eRPMC Implementation

Firmware support for RPMC is added in an EC device.

The RPMC commands are implemented as OOB (Tunneled SMBus) Messages (Ref [2]). These messages include SMBus Management Component Transport Protocol (MCTP) packets.

Communication over the eSPI OOB channel is with firmware in the Intel PCH’s CSME microcontroller. 

The ME controller will issue commands to the EC device as SMBus packets tunneled through eSPI as Out-Of-Band (OOB) messages.

• The entire SMBus packet including the SMBus Slave Address, SMBus Command Opcode, SMBus Byte Count, SMBus Data fields and optional PEC byte are sent as data within the eSPI OOB message packet
• The SMBus Data fields include SMBus Management Component Transport Protocol (MCTP) packets
• The RPMC commands are sent as data within the MCTP Data fields in the eSPI OOB message packet.

The OOB packets use SMBus addressing to specify the endpoints of communication.

The EC device will respond to the RPMC commands contained in the eSPI OOB packets with eSPI OOB response packets containing status or status and data, depending on the RPMC command received.

The following commands are supported over the OOB channel (Ref [1]):

• RPMC Write Root Key Register
• RPMC Update HMAC Key Register
• RPMC Increment Monotonic Counter
• RPMC Request Monotonic Counter
• Read RPMC Parameters
• The RPMC Read Data is not required since the status is returned in response to each command and both status and counter data is returned as a response to the RPMC Request Monotonic Counter command.

The root key must be stored in internal secure nonvolatile storage such as EEPROM. Size is 256 bits.

The HMAC Key is stored in HMAC Key Register(s)/RAM/NVRAM. Size is 256 bits per HMAC key per counter. HMAC keys get invalidated at each power cycle.

The device supports minimum 4 to 256 monotonic counters and can be extended to support more as the platform RPMC counter needs evolve.

The number of supported monotonic counters will be returned as a response to the “Read RPMC Parameters” command.

The commands support RPMC implemented in firmware in the EC device as well as passing commands to one or multiple RPMC SPI flash devices. Supports up to three devices including EC as RPMC device. RPMC Authenticated Commands

Certain types of attacks can be detected by using monotonic counter values in the platform. RPMC implements authenticated commands to the protect monotonic counters. The authenticated commands require the following:

• A Root key programmed into the device during manufacturing
• An HMAC key derived from the Root Key at run time. HMAC keys gets invalidated at each power cycle.

The following commands are supported:

• Command to write 256 bit “Root Key”.
  • The root key is stored in secure internal non-volatile memory and is not readable from outside. This includes test modes. A non “0FF..FF” root key is programmed only one-time during system manufacturing.
  • When this request is received error-free only the corresponding Monotonic Counter is initialized to 0 if previously uninitialized. This state is used to leave the monotonic counters at the current value when a subsequent error free Root Key Register Write operation is received. (Both 256’HFF..FF and non 256’HFF..FF)
• Authenticated commands/responses are signed using the “HMAC Key”. The signature is verified using HMAC-SHA-256.
  • The HMAC key is stored inside the device and is not readable including via test modes.
• Authenticated “HMAC key update command” to derive a 256-bit HMAC key. The HMAC key is derived from the Root Key and Key data supplied during the command using HMAC-SHA-256. This command performs two HMAC-SHA-256 operations: one to derive the HMAC key and one to verify the signature.
• Authenticated commands to support following monotonic counter operations:
  • Increment counter
  • Read counter
• There is no mechanism to circumvent Authenticated commands including via test modes.Note:Recommendation is EC to complete all eRPMC commands within 50ms to reduce and boot time impact; must complete within a max of 100ms.