]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | This library is used by other modules to send TPM2 command.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
c1d93242 JY |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #ifndef _TPM2_COMMAND_LIB_H_\r | |
16 | #define _TPM2_COMMAND_LIB_H_\r | |
17 | \r | |
18 | #include <IndustryStandard/Tpm20.h>\r | |
19 | \r | |
20 | /**\r | |
21 | This command starts a hash or an Event sequence.\r | |
22 | If hashAlg is an implemented hash, then a hash sequence is started.\r | |
23 | If hashAlg is TPM_ALG_NULL, then an Event sequence is started.\r | |
24 | \r | |
25 | @param[in] HashAlg The hash algorithm to use for the hash sequence\r | |
26 | An Event sequence starts if this is TPM_ALG_NULL.\r | |
27 | @param[out] SequenceHandle A handle to reference the sequence\r | |
b3548d32 | 28 | \r |
c1d93242 JY |
29 | @retval EFI_SUCCESS Operation completed successfully.\r |
30 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
31 | **/\r | |
32 | EFI_STATUS\r | |
33 | EFIAPI\r | |
34 | Tpm2HashSequenceStart (\r | |
35 | IN TPMI_ALG_HASH HashAlg,\r | |
36 | OUT TPMI_DH_OBJECT *SequenceHandle\r | |
37 | );\r | |
38 | \r | |
39 | /**\r | |
40 | This command is used to add data to a hash or HMAC sequence.\r | |
41 | The amount of data in buffer may be any size up to the limits of the TPM.\r | |
42 | NOTE: In all TPM, a buffer size of 1,024 octets is allowed.\r | |
43 | \r | |
44 | @param[in] SequenceHandle Handle for the sequence object\r | |
45 | @param[in] Buffer Data to be added to hash\r | |
b3548d32 | 46 | \r |
c1d93242 JY |
47 | @retval EFI_SUCCESS Operation completed successfully.\r |
48 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
49 | **/\r | |
50 | EFI_STATUS\r | |
51 | EFIAPI\r | |
52 | Tpm2SequenceUpdate (\r | |
53 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
54 | IN TPM2B_MAX_BUFFER *Buffer\r | |
55 | );\r | |
56 | \r | |
57 | /**\r | |
58 | This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list.\r | |
59 | If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in\r | |
60 | the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each\r | |
61 | bank extended with the associated digest value.\r | |
62 | \r | |
63 | @param[in] PcrHandle PCR to be extended with the Event data\r | |
64 | @param[in] SequenceHandle Authorization for the sequence\r | |
65 | @param[in] Buffer Data to be added to the Event\r | |
66 | @param[out] Results List of digests computed for the PCR\r | |
b3548d32 | 67 | \r |
c1d93242 JY |
68 | @retval EFI_SUCCESS Operation completed successfully.\r |
69 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
70 | **/\r | |
71 | EFI_STATUS\r | |
72 | EFIAPI\r | |
73 | Tpm2EventSequenceComplete (\r | |
74 | IN TPMI_DH_PCR PcrHandle,\r | |
75 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
76 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
77 | OUT TPML_DIGEST_VALUES *Results\r | |
78 | );\r | |
79 | \r | |
80 | /**\r | |
81 | This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.\r | |
82 | \r | |
83 | @param[in] SequenceHandle Authorization for the sequence\r | |
84 | @param[in] Buffer Data to be added to the hash/HMAC\r | |
85 | @param[out] Result The returned HMAC or digest in a sized buffer\r | |
b3548d32 | 86 | \r |
c1d93242 JY |
87 | @retval EFI_SUCCESS Operation completed successfully.\r |
88 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
89 | **/\r | |
90 | EFI_STATUS\r | |
91 | EFIAPI\r | |
92 | Tpm2SequenceComplete (\r | |
93 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
94 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
95 | OUT TPM2B_DIGEST *Result\r | |
96 | );\r | |
97 | \r | |
98 | /**\r | |
99 | Send Startup command to TPM2.\r | |
100 | \r | |
101 | @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE\r | |
102 | \r | |
103 | @retval EFI_SUCCESS Operation completed successfully.\r | |
104 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
105 | **/\r | |
106 | EFI_STATUS\r | |
107 | EFIAPI\r | |
108 | Tpm2Startup (\r | |
109 | IN TPM_SU StartupType\r | |
110 | );\r | |
111 | \r | |
112 | /**\r | |
113 | Send Shutdown command to TPM2.\r | |
114 | \r | |
115 | @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE.\r | |
116 | \r | |
117 | @retval EFI_SUCCESS Operation completed successfully.\r | |
118 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
119 | **/\r | |
120 | EFI_STATUS\r | |
121 | EFIAPI\r | |
122 | Tpm2Shutdown (\r | |
123 | IN TPM_SU ShutdownType\r | |
124 | );\r | |
125 | \r | |
126 | /**\r | |
127 | This command causes the TPM to perform a test of its capabilities.\r | |
128 | If the fullTest is YES, the TPM will test all functions.\r | |
129 | If fullTest = NO, the TPM will only test those functions that have not previously been tested.\r | |
130 | \r | |
131 | @param[in] FullTest YES if full test to be performed\r | |
132 | NO if only test of untested functions required\r | |
133 | \r | |
134 | @retval EFI_SUCCESS Operation completed successfully.\r | |
135 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
136 | **/\r | |
137 | EFI_STATUS\r | |
138 | EFIAPI\r | |
139 | Tpm2SelfTest (\r | |
140 | IN TPMI_YES_NO FullTest\r | |
141 | );\r | |
142 | \r | |
967eacca JY |
143 | /**\r |
144 | This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r | |
145 | storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r | |
146 | \r | |
147 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r | |
148 | @param[in] AuthSession Auth Session context\r | |
149 | @param[in] AuthPolicy An authorization policy hash\r | |
150 | @param[in] HashAlg The hash algorithm to use for the policy\r | |
151 | \r | |
152 | @retval EFI_SUCCESS Operation completed successfully.\r | |
153 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
154 | **/\r | |
155 | EFI_STATUS\r | |
156 | EFIAPI\r | |
157 | Tpm2SetPrimaryPolicy (\r | |
158 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
159 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
160 | IN TPM2B_DIGEST *AuthPolicy,\r | |
161 | IN TPMI_ALG_HASH HashAlg\r | |
162 | );\r | |
163 | \r | |
c1d93242 JY |
164 | /**\r |
165 | This command removes all TPM context associated with a specific Owner.\r | |
166 | \r | |
167 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
168 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 169 | \r |
c1d93242 JY |
170 | @retval EFI_SUCCESS Operation completed successfully.\r |
171 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
172 | **/\r | |
173 | EFI_STATUS\r | |
174 | EFIAPI\r | |
175 | Tpm2Clear (\r | |
176 | IN TPMI_RH_CLEAR AuthHandle,\r | |
177 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
178 | );\r | |
179 | \r | |
180 | /**\r | |
181 | Disables and enables the execution of TPM2_Clear().\r | |
182 | \r | |
183 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
184 | @param[in] AuthSession Auth Session context\r | |
185 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
186 | NO if the flag is to be CLEAR.\r | |
187 | \r | |
188 | @retval EFI_SUCCESS Operation completed successfully.\r | |
189 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
190 | **/\r | |
191 | EFI_STATUS\r | |
192 | EFIAPI\r | |
193 | Tpm2ClearControl (\r | |
194 | IN TPMI_RH_CLEAR AuthHandle,\r | |
195 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
196 | IN TPMI_YES_NO Disable\r | |
197 | );\r | |
198 | \r | |
199 | /**\r | |
200 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
201 | authorization value as the command authorization.\r | |
202 | \r | |
203 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
204 | @param[in] AuthSession Auth Session context\r | |
205 | @param[in] NewAuth New authorization secret\r | |
206 | \r | |
207 | @retval EFI_SUCCESS Operation completed successfully.\r | |
208 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
209 | **/\r | |
210 | EFI_STATUS\r | |
211 | EFIAPI\r | |
212 | Tpm2HierarchyChangeAuth (\r | |
213 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
214 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
215 | IN TPM2B_AUTH *NewAuth\r | |
216 | );\r | |
217 | \r | |
218 | /**\r | |
219 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
220 | their default initialization values.\r | |
221 | \r | |
222 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
223 | @param[in] AuthSession Auth Session context\r | |
224 | \r | |
225 | @retval EFI_SUCCESS Operation completed successfully.\r | |
226 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
227 | **/\r | |
228 | EFI_STATUS\r | |
229 | EFIAPI\r | |
230 | Tpm2ChangeEPS (\r | |
231 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
232 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
233 | );\r | |
234 | \r | |
235 | /**\r | |
236 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
237 | initialization value (the Empty Buffer).\r | |
238 | \r | |
239 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
240 | @param[in] AuthSession Auth Session context\r | |
241 | \r | |
242 | @retval EFI_SUCCESS Operation completed successfully.\r | |
243 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
244 | **/\r | |
245 | EFI_STATUS\r | |
246 | EFIAPI\r | |
247 | Tpm2ChangePPS (\r | |
248 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
249 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
250 | );\r | |
251 | \r | |
252 | /**\r | |
253 | This command enables and disables use of a hierarchy.\r | |
254 | \r | |
255 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
256 | @param[in] AuthSession Auth Session context\r | |
257 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
258 | @param[in] State YES if the enable should be SET,\r | |
259 | NO if the enable should be CLEAR\r | |
260 | \r | |
261 | @retval EFI_SUCCESS Operation completed successfully.\r | |
262 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
263 | **/\r | |
264 | EFI_STATUS\r | |
265 | EFIAPI\r | |
266 | Tpm2HierarchyControl (\r | |
267 | IN TPMI_RH_HIERARCHY AuthHandle,\r | |
268 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
269 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
270 | IN TPMI_YES_NO State\r | |
271 | );\r | |
272 | \r | |
273 | /**\r | |
274 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
275 | If this command is properly authorized, the lockout counter is set to zero.\r | |
276 | \r | |
277 | @param[in] LockHandle LockHandle\r | |
278 | @param[in] AuthSession Auth Session context\r | |
279 | \r | |
280 | @retval EFI_SUCCESS Operation completed successfully.\r | |
281 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
282 | **/\r | |
283 | EFI_STATUS\r | |
284 | EFIAPI\r | |
285 | Tpm2DictionaryAttackLockReset (\r | |
286 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
287 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
288 | );\r | |
289 | \r | |
290 | /**\r | |
291 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
292 | If this command is properly authorized, the lockout counter is set to zero.\r | |
293 | \r | |
294 | @param[in] LockHandle LockHandle\r | |
295 | @param[in] AuthSession Auth Session context\r | |
296 | @param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r | |
297 | @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r | |
298 | @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r | |
299 | \r | |
300 | @retval EFI_SUCCESS Operation completed successfully.\r | |
301 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
302 | **/\r | |
303 | EFI_STATUS\r | |
304 | EFIAPI\r | |
305 | Tpm2DictionaryAttackParameters (\r | |
306 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
307 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
308 | IN UINT32 NewMaxTries,\r | |
309 | IN UINT32 NewRecoveryTime,\r | |
310 | IN UINT32 LockoutRecovery\r | |
311 | );\r | |
312 | \r | |
313 | /**\r | |
314 | This command is used to read the public area and Name of an NV Index.\r | |
315 | \r | |
316 | @param[in] NvIndex The NV Index.\r | |
317 | @param[out] NvPublic The public area of the index.\r | |
318 | @param[out] NvName The Name of the nvIndex.\r | |
b3548d32 | 319 | \r |
c1d93242 JY |
320 | @retval EFI_SUCCESS Operation completed successfully.\r |
321 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
322 | **/\r | |
323 | EFI_STATUS\r | |
324 | EFIAPI\r | |
325 | Tpm2NvReadPublic (\r | |
326 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
327 | OUT TPM2B_NV_PUBLIC *NvPublic,\r | |
328 | OUT TPM2B_NAME *NvName\r | |
329 | );\r | |
330 | \r | |
331 | /**\r | |
332 | This command defines the attributes of an NV Index and causes the TPM to\r | |
333 | reserve space to hold the data associated with the index.\r | |
334 | If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r | |
335 | \r | |
336 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
337 | @param[in] AuthSession Auth Session context\r | |
338 | @param[in] Auth The authorization data.\r | |
339 | @param[in] NvPublic The public area of the index.\r | |
b3548d32 | 340 | \r |
c1d93242 JY |
341 | @retval EFI_SUCCESS Operation completed successfully.\r |
342 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
343 | @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r | |
344 | **/\r | |
345 | EFI_STATUS\r | |
346 | EFIAPI\r | |
347 | Tpm2NvDefineSpace (\r | |
348 | IN TPMI_RH_PROVISION AuthHandle,\r | |
349 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
350 | IN TPM2B_AUTH *Auth,\r | |
351 | IN TPM2B_NV_PUBLIC *NvPublic\r | |
352 | );\r | |
353 | \r | |
354 | /**\r | |
355 | This command removes an index from the TPM.\r | |
356 | \r | |
357 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
358 | @param[in] NvIndex The NV Index.\r | |
359 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 360 | \r |
c1d93242 JY |
361 | @retval EFI_SUCCESS Operation completed successfully.\r |
362 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
363 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
364 | **/\r | |
365 | EFI_STATUS\r | |
366 | EFIAPI\r | |
367 | Tpm2NvUndefineSpace (\r | |
368 | IN TPMI_RH_PROVISION AuthHandle,\r | |
369 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
370 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
371 | );\r | |
372 | \r | |
373 | /**\r | |
374 | This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r | |
375 | \r | |
376 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
377 | @param[in] NvIndex The index to be read.\r | |
378 | @param[in] AuthSession Auth Session context\r | |
379 | @param[in] Size Number of bytes to read.\r | |
380 | @param[in] Offset Byte offset into the area.\r | |
381 | @param[in,out] OutData The data read.\r | |
b3548d32 | 382 | \r |
c1d93242 JY |
383 | @retval EFI_SUCCESS Operation completed successfully.\r |
384 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
385 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
386 | **/\r | |
387 | EFI_STATUS\r | |
388 | EFIAPI\r | |
389 | Tpm2NvRead (\r | |
390 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
391 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
392 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
393 | IN UINT16 Size,\r | |
394 | IN UINT16 Offset,\r | |
395 | IN OUT TPM2B_MAX_BUFFER *OutData\r | |
396 | );\r | |
397 | \r | |
398 | /**\r | |
399 | This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r | |
400 | \r | |
401 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
402 | @param[in] NvIndex The NV Index of the area to write.\r | |
403 | @param[in] AuthSession Auth Session context\r | |
404 | @param[in] InData The data to write.\r | |
405 | @param[in] Offset The offset into the NV Area.\r | |
b3548d32 | 406 | \r |
c1d93242 JY |
407 | @retval EFI_SUCCESS Operation completed successfully.\r |
408 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
409 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
410 | **/\r | |
411 | EFI_STATUS\r | |
412 | EFIAPI\r | |
413 | Tpm2NvWrite (\r | |
414 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
415 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
416 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
417 | IN TPM2B_MAX_BUFFER *InData,\r | |
418 | IN UINT16 Offset\r | |
419 | );\r | |
420 | \r | |
421 | /**\r | |
422 | This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r | |
423 | \r | |
424 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
425 | @param[in] NvIndex The NV Index of the area to lock.\r | |
426 | @param[in] AuthSession Auth Session context\r | |
427 | \r | |
428 | @retval EFI_SUCCESS Operation completed successfully.\r | |
429 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
430 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
431 | **/\r | |
432 | EFI_STATUS\r | |
433 | EFIAPI\r | |
434 | Tpm2NvReadLock (\r | |
435 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
436 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
437 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
438 | );\r | |
439 | \r | |
440 | /**\r | |
441 | This command may be used to inhibit further writes of the Index.\r | |
442 | \r | |
443 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
444 | @param[in] NvIndex The NV Index of the area to lock.\r | |
445 | @param[in] AuthSession Auth Session context\r | |
446 | \r | |
447 | @retval EFI_SUCCESS Operation completed successfully.\r | |
448 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
449 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
450 | **/\r | |
451 | EFI_STATUS\r | |
452 | EFIAPI\r | |
453 | Tpm2NvWriteLock (\r | |
454 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
455 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
456 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
457 | );\r | |
458 | \r | |
459 | /**\r | |
460 | The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r | |
461 | \r | |
462 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
463 | @param[in] AuthSession Auth Session context\r | |
464 | \r | |
465 | @retval EFI_SUCCESS Operation completed successfully.\r | |
466 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
467 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
468 | **/\r | |
469 | EFI_STATUS\r | |
470 | EFIAPI\r | |
471 | Tpm2NvGlobalWriteLock (\r | |
472 | IN TPMI_RH_PROVISION AuthHandle,\r | |
473 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
474 | );\r | |
475 | \r | |
476 | /**\r | |
477 | This command is used to cause an update to the indicated PCR.\r | |
478 | The digests parameter contains one or more tagged digest value identified by an algorithm ID.\r | |
479 | For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).\r | |
480 | \r | |
481 | @param[in] PcrHandle Handle of the PCR\r | |
482 | @param[in] Digests List of tagged digest values to be extended\r | |
483 | \r | |
484 | @retval EFI_SUCCESS Operation completed successfully.\r | |
485 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
486 | **/\r | |
487 | EFI_STATUS\r | |
488 | EFIAPI\r | |
489 | Tpm2PcrExtend (\r | |
490 | IN TPMI_DH_PCR PcrHandle,\r | |
491 | IN TPML_DIGEST_VALUES *Digests\r | |
492 | );\r | |
493 | \r | |
494 | /**\r | |
495 | This command is used to cause an update to the indicated PCR.\r | |
496 | The data in eventData is hashed using the hash algorithm associated with each bank in which the\r | |
497 | indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle\r | |
498 | references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in\r | |
499 | TPM2_PCR_Extend().\r | |
500 | A TPM shall support an Event.size of zero through 1,024 inclusive.\r | |
501 | \r | |
502 | @param[in] PcrHandle Handle of the PCR\r | |
503 | @param[in] EventData Event data in sized buffer\r | |
504 | @param[out] Digests List of digest\r | |
505 | \r | |
506 | @retval EFI_SUCCESS Operation completed successfully.\r | |
507 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
508 | **/\r | |
509 | EFI_STATUS\r | |
510 | EFIAPI\r | |
511 | Tpm2PcrEvent (\r | |
512 | IN TPMI_DH_PCR PcrHandle,\r | |
513 | IN TPM2B_EVENT *EventData,\r | |
514 | OUT TPML_DIGEST_VALUES *Digests\r | |
515 | );\r | |
516 | \r | |
517 | /**\r | |
518 | This command returns the values of all PCR specified in pcrSelect.\r | |
519 | \r | |
520 | @param[in] PcrSelectionIn The selection of PCR to read.\r | |
521 | @param[out] PcrUpdateCounter The current value of the PCR update counter.\r | |
522 | @param[out] PcrSelectionOut The PCR in the returned list.\r | |
523 | @param[out] PcrValues The contents of the PCR indicated in pcrSelect.\r | |
b3548d32 | 524 | \r |
c1d93242 JY |
525 | @retval EFI_SUCCESS Operation completed successfully.\r |
526 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
527 | **/\r | |
528 | EFI_STATUS\r | |
529 | EFIAPI\r | |
530 | Tpm2PcrRead (\r | |
531 | IN TPML_PCR_SELECTION *PcrSelectionIn,\r | |
532 | OUT UINT32 *PcrUpdateCounter,\r | |
533 | OUT TPML_PCR_SELECTION *PcrSelectionOut,\r | |
534 | OUT TPML_DIGEST *PcrValues\r | |
535 | );\r | |
536 | \r | |
537 | /**\r | |
538 | This command is used to set the desired PCR allocation of PCR and algorithms.\r | |
539 | \r | |
540 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
541 | @param[in] AuthSession Auth Session context\r | |
542 | @param[in] PcrAllocation The requested allocation\r | |
543 | @param[out] AllocationSuccess YES if the allocation succeeded\r | |
544 | @param[out] MaxPCR maximum number of PCR that may be in a bank\r | |
545 | @param[out] SizeNeeded number of octets required to satisfy the request\r | |
546 | @param[out] SizeAvailable Number of octets available. Computed before the allocation\r | |
b3548d32 | 547 | \r |
c1d93242 JY |
548 | @retval EFI_SUCCESS Operation completed successfully.\r |
549 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
550 | **/\r | |
551 | EFI_STATUS\r | |
552 | EFIAPI\r | |
553 | Tpm2PcrAllocate (\r | |
554 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
555 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
556 | IN TPML_PCR_SELECTION *PcrAllocation,\r | |
557 | OUT TPMI_YES_NO *AllocationSuccess,\r | |
558 | OUT UINT32 *MaxPCR,\r | |
559 | OUT UINT32 *SizeNeeded,\r | |
560 | OUT UINT32 *SizeAvailable\r | |
561 | );\r | |
562 | \r | |
f9c9a140 JY |
563 | /**\r |
564 | Alloc PCR data.\r | |
565 | \r | |
566 | @param[in] PlatformAuth platform auth value. NULL means no platform auth change.\r | |
567 | @param[in] SupportedPCRBanks Supported PCR banks\r | |
568 | @param[in] PCRBanks PCR banks\r | |
569 | \r | |
570 | @retval EFI_SUCCESS Operation completed successfully.\r | |
571 | **/\r | |
572 | EFI_STATUS\r | |
573 | EFIAPI\r | |
574 | Tpm2PcrAllocateBanks (\r | |
575 | IN TPM2B_AUTH *PlatformAuth, OPTIONAL\r | |
576 | IN UINT32 SupportedPCRBanks,\r | |
577 | IN UINT32 PCRBanks\r | |
578 | );\r | |
579 | \r | |
c1d93242 JY |
580 | /**\r |
581 | This command returns various information regarding the TPM and its current state.\r | |
582 | \r | |
b3548d32 LG |
583 | The capability parameter determines the category of data returned. The property parameter\r |
584 | selects the first value of the selected category to be returned. If there is no property\r | |
c1d93242 | 585 | that corresponds to the value of property, the next higher value is returned, if it exists.\r |
b3548d32 | 586 | The moreData parameter will have a value of YES if there are more values of the requested\r |
c1d93242 | 587 | type that were not returned.\r |
b3548d32 | 588 | If no next capability exists, the TPM will return a zero-length list and moreData will have\r |
c1d93242 JY |
589 | a value of NO.\r |
590 | \r | |
b3548d32 LG |
591 | NOTE:\r |
592 | To simplify this function, leave returned CapabilityData for caller to unpack since there are\r | |
c1d93242 JY |
593 | many capability categories and only few categories will be used in firmware. It means the caller\r |
594 | need swap the byte order for the feilds in CapabilityData.\r | |
595 | \r | |
596 | @param[in] Capability Group selection; determines the format of the response.\r | |
b3548d32 | 597 | @param[in] Property Further definition of information.\r |
c1d93242 JY |
598 | @param[in] PropertyCount Number of properties of the indicated type to return.\r |
599 | @param[out] MoreData Flag to indicate if there are more values of this type.\r | |
600 | @param[out] CapabilityData The capability data.\r | |
b3548d32 | 601 | \r |
c1d93242 JY |
602 | @retval EFI_SUCCESS Operation completed successfully.\r |
603 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
604 | **/\r | |
605 | EFI_STATUS\r | |
606 | EFIAPI\r | |
607 | Tpm2GetCapability (\r | |
608 | IN TPM_CAP Capability,\r | |
609 | IN UINT32 Property,\r | |
610 | IN UINT32 PropertyCount,\r | |
611 | OUT TPMI_YES_NO *MoreData,\r | |
612 | OUT TPMS_CAPABILITY_DATA *CapabilityData\r | |
613 | );\r | |
614 | \r | |
615 | /**\r | |
616 | This command returns the information of TPM Family.\r | |
617 | \r | |
618 | This function parse the value got from TPM2_GetCapability and return the Family.\r | |
619 | \r | |
620 | @param[out] Family The Family of TPM. (a 4-octet character string)\r | |
b3548d32 | 621 | \r |
c1d93242 JY |
622 | @retval EFI_SUCCESS Operation completed successfully.\r |
623 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
624 | **/\r | |
625 | EFI_STATUS\r | |
626 | EFIAPI\r | |
627 | Tpm2GetCapabilityFamily (\r | |
628 | OUT CHAR8 *Family\r | |
629 | );\r | |
630 | \r | |
631 | /**\r | |
632 | This command returns the information of TPM manufacture ID.\r | |
633 | \r | |
634 | This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.\r | |
635 | \r | |
636 | @param[out] ManufactureId The manufacture ID of TPM.\r | |
b3548d32 | 637 | \r |
c1d93242 JY |
638 | @retval EFI_SUCCESS Operation completed successfully.\r |
639 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
640 | **/\r | |
641 | EFI_STATUS\r | |
642 | EFIAPI\r | |
643 | Tpm2GetCapabilityManufactureID (\r | |
644 | OUT UINT32 *ManufactureId\r | |
645 | );\r | |
646 | \r | |
647 | /**\r | |
648 | This command returns the information of TPM FirmwareVersion.\r | |
649 | \r | |
650 | This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.\r | |
651 | \r | |
652 | @param[out] FirmwareVersion1 The FirmwareVersion1.\r | |
653 | @param[out] FirmwareVersion2 The FirmwareVersion2.\r | |
b3548d32 | 654 | \r |
c1d93242 JY |
655 | @retval EFI_SUCCESS Operation completed successfully.\r |
656 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
657 | **/\r | |
658 | EFI_STATUS\r | |
659 | EFIAPI\r | |
660 | Tpm2GetCapabilityFirmwareVersion (\r | |
661 | OUT UINT32 *FirmwareVersion1,\r | |
662 | OUT UINT32 *FirmwareVersion2\r | |
663 | );\r | |
664 | \r | |
665 | /**\r | |
666 | This command returns the information of the maximum value for commandSize and responseSize in a command.\r | |
667 | \r | |
668 | This function parse the value got from TPM2_GetCapability and return the max command size and response size\r | |
669 | \r | |
670 | @param[out] MaxCommandSize The maximum value for commandSize in a command.\r | |
671 | @param[out] MaxResponseSize The maximum value for responseSize in a command.\r | |
b3548d32 | 672 | \r |
c1d93242 JY |
673 | @retval EFI_SUCCESS Operation completed successfully.\r |
674 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
675 | **/\r | |
676 | EFI_STATUS\r | |
677 | EFIAPI\r | |
678 | Tpm2GetCapabilityMaxCommandResponseSize (\r | |
679 | OUT UINT32 *MaxCommandSize,\r | |
680 | OUT UINT32 *MaxResponseSize\r | |
681 | );\r | |
682 | \r | |
683 | /**\r | |
684 | This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an\r | |
b3548d32 | 685 | algorithm ID and a set of properties of the algorithm.\r |
c1d93242 JY |
686 | \r |
687 | This function parse the value got from TPM2_GetCapability and return the list.\r | |
688 | \r | |
689 | @param[out] AlgList List of algorithm.\r | |
b3548d32 | 690 | \r |
c1d93242 JY |
691 | @retval EFI_SUCCESS Operation completed successfully.\r |
692 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
693 | **/\r | |
694 | EFI_STATUS\r | |
695 | EFIAPI\r | |
696 | Tpm2GetCapabilitySupportedAlg (\r | |
697 | OUT TPML_ALG_PROPERTY *AlgList\r | |
698 | );\r | |
699 | \r | |
700 | /**\r | |
701 | This command returns the information of TPM LockoutCounter.\r | |
702 | \r | |
703 | This function parse the value got from TPM2_GetCapability and return the LockoutCounter.\r | |
704 | \r | |
705 | @param[out] LockoutCounter The LockoutCounter of TPM.\r | |
b3548d32 | 706 | \r |
c1d93242 JY |
707 | @retval EFI_SUCCESS Operation completed successfully.\r |
708 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
709 | **/\r | |
710 | EFI_STATUS\r | |
711 | EFIAPI\r | |
712 | Tpm2GetCapabilityLockoutCounter (\r | |
713 | OUT UINT32 *LockoutCounter\r | |
714 | );\r | |
715 | \r | |
716 | /**\r | |
717 | This command returns the information of TPM LockoutInterval.\r | |
718 | \r | |
719 | This function parse the value got from TPM2_GetCapability and return the LockoutInterval.\r | |
720 | \r | |
721 | @param[out] LockoutInterval The LockoutInterval of TPM.\r | |
b3548d32 | 722 | \r |
c1d93242 JY |
723 | @retval EFI_SUCCESS Operation completed successfully.\r |
724 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
725 | **/\r | |
726 | EFI_STATUS\r | |
727 | EFIAPI\r | |
728 | Tpm2GetCapabilityLockoutInterval (\r | |
729 | OUT UINT32 *LockoutInterval\r | |
730 | );\r | |
731 | \r | |
732 | /**\r | |
733 | This command returns the information of TPM InputBufferSize.\r | |
734 | \r | |
735 | This function parse the value got from TPM2_GetCapability and return the InputBufferSize.\r | |
736 | \r | |
737 | @param[out] InputBufferSize The InputBufferSize of TPM.\r | |
738 | the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)\r | |
b3548d32 | 739 | \r |
c1d93242 JY |
740 | @retval EFI_SUCCESS Operation completed successfully.\r |
741 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
742 | **/\r | |
743 | EFI_STATUS\r | |
744 | EFIAPI\r | |
745 | Tpm2GetCapabilityInputBufferSize (\r | |
746 | OUT UINT32 *InputBufferSize\r | |
747 | );\r | |
748 | \r | |
749 | /**\r | |
750 | This command returns the information of TPM PCRs.\r | |
751 | \r | |
752 | This function parse the value got from TPM2_GetCapability and return the PcrSelection.\r | |
753 | \r | |
754 | @param[out] Pcrs The Pcr Selection\r | |
b3548d32 | 755 | \r |
c1d93242 JY |
756 | @retval EFI_SUCCESS Operation completed successfully.\r |
757 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
758 | **/\r | |
759 | EFI_STATUS\r | |
760 | EFIAPI\r | |
761 | Tpm2GetCapabilityPcrs (\r | |
762 | OUT TPML_PCR_SELECTION *Pcrs\r | |
763 | );\r | |
764 | \r | |
07cdba18 JY |
765 | /**\r |
766 | This function will query the TPM to determine which hashing algorithms\r | |
767 | are supported and which PCR banks are currently active.\r | |
768 | \r | |
769 | @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.\r | |
770 | @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.\r | |
771 | \r | |
772 | @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.\r | |
773 | @retval Others An error occurred, likely in communication with the TPM.\r | |
774 | \r | |
775 | **/\r | |
776 | EFI_STATUS\r | |
777 | EFIAPI\r | |
778 | Tpm2GetCapabilitySupportedAndActivePcrs(\r | |
779 | OUT UINT32 *TpmHashAlgorithmBitmap,\r | |
780 | OUT UINT32 *ActivePcrBanks\r | |
781 | );\r | |
782 | \r | |
c1d93242 JY |
783 | /**\r |
784 | This command returns the information of TPM AlgorithmSet.\r | |
785 | \r | |
786 | This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.\r | |
787 | \r | |
788 | @param[out] AlgorithmSet The AlgorithmSet of TPM.\r | |
b3548d32 | 789 | \r |
c1d93242 JY |
790 | @retval EFI_SUCCESS Operation completed successfully.\r |
791 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
792 | **/\r | |
793 | EFI_STATUS\r | |
794 | EFIAPI\r | |
795 | Tpm2GetCapabilityAlgorithmSet (\r | |
796 | OUT UINT32 *AlgorithmSet\r | |
797 | );\r | |
798 | \r | |
799 | /**\r | |
800 | This command is used to check to see if specific combinations of algorithm parameters are supported.\r | |
801 | \r | |
802 | @param[in] Parameters Algorithm parameters to be validated\r | |
803 | \r | |
804 | @retval EFI_SUCCESS Operation completed successfully.\r | |
805 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
806 | **/\r | |
807 | EFI_STATUS\r | |
808 | EFIAPI\r | |
809 | Tpm2TestParms (\r | |
810 | IN TPMT_PUBLIC_PARMS *Parameters\r | |
811 | );\r | |
812 | \r | |
813 | /**\r | |
814 | This command allows the platform to change the set of algorithms that are used by the TPM.\r | |
815 | The algorithmSet setting is a vendor-dependent value.\r | |
816 | \r | |
817 | @param[in] AuthHandle TPM_RH_PLATFORM\r | |
818 | @param[in] AuthSession Auth Session context\r | |
819 | @param[in] AlgorithmSet A TPM vendor-dependent value indicating the\r | |
820 | algorithm set selection\r | |
821 | \r | |
822 | @retval EFI_SUCCESS Operation completed successfully.\r | |
823 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
824 | **/\r | |
825 | EFI_STATUS\r | |
826 | EFIAPI\r | |
827 | Tpm2SetAlgorithmSet (\r | |
828 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
829 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
830 | IN UINT32 AlgorithmSet\r | |
831 | );\r | |
832 | \r | |
967eacca JY |
833 | /**\r |
834 | This command is used to start an authorization session using alternative methods of\r | |
835 | establishing the session key (sessionKey) that is used for authorization and encrypting value.\r | |
836 | \r | |
837 | @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.\r | |
838 | @param[in] Bind Entity providing the authValue.\r | |
839 | @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.\r | |
840 | @param[in] Salt Value encrypted according to the type of tpmKey.\r | |
841 | @param[in] SessionType Indicates the type of the session.\r | |
842 | @param[in] Symmetric The algorithm and key size for parameter encryption.\r | |
843 | @param[in] AuthHash Hash algorithm to use for the session.\r | |
844 | @param[out] SessionHandle Handle for the newly created session.\r | |
845 | @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.\r | |
b3548d32 | 846 | \r |
967eacca JY |
847 | @retval EFI_SUCCESS Operation completed successfully.\r |
848 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
849 | **/\r | |
850 | EFI_STATUS\r | |
851 | EFIAPI\r | |
852 | Tpm2StartAuthSession (\r | |
853 | IN TPMI_DH_OBJECT TpmKey,\r | |
854 | IN TPMI_DH_ENTITY Bind,\r | |
855 | IN TPM2B_NONCE *NonceCaller,\r | |
856 | IN TPM2B_ENCRYPTED_SECRET *Salt,\r | |
857 | IN TPM_SE SessionType,\r | |
858 | IN TPMT_SYM_DEF *Symmetric,\r | |
859 | IN TPMI_ALG_HASH AuthHash,\r | |
860 | OUT TPMI_SH_AUTH_SESSION *SessionHandle,\r | |
861 | OUT TPM2B_NONCE *NonceTPM\r | |
862 | );\r | |
863 | \r | |
864 | /**\r | |
865 | This command causes all context associated with a loaded object or session to be removed from TPM memory.\r | |
866 | \r | |
867 | @param[in] FlushHandle The handle of the item to flush.\r | |
b3548d32 | 868 | \r |
967eacca JY |
869 | @retval EFI_SUCCESS Operation completed successfully.\r |
870 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
871 | **/\r | |
872 | EFI_STATUS\r | |
873 | EFIAPI\r | |
874 | Tpm2FlushContext (\r | |
875 | IN TPMI_DH_CONTEXT FlushHandle\r | |
876 | );\r | |
877 | \r | |
878 | /**\r | |
879 | This command includes a secret-based authorization to a policy.\r | |
880 | The caller proves knowledge of the secret value using an authorization\r | |
881 | session using the authValue associated with authHandle.\r | |
b3548d32 | 882 | \r |
967eacca JY |
883 | @param[in] AuthHandle Handle for an entity providing the authorization\r |
884 | @param[in] PolicySession Handle for the policy session being extended.\r | |
885 | @param[in] AuthSession Auth Session context\r | |
886 | @param[in] NonceTPM The policy nonce for the session.\r | |
887 | @param[in] CpHashA Digest of the command parameters to which this authorization is limited.\r | |
888 | @param[in] PolicyRef A reference to a policy relating to the authorization.\r | |
889 | @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r | |
890 | @param[out] Timeout Time value used to indicate to the TPM when the ticket expires.\r | |
891 | @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.\r | |
b3548d32 | 892 | \r |
967eacca JY |
893 | @retval EFI_SUCCESS Operation completed successfully.\r |
894 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
895 | **/\r | |
896 | EFI_STATUS\r | |
897 | EFIAPI\r | |
898 | Tpm2PolicySecret (\r | |
899 | IN TPMI_DH_ENTITY AuthHandle,\r | |
900 | IN TPMI_SH_POLICY PolicySession,\r | |
901 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
902 | IN TPM2B_NONCE *NonceTPM,\r | |
903 | IN TPM2B_DIGEST *CpHashA,\r | |
904 | IN TPM2B_NONCE *PolicyRef,\r | |
905 | IN INT32 Expiration,\r | |
906 | OUT TPM2B_TIMEOUT *Timeout,\r | |
907 | OUT TPMT_TK_AUTH *PolicyTicket\r | |
908 | );\r | |
909 | \r | |
a50e58f4 JY |
910 | /**\r |
911 | This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r | |
912 | If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r | |
913 | satisfies the policy. This command will indicate that one of the required sets of conditions has been\r | |
914 | satisfied.\r | |
915 | \r | |
916 | @param[in] PolicySession Handle for the policy session being extended.\r | |
917 | @param[in] HashList the list of hashes to check for a match.\r | |
b3548d32 | 918 | \r |
a50e58f4 JY |
919 | @retval EFI_SUCCESS Operation completed successfully.\r |
920 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
921 | **/\r | |
922 | EFI_STATUS\r | |
923 | EFIAPI\r | |
924 | Tpm2PolicyOR (\r | |
925 | IN TPMI_SH_POLICY PolicySession,\r | |
926 | IN TPML_DIGEST *HashList\r | |
927 | );\r | |
928 | \r | |
967eacca JY |
929 | /**\r |
930 | This command indicates that the authorization will be limited to a specific command code.\r | |
931 | \r | |
932 | @param[in] PolicySession Handle for the policy session being extended.\r | |
933 | @param[in] Code The allowed commandCode.\r | |
b3548d32 | 934 | \r |
967eacca JY |
935 | @retval EFI_SUCCESS Operation completed successfully.\r |
936 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
937 | **/\r | |
938 | EFI_STATUS\r | |
939 | EFIAPI\r | |
940 | Tpm2PolicyCommandCode (\r | |
941 | IN TPMI_SH_POLICY PolicySession,\r | |
942 | IN TPM_CC Code\r | |
943 | );\r | |
944 | \r | |
945 | /**\r | |
946 | This command returns the current policyDigest of the session. This command allows the TPM\r | |
947 | to be used to perform the actions required to precompute the authPolicy for an object.\r | |
948 | \r | |
949 | @param[in] PolicySession Handle for the policy session.\r | |
950 | @param[out] PolicyHash the current value of the policyHash of policySession.\r | |
b3548d32 | 951 | \r |
967eacca JY |
952 | @retval EFI_SUCCESS Operation completed successfully.\r |
953 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
954 | **/\r | |
955 | EFI_STATUS\r | |
956 | EFIAPI\r | |
957 | Tpm2PolicyGetDigest (\r | |
958 | IN TPMI_SH_POLICY PolicySession,\r | |
959 | OUT TPM2B_DIGEST *PolicyHash\r | |
960 | );\r | |
961 | \r | |
087132a8 JY |
962 | /**\r |
963 | This command allows access to the public area of a loaded object.\r | |
964 | \r | |
965 | @param[in] ObjectHandle TPM handle of an object\r | |
966 | @param[out] OutPublic Structure containing the public area of an object\r | |
967 | @param[out] Name Name of the object\r | |
968 | @param[out] QualifiedName The Qualified Name of the object\r | |
969 | \r | |
970 | @retval EFI_SUCCESS Operation completed successfully.\r | |
971 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
972 | **/\r | |
973 | EFI_STATUS\r | |
974 | EFIAPI\r | |
975 | Tpm2ReadPublic (\r | |
976 | IN TPMI_DH_OBJECT ObjectHandle,\r | |
977 | OUT TPM2B_PUBLIC *OutPublic,\r | |
978 | OUT TPM2B_NAME *Name,\r | |
979 | OUT TPM2B_NAME *QualifiedName\r | |
980 | );\r | |
981 | \r | |
c1d93242 JY |
982 | //\r |
983 | // Help function\r | |
984 | //\r | |
985 | \r | |
986 | /**\r | |
987 | Copy AuthSessionIn to TPM2 command buffer.\r | |
988 | \r | |
989 | @param [in] AuthSessionIn Input AuthSession data\r | |
990 | @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer\r | |
991 | \r | |
992 | @return AuthSession size\r | |
993 | **/\r | |
994 | UINT32\r | |
995 | EFIAPI\r | |
996 | CopyAuthSessionCommand (\r | |
997 | IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL\r | |
998 | OUT UINT8 *AuthSessionOut\r | |
999 | );\r | |
1000 | \r | |
1001 | /**\r | |
1002 | Copy AuthSessionIn from TPM2 response buffer.\r | |
1003 | \r | |
1004 | @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer\r | |
1005 | @param [out] AuthSessionOut Output AuthSession data\r | |
1006 | \r | |
1007 | @return AuthSession size\r | |
1008 | **/\r | |
1009 | UINT32\r | |
1010 | EFIAPI\r | |
1011 | CopyAuthSessionResponse (\r | |
1012 | IN UINT8 *AuthSessionIn,\r | |
1013 | OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL\r | |
1014 | );\r | |
1015 | \r | |
1016 | /**\r | |
1017 | Return size of digest.\r | |
1018 | \r | |
1019 | @param[in] HashAlgo Hash algorithm\r | |
1020 | \r | |
1021 | @return size of digest\r | |
1022 | **/\r | |
1023 | UINT16\r | |
1024 | EFIAPI\r | |
1025 | GetHashSizeFromAlgo (\r | |
1026 | IN TPMI_ALG_HASH HashAlgo\r | |
1027 | );\r | |
1028 | \r | |
b8ae1f4d SZ |
1029 | /**\r |
1030 | Get hash mask from algorithm.\r | |
1031 | \r | |
1032 | @param[in] HashAlgo Hash algorithm\r | |
1033 | \r | |
1034 | @return Hash mask\r | |
1035 | **/\r | |
1036 | UINT32\r | |
1037 | EFIAPI\r | |
1038 | GetHashMaskFromAlgo (\r | |
1039 | IN TPMI_ALG_HASH HashAlgo\r | |
1040 | );\r | |
1041 | \r | |
697c30b1 SZ |
1042 | /**\r |
1043 | Return if hash alg is supported in HashAlgorithmMask.\r | |
1044 | \r | |
1045 | @param HashAlg Hash algorithm to be checked.\r | |
1046 | @param HashAlgorithmMask Bitfield of allowed hash algorithms.\r | |
1047 | \r | |
1048 | @retval TRUE Hash algorithm is supported.\r | |
1049 | @retval FALSE Hash algorithm is not supported.\r | |
1050 | **/\r | |
1051 | BOOLEAN\r | |
1052 | EFIAPI\r | |
1053 | IsHashAlgSupportedInHashAlgorithmMask(\r | |
1054 | IN TPMI_ALG_HASH HashAlg,\r | |
1055 | IN UINT32 HashAlgorithmMask\r | |
1056 | );\r | |
1057 | \r | |
f5e34e37 JY |
1058 | /**\r |
1059 | Copy TPML_DIGEST_VALUES into a buffer\r | |
1060 | \r | |
ae1a4284 | 1061 | @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary.\r |
f5e34e37 JY |
1062 | @param[in] DigestList TPML_DIGEST_VALUES to be copied.\r |
1063 | @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.\r | |
1064 | \r | |
1065 | @return The end of buffer to hold TPML_DIGEST_VALUES.\r | |
1066 | **/\r | |
1067 | VOID *\r | |
1068 | EFIAPI\r | |
1069 | CopyDigestListToBuffer(\r | |
1070 | IN OUT VOID *Buffer,\r | |
1071 | IN TPML_DIGEST_VALUES *DigestList,\r | |
1072 | IN UINT32 HashAlgorithmMask\r | |
1073 | );\r | |
1074 | \r | |
77e55cf4 JY |
1075 | /**\r |
1076 | Get TPML_DIGEST_VALUES data size.\r | |
1077 | \r | |
1078 | @param[in] DigestList TPML_DIGEST_VALUES data.\r | |
1079 | \r | |
1080 | @return TPML_DIGEST_VALUES data size.\r | |
1081 | **/\r | |
1082 | UINT32\r | |
1083 | EFIAPI\r | |
1084 | GetDigestListSize(\r | |
1085 | IN TPML_DIGEST_VALUES *DigestList\r | |
1086 | );\r | |
1087 | \r | |
d4b9b2c3 JY |
1088 | /**\r |
1089 | This function get digest from digest list.\r | |
1090 | \r | |
f28ab849 SZ |
1091 | @param[in] HashAlg Digest algorithm\r |
1092 | @param[in] DigestList Digest list\r | |
1093 | @param[out] Digest Digest\r | |
d4b9b2c3 | 1094 | \r |
f28ab849 SZ |
1095 | @retval EFI_SUCCESS Digest is found and returned.\r |
1096 | @retval EFI_NOT_FOUND Digest is not found.\r | |
d4b9b2c3 JY |
1097 | **/\r |
1098 | EFI_STATUS\r | |
1099 | EFIAPI\r | |
1100 | GetDigestFromDigestList(\r | |
1101 | IN TPMI_ALG_HASH HashAlg,\r | |
1102 | IN TPML_DIGEST_VALUES *DigestList,\r | |
f28ab849 | 1103 | OUT VOID *Digest\r |
d4b9b2c3 JY |
1104 | );\r |
1105 | \r | |
c1d93242 | 1106 | #endif\r |