@@ -13,6 +13,8 @@ SPDM Requester and consumed by a Verifier while all agents are operating in prod
1313particular, a production Verifier may only support a measurement report of this type and can point
1414to this document to advertise that restriction to other agents.
1515
16+ There are 2 types of Standard Measurement Report. A verifier may choose to support both or one of them.
17+
1618## Standard All-Measurements Report Definition
1719
1820The standard all-measurements report is a byte buffer that consists of the L1/L2 transcript along with
@@ -56,3 +58,82 @@ are evaluated by the Verifier while the Responder is in production.
5658
5759Presumably the Verifier evaluates the current state of the Responder and not its future state. As
5860such ` NewMeasurementRequested ` is not set.
61+
62+ ## Standard One-by-One-Measurements Report Definition
63+
64+ The standard one-by-one-measurements report is a byte buffer that consists of the L1/L2 transcript along with
65+ the signature over the transcript if the Responder supports signing. It is comprised of multiple
66+ ` GET_MEASUREMENTS ` requests and multiple ` MEASUREMENTS ` responses.
67+
68+ For SPDM 1.0 and 1.1, the byte buffer is {` GET_MEASUREMENTS ` (0), ` MEASUREMENTS ` (0),
69+ ` GET_MEASUREMENTS ` (1), ` MEASUREMENTS ` (1), ..., ` GET_MEASUREMENTS ` (n), ` MEASUREMENTS ` (n)}.
70+ For SPDM 1.2 and later, the byte buffer is {` VCA ` , ` GET_MEASUREMENTS ` (0), ` MEASUREMENTS ` (0),
71+ ` GET_MEASUREMENTS ` (1), ` MEASUREMENTS ` (1), ..., ` GET_MEASUREMENTS ` (n), ` MEASUREMENTS ` (n)}.
72+
73+ The ` GET_MEASUREMENTS ` (0) request has the following properties:
74+ * ` Param2 = 0x00 `
75+ * Total number of measurement blocks is requested.
76+ * Assuming that the Responder returns ` n ` measurement blocks in ` MEASUREMENTS ` (0).
77+ * ` SignatureRequested ` is not set.
78+ * For SPDM 1.2 and later, ` RawBitStreamRequested ` is not set.
79+ * For SPDM 1.3 and later, ` NewMeasurementRequested ` is not set.
80+
81+ The ` GET_MEASUREMENTS ` (1) to ` GET_MEASUREMENTS ` (n) request has the following properties:
82+ * ` Param2 `
83+ * The requested measurement index. It must be between 0x1 and 0xFE, inclusive and incremental.
84+ * Only successful ` GET_MEASUREMENTS ` (x) and ` MEASUREMENTS ` (x) are recorded in the measurement report.
85+ * ` SignatureRequested `
86+ * For ` GET_MEASUREMENTS ` (1), ..., and ` GET_MEASUREMENTS ` (n-1), it is not set.
87+ * For ` GET_MEASUREMENTS ` (n), if the Responder supports signature generation (` MEAS_CAP = 10b ` )
88+ then it is set, else it is not set.
89+ * For SPDM 1.2 and later, if the requester detected the signed ` MEASUREMENT ` (n)
90+ ` content change ` field is ` 01b ` (changed), the requester should discard this measurement report
91+ and recollect from the beginning.
92+ * For SPDM 1.2 and later, ` RawBitStreamRequested ` is not set.
93+ * For SPDM 1.3 and later, ` NewMeasurementRequested ` is not set.
94+
95+ ### Rationale
96+
97+ #### One-by-One Request and Response
98+
99+ The requester shall collect All-Measurements Report at first. Only if the device cannot return
100+ all measurements at one time due to some errors (such as transport layer limitation),
101+ then the requester can try to collect One-by-One-Measurements Report.
102+
103+ #### Detecting Measurement Report format
104+
105+ The verifier may check the first ` GET_MEASUREMENTS ` in the Measurement Report.
106+ * If the ` Param2 ` is ` 0xFF ` (All Measurements), then it is All-Measurements Report.
107+ The whole Measurement report should include only one ` GET_MEASUREMENTS ` /` MEASUREMENTS ` pair.
108+ * If the ` Param2 ` is ` 0x00 ` (Total Number), then it is One-by-One-Measurements Report.
109+ The whole Measurement report should include only ` n ` +1 ` GET_MEASUREMENTS ` /` MEASUREMENTS ` pairs.
110+
111+ #### Non-Sequentially Increased Measurement Index
112+
113+ The ` Param2 ` (measurement index) in ` GET_MEASUREMENTS ` (1) to ` GET_MEASUREMENTS ` (n) is
114+ non-sequentially incremental.
115+ A device may implement non-sequentially increased measurement index.
116+ For example, a device has 3 measurement blocks. The index is 1, 4 and 6.
117+ Then the ` Param2 ` of ` GET_MEASUREMENTS ` (1) is 1, the ` Param2 ` of ` GET_MEASUREMENTS ` (2) is 4,
118+ and the ` Param2 ` of ` GET_MEASUREMENTS ` (3) is 6.
119+ The requester may send a ` GET_MEASUREMENTS ` with ` Param2 ` 2, but it will get ` ERROR ` response.
120+ As such, the ` GET_MEASUREMENTS ` with ` Param2 ` 2 and ` ERROR ` response are NOT included
121+ in the measurement report.
122+ Once the successfully received number of measurement block is ` n ` -1, the requester should send
123+ the next ` GET_MEASUREMENTS ` with ` SignatureRequested ` set.
124+
125+ #### Completeness
126+
127+ The requester shall request the total number of measurement block (` n ` ) first,
128+ then request all ` n ` measurement blocks one by one incrementally.
129+
130+ #### Atomicity
131+
132+ The requester shall verify the ` content change ` and recollect One-by-One-Measurements report
133+ in case that the ` MeasurementRecord ` fields of previous ` MEASUREMENTS ` responses are changed.
134+
135+ #### Integrity
136+
137+ The requester shall request a digital signature in the last message ` GET_MEASUREMENTS ` (n)
138+ for the whole measurement report, if supported by the Responder.
139+
0 commit comments