Intel® Core™ Ultra 200H and 200U Series Processors

Datasheet, Volume 1 of 2

ID Date Version Classification
842704 05/27/2025 Public
Document Table of Contents
Document Table of Contents
Legal Disclaimer Revision History Introduction Processor and Device IDs Package Mechanical Specifications Memory Mapping Security Technologies Intel® Virtualization Technology (Intel® VT) Platform Environmental Control Interface (PECI) Intel® GMM and Neural Network Accelerator (Intel® GNA 3.0) Intel® Image Processing Unit (Intel® IPU6) Intel® Neural Processing Unit (Intel® NPU) Audio Voice and Speech Power Management Power Delivery Electrical Specifications Thermal Management System Clocks Real Time Clock (RTC) Memory USB Type-C* Sub System Universal Serial Bus (USB) Intel® Volume Management Device (Intel® VMD) Technology PCI Express* (PCIe*) Serial ATA (SATA) Graphics Display Processor Sideband Signals General Purpose Input and Output Interrupt Timer Subsystem (ITSS) GPIO Serial Expander Intel® Serial I/O Inter-Integrated Circuit (I2C) Controllers Intel® Serial I/O Improved Inter-Integrated Circuit (I3C) Controllers Gigabit Ethernet Controller Connectivity Integrated (CNVi) Controller Link Integrated Sensor Hub (ISH) System Management Interface and SMLink Host System Management Bus (SMBus) Controller Serial Peripheral Interface (SPI) Enhanced Serial Peripheral Interface (eSPI) Intel® Serial IO Generic SPI (GSPI) Controllers Touch Host Controller (THC) Intel® Serial I/O Universal Asynchronous Receiver/Transmitter (UART) Controllers Private Configuration Space Port ID Testability and Monitoring Miscellaneous Signals
Legal Disclaimer
Revision History
Introduction
Introduction Processor Volatility Statement Package Support Supported Technologies Power Management Support Thermal Management Support Ballout Information Processor Testability Operating Systems Support Terminology and Special Marks Flexible High Speed I/O Related Documents
Processor Volatility Statement
Package Support
Supported Technologies
Supported Technologies API Support (Windows*) Firmware Resiliency
API Support (Windows*)
Firmware Resiliency
Power Management Support
Power Management Support Processor Core Power Management System Power Management Memory Controller Power Management Processor Graphics Power Management
Processor Core Power Management
System Power Management
Memory Controller Power Management
Processor Graphics Power Management
Thermal Management Support
Ballout Information
Processor Testability
Operating Systems Support
Terminology and Special Marks
Flexible High Speed I/O
Flexible High Speed I/O Processor-U Processor-H
Processor-U
Processor-H
Related Documents
Processor and Device IDs
Processor and Device IDs CPUID PCI Configuration Header Device IDs Revision IDs
CPUID
PCI Configuration Header
Device IDs
Revision IDs
Package Mechanical Specifications
Package Mechanical Specifications Package Mechanical Attributes Package Loading and Tile Pressure Specifications Package Storage Specifications
Package Mechanical Attributes
Package Loading and Tile Pressure Specifications
Package Loading and Tile Pressure Specifications Static Compressive Load Specification Maximum Pressure Specifications
Static Compressive Load Specification
Maximum Pressure Specifications
Package Storage Specifications
Memory Mapping
Memory Mapping Functional Description Memory Map
Functional Description
PCI Devices and Functions Fixed I/O Address Ranges Variable I/O Decode Ranges
PCI Devices and Functions
Fixed I/O Address Ranges
Variable I/O Decode Ranges
Memory Map
Memory Map Boot Block Update Scheme
Boot Block Update Scheme
Security Technologies
Security Technologies Intel® Converged Boot Guard and Intel® TXT Crypto Acceleration Instructions Intel® Secure Key Execute Disable Bit Intel® Supervisor Mode Execution Prevention (Intel® SMEP) Intel® Supervisor Mode Access Prevention (Intel® SMAP) User Mode Instruction Prevention (UMIP) Read Processor ID (RDPID) Intel® Total Memory Encryption - Multi-Key Control-flow Enforcement Technology (Intel® CET) Intel® System Resources Defense and Intel® System Security Report BIOS Guard Intel® Platform Trust Technology Linear Address Space Separation (LASS) Security Firmware Engines
Intel® Converged Boot Guard and Intel® TXT
Crypto Acceleration Instructions
Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) Perform Carry-Less Multiplication Quad Word Instruction (PCLMULQDQ) Intel® Secure Hash Algorithm Extensions (Intel® SHA Extensions) New Cryptographic Acceleration Instructions
Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI)
Perform Carry-Less Multiplication Quad Word Instruction (PCLMULQDQ)
Intel® Secure Hash Algorithm Extensions (Intel® SHA Extensions)
New Cryptographic Acceleration Instructions
Intel® Secure Key
Execute Disable Bit
Intel® Supervisor Mode Execution Prevention (Intel® SMEP)
Intel® Supervisor Mode Access Prevention (Intel® SMAP)
User Mode Instruction Prevention (UMIP)
Read Processor ID (RDPID)
Intel® Total Memory Encryption - Multi-Key
Control-flow Enforcement Technology (Intel® CET)
Control-flow Enforcement Technology (Intel® CET) Shadow Stack Indirect Branch Tracking
Shadow Stack
Indirect Branch Tracking
Intel® System Resources Defense and Intel® System Security Report
BIOS Guard
Intel® Platform Trust Technology
Linear Address Space Separation (LASS)
Security Firmware Engines
Intel® Converged Security and Management Engine (Intel® CSME) Intel® Silicon Security Engine Intel® Graphics System Controller (Intel® GSC)
Intel® Converged Security and Management Engine (Intel® CSME)
Intel® Silicon Security Engine
Intel® Graphics System Controller (Intel® GSC)
Intel® Virtualization Technology (Intel® VT)
Intel® Virtualization Technology (Intel® VT) Intel® Virtualization Technology (Intel® VT) for Intel® 64 and Intel® Architecture (Intel® VT-x) Intel® Virtualization Technology (Intel® VT) for Directed I/O (Intel® VT-d) Intel® APIC Virtualization Technology (Intel® APICv)
Intel® Virtualization Technology (Intel® VT) for Intel® 64 and Intel® Architecture (Intel® VT-x)
Intel® Virtualization Technology (Intel® VT) for Directed I/O (Intel® VT-d)
Intel® APIC Virtualization Technology (Intel® APICv)
Platform Environmental Control Interface (PECI)
Platform Environmental Control Interface (PECI) PECI Bus Architecture
PECI Bus Architecture
Intel® GMM and Neural Network Accelerator (Intel® GNA 3.0)
Intel® Image Processing Unit (Intel® IPU6)
Platform Imaging Infrastructure Intel® Image Processing Unit (Intel® IPU6) Camera/MIPI
Platform Imaging Infrastructure
Intel® Image Processing Unit (Intel® IPU6)
Camera/MIPI
Camera/MIPI Camera Pipe Support MIPI* CSI-2 Camera Interconnect
Camera Pipe Support
MIPI* CSI-2 Camera Interconnect
MIPI* CSI-2 Camera Interconnect Camera Control Logic Camera Modules MIPI* CSI-2 Interface Signals
Camera Control Logic
Camera Modules
MIPI* CSI-2 Interface Signals
Intel® Neural Processing Unit (Intel® NPU)
Intel® Neural Processing Unit (Intel® NPU) Functional Description
Functional Description
Functional Description Processor Subsystem NCE Subsystem
Processor Subsystem
NCE Subsystem
NCE Subsystem Some NCE Subsystem Features NCE Tile ACT-SHAVE
Some NCE Subsystem Features
NCE Tile
ACT-SHAVE
Audio Voice and Speech
Audio Voice and Speech Intel® High Definition Audio (Intel® HD Audio) Controller Capabilities Audio DSP Capabilities Intel® High Definition Audio Interface Capabilities Direct Attached Digital Microphone (PDM) Interface USB Audio Offload Support I2S / PCM Interface Intel® Display Audio Interface MIPI® SoundWire* Interface Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Intel® High Definition Audio (Intel® HD Audio) Controller Capabilities
Audio DSP Capabilities
Intel® High Definition Audio Interface Capabilities
Direct Attached Digital Microphone (PDM) Interface
USB Audio Offload Support
I2S / PCM Interface
Intel® Display Audio Interface
MIPI® SoundWire* Interface
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Power Management
Power Management System Power States, Advanced Configuration and Power Interface (ACPI) Legacy Power Management Support Functional Description Processor IA Core Power Management Processor Graphics Power Management TCSS Power State Power and Performance Technologies Deprecated Technology Power and Internal Signals
System Power States, Advanced Configuration and Power Interface (ACPI)
Legacy Power Management Support
ALT Access Mode Legacy Power Management Theory of Operation
ALT Access Mode
Legacy Power Management Theory of Operation
Functional Description
Features Power Saving Features SMI#/SCI Generation Sleep States Event Input Signals and Their Usage System Power Supplies, Planes, and Signals Reset Behavior
Features
Power Saving Features
SMI#/SCI Generation
Sleep States
Event Input Signals and Their Usage
System Power Supplies, Planes, and Signals
Reset Behavior
Processor IA Core Power Management
Processor IA Core Power Management OS/HW Controlled P-states Low Power Idle States Requesting the Low-Power Idle States Processor IA Core C-State Rules Package C-States Package C-States and Display Resolutions
OS/HW Controlled P-states
Enhanced Intel SpeedStep® Technology Intel® Speed Shift Technology
Enhanced Intel SpeedStep® Technology
Intel® Speed Shift Technology
Low Power Idle States
Requesting the Low-Power Idle States
Processor IA Core C-State Rules
Package C-States
Package C-States and Display Resolutions
Processor Graphics Power Management
Processor Graphics Power Management Memory Power Savings Technologies Display Power Savings Technologies Processor Graphics Core Power Savings Technologies
Memory Power Savings Technologies
Display Power Savings Technologies
Processor Graphics Core Power Savings Technologies
TCSS Power State
Power and Performance Technologies
Power and Performance Technologies Intel® Thread Director Intel® Smart Cache Technology P-core, E-core, and LP E-core Level 0, Level 1 and Level 2 Caches Ring Interconnect Intel® Hybrid Technology Intel® Hyper-Threading Technology Intel® Turbo Boost Technology 2.0 Intel® Turbo Boost Max Technology 3.0 Intel® Adaptive Boost Technology Intel System Agent Enhanced SpeedStep ® Technology Enhanced Intel SpeedStep® Technology Intel® Speed Shift Technology Intel® Advanced Vector Extensions 2 (Intel® AVX2) Intel® 64 Architecture x2APIC Intel® Dynamic Tuning Technology (Intel® DTT) Cache Line Write Back (CLWB) User Mode Wait Instructions
Intel® Thread Director
Intel® Smart Cache Technology
P-core, E-core, and LP E-core Level 0, Level 1 and Level 2 Caches
Ring Interconnect
Intel® Hybrid Technology
Intel® Hyper-Threading Technology
Intel® Turbo Boost Technology 2.0
Intel® Turbo Boost Technology 2.0 Intel® Turbo Boost Technology 2.0 Power Monitoring Intel® Turbo Boost Technology 2.0 Power Control Intel® Turbo Boost Technology 2.0 Frequency
Intel® Turbo Boost Technology 2.0 Power Monitoring
Intel® Turbo Boost Technology 2.0 Power Control
Intel® Turbo Boost Technology 2.0 Frequency
Intel® Turbo Boost Max Technology 3.0
Intel® Adaptive Boost Technology
Intel System Agent Enhanced SpeedStep ® Technology
Enhanced Intel SpeedStep® Technology
Intel® Speed Shift Technology
Intel® Advanced Vector Extensions 2 (Intel® AVX2)
Intel® Advanced Vector Extensions 2 (Intel® AVX2) Intel® AVX2 Vector Neural Network Instructions (AVX2 VNNI)
Intel® AVX2 Vector Neural Network Instructions (AVX2 VNNI)
Intel® 64 Architecture x2APIC
Intel® Dynamic Tuning Technology (Intel® DTT)
Cache Line Write Back (CLWB)
User Mode Wait Instructions
Deprecated Technology
Power and Internal Signals
Signal Description Power Sequencing Signals Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Signal Description
Power Sequencing Signals
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Power Delivery
Power and Ground Signals Digital Linear Voltage Regulator (DLVR) Fast V-Mode (FVM) Current Excursion Protection (CEP) Reactive PL4 with PL4 Boost
Power and Ground Signals
Digital Linear Voltage Regulator (DLVR)
Fast V-Mode (FVM)
Current Excursion Protection (CEP)
Reactive PL4 with PL4 Boost
Electrical Specifications
Thermal Management
Thermal Management Processor Thermal Management Processor Base Power Thermal and Power Specifications Processor Thermal and Power Specifications Error and Thermal Protection Signals Thermal Sensor
Processor Thermal Management
Processor Thermal Management Thermal Considerations Thermal Management Features Assured Power (cTDP) Intel® Memory Thermal Management
Thermal Considerations
Thermal Considerations Package Power Control Platform Power Control Turbo Time Parameter (Tau)
Package Power Control
Platform Power Control
Turbo Time Parameter (Tau)
Thermal Management Features
Thermal Management Features Adaptive Thermal Monitor Digital Thermal Sensor PROCHOT# Signals PROCHOT Output Only Bi-Directional PROCHOT# PROCHOT Demotion Voltage Regulator Protection using PROCHOT# Thermal Solution Design and PROCHOT# Behavior Low-Power States and PROCHOT# Behavior THERMTRIP# Signal Critical Temperature Detection Software Controlled Clock Modulation (On-Demand Mode)
Adaptive Thermal Monitor
Digital Thermal Sensor
PROCHOT# Signals
PROCHOT Output Only
Bi-Directional PROCHOT#
PROCHOT Demotion
Voltage Regulator Protection using PROCHOT#
Thermal Solution Design and PROCHOT# Behavior
Low-Power States and PROCHOT# Behavior
THERMTRIP# Signal
Critical Temperature Detection
Software Controlled Clock Modulation (On-Demand Mode)
Assured Power (cTDP)
Assured Power (cTDP) Assured Power (cTDP) Modes Low Power Mode
Assured Power (cTDP) Modes
Low Power Mode
Intel® Memory Thermal Management
Processor Base Power Thermal and Power Specifications
Processor Thermal and Power Specifications
Error and Thermal Protection Signals
Thermal Sensor
Thermal Sensor Modes of Operation Temperature Trip Point Thermal Sensor Accuracy (Taccuracy) Thermal Reporting to EC Thermal Trip Signal (SOCHOT#)
Modes of Operation
Temperature Trip Point
Thermal Sensor Accuracy (Taccuracy)
Thermal Reporting to EC
Thermal Trip Signal (SOCHOT#)
System Clocks
System Clocks Integrated Clock Controller (ICC) I/O Signal Pin States Clock Topology
Integrated Clock Controller (ICC)
Integrated Clock Controller (ICC) Signal Description
Signal Description
I/O Signal Pin States
Clock Topology
Clock Topology Integrated Reference Clock PLL
Integrated Reference Clock PLL
Real Time Clock (RTC)
Real Time Clock (RTC) Signal Description I/O Signal Planes and States
Signal Description
I/O Signal Planes and States
Memory
Memory System Memory Interface Integrated Memory Controller (IMC) Power Management Signal Description
System Memory Interface
System Memory Interface Processor SKU Support Matrix Supported Memory Modules and Devices System Memory Timing Support Memory Controller (MC) System Memory Controller Organization Mode System Memory Frequency Technology Enhancements of Intel® Fast Memory Access (Intel® FMA) Data Scrambling Data Swapping LPDDR5/x CMD/ADD Ascending and Descending DDR I/O Interleaving DRAM Clock Generation DRAM Reference Voltage Generation Data Swizzling Error Correction With Standard RAM Post Package Repair (PPR)
Processor SKU Support Matrix
Supported Memory Modules and Devices
System Memory Timing Support
System Memory Timing Support SAGV Points
SAGV Points
Memory Controller (MC)
System Memory Controller Organization Mode
System Memory Frequency
Technology Enhancements of Intel® Fast Memory Access (Intel® FMA)
Data Scrambling
Data Swapping
LPDDR5/x CMD/ADD Ascending and Descending
DDR I/O Interleaving
DRAM Clock Generation
DRAM Reference Voltage Generation
Data Swizzling
Error Correction With Standard RAM
Post Package Repair (PPR)
Integrated Memory Controller (IMC) Power Management
Integrated Memory Controller (IMC) Power Management Disabling Unused System Memory Outputs DRAM Power Management and Initialization DDR Electrical Power Gating Power Training
Disabling Unused System Memory Outputs
DRAM Power Management and Initialization
DRAM Power Management and Initialization Conditional Self-Refresh Dynamic Power-Down DRAM I/O Power Management
Conditional Self-Refresh
Dynamic Power-Down
DRAM I/O Power Management
DDR Electrical Power Gating
Power Training
Signal Description
USB Type-C* Sub System
USB Type-C* Sub System General Capabilities USB4* Router xHCI/xDCI Controllers Display Interface USB Type-C Signals AUX BIAS Control
General Capabilities
USB4* Router
USB4* Router USB4 Host Router Implementation Capabilities
USB4 Host Router Implementation Capabilities
xHCI/xDCI Controllers
xHCI/xDCI Controllers USB 3 Controllers PCIe Interface
USB 3 Controllers
USB 3 Controllers Extensible Host Controller Interface (xHCI) Extensible Device Controller Interface (xDCI)
Extensible Host Controller Interface (xHCI)
Extensible Device Controller Interface (xDCI)
PCIe Interface
Display Interface
USB Type-C Signals
AUX BIAS Control
Universal Serial Bus (USB)
Universal Serial Bus (USB) Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States Supported USB 2.0 Ports
Functional Description
eXtensible Host Controller Interface (xHCI) Controller USB Dual Role Support - eXtensible Device Controller Interface (xDCI) Controller
eXtensible Host Controller Interface (xHCI) Controller
USB Dual Role Support - eXtensible Device Controller Interface (xDCI) Controller
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Supported USB 2.0 Ports
Intel® Volume Management Device (Intel® VMD) Technology
PCI Express* (PCIe*)
PCI Express* (PCIe*) Functional Description Signal Description I/O Signal Planes and States PCI Express* Root Port Support Feature Details
Functional Description
Functional Description PCI Express* Power Management Port 80h Decode Separate Reference Clock with Independent SSC (SRIS) Advanced Error Reporting Single - Root I/O Virtualization (SR - IOV) PCI Express* Receiver Lane Polarity Inversion Precision Time Measurement (PTM)
PCI Express* Power Management
Port 80h Decode
Separate Reference Clock with Independent SSC (SRIS)
Advanced Error Reporting
Single - Root I/O Virtualization (SR - IOV)
PCI Express* Receiver Lane Polarity Inversion
Precision Time Measurement (PTM)
Signal Description
I/O Signal Planes and States
PCI Express* Root Port Support Feature Details
Serial ATA (SATA)
Serial ATA (SATA) Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Functional Description Features Supported SATA 6 Gb/s Support Hot Plug Operation Intel® Rapid Storage Technology (Intel® RST) Power Management Operation SATA Device Presence SATA LED Advanced Host Controller Interface (AHCI) Operation
Features Supported
SATA 6 Gb/s Support
Hot Plug Operation
Intel® Rapid Storage Technology (Intel® RST)
Power Management Operation
SATA Device Presence
SATA LED
Advanced Host Controller Interface (AHCI) Operation
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Graphics
Graphics Processor Graphics Platform Graphics Hardware Feature
Processor Graphics
Processor Graphics Media Support (Intel® QuickSync and Clear Video Technology HD) Graphics Core Cache
Media Support (Intel® QuickSync and Clear Video Technology HD)
Media Support (Intel® QuickSync and Clear Video Technology HD) Hardware Accelerated Video Decode Hardware Accelerated Video Encode Hardware Accelerated Video Processing Hardware Accelerated Transcoding
Hardware Accelerated Video Decode
Hardware Accelerated Video Encode
Hardware Accelerated Video Processing
Hardware Accelerated Transcoding
Graphics Core Cache
Platform Graphics Hardware Feature
Platform Graphics Hardware Feature Hybrid Graphics
Hybrid Graphics
Display
Display Display Technologies Support Display Interfaces Display Features
Display Technologies Support
Display Interfaces
Display Interfaces Digital Display Interface DDI Signals Digital Display Interface TCP Signals
Digital Display Interface DDI Signals
Digital Display Interface TCP Signals
Display Features
Display Features General Capabilities Multiple Display Configurations High-bandwidth Digital Content Protection (HDCP) DisplayPort* High-Definition Multimedia Interface (HDMI*) embedded DisplayPort* (eDP*) Integrated Audio
General Capabilities
Multiple Display Configurations
High-bandwidth Digital Content Protection (HDCP)
DisplayPort*
DisplayPort* Multi-Stream Transport (MST)
Multi-Stream Transport (MST)
High-Definition Multimedia Interface (HDMI*)
embedded DisplayPort* (eDP*)
Integrated Audio
Processor Sideband Signals
Processor Sideband Signals Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
General Purpose Input and Output
General Purpose Input and Output Functional Description Signal Description
Functional Description
Functional Description Interrupt / IRQ via GPIO Requirement Integrated Pull-ups and Pull-downs SCI / SMI# and NMI Timed GPIO GPIO Blink (BK) and Serial Blink (SBK) GPIO Ownership Native Function and TERM Bit Setting
Interrupt / IRQ via GPIO Requirement
Integrated Pull-ups and Pull-downs
SCI / SMI# and NMI
Timed GPIO
GPIO Blink (BK) and Serial Blink (SBK)
GPIO Ownership
Native Function and TERM Bit Setting
Signal Description
Interrupt Timer Subsystem (ITSS)
Interrupt Timer Subsystem (ITSS) Feature Overview Functional Description
Feature Overview
Functional Description
Functional Description 8254 Timers APIC Advanced Programmable Interrupt Controller High Precision Event Timer (HPET)
8254 Timers
8254 Timers Timer Programming Reading from Interval Timer
Timer Programming
Reading from Interval Timer
APIC Advanced Programmable Interrupt Controller
High Precision Event Timer (HPET)
High Precision Event Timer (HPET) Timer Accuracy Timer Off-load Periodic Versus Non-Periodic Modes Enabling the Timers Interrupt Levels
Timer Accuracy
Timer Off-load
Periodic Versus Non-Periodic Modes
Enabling the Timers
Interrupt Levels
GPIO Serial Expander
GPIO Serial Expander Functional Description Signal Description Integrated Pull-ups and Pull-downs
Functional Description
Signal Description
Integrated Pull-ups and Pull-downs
Intel® Serial I/O Inter-Integrated Circuit (I2C) Controllers
Intel® Serial I/O Inter-Integrated Circuit (I2C) Controllers Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Functional Description Protocols Overview DMA Controller Reset Power Management Interrupts Error Handling Programmable SDA Hold Time
Protocols Overview
DMA Controller
Reset
Power Management
Interrupts
Error Handling
Programmable SDA Hold Time
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Intel® Serial I/O Improved Inter-Integrated Circuit (I3C) Controllers
Intel® Serial I/O Improved Inter-Integrated Circuit (I3C) Controllers Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Reset Power Management Interrupts
Reset
Power Management
Interrupts
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Gigabit Ethernet Controller
Gigabit Ethernet Controller Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Functional Description GbE PCI Bus Interface Error Events and Error Reporting Ethernet Interface PCI Power Management
GbE PCI Bus Interface
Error Events and Error Reporting
Ethernet Interface
PCI Power Management
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Connectivity Integrated (CNVi)
Connectivity Integrated (CNVi) Functional Description Signal Description Integrated Pull-ups and Pull-downs I/O Signal Planes and States
Functional Description
Signal Description
Integrated Pull-ups and Pull-downs
I/O Signal Planes and States
Controller Link
Controller Link Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States External CL_RST# Pin Driven/Open-drained Mode Support
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
External CL_RST# Pin Driven/Open-drained Mode Support
Integrated Sensor Hub (ISH)
Integrated Sensor Hub (ISH) Features Functional Description Signal Description Integrated Pull-Ups and Pull-Down I/O Signal Planes and States
Features
ISH I2C Controllers ISH I3C Controllers ISH UART Controller ISH GSPI Controller ISH GPIOs
ISH I2C Controllers
ISH I3C Controllers
ISH UART Controller
ISH GSPI Controller
ISH GPIOs
Functional Description
Functional Description ISH Micro-Controller SRAM PCI Host Interface ISH IPC ISH Interrupt Handling via IOAPIC (Interrupt Controller)
ISH Micro-Controller
SRAM
PCI Host Interface
ISH IPC
ISH Interrupt Handling via IOAPIC (Interrupt Controller)
Signal Description
Integrated Pull-Ups and Pull-Down
I/O Signal Planes and States
System Management Interface and SMLink
System Management Interface and SMLink Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States System Management
Functional Description
Functional Description Integrated USB-C* Usage
Integrated USB-C* Usage
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
System Management
System Management Theory of Operation
Theory of Operation
Theory of Operation TCO Modes
TCO Modes
Host System Management Bus (SMBus) Controller
Host System Management Bus (SMBus) Controller Functional Description SMBus Power Gating Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Functional Description Host Controller SMBus Target Interface
Host Controller
SMBus Target Interface
SMBus Power Gating
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Serial Peripheral Interface (SPI)
Serial Peripheral Interface (SPI) Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
SPI0 for Flash SPI0 Support for TPM
SPI0 for Flash
SPI0 Support for TPM
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Enhanced Serial Peripheral Interface (eSPI)
Enhanced Serial Peripheral Interface (eSPI) Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Functional Description Operating Frequency WAIT States from eSPI device In-Band Link Reset Flash Sharing Mode PECI Over eSPI Multiple OOB processes Channels and Supported Transactions
Operating Frequency
WAIT States from eSPI device
In-Band Link Reset
Flash Sharing Mode
PECI Over eSPI
Multiple OOB processes
Channels and Supported Transactions
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Intel® Serial IO Generic SPI (GSPI) Controllers
Intel® Serial IO Generic SPI (GSPI) Controllers Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Functional Description Controller Overview DMA Controller Reset Power Management Interrupts Error Handling
Controller Overview
DMA Controller
Reset
Power Management
Interrupts
Error Handling
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Touch Host Controller (THC)
Touch Host Controller (THC) Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
Functional Description
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Intel® Serial I/O Universal Asynchronous Receiver/Transmitter (UART) Controllers
Intel® Serial I/O Universal Asynchronous Receiver/Transmitter (UART) Controllers Functional Description Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States LSx
Functional Description
UART Serial (RS-232) Protocols Overview 16550 8-bit Addressing - Debug Driver Compatibility DMA Controller Reset Power Management Interrupts Error Handling
UART Serial (RS-232) Protocols Overview
16550 8-bit Addressing - Debug Driver Compatibility
DMA Controller
Reset
Power Management
Interrupts
Error Handling
Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
LSx
LSx LSx Signal Description Integrated Pull-Ups and Pull-Downs I/O Signal Planes and States
LSx Signal Description
Integrated Pull-Ups and Pull-Downs
I/O Signal Planes and States
Private Configuration Space Port ID
Testability and Monitoring
Testability and Monitoring Signal Description Intel® Processor Trace I/O Signal Planes and States
Signal Description
Intel® Processor Trace
I/O Signal Planes and States
Miscellaneous Signals
Signal Description Integrated Pull-Ups and Pull-Downs Ground and Reserved Signals
Signal Description
Integrated Pull-Ups and Pull-Downs
Ground and Reserved Signals

SPI0 for Flash

The Serial Peripheral Interface (SPI0) supports two SPI flash devices via two chip select (SPI0_​CS0# and SPI0_​CS1#). The maximum size of flash supported is determined by the SFDP-discovered addressing capability of each device. Each component can be up to 16 MB (32 MB total addressable) using 3-byte addressing. Each component can be up to 64 MB (128 MB total addressable) using 4-byte addressing. Another chip select (SPI0_​CS2#) is also available and only used for TPM on SPI support. The processor drives the SPI0 interface clock at either 14 MHz, 25 MHz, 33 MHz and 50 MHz and will function with SPI flash/TPM devices that support at least one of these frequencies. The SPI interface supports 1.8 V only

A SPI0 flash device supporting SFDP (Serial Flash Discovery Parameter) is required for all design. A SPI0 flash device on SPI0_​CS0# with a valid descriptor must be attached directly to the processor.

The processor supports fast read which consist of:

  1. Dual Output Fast Read (Single Input Dual Output)
  2. Dual I/O Fast Read (Dual Input Dual Output)
  3. Quad Output Fast Read (Single Input Quad Output)
  4. Quad I/O Fast Read (Quad Input Quad Output)

The processor SPI0 has a third chip select SPI0_​CS2# for TPM support over SPI. The TPM on SPI0 will use SPI0_​CLK, SPI0_​MISO, SPI0_​MOSI and SPI0_​CS2# SPI signals.

SPI0 Supported Features

  • Descriptor Mode

    Descriptor Mode is required for all SKUs of the processor. Non-Descriptor Mode is not supported.

  • SPI0 Flash Regions

In Descriptor Mode the Flash is divided into five separate regions.

SPI0 Flash Regions

Region

Content

0

Flash Descriptor

1

BIOS

2

Intel ®CSME

3

GbE - Location for Integrated LAN firmware and MAC address

4

PDR - Platform Data Region

8

EC - Embedded Controller

10

Intel® Silicon Security Engine

Only four controllers can access the regions: Host processor running BIOS code, Integrated Gigabit Ethernet and Host processor running Gigabit Ethernet Software, Intel Converged Security and Management Engine, and the EC.

The Flash Descriptor and Intel® CSME region are the only required regions. The Flash Descriptor has to be in region 0 and region 0 must be located in the first sector of Device 0 (Offset 0). All other regions can be organized in any order.

Regions can extend across multiple components, but must be contiguous.

Flash Region Sizes

SPI0 flash space requirements differ by platform and configuration. The Flash Descriptor requires one 4 KB or larger block. GbE requires two 4 KB or larger blocks. The amount of flash space consumed is dependent on the erase granularity of the flash part and the platform requirements for the Intel® CSME and BIOS regions. The Intel® CSME region contains firmware to support Intel Active Management Technology and other Intel® CSME capabilities.

Region Size Versus Erase Granularity of Flash Components 

Region

Size with 4 KB Blocks

Size with 8 KB Blocks

Size with 64 KB Blocks

Descriptor

4 KB

8 KB

64 KB

GbE

8 KB

16 KB

128 KB

BIOS

Varies by Platform

Varies by Platform

Varies by Platform

Intel® CSME

Varies by Platform

Varies by Platform

Varies by Platform

EC

Varies by Platform

Varies by Platform

Varies by Platform

PDR

Varies by Platform

Varies by Platform

Varies by Platform

Intel® CSME Data

Varies by Platform

Varies by Platform

Varies by Platform

Flash Descriptor

The bottom sector of the flash component 0 contains the Flash Descriptor. The maximum size of the Flash Descriptor is 4 KB. If the block/sector size of the SPI0 flash device is greater than 4 KB, the flash descriptor will only use the first 4 KB of the first block. It requires its own discrete erase block, so it may need greater than 4 KB of flash space depending on the flash architecture that is on the target system. Two additional redundant back-ups of the Flash Descriptor have been added for data resilience.The information stored in the Flash Descriptor can only be written during the manufacturing process as its read/write permissions must be set to read only when the computer leaves the manufacturing floor.

The Flash Descriptor is made up of fifteen sections as shown in the figure below:

Flash Descriptor Regions

  • EC Firmware Pointer is located in the first 16 bytes of the Descriptor and contains the address location for EC flash region. The format for the EC Firmware Pointer address is dependent on EC vendors/OEM implementation of this field.
  • The Flash signature at the bottom of the flash (offset 10h) must be 0FF0A55Ah in order to be in Descriptor mode.
  • The Descriptor map has pointers to the lower five descriptor sections as well as the size of each.
  • The Component section has information about the SPI flash part(s) the system. It includes the number of components, density of each component, read, write and erase frequencies and invalid instructions.
  • The Region section defines the base and the limit of the BIOS, IFWI, GbE, Platform Data Region (PDR- Optional), Embedded Controller (EC- Optional) regions as well as their size.
  • The processor soft strap sections contain configurable parameters.
  • The Reserved region is for future processor usage.
  • The Descriptor Upper Map determines the length and base address of the Intel ® CSME VSCC Table.
  • The Intel ® CSME VSCC Table holds the JEDEC ID and the ME VSCC information for all the SPI Flash part(s) supported by the NVM image. BIOS and GbE write and erase capabilities depend on VSCC0 and VSCC1 registers in SPIBAR memory space.
  • OEM Section is 256 bytes reserved at the top of the Flash Descriptor for use by OEM.
Descriptor Controller Region

The Controller region defines read and write access setting for each region of the SPI0 device. The Controller region recognizes four Controllers: BIOS, Gigabit Ethernet, Intel® CSME, and EC. Each Controller is only allowed to do direct reads of its primary regions.

Region Access Control Table

Controller Read/Write Access

Region

Processor and BIOS

Intel® CSME

GbE Controller

EC

Descriptor (0)

Read Only

Read Only

Not Accessible

Not Accessible

BIOS (1)

processor / BIOS can always read from and write to BIOS region prior to EOP

Not Accessible

Not Accessible

Not Accessible

Intel® CSME (2)

Read/Write (BIOS Only)

Intel® CSME can always read from and write to firmware region

Not Accessible

Not Accessible

Gigabit Ethernet (3)

Not Accessible

Read/Write

GbE software can always read from and write to GbE region

Not Accessible

PDR (4)

Not Accessible

Not Accessible

Not Accessible

Not Accessible

EC (8)

Read/Write

Not Accessible

Not Accessible

EC can always read from and write to EC region.

Intel® CSME Data (15)

Not Accessible

Read/Write Not Accessible Not Accessible
Notes:
  • The Region Access values listed above represent post manufacturing configuration only.
  • Descriptor and PDR region is not a Controller, so they will not have Controller R/W access.
  • Descriptor should NOT have write access by any Controller in production systems.
  • PDR region should only have read and/or write access by processor/Host. GbE and Intel® CSME should NOT have access to PDR region.

Flash Descriptor Processor Complex Soft Strap

Region Name

Starting Address

Signature

10h

Component FCBA

30h

Regions FRBA

40h

Controllers FMBA

80h

Desc Redundancy & Recovery

320h

MDTBA

C00h

IOE PMC Straps

C6Ch

IOE Soft Straps

CACh

Processor Straps

CECh

D8Ch

Intel® CSME Straps

D9Ch

Flash Access

There are two types of accesses: Direct Access and Program Register Accesses.

  • Direct Access
    • Controllers are allowed to do direct read only of their primary region
      • Gigabit Ethernet region can only be directly accessed by the Gigabit Ethernet controller. Gigabit Ethernet software must use Program Registers to access the Gigabit Ethernet region.
    • Controller's Host or Management Engine virtual read address is converted into the SPI0 Flash Linear Address (FLA) using the Flash Descriptor Region Base/Limit registers

      Direct Access Security

    • Requester ID of the device must match that of the primary Requester ID in the Controller Section
    • Calculated Flash Linear Address must fall between primary region base/limit
    • Direct Write not allowed
    • Direct Read Cache contents are reset to 0's on a read from a different Controller
  • Program Register Access
    • Program Register Accesses are not allowed to cross a 4 KB boundary and cannot issue a command that might extend across two components
    • Software programs the FLA corresponding to the region desired
      • Software must read the devices Primary Region Base/Limit address to create a FLA.

    • Register Access Security

      Only primary region Controllers can access the registers

Flash Descriptor Redundancy and Recovery

In order to provide descriptor redundancy and recovery, SPI flash controller uses two 4 KB spaces or regions as the backup descriptor regions. Each backup descriptor region size is 4 KB.

Flash Descriptor Redundancy

In the main and backup descriptor regions, the following fields are defined for the descriptor integrity check and recovery. Before SPI controller reads the descriptor, it

  • Reads Main Descriptor Region and calculates SHA-256 hash.
  • Reads Active Backup Descriptor Region and calculates hash.
  • Compares each hash result with the hash in that region.
  • Takes action based on result and policy byte (in Main Descriptor).

RPMC Configuration

Intel Replay Protection Monotonic Counter (RPMC) is a capability providing Anti-Replay Protection using Monotonic Counters inside SPI Flash. Intel RPMC is a critical security feature designed to protect the SPI part of Intel platforms from unauthorized write operations. This innovative technology acts as a robust defense mechanism, ensuring that only authorized write operations are permitted, thus preventing any unauthorized access to the SPI.

RPMC protection relies on:

  • Special RPMC HW and logic inside the SPI Flash.
  • Intel CSME FW support that utilizes RPMC capabilities within Flash.
At the core of RPMC's functionality lies the concept of the session key.

The session key is a cryptographic key derived from several factors residing on the processor . These factors are carefully selected and stored upon provisioning RPMC to the SPI part. The session key serves as a means of authenticating each incoming write message to the SPI. When an authorized operation is initiated, the session key is used to verify the legitimacy of the request. If the session key does not match the expected value, the SPI part will reject the request, effectively blocking malicious or unauthorized write operations.

Furthermore, the session key also extends its protective shield to cover a specific set of sensitive read messages. This holistic approach ensures that not only write operations but also read operations involving sensitive data are monitored and authenticated, enhancing the overall security of the system.

Two features of RPMC can be enabled:

  • RPMC will be enabled on platforms with RPMC SPI. During Intel End of Manufacturing the processor will be bound with RPMC SPI
  • When SPI is replaced, re-binding between the new RPMC SPI and theprocessor will happen automatically on first boot.

Monotonic Counters

Monotonic counters are counters on the SPI Flash maintained by Intel CSME FW. SPI Flash has a set of four 32-bit monotonic counters, where Intel CSME FW uses two of these counters. Intel CSME FW ensures FW write operations will not exceed SPI RPMC monotonic counter increment rate specified by RPMC HW during platform lifetime supported by Intel. Reading and incrementing the counters in the Flash is done using authenticated commands with a key known to both: SPI Flash and Intel® CSME FW

Binding at End of Manufacturing (EOM)

RPMC Binding pairs between SPI Flash and the processor by provisioning the Binding key produced by the processor into SPI Flash. This pairing is done as part of the EOM flow which usually takes place at the manufacturing line.

In conclusion, Intel RPMC, with its Replay Monotonic Counter and session key mechanism, stands as a powerful safeguard against unauthorized write operations and unauthorized access to sensitive data in the SPI part. This robust security feature, derived from the session key, adds an additional layer of protection to Intel platforms, making them more resilient against potential threats and ensuring the integrity and confidentiality of the data stored in the SPI.

SPI0 Support for TPM