]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | This library is used by other modules to send TPM2 command.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
c1d93242 JY |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #ifndef _TPM2_COMMAND_LIB_H_\r | |
10 | #define _TPM2_COMMAND_LIB_H_\r | |
11 | \r | |
12 | #include <IndustryStandard/Tpm20.h>\r | |
13 | \r | |
14 | /**\r | |
15 | This command starts a hash or an Event sequence.\r | |
16 | If hashAlg is an implemented hash, then a hash sequence is started.\r | |
17 | If hashAlg is TPM_ALG_NULL, then an Event sequence is started.\r | |
18 | \r | |
19 | @param[in] HashAlg The hash algorithm to use for the hash sequence\r | |
20 | An Event sequence starts if this is TPM_ALG_NULL.\r | |
21 | @param[out] SequenceHandle A handle to reference the sequence\r | |
b3548d32 | 22 | \r |
c1d93242 JY |
23 | @retval EFI_SUCCESS Operation completed successfully.\r |
24 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
25 | **/\r | |
26 | EFI_STATUS\r | |
27 | EFIAPI\r | |
28 | Tpm2HashSequenceStart (\r | |
29 | IN TPMI_ALG_HASH HashAlg,\r | |
30 | OUT TPMI_DH_OBJECT *SequenceHandle\r | |
31 | );\r | |
32 | \r | |
33 | /**\r | |
34 | This command is used to add data to a hash or HMAC sequence.\r | |
35 | The amount of data in buffer may be any size up to the limits of the TPM.\r | |
36 | NOTE: In all TPM, a buffer size of 1,024 octets is allowed.\r | |
37 | \r | |
38 | @param[in] SequenceHandle Handle for the sequence object\r | |
39 | @param[in] Buffer Data to be added to hash\r | |
b3548d32 | 40 | \r |
c1d93242 JY |
41 | @retval EFI_SUCCESS Operation completed successfully.\r |
42 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
43 | **/\r | |
44 | EFI_STATUS\r | |
45 | EFIAPI\r | |
46 | Tpm2SequenceUpdate (\r | |
47 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
48 | IN TPM2B_MAX_BUFFER *Buffer\r | |
49 | );\r | |
50 | \r | |
51 | /**\r | |
52 | This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list.\r | |
53 | If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in\r | |
54 | the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each\r | |
55 | bank extended with the associated digest value.\r | |
56 | \r | |
57 | @param[in] PcrHandle PCR to be extended with the Event data\r | |
58 | @param[in] SequenceHandle Authorization for the sequence\r | |
59 | @param[in] Buffer Data to be added to the Event\r | |
60 | @param[out] Results List of digests computed for the PCR\r | |
b3548d32 | 61 | \r |
c1d93242 JY |
62 | @retval EFI_SUCCESS Operation completed successfully.\r |
63 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
64 | **/\r | |
65 | EFI_STATUS\r | |
66 | EFIAPI\r | |
67 | Tpm2EventSequenceComplete (\r | |
68 | IN TPMI_DH_PCR PcrHandle,\r | |
69 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
70 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
71 | OUT TPML_DIGEST_VALUES *Results\r | |
72 | );\r | |
73 | \r | |
74 | /**\r | |
75 | This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.\r | |
76 | \r | |
77 | @param[in] SequenceHandle Authorization for the sequence\r | |
78 | @param[in] Buffer Data to be added to the hash/HMAC\r | |
79 | @param[out] Result The returned HMAC or digest in a sized buffer\r | |
b3548d32 | 80 | \r |
c1d93242 JY |
81 | @retval EFI_SUCCESS Operation completed successfully.\r |
82 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
83 | **/\r | |
84 | EFI_STATUS\r | |
85 | EFIAPI\r | |
86 | Tpm2SequenceComplete (\r | |
87 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
88 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
89 | OUT TPM2B_DIGEST *Result\r | |
90 | );\r | |
91 | \r | |
92 | /**\r | |
93 | Send Startup command to TPM2.\r | |
94 | \r | |
95 | @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE\r | |
96 | \r | |
97 | @retval EFI_SUCCESS Operation completed successfully.\r | |
98 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
99 | **/\r | |
100 | EFI_STATUS\r | |
101 | EFIAPI\r | |
102 | Tpm2Startup (\r | |
103 | IN TPM_SU StartupType\r | |
104 | );\r | |
105 | \r | |
106 | /**\r | |
107 | Send Shutdown command to TPM2.\r | |
108 | \r | |
109 | @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE.\r | |
110 | \r | |
111 | @retval EFI_SUCCESS Operation completed successfully.\r | |
112 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
113 | **/\r | |
114 | EFI_STATUS\r | |
115 | EFIAPI\r | |
116 | Tpm2Shutdown (\r | |
117 | IN TPM_SU ShutdownType\r | |
118 | );\r | |
119 | \r | |
120 | /**\r | |
121 | This command causes the TPM to perform a test of its capabilities.\r | |
122 | If the fullTest is YES, the TPM will test all functions.\r | |
123 | If fullTest = NO, the TPM will only test those functions that have not previously been tested.\r | |
124 | \r | |
125 | @param[in] FullTest YES if full test to be performed\r | |
126 | NO if only test of untested functions required\r | |
127 | \r | |
128 | @retval EFI_SUCCESS Operation completed successfully.\r | |
129 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
130 | **/\r | |
131 | EFI_STATUS\r | |
132 | EFIAPI\r | |
133 | Tpm2SelfTest (\r | |
134 | IN TPMI_YES_NO FullTest\r | |
135 | );\r | |
136 | \r | |
967eacca JY |
137 | /**\r |
138 | This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r | |
139 | storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r | |
140 | \r | |
141 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r | |
142 | @param[in] AuthSession Auth Session context\r | |
143 | @param[in] AuthPolicy An authorization policy hash\r | |
144 | @param[in] HashAlg The hash algorithm to use for the policy\r | |
145 | \r | |
146 | @retval EFI_SUCCESS Operation completed successfully.\r | |
147 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
148 | **/\r | |
149 | EFI_STATUS\r | |
150 | EFIAPI\r | |
151 | Tpm2SetPrimaryPolicy (\r | |
152 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
153 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
154 | IN TPM2B_DIGEST *AuthPolicy,\r | |
155 | IN TPMI_ALG_HASH HashAlg\r | |
156 | );\r | |
157 | \r | |
c1d93242 JY |
158 | /**\r |
159 | This command removes all TPM context associated with a specific Owner.\r | |
160 | \r | |
161 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
162 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 163 | \r |
c1d93242 JY |
164 | @retval EFI_SUCCESS Operation completed successfully.\r |
165 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
166 | **/\r | |
167 | EFI_STATUS\r | |
168 | EFIAPI\r | |
169 | Tpm2Clear (\r | |
170 | IN TPMI_RH_CLEAR AuthHandle,\r | |
171 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
172 | );\r | |
173 | \r | |
174 | /**\r | |
175 | Disables and enables the execution of TPM2_Clear().\r | |
176 | \r | |
177 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
178 | @param[in] AuthSession Auth Session context\r | |
179 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
180 | NO if the flag is to be CLEAR.\r | |
181 | \r | |
182 | @retval EFI_SUCCESS Operation completed successfully.\r | |
183 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
184 | **/\r | |
185 | EFI_STATUS\r | |
186 | EFIAPI\r | |
187 | Tpm2ClearControl (\r | |
188 | IN TPMI_RH_CLEAR AuthHandle,\r | |
189 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
190 | IN TPMI_YES_NO Disable\r | |
191 | );\r | |
192 | \r | |
193 | /**\r | |
194 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
195 | authorization value as the command authorization.\r | |
196 | \r | |
197 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
198 | @param[in] AuthSession Auth Session context\r | |
199 | @param[in] NewAuth New authorization secret\r | |
200 | \r | |
201 | @retval EFI_SUCCESS Operation completed successfully.\r | |
202 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
203 | **/\r | |
204 | EFI_STATUS\r | |
205 | EFIAPI\r | |
206 | Tpm2HierarchyChangeAuth (\r | |
207 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
208 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
209 | IN TPM2B_AUTH *NewAuth\r | |
210 | );\r | |
211 | \r | |
212 | /**\r | |
213 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
214 | their default initialization values.\r | |
215 | \r | |
216 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
217 | @param[in] AuthSession Auth Session context\r | |
218 | \r | |
219 | @retval EFI_SUCCESS Operation completed successfully.\r | |
220 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
221 | **/\r | |
222 | EFI_STATUS\r | |
223 | EFIAPI\r | |
224 | Tpm2ChangeEPS (\r | |
225 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
226 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
227 | );\r | |
228 | \r | |
229 | /**\r | |
230 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
231 | initialization value (the Empty Buffer).\r | |
232 | \r | |
233 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
234 | @param[in] AuthSession Auth Session context\r | |
235 | \r | |
236 | @retval EFI_SUCCESS Operation completed successfully.\r | |
237 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
238 | **/\r | |
239 | EFI_STATUS\r | |
240 | EFIAPI\r | |
241 | Tpm2ChangePPS (\r | |
242 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
243 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
244 | );\r | |
245 | \r | |
246 | /**\r | |
247 | This command enables and disables use of a hierarchy.\r | |
248 | \r | |
249 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
250 | @param[in] AuthSession Auth Session context\r | |
251 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
252 | @param[in] State YES if the enable should be SET,\r | |
253 | NO if the enable should be CLEAR\r | |
254 | \r | |
255 | @retval EFI_SUCCESS Operation completed successfully.\r | |
256 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
257 | **/\r | |
258 | EFI_STATUS\r | |
259 | EFIAPI\r | |
260 | Tpm2HierarchyControl (\r | |
261 | IN TPMI_RH_HIERARCHY AuthHandle,\r | |
262 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
263 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
264 | IN TPMI_YES_NO State\r | |
265 | );\r | |
266 | \r | |
267 | /**\r | |
268 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
269 | If this command is properly authorized, the lockout counter is set to zero.\r | |
270 | \r | |
271 | @param[in] LockHandle LockHandle\r | |
272 | @param[in] AuthSession Auth Session context\r | |
273 | \r | |
274 | @retval EFI_SUCCESS Operation completed successfully.\r | |
275 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
276 | **/\r | |
277 | EFI_STATUS\r | |
278 | EFIAPI\r | |
279 | Tpm2DictionaryAttackLockReset (\r | |
280 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
281 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
282 | );\r | |
283 | \r | |
284 | /**\r | |
285 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
286 | If this command is properly authorized, the lockout counter is set to zero.\r | |
287 | \r | |
288 | @param[in] LockHandle LockHandle\r | |
289 | @param[in] AuthSession Auth Session context\r | |
290 | @param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r | |
291 | @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r | |
292 | @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r | |
293 | \r | |
294 | @retval EFI_SUCCESS Operation completed successfully.\r | |
295 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
296 | **/\r | |
297 | EFI_STATUS\r | |
298 | EFIAPI\r | |
299 | Tpm2DictionaryAttackParameters (\r | |
300 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
301 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
302 | IN UINT32 NewMaxTries,\r | |
303 | IN UINT32 NewRecoveryTime,\r | |
304 | IN UINT32 LockoutRecovery\r | |
305 | );\r | |
306 | \r | |
307 | /**\r | |
308 | This command is used to read the public area and Name of an NV Index.\r | |
309 | \r | |
310 | @param[in] NvIndex The NV Index.\r | |
311 | @param[out] NvPublic The public area of the index.\r | |
312 | @param[out] NvName The Name of the nvIndex.\r | |
b3548d32 | 313 | \r |
c1d93242 JY |
314 | @retval EFI_SUCCESS Operation completed successfully.\r |
315 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
316 | **/\r | |
317 | EFI_STATUS\r | |
318 | EFIAPI\r | |
319 | Tpm2NvReadPublic (\r | |
320 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
321 | OUT TPM2B_NV_PUBLIC *NvPublic,\r | |
322 | OUT TPM2B_NAME *NvName\r | |
323 | );\r | |
324 | \r | |
325 | /**\r | |
326 | This command defines the attributes of an NV Index and causes the TPM to\r | |
327 | reserve space to hold the data associated with the index.\r | |
328 | If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r | |
329 | \r | |
330 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
331 | @param[in] AuthSession Auth Session context\r | |
332 | @param[in] Auth The authorization data.\r | |
333 | @param[in] NvPublic The public area of the index.\r | |
b3548d32 | 334 | \r |
c1d93242 JY |
335 | @retval EFI_SUCCESS Operation completed successfully.\r |
336 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
337 | @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r | |
338 | **/\r | |
339 | EFI_STATUS\r | |
340 | EFIAPI\r | |
341 | Tpm2NvDefineSpace (\r | |
342 | IN TPMI_RH_PROVISION AuthHandle,\r | |
343 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
344 | IN TPM2B_AUTH *Auth,\r | |
345 | IN TPM2B_NV_PUBLIC *NvPublic\r | |
346 | );\r | |
347 | \r | |
348 | /**\r | |
349 | This command removes an index from the TPM.\r | |
350 | \r | |
351 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
352 | @param[in] NvIndex The NV Index.\r | |
353 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 354 | \r |
c1d93242 JY |
355 | @retval EFI_SUCCESS Operation completed successfully.\r |
356 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
357 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
358 | **/\r | |
359 | EFI_STATUS\r | |
360 | EFIAPI\r | |
361 | Tpm2NvUndefineSpace (\r | |
362 | IN TPMI_RH_PROVISION AuthHandle,\r | |
363 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
364 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
365 | );\r | |
366 | \r | |
367 | /**\r | |
368 | This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r | |
369 | \r | |
370 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
371 | @param[in] NvIndex The index to be read.\r | |
372 | @param[in] AuthSession Auth Session context\r | |
373 | @param[in] Size Number of bytes to read.\r | |
374 | @param[in] Offset Byte offset into the area.\r | |
375 | @param[in,out] OutData The data read.\r | |
b3548d32 | 376 | \r |
c1d93242 JY |
377 | @retval EFI_SUCCESS Operation completed successfully.\r |
378 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
379 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
380 | **/\r | |
381 | EFI_STATUS\r | |
382 | EFIAPI\r | |
383 | Tpm2NvRead (\r | |
384 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
385 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
386 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
387 | IN UINT16 Size,\r | |
388 | IN UINT16 Offset,\r | |
389 | IN OUT TPM2B_MAX_BUFFER *OutData\r | |
390 | );\r | |
391 | \r | |
392 | /**\r | |
393 | This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r | |
394 | \r | |
395 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
396 | @param[in] NvIndex The NV Index of the area to write.\r | |
397 | @param[in] AuthSession Auth Session context\r | |
398 | @param[in] InData The data to write.\r | |
399 | @param[in] Offset The offset into the NV Area.\r | |
b3548d32 | 400 | \r |
c1d93242 JY |
401 | @retval EFI_SUCCESS Operation completed successfully.\r |
402 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
403 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
404 | **/\r | |
405 | EFI_STATUS\r | |
406 | EFIAPI\r | |
407 | Tpm2NvWrite (\r | |
408 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
409 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
410 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
411 | IN TPM2B_MAX_BUFFER *InData,\r | |
412 | IN UINT16 Offset\r | |
413 | );\r | |
414 | \r | |
415 | /**\r | |
416 | This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r | |
417 | \r | |
418 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
419 | @param[in] NvIndex The NV Index of the area to lock.\r | |
420 | @param[in] AuthSession Auth Session context\r | |
421 | \r | |
422 | @retval EFI_SUCCESS Operation completed successfully.\r | |
423 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
424 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
425 | **/\r | |
426 | EFI_STATUS\r | |
427 | EFIAPI\r | |
428 | Tpm2NvReadLock (\r | |
429 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
430 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
431 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
432 | );\r | |
433 | \r | |
434 | /**\r | |
435 | This command may be used to inhibit further writes of the Index.\r | |
436 | \r | |
437 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
438 | @param[in] NvIndex The NV Index of the area to lock.\r | |
439 | @param[in] AuthSession Auth Session context\r | |
440 | \r | |
441 | @retval EFI_SUCCESS Operation completed successfully.\r | |
442 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
443 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
444 | **/\r | |
445 | EFI_STATUS\r | |
446 | EFIAPI\r | |
447 | Tpm2NvWriteLock (\r | |
448 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
449 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
450 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
451 | );\r | |
452 | \r | |
453 | /**\r | |
454 | The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r | |
455 | \r | |
456 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
457 | @param[in] AuthSession Auth Session context\r | |
458 | \r | |
459 | @retval EFI_SUCCESS Operation completed successfully.\r | |
460 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
461 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
462 | **/\r | |
463 | EFI_STATUS\r | |
464 | EFIAPI\r | |
465 | Tpm2NvGlobalWriteLock (\r | |
466 | IN TPMI_RH_PROVISION AuthHandle,\r | |
467 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
468 | );\r | |
469 | \r | |
470 | /**\r | |
471 | This command is used to cause an update to the indicated PCR.\r | |
472 | The digests parameter contains one or more tagged digest value identified by an algorithm ID.\r | |
473 | For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).\r | |
474 | \r | |
475 | @param[in] PcrHandle Handle of the PCR\r | |
476 | @param[in] Digests List of tagged digest values to be extended\r | |
477 | \r | |
478 | @retval EFI_SUCCESS Operation completed successfully.\r | |
479 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
480 | **/\r | |
481 | EFI_STATUS\r | |
482 | EFIAPI\r | |
483 | Tpm2PcrExtend (\r | |
484 | IN TPMI_DH_PCR PcrHandle,\r | |
485 | IN TPML_DIGEST_VALUES *Digests\r | |
486 | );\r | |
487 | \r | |
488 | /**\r | |
489 | This command is used to cause an update to the indicated PCR.\r | |
490 | The data in eventData is hashed using the hash algorithm associated with each bank in which the\r | |
491 | indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle\r | |
492 | references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in\r | |
493 | TPM2_PCR_Extend().\r | |
494 | A TPM shall support an Event.size of zero through 1,024 inclusive.\r | |
495 | \r | |
496 | @param[in] PcrHandle Handle of the PCR\r | |
497 | @param[in] EventData Event data in sized buffer\r | |
498 | @param[out] Digests List of digest\r | |
499 | \r | |
500 | @retval EFI_SUCCESS Operation completed successfully.\r | |
501 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
502 | **/\r | |
503 | EFI_STATUS\r | |
504 | EFIAPI\r | |
505 | Tpm2PcrEvent (\r | |
506 | IN TPMI_DH_PCR PcrHandle,\r | |
507 | IN TPM2B_EVENT *EventData,\r | |
508 | OUT TPML_DIGEST_VALUES *Digests\r | |
509 | );\r | |
510 | \r | |
511 | /**\r | |
512 | This command returns the values of all PCR specified in pcrSelect.\r | |
513 | \r | |
514 | @param[in] PcrSelectionIn The selection of PCR to read.\r | |
515 | @param[out] PcrUpdateCounter The current value of the PCR update counter.\r | |
516 | @param[out] PcrSelectionOut The PCR in the returned list.\r | |
517 | @param[out] PcrValues The contents of the PCR indicated in pcrSelect.\r | |
b3548d32 | 518 | \r |
c1d93242 JY |
519 | @retval EFI_SUCCESS Operation completed successfully.\r |
520 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
521 | **/\r | |
522 | EFI_STATUS\r | |
523 | EFIAPI\r | |
524 | Tpm2PcrRead (\r | |
525 | IN TPML_PCR_SELECTION *PcrSelectionIn,\r | |
526 | OUT UINT32 *PcrUpdateCounter,\r | |
527 | OUT TPML_PCR_SELECTION *PcrSelectionOut,\r | |
528 | OUT TPML_DIGEST *PcrValues\r | |
529 | );\r | |
530 | \r | |
531 | /**\r | |
532 | This command is used to set the desired PCR allocation of PCR and algorithms.\r | |
533 | \r | |
534 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
535 | @param[in] AuthSession Auth Session context\r | |
536 | @param[in] PcrAllocation The requested allocation\r | |
537 | @param[out] AllocationSuccess YES if the allocation succeeded\r | |
538 | @param[out] MaxPCR maximum number of PCR that may be in a bank\r | |
539 | @param[out] SizeNeeded number of octets required to satisfy the request\r | |
540 | @param[out] SizeAvailable Number of octets available. Computed before the allocation\r | |
b3548d32 | 541 | \r |
c1d93242 JY |
542 | @retval EFI_SUCCESS Operation completed successfully.\r |
543 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
544 | **/\r | |
545 | EFI_STATUS\r | |
546 | EFIAPI\r | |
547 | Tpm2PcrAllocate (\r | |
548 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
549 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
550 | IN TPML_PCR_SELECTION *PcrAllocation,\r | |
551 | OUT TPMI_YES_NO *AllocationSuccess,\r | |
552 | OUT UINT32 *MaxPCR,\r | |
553 | OUT UINT32 *SizeNeeded,\r | |
554 | OUT UINT32 *SizeAvailable\r | |
555 | );\r | |
556 | \r | |
f9c9a140 JY |
557 | /**\r |
558 | Alloc PCR data.\r | |
559 | \r | |
560 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
561 | @param[in] SupportedPCRBanks Supported PCR banks\r | |
562 | @param[in] PCRBanks PCR banks\r | |
563 | \r | |
564 | @retval EFI_SUCCESS Operation completed successfully.\r | |
565 | **/\r | |
566 | EFI_STATUS\r | |
567 | EFIAPI\r | |
568 | Tpm2PcrAllocateBanks (\r | |
569 | IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r | |
570 | IN UINT32 SupportedPCRBanks,\r | |
571 | IN UINT32 PCRBanks\r | |
572 | );\r | |
573 | \r | |
c1d93242 JY |
574 | /**\r |
575 | This command returns various information regarding the TPM and its current state.\r | |
576 | \r | |
b3548d32 LG |
577 | The capability parameter determines the category of data returned. The property parameter\r |
578 | selects the first value of the selected category to be returned. If there is no property\r | |
c1d93242 | 579 | that corresponds to the value of property, the next higher value is returned, if it exists.\r |
b3548d32 | 580 | The moreData parameter will have a value of YES if there are more values of the requested\r |
c1d93242 | 581 | type that were not returned.\r |
b3548d32 | 582 | If no next capability exists, the TPM will return a zero-length list and moreData will have\r |
c1d93242 JY |
583 | a value of NO.\r |
584 | \r | |
b3548d32 LG |
585 | NOTE:\r |
586 | To simplify this function, leave returned CapabilityData for caller to unpack since there are\r | |
c1d93242 JY |
587 | many capability categories and only few categories will be used in firmware. It means the caller\r |
588 | need swap the byte order for the feilds in CapabilityData.\r | |
589 | \r | |
590 | @param[in] Capability Group selection; determines the format of the response.\r | |
b3548d32 | 591 | @param[in] Property Further definition of information.\r |
c1d93242 JY |
592 | @param[in] PropertyCount Number of properties of the indicated type to return.\r |
593 | @param[out] MoreData Flag to indicate if there are more values of this type.\r | |
594 | @param[out] CapabilityData The capability data.\r | |
b3548d32 | 595 | \r |
c1d93242 JY |
596 | @retval EFI_SUCCESS Operation completed successfully.\r |
597 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
598 | **/\r | |
599 | EFI_STATUS\r | |
600 | EFIAPI\r | |
601 | Tpm2GetCapability (\r | |
602 | IN TPM_CAP Capability,\r | |
603 | IN UINT32 Property,\r | |
604 | IN UINT32 PropertyCount,\r | |
605 | OUT TPMI_YES_NO *MoreData,\r | |
606 | OUT TPMS_CAPABILITY_DATA *CapabilityData\r | |
607 | );\r | |
608 | \r | |
609 | /**\r | |
610 | This command returns the information of TPM Family.\r | |
611 | \r | |
612 | This function parse the value got from TPM2_GetCapability and return the Family.\r | |
613 | \r | |
614 | @param[out] Family The Family of TPM. (a 4-octet character string)\r | |
b3548d32 | 615 | \r |
c1d93242 JY |
616 | @retval EFI_SUCCESS Operation completed successfully.\r |
617 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
618 | **/\r | |
619 | EFI_STATUS\r | |
620 | EFIAPI\r | |
621 | Tpm2GetCapabilityFamily (\r | |
622 | OUT CHAR8 *Family\r | |
623 | );\r | |
624 | \r | |
625 | /**\r | |
626 | This command returns the information of TPM manufacture ID.\r | |
627 | \r | |
628 | This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.\r | |
629 | \r | |
630 | @param[out] ManufactureId The manufacture ID of TPM.\r | |
b3548d32 | 631 | \r |
c1d93242 JY |
632 | @retval EFI_SUCCESS Operation completed successfully.\r |
633 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
634 | **/\r | |
635 | EFI_STATUS\r | |
636 | EFIAPI\r | |
637 | Tpm2GetCapabilityManufactureID (\r | |
638 | OUT UINT32 *ManufactureId\r | |
639 | );\r | |
640 | \r | |
641 | /**\r | |
642 | This command returns the information of TPM FirmwareVersion.\r | |
643 | \r | |
644 | This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.\r | |
645 | \r | |
646 | @param[out] FirmwareVersion1 The FirmwareVersion1.\r | |
647 | @param[out] FirmwareVersion2 The FirmwareVersion2.\r | |
b3548d32 | 648 | \r |
c1d93242 JY |
649 | @retval EFI_SUCCESS Operation completed successfully.\r |
650 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
651 | **/\r | |
652 | EFI_STATUS\r | |
653 | EFIAPI\r | |
654 | Tpm2GetCapabilityFirmwareVersion (\r | |
655 | OUT UINT32 *FirmwareVersion1,\r | |
656 | OUT UINT32 *FirmwareVersion2\r | |
657 | );\r | |
658 | \r | |
659 | /**\r | |
660 | This command returns the information of the maximum value for commandSize and responseSize in a command.\r | |
661 | \r | |
662 | This function parse the value got from TPM2_GetCapability and return the max command size and response size\r | |
663 | \r | |
664 | @param[out] MaxCommandSize The maximum value for commandSize in a command.\r | |
665 | @param[out] MaxResponseSize The maximum value for responseSize in a command.\r | |
b3548d32 | 666 | \r |
c1d93242 JY |
667 | @retval EFI_SUCCESS Operation completed successfully.\r |
668 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
669 | **/\r | |
670 | EFI_STATUS\r | |
671 | EFIAPI\r | |
672 | Tpm2GetCapabilityMaxCommandResponseSize (\r | |
673 | OUT UINT32 *MaxCommandSize,\r | |
674 | OUT UINT32 *MaxResponseSize\r | |
675 | );\r | |
676 | \r | |
677 | /**\r | |
678 | This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an\r | |
b3548d32 | 679 | algorithm ID and a set of properties of the algorithm.\r |
c1d93242 JY |
680 | \r |
681 | This function parse the value got from TPM2_GetCapability and return the list.\r | |
682 | \r | |
683 | @param[out] AlgList List of algorithm.\r | |
b3548d32 | 684 | \r |
c1d93242 JY |
685 | @retval EFI_SUCCESS Operation completed successfully.\r |
686 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
687 | **/\r | |
688 | EFI_STATUS\r | |
689 | EFIAPI\r | |
690 | Tpm2GetCapabilitySupportedAlg (\r | |
691 | OUT TPML_ALG_PROPERTY *AlgList\r | |
692 | );\r | |
693 | \r | |
694 | /**\r | |
695 | This command returns the information of TPM LockoutCounter.\r | |
696 | \r | |
697 | This function parse the value got from TPM2_GetCapability and return the LockoutCounter.\r | |
698 | \r | |
699 | @param[out] LockoutCounter The LockoutCounter of TPM.\r | |
b3548d32 | 700 | \r |
c1d93242 JY |
701 | @retval EFI_SUCCESS Operation completed successfully.\r |
702 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
703 | **/\r | |
704 | EFI_STATUS\r | |
705 | EFIAPI\r | |
706 | Tpm2GetCapabilityLockoutCounter (\r | |
707 | OUT UINT32 *LockoutCounter\r | |
708 | );\r | |
709 | \r | |
710 | /**\r | |
711 | This command returns the information of TPM LockoutInterval.\r | |
712 | \r | |
713 | This function parse the value got from TPM2_GetCapability and return the LockoutInterval.\r | |
714 | \r | |
715 | @param[out] LockoutInterval The LockoutInterval of TPM.\r | |
b3548d32 | 716 | \r |
c1d93242 JY |
717 | @retval EFI_SUCCESS Operation completed successfully.\r |
718 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
719 | **/\r | |
720 | EFI_STATUS\r | |
721 | EFIAPI\r | |
722 | Tpm2GetCapabilityLockoutInterval (\r | |
723 | OUT UINT32 *LockoutInterval\r | |
724 | );\r | |
725 | \r | |
726 | /**\r | |
727 | This command returns the information of TPM InputBufferSize.\r | |
728 | \r | |
729 | This function parse the value got from TPM2_GetCapability and return the InputBufferSize.\r | |
730 | \r | |
731 | @param[out] InputBufferSize The InputBufferSize of TPM.\r | |
732 | the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)\r | |
b3548d32 | 733 | \r |
c1d93242 JY |
734 | @retval EFI_SUCCESS Operation completed successfully.\r |
735 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
736 | **/\r | |
737 | EFI_STATUS\r | |
738 | EFIAPI\r | |
739 | Tpm2GetCapabilityInputBufferSize (\r | |
740 | OUT UINT32 *InputBufferSize\r | |
741 | );\r | |
742 | \r | |
743 | /**\r | |
744 | This command returns the information of TPM PCRs.\r | |
745 | \r | |
746 | This function parse the value got from TPM2_GetCapability and return the PcrSelection.\r | |
747 | \r | |
748 | @param[out] Pcrs The Pcr Selection\r | |
b3548d32 | 749 | \r |
c1d93242 JY |
750 | @retval EFI_SUCCESS Operation completed successfully.\r |
751 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
752 | **/\r | |
753 | EFI_STATUS\r | |
754 | EFIAPI\r | |
755 | Tpm2GetCapabilityPcrs (\r | |
756 | OUT TPML_PCR_SELECTION *Pcrs\r | |
757 | );\r | |
758 | \r | |
07cdba18 JY |
759 | /**\r |
760 | This function will query the TPM to determine which hashing algorithms\r | |
761 | are supported and which PCR banks are currently active.\r | |
762 | \r | |
763 | @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.\r | |
764 | @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.\r | |
765 | \r | |
766 | @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.\r | |
767 | @retval Others An error occurred, likely in communication with the TPM.\r | |
768 | \r | |
769 | **/\r | |
770 | EFI_STATUS\r | |
771 | EFIAPI\r | |
772 | Tpm2GetCapabilitySupportedAndActivePcrs(\r | |
773 | OUT UINT32 *TpmHashAlgorithmBitmap,\r | |
774 | OUT UINT32 *ActivePcrBanks\r | |
775 | );\r | |
776 | \r | |
c1d93242 JY |
777 | /**\r |
778 | This command returns the information of TPM AlgorithmSet.\r | |
779 | \r | |
780 | This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.\r | |
781 | \r | |
782 | @param[out] AlgorithmSet The AlgorithmSet of TPM.\r | |
b3548d32 | 783 | \r |
c1d93242 JY |
784 | @retval EFI_SUCCESS Operation completed successfully.\r |
785 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
786 | **/\r | |
787 | EFI_STATUS\r | |
788 | EFIAPI\r | |
789 | Tpm2GetCapabilityAlgorithmSet (\r | |
790 | OUT UINT32 *AlgorithmSet\r | |
791 | );\r | |
792 | \r | |
793 | /**\r | |
794 | This command is used to check to see if specific combinations of algorithm parameters are supported.\r | |
795 | \r | |
796 | @param[in] Parameters Algorithm parameters to be validated\r | |
797 | \r | |
798 | @retval EFI_SUCCESS Operation completed successfully.\r | |
799 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
800 | **/\r | |
801 | EFI_STATUS\r | |
802 | EFIAPI\r | |
803 | Tpm2TestParms (\r | |
804 | IN TPMT_PUBLIC_PARMS *Parameters\r | |
805 | );\r | |
806 | \r | |
807 | /**\r | |
808 | This command allows the platform to change the set of algorithms that are used by the TPM.\r | |
809 | The algorithmSet setting is a vendor-dependent value.\r | |
810 | \r | |
811 | @param[in] AuthHandle TPM_RH_PLATFORM\r | |
812 | @param[in] AuthSession Auth Session context\r | |
813 | @param[in] AlgorithmSet A TPM vendor-dependent value indicating the\r | |
814 | algorithm set selection\r | |
815 | \r | |
816 | @retval EFI_SUCCESS Operation completed successfully.\r | |
817 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
818 | **/\r | |
819 | EFI_STATUS\r | |
820 | EFIAPI\r | |
821 | Tpm2SetAlgorithmSet (\r | |
822 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
823 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
824 | IN UINT32 AlgorithmSet\r | |
825 | );\r | |
826 | \r | |
967eacca JY |
827 | /**\r |
828 | This command is used to start an authorization session using alternative methods of\r | |
829 | establishing the session key (sessionKey) that is used for authorization and encrypting value.\r | |
830 | \r | |
831 | @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.\r | |
832 | @param[in] Bind Entity providing the authValue.\r | |
833 | @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.\r | |
834 | @param[in] Salt Value encrypted according to the type of tpmKey.\r | |
835 | @param[in] SessionType Indicates the type of the session.\r | |
836 | @param[in] Symmetric The algorithm and key size for parameter encryption.\r | |
837 | @param[in] AuthHash Hash algorithm to use for the session.\r | |
838 | @param[out] SessionHandle Handle for the newly created session.\r | |
839 | @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.\r | |
b3548d32 | 840 | \r |
967eacca JY |
841 | @retval EFI_SUCCESS Operation completed successfully.\r |
842 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
843 | **/\r | |
844 | EFI_STATUS\r | |
845 | EFIAPI\r | |
846 | Tpm2StartAuthSession (\r | |
847 | IN TPMI_DH_OBJECT TpmKey,\r | |
848 | IN TPMI_DH_ENTITY Bind,\r | |
849 | IN TPM2B_NONCE *NonceCaller,\r | |
850 | IN TPM2B_ENCRYPTED_SECRET *Salt,\r | |
851 | IN TPM_SE SessionType,\r | |
852 | IN TPMT_SYM_DEF *Symmetric,\r | |
853 | IN TPMI_ALG_HASH AuthHash,\r | |
854 | OUT TPMI_SH_AUTH_SESSION *SessionHandle,\r | |
855 | OUT TPM2B_NONCE *NonceTPM\r | |
856 | );\r | |
857 | \r | |
858 | /**\r | |
859 | This command causes all context associated with a loaded object or session to be removed from TPM memory.\r | |
860 | \r | |
861 | @param[in] FlushHandle The handle of the item to flush.\r | |
b3548d32 | 862 | \r |
967eacca JY |
863 | @retval EFI_SUCCESS Operation completed successfully.\r |
864 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
865 | **/\r | |
866 | EFI_STATUS\r | |
867 | EFIAPI\r | |
868 | Tpm2FlushContext (\r | |
869 | IN TPMI_DH_CONTEXT FlushHandle\r | |
870 | );\r | |
871 | \r | |
872 | /**\r | |
873 | This command includes a secret-based authorization to a policy.\r | |
874 | The caller proves knowledge of the secret value using an authorization\r | |
875 | session using the authValue associated with authHandle.\r | |
b3548d32 | 876 | \r |
967eacca JY |
877 | @param[in] AuthHandle Handle for an entity providing the authorization\r |
878 | @param[in] PolicySession Handle for the policy session being extended.\r | |
879 | @param[in] AuthSession Auth Session context\r | |
880 | @param[in] NonceTPM The policy nonce for the session.\r | |
881 | @param[in] CpHashA Digest of the command parameters to which this authorization is limited.\r | |
882 | @param[in] PolicyRef A reference to a policy relating to the authorization.\r | |
883 | @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r | |
884 | @param[out] Timeout Time value used to indicate to the TPM when the ticket expires.\r | |
885 | @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.\r | |
b3548d32 | 886 | \r |
967eacca JY |
887 | @retval EFI_SUCCESS Operation completed successfully.\r |
888 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
889 | **/\r | |
890 | EFI_STATUS\r | |
891 | EFIAPI\r | |
892 | Tpm2PolicySecret (\r | |
893 | IN TPMI_DH_ENTITY AuthHandle,\r | |
894 | IN TPMI_SH_POLICY PolicySession,\r | |
895 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
896 | IN TPM2B_NONCE *NonceTPM,\r | |
897 | IN TPM2B_DIGEST *CpHashA,\r | |
898 | IN TPM2B_NONCE *PolicyRef,\r | |
899 | IN INT32 Expiration,\r | |
900 | OUT TPM2B_TIMEOUT *Timeout,\r | |
901 | OUT TPMT_TK_AUTH *PolicyTicket\r | |
902 | );\r | |
903 | \r | |
a50e58f4 JY |
904 | /**\r |
905 | This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r | |
906 | If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r | |
907 | satisfies the policy. This command will indicate that one of the required sets of conditions has been\r | |
908 | satisfied.\r | |
909 | \r | |
910 | @param[in] PolicySession Handle for the policy session being extended.\r | |
911 | @param[in] HashList the list of hashes to check for a match.\r | |
b3548d32 | 912 | \r |
a50e58f4 JY |
913 | @retval EFI_SUCCESS Operation completed successfully.\r |
914 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
915 | **/\r | |
916 | EFI_STATUS\r | |
917 | EFIAPI\r | |
918 | Tpm2PolicyOR (\r | |
919 | IN TPMI_SH_POLICY PolicySession,\r | |
920 | IN TPML_DIGEST *HashList\r | |
921 | );\r | |
922 | \r | |
967eacca JY |
923 | /**\r |
924 | This command indicates that the authorization will be limited to a specific command code.\r | |
925 | \r | |
926 | @param[in] PolicySession Handle for the policy session being extended.\r | |
927 | @param[in] Code The allowed commandCode.\r | |
b3548d32 | 928 | \r |
967eacca JY |
929 | @retval EFI_SUCCESS Operation completed successfully.\r |
930 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
931 | **/\r | |
932 | EFI_STATUS\r | |
933 | EFIAPI\r | |
934 | Tpm2PolicyCommandCode (\r | |
935 | IN TPMI_SH_POLICY PolicySession,\r | |
936 | IN TPM_CC Code\r | |
937 | );\r | |
938 | \r | |
939 | /**\r | |
940 | This command returns the current policyDigest of the session. This command allows the TPM\r | |
941 | to be used to perform the actions required to precompute the authPolicy for an object.\r | |
942 | \r | |
943 | @param[in] PolicySession Handle for the policy session.\r | |
944 | @param[out] PolicyHash the current value of the policyHash of policySession.\r | |
b3548d32 | 945 | \r |
967eacca JY |
946 | @retval EFI_SUCCESS Operation completed successfully.\r |
947 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
948 | **/\r | |
949 | EFI_STATUS\r | |
950 | EFIAPI\r | |
951 | Tpm2PolicyGetDigest (\r | |
952 | IN TPMI_SH_POLICY PolicySession,\r | |
953 | OUT TPM2B_DIGEST *PolicyHash\r | |
954 | );\r | |
955 | \r | |
087132a8 JY |
956 | /**\r |
957 | This command allows access to the public area of a loaded object.\r | |
958 | \r | |
959 | @param[in] ObjectHandle TPM handle of an object\r | |
960 | @param[out] OutPublic Structure containing the public area of an object\r | |
961 | @param[out] Name Name of the object\r | |
962 | @param[out] QualifiedName The Qualified Name of the object\r | |
963 | \r | |
964 | @retval EFI_SUCCESS Operation completed successfully.\r | |
965 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
966 | **/\r | |
967 | EFI_STATUS\r | |
968 | EFIAPI\r | |
969 | Tpm2ReadPublic (\r | |
970 | IN TPMI_DH_OBJECT ObjectHandle,\r | |
971 | OUT TPM2B_PUBLIC *OutPublic,\r | |
972 | OUT TPM2B_NAME *Name,\r | |
973 | OUT TPM2B_NAME *QualifiedName\r | |
974 | );\r | |
975 | \r | |
c1d93242 JY |
976 | //\r |
977 | // Help function\r | |
978 | //\r | |
979 | \r | |
980 | /**\r | |
981 | Copy AuthSessionIn to TPM2 command buffer.\r | |
982 | \r | |
983 | @param [in] AuthSessionIn Input AuthSession data\r | |
984 | @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer\r | |
985 | \r | |
986 | @return AuthSession size\r | |
987 | **/\r | |
988 | UINT32\r | |
989 | EFIAPI\r | |
990 | CopyAuthSessionCommand (\r | |
991 | IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL\r | |
992 | OUT UINT8 *AuthSessionOut\r | |
993 | );\r | |
994 | \r | |
995 | /**\r | |
996 | Copy AuthSessionIn from TPM2 response buffer.\r | |
997 | \r | |
998 | @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer\r | |
999 | @param [out] AuthSessionOut Output AuthSession data\r | |
1000 | \r | |
1001 | @return AuthSession size\r | |
1002 | **/\r | |
1003 | UINT32\r | |
1004 | EFIAPI\r | |
1005 | CopyAuthSessionResponse (\r | |
1006 | IN UINT8 *AuthSessionIn,\r | |
1007 | OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL\r | |
1008 | );\r | |
1009 | \r | |
1010 | /**\r | |
1011 | Return size of digest.\r | |
1012 | \r | |
1013 | @param[in] HashAlgo Hash algorithm\r | |
1014 | \r | |
1015 | @return size of digest\r | |
1016 | **/\r | |
1017 | UINT16\r | |
1018 | EFIAPI\r | |
1019 | GetHashSizeFromAlgo (\r | |
1020 | IN TPMI_ALG_HASH HashAlgo\r | |
1021 | );\r | |
1022 | \r | |
b8ae1f4d SZ |
1023 | /**\r |
1024 | Get hash mask from algorithm.\r | |
1025 | \r | |
1026 | @param[in] HashAlgo Hash algorithm\r | |
1027 | \r | |
1028 | @return Hash mask\r | |
1029 | **/\r | |
1030 | UINT32\r | |
1031 | EFIAPI\r | |
1032 | GetHashMaskFromAlgo (\r | |
1033 | IN TPMI_ALG_HASH HashAlgo\r | |
1034 | );\r | |
1035 | \r | |
697c30b1 SZ |
1036 | /**\r |
1037 | Return if hash alg is supported in HashAlgorithmMask.\r | |
1038 | \r | |
1039 | @param HashAlg Hash algorithm to be checked.\r | |
1040 | @param HashAlgorithmMask Bitfield of allowed hash algorithms.\r | |
1041 | \r | |
1042 | @retval TRUE Hash algorithm is supported.\r | |
1043 | @retval FALSE Hash algorithm is not supported.\r | |
1044 | **/\r | |
1045 | BOOLEAN\r | |
1046 | EFIAPI\r | |
1047 | IsHashAlgSupportedInHashAlgorithmMask(\r | |
1048 | IN TPMI_ALG_HASH HashAlg,\r | |
1049 | IN UINT32 HashAlgorithmMask\r | |
1050 | );\r | |
1051 | \r | |
f5e34e37 JY |
1052 | /**\r |
1053 | Copy TPML_DIGEST_VALUES into a buffer\r | |
1054 | \r | |
ae1a4284 | 1055 | @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary.\r |
f5e34e37 JY |
1056 | @param[in] DigestList TPML_DIGEST_VALUES to be copied.\r |
1057 | @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.\r | |
1058 | \r | |
1059 | @return The end of buffer to hold TPML_DIGEST_VALUES.\r | |
1060 | **/\r | |
1061 | VOID *\r | |
1062 | EFIAPI\r | |
1063 | CopyDigestListToBuffer(\r | |
1064 | IN OUT VOID *Buffer,\r | |
1065 | IN TPML_DIGEST_VALUES *DigestList,\r | |
1066 | IN UINT32 HashAlgorithmMask\r | |
1067 | );\r | |
1068 | \r | |
77e55cf4 JY |
1069 | /**\r |
1070 | Get TPML_DIGEST_VALUES data size.\r | |
1071 | \r | |
1072 | @param[in] DigestList TPML_DIGEST_VALUES data.\r | |
1073 | \r | |
1074 | @return TPML_DIGEST_VALUES data size.\r | |
1075 | **/\r | |
1076 | UINT32\r | |
1077 | EFIAPI\r | |
1078 | GetDigestListSize(\r | |
1079 | IN TPML_DIGEST_VALUES *DigestList\r | |
1080 | );\r | |
1081 | \r | |
d4b9b2c3 JY |
1082 | /**\r |
1083 | This function get digest from digest list.\r | |
1084 | \r | |
f28ab849 SZ |
1085 | @param[in] HashAlg Digest algorithm\r |
1086 | @param[in] DigestList Digest list\r | |
1087 | @param[out] Digest Digest\r | |
d4b9b2c3 | 1088 | \r |
f28ab849 SZ |
1089 | @retval EFI_SUCCESS Digest is found and returned.\r |
1090 | @retval EFI_NOT_FOUND Digest is not found.\r | |
d4b9b2c3 JY |
1091 | **/\r |
1092 | EFI_STATUS\r | |
1093 | EFIAPI\r | |
1094 | GetDigestFromDigestList(\r | |
1095 | IN TPMI_ALG_HASH HashAlg,\r | |
1096 | IN TPML_DIGEST_VALUES *DigestList,\r | |
f28ab849 | 1097 | OUT VOID *Digest\r |
d4b9b2c3 JY |
1098 | );\r |
1099 | \r | |
c1d93242 | 1100 | #endif\r |