RPMC Support Using eSPI OOB (eRPMC)
Architecture Specification
Update HMAC Key Register
This command is used to update the HMAC-Key register corresponding to the received Counter Address with a new HMAC key calculated based on received input.
This command is issued on every power cycle event. This HMAC key is stored in volatile memory.
RPMC Update HMAC Key Register OOB Command:
Byte # | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||||
0 | eSPI Cycle Type: OOB Message=21h | ||||||||||||
1 | Tag[3:0]=0h | Length[11:8]=0h | |||||||||||
2 | Length[7:0]=32h | ||||||||||||
3 | Dest Slave Addr[7:1]=07h | 0 | |||||||||||
4 | Command Code = 0Fh | ||||||||||||
5 | Byte Count=2Fh | ||||||||||||
6 | Source Slave Address[7:1]= 08h | 1 | |||||||||||
7 | MCTP Reserved=0h | Header Version | |||||||||||
8 | Destination Endpoint ID | ||||||||||||
9 | Source Endpoint ID | ||||||||||||
10 | SOM | EOM | Packet Seq # | TO | Message Tag | ||||||||
11 | IC | Message Type=7Dh | |||||||||||
12 | RPMC Device | ||||||||||||
13 | Opcode = 9Bh | ||||||||||||
14 | Cmd Type = 01h | ||||||||||||
15 | Counter Addr[7:0] | ||||||||||||
16 | Rsvd=00h | ||||||||||||
17 | Key Data[31:24] | ||||||||||||
… | … | ||||||||||||
20 | Key Data[7:0] | ||||||||||||
21 | Signature[255:248] | ||||||||||||
… | … | ||||||||||||
52 | Signature[7:0] | ||||||||||||
Response:
Byte # | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||||
0 | eSPI Cycle Type: OOB Message=21h | ||||||||||||
1 | Tag[3:0]=0h | Length[11:8]=0h | |||||||||||
2 | Length[7:0]=0Ch | ||||||||||||
3 | Dest Slave Addr[7:1]=08h | 0 | |||||||||||
4 | Command Code=0Fh | ||||||||||||
5 | Byte Count=09h | ||||||||||||
6 | Source Slave Address[7:1]= 07h | 1 | |||||||||||
7 | MCTP Reserved=0h | Header Version | |||||||||||
8 | Destination Endpoint ID | ||||||||||||
9 | Source Endpoint ID | ||||||||||||
10 | SOM | EOM | Packet Seq # | TO | Message Tag | ||||||||
11 | IC | Message Type=7Dh | |||||||||||
12 | RPMC Device | ||||||||||||
13 | Counter Addr[7:0] | ||||||||||||
14 | Extended Status[7:0] | ||||||||||||
After the command is issued, the device ensures that the received transaction is error free. This includes checking following conditions:
- RPMC message payload size is correct (including OP1 = 40 bytes)
- Counter Address falls within the range of supported counters.
- The Monotonic Counter corresponding to the requested Counter Address was previously initialized.
- Signature matches the HMAC-SHA-256 based signature computed based on received input parameters. This command performs two HMAC-SHA-256 operations.
- HMAC-SHA-256 Operation 1 Output = HMAC_Storage[255:0]
- HMAC Message[31:0] = KeyData[31:0]
- HMAC Key[255:0] = Root_Key_Register[CounterAddr][255:0]
- HMAC-SHA-256 Operation 2 Output = HMAC-SHA-256 based signature[255:0]
- HMAC message[63:0] = (OpCode[7:0],CmdType[7:0].CounterAddr[7:0].Reserved[7:0], KeyData[31:0])
- HMAC Key[255:0] = HMAC_Storage[255:0]
- HMAC-SHA-256 Operation 1 Output = HMAC_Storage[255:0]
If the received transaction is error free the device successfully executes the command and posts “successful completion” extended status.
If the received transaction has errors, the device does not execute the transaction and posts the corresponding error in extended status.
Expected Extended Status [7:0] results:
Extended Status [7:0] | Applicable CmdType(s) | Description |
10000000 | 01h | This status is set on successful completion (no errors) of OP1 command. |
0XXXXXX1 | 01h | N/A. This bit cannot be read as 1. |
0XXXXX1X | 01h | This bit is set only when the correct payload size is received. This bit is set when the corresponding monotonic counter is uninitialized |
0XXXX1XX | 01h | This bit is set on Signature Mismatch, Counter Address out of range when correct payload size is received; or CmdType is out of range; or incorrect payload size is received. |
Flow Diagram for Command:
Figure 3-2. Update HMAC Key