RPMC Support Using eSPI OOB (eRPMC)
Architecture Specification
Write Root Key Register
This command is used to initialize the Root Key Register corresponding to the received Counter Address with the received Root Key. It is expected to be used in an OEM manufacturing environment.
RPMC Write Root Key Register OOB Command (all Payload Bytes):
Byte # | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
0 | eSPI Cycle Type: OOB Message=21h | |||||||||||
1 | Tag[3:0]=0h | Length[11:8]=0h | ||||||||||
2 | Length[7:0]=4Ah | |||||||||||
3 | Dest Slave Addr[7:1]=07h (eSPI Slave/EC) | 0 | ||||||||||
4 | Command Code = 0Fh | |||||||||||
5 | Byte Count=47h | |||||||||||
6 | Source Slave Address[7:1]= 08h (PCH) | 1 | ||||||||||
7 | MCTP Reserved=0h | Header Version | ||||||||||
8 | Destination Endpoint ID | |||||||||||
9 | Source Endpoint ID | |||||||||||
10 | SOM | EOM | Packet Seq # | TO | Message Tag | |||||||
11 | IC | Message Type=7Dh | ||||||||||
12 | RPMC Device | |||||||||||
13 | Opcode = 9Bh | |||||||||||
14 | Cmd Type = 00h | |||||||||||
15 | Counter Addr[7:0] | |||||||||||
16 | Rsvd=00h | |||||||||||
17 | Root Key[255:248] | |||||||||||
… | … | |||||||||||
48 | Root Key[7:0] | |||||||||||
49 | TruncatedSignature[223:216] | |||||||||||
… | … | |||||||||||
74 | TruncatedSignature[23:16] | |||||||||||
75 | TruncatedSignature[15:8] (In second message, see below) | |||||||||||
76 | TruncatedSignature[7:0] (In second message, see below) | |||||||||||
Since the number of bytes in the MCTP payload of this message is greater than 64, it will be sent in two messages as follows:RPMC Write Root Key Register OOB Command, First Message:
Byte # | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
0 | eSPI Cycle Type: OOB Message=21h | |||||||||||
1 | Tag[3:0]=0h | Length[11:8]=0h | ||||||||||
2 | Length[7:0]=48h | |||||||||||
3 | Dest Slave Addr[7:1]=07h (eSPI Slave/EC) | 0 | ||||||||||
4 | Command Code = 0Fh | |||||||||||
5 | Byte Count=45h | |||||||||||
6 | Source Slave Address[7:1]= 08h (PCH) | 1 | ||||||||||
7 | MCTP Reserved=0h | Header Version | ||||||||||
8 | Destination Endpoint ID | |||||||||||
9 | Source Endpoint ID | |||||||||||
10 | SOM=1b | EOM=0b | Packet Seq #=00b | TO | Message Tag | |||||||
11 | IC | Message Type=7Dh | ||||||||||
12 | RPMC Device | |||||||||||
13 | Opcode = 9Bh | |||||||||||
12 | Cmd Type = 00h | |||||||||||
13 | Counter Addr[7:0] | |||||||||||
14 | Rsvd=00h | |||||||||||
15 | Root Key[255:248] | |||||||||||
… | … | |||||||||||
46 | Root Key[7:0] | |||||||||||
47 | TruncatedSignature[223:216] | |||||||||||
… | … | |||||||||||
72 | TruncatedSignature[23:16] | |||||||||||
RPMC Write Root Key Register OOB Command, Second Message:
Byte # | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
0 | eSPI Cycle Type: OOB Message=21h | |||||||||||
1 | Tag[3:0]=0h | Length[11:8]=0h | ||||||||||
2 | Length[7:0]=0Bh | |||||||||||
3 | Dest Slave Addr[7:1]=07h (eSPI Slave/EC) | 0 | ||||||||||
4 | Command Code = 0Fh | |||||||||||
5 | Byte Count=08h | |||||||||||
6 | Source Slave Address[7:1]= 08h (PCH) | 1 | ||||||||||
7 | MCTP Reserved=0h | Header Version | ||||||||||
8 | Destination Endpoint ID | |||||||||||
9 | Source Endpoint ID | |||||||||||
10 | SOM=0b | EOM=1b | Packet Seq #=01b | TO | Message Tag | |||||||
11 | IC | Message Type=7Dh | ||||||||||
12 | TruncatedSignature[15:8] | |||||||||||
13 | TruncatedSignature[7:0] | |||||||||||
Response:
Byte # | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||||
0 | eSPI Cycle Type: OOB Message=21h | ||||||||||||
1 | Tag[3:0]=0h | Length[11:8]=0h | |||||||||||
2 | Length[7:0]=0Ch | ||||||||||||
3 | Dest Slave Addr[7:1]=08h | 0 | |||||||||||
4 | Command Code = 0Fh | ||||||||||||
5 | Byte Count=09h | ||||||||||||
6 | Source Slave Address[7:1]= 07h | 1 | |||||||||||
7 | MCTP Reserved=0h | Header Version | |||||||||||
8 | Destination Endpoint ID | ||||||||||||
9 | Source Endpoint ID | ||||||||||||
10 | SOM | EOM | Packet Seq # | TO | Message Tag | ||||||||
11 | IC | Message Type=7Dh | |||||||||||
12 | RPMC Device | ||||||||||||
13 | Counter Addr[7:0] | ||||||||||||
14 | Extended Status[7:0] | ||||||||||||
After the command is issued, the device ensures that the received transaction is error free. This includes checking following conditions:
- RPMC message payload size is correct (including OP1 is 64 bytes)
- Counter Address falls within the range of supported counters.
- The Root Key Register corresponding to the requested Counter Address was previously uninitialized or initialized using a test/temporary key.
- Truncated signature field is the same as least significant 224 bits of HMAC-SHA- 256 based signature computed based on received input parameters:
- HMAC message[31:0] = (OpCode[7:0], CmdType[7:0], CounterAddr[7:0], Reserved[7:0])
- HMAC Key[255:0] = Root_Key[255:0]
If the received transaction is error free the device successfully executes the command and posts “successful completion” extended status. This command is executed to ensure that power cycling in the middle of command execution is properly handled. This requires that the internal state tracking the root key register initialization is written as the last operation of the command execution (Ref [1]).
Root Key Register Write with root key is = 256’HFF…FF is used as a temporary key. When this request is received error-free only the corresponding Monotonic Counter is initialized to 0 if previously uninitialized. This state is used to leave the monotonic counters at the current value when a subsequent error free Root Key Register Write operation is received. (Both 256’HFF..FF and non 256’HFF..FF)
Once this command is successfully executed with a non 256’hFF..FF Root Key, the device will not accept the “Write Root Key Register” command any more, and the Root Key value cannot be read out by any instructions.
If the received transaction has errors, the device does not execute the transaction and posts the corresponding error in extended status.
Expected Extended Status [7:0] results:
Extended Status [7:0] | Applicable CmdType(s) | Description |
10000000 | 00h | Successful completion |
0XXXXXX1 | 00h | N/A. This bit cannot be read as 1. |
0XXXXX1X | 00h | This bit is only set when correct payload size is received. It is set on Root Key Register Overwrite or Counter Address is out of range or when there is a truncated signature mismatch error |
0XXXX1XX | 00h | This bit is set on Counter Address out of range when correct payload size is received; or CmdType is out of range; or incorrect payload size is received. |
Flow Diagram for Command:
Figure 3-2. Write Root Key