[edk2-devel] [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures

Nate DeSimone posted 1 patch 2 years, 8 months ago
Failed in applying to current master (apply log)
.../Include/Ppi/RasImcS3Data.h                |   6 +
.../Include/Ppi/UpiPolicyPpi.h                |   5 +-
.../WhitleySiliconPkg/Include/Upi/KtiHost.h   | 250 +++++++++---------
.../SouthClusterLbg/Include/PchPolicyCommon.h |   9 +
.../SecurityIp/SecurityIpMkTme1v0_Inputs.h    |   8 +-
.../SecurityIp/SecurityIpMkTme1v0_Outputs.h   |  12 +-
.../SecurityIp/SecurityIpSgxTem1v0_Inputs.h   |  43 +--
.../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h |   4 +-
.../Security/Include/Guid/SecurityPolicy.h    |  29 ++
.../Include/Guid/SecurityPolicy_Flat.h        |   4 +-
.../Library/SecurityPolicyDefinitions.h       |  28 ++
11 files changed, 245 insertions(+), 153 deletions(-)
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
[edk2-devel] [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures
Posted by Nate DeSimone 2 years, 8 months ago
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Isaac Oram <isaac.w.oram@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
---
 .../Include/Ppi/RasImcS3Data.h                |   6 +
 .../Include/Ppi/UpiPolicyPpi.h                |   5 +-
 .../WhitleySiliconPkg/Include/Upi/KtiHost.h   | 250 +++++++++---------
 .../SouthClusterLbg/Include/PchPolicyCommon.h |   9 +
 .../SecurityIp/SecurityIpMkTme1v0_Inputs.h    |   8 +-
 .../SecurityIp/SecurityIpMkTme1v0_Outputs.h   |  12 +-
 .../SecurityIp/SecurityIpSgxTem1v0_Inputs.h   |  43 +--
 .../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h |   4 +-
 .../Security/Include/Guid/SecurityPolicy.h    |  29 ++
 .../Include/Guid/SecurityPolicy_Flat.h        |   4 +-
 .../Library/SecurityPolicyDefinitions.h       |  28 ++
 11 files changed, 245 insertions(+), 153 deletions(-)
 create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
 create mode 100644 Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h

diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
index 82725bc84..2198f8516 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
@@ -44,7 +44,13 @@ EFI_STATUS
   OUT       VOID                            *Data
   );
 
+/**
+ RAS IMC S3 Data PPI
+**/
 struct _RAS_IMC_S3_DATA_PPI {
+  /**
+    Retrieves data for S3 saved memory RAS features from non-volatile storage.
+  **/
   RAS_IMC_S3_DATA_PPI_GET_IMC_S3_RAS_DATA  GetImcS3RasData;
 };
 
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
index e355dcaba..503c5c0ae 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
@@ -24,6 +24,9 @@
 
 typedef struct _UPI_POLICY_PPI UPI_POLICY_PPI;
 
+/**
+  UPI Policy Structure
+**/
 struct _UPI_POLICY_PPI {
   /**
     This member specifies the revision of the UPI_POLICY_PPI. This field is used to
@@ -32,7 +35,7 @@ struct _UPI_POLICY_PPI {
     to correctly interpret the content of the INTERFACE fields.
   **/
   UINT32        Revision;
-  KTI_HOST_IN   Upi;
+  KTI_HOST_IN   Upi;        ///< KTIRC input structure
 };
 
 #endif  // _UPI_POLICY_PPI_H_
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
index cf558b3d3..e793cc647 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
@@ -99,28 +99,31 @@ typedef struct {
   KTI_RESERVED_2  Phy[MAX_FW_KTI_PORTS];
 } KTI_RESERVED_4;
 
-//
-// PHY settings that are system dependent.   Need 1 of these for each socket/link/freq.
-//
+/**
+  Per Lane PHY Configuration
 
+  These PHY settings are system dependent. Every socket/link/freq requires an instance of this structure.
+**/
 typedef struct {
-  UINT8  SocketID;
-  UINT8  AllLanesUseSameTxeq;
-  UINT8  Freq;
-  UINT32 Link;
-  UINT32 TXEQL[20];
-  UINT32 CTLEPEAK[5];
+  UINT8  SocketID;              ///< Socket ID
+  UINT8  AllLanesUseSameTxeq;   ///< Use same TXEQ on all lanes
+  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used for
+  UINT32 Link;                  ///< Port Number
+  UINT32 TXEQL[20];             ///< TXEQ Settings
+  UINT32 CTLEPEAK[5];           ///< CTLE Peaking Settings
 } PER_LANE_EPARAM_LINK_INFO;
 
-//
-// This is for full speed mode, all lanes have the same TXEQ setting
-//
+/**
+  All Lanes PHY Configuration
+
+  This is for full speed mode, all lanes have the same TXEQ setting
+**/
 typedef struct {
-  UINT8  SocketID;
-  UINT8  Freq;
-  UINT32 Link;
-  UINT32 AllLanesTXEQ;
-  UINT8  CTLEPEAK;
+  UINT8  SocketID;              ///< Socket ID
+  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used for
+  UINT32 Link;                  ///< Port Number
+  UINT32 AllLanesTXEQ;          ///< TXEQ Setting
+  UINT8  CTLEPEAK;              ///< CTLE Peaking Setting
 } ALL_LANES_EPARAM_LINK_INFO;
 
 #define ADAPTIVE_CTLE 0x3f
@@ -173,130 +176,141 @@ typedef struct {
   KTI_CPU_PHY_SETTING   Phy[MAX_FW_KTI_PORTS];
 } KTI_CPU_SETTING;
 
-//
-// KTIRC input structure
-//
+/**
+  KTIRC input structure
+**/
 typedef struct {
   //
   // Protocol layer and other general options; note that "Auto" is provided only options whose value will change depending
   // on the topology, not for all options.
   //
 
-  //
-  // Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's IIO.
-  // Value 0 indicates, that CPU is not relevant for the system. If resource is
-  // requested for an CPU that is not currently populated, KTIRC will assume
-  // that the ratio is 0 for that CPU and won't allocate any resources for it.
-  // If resource is not requested for an CPU that is populated, KTIRC will force
-  // the ratio for that CPU to 1.
-  //
-
-
+  /**
+   Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's IIO.
+    Value 0 indicates, that CPU is not relevant for the system. If resource is
+    requested for an CPU that is not currently populated, KTIRC will assume
+    that the ratio is 0 for that CPU and won't allocate any resources for it.
+    If resource is not requested for an CPU that is populated, KTIRC will force
+    the ratio for that CPU to 1.
+  **/
   UINT8               BusRatio[MAX_SOCKET];
 
-  UINT8               D2KCreditConfig;             // 1 - Min, 2 - Med (Default), 3- Max
-  UINT8               SnoopThrottleConfig;  // 0 - Disabled (Default), 1 - Min, 2 - Med, 3- Max
-  UINT8               SnoopAllCores;        // 0 - Disabled, 1 - Enabled, 2 - Auto
-  UINT8               LegacyVgaSoc;       // Socket that claims the legacy VGA range; valid values are 0-7; 0 is default.
-  UINT8               LegacyVgaStack;     // Stack that claims the legacy VGA range; valid values are 0-3; 0 is default.
-  UINT8               ColdResetRequestStart;
-  UINT8               P2pRelaxedOrdering; // 0 - Disable(default) 1 - Enable
-  UINT8               DebugPrintLevel;    // Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
-  UINT8               SncEn;              // 0 - Disable, (default) 1 - Enable
-  UINT8               UmaClustering;      // 0 - Disable, 2 - 2Clusters UMA, 4 - 4Clusters UMA
-  UINT8               IoDcMode;           // 0 - Disable IODC,  1 - AUTO (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
-                                          // 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
-  UINT8               DegradePrecedence;  // Use DEGRADE_PRECEDENCE definition; TOPOLOGY_PRECEDENCE is default
-  UINT8               Degrade4SPreference;// 4S1LFullConnect topology is default; another option is 4S2LRing topology.
-  UINT8               DirectoryModeEn;    // 0 - Disable; 1 - Enable (default)
-  UINT8               XptPrefetchEn;      // Xpt Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
-  UINT8               KtiPrefetchEn;      // Kti Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
-  UINT8               XptRemotePrefetchEn;     // Xpt Remote Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)   (ICX only)
-  UINT8               RdCurForXptPrefetchEn;   // RdCur for XPT Prefetch :  0 - Disable, 1 - Enable, 2- Auto (default)
-  UINT8               KtiFpgaEnable[MAX_SOCKET];  // Indicate if should enable Fpga device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
-  UINT8               DdrtQosMode;          // DDRT QoS Feature:  0 - Disable (default), 1 - M2M QoS Enable, Cha QoS Disable
-                                            // 2 - M2M QoS Enable, Cha QoS Enable
+  UINT8               D2KCreditConfig;                ///< 1 - Min, 2 - Med (Default), 3- Max
+  UINT8               SnoopThrottleConfig;            ///< 0 - Disabled (Default), 1 - Min, 2 - Med, 3- Max
+  UINT8               SnoopAllCores;                  ///< 0 - Disabled, 1 - Enabled, 2 - Auto
+  UINT8               LegacyVgaSoc;                   ///< Socket that claims the legacy VGA range; valid values are 0-7; 0 is default.
+  UINT8               LegacyVgaStack;                 ///< Stack that claims the legacy VGA range; valid values are 0-3; 0 is default.
+  UINT8               ColdResetRequestStart;          ///< @deprecated Reserved.
+  UINT8               P2pRelaxedOrdering;             ///< 0 - Disable(default) 1 - Enable
+  UINT8               DebugPrintLevel;                ///< Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
+  UINT8               SncEn;                          ///< 0 - Disable, (default) 1 - Enable
+  UINT8               UmaClustering;                  ///< 0 - Disable, 2 - 2Clusters UMA, 4 - 4Clusters UMA
+  UINT8               IoDcMode;                       ///< 0 - Disable IODC,  1 - AUTO (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
+                                                      ///< 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
+  UINT8               DegradePrecedence;              ///< Use DEGRADE_PRECEDENCE definition; TOPOLOGY_PRECEDENCE is default
+  UINT8               Degrade4SPreference;            ///< 4S1LFullConnect topology is default; another option is 4S2LRing topology.
+  UINT8               DirectoryModeEn;                ///< 0 - Disable; 1 - Enable (default)
+  UINT8               XptPrefetchEn;                  ///< Xpt Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
+  UINT8               KtiPrefetchEn;                  ///< Kti Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)
+  UINT8               XptRemotePrefetchEn;            ///< Xpt Remote Prefetch :  1 - Enable; 0 - Disable; 2 - Auto (default)   (ICX only)
+  UINT8               RdCurForXptPrefetchEn;          ///< RdCur for XPT Prefetch :  0 - Disable, 1 - Enable, 2- Auto (default)
+  UINT8               KtiFpgaEnable[MAX_SOCKET];      ///< Indicate if should enable Fpga device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
+  UINT8               DdrtQosMode;                    ///< DDRT QoS Feature:  0 - Disable (default), 1 - M2M QoS Enable, Cha QoS Disable
+                                                      ///< 2 - M2M QoS Enable, Cha QoS Enable
 
   //
   // Phy/Link Layer Options (System-wide and per socket)
   //
-  UINT8               KtiLinkSpeedMode;   // Link speed mode selection; 0 - Slow Speed; 1- Full Speed (default)
-  UINT8               KtiLinkSpeed;       // Use KTI_LINKSPEED definition
-  UINT8               KtiAdaptationEn;    // 0 - Disable, 1 - Enable
-  UINT8               KtiAdaptationSpeed; // Use KTI_LINK_SPEED definition; MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
-  UINT8               KtiLinkL0pEn;       // 0 - Disable, 1 - Enable, 2- Auto  (default)
-  UINT8               KtiLinkL1En;        // 0 - Disable, 1 - Enable, 2- Auto  (default)
-  UINT8               KtiFailoverEn;      // 0 - Disable, 1 - Enable, 2- Auto (default)
-  UINT8               KtiLbEn;            // 0 - Disable(default), 1 - Enable
-  UINT8               KtiCrcMode;         // CRC_MODE_16BIT, CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
-
-  UINT8               KtiCpuSktHotPlugEn;       // 0 - Disable (default), 1 - Enable
-  UINT8               KtiCpuSktHotPlugTopology; // 0 - 4S Topology (default), 1 - 8S Topology
-  UINT8               KtiSkuMismatchCheck;      // 0 - No, 1 - Yes (default)
-  UINT8               IrqThreshold;             // IRQ Threshold setting
-  UINT8               TorThresLoctoremNorm;     // TOR threshold - Loctorem threshold normal
-  UINT8               TorThresLoctoremEmpty;    // TOR threshold - Loctorem threshold empty
-  UINT8               MbeBwCal;                 // 0 - Linear, 1 - Biased, 2 - Legacy, 3 - AUTO (default = Linear)
-  UINT8               TscSyncEn;                // TSC sync in sockets: 0 - Disable, 1 - Enable, 2 - AUTO (Default)
-  UINT8               StaleAtoSOptEn;           // HA A to S directory optimization: 1 - Enable; 0 - Disable; 2 - Auto (Default)
-  UINT8               LLCDeadLineAlloc;         // LLC dead line alloc: 1 - Enable(Default); 0 - Disable
-  UINT8               SplitLock;
-  UINT8               ColdResetRequestEnd;
-
-  //
-  // Phy/Link Layer Options (per Port)
-  //
+  UINT8               KtiLinkSpeedMode;               ///< Link speed mode selection; 0 - Slow Speed; 1- Full Speed (default)
+  UINT8               KtiLinkSpeed;                   ///< Use KTI_LINKSPEED definition
+  UINT8               KtiAdaptationEn;                ///< 0 - Disable, 1 - Enable
+  UINT8               KtiAdaptationSpeed;             ///< Use KTI_LINK_SPEED definition; MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
+  UINT8               KtiLinkL0pEn;                   ///< 0 - Disable, 1 - Enable, 2- Auto  (default)
+  UINT8               KtiLinkL1En;                    ///< 0 - Disable, 1 - Enable, 2- Auto  (default)
+  UINT8               KtiFailoverEn;                  ///< 0 - Disable, 1 - Enable, 2- Auto (default)
+  UINT8               KtiLbEn;                        ///< 0 - Disable(default), 1 - Enable
+  UINT8               KtiCrcMode;                     ///< CRC_MODE_16BIT, CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
+
+  UINT8               KtiCpuSktHotPlugEn;             ///< 0 - Disable (default), 1 - Enable
+  UINT8               KtiCpuSktHotPlugTopology;       ///< 0 - 4S Topology (default), 1 - 8S Topology
+  UINT8               KtiSkuMismatchCheck;            ///< 0 - No, 1 - Yes (default)
+  UINT8               IrqThreshold;                   ///< IRQ Threshold setting
+  UINT8               TorThresLoctoremNorm;           ///< TOR threshold - Loctorem threshold normal
+  UINT8               TorThresLoctoremEmpty;          ///< TOR threshold - Loctorem threshold empty
+  UINT8               MbeBwCal;                       ///< 0 - Linear, 1 - Biased, 2 - Legacy, 3 - AUTO (default = Linear)
+  UINT8               TscSyncEn;                      ///< TSC sync in sockets: 0 - Disable, 1 - Enable, 2 - AUTO (Default)
+  UINT8               StaleAtoSOptEn;                 ///< HA A to S directory optimization: 1 - Enable; 0 - Disable; 2 - Auto (Default)
+  UINT8               LLCDeadLineAlloc;               ///< LLC dead line alloc: 1 - Enable(Default); 0 - Disable
+  UINT8               SplitLock;                      ///< @deprecated Reserved, must be set to 0.
+  UINT8               ColdResetRequestEnd;            ///< @deprecated Reserved.
+
+  ///
+  /// Phy/Link Layer Options (per Port)
+  ///
   KTI_CPU_SETTING     PhyLinkPerPortSetting[MAX_SOCKET];
 
 
-  UINT8               mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
-  UINT8               mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
-  UINT32              mmiolBase; ///< MMIOL Base address, must be 64MB aligned
-  UINT32              mmiolSize; ///< MMIOL Size address
-  UINT32              mmiohBase; ///< Address bits above 4GB, i,e, the hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
-  UINT8               CpuPaLimit; ///< Limits the max address to 46bits. This will take precedence over mmiohBase
-  UINT8               lowGap;
-  UINT8               highGap;
-  UINT16              mmiohSize; ////<< Number of 1GB contiguous regions to be assigned for MMIOH space per CPU.  Range 1-1024
-  UINT8               isocEn;    ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
-  UINT8               dcaEn;     ///< 1 - Enable; 0 - Disable
+  UINT8               mmCfgBase;                      ///< MMCFG Base address, must be 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
+  UINT8               mmCfgSize;                      ///< MMCFG Size address, must be 64M, 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
+  UINT32              mmiolBase;                      ///< MMIOL Base address, must be 64MB aligned
+  UINT32              mmiolSize;                      ///< MMIOL Size address
+  UINT32              mmiohBase;                      ///< Address bits above 4GB, i,e, the hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
+  UINT8               CpuPaLimit;                     ///< Limits the max address to 46bits. This will take precedence over mmiohBase
+  UINT8               lowGap;                         ///< @deprecated Reserved.
+  UINT8               highGap;                        ///< @deprecated Reserved.
+  UINT16              mmiohSize;                      ///< Number of 1GB contiguous regions to be assigned for MMIOH space per CPU.  Range 1-1024
+  UINT8               isocEn;                         ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
+  UINT8               dcaEn;                          ///< 1 - Enable; 0 - Disable
 
-  /*
+  /**
   BoardTypeBitmask:
-    Bits[3:0]   - Socket0
-    Bits[7:4]   - Socket1
-    Bits[11:8]  - Socket2
-    Bits[15:12] - Socket3
-    Bits[19:16] - Socket4
-    Bits[23:20] - Socket5
-    Bits[27:24] - Socket6
-    Bits[31:28] - Socket7
+  - Bits[3:0]   - Socket0
+  - Bits[7:4]   - Socket1
+  - Bits[11:8]  - Socket2
+  - Bits[15:12] - Socket3
+  - Bits[19:16] - Socket4
+  - Bits[23:20] - Socket5
+  - Bits[27:24] - Socket6
+  - Bits[31:28] - Socket7
 
   Within each Socket-specific field, bits mean:
-    Bit0 = CPU_TYPE_STD support; always 1 on Socket0
-    Bit1 = CPU_TYPE_F support
-    Bit2 = CPU_TYPE_P support
-    Bit3 = reserved
-  */
+  - Bit0 = CPU_TYPE_STD support; always 1 on Socket0
+  - Bit1 = CPU_TYPE_F support
+  - Bit2 = CPU_TYPE_P support
+  - Bit3 = reserved
+  **/
   UINT32              BoardTypeBitmask;
-  UINT32              AllLanesPtr;
-  UINT32              PerLanePtr;
-  UINT32              AllLanesSizeOfTable;
-  UINT32              PerLaneSizeOfTable;
-  UINT32              WaitTimeForPSBP; // the wait time in units of 1000us for PBSP to check in.
-  BOOLEAN             IsKtiNvramDataReady;
-  UINT32              OemHookPostTopologyDiscovery;
-  UINT32              OemGetResourceMapUpdate;
-  UINT32              OemGetAdaptedEqSettings;
-  UINT32              OemCheckCpuPartsChangeSwap;
-
-  BOOLEAN             WaSerializationEn;      // Enable BIOS serialization WA by PcdWaSerializationEn
+  UINT32              AllLanesPtr;                    ///< Pointer to an array of ALL_LANES_EPARAM_LINK_INFO structures.
+  UINT32              PerLanePtr;                     ///< Pointer to an array of PER_LANE_EPARAM_LINK_INFO structures.
+  UINT32              AllLanesSizeOfTable;            ///< Number of elements in array pointed to by AllLanesPtr
+  UINT32              PerLaneSizeOfTable;             ///< Number of elements in array pointed to by PerLanePtr
+  UINT32              WaitTimeForPSBP;                ///< the wait time in units of 1000us for PBSP to check in.
+  BOOLEAN             IsKtiNvramDataReady;            ///< Used internally, Reserved.
+  UINT32              OemHookPostTopologyDiscovery;   ///< OEM_HOOK_POST_TOPOLOGY_DISCOVERY function pointer. Invoked at the end of topology discovery, used for error reporting.
+  UINT32              OemGetResourceMapUpdate;        ///< OEM_GET_RESOURCE_MAP_UPDATE function pointer. Allows platform code to adjust the resource map.
+  UINT32              OemGetAdaptedEqSettings;        ///< @deprecated Reserved, must be set to 0.
+  UINT32              OemCheckCpuPartsChangeSwap;     ///< @deprecated Reserved, must be set to 0.
+
+  BOOLEAN             WaSerializationEn;              ///< Enable BIOS serialization WA by PcdWaSerializationEn
   KTI_RESERVED_3      Reserved166;
   KTI_RESERVED_4      Reserved167[MAX_SOCKET];
-  UINT8               KtiInEnableMktme;       // 0 - Disabled; 1 - Enabled; MkTme status decides D2Kti feature state
+  UINT8               KtiInEnableMktme;               ///< 0 - Disabled; 1 - Enabled; MkTme status decides D2Kti feature state
+  /**
+    Pointers to the location of the CFR/SINIT binaries.
+
+    Contains a pointer to a 24 byte fixed length array.
+    The array contains the 3 instances of the following c-struct
+    ~~~
+    typedef struct {
+      UINT32  CfrImagePtr;
+      UINT32  CfrImageSize;
+    }
+    ~~~
+    This allows a maximum of 3 CFR/SINIT binaries to be provided by platform code.
+  **/
   UINT32              CFRImagePtr;
-  UINT8               S3mCFRCommit;           // 0 - Disable S3m CFR flow.    1 - Provision S3m CFR but not Commit.    2 - Provsion and Commit S3M CFR.
-  UINT8               PucodeCFRCommit;        // 0 - Disable Pucode CFR flow. 1 - Provision Pucode CFR but not Commit. 2 - Provsion and Commit Pucode CFR.
+  UINT8               S3mCFRCommit;                   ///< 0 - Disable S3m CFR flow.    1 - Provision S3m CFR but not Commit.    2 - Provision and Commit S3M CFR.
+  UINT8               PucodeCFRCommit;                ///< 0 - Disable Pucode CFR flow. 1 - Provision Pucode CFR but not Commit. 2 - Provision and Commit Pucode CFR.
 } KTI_HOST_IN;
 
 #pragma pack()
diff --git a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
index f5861ccaf..0e10d0b8f 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyCommon.h
@@ -23,6 +23,9 @@ extern EFI_GUID gFlashProtectionConfigGuid;
 // ---------------------------- PCH General Config -------------------------------
 //
 
+/**
+  PCH General Configuration
+**/
 typedef struct {
   /**
     Subsystem Vendor ID and Subsystem ID of the PCH devices.
@@ -775,6 +778,9 @@ typedef enum  {
   PchHdaIDispMode1T = 1
 } PCH_HDAUDIO_IDISP_TMODE;
 
+/**
+  This structure contains the policies which are related to HD Audio device (cAVS).
+**/
 typedef struct {
   /**
     This member describes whether or not Intel HD Audio (Azalia) should be enabled.
@@ -1674,6 +1680,9 @@ typedef struct {
   UINT16                ProtectedRangeBase;
 } PROTECTED_RANGE;
 
+/**
+  PCH Flash Protection Configuration
+**/
 typedef struct {
   PROTECTED_RANGE       ProtectRange[PCH_FLASH_PROTECTED_RANGES];
 } PCH_FLASH_PROTECTION_CONFIG;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
index 4c48ca19e..84197b8c8 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Inputs.h
@@ -8,15 +8,15 @@
 **/
 
 //
-// TME
+// TME (Total Memory Encryption)
 //
-UINT8  EnableTme;                      // TME Enable
-UINT8  EnableTmeCR;                    // Exclude Crystal Ridge memory from encryption.
+UINT8  EnableTme;                               ///< TME Enable
+UINT8  EnableTmeCR;                             ///< TME for Optane Persistent Memory. Set to 0 exclude Optane from encryption.
 
 //
 // MK-TME
 //
-UINT8  EnableMktme;                    // MK-TME Enable
+UINT8  EnableMktme;                             ///< MK-TME Enable
 
 UINT8  ReservedS234;
 UINT8  ReservedS235;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
index 3a6262a65..201cdd9a9 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMkTme1v0_Outputs.h
@@ -10,9 +10,9 @@
 //
 // MK-TME
 //
-// NAK - Not a knob, used just for indication
-UINT8  TmeCapability; // TME Capable
-UINT8  TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
-UINT8  MktmeCapability; // MK-TME Capable
-UINT16 MktmeMaxKeys; // Max number of keys used for encryption
-UINT8  MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
+// NAK (Not a knob) - Used just for indication
+UINT8  TmeCapability;                           // NAK (Not a knob) - TME Capable
+UINT8  TmeCrSupport;                            // NAK (Not a knob) - Flag used to check if Crystal Ridge is supported in UEFI
+UINT8  MktmeCapability;                         // NAK (Not a knob) - MK-TME Capable
+UINT16 MktmeMaxKeys;                            // NAK (Not a knob) - Max number of keys used for encryption
+UINT8  MkTmeKeyIdBits;                          // NAK (Not a knob) - Used to suppress setup menu key-splits
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
index 2deabd0b5..c46434392 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgxTem1v0_Inputs.h
@@ -10,27 +10,30 @@
 //
 // SGX
 //
-UINT8  EnableSgx;
-UINT8  SgxFactoryReset;                // Delete all registration data, if SGX enabled force IPE/FirstBinding flow
-UINT64 PrmrrSize;                      // SGX PRMRR size
+UINT8  EnableSgx;                               ///< Enable SGX
+UINT8  SgxFactoryReset;                         ///< Delete all registration data, if SGX enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize;                               ///< SGX PRMRR size
 UINT64 ReservedS239;
-UINT8  SgxQoS;                         // SGX Quality of Service
-UINT8  SgxAutoRegistrationAgent;
-UINT8  SgxPackageInfoInBandAccess;     // Expose Package Info to OS
-UINT8  EpochUpdate;
-UINT64 SgxEpoch0;                      // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT64 SgxEpoch1;                      // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT8  SgxLeWr;                        // Flexible Launch Enclave Policy (Wr En)
-UINT64 SgxLePubKeyHash0;               // Launch Enclave Hash 0
-UINT64 SgxLePubKeyHash1;               // Launch Enclave Hash 1
-UINT64 SgxLePubKeyHash2;               // Launch Enclave Hash 2
-UINT64 SgxLePubKeyHash3;               // Launch Enclave Hash 3
-// Client SGX - unused in server
-UINT8  SgxSinitNvsData;                // SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
-                                       // Pass value of zero if there is not data saved or when SGX is disabled.
-UINT8  SgxSinitDataFromTpm;            // SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
-                                       // is present in TPM.
-UINT8  SgxDebugMode;
+UINT8  SgxQoS;                                  ///< SGX Quality of Service
+UINT8  SgxAutoRegistrationAgent;                ///< SGX Auto Registration Agent
+UINT8  SgxPackageInfoInBandAccess;              ///< SGX Expose Package Info to OS
+UINT8  EpochUpdate;                             ///< SGX EPOCH Update
+UINT64 SgxEpoch0;                               ///< SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1;                               ///< SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
+UINT8  SgxLeWr;                                 ///< Flexible Launch Enclave Policy (Wr En)
+UINT64 SgxLePubKeyHash0;                        ///< Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1;                        ///< Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2;                        ///< Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3;                        ///< Launch Enclave Hash 3
+
+//
+// DEPRECATED
+//
+UINT8  SgxSinitNvsData;                         ///< @deprecated SGX NVS data from Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+                                                ///              Pass value of zero if there is not data saved or when SGX is disabled.
+UINT8  SgxSinitDataFromTpm;                     ///< @deprecated SGX SVN data from TPM; 0: when SGX is disabled or TPM is not present or no data
+                                                ///              is present in TPM.
+UINT8  SgxDebugMode;                            ///< @deprecated
 
 UINT8  ReservedS240;
 UINT8  ReservedS241;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
index db5081c0a..79369f989 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h
@@ -7,7 +7,7 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
-UINT8  EnableTdx; // TDX Enable
-UINT8  KeySplit; // TDX/MK-TME key split
+UINT8  EnableTdx;                               ///< TDX Enable
+UINT8  KeySplit;                                ///< TDX/MK-TME key split
 
 UINT8  ReservedS245;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
new file mode 100644
index 000000000..0beb26704
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
@@ -0,0 +1,29 @@
+/** @file
+  Provides data structure information used by ServerSecurity features in Mtkme etc.
+
+  @copyright
+  Copyright 2018 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _SECURITY_POLICY_H_
+#define _SECURITY_POLICY_H_
+
+extern EFI_GUID gSecurityPolicyDataGuid;
+#include <Library/SecurityPolicyDefinitions.h>
+
+#pragma pack(1)
+
+/**
+  Security Policy
+**/
+typedef struct {
+  /**
+   * Please put common definitions inside the SecurityPolicy_Flat.h *
+  **/
+  #include "SecurityPolicy_Flat.h"
+} SECURITY_POLICY;
+
+#pragma pack()
+#endif
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
index ba62b8c3a..09dacdf62 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -1,6 +1,6 @@
 /** @file
   Provides data structure information used by ServerSecurity features in literally all products
-  Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+  Header is flat and injected directly in SecurityPolicy structure and SOCKET_PROCESSORCORE_CONFIGURATION.
 
   @copyright
   Copyright 2020 - 2021 Intel Corporation. <BR>
@@ -8,7 +8,7 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
-  // Header is flat and injected directly in SecurityPolicy sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
+  // Header is flat and injected directly in SecurityPolicy structure and SOCKET_PROCESSORCORE_CONFIGURATION.
   // Put common definitons here either directly or via intermediate header file..
 
 // SECURITY_IP_MKTME_1V0  MkTme;
diff --git a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
new file mode 100644
index 000000000..700f5abb4
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinitions.h
@@ -0,0 +1,28 @@
+/**@file
+  @copyright
+  Copyright 2020 - 2021 Intel Corporation. <BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef __SECURITY_POLICY_DEFINITIONS_H__
+#define __SECURITY_POLICY_DEFINITIONS_H__
+
+//
+// Security Policy definitions
+//
+
+//
+// Values for capable/incapable == supported/unsupported
+//
+#define SECURITY_POLICY_UNSUPPORTED                0
+#define SECURITY_POLICY_SUPPORTED                  1
+
+//
+// Values for enable/disable options
+//
+#define SECURITY_POLICY_DISABLE                    0
+#define SECURITY_POLICY_ENABLE                     1
+#define SECURITY_POLICY_AUTO                       2
+
+#endif
-- 
2.27.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#77987): https://edk2.groups.io/g/devel/message/77987
Mute This Topic: https://groups.io/mt/84342134/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [edk2-devel] [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures
Posted by Chiu, Chasel 2 years, 8 months ago
Hi Nate,

Just one small feedbacks inline, please check them.
With that resolved: Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
       
Thanks,
Chasel


> -----Original Message-----
> From: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>
> Sent: Wednesday, July 21, 2021 4:22 AM
> To: devel@edk2.groups.io
> Cc: Oram, Isaac W <isaac.w.oram@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>
> Subject: [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for
> silicon policy structures
> 
> Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Isaac Oram <isaac.w.oram@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> ---
>  .../Include/Ppi/RasImcS3Data.h                |   6 +
>  .../Include/Ppi/UpiPolicyPpi.h                |   5 +-
>  .../WhitleySiliconPkg/Include/Upi/KtiHost.h   | 250 +++++++++---------
>  .../SouthClusterLbg/Include/PchPolicyCommon.h |   9 +
>  .../SecurityIp/SecurityIpMkTme1v0_Inputs.h    |   8 +-
>  .../SecurityIp/SecurityIpMkTme1v0_Outputs.h   |  12 +-
>  .../SecurityIp/SecurityIpSgxTem1v0_Inputs.h   |  43 +--
>  .../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h |   4 +-
>  .../Security/Include/Guid/SecurityPolicy.h    |  29 ++
>  .../Include/Guid/SecurityPolicy_Flat.h        |   4 +-
>  .../Library/SecurityPolicyDefinitions.h       |  28 ++
>  11 files changed, 245 insertions(+), 153 deletions(-)  create mode 100644
> Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
>  create mode 100644
> Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinition
> s.h
> 
> diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> index 82725bc84..2198f8516 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> +++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> @@ -44,7 +44,13 @@ EFI_STATUS
>    OUT       VOID                            *Data
>    );
> 
> +/**
> + RAS IMC S3 Data PPI
> +**/
>  struct _RAS_IMC_S3_DATA_PPI {
> +  /**
> +    Retrieves data for S3 saved memory RAS features from non-volatile storage.
> +  **/
>    RAS_IMC_S3_DATA_PPI_GET_IMC_S3_RAS_DATA  GetImcS3RasData;  };
> 
> diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> index e355dcaba..503c5c0ae 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> +++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> @@ -24,6 +24,9 @@
> 
>  typedef struct _UPI_POLICY_PPI UPI_POLICY_PPI;
> 
> +/**
> +  UPI Policy Structure
> +**/
>  struct _UPI_POLICY_PPI {
>    /**
>      This member specifies the revision of the UPI_POLICY_PPI. This field is used
> to @@ -32,7 +35,7 @@ struct _UPI_POLICY_PPI {
>      to correctly interpret the content of the INTERFACE fields.
>    **/
>    UINT32        Revision;
> -  KTI_HOST_IN   Upi;
> +  KTI_HOST_IN   Upi;        ///< KTIRC input structure
>  };
> 
>  #endif  // _UPI_POLICY_PPI_H_
> diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> index cf558b3d3..e793cc647 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> +++ b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> @@ -99,28 +99,31 @@ typedef struct {
>    KTI_RESERVED_2  Phy[MAX_FW_KTI_PORTS];  } KTI_RESERVED_4;
> 
> -//
> -// PHY settings that are system dependent.   Need 1 of these for each
> socket/link/freq.
> -//
> +/**
> +  Per Lane PHY Configuration
> 
> +  These PHY settings are system dependent. Every socket/link/freq requires an
> instance of this structure.
> +**/
>  typedef struct {
> -  UINT8  SocketID;
> -  UINT8  AllLanesUseSameTxeq;
> -  UINT8  Freq;
> -  UINT32 Link;
> -  UINT32 TXEQL[20];
> -  UINT32 CTLEPEAK[5];
> +  UINT8  SocketID;              ///< Socket ID
> +  UINT8  AllLanesUseSameTxeq;   ///< Use same TXEQ on all lanes
> +  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used
> for
> +  UINT32 Link;                  ///< Port Number
> +  UINT32 TXEQL[20];             ///< TXEQ Settings
> +  UINT32 CTLEPEAK[5];           ///< CTLE Peaking Settings
>  } PER_LANE_EPARAM_LINK_INFO;
> 
> -//
> -// This is for full speed mode, all lanes have the same TXEQ setting -//
> +/**
> +  All Lanes PHY Configuration
> +
> +  This is for full speed mode, all lanes have the same TXEQ setting **/
>  typedef struct {
> -  UINT8  SocketID;
> -  UINT8  Freq;
> -  UINT32 Link;
> -  UINT32 AllLanesTXEQ;
> -  UINT8  CTLEPEAK;
> +  UINT8  SocketID;              ///< Socket ID
> +  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used
> for
> +  UINT32 Link;                  ///< Port Number
> +  UINT32 AllLanesTXEQ;          ///< TXEQ Setting
> +  UINT8  CTLEPEAK;              ///< CTLE Peaking Setting
>  } ALL_LANES_EPARAM_LINK_INFO;
> 
>  #define ADAPTIVE_CTLE 0x3f
> @@ -173,130 +176,141 @@ typedef struct {
>    KTI_CPU_PHY_SETTING   Phy[MAX_FW_KTI_PORTS];
>  } KTI_CPU_SETTING;
> 
> -//
> -// KTIRC input structure
> -//
> +/**
> +  KTIRC input structure
> +**/
>  typedef struct {
>    //
>    // Protocol layer and other general options; note that "Auto" is provided only
> options whose value will change depending
>    // on the topology, not for all options.
>    //
> 
> -  //
> -  // Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each
> CPU's IIO.
> -  // Value 0 indicates, that CPU is not relevant for the system. If resource is
> -  // requested for an CPU that is not currently populated, KTIRC will assume
> -  // that the ratio is 0 for that CPU and won't allocate any resources for it.
> -  // If resource is not requested for an CPU that is populated, KTIRC will force
> -  // the ratio for that CPU to 1.
> -  //
> -
> -
> +  /**
> +   Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's
> IIO.

Align indents for every lines in this blob.









> +    Value 0 indicates, that CPU is not relevant for the system. If resource is
> +    requested for an CPU that is not currently populated, KTIRC will assume

For 'a' CPU




> +    that the ratio is 0 for that CPU and won't allocate any resources for it.
> +    If resource is not requested for an CPU that is populated, KTIRC will force
> +    the ratio for that CPU to 1.
> +  **/
>    UINT8               BusRatio[MAX_SOCKET];
> 
> -  UINT8               D2KCreditConfig;             // 1 - Min, 2 - Med (Default), 3- Max
> -  UINT8               SnoopThrottleConfig;  // 0 - Disabled (Default), 1 - Min, 2 - Med,
> 3- Max
> -  UINT8               SnoopAllCores;        // 0 - Disabled, 1 - Enabled, 2 - Auto
> -  UINT8               LegacyVgaSoc;       // Socket that claims the legacy VGA range;
> valid values are 0-7; 0 is default.
> -  UINT8               LegacyVgaStack;     // Stack that claims the legacy VGA range;
> valid values are 0-3; 0 is default.
> -  UINT8               ColdResetRequestStart;
> -  UINT8               P2pRelaxedOrdering; // 0 - Disable(default) 1 - Enable
> -  UINT8               DebugPrintLevel;    // Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info
> Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
> -  UINT8               SncEn;              // 0 - Disable, (default) 1 - Enable
> -  UINT8               UmaClustering;      // 0 - Disable, 2 - 2Clusters UMA, 4 -
> 4Clusters UMA
> -  UINT8               IoDcMode;           // 0 - Disable IODC,  1 - AUTO (default), 2 -
> IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
> -                                          // 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 -
> IODC_EN_REM_INVITOM_AND_WCILF
> -  UINT8               DegradePrecedence;  // Use DEGRADE_PRECEDENCE definition;
> TOPOLOGY_PRECEDENCE is default
> -  UINT8               Degrade4SPreference;// 4S1LFullConnect topology is default;
> another option is 4S2LRing topology.
> -  UINT8               DirectoryModeEn;    // 0 - Disable; 1 - Enable (default)
> -  UINT8               XptPrefetchEn;      // Xpt Prefetch :  1 - Enable; 0 - Disable; 2 -
> Auto (default)
> -  UINT8               KtiPrefetchEn;      // Kti Prefetch :  1 - Enable; 0 - Disable; 2 -
> Auto (default)
> -  UINT8               XptRemotePrefetchEn;     // Xpt Remote Prefetch :  1 - Enable; 0
> - Disable; 2 - Auto (default)   (ICX only)
> -  UINT8               RdCurForXptPrefetchEn;   // RdCur for XPT Prefetch :  0 - Disable,
> 1 - Enable, 2- Auto (default)
> -  UINT8               KtiFpgaEnable[MAX_SOCKET];  // Indicate if should enable Fpga
> device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
> -  UINT8               DdrtQosMode;          // DDRT QoS Feature:  0 - Disable (default),
> 1 - M2M QoS Enable, Cha QoS Disable
> -                                            // 2 - M2M QoS Enable, Cha QoS Enable
> +  UINT8               D2KCreditConfig;                ///< 1 - Min, 2 - Med (Default), 3-
> Max
> +  UINT8               SnoopThrottleConfig;            ///< 0 - Disabled (Default), 1 - Min,
> 2 - Med, 3- Max
> +  UINT8               SnoopAllCores;                  ///< 0 - Disabled, 1 - Enabled, 2 - Auto
> +  UINT8               LegacyVgaSoc;                   ///< Socket that claims the legacy
> VGA range; valid values are 0-7; 0 is default.
> +  UINT8               LegacyVgaStack;                 ///< Stack that claims the legacy VGA
> range; valid values are 0-3; 0 is default.
> +  UINT8               ColdResetRequestStart;          ///< @deprecated Reserved.
> +  UINT8               P2pRelaxedOrdering;             ///< 0 - Disable(default) 1 - Enable
> +  UINT8               DebugPrintLevel;                ///< Bit 0 - Fatal, Bit1 - Warning, Bit2
> - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
> +  UINT8               SncEn;                          ///< 0 - Disable, (default) 1 - Enable
> +  UINT8               UmaClustering;                  ///< 0 - Disable, 2 - 2Clusters UMA, 4 -
> 4Clusters UMA
> +  UINT8               IoDcMode;                       ///< 0 - Disable IODC,  1 - AUTO
> (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 -
> IODC_EN_REM_INVITOM_ALLOCFLOW
> +                                                      ///< 4 -
> IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 -
> IODC_EN_REM_INVITOM_AND_WCILF
> +  UINT8               DegradePrecedence;              ///< Use DEGRADE_PRECEDENCE
> definition; TOPOLOGY_PRECEDENCE is default
> +  UINT8               Degrade4SPreference;            ///< 4S1LFullConnect topology is
> default; another option is 4S2LRing topology.
> +  UINT8               DirectoryModeEn;                ///< 0 - Disable; 1 - Enable (default)
> +  UINT8               XptPrefetchEn;                  ///< Xpt Prefetch :  1 - Enable; 0 -
> Disable; 2 - Auto (default)
> +  UINT8               KtiPrefetchEn;                  ///< Kti Prefetch :  1 - Enable; 0 -
> Disable; 2 - Auto (default)
> +  UINT8               XptRemotePrefetchEn;            ///< Xpt Remote Prefetch :  1 -
> Enable; 0 - Disable; 2 - Auto (default)   (ICX only)
> +  UINT8               RdCurForXptPrefetchEn;          ///< RdCur for XPT Prefetch :  0 -
> Disable, 1 - Enable, 2- Auto (default)
> +  UINT8               KtiFpgaEnable[MAX_SOCKET];      ///< Indicate if should enable
> Fpga device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
> +  UINT8               DdrtQosMode;                    ///< DDRT QoS Feature:  0 - Disable
> (default), 1 - M2M QoS Enable, Cha QoS Disable
> +                                                      ///< 2 - M2M QoS
> + Enable, Cha QoS Enable
> 
>    //
>    // Phy/Link Layer Options (System-wide and per socket)
>    //
> -  UINT8               KtiLinkSpeedMode;   // Link speed mode selection; 0 - Slow
> Speed; 1- Full Speed (default)
> -  UINT8               KtiLinkSpeed;       // Use KTI_LINKSPEED definition
> -  UINT8               KtiAdaptationEn;    // 0 - Disable, 1 - Enable
> -  UINT8               KtiAdaptationSpeed; // Use KTI_LINK_SPEED definition;
> MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
> -  UINT8               KtiLinkL0pEn;       // 0 - Disable, 1 - Enable, 2- Auto  (default)
> -  UINT8               KtiLinkL1En;        // 0 - Disable, 1 - Enable, 2- Auto  (default)
> -  UINT8               KtiFailoverEn;      // 0 - Disable, 1 - Enable, 2- Auto (default)
> -  UINT8               KtiLbEn;            // 0 - Disable(default), 1 - Enable
> -  UINT8               KtiCrcMode;         // CRC_MODE_16BIT,
> CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
> -
> -  UINT8               KtiCpuSktHotPlugEn;       // 0 - Disable (default), 1 - Enable
> -  UINT8               KtiCpuSktHotPlugTopology; // 0 - 4S Topology (default), 1 - 8S
> Topology
> -  UINT8               KtiSkuMismatchCheck;      // 0 - No, 1 - Yes (default)
> -  UINT8               IrqThreshold;             // IRQ Threshold setting
> -  UINT8               TorThresLoctoremNorm;     // TOR threshold - Loctorem
> threshold normal
> -  UINT8               TorThresLoctoremEmpty;    // TOR threshold - Loctorem
> threshold empty
> -  UINT8               MbeBwCal;                 // 0 - Linear, 1 - Biased, 2 - Legacy, 3 -
> AUTO (default = Linear)
> -  UINT8               TscSyncEn;                // TSC sync in sockets: 0 - Disable, 1 - Enable,
> 2 - AUTO (Default)
> -  UINT8               StaleAtoSOptEn;           // HA A to S directory optimization: 1 -
> Enable; 0 - Disable; 2 - Auto (Default)
> -  UINT8               LLCDeadLineAlloc;         // LLC dead line alloc: 1 -
> Enable(Default); 0 - Disable
> -  UINT8               SplitLock;
> -  UINT8               ColdResetRequestEnd;
> -
> -  //
> -  // Phy/Link Layer Options (per Port)
> -  //
> +  UINT8               KtiLinkSpeedMode;               ///< Link speed mode selection; 0 -
> Slow Speed; 1- Full Speed (default)
> +  UINT8               KtiLinkSpeed;                   ///< Use KTI_LINKSPEED definition
> +  UINT8               KtiAdaptationEn;                ///< 0 - Disable, 1 - Enable
> +  UINT8               KtiAdaptationSpeed;             ///< Use KTI_LINK_SPEED definition;
> MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
> +  UINT8               KtiLinkL0pEn;                   ///< 0 - Disable, 1 - Enable, 2- Auto
> (default)
> +  UINT8               KtiLinkL1En;                    ///< 0 - Disable, 1 - Enable, 2- Auto
> (default)
> +  UINT8               KtiFailoverEn;                  ///< 0 - Disable, 1 - Enable, 2- Auto
> (default)
> +  UINT8               KtiLbEn;                        ///< 0 - Disable(default), 1 - Enable
> +  UINT8               KtiCrcMode;                     ///< CRC_MODE_16BIT,
> CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
> +
> +  UINT8               KtiCpuSktHotPlugEn;             ///< 0 - Disable (default), 1 - Enable
> +  UINT8               KtiCpuSktHotPlugTopology;       ///< 0 - 4S Topology (default), 1
> - 8S Topology
> +  UINT8               KtiSkuMismatchCheck;            ///< 0 - No, 1 - Yes (default)
> +  UINT8               IrqThreshold;                   ///< IRQ Threshold setting
> +  UINT8               TorThresLoctoremNorm;           ///< TOR threshold - Loctorem
> threshold normal
> +  UINT8               TorThresLoctoremEmpty;          ///< TOR threshold - Loctorem
> threshold empty
> +  UINT8               MbeBwCal;                       ///< 0 - Linear, 1 - Biased, 2 - Legacy, 3
> - AUTO (default = Linear)
> +  UINT8               TscSyncEn;                      ///< TSC sync in sockets: 0 - Disable, 1 -
> Enable, 2 - AUTO (Default)
> +  UINT8               StaleAtoSOptEn;                 ///< HA A to S directory optimization:
> 1 - Enable; 0 - Disable; 2 - Auto (Default)
> +  UINT8               LLCDeadLineAlloc;               ///< LLC dead line alloc: 1 -
> Enable(Default); 0 - Disable
> +  UINT8               SplitLock;                      ///< @deprecated Reserved, must be set
> to 0.
> +  UINT8               ColdResetRequestEnd;            ///< @deprecated Reserved.
> +
> +  ///
> +  /// Phy/Link Layer Options (per Port)  ///
>    KTI_CPU_SETTING     PhyLinkPerPortSetting[MAX_SOCKET];
> 
> 
> -  UINT8               mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX,
> HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G,
> 4:2.25G, 5:3G, 6: Auto}
> -  UINT8               mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or
> 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
> -  UINT32              mmiolBase; ///< MMIOL Base address, must be 64MB aligned
> -  UINT32              mmiolSize; ///< MMIOL Size address
> -  UINT32              mmiohBase; ///< Address bits above 4GB, i,e, the hex value
> here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
> -  UINT8               CpuPaLimit; ///< Limits the max address to 46bits. This will take
> precedence over mmiohBase
> -  UINT8               lowGap;
> -  UINT8               highGap;
> -  UINT16              mmiohSize; ////<< Number of 1GB contiguous regions to be
> assigned for MMIOH space per CPU.  Range 1-1024
> -  UINT8               isocEn;    ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
> -  UINT8               dcaEn;     ///< 1 - Enable; 0 - Disable
> +  UINT8               mmCfgBase;                      ///< MMCFG Base address, must be
> 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G,
> 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
> +  UINT8               mmCfgSize;                      ///< MMCFG Size address, must be 64M,
> 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
> +  UINT32              mmiolBase;                      ///< MMIOL Base address, must be
> 64MB aligned
> +  UINT32              mmiolSize;                      ///< MMIOL Size address
> +  UINT32              mmiohBase;                      ///< Address bits above 4GB, i,e, the
> hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
> +  UINT8               CpuPaLimit;                     ///< Limits the max address to 46bits.
> This will take precedence over mmiohBase
> +  UINT8               lowGap;                         ///< @deprecated Reserved.
> +  UINT8               highGap;                        ///< @deprecated Reserved.
> +  UINT16              mmiohSize;                      ///< Number of 1GB contiguous
> regions to be assigned for MMIOH space per CPU.  Range 1-1024
> +  UINT8               isocEn;                         ///< 1 - Enable; 0 - Disable (BIOS will force
> this for 4S)
> +  UINT8               dcaEn;                          ///< 1 - Enable; 0 - Disable
> 
> -  /*
> +  /**
>    BoardTypeBitmask:
> -    Bits[3:0]   - Socket0
> -    Bits[7:4]   - Socket1
> -    Bits[11:8]  - Socket2
> -    Bits[15:12] - Socket3
> -    Bits[19:16] - Socket4
> -    Bits[23:20] - Socket5
> -    Bits[27:24] - Socket6
> -    Bits[31:28] - Socket7
> +  - Bits[3:0]   - Socket0
> +  - Bits[7:4]   - Socket1
> +  - Bits[11:8]  - Socket2
> +  - Bits[15:12] - Socket3
> +  - Bits[19:16] - Socket4
> +  - Bits[23:20] - Socket5
> +  - Bits[27:24] - Socket6
> +  - Bits[31:28] - Socket7
> 
>    Within each Socket-specific field, bits mean:
> -    Bit0 = CPU_TYPE_STD support; always 1 on Socket0
> -    Bit1 = CPU_TYPE_F support
> -    Bit2 = CPU_TYPE_P support
> -    Bit3 = reserved
> -  */
> +  - Bit0 = CPU_TYPE_STD support; always 1 on Socket0
> +  - Bit1 = CPU_TYPE_F support
> +  - Bit2 = CPU_TYPE_P support
> +  - Bit3 = reserved
> +  **/
>    UINT32              BoardTypeBitmask;
> -  UINT32              AllLanesPtr;
> -  UINT32              PerLanePtr;
> -  UINT32              AllLanesSizeOfTable;
> -  UINT32              PerLaneSizeOfTable;
> -  UINT32              WaitTimeForPSBP; // the wait time in units of 1000us for PBSP
> to check in.
> -  BOOLEAN             IsKtiNvramDataReady;
> -  UINT32              OemHookPostTopologyDiscovery;
> -  UINT32              OemGetResourceMapUpdate;
> -  UINT32              OemGetAdaptedEqSettings;
> -  UINT32              OemCheckCpuPartsChangeSwap;
> -
> -  BOOLEAN             WaSerializationEn;      // Enable BIOS serialization WA by
> PcdWaSerializationEn
> +  UINT32              AllLanesPtr;                    ///< Pointer to an array of
> ALL_LANES_EPARAM_LINK_INFO structures.
> +  UINT32              PerLanePtr;                     ///< Pointer to an array of
> PER_LANE_EPARAM_LINK_INFO structures.
> +  UINT32              AllLanesSizeOfTable;            ///< Number of elements in array
> pointed to by AllLanesPtr
> +  UINT32              PerLaneSizeOfTable;             ///< Number of elements in array
> pointed to by PerLanePtr
> +  UINT32              WaitTimeForPSBP;                ///< the wait time in units of
> 1000us for PBSP to check in.
> +  BOOLEAN             IsKtiNvramDataReady;            ///< Used internally, Reserved.
> +  UINT32              OemHookPostTopologyDiscovery;   ///<
> OEM_HOOK_POST_TOPOLOGY_DISCOVERY function pointer. Invoked at the end
> of topology discovery, used for error reporting.
> +  UINT32              OemGetResourceMapUpdate;        ///<
> OEM_GET_RESOURCE_MAP_UPDATE function pointer. Allows platform code to
> adjust the resource map.
> +  UINT32              OemGetAdaptedEqSettings;        ///< @deprecated Reserved,
> must be set to 0.
> +  UINT32              OemCheckCpuPartsChangeSwap;     ///< @deprecated
> Reserved, must be set to 0.
> +
> +  BOOLEAN             WaSerializationEn;              ///< Enable BIOS serialization WA
> by PcdWaSerializationEn
>    KTI_RESERVED_3      Reserved166;
>    KTI_RESERVED_4      Reserved167[MAX_SOCKET];
> -  UINT8               KtiInEnableMktme;       // 0 - Disabled; 1 - Enabled; MkTme
> status decides D2Kti feature state
> +  UINT8               KtiInEnableMktme;               ///< 0 - Disabled; 1 - Enabled;
> MkTme status decides D2Kti feature state
> +  /**
> +    Pointers to the location of the CFR/SINIT binaries.
> +
> +    Contains a pointer to a 24 byte fixed length array.
> +    The array contains the 3 instances of the following c-struct
> +    ~~~
> +    typedef struct {
> +      UINT32  CfrImagePtr;
> +      UINT32  CfrImageSize;
> +    }
> +    ~~~
> +    This allows a maximum of 3 CFR/SINIT binaries to be provided by platform
> code.
> +  **/
>    UINT32              CFRImagePtr;
> -  UINT8               S3mCFRCommit;           // 0 - Disable S3m CFR flow.    1 -
> Provision S3m CFR but not Commit.    2 - Provsion and Commit S3M CFR.
> -  UINT8               PucodeCFRCommit;        // 0 - Disable Pucode CFR flow. 1 -
> Provision Pucode CFR but not Commit. 2 - Provsion and Commit Pucode CFR.
> +  UINT8               S3mCFRCommit;                   ///< 0 - Disable S3m CFR flow.    1 -
> Provision S3m CFR but not Commit.    2 - Provision and Commit S3M CFR.
> +  UINT8               PucodeCFRCommit;                ///< 0 - Disable Pucode CFR flow. 1
> - Provision Pucode CFR but not Commit. 2 - Provision and Commit Pucode CFR.
>  } KTI_HOST_IN;
> 
>  #pragma pack()
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
> on.h
> b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
> on.h
> index f5861ccaf..0e10d0b8f 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
> on.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
> on.h
> @@ -23,6 +23,9 @@ extern EFI_GUID gFlashProtectionConfigGuid;
>  // ---------------------------- PCH General Config -------------------------------
>  //
> 
> +/**
> +  PCH General Configuration
> +**/
>  typedef struct {
>    /**
>      Subsystem Vendor ID and Subsystem ID of the PCH devices.
> @@ -775,6 +778,9 @@ typedef enum  {
>    PchHdaIDispMode1T = 1
>  } PCH_HDAUDIO_IDISP_TMODE;
> 
> +/**
> +  This structure contains the policies which are related to HD Audio device
> (cAVS).
> +**/
>  typedef struct {
>    /**
>      This member describes whether or not Intel HD Audio (Azalia) should be
> enabled.
> @@ -1674,6 +1680,9 @@ typedef struct {
>    UINT16                ProtectedRangeBase;
>  } PROTECTED_RANGE;
> 
> +/**
> +  PCH Flash Protection Configuration
> +**/
>  typedef struct {
>    PROTECTED_RANGE       ProtectRange[PCH_FLASH_PROTECTED_RANGES];
>  } PCH_FLASH_PROTECTION_CONFIG;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Inputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Inputs.h
> index 4c48ca19e..84197b8c8 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Inputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Inputs.h
> @@ -8,15 +8,15 @@
>  **/
> 
>  //
> -// TME
> +// TME (Total Memory Encryption)
>  //
> -UINT8  EnableTme;                      // TME Enable
> -UINT8  EnableTmeCR;                    // Exclude Crystal Ridge memory from
> encryption.
> +UINT8  EnableTme;                               ///< TME Enable
> +UINT8  EnableTmeCR;                             ///< TME for Optane Persistent Memory.
> Set to 0 exclude Optane from encryption.
> 
>  //
>  // MK-TME
>  //
> -UINT8  EnableMktme;                    // MK-TME Enable
> +UINT8  EnableMktme;                             ///< MK-TME Enable
> 
>  UINT8  ReservedS234;
>  UINT8  ReservedS235;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Outputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Outputs.h
> index 3a6262a65..201cdd9a9 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Outputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
> Tme1v0_Outputs.h
> @@ -10,9 +10,9 @@
>  //
>  // MK-TME
>  //
> -// NAK - Not a knob, used just for indication
> -UINT8  TmeCapability; // TME Capable
> -UINT8  TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
> -UINT8  MktmeCapability; // MK-TME Capable
> -UINT16 MktmeMaxKeys; // Max number of keys used for encryption
> -UINT8  MkTmeKeyIdBits; // Used to suppress setup menu key-splits
> \ No newline at end of file
> +// NAK (Not a knob) - Used just for indication
> +UINT8  TmeCapability;                           // NAK (Not a knob) - TME Capable
> +UINT8  TmeCrSupport;                            // NAK (Not a knob) - Flag used to check
> if Crystal Ridge is supported in UEFI
> +UINT8  MktmeCapability;                         // NAK (Not a knob) - MK-TME Capable
> +UINT16 MktmeMaxKeys;                            // NAK (Not a knob) - Max number of
> keys used for encryption
> +UINT8  MkTmeKeyIdBits;                          // NAK (Not a knob) - Used to suppress
> setup menu key-splits
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
> Tem1v0_Inputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
> Tem1v0_Inputs.h
> index 2deabd0b5..c46434392 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
> Tem1v0_Inputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
> Tem1v0_Inputs.h
> @@ -10,27 +10,30 @@
>  //
>  // SGX
>  //
> -UINT8  EnableSgx;
> -UINT8  SgxFactoryReset;                // Delete all registration data, if SGX enabled
> force IPE/FirstBinding flow
> -UINT64 PrmrrSize;                      // SGX PRMRR size
> +UINT8  EnableSgx;                               ///< Enable SGX
> +UINT8  SgxFactoryReset;                         ///< Delete all registration data, if SGX
> enabled force IPE/FirstBinding flow
> +UINT64 PrmrrSize;                               ///< SGX PRMRR size
>  UINT64 ReservedS239;
> -UINT8  SgxQoS;                         // SGX Quality of Service
> -UINT8  SgxAutoRegistrationAgent;
> -UINT8  SgxPackageInfoInBandAccess;     // Expose Package Info to OS
> -UINT8  EpochUpdate;
> -UINT64 SgxEpoch0;                      // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
> -UINT64 SgxEpoch1;                      // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
> -UINT8  SgxLeWr;                        // Flexible Launch Enclave Policy (Wr En)
> -UINT64 SgxLePubKeyHash0;               // Launch Enclave Hash 0
> -UINT64 SgxLePubKeyHash1;               // Launch Enclave Hash 1
> -UINT64 SgxLePubKeyHash2;               // Launch Enclave Hash 2
> -UINT64 SgxLePubKeyHash3;               // Launch Enclave Hash 3
> -// Client SGX - unused in server
> -UINT8  SgxSinitNvsData;                // SGX NVS data from Flash passed during
> previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
> -                                       // Pass value of zero if there is not data saved or when
> SGX is disabled.
> -UINT8  SgxSinitDataFromTpm;            // SGX SVN data from TPM; 0: when SGX is
> disabled or TPM is not present or no data
> -                                       // is present in TPM.
> -UINT8  SgxDebugMode;
> +UINT8  SgxQoS;                                  ///< SGX Quality of Service
> +UINT8  SgxAutoRegistrationAgent;                ///< SGX Auto Registration Agent
> +UINT8  SgxPackageInfoInBandAccess;              ///< SGX Expose Package Info to
> OS
> +UINT8  EpochUpdate;                             ///< SGX EPOCH Update
> +UINT64 SgxEpoch0;                               ///< SGX EPOCH0 value {0 -
> 0xFFFFFFFFFFFFFFFF}
> +UINT64 SgxEpoch1;                               ///< SGX EPOCH1 value {0 -
> 0xFFFFFFFFFFFFFFFF}
> +UINT8  SgxLeWr;                                 ///< Flexible Launch Enclave Policy (Wr En)
> +UINT64 SgxLePubKeyHash0;                        ///< Launch Enclave Hash 0
> +UINT64 SgxLePubKeyHash1;                        ///< Launch Enclave Hash 1
> +UINT64 SgxLePubKeyHash2;                        ///< Launch Enclave Hash 2
> +UINT64 SgxLePubKeyHash3;                        ///< Launch Enclave Hash 3
> +
> +//
> +// DEPRECATED
> +//
> +UINT8  SgxSinitNvsData;                         ///< @deprecated SGX NVS data from
> Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
> +                                                ///              Pass value of zero if there is not data
> saved or when SGX is disabled.
> +UINT8  SgxSinitDataFromTpm;                     ///< @deprecated SGX SVN data
> from TPM; 0: when SGX is disabled or TPM is not present or no data
> +                                                ///              is present in TPM.
> +UINT8  SgxDebugMode;                            ///< @deprecated
> 
>  UINT8  ReservedS240;
>  UINT8  ReservedS241;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
> 1v0_Inputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
> 1v0_Inputs.h
> index db5081c0a..79369f989 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
> 1v0_Inputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
> 1v0_Inputs.h
> @@ -7,7 +7,7 @@
>    SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> 
> -UINT8  EnableTdx; // TDX Enable
> -UINT8  KeySplit; // TDX/MK-TME key split
> +UINT8  EnableTdx;                               ///< TDX Enable
> +UINT8  KeySplit;                                ///< TDX/MK-TME key split
> 
>  UINT8  ReservedS245;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
> new file mode 100644
> index 000000000..0beb26704
> --- /dev/null
> +++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
> @@ -0,0 +1,29 @@
> +/** @file
> +  Provides data structure information used by ServerSecurity features in Mtkme
> etc.
> +
> +  @copyright
> +  Copyright 2018 - 2021 Intel Corporation. <BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#ifndef _SECURITY_POLICY_H_
> +#define _SECURITY_POLICY_H_
> +
> +extern EFI_GUID gSecurityPolicyDataGuid;
> +#include <Library/SecurityPolicyDefinitions.h>
> +
> +#pragma pack(1)
> +
> +/**
> +  Security Policy
> +**/
> +typedef struct {
> +  /**
> +   * Please put common definitions inside the SecurityPolicy_Flat.h *
> +  **/
> +  #include "SecurityPolicy_Flat.h"
> +} SECURITY_POLICY;
> +
> +#pragma pack()
> +#endif
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
> index ba62b8c3a..09dacdf62 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
> @@ -1,6 +1,6 @@
>  /** @file
>    Provides data structure information used by ServerSecurity features in literally
> all products
> -  Header is flat and injected directly in SecurityPolicy sructuture and
> SOCKET_PROCESSORCORE_CONFIGURATION.
> +  Header is flat and injected directly in SecurityPolicy structure and
> SOCKET_PROCESSORCORE_CONFIGURATION.
> 
>    @copyright
>    Copyright 2020 - 2021 Intel Corporation. <BR>
> @@ -8,7 +8,7 @@
>    SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> 
> -  // Header is flat and injected directly in SecurityPolicy sructuture and
> SOCKET_PROCESSORCORE_CONFIGURATION.
> +  // Header is flat and injected directly in SecurityPolicy structure and
> SOCKET_PROCESSORCORE_CONFIGURATION.
>    // Put common definitons here either directly or via intermediate header file..
> 
>  // SECURITY_IP_MKTME_1V0  MkTme;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefiniti
> ons.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefiniti
> ons.h
> new file mode 100644
> index 000000000..700f5abb4
> --- /dev/null
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefiniti
> ons.h
> @@ -0,0 +1,28 @@
> +/**@file
> +  @copyright
> +  Copyright 2020 - 2021 Intel Corporation. <BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#ifndef __SECURITY_POLICY_DEFINITIONS_H__
> +#define __SECURITY_POLICY_DEFINITIONS_H__
> +
> +//
> +// Security Policy definitions
> +//
> +
> +//
> +// Values for capable/incapable == supported/unsupported
> +//
> +#define SECURITY_POLICY_UNSUPPORTED                0
> +#define SECURITY_POLICY_SUPPORTED                  1
> +
> +//
> +// Values for enable/disable options
> +//
> +#define SECURITY_POLICY_DISABLE                    0
> +#define SECURITY_POLICY_ENABLE                     1
> +#define SECURITY_POLICY_AUTO                       2
> +
> +#endif
> --
> 2.27.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78003): https://edk2.groups.io/g/devel/message/78003
Mute This Topic: https://groups.io/mt/84342134/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-


Re: [edk2-devel] [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures
Posted by Nate DeSimone 2 years, 7 months ago
Hi Chasel,

Thank you for the feedback. I have resolved it before push.

Thanks,
Nate

-----Original Message-----
From: Chiu, Chasel <chasel.chiu@intel.com> 
Sent: Tuesday, July 20, 2021 9:07 PM
To: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; devel@edk2.groups.io
Cc: Oram, Isaac W <isaac.w.oram@intel.com>
Subject: RE: [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures


Hi Nate,

Just one small feedbacks inline, please check them.
With that resolved: Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
       
Thanks,
Chasel


> -----Original Message-----
> From: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>
> Sent: Wednesday, July 21, 2021 4:22 AM
> To: devel@edk2.groups.io
> Cc: Oram, Isaac W <isaac.w.oram@intel.com>; Chiu, Chasel 
> <chasel.chiu@intel.com>
> Subject: [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve 
> comments for silicon policy structures
> 
> Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Isaac Oram <isaac.w.oram@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> ---
>  .../Include/Ppi/RasImcS3Data.h                |   6 +
>  .../Include/Ppi/UpiPolicyPpi.h                |   5 +-
>  .../WhitleySiliconPkg/Include/Upi/KtiHost.h   | 250 +++++++++---------
>  .../SouthClusterLbg/Include/PchPolicyCommon.h |   9 +
>  .../SecurityIp/SecurityIpMkTme1v0_Inputs.h    |   8 +-
>  .../SecurityIp/SecurityIpMkTme1v0_Outputs.h   |  12 +-
>  .../SecurityIp/SecurityIpSgxTem1v0_Inputs.h   |  43 +--
>  .../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h |   4 +-
>  .../Security/Include/Guid/SecurityPolicy.h    |  29 ++
>  .../Include/Guid/SecurityPolicy_Flat.h        |   4 +-
>  .../Library/SecurityPolicyDefinitions.h       |  28 ++
>  11 files changed, 245 insertions(+), 153 deletions(-)  create mode 
> 100644 
> Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
>  create mode 100644
> Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolic
> yDefinition
> s.h
> 
> diff --git 
> a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> index 82725bc84..2198f8516 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> +++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
> @@ -44,7 +44,13 @@ EFI_STATUS
>    OUT       VOID                            *Data
>    );
> 
> +/**
> + RAS IMC S3 Data PPI
> +**/
>  struct _RAS_IMC_S3_DATA_PPI {
> +  /**
> +    Retrieves data for S3 saved memory RAS features from non-volatile storage.
> +  **/
>    RAS_IMC_S3_DATA_PPI_GET_IMC_S3_RAS_DATA  GetImcS3RasData;  };
> 
> diff --git 
> a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> index e355dcaba..503c5c0ae 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> +++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
> @@ -24,6 +24,9 @@
> 
>  typedef struct _UPI_POLICY_PPI UPI_POLICY_PPI;
> 
> +/**
> +  UPI Policy Structure
> +**/
>  struct _UPI_POLICY_PPI {
>    /**
>      This member specifies the revision of the UPI_POLICY_PPI. This 
> field is used to @@ -32,7 +35,7 @@ struct _UPI_POLICY_PPI {
>      to correctly interpret the content of the INTERFACE fields.
>    **/
>    UINT32        Revision;
> -  KTI_HOST_IN   Upi;
> +  KTI_HOST_IN   Upi;        ///< KTIRC input structure
>  };
> 
>  #endif  // _UPI_POLICY_PPI_H_
> diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> index cf558b3d3..e793cc647 100644
> --- a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> +++ b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
> @@ -99,28 +99,31 @@ typedef struct {
>    KTI_RESERVED_2  Phy[MAX_FW_KTI_PORTS];  } KTI_RESERVED_4;
> 
> -//
> -// PHY settings that are system dependent.   Need 1 of these for each
> socket/link/freq.
> -//
> +/**
> +  Per Lane PHY Configuration
> 
> +  These PHY settings are system dependent. Every socket/link/freq 
> + requires an
> instance of this structure.
> +**/
>  typedef struct {
> -  UINT8  SocketID;
> -  UINT8  AllLanesUseSameTxeq;
> -  UINT8  Freq;
> -  UINT32 Link;
> -  UINT32 TXEQL[20];
> -  UINT32 CTLEPEAK[5];
> +  UINT8  SocketID;              ///< Socket ID
> +  UINT8  AllLanesUseSameTxeq;   ///< Use same TXEQ on all lanes
> +  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used
> for
> +  UINT32 Link;                  ///< Port Number
> +  UINT32 TXEQL[20];             ///< TXEQ Settings
> +  UINT32 CTLEPEAK[5];           ///< CTLE Peaking Settings
>  } PER_LANE_EPARAM_LINK_INFO;
> 
> -//
> -// This is for full speed mode, all lanes have the same TXEQ setting 
> -//
> +/**
> +  All Lanes PHY Configuration
> +
> +  This is for full speed mode, all lanes have the same TXEQ setting 
> + **/
>  typedef struct {
> -  UINT8  SocketID;
> -  UINT8  Freq;
> -  UINT32 Link;
> -  UINT32 AllLanesTXEQ;
> -  UINT8  CTLEPEAK;
> +  UINT8  SocketID;              ///< Socket ID
> +  UINT8  Freq;                  ///< The Link Speed these TXEQ settings should be used
> for
> +  UINT32 Link;                  ///< Port Number
> +  UINT32 AllLanesTXEQ;          ///< TXEQ Setting
> +  UINT8  CTLEPEAK;              ///< CTLE Peaking Setting
>  } ALL_LANES_EPARAM_LINK_INFO;
> 
>  #define ADAPTIVE_CTLE 0x3f
> @@ -173,130 +176,141 @@ typedef struct {
>    KTI_CPU_PHY_SETTING   Phy[MAX_FW_KTI_PORTS];
>  } KTI_CPU_SETTING;
> 
> -//
> -// KTIRC input structure
> -//
> +/**
> +  KTIRC input structure
> +**/
>  typedef struct {
>    //
>    // Protocol layer and other general options; note that "Auto" is 
> provided only options whose value will change depending
>    // on the topology, not for all options.
>    //
> 
> -  //
> -  // Indicates the ratio of Bus/MMIOL/IO resource to be allocated for 
> each CPU's IIO.
> -  // Value 0 indicates, that CPU is not relevant for the system. If 
> resource is
> -  // requested for an CPU that is not currently populated, KTIRC will 
> assume
> -  // that the ratio is 0 for that CPU and won't allocate any resources for it.
> -  // If resource is not requested for an CPU that is populated, KTIRC 
> will force
> -  // the ratio for that CPU to 1.
> -  //
> -
> -
> +  /**
> +   Indicates the ratio of Bus/MMIOL/IO resource to be allocated for 
> + each CPU's
> IIO.

Align indents for every lines in this blob.









> +    Value 0 indicates, that CPU is not relevant for the system. If resource is
> +    requested for an CPU that is not currently populated, KTIRC will 
> + assume

For 'a' CPU




> +    that the ratio is 0 for that CPU and won't allocate any resources for it.
> +    If resource is not requested for an CPU that is populated, KTIRC will force
> +    the ratio for that CPU to 1.
> +  **/
>    UINT8               BusRatio[MAX_SOCKET];
> 
> -  UINT8               D2KCreditConfig;             // 1 - Min, 2 - Med (Default), 3- Max
> -  UINT8               SnoopThrottleConfig;  // 0 - Disabled (Default), 1 - Min, 2 - Med,
> 3- Max
> -  UINT8               SnoopAllCores;        // 0 - Disabled, 1 - Enabled, 2 - Auto
> -  UINT8               LegacyVgaSoc;       // Socket that claims the legacy VGA range;
> valid values are 0-7; 0 is default.
> -  UINT8               LegacyVgaStack;     // Stack that claims the legacy VGA range;
> valid values are 0-3; 0 is default.
> -  UINT8               ColdResetRequestStart;
> -  UINT8               P2pRelaxedOrdering; // 0 - Disable(default) 1 - Enable
> -  UINT8               DebugPrintLevel;    // Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info
> Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
> -  UINT8               SncEn;              // 0 - Disable, (default) 1 - Enable
> -  UINT8               UmaClustering;      // 0 - Disable, 2 - 2Clusters UMA, 4 -
> 4Clusters UMA
> -  UINT8               IoDcMode;           // 0 - Disable IODC,  1 - AUTO (default), 2 -
> IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
> -                                          // 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 -
> IODC_EN_REM_INVITOM_AND_WCILF
> -  UINT8               DegradePrecedence;  // Use DEGRADE_PRECEDENCE definition;
> TOPOLOGY_PRECEDENCE is default
> -  UINT8               Degrade4SPreference;// 4S1LFullConnect topology is default;
> another option is 4S2LRing topology.
> -  UINT8               DirectoryModeEn;    // 0 - Disable; 1 - Enable (default)
> -  UINT8               XptPrefetchEn;      // Xpt Prefetch :  1 - Enable; 0 - Disable; 2 -
> Auto (default)
> -  UINT8               KtiPrefetchEn;      // Kti Prefetch :  1 - Enable; 0 - Disable; 2 -
> Auto (default)
> -  UINT8               XptRemotePrefetchEn;     // Xpt Remote Prefetch :  1 - Enable; 0
> - Disable; 2 - Auto (default)   (ICX only)
> -  UINT8               RdCurForXptPrefetchEn;   // RdCur for XPT Prefetch :  0 - Disable,
> 1 - Enable, 2- Auto (default)
> -  UINT8               KtiFpgaEnable[MAX_SOCKET];  // Indicate if should enable Fpga
> device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
> -  UINT8               DdrtQosMode;          // DDRT QoS Feature:  0 - Disable (default),
> 1 - M2M QoS Enable, Cha QoS Disable
> -                                            // 2 - M2M QoS Enable, Cha QoS Enable
> +  UINT8               D2KCreditConfig;                ///< 1 - Min, 2 - Med (Default), 3-
> Max
> +  UINT8               SnoopThrottleConfig;            ///< 0 - Disabled (Default), 1 - Min,
> 2 - Med, 3- Max
> +  UINT8               SnoopAllCores;                  ///< 0 - Disabled, 1 - Enabled, 2 - Auto
> +  UINT8               LegacyVgaSoc;                   ///< Socket that claims the legacy
> VGA range; valid values are 0-7; 0 is default.
> +  UINT8               LegacyVgaStack;                 ///< Stack that claims the legacy VGA
> range; valid values are 0-3; 0 is default.
> +  UINT8               ColdResetRequestStart;          ///< @deprecated Reserved.
> +  UINT8               P2pRelaxedOrdering;             ///< 0 - Disable(default) 1 - Enable
> +  UINT8               DebugPrintLevel;                ///< Bit 0 - Fatal, Bit1 - Warning, Bit2
> - Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
> +  UINT8               SncEn;                          ///< 0 - Disable, (default) 1 - Enable
> +  UINT8               UmaClustering;                  ///< 0 - Disable, 2 - 2Clusters UMA, 4 -
> 4Clusters UMA
> +  UINT8               IoDcMode;                       ///< 0 - Disable IODC,  1 - AUTO
> (default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 - 
> IODC_EN_REM_INVITOM_ALLOCFLOW
> +                                                      ///< 4 -
> IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 - IODC_EN_REM_INVITOM_AND_WCILF
> +  UINT8               DegradePrecedence;              ///< Use DEGRADE_PRECEDENCE
> definition; TOPOLOGY_PRECEDENCE is default
> +  UINT8               Degrade4SPreference;            ///< 4S1LFullConnect topology is
> default; another option is 4S2LRing topology.
> +  UINT8               DirectoryModeEn;                ///< 0 - Disable; 1 - Enable (default)
> +  UINT8               XptPrefetchEn;                  ///< Xpt Prefetch :  1 - Enable; 0 -
> Disable; 2 - Auto (default)
> +  UINT8               KtiPrefetchEn;                  ///< Kti Prefetch :  1 - Enable; 0 -
> Disable; 2 - Auto (default)
> +  UINT8               XptRemotePrefetchEn;            ///< Xpt Remote Prefetch :  1 -
> Enable; 0 - Disable; 2 - Auto (default)   (ICX only)
> +  UINT8               RdCurForXptPrefetchEn;          ///< RdCur for XPT Prefetch :  0 -
> Disable, 1 - Enable, 2- Auto (default)
> +  UINT8               KtiFpgaEnable[MAX_SOCKET];      ///< Indicate if should enable
> Fpga device found in this socket :  0 - Disable, 1 - Enable, 2- Auto
> +  UINT8               DdrtQosMode;                    ///< DDRT QoS Feature:  0 - Disable
> (default), 1 - M2M QoS Enable, Cha QoS Disable
> +                                                      ///< 2 - M2M 
> + QoS Enable, Cha QoS Enable
> 
>    //
>    // Phy/Link Layer Options (System-wide and per socket)
>    //
> -  UINT8               KtiLinkSpeedMode;   // Link speed mode selection; 0 - Slow
> Speed; 1- Full Speed (default)
> -  UINT8               KtiLinkSpeed;       // Use KTI_LINKSPEED definition
> -  UINT8               KtiAdaptationEn;    // 0 - Disable, 1 - Enable
> -  UINT8               KtiAdaptationSpeed; // Use KTI_LINK_SPEED definition;
> MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
> -  UINT8               KtiLinkL0pEn;       // 0 - Disable, 1 - Enable, 2- Auto  (default)
> -  UINT8               KtiLinkL1En;        // 0 - Disable, 1 - Enable, 2- Auto  (default)
> -  UINT8               KtiFailoverEn;      // 0 - Disable, 1 - Enable, 2- Auto (default)
> -  UINT8               KtiLbEn;            // 0 - Disable(default), 1 - Enable
> -  UINT8               KtiCrcMode;         // CRC_MODE_16BIT,
> CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
> -
> -  UINT8               KtiCpuSktHotPlugEn;       // 0 - Disable (default), 1 - Enable
> -  UINT8               KtiCpuSktHotPlugTopology; // 0 - 4S Topology (default), 1 - 8S
> Topology
> -  UINT8               KtiSkuMismatchCheck;      // 0 - No, 1 - Yes (default)
> -  UINT8               IrqThreshold;             // IRQ Threshold setting
> -  UINT8               TorThresLoctoremNorm;     // TOR threshold - Loctorem
> threshold normal
> -  UINT8               TorThresLoctoremEmpty;    // TOR threshold - Loctorem
> threshold empty
> -  UINT8               MbeBwCal;                 // 0 - Linear, 1 - Biased, 2 - Legacy, 3 -
> AUTO (default = Linear)
> -  UINT8               TscSyncEn;                // TSC sync in sockets: 0 - Disable, 1 - Enable,
> 2 - AUTO (Default)
> -  UINT8               StaleAtoSOptEn;           // HA A to S directory optimization: 1 -
> Enable; 0 - Disable; 2 - Auto (Default)
> -  UINT8               LLCDeadLineAlloc;         // LLC dead line alloc: 1 -
> Enable(Default); 0 - Disable
> -  UINT8               SplitLock;
> -  UINT8               ColdResetRequestEnd;
> -
> -  //
> -  // Phy/Link Layer Options (per Port)
> -  //
> +  UINT8               KtiLinkSpeedMode;               ///< Link speed mode selection; 0 -
> Slow Speed; 1- Full Speed (default)
> +  UINT8               KtiLinkSpeed;                   ///< Use KTI_LINKSPEED definition
> +  UINT8               KtiAdaptationEn;                ///< 0 - Disable, 1 - Enable
> +  UINT8               KtiAdaptationSpeed;             ///< Use KTI_LINK_SPEED definition;
> MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
> +  UINT8               KtiLinkL0pEn;                   ///< 0 - Disable, 1 - Enable, 2- Auto
> (default)
> +  UINT8               KtiLinkL1En;                    ///< 0 - Disable, 1 - Enable, 2- Auto
> (default)
> +  UINT8               KtiFailoverEn;                  ///< 0 - Disable, 1 - Enable, 2- Auto
> (default)
> +  UINT8               KtiLbEn;                        ///< 0 - Disable(default), 1 - Enable
> +  UINT8               KtiCrcMode;                     ///< CRC_MODE_16BIT,
> CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
> +
> +  UINT8               KtiCpuSktHotPlugEn;             ///< 0 - Disable (default), 1 - Enable
> +  UINT8               KtiCpuSktHotPlugTopology;       ///< 0 - 4S Topology (default), 1
> - 8S Topology
> +  UINT8               KtiSkuMismatchCheck;            ///< 0 - No, 1 - Yes (default)
> +  UINT8               IrqThreshold;                   ///< IRQ Threshold setting
> +  UINT8               TorThresLoctoremNorm;           ///< TOR threshold - Loctorem
> threshold normal
> +  UINT8               TorThresLoctoremEmpty;          ///< TOR threshold - Loctorem
> threshold empty
> +  UINT8               MbeBwCal;                       ///< 0 - Linear, 1 - Biased, 2 - Legacy, 3
> - AUTO (default = Linear)
> +  UINT8               TscSyncEn;                      ///< TSC sync in sockets: 0 - Disable, 1 -
> Enable, 2 - AUTO (Default)
> +  UINT8               StaleAtoSOptEn;                 ///< HA A to S directory optimization:
> 1 - Enable; 0 - Disable; 2 - Auto (Default)
> +  UINT8               LLCDeadLineAlloc;               ///< LLC dead line alloc: 1 -
> Enable(Default); 0 - Disable
> +  UINT8               SplitLock;                      ///< @deprecated Reserved, must be set
> to 0.
> +  UINT8               ColdResetRequestEnd;            ///< @deprecated Reserved.
> +
> +  ///
> +  /// Phy/Link Layer Options (per Port)  ///
>    KTI_CPU_SETTING     PhyLinkPerPortSetting[MAX_SOCKET];
> 
> 
> -  UINT8               mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX,
> HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 
> 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
> -  UINT8               mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or
> 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
> -  UINT32              mmiolBase; ///< MMIOL Base address, must be 64MB aligned
> -  UINT32              mmiolSize; ///< MMIOL Size address
> -  UINT32              mmiohBase; ///< Address bits above 4GB, i,e, the hex value
> here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
> -  UINT8               CpuPaLimit; ///< Limits the max address to 46bits. This will take
> precedence over mmiohBase
> -  UINT8               lowGap;
> -  UINT8               highGap;
> -  UINT16              mmiohSize; ////<< Number of 1GB contiguous regions to be
> assigned for MMIOH space per CPU.  Range 1-1024
> -  UINT8               isocEn;    ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
> -  UINT8               dcaEn;     ///< 1 - Enable; 0 - Disable
> +  UINT8               mmCfgBase;                      ///< MMCFG Base address, must be
> 64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 
> 1:1.5G, 2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
> +  UINT8               mmCfgSize;                      ///< MMCFG Size address, must be 64M,
> 128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: 
> Auto}
> +  UINT32              mmiolBase;                      ///< MMIOL Base address, must be
> 64MB aligned
> +  UINT32              mmiolSize;                      ///< MMIOL Size address
> +  UINT32              mmiohBase;                      ///< Address bits above 4GB, i,e, the
> hex value here is address Bit[45:32] for SKX family, Bit[51:32] for 
> ICX-SP
> +  UINT8               CpuPaLimit;                     ///< Limits the max address to 46bits.
> This will take precedence over mmiohBase
> +  UINT8               lowGap;                         ///< @deprecated Reserved.
> +  UINT8               highGap;                        ///< @deprecated Reserved.
> +  UINT16              mmiohSize;                      ///< Number of 1GB contiguous
> regions to be assigned for MMIOH space per CPU.  Range 1-1024
> +  UINT8               isocEn;                         ///< 1 - Enable; 0 - Disable (BIOS will force
> this for 4S)
> +  UINT8               dcaEn;                          ///< 1 - Enable; 0 - Disable
> 
> -  /*
> +  /**
>    BoardTypeBitmask:
> -    Bits[3:0]   - Socket0
> -    Bits[7:4]   - Socket1
> -    Bits[11:8]  - Socket2
> -    Bits[15:12] - Socket3
> -    Bits[19:16] - Socket4
> -    Bits[23:20] - Socket5
> -    Bits[27:24] - Socket6
> -    Bits[31:28] - Socket7
> +  - Bits[3:0]   - Socket0
> +  - Bits[7:4]   - Socket1
> +  - Bits[11:8]  - Socket2
> +  - Bits[15:12] - Socket3
> +  - Bits[19:16] - Socket4
> +  - Bits[23:20] - Socket5
> +  - Bits[27:24] - Socket6
> +  - Bits[31:28] - Socket7
> 
>    Within each Socket-specific field, bits mean:
> -    Bit0 = CPU_TYPE_STD support; always 1 on Socket0
> -    Bit1 = CPU_TYPE_F support
> -    Bit2 = CPU_TYPE_P support
> -    Bit3 = reserved
> -  */
> +  - Bit0 = CPU_TYPE_STD support; always 1 on Socket0
> +  - Bit1 = CPU_TYPE_F support
> +  - Bit2 = CPU_TYPE_P support
> +  - Bit3 = reserved
> +  **/
>    UINT32              BoardTypeBitmask;
> -  UINT32              AllLanesPtr;
> -  UINT32              PerLanePtr;
> -  UINT32              AllLanesSizeOfTable;
> -  UINT32              PerLaneSizeOfTable;
> -  UINT32              WaitTimeForPSBP; // the wait time in units of 1000us for PBSP
> to check in.
> -  BOOLEAN             IsKtiNvramDataReady;
> -  UINT32              OemHookPostTopologyDiscovery;
> -  UINT32              OemGetResourceMapUpdate;
> -  UINT32              OemGetAdaptedEqSettings;
> -  UINT32              OemCheckCpuPartsChangeSwap;
> -
> -  BOOLEAN             WaSerializationEn;      // Enable BIOS serialization WA by
> PcdWaSerializationEn
> +  UINT32              AllLanesPtr;                    ///< Pointer to an array of
> ALL_LANES_EPARAM_LINK_INFO structures.
> +  UINT32              PerLanePtr;                     ///< Pointer to an array of
> PER_LANE_EPARAM_LINK_INFO structures.
> +  UINT32              AllLanesSizeOfTable;            ///< Number of elements in array
> pointed to by AllLanesPtr
> +  UINT32              PerLaneSizeOfTable;             ///< Number of elements in array
> pointed to by PerLanePtr
> +  UINT32              WaitTimeForPSBP;                ///< the wait time in units of
> 1000us for PBSP to check in.
> +  BOOLEAN             IsKtiNvramDataReady;            ///< Used internally, Reserved.
> +  UINT32              OemHookPostTopologyDiscovery;   ///<
> OEM_HOOK_POST_TOPOLOGY_DISCOVERY function pointer. Invoked at the end 
> of topology discovery, used for error reporting.
> +  UINT32              OemGetResourceMapUpdate;        ///<
> OEM_GET_RESOURCE_MAP_UPDATE function pointer. Allows platform code to 
> adjust the resource map.
> +  UINT32              OemGetAdaptedEqSettings;        ///< @deprecated Reserved,
> must be set to 0.
> +  UINT32              OemCheckCpuPartsChangeSwap;     ///< @deprecated
> Reserved, must be set to 0.
> +
> +  BOOLEAN             WaSerializationEn;              ///< Enable BIOS serialization WA
> by PcdWaSerializationEn
>    KTI_RESERVED_3      Reserved166;
>    KTI_RESERVED_4      Reserved167[MAX_SOCKET];
> -  UINT8               KtiInEnableMktme;       // 0 - Disabled; 1 - Enabled; MkTme
> status decides D2Kti feature state
> +  UINT8               KtiInEnableMktme;               ///< 0 - Disabled; 1 - Enabled;
> MkTme status decides D2Kti feature state
> +  /**
> +    Pointers to the location of the CFR/SINIT binaries.
> +
> +    Contains a pointer to a 24 byte fixed length array.
> +    The array contains the 3 instances of the following c-struct
> +    ~~~
> +    typedef struct {
> +      UINT32  CfrImagePtr;
> +      UINT32  CfrImageSize;
> +    }
> +    ~~~
> +    This allows a maximum of 3 CFR/SINIT binaries to be provided by 
> + platform
> code.
> +  **/
>    UINT32              CFRImagePtr;
> -  UINT8               S3mCFRCommit;           // 0 - Disable S3m CFR flow.    1 -
> Provision S3m CFR but not Commit.    2 - Provsion and Commit S3M CFR.
> -  UINT8               PucodeCFRCommit;        // 0 - Disable Pucode CFR flow. 1 -
> Provision Pucode CFR but not Commit. 2 - Provsion and Commit Pucode CFR.
> +  UINT8               S3mCFRCommit;                   ///< 0 - Disable S3m CFR flow.    1 -
> Provision S3m CFR but not Commit.    2 - Provision and Commit S3M CFR.
> +  UINT8               PucodeCFRCommit;                ///< 0 - Disable Pucode CFR flow. 1
> - Provision Pucode CFR but not Commit. 2 - Provision and Commit Pucode CFR.
>  } KTI_HOST_IN;
> 
>  #pragma pack()
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolic
> yComm
> on.h
> b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolic
> yComm
> on.h
> index f5861ccaf..0e10d0b8f 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolic
> yComm
> on.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolic
> yComm
> on.h
> @@ -23,6 +23,9 @@ extern EFI_GUID gFlashProtectionConfigGuid;  // 
> ---------------------------- PCH General Config 
> -------------------------------  //
> 
> +/**
> +  PCH General Configuration
> +**/
>  typedef struct {
>    /**
>      Subsystem Vendor ID and Subsystem ID of the PCH devices.
> @@ -775,6 +778,9 @@ typedef enum  {
>    PchHdaIDispMode1T = 1
>  } PCH_HDAUDIO_IDISP_TMODE;
> 
> +/**
> +  This structure contains the policies which are related to HD Audio 
> +device
> (cAVS).
> +**/
>  typedef struct {
>    /**
>      This member describes whether or not Intel HD Audio (Azalia) 
> should be enabled.
> @@ -1674,6 +1680,9 @@ typedef struct {
>    UINT16                ProtectedRangeBase;
>  } PROTECTED_RANGE;
> 
> +/**
> +  PCH Flash Protection Configuration
> +**/
>  typedef struct {
>    PROTECTED_RANGE       ProtectRange[PCH_FLASH_PROTECTED_RANGES];
>  } PCH_FLASH_PROTECTION_CONFIG;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Inputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Inputs.h
> index 4c48ca19e..84197b8c8 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Inputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Inputs.h
> @@ -8,15 +8,15 @@
>  **/
> 
>  //
> -// TME
> +// TME (Total Memory Encryption)
>  //
> -UINT8  EnableTme;                      // TME Enable
> -UINT8  EnableTmeCR;                    // Exclude Crystal Ridge memory from
> encryption.
> +UINT8  EnableTme;                               ///< TME Enable
> +UINT8  EnableTmeCR;                             ///< TME for Optane Persistent Memory.
> Set to 0 exclude Optane from encryption.
> 
>  //
>  // MK-TME
>  //
> -UINT8  EnableMktme;                    // MK-TME Enable
> +UINT8  EnableMktme;                             ///< MK-TME Enable
> 
>  UINT8  ReservedS234;
>  UINT8  ReservedS235;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Outputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Outputs.h
> index 3a6262a65..201cdd9a9 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Outputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpMk
> Tme1v0_Outputs.h
> @@ -10,9 +10,9 @@
>  //
>  // MK-TME
>  //
> -// NAK - Not a knob, used just for indication
> -UINT8  TmeCapability; // TME Capable
> -UINT8  TmeCrSupport; // Flag used to check if Crystal Ridge is 
> supported in UEFI
> -UINT8  MktmeCapability; // MK-TME Capable
> -UINT16 MktmeMaxKeys; // Max number of keys used for encryption
> -UINT8  MkTmeKeyIdBits; // Used to suppress setup menu key-splits \ No 
> newline at end of file
> +// NAK (Not a knob) - Used just for indication
> +UINT8  TmeCapability;                           // NAK (Not a knob) - TME Capable
> +UINT8  TmeCrSupport;                            // NAK (Not a knob) - Flag used to check
> if Crystal Ridge is supported in UEFI
> +UINT8  MktmeCapability;                         // NAK (Not a knob) - MK-TME Capable
> +UINT16 MktmeMaxKeys;                            // NAK (Not a knob) - Max number of
> keys used for encryption
> +UINT8  MkTmeKeyIdBits;                          // NAK (Not a knob) - Used to suppress
> setup menu key-splits
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpSgx
> Tem1v0_Inputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpSgx
> Tem1v0_Inputs.h
> index 2deabd0b5..c46434392 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpSgx
> Tem1v0_Inputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpSgx
> Tem1v0_Inputs.h
> @@ -10,27 +10,30 @@
>  //
>  // SGX
>  //
> -UINT8  EnableSgx;
> -UINT8  SgxFactoryReset;                // Delete all registration data, if SGX enabled
> force IPE/FirstBinding flow
> -UINT64 PrmrrSize;                      // SGX PRMRR size
> +UINT8  EnableSgx;                               ///< Enable SGX
> +UINT8  SgxFactoryReset;                         ///< Delete all registration data, if SGX
> enabled force IPE/FirstBinding flow
> +UINT64 PrmrrSize;                               ///< SGX PRMRR size
>  UINT64 ReservedS239;
> -UINT8  SgxQoS;                         // SGX Quality of Service
> -UINT8  SgxAutoRegistrationAgent;
> -UINT8  SgxPackageInfoInBandAccess;     // Expose Package Info to OS
> -UINT8  EpochUpdate;
> -UINT64 SgxEpoch0;                      // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
> -UINT64 SgxEpoch1;                      // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
> -UINT8  SgxLeWr;                        // Flexible Launch Enclave Policy (Wr En)
> -UINT64 SgxLePubKeyHash0;               // Launch Enclave Hash 0
> -UINT64 SgxLePubKeyHash1;               // Launch Enclave Hash 1
> -UINT64 SgxLePubKeyHash2;               // Launch Enclave Hash 2
> -UINT64 SgxLePubKeyHash3;               // Launch Enclave Hash 3
> -// Client SGX - unused in server
> -UINT8  SgxSinitNvsData;                // SGX NVS data from Flash passed during
> previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
> -                                       // Pass value of zero if there is not data saved or when
> SGX is disabled.
> -UINT8  SgxSinitDataFromTpm;            // SGX SVN data from TPM; 0: when SGX is
> disabled or TPM is not present or no data
> -                                       // is present in TPM.
> -UINT8  SgxDebugMode;
> +UINT8  SgxQoS;                                  ///< SGX Quality of Service
> +UINT8  SgxAutoRegistrationAgent;                ///< SGX Auto Registration Agent
> +UINT8  SgxPackageInfoInBandAccess;              ///< SGX Expose Package Info to
> OS
> +UINT8  EpochUpdate;                             ///< SGX EPOCH Update
> +UINT64 SgxEpoch0;                               ///< SGX EPOCH0 value {0 -
> 0xFFFFFFFFFFFFFFFF}
> +UINT64 SgxEpoch1;                               ///< SGX EPOCH1 value {0 -
> 0xFFFFFFFFFFFFFFFF}
> +UINT8  SgxLeWr;                                 ///< Flexible Launch Enclave Policy (Wr En)
> +UINT64 SgxLePubKeyHash0;                        ///< Launch Enclave Hash 0
> +UINT64 SgxLePubKeyHash1;                        ///< Launch Enclave Hash 1
> +UINT64 SgxLePubKeyHash2;                        ///< Launch Enclave Hash 2
> +UINT64 SgxLePubKeyHash3;                        ///< Launch Enclave Hash 3
> +
> +//
> +// DEPRECATED
> +//
> +UINT8  SgxSinitNvsData;                         ///< @deprecated SGX NVS data from
> Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
> +                                                ///              Pass value of zero if there is not data
> saved or when SGX is disabled.
> +UINT8  SgxSinitDataFromTpm;                     ///< @deprecated SGX SVN data
> from TPM; 0: when SGX is disabled or TPM is not present or no data
> +                                                ///              is present in TPM.
> +UINT8  SgxDebugMode;                            ///< @deprecated
> 
>  UINT8  ReservedS240;
>  UINT8  ReservedS241;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpTdx
> 1v0_Inputs.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpTdx
> 1v0_Inputs.h
> index db5081c0a..79369f989 100644
> ---
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpTdx
> 1v0_Inputs.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/Sec
> urityIpTdx
> 1v0_Inputs.h
> @@ -7,7 +7,7 @@
>    SPDX-License-Identifier: BSD-2-Clause-Patent  **/
> 
> -UINT8  EnableTdx; // TDX Enable
> -UINT8  KeySplit; // TDX/MK-TME key split
> +UINT8  EnableTdx;                               ///< TDX Enable
> +UINT8  KeySplit;                                ///< TDX/MK-TME key split
> 
>  UINT8  ReservedS245;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy
> .h 
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy
> .h
> new file mode 100644
> index 000000000..0beb26704
> --- /dev/null
> +++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPo
> +++ licy.h
> @@ -0,0 +1,29 @@
> +/** @file
> +  Provides data structure information used by ServerSecurity features 
> +in Mtkme
> etc.
> +
> +  @copyright
> +  Copyright 2018 - 2021 Intel Corporation. <BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent **/
> +
> +#ifndef _SECURITY_POLICY_H_
> +#define _SECURITY_POLICY_H_
> +
> +extern EFI_GUID gSecurityPolicyDataGuid; #include 
> +<Library/SecurityPolicyDefinitions.h>
> +
> +#pragma pack(1)
> +
> +/**
> +  Security Policy
> +**/
> +typedef struct {
> +  /**
> +   * Please put common definitions inside the SecurityPolicy_Flat.h *
> +  **/
> +  #include "SecurityPolicy_Flat.h"
> +} SECURITY_POLICY;
> +
> +#pragma pack()
> +#endif
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy
> _Flat.h 
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy
> _Flat.h
> index ba62b8c3a..09dacdf62 100644
> --- 
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy
> _Flat.h
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy
> _Flat.h
> @@ -1,6 +1,6 @@
>  /** @file
>    Provides data structure information used by ServerSecurity features 
> in literally all products
> -  Header is flat and injected directly in SecurityPolicy sructuture 
> and SOCKET_PROCESSORCORE_CONFIGURATION.
> +  Header is flat and injected directly in SecurityPolicy structure 
> + and
> SOCKET_PROCESSORCORE_CONFIGURATION.
> 
>    @copyright
>    Copyright 2020 - 2021 Intel Corporation. <BR> @@ -8,7 +8,7 @@
>    SPDX-License-Identifier: BSD-2-Clause-Patent  **/
> 
> -  // Header is flat and injected directly in SecurityPolicy 
> sructuture and SOCKET_PROCESSORCORE_CONFIGURATION.
> +  // Header is flat and injected directly in SecurityPolicy structure 
> + and
> SOCKET_PROCESSORCORE_CONFIGURATION.
>    // Put common definitons here either directly or via intermediate header file..
> 
>  // SECURITY_IP_MKTME_1V0  MkTme;
> diff --git
> a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPol
> icyDefiniti
> ons.h
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPol
> icyDefiniti
> ons.h
> new file mode 100644
> index 000000000..700f5abb4
> --- /dev/null
> +++
> b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPol
> icyDefiniti
> ons.h
> @@ -0,0 +1,28 @@
> +/**@file
> +  @copyright
> +  Copyright 2020 - 2021 Intel Corporation. <BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent **/
> +
> +#ifndef __SECURITY_POLICY_DEFINITIONS_H__ #define 
> +__SECURITY_POLICY_DEFINITIONS_H__
> +
> +//
> +// Security Policy definitions
> +//
> +
> +//
> +// Values for capable/incapable == supported/unsupported //
> +#define SECURITY_POLICY_UNSUPPORTED                0
> +#define SECURITY_POLICY_SUPPORTED                  1
> +
> +//
> +// Values for enable/disable options
> +//
> +#define SECURITY_POLICY_DISABLE                    0
> +#define SECURITY_POLICY_ENABLE                     1
> +#define SECURITY_POLICY_AUTO                       2
> +
> +#endif
> --
> 2.27.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79126): https://edk2.groups.io/g/devel/message/79126
Mute This Topic: https://groups.io/mt/84342134/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-