1 /** @file 2 This file contains various definitions for IHV HSTI implementation 3 including error string definitions 4 5 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> 6 SPDX-License-Identifier: BSD-2-Clause-Patent 7 8 **/ 9 10 #ifndef __HSTI_FEATURE_BIT_H__ 11 #define __HSTI_FEATURE_BIT_H__ 12 13 #define HSTI_SECURITY_FEATURE_SIZE 3 14 15 #define HSTI_ERROR L"Error " 16 #define HSTI_PLATFORM_SECURITY_SPECIFICATION L" Platform Security Specification" 17 #define HSTI_BOOTGUARD_CONFIGURATION L" - Boot Guard Configuration - " 18 #define HSTI_SPI_FLASH_CONFIGURATION L" - SPI Flash Configuration - " 19 #define HSTI_PCH_SECURITY_CONFIGURATION L" - PCH Security Configuration - " 20 #define HSTI_BIOS_GUARD_SECURITY_CONFIGURATION L" - BIOS Guard Security Configuration - " 21 #define HSTI_MEASURED_BOOT_CONFIGURATION L" - Measured Boot Configuration - " 22 #define HSTI_INTEGRATED_DEVICE_DMA_PROTECTION L" - Integrated Device DMA Protection - " 23 #define HSTI_CPU_SECURITY_CONFIGURATION L" - CPU Security Configuration - " 24 #define HSTI_SYSTEM_AGENT_SECURITY_CONFIGURATION L" - Secure System Agent Security Configuration - " 25 #define HSTI_MEMORY_MAP_SECURITY_CONFIGURATION L" - Memory Map Security Configuration - " 26 #define HSTI_PROCESSOR_GRAPHICS_SECURITY_CONFIGURATION L" - Processor Graphics Security Configuration - " 27 #define HSTI_PROCESSOR_SPD_SECURITY_CONFIGURATION L" - SPD Security Configuration - " 28 29 30 #define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY BIT0 31 #define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_CODE_1 L"0x00000001" 32 #define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_STRING_1 L"Boot Guard configured without Verified Boot\r\n" 33 #define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_CODE_2 L"0x00000002" 34 #define HSTI_BYTE0_HARDWARE_ROOTED_BOOT_INTEGRITY_ERROR_STRING_2 L"Boot Guard disabled\r\n" 35 36 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION BIT1 37 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_1 L"0x00010001" 38 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_1 L"SPI Flash not write protected\r\n" 39 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_2 L"0x00010002" 40 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_2 L"SPI Flash descriptor overridden\r\n" 41 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_3 L"0x00010003" 42 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_3 L"SPI Controller configuration unlocked\r\n" 43 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_4 L"0x00010004" 44 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_4 L"SPI Controller BIOS Interface unlocked\r\n" 45 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_5 L"0x00010005" 46 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_5 L"Top Swap enabled\r\n" 47 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_6 L"0x00010006" 48 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_6 L"SPI Vendor Specific Component Capabilities unlocked\r\n" 49 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_7 L"0x00010007" 50 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_7 L"SPI Controller GbE Interface unlocked\r\n" 51 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_8 L"0x00010008" 52 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_8 L"ME FW not in Normal Working State\r\n" 53 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_9 L"0x00010009" 54 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_9 L"Flash Descriptor Invalid\r\n" 55 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_A L"0x0001000A" 56 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_A L"SPI Region Access Rights Invalid\r\n" 57 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_B L"0x0001000B" 58 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_B L"SPI SW Sequencing OPCODEs insufficiently restrained\r\n" 59 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_C L"0x0001000C" 60 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_C L"Allowed SPI SW Sequencing OPCODE configuration incorrect\r\n" 61 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_D L"0x0001000D" 62 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_D L"Global SMI not enabled and locked\r\n" 63 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_CODE_E L"0x0001000E" 64 #define HSTI_BYTE0_BOOT_FIRMWARE_MEDIA_PROTECTION_ERROR_STRING_E L"TCO SMI not enabled and locked\r\n" 65 66 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE BIT2 67 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_CODE_1 L"0x00020001" 68 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_STRING_1 L"BIOS Guard unsupported\r\n" 69 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_CODE_2 L"0x00020002" 70 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_STRING_2 L"BIOS Guard configuration unlocked\r\n" 71 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_CODE_3 L"0x00020001" 72 #define HSTI_BYTE0_SIGNED_FIRMWARE_UPDATE_ERROR_STRING_3 L"BIOS Guard disabled\r\n" 73 74 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT BIT3 75 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_1 L"0x00030001" 76 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_1 L"Chipset supports FW TPM, however no TPM enabled\r\n" 77 78 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_2 L"0x00030002" 79 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_2 L"PCR[7] is not initialized\r\n" 80 81 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_3 L"0x00030003" 82 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_3 L"Event Log is not published or invalid\r\n" 83 84 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_CODE_4 L"0x00030004" 85 #define HSTI_BYTE0_MEASURED_BOOT_ENFORCEMENT_ERROR_STRING_4 L"Platform Auth accessible via 0x00000000\r\n" 86 87 88 #define HSTI_BYTE0_INTEGRATED_DEVICE_DMA_PROTECTION BIT4 89 #define HSTI_BYTE0_INTEGRATED_DEVICE_DMA_PROTECTION_ERROR_CODE_1 L"0x00040001" 90 #define HSTI_BYTE0_INTEGRATED_DEVICE_DMA_PROTECTION_ERROR_STRING_1 L"Bus Mastering Enabled for non-boot, integrated device\r\n" 91 92 #define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION BIT5 93 #define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_CODE_1 L"0x00050001" 94 #define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_STRING_1 L"Debug MSR enabled\r\n" 95 96 #define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_CODE_2 L"0x00050002" 97 #define HSTI_BYTE0_DEBUG_MODE_DISABLED_VERIFICATION_ERROR_STRING_2 L"Debug interface unlocked\r\n" 98 99 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION BIT6 100 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_1 L"0x00060001" 101 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_1 L" Minimum uCode patch revision not met\r\n" 102 103 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_2 L"0x00060002" 104 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_2 L" Pre-production silicon in use\r\n" 105 106 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_3 L"0x00060003" 107 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_3 L"VMX & Senter feature configuration unlocked\r\n" 108 109 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_4 L"0x00060004" 110 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_4 L" SMM Code Fetch feature configuration unlocked\r\n" 111 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_4A L" SMM Code Fetch outside SMRAM detection feature is disabled\r\n" 112 113 114 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_5 L"0x00060005" 115 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_5 L" AES-NI Feature configuration unlocked\r\n" 116 117 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_6 L"0x00060006" 118 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_6 L" FIT table not present\r\n" 119 120 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_7 L"0x00060007" 121 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_7 L" MicrocodeRangeRegisters improperly configured or unlocked\r\n" 122 123 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_8 L"0x00060008" 124 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_8 L" SMM COnfiguration Unlocked\r\n" 125 126 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_9 L"0x00060009" 127 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_9 L" TSEG not naturally aligned\r\n" 128 129 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_CODE_A L"0x0006000A" 130 #define HSTI_BYTE0_SECURE_CPU_CONFIGURATION_ERROR_STRING_A L" Improper SMRR configuration\r\n" 131 132 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION BIT7 133 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_1 L"0x00070001" 134 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_1 L"Intel TXT configuration unlocked\r\n" 135 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_2 L"0x00070002" 136 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_2 L"Memory Controller configuration unlocked\r\n" 137 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_3 L"0x00070003" 138 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_3 L"System Agent configuration unlocked\r\n" 139 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_4 L"0x00070004" 140 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_4 L"Graphics memory configuration unlocked\r\n" 141 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_5 L"0x00070005" 142 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_5 L"VT-d configuration unlocked\r\n" 143 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_CODE_6 L"0x00070006" 144 #define HSTI_BYTE0_SECURE_SYSTEM_AGENT_CONFIGURATION_ERROR_STRING_6 L"Power Plane 0 Current Config unlocked\r\n" 145 146 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION BIT0 147 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_1 L"0x00080001" 148 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_1 L" Memory BAR configuration unlocked\r\n" 149 150 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_2 L"0x00080002" 151 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_2 L" Fixed MMIO regions overlap\r\n" 152 153 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_3 L"0x00080003" 154 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_3 L" Non lockable MMIO ranges overlap other critical regions\r\n" 155 156 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_CODE_4 L"0x00080004" 157 #define HSTI_BYTE1_SECURE_MEMORY_MAP_CONFIGURATION_ERROR_STRING_4 L" SPD not write protected\r\n" 158 159 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION BIT1 160 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_1 L"0x00090001" 161 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_1 L" Graphics configuration unlocked\r\n" 162 163 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_2 L"0x00090002" 164 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_2 L"Invalid Graphics Memory Alignment\r\n" 165 166 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_CODE_3 L"0x00090003" 167 #define HSTI_BYTE1_SECURE_INTEGRATED_GRAPHICS_CONFIGURATION_ERROR_STRING_3 L" Reserved Check failed\r\n" 168 169 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION BIT2 170 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_1 L"0x000A0001" 171 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_1 L" Thermal Configuration unlocked\r\n" 172 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_2 L"0x000A0002" 173 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_2 L"BAR's unlocked\r\n" 174 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_CODE_3 L"0x000A0003" 175 #define HSTI_BYTE1_SECURE_PCH_CONFIGURATION_ERROR_STRING_3 L" Reserved Check failure\r\n" 176 177 #endif 178