GETCOMPD

Edit online

This rule_array keyword causes all data to be returned in one VUD block. The described structure also comprises extra data fields that contains output if the SIG2STAT keyword is specified.

The VUD block header and data has a layout as described in Table 1:

Table 1. Output data format for the GETCOMPD keyword
A table with five columns describing the layout of the VUD block header and data.
Offset	Size	Field	Subordinate data type	Description
Begin outer templating
4	1	Struct name	Signed_data_t	Structure name Type: binary integer Value: `mbif_types.h:118:#define SIGNED_DATA_T 0x82`
5	1	Struct version	Signed_data_t	Structure version Type: binary integer Value: `0x00`
6	4	Signed data len	Signed_data_t	Length of entire Signed_data_t structure, including appended data and signature Type: binary integer, big-endian
10	4	Data offset	Signed_data_t	Offset from start of the data sub-struct (here) to the start of the actual data payload. Type: binary integer, big-endian Value: `0x14`
14	4	Data len	Signed_data_t	Length of the data payload Type: binary integer, big-endian
18	4	Sig offset	Signed_data_t	Offset from start of the signature sub-structure (here) to the start of the actual signature. Type: binary integer, big-endian
22	4	Sig len	Signed_data_t	Length of the signature Type: binary integer, big-endian
26	4	Sig type	Signed_data_t	Type of the signature Type: binary integer, big-endian Value: 0x63 (# define CCA_DUAL_SIG 0x63) 0x00 (no signature)
Begin payload
30	7	VE	xcVpd_t:VE field	Card secure part number field from VPD Type: ASCII, not NULL terminated
37	1	Reserved1	n/a	Reserved field Type: binary integer
38	7	EC	xcVpd_t:EC field	Card EC field from VPD Type: ASCII, not NULL terminated
45	1	Reserved1	n/a	Reserved field Type: binary integer
46	12	SN	xcVpd_t:[sn_hdr \| sn] fields	Card serial number header and serial number concatenated; making up a 12 byte quantity. Type: ASCII, not NULL terminated
58	16	Current_clock	Cca_gentime_t structure	The current card clock time maintained by the RTC hardware. Type: ASCII characters for the date in the following layout of 14 characters, with 2 NULL characters at the end since the day-of-week is not returned. `YYYYMMDDHHMMSS\0\0` Note: This is similar to ASN.1 Generalized Time format for Local time. Since the adapter reports whatever time it has been set to, and has no external reference for timezone verification, it is not appropriate to have a Z indicating UTC or to specify an offset from UTC.
74	8	Cca_version		Same value reported for other CSUACFQ calls that report the CCA version Type: ASCII, not NULL terminated
82	8	Udx_version1	Ccax_version1	UDX supplied version field (first), should be none for PCI-HSM 2016 capable firmware Type: ASCII, not NULL terminated
90	8	Udx_version2	Ccax_version2	UDX supplied version field (second), should be none for PCI-HSM 2016 capable firmware Type: ASCII, not NULL terminated
98	16	Build_date	Cca_gentime_t structure	Build time_date: Local Date and time on machine where firmware was built. Type: ASCII characters for the date in the following layout of 14 characters, with 2 NULL characters at the end since the day-of-week is not returned. `YYYYMMDDHHMMSS\0\0` Note: This is similar to ASN.1 Generalized Time format for Local time. Since the adapter reports whatever time it has been set to, and has no external reference for timezone verification, it is not appropriate to have a Z indicating UTC or to specify an offset from UTC.
114	4	Card_action	cmp_srdi_hdr_t:action_flags	Card scope action flags Type: binary integer, big-endian `CARD_ZEROIZE_START 0x8000_0000` Flag Name: Card-wide zeroize started one bit flag to indicate that card zeroize is starting. Default value is 0b0, which indicates that a card zeroize is not in progress `CARD_CLOCK_SET 0x4000_0000` Flag Name: Card-wide system clock has been set one bit flag to indicate if the card has seen a valid SETCLOCK operation (from the TKE) in the time covered by the current SRDI files. Set once and never un-set or zeroed except for card-scope zeroize events. Default value: `0b0` `RESERVED` (all bits not defined above)
118	4	Comp_issues	DRAM variable CCA_comp_issue_flags	Returns any issues with compliance: reasons the card cannot support a compliance setting. Type: binary integer, big-endian Flags are defined: `CMPIF_CERT_NO_ISSUES 0x00000000` `CMPIF_FW_UDX 0x80000000` This value indicates a UDX was detected. `CMPIF_FW_SIM 0x40000000` This value indicates code is a simulator. Remaining values: reserved. Default value: `0b0`
122	4	Sec_log_max	Not in a structure	Maximum count of events for this domain, this is not a byte count. This is the same for the life of a card, but the API will live beyond one card. Type: binary integer, big-endian
126	2	Sec_log_event _size	Not in a structure	Maximum size of one event in bytes. This is the same for the life of a card, but the API will live beyond one card. Type: binary integer, big-endian
128	2	Dmn_kdf	Kdf value from DRAM	KDF value that maps to the compliance flags. Type: binary integer, big-endian
130	4	Dmn_action	cmp_srdi_mbr_t:action_flags	Domain scope action flags. Type: binary integer, big-endian (description continued in next row)
Description continued for Dmn_action (offset 130, size 4): `DOMAIN_ZERO_START 0x8000_0000` Flag Name: `domain-scope zeroize has started` one bit flag to indicate the beginning of work to zero-ize a domain. Default value is `0b0`. `DOMAIN_IMPRINT_START 0x4000_0000` Flag Name: This domain has started transition to Imprint mode one bit flag to indicate start of internal preparation for imprint mode transition. Default value is `0b0`, which indicates a zero-ize is not in progress. `DOMAIN_IMPRINT_ACTIVE 0x2000_0000` Flag Name: This domain is in Imprint mode one bit flag to indicate domain is in imprint mode for the compliance mode indicated by the compliance flags Default value is 0b0, which indicates the domain is NOT in imprint mode `DOMAIN_COMP_ACTIVE 0x1000_0000` Flag Name: This domain has 1 or more compliance modes active one bit flag to indicate the compliance flags field is in force Default value is 0b0, which indicates the compliance flags field is not in force `DOMAIN_COMP_REMOVE_START 0x0800_0000` Flag Name: This domain has started removal of 1 or more compliance modes one bit flag to indicate the beginning of work to un-set a compliance mode Default value is 0b0 `DOMAIN_COMP_MIGRATION 0x0400_0000` Flag Name: This domain is in migration mode as a reduced mode of an active compliance mode one bit flag to indicate that migration mode is active In this mode Comp-tagged keys may be created from qualified non-tagged keys. If this bit is active then the domain is within the 30 minute inactivity timeout window. After 30 minutes of not receiving any migration work (applying a comp-tag to a non-comp-tag key) then the domain reverts to compliance mode and the flag is automatically turned to `0b0`. Default value is `0b0` `(reserved) 0x0200_0000` Flag is reserved Default value is `0b0` `DOMAIN_SLOG_ENAB 0x0000_8000` Flag Name: This domain has Secure Log enabled one bit flag to indicate that Secure Log is enabled for this domain This flag will be 0b1 for every case where DOMAIN_IMPRINT_ACTIVE flag or DOMAIN_COMP_ACTIVE flag are active, however this flag may be 0b1 when neither flag is active. This means that a domain can have Secure Log active even if it is not in imprint mode or compliant mode. Default value is `0b0`
Description continued for Dmn_action (offset 130, size 4): `DOMAIN_SLOG_NOWRAP 0x0000_4000` Flag Name: This domain has Secure Log configured for NOT WRAP when the Log fills one bit flag to indicate that Secure Log is configured to NOT WRAP for this domain This flag is meaningful only if the `DOMAIN_SLOG_ENAB` flag is `0b1`, all other times it is set to `0b0`. Similar to `DOMAIN_SLOG_ENAB`, this flag will be 0b1 for every case where `DOMAIN_IMPRINT_ACTIVE` flag or `DOMAIN_COMP_ACTIVE` flag are active, however, this flag may be `0b1` when neither flag is active. This means that No Wrap is a required feature of the Secure Log if the domain is in Imprint mode or Compliant Mode, and No Wrap is an optional feature of the Secure Log otherwise. Default value is `0b0`. (Reserved) all remaining bits. Default value is `0b0`.
134	4	Dmn_compl	cmp_srdi_mbr_t:compl_flags	Domain scope compliance flags Type: binary integer, big-endian (description continued in next row)
Description continued for Dmn_compl (offset 134, size 4): COMPF_PCI_HSM_2016 0x8000_0000 Flag Name: This domain has the PCI-HSM v3.0 (June 2016) mode active one bit flag to indicate that the domain has PCI-HSM 2016 compliance mode enabled. Default value is 0b0, which indicates that PCI-HSM 2016 compliance mode is disabled. (Reserved) all remaining bits. Default value 0b0
138	4	Sec_log_cnt	Not in a structure	Current count of events for this domain, this is not a byte count. Type: binary integer, big-endian Will be `0x00000000` if Secure Log is not enabled at domain scope.
142	2	Owner2	Rom_status_t:owner2	Type: binary integer, big-endian two byte owner-ID field.
144	2	Owner3	Rom_status_t:owner3	Type: binary integer, big-endian two byte owner-ID field.
146	4	Miniboot versions	xcMB_Version_t	Type: binary integer, big-endian two bytes for miniboot 0, two bytes for miniboot 1
150	4	Adapter type	Adapter_type : CardRevId from xcAdapterInfo_t	Type: binary integer, big-endian four byte field from adapter info
Begin signature section sig-section (if SIG2STAT passed)
154	132	ECDSA signature	Raw r and s values	Raw r and s values for signature over SHA-512 hash of payload. The r and s values are 66 bytes each, r is first.
286	4668	CRDL-DSA signature	A byte string	The CRDL-DSA signature is the concatenation of a bit-packed representation of z and encodings of h and c in that order.
4954	64	Payload hash	Raw hash value	Raw SHA-512 hash over the payload. This is the value used for calculating the signature.