15 files changed, 396 insertions, 25 deletions

diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi10.h b/src/include/ipxe/efi/IndustryStandard/Acpi10.h
index e9a561c22..0dc281b55 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi10.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi10.h
@@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define _ACPI_1_0_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/AcpiAml.h>
 
diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi20.h b/src/include/ipxe/efi/IndustryStandard/Acpi20.h
index ad28120b2..131d760da 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi20.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi20.h
@@ -9,6 +9,7 @@
 #define _ACPI_2_0_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Acpi10.h>
 
diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi30.h b/src/include/ipxe/efi/IndustryStandard/Acpi30.h
index ff82bf203..d5c1a82b3 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi30.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi30.h
@@ -2,6 +2,7 @@
   ACPI 3.0 definitions from the ACPI Specification Revision 3.0b October 10, 2006
 
   Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+  Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -9,9 +10,20 @@
 #define _ACPI_3_0_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Acpi20.h>
 
+///
+/// _CSD Revision for ACPI 3.0
+///
+#define EFI_ACPI_3_0_AML_CSD_REVISION  0
+
+///
+/// _CSD NumEntries for ACPI 3.0
+///
+#define EFI_ACPI_3_0_AML_CSD_NUM_ENTRIES  6
+
 //
 // Define for Descriptor
 //
diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi40.h b/src/include/ipxe/efi/IndustryStandard/Acpi40.h
index 97b817039..f668ce04b 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi40.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi40.h
@@ -2,6 +2,7 @@
   ACPI 4.0 definitions from the ACPI Specification Revision 4.0a April 5, 2010
 
   Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR>
+  Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -9,10 +10,21 @@
 #define _ACPI_4_0_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Acpi30.h>
 
 ///
+/// _CSD Revision for ACPI 4.0
+///
+#define EFI_ACPI_4_0_AML_CSD_REVISION  0
+
+///
+/// _CSD NumEntries for ACPI 4.0
+///
+#define EFI_ACPI_4_0_AML_CSD_NUM_ENTRIES  6
+
+///
 /// _PSD Revision for ACPI 4.0
 ///
 #define EFI_ACPI_4_0_AML_PSD_REVISION  0
diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi50.h b/src/include/ipxe/efi/IndustryStandard/Acpi50.h
index 2addcb008..1621411b1 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi50.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi50.h
@@ -4,6 +4,7 @@
   Copyright (c) 2014 Hewlett-Packard Development Company, L.P.<BR>
   Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved.<BR>
   Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+  Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -11,9 +12,20 @@
 #define _ACPI_5_0_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Acpi40.h>
 
+///
+/// _CSD Revision for ACPI 5.0
+///
+#define EFI_ACPI_5_0_AML_CSD_REVISION  0
+
+///
+/// _CSD NumEntries for ACPI 5.0
+///
+#define EFI_ACPI_5_0_AML_CSD_NUM_ENTRIES  6
+
 //
 // Define for Descriptor
 //
@@ -123,6 +135,40 @@ typedef PACKED struct {
   UINT16                        DeviceSelection;
 } EFI_ACPI_SERIAL_BUS_RESOURCE_SPI_DESCRIPTOR;
 
+/// Revision ID of serial bus uart descriptor
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_REVISION_ID  0x1
+
+/// Type specific flags
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_LITTLE_ENDIAN    0x0
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_BIG_ENDIAN       0x1
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_5_BITS_PER_BYTE  0x0
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_6_BITS_PER_BYTE  0x1
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_7_BITS_PER_BYTE  0x2
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_8_BITS_PER_BYTE  0x3
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_9_BITS_PER_BYTE  0x4
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_NONE    0x0
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_1       0x1
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_1_5     0x2
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_2       0x3
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_NONE          0x0
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_HW            0x1
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_XON_XOFF      0x2
+
+/// Parity definitions
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_NONE   0x0
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_EVEN   0x1
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_ODD    0x2
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_MARK   0x3
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_SPACE  0x4
+
+/// Serial lines in use bits
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_RTS  BIT7
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_CTS  BIT6
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DTR  BIT5
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DSR  BIT4
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_RI   BIT3
+#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DTD  BIT2
+
 ///
 /// Serial Bus Resource Descriptor (UART)
 ///
diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi51.h b/src/include/ipxe/efi/IndustryStandard/Acpi51.h
index a2079ecc5..ec48c5b25 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi51.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi51.h
@@ -5,6 +5,7 @@
   Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved.<BR>
   (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
   Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+  Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -12,10 +13,21 @@
 #define _ACPI_5_1_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Acpi50.h>
 
 ///
+/// _CSD Revision for ACPI 5.1
+///
+#define EFI_ACPI_5_1_AML_CSD_REVISION  0
+
+///
+/// _CSD NumEntries for ACPI 5.1
+///
+#define EFI_ACPI_5_1_AML_CSD_NUM_ENTRIES  6
+
+///
 /// _PSD Revision for ACPI 5.1
 ///
 #define EFI_ACPI_5_1_AML_PSD_REVISION  0
@@ -1762,6 +1774,7 @@ typedef struct {
 #define EFI_ACPI_5_1_EINJ_EXECUTE_OPERATION               0x05
 #define EFI_ACPI_5_1_EINJ_CHECK_BUSY_STATUS               0x06
 #define EFI_ACPI_5_1_EINJ_GET_COMMAND_STATUS              0x07
+#define EFI_ACPI_5_1_EINJ_SET_ERROR_TYPE_WITH_ADDRESS     0x08
 #define EFI_ACPI_5_1_EINJ_TRIGGER_ERROR                   0xFF
 
 ///
@@ -1825,6 +1838,25 @@ typedef struct {
 } EFI_ACPI_5_1_EINJ_TRIGGER_ACTION_TABLE;
 
 ///
+/// Windows ACPI Emulated devices Table
+///
+typedef struct {
+  EFI_ACPI_DESCRIPTION_HEADER    Header;
+  ///
+  /// Container of a bitmask of Windows behavior that this system requires
+  /// Bit 0 - RTC good
+  /// Bit 1 - ACPI PM timer good
+  ///
+  UINT32                         EmulatedDeviceFlags;
+} EFI_ACPI_5_1_WAET_TABLE;
+
+///
+/// WAET Flags. All other bits are reserved and must be 0.
+///
+#define EFI_ACPI_5_1_WAET_FLAGS_RTC_GOOD            BIT0
+#define EFI_ACPI_5_1_WAET_FLAGS_ACPI_PM_TIMER_GOOD  BIT1
+
+///
 /// Platform Communications Channel Table (PCCT)
 ///
 typedef struct {
diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi60.h b/src/include/ipxe/efi/IndustryStandard/Acpi60.h
index c8d99214c..251e27e49 100644
--- a/src/include/ipxe/efi/IndustryStandard/Acpi60.h
+++ b/src/include/ipxe/efi/IndustryStandard/Acpi60.h
@@ -4,6 +4,7 @@
   Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR>
   (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR>
   Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+  Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 
@@ -11,10 +12,21 @@
 #define _ACPI_6_0_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Acpi51.h>
 
 ///
+/// _CSD Revision for ACPI 6.0
+///
+#define EFI_ACPI_6_0_AML_CSD_REVISION  0
+
+///
+/// _CSD NumEntries for ACPI 6.0
+///
+#define EFI_ACPI_6_0_AML_CSD_NUM_ENTRIES  6
+
+///
 /// _PSD Revision for ACPI 6.0
 ///
 #define EFI_ACPI_6_0_AML_PSD_REVISION  0
@@ -1949,6 +1961,7 @@ typedef struct {
 #define EFI_ACPI_6_0_EINJ_EXECUTE_OPERATION               0x05
 #define EFI_ACPI_6_0_EINJ_CHECK_BUSY_STATUS               0x06
 #define EFI_ACPI_6_0_EINJ_GET_COMMAND_STATUS              0x07
+#define EFI_ACPI_6_0_EINJ_SET_ERROR_TYPE_WITH_ADDRESS     0x08
 #define EFI_ACPI_6_0_EINJ_TRIGGER_ERROR                   0xFF
 
 ///
diff --git a/src/include/ipxe/efi/IndustryStandard/AcpiAml.h b/src/include/ipxe/efi/IndustryStandard/AcpiAml.h
index d7a83f7fa..4ea320cd0 100644
--- a/src/include/ipxe/efi/IndustryStandard/AcpiAml.h
+++ b/src/include/ipxe/efi/IndustryStandard/AcpiAml.h
@@ -11,6 +11,7 @@
 #define _ACPI_AML_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 //
 // ACPI AML definition
diff --git a/src/include/ipxe/efi/IndustryStandard/Bluetooth.h b/src/include/ipxe/efi/IndustryStandard/Bluetooth.h
index 97b6526b3..b2547ca0b 100644
--- a/src/include/ipxe/efi/IndustryStandard/Bluetooth.h
+++ b/src/include/ipxe/efi/IndustryStandard/Bluetooth.h
@@ -11,6 +11,7 @@
 #define _BLUETOOTH_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #pragma pack(1)
 
diff --git a/src/include/ipxe/efi/IndustryStandard/Pci22.h b/src/include/ipxe/efi/IndustryStandard/Pci22.h
index 161333d88..477761c32 100644
--- a/src/include/ipxe/efi/IndustryStandard/Pci22.h
+++ b/src/include/ipxe/efi/IndustryStandard/Pci22.h
@@ -17,6 +17,7 @@
 #define _PCI22_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #define PCI_MAX_BUS     255
 #define PCI_MAX_DEVICE  31
diff --git a/src/include/ipxe/efi/IndustryStandard/PeImage.h b/src/include/ipxe/efi/IndustryStandard/PeImage.h
index c1f1a09cb..f99deb051 100644
--- a/src/include/ipxe/efi/IndustryStandard/PeImage.h
+++ b/src/include/ipxe/efi/IndustryStandard/PeImage.h
@@ -20,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define __PE_IMAGE_H__
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 //
 // PE32+ Subsystem type for EFI images
@@ -27,7 +28,6 @@ FILE_LICENCE ( BSD2_PATENT );
 #define EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION          10
 #define EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER  11
 #define EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER       12
-#define EFI_IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER       13///< defined PI Specification, 1.0
 
 //
 // PE32+ Machine type for EFI images
diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm12.h b/src/include/ipxe/efi/IndustryStandard/Tpm12.h
index 6bebcb7bd..02fda8564 100644
--- a/src/include/ipxe/efi/IndustryStandard/Tpm12.h
+++ b/src/include/ipxe/efi/IndustryStandard/Tpm12.h
@@ -10,6 +10,7 @@
 #define _TPM12_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 ///
 /// The start of TPM return codes
@@ -746,8 +747,8 @@ typedef struct tdTPM_PERMANENT_FLAGS {
   BOOLEAN              TPMpost;
   BOOLEAN              TPMpostLock;
   BOOLEAN              FIPS;
-  BOOLEAN                           operator;
-  BOOLEAN                           enableRevokeEK;
+  BOOLEAN              operator_;
+  BOOLEAN              enableRevokeEK;
   BOOLEAN              nvLocked;
   BOOLEAN              readSRKPub;
   BOOLEAN              tpmEstablished;
diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm20.h b/src/include/ipxe/efi/IndustryStandard/Tpm20.h
index b314d6e91..c70e0a121 100644
--- a/src/include/ipxe/efi/IndustryStandard/Tpm20.h
+++ b/src/include/ipxe/efi/IndustryStandard/Tpm20.h
@@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define _TPM20_H_
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Tpm12.h>
 
@@ -205,15 +206,16 @@ typedef UINT16 TPM_ALG_ID;
 
 // Table 8 - TPM_ECC_CURVE Constants
 typedef UINT16 TPM_ECC_CURVE;
-#define TPM_ECC_NONE       (TPM_ECC_CURVE)(0x0000)
-#define TPM_ECC_NIST_P192  (TPM_ECC_CURVE)(0x0001)
-#define TPM_ECC_NIST_P224  (TPM_ECC_CURVE)(0x0002)
-#define TPM_ECC_NIST_P256  (TPM_ECC_CURVE)(0x0003)
-#define TPM_ECC_NIST_P384  (TPM_ECC_CURVE)(0x0004)
-#define TPM_ECC_NIST_P521  (TPM_ECC_CURVE)(0x0005)
-#define TPM_ECC_BN_P256    (TPM_ECC_CURVE)(0x0010)
-#define TPM_ECC_BN_P638    (TPM_ECC_CURVE)(0x0011)
-#define TPM_ECC_SM2_P256   (TPM_ECC_CURVE)(0x0020)
+#define TPM_ECC_NONE        (TPM_ECC_CURVE)(0x0000)
+#define TPM_ECC_NIST_P192   (TPM_ECC_CURVE)(0x0001)
+#define TPM_ECC_NIST_P224   (TPM_ECC_CURVE)(0x0002)
+#define TPM_ECC_NIST_P256   (TPM_ECC_CURVE)(0x0003)
+#define TPM_ECC_NIST_P384   (TPM_ECC_CURVE)(0x0004)
+#define TPM_ECC_NIST_P521   (TPM_ECC_CURVE)(0x0005)
+#define TPM_ECC_BN_P256     (TPM_ECC_CURVE)(0x0010)
+#define TPM_ECC_BN_P638     (TPM_ECC_CURVE)(0x0011)
+#define TPM_ECC_SM2_P256    (TPM_ECC_CURVE)(0x0020)
+#define TPM_ECC_BP_P512_R1  (TPM_ECC_CURVE)(0x0032)
 
 // Table 11 - TPM_CC Constants (Numeric Order)
 typedef UINT32 TPM_CC;
@@ -1249,7 +1251,7 @@ typedef union {
   TPMI_AES_KEY_BITS    aes;
   TPMI_SM4_KEY_BITS    SM4;
   TPM_KEY_BITS         sym;
-  TPMI_ALG_HASH     xor;
+  TPMI_ALG_HASH        xor_;
 } TPMU_SYM_KEY_BITS;
 
 // Table 123 - TPMU_SYM_MODE Union
@@ -1322,7 +1324,7 @@ typedef struct {
 // Table 136 - TPMU_SCHEME_KEYEDHASH Union
 typedef union {
   TPMS_SCHEME_HMAC    hmac;
-  TPMS_SCHEME_XOR  xor;
+  TPMS_SCHEME_XOR     xor_;
 } TPMU_SCHEME_KEYEDHASH;
 
 // Table 137 - TPMT_KEYEDHASH_SCHEME Structure
diff --git a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h
index a89986712..98bf7b689 100644
--- a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h
+++ b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h
@@ -1,8 +1,8 @@
 /** @file
   TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and
-  TCG PC Client Platform Firmware Profile Specification, Revision 1.05
+  TCG PC Client Platform Firmware Profile Specification, Revision 1.06
 
-  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -11,6 +11,7 @@
 #define __UEFI_TCG_PLATFORM_H__
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/IndustryStandard/Tpm12.h>
 #include <ipxe/efi/IndustryStandard/Tpm20.h>
@@ -55,6 +56,18 @@ FILE_LICENCE ( BSD2_PATENT );
 #define EV_EFI_VARIABLE_AUTHORITY         (EV_EFI_EVENT_BASE + 0xE0)
 #define EV_EFI_SPDM_FIRMWARE_BLOB         (EV_EFI_EVENT_BASE + 0xE1)
 #define EV_EFI_SPDM_FIRMWARE_CONFIG       (EV_EFI_EVENT_BASE + 0xE2)
+#define EV_EFI_SPDM_DEVICE_BLOB           EV_EFI_SPDM_FIRMWARE_BLOB
+#define EV_EFI_SPDM_DEVICE_CONFIG         EV_EFI_SPDM_FIRMWARE_CONFIG
+//
+// The SPDM policy database for SPDM verification.
+// It goes to PCR7
+//
+#define EV_EFI_SPDM_DEVICE_POLICY  (EV_EFI_EVENT_BASE + 0xE3)
+//
+// The SPDM policy authority for SPDM verification for the signature
+// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7.
+//
+#define EV_EFI_SPDM_DEVICE_AUTHORITY  (EV_EFI_EVENT_BASE + 0xE4)
 
 #define EFI_CALLING_EFI_APPLICATION         \
   "Calling EFI Application from Boot Option"
@@ -376,6 +389,7 @@ typedef struct {
 #define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2   0
 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2          0
 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105  105
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106  106
 
 typedef struct {
   UINT8     signature[16];
@@ -440,6 +454,7 @@ typedef struct tdTCG_PCClientTaggedEvent {
 
 #define TCG_Sp800_155_PlatformId_Event_SIGNATURE   "SP800-155 Event"
 #define TCG_Sp800_155_PlatformId_Event2_SIGNATURE  "SP800-155 Event2"
+#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE  "SP800-155 Event3"
 
 typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
   UINT8       Signature[16];
@@ -461,14 +476,57 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
   // UINT8               PlatformModel[PlatformModelSize];
   // UINT8               PlatformVersionSize;
   // UINT8               PlatformVersion[PlatformVersionSize];
+  // UINT8               FirmwareManufacturerStrSize;
+  // UINT8               FirmwareManufacturerStr[FirmwareManufacturerStrSize];
+  // UINT32              FirmwareManufacturerId;
+  // UINT8               FirmwareVersion;
+  // UINT8               FirmwareVersion[FirmwareVersionSize];
+} TCG_Sp800_155_PlatformId_Event2;
+
+typedef struct tdTCG_Sp800_155_PlatformId_Event3 {
+  UINT8       Signature[16];
+  //
+  // Where Vendor ID is an integer defined
+  // at http://www.iana.org/assignments/enterprisenumbers
+  //
+  UINT32      VendorId;
+  //
+  // 16-byte identifier of a given platform's static configuration of code
+  //
+  EFI_GUID    ReferenceManifestGuid;
+  // UINT8               PlatformManufacturerStrSize;
+  // UINT8               PlatformManufacturerStr[PlatformManufacturerStrSize];
   // UINT8               PlatformModelSize;
   // UINT8               PlatformModel[PlatformModelSize];
+  // UINT8               PlatformVersionSize;
+  // UINT8               PlatformVersion[PlatformVersionSize];
   // UINT8               FirmwareManufacturerStrSize;
   // UINT8               FirmwareManufacturerStr[FirmwareManufacturerStrSize];
   // UINT32              FirmwareManufacturerId;
   // UINT8               FirmwareVersion;
-  // UINT8               FirmwareVersion[FirmwareVersionSize]];
-} TCG_Sp800_155_PlatformId_Event2;
+  // UINT8               FirmwareVersion[FirmwareVersionSize];
+  //
+  // Below structure is newly added in TCG_Sp800_155_PlatformId_Event3
+  //
+  // UINT32              RimLocatorType;
+  // UINT32              RimLocatorLength;
+  // UINT8               RimLocator[RimLocatorLength];
+  // UINT32              PlatformCertLocatorType;
+  // UINT32              PlatformCertLocatorLength;
+  // UINT8               PlatformCertLocator[PlatformCertLocatorLength];
+} TCG_Sp800_155_PlatformId_Event3;
+
+/**
+ * TCG specifies a locator type with the following values
+ * 0 - Raw data in the locator itself.
+ * 1 - URI in rtf2396 format.
+ * 2 - local device path in EFI_DEVICE_PATH_PROTOCOL format.
+ * 3 - UEFI variable (16 byte EFI_GUID, then 00-terminated UCS2 string)
+**/
+#define TCG_LOCATOR_TYPE_RAW_DATA       0
+#define TCG_LOCATOR_TYPE_URI            1
+#define TCG_LOCATOR_TYPE_DEVICE_PATH    2
+#define TCG_LOCATOR_TYPE_UEFI_VARIABLE  3
 
 #define TCG_EfiStartupLocalityEvent_SIGNATURE  "StartupLocality"
 
@@ -494,4 +552,173 @@ typedef struct tdTCG_EfiStartupLocalityEvent {
 //
 #pragma pack ()
 
+//
+// ======================================================================================================================
+// Event Type                    PCR  Event Log                                   Usage
+// ======================================================================================================================
+// EV_EFI_SPDM_DEVICE_BLOB       2    SPDM_MEASUREMENT_BLOCK (subtype)            MEASUREMENT from device
+// EV_EFI_SPDM_DEVICE_CONFIG     3    SPDM_MEASUREMENT_BLOCK (subtype)            MEASUREMENT from device
+// EV_EFI_SPDM_DEVICE_BLOB       2    SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device
+
+// EV_EFI_SPDM_DEVICE_POLICY     7    UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST  Provisioned device public cert.
+// EV_EFI_SPDM_DEVICE_AUTHORITY  7    UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA  CHALLENGE_AUTH signature verification
+// ======================================================================================================================
+//
+
+#define PCR_INDEX_FOR_SIGNATURE_DB  7
+
+#pragma pack(1)
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1    1
+#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2    2
+#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2  "SPDM Device Sec2"
+
+typedef struct {
+  UINT8     Signature[16];
+  UINT16    Version;
+  UINT8     AuthState;
+  UINT8     Reserved;
+  UINT32    Length;                      // Length in bytes for all following structures.
+  UINT32    DeviceType;
+  UINT32    SubHeaderType;
+  UINT32    SubHeaderLength;                      // Length in bytes of the sub header followed by.
+  UINT64    SubHeaderUID;                         // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together.
+  // UINT64                         DevicePathLength;
+  // UINT8                          DevicePath[DevicePathLength];
+} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2;
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS       0
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH       1
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING    2
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG   3
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID  4
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM       0xFF
+
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK  0
+#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN         1
+
+typedef struct {
+  UINT16    SpdmVersion;
+  UINT8     SpdmMeasurementBlockCount;
+  UINT8     Reserved;
+  UINT32    SpdmMeasurementHashAlgo;
+  // SPDM_MEASUREMENT_BLOCK         SpdmMeasurementBlock;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK;
+
+typedef struct {
+  UINT16    SpdmVersion;
+  UINT8     SpdmSlotId;
+  UINT8     Reserved;
+  UINT32    SpdmHashAlgo;
+  // SPDM_CERT_CHAIN                SpdmCertChain;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN;
+
+typedef struct {
+  UINT32    Type;
+  UINT32    Length;
+  UINT8     Value[1];
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT;
+
+typedef union {
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK    SpdmMeasurementBlock;
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN           SpdmCertChain;
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT           OemMeasurement;
+} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER;
+
+typedef union {
+  TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT    Pci;
+  TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT    Usb;
+} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
+
+typedef struct {
+  TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2           EventDataHeader;
+  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER        EventDataSubHeader;
+  TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT    DeviceContext;
+} TCG_DEVICE_SECURITY_EVENT_DATA2;
+
+#pragma pack()
+
+//
+// EventType:EV_NO_ACTION
+// ======================================================================================================================
+// NVIndex Name                                PCR/NvIndex  Event Log                            Usage
+// ======================================================================================================================
+// NV_EXTEND_INDEX_FOR_INSTANCE                0x01C40200   NV_INDEX_INSTANCE_EVENT_LOG_STRUCT   NV Extend Record for instance data (CertChain)
+// NV_EXTEND_INDEX_FOR_DYNAMIC                 0x01C40201   NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    NV Extend Record for dynamic data  (Nonce)
+
+// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH   0x01C40202   EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT  Event Log Integrity for ExitPmAuth
+// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT  0x01C40203   EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT  Event Log Integrity for ReadyToBoot
+// ======================================================================================================================
+//
+
+#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE                0x01C40200
+#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC                 0x01C40201
+#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH   0x01C40202
+#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT  0x01C40203
+
+#pragma pack(1)
+
+#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE      "NvIndexInstance"
+#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION  1
+
+typedef struct {
+  UINT8     Signature[16];
+  UINT16    Version;
+  UINT8     Reserved[6];
+  // TCG_DEVICE_SECURITY_EVENT_DATA2  Data;
+} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT;
+
+#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE      "NvIndexDynamic "
+#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION  1
+
+#define TCG_SPDM_CHALLENGE_DESCRIPTION         "SPDM CHALLENGE"
+#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION    "SPDM CHALLENGE_AUTH"
+#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION  "SPDM GET_MEASUREMENTS"
+#define TCG_SPDM_MEASUREMENTS_DESCRIPTION      "SPDM MEASUREMENTS"
+
+typedef struct {
+  UINT8     Signature[16];
+  UINT16    Version;
+  UINT8     Reserved[6];
+  UINT64    Uid;
+  // UINT16                           DescriptionSize;
+  // UINT8                            Description[DescriptionSize];
+  // UINT16                           DataSize;
+  // UINT8                            Data[DataSize];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS;
+
+typedef struct {
+  TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT    Header;
+  UINT16                                   DescriptionSize;
+  UINT8                                    Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)];
+  UINT16                                   DataSize;
+  UINT8                                    Data[32];
+} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS;
+
+#pragma pack()
+
 #endif
diff --git a/src/include/ipxe/efi/IndustryStandard/Usb.h b/src/include/ipxe/efi/IndustryStandard/Usb.h
index 8c7fe834f..a2b6c1ab9 100644
--- a/src/include/ipxe/efi/IndustryStandard/Usb.h
+++ b/src/include/ipxe/efi/IndustryStandard/Usb.h
@@ -2,6 +2,8 @@
   Support for USB 2.0 standard.
 
   Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2024, American Megatrends International LLC. All rights reserved.<BR>
+
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -10,6 +12,7 @@
 #define __USB_H__
 
 FILE_LICENCE ( BSD2_PATENT );
+FILE_SECBOOT ( PERMITTED );
 
 //
 // Subset of Class and Subclass definitions from USB Specs
@@ -134,6 +137,21 @@ typedef struct {
 } USB_CONFIG_DESCRIPTOR;
 
 ///
+/// Standard Interface Association Descriptor
+/// USB 3.0 spec, Section 9.6.4
+///
+typedef struct {
+  UINT8    Length;
+  UINT8    DescriptorType;
+  UINT8    FirstInterface;
+  UINT8    InterfaceCount;
+  UINT8    FunctionClass;
+  UINT8    FunctionSubclass;
+  UINT8    FunctionProtocol;
+  UINT8    FunctionDescriptionStringIndex;
+} USB_INTERFACE_ASSOCIATION_DESCRIPTOR;
+
+///
 /// Standard Interface Descriptor
 /// USB 2.0 spec, Section 9.6.5
 ///
@@ -209,13 +227,16 @@ typedef enum {
   //
   // USB Descriptor types
   //
-  USB_DESC_TYPE_DEVICE    = 0x01,
-  USB_DESC_TYPE_CONFIG    = 0x02,
-  USB_DESC_TYPE_STRING    = 0x03,
-  USB_DESC_TYPE_INTERFACE = 0x04,
-  USB_DESC_TYPE_ENDPOINT  = 0x05,
-  USB_DESC_TYPE_HID       = 0x21,
-  USB_DESC_TYPE_REPORT    = 0x22,
+  USB_DESC_TYPE_DEVICE                = 0x01,
+  USB_DESC_TYPE_CONFIG                = 0x02,
+  USB_DESC_TYPE_STRING                = 0x03,
+  USB_DESC_TYPE_INTERFACE             = 0x04,
+  USB_DESC_TYPE_ENDPOINT              = 0x05,
+  USB_DESC_TYPE_INTERFACE_ASSOCIATION = 0x0b,
+  USB_DESC_TYPE_HID                   = 0x21,
+  USB_DESC_TYPE_REPORT                = 0x22,
+  USB_DESC_TYPE_CS_INTERFACE          = 0x24,
+  USB_DESC_TYPE_CS_ENDPOINT           = 0x25,
 
   //
   // Features to be cleared by CLEAR_FEATURE requests