE 0x0
499#define SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT 0x1
500#define SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT 0x2
501#define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3
502
503typedef uint16_t spdm_key_usage_bit_mask_t;
504#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x1
505#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x2
506#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x4
507#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x8
508#define SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE 0x4000
509#define SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE 0x8000
510
511/* SPDM GET_CERTIFICATE request */
512typedef struct {
513 spdm_message_header_t header;
514 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
515 * param2 == Request Attribute in 1.3 */
516 uint16_t offset;
517 uint16_t length;
518} spdm_get_certificate_request_t;
519
520#define SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF
521
522/* SPDM GET_CERTIFICATE request Attributes */
523#define SPDM_GET_CERTIFICATE_REQUEST_ATTRIBUTES_SLOT_SIZE_REQUESTED 0x01
524
525/* SPDM GET_CERTIFICATE response */
526typedef struct {
527 spdm_message_header_t header;
528 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
529 * param2 == Response Attribute in 1.3 */
530 uint16_t portion_length;
531 uint16_t remainder_length;
532 /*uint8_t cert_chain[portion_length];*/
533} spdm_certificate_response_t;
534
535#define SPDM_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF
536
537/* SPDM CERTIFICATE response Attributes */
538#define SPDM_CERTIFICATE_RESPONSE_ATTRIBUTES_CERTIFICATE_INFO_MASK 0x7
539
540typedef struct {
541 /* Total length of the certificate chain, in bytes,
542 * including all fields in this table.*/
543
544 uint16_t length;
545 uint16_t reserved;
546
547 /* digest of the Root Certificate.
548 * Note that Root Certificate is ASN.1 DER-encoded for this digest.
549 * The hash size is determined by the SPDM device.*/
550
551 /*uint8_t root_hash[hash_size];*/
552
553 /* One or more ASN.1 DER-encoded X509v3 certificates where the first certificate is signed by the Root
554 * Certificate or is the Root Certificate itself and each subsequent certificate is signed by the preceding
555 * certificate. The last certificate is the Leaf Certificate.*/
556
557 /*uint8_t certificates[length - 4 - hash_size];*/
558} spdm_cert_chain_t;
559
560/* Maximum size, in bytes, of a certificate chain. */
561#define SPDM_MAX_CERTIFICATE_CHAIN_SIZE 65535
562
563/* SPDM CHALLENGE request */
564typedef struct {
565 spdm_message_header_t header;
566 /* param1 == slot_id
567 * param2 == HashType*/
568 uint8_t nonce[32];
569 /*uint8_t requester_context[SPDM_REQ_CONTEXT_SIZE]; */
570} spdm_challenge_request_t;
571
572/* SPDM CHALLENGE response */
573typedef struct {
574 spdm_message_header_t header;
575 /* param1 == ResponseAttribute, BIT[0:3]=slot_id, BIT[4:6]=RSVD, BIT[7]=basic_mut_auth(deprecated in 1.2)
576 * param2 == slot_mask
577 * uint8_t cert_chain_hash[digest_size];
578 * uint8_t nonce[32];
579 * uint8_t measurement_summary_hash[digest_size];
580 * uint16_t opaque_length;
581 * uint8_t opaque_data[opaque_length];
582 * uint8_t requester_context[SPDM_REQ_CONTEXT_SIZE];
583 * uint8_t signature[key_size];*/
584} spdm_challenge_auth_response_t;
585
586/* SPDM generic request measurement summary HashType */
587#define SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 0
588#define SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 1
589#define SPDM_REQUEST_ALL_MEASUREMENTS_HASH 0xFF
590
591/* SPDM CHALLENGE request measurement summary HashType */
592#define SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
593#define SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
594 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
595#define SPDM_CHALLENGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
596
597#define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_SLOT_ID_MASK 0xF
598#define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_BASIC_MUT_AUTH_REQ 0x00000080 /* Deprecated in SPDM 1.2*/
599
600#define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT "responder-challenge_auth signing"
601#define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) - 1)
602#define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT "requester-challenge_auth signing"
603#define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT) - 1)
604
605/* SPDM GET_MEASUREMENTS request */
606typedef struct {
607 spdm_message_header_t header;
608 /* param1 == Attributes
609 * param2 == measurement_operation*/
610 uint8_t nonce[32];
611 /* Below field is added in 1.1.*/
612 uint8_t slot_id_param; /* BIT[0:3]=slot_id, BIT[4:7]=RSVD*/
613 /*uint8_t requester_context[SPDM_REQ_CONTEXT_SIZE]; */
614} spdm_get_measurements_request_t;
615
616#define SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_MASK 0xF
617
618/* SPDM GET_MEASUREMENTS request Attributes */
619#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE 0x00000001
620#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_RAW_BIT_STREAM_REQUESTED 0x00000002
621#define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_NEW_MEASUREMENT_REQUESTED 0x00000004
622
623/* SPDM GET_MEASUREMENTS request measurement_operation */
624#define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_TOTAL_NUMBER_OF_MEASUREMENTS 0
625
626/*SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_INDEX */
627#define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_ALL_MEASUREMENTS 0xFF
628
629
630/* SPDM MEASUREMENTS block common header */
631typedef struct {
632 uint8_t index;
633 uint8_t measurement_specification;
634 uint16_t measurement_size;
635 /*uint8_t measurement[measurement_size];*/
636} spdm_measurement_block_common_header_t;
637
638#define SPDM_MEASUREMENT_SPECIFICATION_DMTF 0x01
639
640/* SPDM MEASUREMENTS block DMTF header */
641typedef struct {
642 uint8_t dmtf_spec_measurement_value_type;
643 uint16_t dmtf_spec_measurement_value_size;
644 /*uint8_t Dmtf_spec_measurement_value[dmtf_spec_measurement_value_size];*/
645} spdm_measurement_block_dmtf_header_t;
646
647typedef struct {
648 spdm_measurement_block_common_header_t measurement_block_common_header;
649 spdm_measurement_block_dmtf_header_t measurement_block_dmtf_header;
650 /*uint8_t hash_value[hash_size];*/
651} spdm_measurement_block_dmtf_t;
652
653/* SPDM MEASUREMENTS block MeasurementValueType */
654#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM 0
655#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE 1
656#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION 2
657#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION 3
658#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MEASUREMENT_MANIFEST 4
659#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_DEVICE_MODE 5
660#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_VERSION 6
661#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_SECURE_VERSION_NUMBER 7
662#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HASH_EXTEND_MEASUREMENT 8
663#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_INFORMATIONAL 9
664#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_STRUCTURED_MEASUREMENT_MANIFEST 10
665#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MASK 0x7
666#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM 0x00000080
667
668/* SPDM MEASUREMENTS block index */
669#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST 0xFD
670#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_DEVICE_MODE 0xFE
671
672/* SPDM MEASUREMENTS device mode */
673typedef struct {
674 uint32_t operational_mode_capabilities;
675 uint32_t operational_mode_state;
676 uint32_t device_mode_capabilities;
677 uint32_t device_mode_state;
678} spdm_measurements_device_mode_t;
679
680#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_MANUFACTURING_MODE 0x00000001
681#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_VALIDATION_MODE 0x00000002
682#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_NORMAL_MODE 0x00000004
683#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RECOVERY_MODE 0x00000008
684#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RMA_MODE 0x00000010
685#define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_DECOMMISSIONED_MODE 0x00000020
686
687#define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_IS_ACTIVE 0x00000001
688#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_IS_ACTIVE 0x00000002
689#define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE 0x00000004
690#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE 0x00000008
691#define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE_AFTER_MFG 0x00000010
692
693/* SPDM MEASUREMENTS SVN */
694typedef uint64_t spdm_measurements_secure_version_number_t;
695
696/* SPDM GET_MEASUREMENTS response */
697typedef struct {
698 spdm_message_header_t header;
699 /* param1 == TotalNumberOfMeasurement/RSVD
700 * param2 == BIT[0:3]=slot_id, BIT[4:5]=content changed, BIT[6:7]=RSVD*/
701 uint8_t number_of_blocks;
702 uint8_t measurement_record_length[3];
703 /*uint8_t measurement_record[measurement_record_length];
704 * uint8_t nonce[32];
705 * uint16_t opaque_length;
706 * uint8_t opaque_data[opaque_length];
707 * uint8_t requester_context[SPDM_REQ_CONTEXT_SIZE];
708 * uint8_t signature[key_size];*/
709} spdm_measurements_response_t;
710
711#define SPDM_MEASUREMENTS_RESPONSE_SLOT_ID_MASK 0xF
712
713/* SPDM MEASUREMENTS content changed */
714#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_MASK 0x30
715#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_NO_DETECTION 0x00
716#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED 0x10
717#define SPDM_MEASUREMENTS_RESPONSE_CONTENT_NO_CHANGE_DETECTED 0x20
718
719#define SPDM_MEASUREMENTS_SIGN_CONTEXT "responder-measurements signing"
720#define SPDM_MEASUREMENTS_SIGN_CONTEXT_SIZE (sizeof(SPDM_MEASUREMENTS_SIGN_CONTEXT) - 1)
721
722#define SPDM_MEL_SPECIFICATION_DMTF 0x01
723
724/* SPDM ERROR response */
725typedef struct {
726 spdm_message_header_t header;
727 /* param1 == Error Code
728 * param2 == Error data
729 * uint8_t extended_error_data[32];*/
730} spdm_error_response_t;
731
732#define SPDM_EXTENDED_ERROR_DATA_MAX_SIZE 32
733
734/* SPDM error code */
735#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01
736#define SPDM_ERROR_CODE_BUSY 0x03
737#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04
738#define SPDM_ERROR_CODE_UNSPECIFIED 0x05
739#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07
740#define SPDM_ERROR_CODE_VERSION_MISMATCH 0x41
741#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42
742#define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43
743#define SPDM_ERROR_CODE_VENDOR_DEFINED 0xFF
744
745/* SPDM error code (1.1) */
746#define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06
747#define SPDM_ERROR_CODE_REQUEST_IN_FLIGHT 0x08
748#define SPDM_ERROR_CODE_INVALID_RESPONSE_CODE 0x09
749#define SPDM_ERROR_CODE_SESSION_LIMIT_EXCEEDED 0x0A
750
751/* SPDM error code (1.2) */
752#define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B
753#define SPDM_ERROR_CODE_RESET_REQUIRED 0x0C
754#define SPDM_ERROR_CODE_RESPONSE_TOO_LARGE 0x0D
755#define SPDM_ERROR_CODE_REQUEST_TOO_LARGE 0x0E
756#define SPDM_ERROR_CODE_LARGE_RESPONSE 0x0F
757#define SPDM_ERROR_CODE_MESSAGE_LOST 0x10
758
759/* SPDM error code (1.3) */
760#define SPDM_ERROR_CODE_OPERATION_FAILED 0x44
761
762/* SPDM ResponseNotReady extended data */
763typedef struct {
764 uint8_t rd_exponent;
765 uint8_t request_code;
766 uint8_t token;
767 uint8_t rd_tm;
768} spdm_error_data_response_not_ready_t;
769
770typedef struct {
771 spdm_message_header_t header;
772 /* param1 == Error Code
773 * param2 == Error data*/
774 spdm_error_data_response_not_ready_t extend_error_data;
775} spdm_error_response_data_response_not_ready_t;
776
777/* SPDM LargeResponse extended data */
778typedef struct {
779 uint8_t handle;
780} spdm_error_data_large_response_t;
781
782typedef struct {
783 spdm_message_header_t header;
784 /* param1 == Error Code
785 * param2 == Error data*/
786 spdm_error_data_large_response_t extend_error_data;
787} spdm_error_response_large_response_t;
788
789/* SPDM RESPONSE_IF_READY request */
790typedef struct {
791 spdm_message_header_t header;
792 /* param1 == request_code
793 * param2 == token*/
794} spdm_response_if_ready_request_t;
795
796/* Maximum size of a vendor defined message data length
797 * limited by the length field size which is 2 bytes */
798#define SPDM_MAX_VENDOR_DEFINED_DATA_LEN 65535
799/* Maximum size of a vendor defined vendor id length
800 * limited by the length field size which is 1 byte */
801#define SPDM_MAX_VENDOR_ID_LENGTH 255
802
803/* SPDM VENDOR_DEFINED request */
804typedef struct {
805 spdm_message_header_t header;
806 /* param1 == RSVD
807 * param2 == RSVD*/
808 uint16_t standard_id;
809 uint8_t len;
810 /*uint8_t vendor_id[len];
811 * uint16_t payload_length;
812 * uint8_t vendor_defined_payload[payload_length];*/
813} spdm_vendor_defined_request_msg_t;
814
815/* SPDM VENDOR_DEFINED response */
816typedef struct {
817 spdm_message_header_t header;
818 /* param1 == RSVD
819 * param2 == RSVD*/
820 uint16_t standard_id;
821 uint8_t len;
822 /*uint8_t vendor_id[len];
823 * uint16_t payload_length;
824 * uint8_t vendor_defined_payload[payload_length];*/
825} spdm_vendor_defined_response_msg_t;
826
827/* Below command is defined in SPDM 1.1 */
828
829/* SPDM KEY_EXCHANGE request */
830typedef struct {
831 spdm_message_header_t header;
832 /* param1 == HashType
833 * param2 == slot_id*/
834 uint16_t req_session_id;
835 /* session_policy is added in 1.2.*/
836 uint8_t session_policy;
837 uint8_t reserved;
838 uint8_t random_data[32];
839 /*uint8_t exchange_data[D];
840 * uint16_t opaque_length;
841 * uint8_t opaque_data[opaque_length];*/
842} spdm_key_exchange_request_t;
843
844/* SPDM KEY_EXCHANGE request session_policy */
845#define SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_TERMINATION_POLICY_RUNTIME_UPDATE 0x00000001
846
847/* SPDM KEY_EXCHANGE request measurement summary HashType */
848#define SPDM_KEY_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \
849 SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
850#define SPDM_KEY_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
851 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
852#define SPDM_KEY_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
853
854/* SPDM KEY_EXCHANGE response */
855typedef struct {
856 spdm_message_header_t header;
857 /* param1 == heartbeat_period
858 * param2 == RSVD*/
859 uint16_t rsp_session_id;
860 uint8_t mut_auth_requested;
861 uint8_t req_slot_id_param;
862 uint8_t random_data[32];
863 /*uint8_t exchange_data[D];
864 * uint8_t measurement_summary_hash[digest_size];
865 * uint16_t opaque_length;
866 * uint8_t opaque_data[opaque_length];
867 * uint8_t signature[S];
868 * uint8_t verify_data[H];*/
869} spdm_key_exchange_response_t;
870
871/* SPDM KEY_EXCHANGE response mut_auth_requested */
872#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED 0x00000001
873#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST 0x00000002
874#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS 0x00000004
875
876#define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT "responder-key_exchange_rsp signing"
877#define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT_SIZE \
878 (sizeof(SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) - 1)
879
880#define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT "Requester-KEP-dmtf-spdm-v1.2"
881#define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT_SIZE \
882 (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT) - 1)
883
884#define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT "Responder-KEP-dmtf-spdm-v1.2"
885#define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT_SIZE \
886 (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT) - 1)
887
888/* SPDM FINISH request */
889typedef struct {
890 spdm_message_header_t header;
891 /* param1 == signature_included
892 * param2 == req_slot_id
893 * uint8_t signature[S];
894 * uint8_t verify_data[H];*/
895} spdm_finish_request_t;
896
897/* SPDM FINISH request signature_included */
898#define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED 0x00000001
899
900/* SPDM FINISH response */
901typedef struct {
902 spdm_message_header_t header;
903 /* param1 == RSVD
904 * param2 == RSVD
905 * uint8_t verify_data[H];*/
906} spdm_finish_response_t;
907
908#define SPDM_FINISH_SIGN_CONTEXT "requester-finish signing"
909#define SPDM_FINISH_SIGN_CONTEXT_SIZE (sizeof(SPDM_FINISH_SIGN_CONTEXT) - 1)
910
911/* SPDM PSK_EXCHANGE request */
912typedef struct {
913 spdm_message_header_t header;
914 /* param1 == HashType
915 * param2 == RSVD/session_policy (1.2)*/
916 uint16_t req_session_id;
917 uint16_t psk_hint_length;
918 uint16_t context_length;
919 uint16_t opaque_length;
920 /*uint8_t psk_hint[psk_hint_length];
921 * uint8_t context[context_length];
922 * uint8_t opaque_data[opaque_length];*/
923} spdm_psk_exchange_request_t;
924
925/* SPDM PSK_EXCHANGE request measurement summary HashType */
926#define SPDM_PSK_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \
927 SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
928#define SPDM_PSK_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \
929 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH
930#define SPDM_PSK_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH
931
932/* SPDM PSK_EXCHANGE response */
933typedef struct {
934 spdm_message_header_t header;
935 /* param1 == heartbeat_period
936 * param2 == RSVD*/
937 uint16_t rsp_session_id;
938 uint16_t reserved;
939 uint16_t context_length;
940 uint16_t opaque_length;
941 /*uint8_t measurement_summary_hash[digest_size];
942 * uint8_t context[context_length];
943 * uint8_t opaque_data[opaque_length];
944 * uint8_t verify_data[H];*/
945} spdm_psk_exchange_response_t;
946
947/* SPDM PSK_FINISH request */
948typedef struct {
949 spdm_message_header_t header;
950 /* param1 == RSVD
951 * param2 == RSVD
952 * uint8_t verify_data[H];*/
953} spdm_psk_finish_request_t;
954
955/* SPDM PSK_FINISH response */
956typedef struct {
957 spdm_message_header_t header;
958 /* param1 == RSVD
959 * param2 == RSVD*/
960} spdm_psk_finish_response_t;
961
962
963/* SPDM HEARTBEAT request */
964typedef struct {
965 spdm_message_header_t header;
966 /* param1 == RSVD
967 * param2 == RSVD*/
968} spdm_heartbeat_request_t;
969
970/* SPDM HEARTBEAT response */
971typedef struct {
972 spdm_message_header_t header;
973 /* param1 == RSVD
974 * param2 == RSVD*/
975} spdm_heartbeat_response_t;
976
977/* SPDM KEY_UPDATE request */
978typedef struct {
979 spdm_message_header_t header;
980 /* param1 == key_operation
981 * param2 == tag*/
982} spdm_key_update_request_t;
983
984/* SPDM KEY_UPDATE Operations table */
985#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY 1
986#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS 2
987#define SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY 3
988
989/* SPDM KEY_UPDATE response */
990typedef struct {
991 spdm_message_header_t header;
992 /* param1 == key_operation
993 * param2 == tag*/
994} spdm_key_update_response_t;
995
996/* SPDM GET_ENCAPSULATED_REQUEST request */
997typedef struct {
998 spdm_message_header_t header;
999 /* param1 == RSVD
1000 * param2 == RSVD*/
1001} spdm_get_encapsulated_request_request_t;
1002
1003/* SPDM ENCAPSULATED_REQUEST response */
1004typedef struct {
1005 spdm_message_header_t header;
1006 /* param1 == request_id
1007 * param2 == RSVD
1008 * uint8_t encapsulated_request[];*/
1009} spdm_encapsulated_request_response_t;
1010
1011/* SPDM DELIVER_ENCAPSULATED_RESPONSE request */
1012typedef struct {
1013 spdm_message_header_t header;
1014 /* param1 == request_id
1015 * param2 == RSVD
1016 * uint8_t encapsulated_response[];*/
1017} spdm_deliver_encapsulated_response_request_t;
1018
1019/* SPDM ENCAPSULATED_RESPONSE_ACK response */
1020typedef struct {
1021 spdm_message_header_t header;
1022 /* param1 == request_id
1023 * param2 == payload_type*/
1024
1025 /* below 4 bytes are added in 1.2.*/
1026 uint8_t ack_request_id;
1027 uint8_t reserved[3];
1028
1029 /*uint8_t encapsulated_request[];*/
1030} spdm_encapsulated_response_ack_response_t;
1031
1032/* SPDM ENCAPSULATED_RESPONSE_ACK_RESPONSE payload Type */
1033#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_ABSENT 0
1034#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_PRESENT 1
1035#define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_REQ_SLOT_NUMBER 2
1036
1037/* SPDM END_SESSION request */
1038typedef struct {
1039 spdm_message_header_t header;
1040 /* param1 == end_session_request_attributes
1041 * param2 == RSVD*/
1042} spdm_end_session_request_t;
1043
1044/* SPDM END_SESSION request Attributes */
1045#define SPDM_END_SESSION_REQUEST_ATTRIBUTES_PRESERVE_NEGOTIATED_STATE_CLEAR 0x00000001
1046
1047/* SPDM END_SESSION response */
1048typedef struct {
1049 spdm_message_header_t header;
1050 /* param1 == RSVD
1051 * param2 == RSVD*/
1052} spdm_end_session_response_t;
1053
1054/* SPDM SET_CERTIFICATE request */
1055typedef struct {
1056 spdm_message_header_t header;
1057 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
1058 * param2 == RSVD
1059 * param1 and param2 are updated in 1.3
1060 * param1 == Request attributes, BIT[0:3]=slot_id, BIT[4:6]=SetCertModel, BIT[7]=Erase
1061 * param2 == KeyPairID
1062 * void * cert_chain*/
1063} spdm_set_certificate_request_t;
1064
1065#define SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF
1066
1067/* SPDM SET_CERTIFICATE request Attributes */
1068#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_MASK 0x70
1069#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET 4
1070#define SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE 0x80
1071
1072/* SPDM SET_CERTIFICATE_RSP response */
1073typedef struct {
1074 spdm_message_header_t header;
1075 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD
1076 * param2 == RSVD*/
1077} spdm_set_certificate_response_t;
1078
1079#define SPDM_SET_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF
1080
1081/* SPDM GET_CSR request */
1082typedef struct {
1083 spdm_message_header_t header;
1084 /* param1 == key_pair_id in 1.3
1085 * param2 == Request Attribute in 1.3*/
1086 uint16_t requester_info_length;
1087 uint16_t opaque_data_length;
1088 /* uint8_t RequesterInfo[requester_info_length];
1089 * uint8_t opaque_data[opaque_data_length]; */
1090} spdm_get_csr_request_t;
1091
1092/* SPDM GET_CSR request Attributes */
1093#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CERT_MODEL_MASK 0x07
1094#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_MASK 0x38
1095#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_OFFSET 3
1096#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_OVERWRITE 0x80
1097#define SPDM_GET_CSR_REQUEST_ATTRIBUTES_MAX_CSR_CERT_MODEL 4
1098
1099/* Maximum size, in bytes, of a CSR. */
1100#define SPDM_MAX_CSR_SIZE 65535
1101
1102/* SPDM CSR response */
1103typedef struct {
1104 spdm_message_header_t header;
1105 /* param1 == RSVD
1106 * param2 == RSVD*/
1107 uint16_t csr_length;
1108 uint16_t reserved;
1109} spdm_csr_response_t;
1110
1111/* SPDM CHUNK_SEND request */
1112typedef struct {
1113 spdm_message_header_t header;
1114 /* param1 - Request Attributes
1115 * param2 - Handle */
1116 uint16_t chunk_seq_no;
1117 uint16_t reserved;
1118 uint32_t chunk_size;
1119
1120 /* uint32_t large_message_size;
1121 * uint8_t spdm_chunk[chunk_size]; */
1122} spdm_chunk_send_request_t;
1123
1124#define SPDM_CHUNK_SEND_REQUEST_ATTRIBUTE_LAST_CHUNK (1 << 0)
1125
1126/* SPDM CHUNK_SEND_ACK response */
1127typedef struct {
1128 spdm_message_header_t header;
1129 /* param1 - Response Attributes
1130 * param2 - Handle */
1131 uint16_t chunk_seq_no;
1132 /* uint8_t response_to_large_request[variable] */
1133} spdm_chunk_send_ack_response_t;
1134
1135#define SPDM_CHUNK_SEND_ACK_RESPONSE_ATTRIBUTE_EARLY_ERROR_DETECTED (1 << 0)
1136
1137/* SPDM CHUNK_GET request */
1138typedef struct {
1139 spdm_message_header_t header;
1140 /* param1 - Reserved
1141 * param2 - Handle */
1142 uint16_t chunk_seq_no;
1143} spdm_chunk_get_request_t;
1144
1145/* SPDM CHUNK_RESPONSE response */
1146typedef struct {
1147 spdm_message_header_t header;
1148 /* param1 - Response Attributes
1149 * param2 - Handle */
1150 uint16_t chunk_seq_no;
1151 uint16_t reserved;
1152 uint32_t chunk_size;
1153
1154 /* uint32_t large_message_size;
1155 * uint8_t spdm_chunk[chunk_size]; */
1156} spdm_chunk_response_response_t;
1157
1158#define SPDM_CHUNK_GET_RESPONSE_ATTRIBUTE_LAST_CHUNK (1 << 0)
1159
1160typedef struct {
1161 spdm_message_header_t header;
1162 /* param1 == RSVD
1163 * param2 == RSVD */
1164} spdm_get_supported_event_types_request_t;
1165
1166typedef struct {
1167 spdm_message_header_t header;
1168 /* param1 == EventGroupCount
1169 * param2 == RSVD */
1170 uint32_t supported_event_groups_list_len;
1171 /* uint8_t supported_event_groups_list[supported_event_groups_list_len] */
1172} spdm_supported_event_types_response_t;
1173
1174#pragma pack()
1175
1176#define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 "
1177#define SPDM_VERSION_1_2_BIN_CONCAT_LABEL "spdm1.2 "
1178#define SPDM_BIN_STR_0_LABEL "derived"
1179#define SPDM_BIN_STR_1_LABEL "req hs data"
1180#define SPDM_BIN_STR_2_LABEL "rsp hs data"
1181#define SPDM_BIN_STR_3_LABEL "req app data"
1182#define SPDM_BIN_STR_4_LABEL "rsp app data"
1183#define SPDM_BIN_STR_5_LABEL "key"
1184#define SPDM_BIN_STR_6_LABEL "iv"
1185#define SPDM_BIN_STR_7_LABEL "finished"
1186#define SPDM_BIN_STR_8_LABEL "exp master"
1187#define SPDM_BIN_STR_9_LABEL "traffic upd"
1188
1189/**
1190 * The maximum amount of time in microseconds the Responder has to provide a response
1191 * to requests that do not require cryptographic processing.
1192 **/
1193#define SPDM_ST1_VALUE_US 100000
1194
1195/* id-DMTF 1.3.6.1.4.1.412 */
1196#define SPDM_OID_DMTF \
1197 { /*0x06, 0x07,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C }
1198/* id-DMTF-spdm, { id-DMTF 274 }, 1.3.6.1.4.1.412.274 */
1199#define SPDM_OID_DMTF_SPDM \
1200 { /*0x06, 0x09,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12 }
1201/* id-DMTF-device-info, { id-DMTF-spdm 1 }, 1.3.6.1.4.1.412.274.1 */
1202#define SPDM_OID_DMTF_DEVICE_INFO \
1203 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x01 }
1204/* id-DMTF-hardware-identity, { id-DMTF-spdm 2 }, 1.3.6.1.4.1.412.274.2 */
1205#define SPDM_OID_DMTF_HARDWARE_IDENTITY \
1206 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x02 }
1207/* id-DMTF-eku-responder-auth, { id-DMTF-spdm 3 }, 1.3.6.1.4.1.412.274.3 */
1208#define SPDM_OID_DMTF_EKU_RESPONDER_AUTH \
1209 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x03 }
1210/* id-DMTF-eku-requester-auth, { id-DMTF-spdm 4 }, 1.3.6.1.4.1.412.274.4 */
1211#define SPDM_OID_DMTF_EKU_REQUESTER_AUTH \
1212 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04 }
1213/* id-DMTF-mutable-certificate, { id-DMTF-spdm 5 }, 1.3.6.1.4.1.412.274.5 */
1214#define SPDM_OID_DMTF_MUTABLE_CERTIFICATE \
1215 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x05 }
1216/* id-DMTF-SPDM-extension, { id-DMTF-spdm 6 }, 1.3.6.1.4.1.412.274.6 */
1217#define SPDM_OID_DMTF_SPDM_EXTENSION \
1218 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x06 }
1219
1220/* DMTF Event Type IDs */
1221#define SPDM_DMTF_EVENT_TYPE_EVENT_LOST 1
1222#define SPDM_DMTF_EVENT_TYPE_MEASUREMENT_CHANGED 2
1223#define SPDM_DMTF_EVENT_TYPE_MEASUREMENT_PRE_UPDATE 3
1224#define SPDM_DMTF_EVENT_TYPE_CERTIFICATE_CHANGED 4
1225
1226#endif /* SPDM_H */