2013-09-18 07:31:18 +02:00
|
|
|
/** @file
|
|
|
|
This library is used by other modules to send TPM2 command.
|
|
|
|
|
2021-12-17 03:47:07 +01:00
|
|
|
Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
|
2019-04-04 01:06:56 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
2013-09-18 07:31:18 +02:00
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#ifndef _TPM2_COMMAND_LIB_H_
|
|
|
|
#define _TPM2_COMMAND_LIB_H_
|
|
|
|
|
|
|
|
#include <IndustryStandard/Tpm20.h>
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command starts a hash or an Event sequence.
|
|
|
|
If hashAlg is an implemented hash, then a hash sequence is started.
|
|
|
|
If hashAlg is TPM_ALG_NULL, then an Event sequence is started.
|
|
|
|
|
|
|
|
@param[in] HashAlg The hash algorithm to use for the hash sequence
|
|
|
|
An Event sequence starts if this is TPM_ALG_NULL.
|
|
|
|
@param[out] SequenceHandle A handle to reference the sequence
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2HashSequenceStart (
|
|
|
|
IN TPMI_ALG_HASH HashAlg,
|
|
|
|
OUT TPMI_DH_OBJECT *SequenceHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command is used to add data to a hash or HMAC sequence.
|
|
|
|
The amount of data in buffer may be any size up to the limits of the TPM.
|
|
|
|
NOTE: In all TPM, a buffer size of 1,024 octets is allowed.
|
|
|
|
|
|
|
|
@param[in] SequenceHandle Handle for the sequence object
|
|
|
|
@param[in] Buffer Data to be added to hash
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2SequenceUpdate (
|
|
|
|
IN TPMI_DH_OBJECT SequenceHandle,
|
|
|
|
IN TPM2B_MAX_BUFFER *Buffer
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list.
|
|
|
|
If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in
|
|
|
|
the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each
|
|
|
|
bank extended with the associated digest value.
|
|
|
|
|
|
|
|
@param[in] PcrHandle PCR to be extended with the Event data
|
|
|
|
@param[in] SequenceHandle Authorization for the sequence
|
|
|
|
@param[in] Buffer Data to be added to the Event
|
|
|
|
@param[out] Results List of digests computed for the PCR
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2EventSequenceComplete (
|
|
|
|
IN TPMI_DH_PCR PcrHandle,
|
|
|
|
IN TPMI_DH_OBJECT SequenceHandle,
|
|
|
|
IN TPM2B_MAX_BUFFER *Buffer,
|
|
|
|
OUT TPML_DIGEST_VALUES *Results
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.
|
|
|
|
|
|
|
|
@param[in] SequenceHandle Authorization for the sequence
|
|
|
|
@param[in] Buffer Data to be added to the hash/HMAC
|
|
|
|
@param[out] Result The returned HMAC or digest in a sized buffer
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2SequenceComplete (
|
|
|
|
IN TPMI_DH_OBJECT SequenceHandle,
|
|
|
|
IN TPM2B_MAX_BUFFER *Buffer,
|
|
|
|
OUT TPM2B_DIGEST *Result
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Send Startup command to TPM2.
|
|
|
|
|
|
|
|
@param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2Startup (
|
|
|
|
IN TPM_SU StartupType
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Send Shutdown command to TPM2.
|
|
|
|
|
|
|
|
@param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2Shutdown (
|
|
|
|
IN TPM_SU ShutdownType
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command causes the TPM to perform a test of its capabilities.
|
|
|
|
If the fullTest is YES, the TPM will test all functions.
|
|
|
|
If fullTest = NO, the TPM will only test those functions that have not previously been tested.
|
|
|
|
|
|
|
|
@param[in] FullTest YES if full test to be performed
|
|
|
|
NO if only test of untested functions required
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2SelfTest (
|
|
|
|
IN TPMI_YES_NO FullTest
|
|
|
|
);
|
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
/**
|
|
|
|
This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
|
|
|
|
storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] AuthPolicy An authorization policy hash
|
|
|
|
@param[in] HashAlg The hash algorithm to use for the policy
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2SetPrimaryPolicy (
|
|
|
|
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession,
|
|
|
|
IN TPM2B_DIGEST *AuthPolicy,
|
|
|
|
IN TPMI_ALG_HASH HashAlg
|
|
|
|
);
|
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
/**
|
|
|
|
This command removes all TPM context associated with a specific Owner.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2Clear (
|
|
|
|
IN TPMI_RH_CLEAR AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Disables and enables the execution of TPM2_Clear().
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] Disable YES if the disableOwnerClear flag is to be SET,
|
|
|
|
NO if the flag is to be CLEAR.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2ClearControl (
|
|
|
|
IN TPMI_RH_CLEAR AuthHandle,
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
|
2013-09-18 07:31:18 +02:00
|
|
|
IN TPMI_YES_NO Disable
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command allows the authorization secret for a hierarchy or lockout to be changed using the current
|
|
|
|
authorization value as the command authorization.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] NewAuth New authorization secret
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2HierarchyChangeAuth (
|
|
|
|
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession,
|
|
|
|
IN TPM2B_AUTH *NewAuth
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
|
|
|
|
their default initialization values.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2ChangeEPS (
|
|
|
|
IN TPMI_RH_PLATFORM AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
|
|
|
|
initialization value (the Empty Buffer).
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2ChangePPS (
|
|
|
|
IN TPMI_RH_PLATFORM AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command enables and disables use of a hierarchy.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] Hierarchy Hierarchy of the enable being modified
|
|
|
|
@param[in] State YES if the enable should be SET,
|
|
|
|
NO if the enable should be CLEAR
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2HierarchyControl (
|
|
|
|
IN TPMI_RH_HIERARCHY AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession,
|
|
|
|
IN TPMI_RH_HIERARCHY Hierarchy,
|
|
|
|
IN TPMI_YES_NO State
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
|
|
|
|
If this command is properly authorized, the lockout counter is set to zero.
|
|
|
|
|
|
|
|
@param[in] LockHandle LockHandle
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2DictionaryAttackLockReset (
|
|
|
|
IN TPMI_RH_LOCKOUT LockHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
|
|
|
|
If this command is properly authorized, the lockout counter is set to zero.
|
|
|
|
|
|
|
|
@param[in] LockHandle LockHandle
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] NewMaxTries Count of authorization failures before the lockout is imposed
|
|
|
|
@param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented
|
|
|
|
@param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2DictionaryAttackParameters (
|
|
|
|
IN TPMI_RH_LOCKOUT LockHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession,
|
|
|
|
IN UINT32 NewMaxTries,
|
|
|
|
IN UINT32 NewRecoveryTime,
|
|
|
|
IN UINT32 LockoutRecovery
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command is used to read the public area and Name of an NV Index.
|
|
|
|
|
|
|
|
@param[in] NvIndex The NV Index.
|
|
|
|
@param[out] NvPublic The public area of the index.
|
|
|
|
@param[out] NvName The Name of the nvIndex.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvReadPublic (
|
|
|
|
IN TPMI_RH_NV_INDEX NvIndex,
|
|
|
|
OUT TPM2B_NV_PUBLIC *NvPublic,
|
|
|
|
OUT TPM2B_NAME *NvName
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command defines the attributes of an NV Index and causes the TPM to
|
|
|
|
reserve space to hold the data associated with the index.
|
|
|
|
If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] Auth The authorization data.
|
|
|
|
@param[in] NvPublic The public area of the index.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvDefineSpace (
|
|
|
|
IN TPMI_RH_PROVISION AuthHandle,
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
|
2013-09-18 07:31:18 +02:00
|
|
|
IN TPM2B_AUTH *Auth,
|
|
|
|
IN TPM2B_NV_PUBLIC *NvPublic
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command removes an index from the TPM.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
|
|
|
|
@param[in] NvIndex The NV Index.
|
|
|
|
@param[in] AuthSession Auth Session context
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvUndefineSpace (
|
|
|
|
IN TPMI_RH_PROVISION AuthHandle,
|
|
|
|
IN TPMI_RH_NV_INDEX NvIndex,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
|
|
|
|
|
|
|
|
@param[in] AuthHandle the handle indicating the source of the authorization value.
|
|
|
|
@param[in] NvIndex The index to be read.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] Size Number of bytes to read.
|
|
|
|
@param[in] Offset Byte offset into the area.
|
|
|
|
@param[in,out] OutData The data read.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvRead (
|
|
|
|
IN TPMI_RH_NV_AUTH AuthHandle,
|
|
|
|
IN TPMI_RH_NV_INDEX NvIndex,
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
|
2013-09-18 07:31:18 +02:00
|
|
|
IN UINT16 Size,
|
|
|
|
IN UINT16 Offset,
|
|
|
|
IN OUT TPM2B_MAX_BUFFER *OutData
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
|
|
|
|
|
|
|
|
@param[in] AuthHandle the handle indicating the source of the authorization value.
|
|
|
|
@param[in] NvIndex The NV Index of the area to write.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] InData The data to write.
|
|
|
|
@param[in] Offset The offset into the NV Area.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvWrite (
|
|
|
|
IN TPMI_RH_NV_AUTH AuthHandle,
|
|
|
|
IN TPMI_RH_NV_INDEX NvIndex,
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
|
2013-09-18 07:31:18 +02:00
|
|
|
IN TPM2B_MAX_BUFFER *InData,
|
|
|
|
IN UINT16 Offset
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).
|
|
|
|
|
|
|
|
@param[in] AuthHandle the handle indicating the source of the authorization value.
|
|
|
|
@param[in] NvIndex The NV Index of the area to lock.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvReadLock (
|
|
|
|
IN TPMI_RH_NV_AUTH AuthHandle,
|
|
|
|
IN TPMI_RH_NV_INDEX NvIndex,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command may be used to inhibit further writes of the Index.
|
|
|
|
|
|
|
|
@param[in] AuthHandle the handle indicating the source of the authorization value.
|
|
|
|
@param[in] NvIndex The NV Index of the area to lock.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvWriteLock (
|
|
|
|
IN TPMI_RH_NV_AUTH AuthHandle,
|
|
|
|
IN TPMI_RH_NV_INDEX NvIndex,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2NvGlobalWriteLock (
|
|
|
|
IN TPMI_RH_PROVISION AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command is used to cause an update to the indicated PCR.
|
|
|
|
The digests parameter contains one or more tagged digest value identified by an algorithm ID.
|
|
|
|
For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).
|
|
|
|
|
|
|
|
@param[in] PcrHandle Handle of the PCR
|
|
|
|
@param[in] Digests List of tagged digest values to be extended
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PcrExtend (
|
|
|
|
IN TPMI_DH_PCR PcrHandle,
|
|
|
|
IN TPML_DIGEST_VALUES *Digests
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command is used to cause an update to the indicated PCR.
|
|
|
|
The data in eventData is hashed using the hash algorithm associated with each bank in which the
|
|
|
|
indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle
|
|
|
|
references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in
|
|
|
|
TPM2_PCR_Extend().
|
|
|
|
A TPM shall support an Event.size of zero through 1,024 inclusive.
|
|
|
|
|
|
|
|
@param[in] PcrHandle Handle of the PCR
|
|
|
|
@param[in] EventData Event data in sized buffer
|
|
|
|
@param[out] Digests List of digest
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PcrEvent (
|
2021-12-17 03:47:07 +01:00
|
|
|
IN TPMI_DH_PCR PcrHandle,
|
|
|
|
IN TPM2B_EVENT *EventData,
|
|
|
|
OUT TPML_DIGEST_VALUES *Digests
|
2013-09-18 07:31:18 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the values of all PCR specified in pcrSelect.
|
|
|
|
|
|
|
|
@param[in] PcrSelectionIn The selection of PCR to read.
|
|
|
|
@param[out] PcrUpdateCounter The current value of the PCR update counter.
|
|
|
|
@param[out] PcrSelectionOut The PCR in the returned list.
|
|
|
|
@param[out] PcrValues The contents of the PCR indicated in pcrSelect.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PcrRead (
|
2021-12-17 03:47:07 +01:00
|
|
|
IN TPML_PCR_SELECTION *PcrSelectionIn,
|
|
|
|
OUT UINT32 *PcrUpdateCounter,
|
|
|
|
OUT TPML_PCR_SELECTION *PcrSelectionOut,
|
|
|
|
OUT TPML_DIGEST *PcrValues
|
2013-09-18 07:31:18 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command is used to set the desired PCR allocation of PCR and algorithms.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_PLATFORM+{PP}
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] PcrAllocation The requested allocation
|
|
|
|
@param[out] AllocationSuccess YES if the allocation succeeded
|
|
|
|
@param[out] MaxPCR maximum number of PCR that may be in a bank
|
|
|
|
@param[out] SizeNeeded number of octets required to satisfy the request
|
|
|
|
@param[out] SizeAvailable Number of octets available. Computed before the allocation
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PcrAllocate (
|
|
|
|
IN TPMI_RH_PLATFORM AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession,
|
|
|
|
IN TPML_PCR_SELECTION *PcrAllocation,
|
|
|
|
OUT TPMI_YES_NO *AllocationSuccess,
|
|
|
|
OUT UINT32 *MaxPCR,
|
|
|
|
OUT UINT32 *SizeNeeded,
|
|
|
|
OUT UINT32 *SizeAvailable
|
|
|
|
);
|
|
|
|
|
2016-09-13 12:43:30 +02:00
|
|
|
/**
|
|
|
|
Alloc PCR data.
|
|
|
|
|
|
|
|
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
|
|
|
|
@param[in] SupportedPCRBanks Supported PCR banks
|
|
|
|
@param[in] PCRBanks PCR banks
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PcrAllocateBanks (
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPM2B_AUTH *PlatformAuth OPTIONAL,
|
2016-09-13 12:43:30 +02:00
|
|
|
IN UINT32 SupportedPCRBanks,
|
|
|
|
IN UINT32 PCRBanks
|
|
|
|
);
|
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
/**
|
|
|
|
This command returns various information regarding the TPM and its current state.
|
|
|
|
|
2018-06-27 15:13:09 +02:00
|
|
|
The capability parameter determines the category of data returned. The property parameter
|
|
|
|
selects the first value of the selected category to be returned. If there is no property
|
2013-09-18 07:31:18 +02:00
|
|
|
that corresponds to the value of property, the next higher value is returned, if it exists.
|
2018-06-27 15:13:09 +02:00
|
|
|
The moreData parameter will have a value of YES if there are more values of the requested
|
2013-09-18 07:31:18 +02:00
|
|
|
type that were not returned.
|
2018-06-27 15:13:09 +02:00
|
|
|
If no next capability exists, the TPM will return a zero-length list and moreData will have
|
2013-09-18 07:31:18 +02:00
|
|
|
a value of NO.
|
|
|
|
|
2018-06-27 15:13:09 +02:00
|
|
|
NOTE:
|
|
|
|
To simplify this function, leave returned CapabilityData for caller to unpack since there are
|
2013-09-18 07:31:18 +02:00
|
|
|
many capability categories and only few categories will be used in firmware. It means the caller
|
2019-10-09 09:20:15 +02:00
|
|
|
need swap the byte order for the fields in CapabilityData.
|
2013-09-18 07:31:18 +02:00
|
|
|
|
|
|
|
@param[in] Capability Group selection; determines the format of the response.
|
2018-06-27 15:13:09 +02:00
|
|
|
@param[in] Property Further definition of information.
|
2013-09-18 07:31:18 +02:00
|
|
|
@param[in] PropertyCount Number of properties of the indicated type to return.
|
|
|
|
@param[out] MoreData Flag to indicate if there are more values of this type.
|
|
|
|
@param[out] CapabilityData The capability data.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapability (
|
|
|
|
IN TPM_CAP Capability,
|
|
|
|
IN UINT32 Property,
|
|
|
|
IN UINT32 PropertyCount,
|
|
|
|
OUT TPMI_YES_NO *MoreData,
|
|
|
|
OUT TPMS_CAPABILITY_DATA *CapabilityData
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM Family.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the Family.
|
|
|
|
|
|
|
|
@param[out] Family The Family of TPM. (a 4-octet character string)
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityFamily (
|
|
|
|
OUT CHAR8 *Family
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM manufacture ID.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.
|
|
|
|
|
|
|
|
@param[out] ManufactureId The manufacture ID of TPM.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityManufactureID (
|
|
|
|
OUT UINT32 *ManufactureId
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM FirmwareVersion.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.
|
|
|
|
|
|
|
|
@param[out] FirmwareVersion1 The FirmwareVersion1.
|
|
|
|
@param[out] FirmwareVersion2 The FirmwareVersion2.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityFirmwareVersion (
|
|
|
|
OUT UINT32 *FirmwareVersion1,
|
|
|
|
OUT UINT32 *FirmwareVersion2
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of the maximum value for commandSize and responseSize in a command.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the max command size and response size
|
|
|
|
|
|
|
|
@param[out] MaxCommandSize The maximum value for commandSize in a command.
|
|
|
|
@param[out] MaxResponseSize The maximum value for responseSize in a command.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityMaxCommandResponseSize (
|
|
|
|
OUT UINT32 *MaxCommandSize,
|
|
|
|
OUT UINT32 *MaxResponseSize
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an
|
2018-06-27 15:13:09 +02:00
|
|
|
algorithm ID and a set of properties of the algorithm.
|
2013-09-18 07:31:18 +02:00
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the list.
|
|
|
|
|
|
|
|
@param[out] AlgList List of algorithm.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilitySupportedAlg (
|
|
|
|
OUT TPML_ALG_PROPERTY *AlgList
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM LockoutCounter.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the LockoutCounter.
|
|
|
|
|
|
|
|
@param[out] LockoutCounter The LockoutCounter of TPM.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityLockoutCounter (
|
|
|
|
OUT UINT32 *LockoutCounter
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM LockoutInterval.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the LockoutInterval.
|
|
|
|
|
|
|
|
@param[out] LockoutInterval The LockoutInterval of TPM.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityLockoutInterval (
|
|
|
|
OUT UINT32 *LockoutInterval
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM InputBufferSize.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the InputBufferSize.
|
|
|
|
|
|
|
|
@param[out] InputBufferSize The InputBufferSize of TPM.
|
|
|
|
the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityInputBufferSize (
|
|
|
|
OUT UINT32 *InputBufferSize
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the information of TPM PCRs.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the PcrSelection.
|
|
|
|
|
|
|
|
@param[out] Pcrs The Pcr Selection
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityPcrs (
|
|
|
|
OUT TPML_PCR_SELECTION *Pcrs
|
|
|
|
);
|
|
|
|
|
2016-09-14 10:28:12 +02:00
|
|
|
/**
|
|
|
|
This function will query the TPM to determine which hashing algorithms
|
|
|
|
are supported and which PCR banks are currently active.
|
|
|
|
|
|
|
|
@param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
|
|
|
|
@param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
|
|
|
|
@retval Others An error occurred, likely in communication with the TPM.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilitySupportedAndActivePcrs (
|
|
|
|
OUT UINT32 *TpmHashAlgorithmBitmap,
|
|
|
|
OUT UINT32 *ActivePcrBanks
|
|
|
|
);
|
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
/**
|
|
|
|
This command returns the information of TPM AlgorithmSet.
|
|
|
|
|
|
|
|
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
|
|
|
|
|
|
|
|
@param[out] AlgorithmSet The AlgorithmSet of TPM.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityAlgorithmSet (
|
|
|
|
OUT UINT32 *AlgorithmSet
|
|
|
|
);
|
|
|
|
|
2020-07-28 10:20:39 +02:00
|
|
|
/**
|
|
|
|
This function will query if the command is supported.
|
|
|
|
|
|
|
|
@param[In] Command TPM_CC command starts from TPM_CC_FIRST.
|
|
|
|
@param[out] IsCmdImpl The command is supported or not.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2GetCapabilityIsCommandImplemented (
|
|
|
|
IN TPM_CC Command,
|
|
|
|
OUT BOOLEAN *IsCmdImpl
|
|
|
|
);
|
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
/**
|
|
|
|
This command is used to check to see if specific combinations of algorithm parameters are supported.
|
|
|
|
|
|
|
|
@param[in] Parameters Algorithm parameters to be validated
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2TestParms (
|
|
|
|
IN TPMT_PUBLIC_PARMS *Parameters
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command allows the platform to change the set of algorithms that are used by the TPM.
|
|
|
|
The algorithmSet setting is a vendor-dependent value.
|
|
|
|
|
|
|
|
@param[in] AuthHandle TPM_RH_PLATFORM
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] AlgorithmSet A TPM vendor-dependent value indicating the
|
|
|
|
algorithm set selection
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2SetAlgorithmSet (
|
|
|
|
IN TPMI_RH_PLATFORM AuthHandle,
|
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession,
|
|
|
|
IN UINT32 AlgorithmSet
|
|
|
|
);
|
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
/**
|
|
|
|
This command is used to start an authorization session using alternative methods of
|
|
|
|
establishing the session key (sessionKey) that is used for authorization and encrypting value.
|
|
|
|
|
|
|
|
@param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.
|
|
|
|
@param[in] Bind Entity providing the authValue.
|
|
|
|
@param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.
|
|
|
|
@param[in] Salt Value encrypted according to the type of tpmKey.
|
|
|
|
@param[in] SessionType Indicates the type of the session.
|
|
|
|
@param[in] Symmetric The algorithm and key size for parameter encryption.
|
|
|
|
@param[in] AuthHash Hash algorithm to use for the session.
|
|
|
|
@param[out] SessionHandle Handle for the newly created session.
|
|
|
|
@param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2StartAuthSession (
|
|
|
|
IN TPMI_DH_OBJECT TpmKey,
|
|
|
|
IN TPMI_DH_ENTITY Bind,
|
|
|
|
IN TPM2B_NONCE *NonceCaller,
|
|
|
|
IN TPM2B_ENCRYPTED_SECRET *Salt,
|
|
|
|
IN TPM_SE SessionType,
|
|
|
|
IN TPMT_SYM_DEF *Symmetric,
|
|
|
|
IN TPMI_ALG_HASH AuthHash,
|
|
|
|
OUT TPMI_SH_AUTH_SESSION *SessionHandle,
|
|
|
|
OUT TPM2B_NONCE *NonceTPM
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command causes all context associated with a loaded object or session to be removed from TPM memory.
|
|
|
|
|
|
|
|
@param[in] FlushHandle The handle of the item to flush.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2FlushContext (
|
|
|
|
IN TPMI_DH_CONTEXT FlushHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command includes a secret-based authorization to a policy.
|
|
|
|
The caller proves knowledge of the secret value using an authorization
|
|
|
|
session using the authValue associated with authHandle.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
@param[in] AuthHandle Handle for an entity providing the authorization
|
|
|
|
@param[in] PolicySession Handle for the policy session being extended.
|
|
|
|
@param[in] AuthSession Auth Session context
|
|
|
|
@param[in] NonceTPM The policy nonce for the session.
|
|
|
|
@param[in] CpHashA Digest of the command parameters to which this authorization is limited.
|
|
|
|
@param[in] PolicyRef A reference to a policy relating to the authorization.
|
|
|
|
@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
|
|
|
|
@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
|
|
|
|
@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PolicySecret (
|
|
|
|
IN TPMI_DH_ENTITY AuthHandle,
|
|
|
|
IN TPMI_SH_POLICY PolicySession,
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
|
2014-12-12 05:34:19 +01:00
|
|
|
IN TPM2B_NONCE *NonceTPM,
|
|
|
|
IN TPM2B_DIGEST *CpHashA,
|
|
|
|
IN TPM2B_NONCE *PolicyRef,
|
|
|
|
IN INT32 Expiration,
|
|
|
|
OUT TPM2B_TIMEOUT *Timeout,
|
|
|
|
OUT TPMT_TK_AUTH *PolicyTicket
|
|
|
|
);
|
|
|
|
|
2014-12-23 05:03:32 +01:00
|
|
|
/**
|
|
|
|
This command allows options in authorizations without requiring that the TPM evaluate all of the options.
|
|
|
|
If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that
|
|
|
|
satisfies the policy. This command will indicate that one of the required sets of conditions has been
|
|
|
|
satisfied.
|
|
|
|
|
|
|
|
@param[in] PolicySession Handle for the policy session being extended.
|
|
|
|
@param[in] HashList the list of hashes to check for a match.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-23 05:03:32 +01:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PolicyOR (
|
|
|
|
IN TPMI_SH_POLICY PolicySession,
|
|
|
|
IN TPML_DIGEST *HashList
|
|
|
|
);
|
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
/**
|
|
|
|
This command indicates that the authorization will be limited to a specific command code.
|
|
|
|
|
|
|
|
@param[in] PolicySession Handle for the policy session being extended.
|
|
|
|
@param[in] Code The allowed commandCode.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PolicyCommandCode (
|
|
|
|
IN TPMI_SH_POLICY PolicySession,
|
|
|
|
IN TPM_CC Code
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
This command returns the current policyDigest of the session. This command allows the TPM
|
|
|
|
to be used to perform the actions required to precompute the authPolicy for an object.
|
|
|
|
|
|
|
|
@param[in] PolicySession Handle for the policy session.
|
|
|
|
@param[out] PolicyHash the current value of the policyHash of policySession.
|
2018-06-27 15:13:09 +02:00
|
|
|
|
2014-12-12 05:34:19 +01:00
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PolicyGetDigest (
|
|
|
|
IN TPMI_SH_POLICY PolicySession,
|
|
|
|
OUT TPM2B_DIGEST *PolicyHash
|
|
|
|
);
|
|
|
|
|
2017-02-09 16:04:32 +01:00
|
|
|
/**
|
|
|
|
This command allows access to the public area of a loaded object.
|
|
|
|
|
|
|
|
@param[in] ObjectHandle TPM handle of an object
|
|
|
|
@param[out] OutPublic Structure containing the public area of an object
|
|
|
|
@param[out] Name Name of the object
|
|
|
|
@param[out] QualifiedName The Qualified Name of the object
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Operation completed successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR Unexpected device behavior.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2ReadPublic (
|
|
|
|
IN TPMI_DH_OBJECT ObjectHandle,
|
|
|
|
OUT TPM2B_PUBLIC *OutPublic,
|
|
|
|
OUT TPM2B_NAME *Name,
|
|
|
|
OUT TPM2B_NAME *QualifiedName
|
|
|
|
);
|
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
//
|
|
|
|
// Help function
|
|
|
|
//
|
|
|
|
|
|
|
|
/**
|
|
|
|
Copy AuthSessionIn to TPM2 command buffer.
|
|
|
|
|
|
|
|
@param [in] AuthSessionIn Input AuthSession data
|
|
|
|
@param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer
|
|
|
|
|
|
|
|
@return AuthSession size
|
|
|
|
**/
|
|
|
|
UINT32
|
|
|
|
EFIAPI
|
|
|
|
CopyAuthSessionCommand (
|
2021-12-03 03:00:56 +01:00
|
|
|
IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL,
|
2013-09-18 07:31:18 +02:00
|
|
|
OUT UINT8 *AuthSessionOut
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Copy AuthSessionIn from TPM2 response buffer.
|
|
|
|
|
|
|
|
@param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer
|
|
|
|
@param [out] AuthSessionOut Output AuthSession data
|
|
|
|
|
|
|
|
@return AuthSession size
|
|
|
|
**/
|
|
|
|
UINT32
|
|
|
|
EFIAPI
|
|
|
|
CopyAuthSessionResponse (
|
|
|
|
IN UINT8 *AuthSessionIn,
|
|
|
|
OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Return size of digest.
|
|
|
|
|
|
|
|
@param[in] HashAlgo Hash algorithm
|
|
|
|
|
|
|
|
@return size of digest
|
|
|
|
**/
|
|
|
|
UINT16
|
|
|
|
EFIAPI
|
|
|
|
GetHashSizeFromAlgo (
|
|
|
|
IN TPMI_ALG_HASH HashAlgo
|
|
|
|
);
|
|
|
|
|
2016-11-18 06:13:21 +01:00
|
|
|
/**
|
|
|
|
Get hash mask from algorithm.
|
|
|
|
|
|
|
|
@param[in] HashAlgo Hash algorithm
|
|
|
|
|
|
|
|
@return Hash mask
|
|
|
|
**/
|
|
|
|
UINT32
|
|
|
|
EFIAPI
|
|
|
|
GetHashMaskFromAlgo (
|
|
|
|
IN TPMI_ALG_HASH HashAlgo
|
|
|
|
);
|
|
|
|
|
2016-11-17 09:41:08 +01:00
|
|
|
/**
|
|
|
|
Return if hash alg is supported in HashAlgorithmMask.
|
|
|
|
|
|
|
|
@param HashAlg Hash algorithm to be checked.
|
|
|
|
@param HashAlgorithmMask Bitfield of allowed hash algorithms.
|
|
|
|
|
|
|
|
@retval TRUE Hash algorithm is supported.
|
|
|
|
@retval FALSE Hash algorithm is not supported.
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
IsHashAlgSupportedInHashAlgorithmMask (
|
|
|
|
IN TPMI_ALG_HASH HashAlg,
|
|
|
|
IN UINT32 HashAlgorithmMask
|
|
|
|
);
|
|
|
|
|
2016-09-14 04:45:19 +02:00
|
|
|
/**
|
|
|
|
Copy TPML_DIGEST_VALUES into a buffer
|
|
|
|
|
2016-11-18 02:54:21 +01:00
|
|
|
@param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary.
|
2016-09-14 04:45:19 +02:00
|
|
|
@param[in] DigestList TPML_DIGEST_VALUES to be copied.
|
|
|
|
@param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
|
|
|
|
|
|
|
|
@return The end of buffer to hold TPML_DIGEST_VALUES.
|
|
|
|
**/
|
|
|
|
VOID *
|
|
|
|
EFIAPI
|
|
|
|
CopyDigestListToBuffer (
|
|
|
|
IN OUT VOID *Buffer,
|
|
|
|
IN TPML_DIGEST_VALUES *DigestList,
|
|
|
|
IN UINT32 HashAlgorithmMask
|
|
|
|
);
|
|
|
|
|
2016-09-14 04:07:45 +02:00
|
|
|
/**
|
|
|
|
Get TPML_DIGEST_VALUES data size.
|
|
|
|
|
|
|
|
@param[in] DigestList TPML_DIGEST_VALUES data.
|
|
|
|
|
|
|
|
@return TPML_DIGEST_VALUES data size.
|
|
|
|
**/
|
|
|
|
UINT32
|
|
|
|
EFIAPI
|
|
|
|
GetDigestListSize (
|
|
|
|
IN TPML_DIGEST_VALUES *DigestList
|
|
|
|
);
|
|
|
|
|
2016-09-13 13:05:08 +02:00
|
|
|
/**
|
|
|
|
This function get digest from digest list.
|
|
|
|
|
2016-09-13 13:12:07 +02:00
|
|
|
@param[in] HashAlg Digest algorithm
|
|
|
|
@param[in] DigestList Digest list
|
|
|
|
@param[out] Digest Digest
|
2016-09-13 13:05:08 +02:00
|
|
|
|
2016-09-13 13:12:07 +02:00
|
|
|
@retval EFI_SUCCESS Digest is found and returned.
|
|
|
|
@retval EFI_NOT_FOUND Digest is not found.
|
2016-09-13 13:05:08 +02:00
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
GetDigestFromDigestList (
|
|
|
|
IN TPMI_ALG_HASH HashAlg,
|
|
|
|
IN TPML_DIGEST_VALUES *DigestList,
|
2016-09-13 13:12:07 +02:00
|
|
|
OUT VOID *Digest
|
2016-09-13 13:05:08 +02:00
|
|
|
);
|
|
|
|
|
2021-12-17 03:47:07 +01:00
|
|
|
/**
|
|
|
|
This function will query the TPM to determine which hashing algorithms and
|
|
|
|
get the digests of all active and supported PCR banks of a specific PCR register.
|
|
|
|
|
|
|
|
@param[in] PcrHandle The index of the PCR register to be read.
|
|
|
|
@param[out] HashList List of digests from PCR register being read.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS The Pcr was read successfully.
|
|
|
|
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
Tpm2PcrReadForActiveBank (
|
|
|
|
IN TPMI_DH_PCR PcrHandle,
|
|
|
|
OUT TPML_DIGEST *HashList
|
|
|
|
);
|
|
|
|
|
2013-09-18 07:31:18 +02:00
|
|
|
#endif
|