@@ -13,6 +13,9 @@ SPDM Requester and consumed by a Verifier while all agents are operating in prod
1313particular, a production Verifier may only support a measurement report of this type and can point
1414to this document to advertise that restriction to other agents.
1515
16+ There are 2 types of Standard Measurement Report. A verifier shall support All-Measurements Report
17+ and may support One-by-One-Measurements Report.
18+
1619## Standard All-Measurements Report Definition
1720
1821The standard all-measurements report is a byte buffer that consists of the L1/L2 transcript along with
@@ -56,3 +59,82 @@ are evaluated by the Verifier while the Responder is in production.
5659
5760Presumably the Verifier evaluates the current state of the Responder and not its future state. As
5861such ` NewMeasurementRequested ` is not set.
62+
63+ ## Standard One-by-One-Measurements Report Definition
64+
65+ The standard one-by-one-measurements report is a byte buffer that consists of the L1/L2 transcript along with
66+ the signature over the transcript if the Responder supports signing. It is comprised of multiple
67+ ` GET_MEASUREMENTS ` requests and multiple ` MEASUREMENTS ` responses.
68+
69+ For SPDM 1.0 and 1.1, the byte buffer is {` GET_MEASUREMENTS ` (0), ` MEASUREMENTS ` (0),
70+ ` GET_MEASUREMENTS ` (1), ` MEASUREMENTS ` (1), ..., ` GET_MEASUREMENTS ` (n), ` MEASUREMENTS ` (n)}.
71+ For SPDM 1.2 and later, the byte buffer is {` VCA ` , ` GET_MEASUREMENTS ` (0), ` MEASUREMENTS ` (0),
72+ ` GET_MEASUREMENTS ` (1), ` MEASUREMENTS ` (1), ..., ` GET_MEASUREMENTS ` (n), ` MEASUREMENTS ` (n)}.
73+
74+ The ` GET_MEASUREMENTS ` (0) request has the following properties:
75+ * ` Param2 = 0x00 `
76+ * Total number of measurement blocks is requested.
77+ * Assuming that the Responder returns ` n ` measurement blocks in ` MEASUREMENTS ` (0).
78+ * ` SignatureRequested ` is not set.
79+ * For SPDM 1.2 and later, ` RawBitStreamRequested ` is not set.
80+ * For SPDM 1.3 and later, ` NewMeasurementRequested ` is not set.
81+
82+ The ` GET_MEASUREMENTS ` (1) to ` GET_MEASUREMENTS ` (n) request has the following properties:
83+ * ` Param2 `
84+ * The requested measurement index. It must be between 0x1 and 0xFE, inclusive and incremental.
85+ * Only successful ` GET_MEASUREMENTS ` (x) and ` MEASUREMENTS ` (x) are recorded in the measurement report.
86+ * ` SignatureRequested `
87+ * For ` GET_MEASUREMENTS ` (1), ..., and ` GET_MEASUREMENTS ` (n-1), it is not set.
88+ * For ` GET_MEASUREMENTS ` (n), if the Responder supports signature generation (` MEAS_CAP = 10b ` )
89+ then it is set, else it is not set.
90+ * For SPDM 1.2 and later, if the requester detected the signed ` MEASUREMENT ` (n)
91+ ` content change ` field is ` 01b ` (changed), the requester should discard this measurement report
92+ and recollect from the beginning.
93+ * For SPDM 1.2 and later, ` RawBitStreamRequested ` is not set.
94+ * For SPDM 1.3 and later, ` NewMeasurementRequested ` is not set.
95+
96+ ### Rationale
97+
98+ #### One-by-One Request and Response
99+
100+ The requester shall collect All-Measurements Report at first. Only if the device cannot return
101+ all measurements at one time due to some errors (such as transport layer limitation),
102+ then the requester can try to collect One-by-One-Measurements Report.
103+
104+ #### Detecting Measurement Report format
105+
106+ The verifier may check the first ` GET_MEASUREMENTS ` in the Measurement Report.
107+ * If the ` Param2 ` is ` 0xFF ` (All Measurements), then it is All-Measurements Report.
108+ The whole Measurement report should include only one ` GET_MEASUREMENTS ` /` MEASUREMENTS ` pair.
109+ * If the ` Param2 ` is ` 0x00 ` (Total Number), then it is One-by-One-Measurements Report.
110+ The whole Measurement report should include only ` n ` +1 ` GET_MEASUREMENTS ` /` MEASUREMENTS ` pairs.
111+
112+ #### Non-Sequentially Increased Measurement Index
113+
114+ The ` Param2 ` (measurement index) in ` GET_MEASUREMENTS ` (1) to ` GET_MEASUREMENTS ` (n) is
115+ non-sequentially incremental.
116+ A device may implement non-sequentially increased measurement index.
117+ For example, a device has 3 measurement blocks. The index is 1, 4 and 6.
118+ Then the ` Param2 ` of ` GET_MEASUREMENTS ` (1) is 1, the ` Param2 ` of ` GET_MEASUREMENTS ` (2) is 4,
119+ and the ` Param2 ` of ` GET_MEASUREMENTS ` (3) is 6.
120+ The requester may send a ` GET_MEASUREMENTS ` with ` Param2 ` 2, but it will get ` ERROR ` response.
121+ As such, the ` GET_MEASUREMENTS ` with ` Param2 ` 2 and ` ERROR ` response are NOT included
122+ in the measurement report.
123+ Once the successfully received number of measurement block is ` n ` -1, the requester should send
124+ the next ` GET_MEASUREMENTS ` with ` SignatureRequested ` set.
125+
126+ #### Completeness
127+
128+ The requester shall request the total number of measurement block (` n ` ) first,
129+ then request all ` n ` measurement blocks one by one incrementally.
130+
131+ #### Atomicity
132+
133+ The requester shall verify the ` content change ` and recollect One-by-One-Measurements report
134+ in case that the ` MeasurementRecord ` fields of previous ` MEASUREMENTS ` responses are changed.
135+
136+ #### Integrity
137+
138+ The requester shall request a digital signature in the last message ` GET_MEASUREMENTS ` (n)
139+ for the whole measurement report, if supported by the Responder.
140+
0 commit comments