]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | Implement TPM2 Hierarchy related command.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
c1d93242 JY |
5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <IndustryStandard/UefiTcgPlatform.h>\r | |
16 | #include <Library/Tpm2CommandLib.h>\r | |
17 | #include <Library/Tpm2DeviceLib.h>\r | |
18 | #include <Library/BaseMemoryLib.h>\r | |
19 | #include <Library/BaseLib.h>\r | |
20 | #include <Library/DebugLib.h>\r | |
21 | \r | |
22 | #pragma pack(1)\r | |
23 | \r | |
967eacca JY |
24 | typedef struct {\r |
25 | TPM2_COMMAND_HEADER Header;\r | |
9093fb92 | 26 | TPMI_RH_HIERARCHY_AUTH AuthHandle;\r |
967eacca JY |
27 | UINT32 AuthSessionSize;\r |
28 | TPMS_AUTH_COMMAND AuthSession;\r | |
29 | TPM2B_DIGEST AuthPolicy;\r | |
30 | TPMI_ALG_HASH HashAlg;\r | |
31 | } TPM2_SET_PRIMARY_POLICY_COMMAND;\r | |
32 | \r | |
33 | typedef struct {\r | |
34 | TPM2_RESPONSE_HEADER Header;\r | |
35 | UINT32 AuthSessionSize;\r | |
36 | TPMS_AUTH_RESPONSE AuthSession;\r | |
37 | } TPM2_SET_PRIMARY_POLICY_RESPONSE;\r | |
38 | \r | |
c1d93242 JY |
39 | typedef struct {\r |
40 | TPM2_COMMAND_HEADER Header;\r | |
41 | TPMI_RH_CLEAR AuthHandle;\r | |
42 | UINT32 AuthorizationSize;\r | |
43 | TPMS_AUTH_COMMAND AuthSession;\r | |
44 | } TPM2_CLEAR_COMMAND;\r | |
45 | \r | |
46 | typedef struct {\r | |
47 | TPM2_RESPONSE_HEADER Header;\r | |
48 | UINT32 ParameterSize;\r | |
49 | TPMS_AUTH_RESPONSE AuthSession;\r | |
50 | } TPM2_CLEAR_RESPONSE;\r | |
51 | \r | |
52 | typedef struct {\r | |
53 | TPM2_COMMAND_HEADER Header;\r | |
54 | TPMI_RH_CLEAR AuthHandle;\r | |
55 | UINT32 AuthorizationSize;\r | |
56 | TPMS_AUTH_COMMAND AuthSession;\r | |
57 | TPMI_YES_NO Disable;\r | |
58 | } TPM2_CLEAR_CONTROL_COMMAND;\r | |
59 | \r | |
60 | typedef struct {\r | |
61 | TPM2_RESPONSE_HEADER Header;\r | |
62 | UINT32 ParameterSize;\r | |
63 | TPMS_AUTH_RESPONSE AuthSession;\r | |
64 | } TPM2_CLEAR_CONTROL_RESPONSE;\r | |
65 | \r | |
66 | typedef struct {\r | |
67 | TPM2_COMMAND_HEADER Header;\r | |
68 | TPMI_RH_HIERARCHY_AUTH AuthHandle;\r | |
69 | UINT32 AuthorizationSize;\r | |
70 | TPMS_AUTH_COMMAND AuthSession;\r | |
71 | TPM2B_AUTH NewAuth;\r | |
72 | } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r | |
73 | \r | |
74 | typedef struct {\r | |
75 | TPM2_RESPONSE_HEADER Header;\r | |
76 | UINT32 ParameterSize;\r | |
77 | TPMS_AUTH_RESPONSE AuthSession;\r | |
78 | } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r | |
79 | \r | |
80 | typedef struct {\r | |
81 | TPM2_COMMAND_HEADER Header;\r | |
82 | TPMI_RH_PLATFORM AuthHandle;\r | |
83 | UINT32 AuthorizationSize;\r | |
84 | TPMS_AUTH_COMMAND AuthSession;\r | |
85 | } TPM2_CHANGE_EPS_COMMAND;\r | |
86 | \r | |
87 | typedef struct {\r | |
88 | TPM2_RESPONSE_HEADER Header;\r | |
89 | UINT32 ParameterSize;\r | |
90 | TPMS_AUTH_RESPONSE AuthSession;\r | |
91 | } TPM2_CHANGE_EPS_RESPONSE;\r | |
92 | \r | |
93 | typedef struct {\r | |
94 | TPM2_COMMAND_HEADER Header;\r | |
95 | TPMI_RH_PLATFORM AuthHandle;\r | |
96 | UINT32 AuthorizationSize;\r | |
97 | TPMS_AUTH_COMMAND AuthSession;\r | |
98 | } TPM2_CHANGE_PPS_COMMAND;\r | |
99 | \r | |
100 | typedef struct {\r | |
101 | TPM2_RESPONSE_HEADER Header;\r | |
102 | UINT32 ParameterSize;\r | |
103 | TPMS_AUTH_RESPONSE AuthSession;\r | |
104 | } TPM2_CHANGE_PPS_RESPONSE;\r | |
105 | \r | |
106 | typedef struct {\r | |
107 | TPM2_COMMAND_HEADER Header;\r | |
108 | TPMI_RH_HIERARCHY AuthHandle;\r | |
109 | UINT32 AuthorizationSize;\r | |
110 | TPMS_AUTH_COMMAND AuthSession;\r | |
111 | TPMI_RH_HIERARCHY Hierarchy;\r | |
112 | TPMI_YES_NO State;\r | |
113 | } TPM2_HIERARCHY_CONTROL_COMMAND;\r | |
114 | \r | |
115 | typedef struct {\r | |
116 | TPM2_RESPONSE_HEADER Header;\r | |
117 | UINT32 ParameterSize;\r | |
118 | TPMS_AUTH_RESPONSE AuthSession;\r | |
119 | } TPM2_HIERARCHY_CONTROL_RESPONSE;\r | |
120 | \r | |
121 | #pragma pack()\r | |
122 | \r | |
967eacca JY |
123 | /**\r |
124 | This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r | |
125 | storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r | |
126 | \r | |
127 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r | |
128 | @param[in] AuthSession Auth Session context\r | |
129 | @param[in] AuthPolicy An authorization policy hash\r | |
130 | @param[in] HashAlg The hash algorithm to use for the policy\r | |
131 | \r | |
132 | @retval EFI_SUCCESS Operation completed successfully.\r | |
133 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
134 | **/\r | |
135 | EFI_STATUS\r | |
136 | EFIAPI\r | |
137 | Tpm2SetPrimaryPolicy (\r | |
138 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
139 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
140 | IN TPM2B_DIGEST *AuthPolicy,\r | |
141 | IN TPMI_ALG_HASH HashAlg\r | |
142 | )\r | |
143 | {\r | |
144 | EFI_STATUS Status;\r | |
145 | TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r | |
146 | TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r | |
147 | UINT32 SendBufferSize;\r | |
148 | UINT32 RecvBufferSize;\r | |
149 | UINT8 *Buffer;\r | |
150 | UINT32 SessionInfoSize;\r | |
151 | \r | |
152 | //\r | |
153 | // Construct command\r | |
154 | //\r | |
155 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
156 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r | |
157 | \r | |
158 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
159 | \r | |
160 | //\r | |
161 | // Add in Auth session\r | |
162 | //\r | |
163 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
164 | \r | |
165 | // sessionInfoSize\r | |
166 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
167 | Buffer += SessionInfoSize;\r | |
168 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
169 | \r | |
170 | //\r | |
171 | // Real data\r | |
172 | //\r | |
173 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r | |
174 | Buffer += sizeof(UINT16);\r | |
175 | CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r | |
176 | Buffer += AuthPolicy->size;\r | |
177 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r | |
178 | Buffer += sizeof(UINT16);\r | |
179 | \r | |
180 | SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r | |
181 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
182 | \r | |
183 | //\r | |
184 | // send Tpm command\r | |
185 | //\r | |
186 | RecvBufferSize = sizeof (RecvBuffer);\r | |
187 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
188 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 189 | goto Done;\r |
967eacca JY |
190 | }\r |
191 | \r | |
192 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
193 | DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r | |
7ae130da JY |
194 | Status = EFI_DEVICE_ERROR;\r |
195 | goto Done;\r | |
967eacca JY |
196 | }\r |
197 | if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
198 | DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r | |
7ae130da JY |
199 | Status = EFI_DEVICE_ERROR;\r |
200 | goto Done;\r | |
967eacca JY |
201 | }\r |
202 | \r | |
7ae130da JY |
203 | Done:\r |
204 | //\r | |
205 | // Clear AuthSession Content\r | |
206 | //\r | |
207 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
208 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
209 | return Status;\r | |
967eacca JY |
210 | }\r |
211 | \r | |
c1d93242 JY |
212 | /**\r |
213 | This command removes all TPM context associated with a specific Owner.\r | |
214 | \r | |
215 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
216 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 217 | \r |
c1d93242 JY |
218 | @retval EFI_SUCCESS Operation completed successfully.\r |
219 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
220 | **/\r | |
221 | EFI_STATUS\r | |
222 | EFIAPI\r | |
223 | Tpm2Clear (\r | |
224 | IN TPMI_RH_CLEAR AuthHandle,\r | |
225 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
226 | )\r | |
227 | {\r | |
228 | EFI_STATUS Status;\r | |
229 | TPM2_CLEAR_COMMAND Cmd;\r | |
230 | TPM2_CLEAR_RESPONSE Res;\r | |
231 | UINT32 ResultBufSize;\r | |
232 | UINT32 CmdSize;\r | |
233 | UINT32 RespSize;\r | |
234 | UINT8 *Buffer;\r | |
235 | UINT32 SessionInfoSize;\r | |
236 | \r | |
237 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
238 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);\r | |
239 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
240 | \r | |
241 | //\r | |
242 | // Add in Auth session\r | |
243 | //\r | |
244 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
245 | \r | |
246 | // sessionInfoSize\r | |
247 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
248 | Buffer += SessionInfoSize;\r | |
249 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
250 | \r | |
251 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
252 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
253 | \r | |
254 | ResultBufSize = sizeof(Res);\r | |
255 | Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r | |
256 | if (EFI_ERROR(Status)) {\r | |
7ae130da | 257 | goto Done;\r |
c1d93242 JY |
258 | }\r |
259 | \r | |
260 | if (ResultBufSize > sizeof(Res)) {\r | |
261 | DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r | |
7ae130da JY |
262 | Status = EFI_BUFFER_TOO_SMALL;\r |
263 | goto Done;\r | |
c1d93242 JY |
264 | }\r |
265 | \r | |
266 | //\r | |
267 | // Validate response headers\r | |
268 | //\r | |
269 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
270 | if (RespSize > sizeof(Res)) {\r | |
271 | DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r | |
7ae130da JY |
272 | Status = EFI_BUFFER_TOO_SMALL;\r |
273 | goto Done;\r | |
c1d93242 JY |
274 | }\r |
275 | \r | |
276 | //\r | |
277 | // Fail if command failed\r | |
278 | //\r | |
279 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
280 | DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r | |
7ae130da JY |
281 | Status = EFI_DEVICE_ERROR;\r |
282 | goto Done;\r | |
c1d93242 JY |
283 | }\r |
284 | \r | |
285 | //\r | |
286 | // Unmarshal the response\r | |
287 | //\r | |
288 | \r | |
289 | // None\r | |
7ae130da JY |
290 | Done:\r |
291 | //\r | |
292 | // Clear AuthSession Content\r | |
293 | //\r | |
294 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
295 | ZeroMem (&Res, sizeof(Res));\r | |
296 | return Status;\r | |
c1d93242 JY |
297 | }\r |
298 | \r | |
299 | /**\r | |
300 | Disables and enables the execution of TPM2_Clear().\r | |
301 | \r | |
302 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
303 | @param[in] AuthSession Auth Session context\r | |
304 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
305 | NO if the flag is to be CLEAR.\r | |
306 | \r | |
307 | @retval EFI_SUCCESS Operation completed successfully.\r | |
308 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
309 | **/\r | |
310 | EFI_STATUS\r | |
311 | EFIAPI\r | |
312 | Tpm2ClearControl (\r | |
313 | IN TPMI_RH_CLEAR AuthHandle,\r | |
314 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
315 | IN TPMI_YES_NO Disable\r | |
316 | )\r | |
317 | {\r | |
318 | EFI_STATUS Status;\r | |
319 | TPM2_CLEAR_CONTROL_COMMAND Cmd;\r | |
320 | TPM2_CLEAR_CONTROL_RESPONSE Res;\r | |
321 | UINT32 ResultBufSize;\r | |
322 | UINT32 CmdSize;\r | |
323 | UINT32 RespSize;\r | |
324 | UINT8 *Buffer;\r | |
325 | UINT32 SessionInfoSize;\r | |
326 | \r | |
327 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
328 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);\r | |
329 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
330 | \r | |
331 | //\r | |
332 | // Add in Auth session\r | |
333 | //\r | |
334 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
335 | \r | |
336 | // sessionInfoSize\r | |
337 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
338 | Buffer += SessionInfoSize;\r | |
339 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
340 | \r | |
341 | // disable\r | |
342 | *(UINT8 *)Buffer = Disable;\r | |
58dbfc3c | 343 | Buffer++;\r |
c1d93242 JY |
344 | \r |
345 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
346 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
347 | \r | |
348 | ResultBufSize = sizeof(Res);\r | |
349 | Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r | |
350 | if (EFI_ERROR(Status)) {\r | |
7ae130da | 351 | goto Done;\r |
c1d93242 JY |
352 | }\r |
353 | \r | |
354 | if (ResultBufSize > sizeof(Res)) {\r | |
355 | DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r | |
7ae130da JY |
356 | Status = EFI_BUFFER_TOO_SMALL;\r |
357 | goto Done;\r | |
c1d93242 JY |
358 | }\r |
359 | \r | |
360 | //\r | |
361 | // Validate response headers\r | |
362 | //\r | |
363 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
364 | if (RespSize > sizeof(Res)) {\r | |
365 | DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r | |
7ae130da JY |
366 | Status = EFI_BUFFER_TOO_SMALL;\r |
367 | goto Done;\r | |
c1d93242 JY |
368 | }\r |
369 | \r | |
370 | //\r | |
371 | // Fail if command failed\r | |
372 | //\r | |
373 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
374 | DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r | |
7ae130da JY |
375 | Status = EFI_DEVICE_ERROR;\r |
376 | goto Done;\r | |
c1d93242 JY |
377 | }\r |
378 | \r | |
379 | //\r | |
380 | // Unmarshal the response\r | |
381 | //\r | |
382 | \r | |
383 | // None\r | |
7ae130da JY |
384 | Done:\r |
385 | //\r | |
386 | // Clear AuthSession Content\r | |
387 | //\r | |
388 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
389 | ZeroMem (&Res, sizeof(Res));\r | |
390 | return Status;\r | |
c1d93242 JY |
391 | }\r |
392 | \r | |
393 | /**\r | |
394 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
395 | authorization value as the command authorization.\r | |
396 | \r | |
397 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
398 | @param[in] AuthSession Auth Session context\r | |
399 | @param[in] NewAuth New authorization secret\r | |
400 | \r | |
401 | @retval EFI_SUCCESS Operation completed successfully.\r | |
402 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
403 | **/\r | |
404 | EFI_STATUS\r | |
405 | EFIAPI\r | |
406 | Tpm2HierarchyChangeAuth (\r | |
407 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
408 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
409 | IN TPM2B_AUTH *NewAuth\r | |
410 | )\r | |
411 | {\r | |
412 | EFI_STATUS Status;\r | |
413 | TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r | |
414 | TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r | |
415 | UINT32 CmdSize;\r | |
416 | UINT32 RespSize;\r | |
417 | UINT8 *Buffer;\r | |
418 | UINT32 SessionInfoSize;\r | |
419 | UINT8 *ResultBuf;\r | |
420 | UINT32 ResultBufSize;\r | |
421 | \r | |
422 | //\r | |
423 | // Construct command\r | |
424 | //\r | |
425 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
426 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
427 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);\r | |
428 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
429 | \r | |
430 | //\r | |
431 | // Add in Auth session\r | |
432 | //\r | |
433 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
434 | \r | |
435 | // sessionInfoSize\r | |
436 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
437 | Buffer += SessionInfoSize;\r | |
438 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
439 | \r | |
440 | // New Authorization size\r | |
441 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));\r | |
442 | Buffer += sizeof(UINT16);\r | |
443 | \r | |
444 | // New Authorizeation\r | |
445 | CopyMem(Buffer, NewAuth->buffer, NewAuth->size);\r | |
446 | Buffer += NewAuth->size;\r | |
447 | \r | |
448 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
449 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
450 | \r | |
451 | ResultBuf = (UINT8 *) &Res;\r | |
452 | ResultBufSize = sizeof(Res);\r | |
453 | \r | |
454 | //\r | |
455 | // Call the TPM\r | |
456 | //\r | |
457 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
458 | CmdSize,\r |
459 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
460 | &ResultBufSize,\r |
461 | ResultBuf\r | |
462 | );\r | |
7ae130da JY |
463 | if (EFI_ERROR(Status)) {\r |
464 | goto Done;\r | |
465 | }\r | |
c1d93242 JY |
466 | \r |
467 | if (ResultBufSize > sizeof(Res)) {\r | |
468 | DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r | |
7ae130da JY |
469 | Status = EFI_BUFFER_TOO_SMALL;\r |
470 | goto Done;\r | |
c1d93242 JY |
471 | }\r |
472 | \r | |
473 | //\r | |
474 | // Validate response headers\r | |
475 | //\r | |
476 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
477 | if (RespSize > sizeof(Res)) {\r | |
478 | DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r | |
7ae130da JY |
479 | Status = EFI_BUFFER_TOO_SMALL;\r |
480 | goto Done;\r | |
c1d93242 JY |
481 | }\r |
482 | \r | |
483 | //\r | |
484 | // Fail if command failed\r | |
485 | //\r | |
486 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
487 | DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r | |
7ae130da JY |
488 | Status = EFI_DEVICE_ERROR;\r |
489 | goto Done;\r | |
c1d93242 JY |
490 | }\r |
491 | \r | |
7ae130da JY |
492 | Done:\r |
493 | //\r | |
494 | // Clear AuthSession Content\r | |
495 | //\r | |
496 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
497 | ZeroMem (&Res, sizeof(Res));\r | |
498 | return Status;\r | |
c1d93242 JY |
499 | }\r |
500 | \r | |
501 | /**\r | |
502 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
503 | their default initialization values.\r | |
504 | \r | |
505 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
506 | @param[in] AuthSession Auth Session context\r | |
507 | \r | |
508 | @retval EFI_SUCCESS Operation completed successfully.\r | |
509 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
510 | **/\r | |
511 | EFI_STATUS\r | |
512 | EFIAPI\r | |
513 | Tpm2ChangeEPS (\r | |
514 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
515 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
516 | )\r | |
517 | {\r | |
518 | EFI_STATUS Status;\r | |
519 | TPM2_CHANGE_EPS_COMMAND Cmd;\r | |
520 | TPM2_CHANGE_EPS_RESPONSE Res;\r | |
521 | UINT32 CmdSize;\r | |
522 | UINT32 RespSize;\r | |
523 | UINT8 *Buffer;\r | |
524 | UINT32 SessionInfoSize;\r | |
525 | UINT8 *ResultBuf;\r | |
526 | UINT32 ResultBufSize;\r | |
527 | \r | |
528 | //\r | |
529 | // Construct command\r | |
530 | //\r | |
531 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
532 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
533 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);\r | |
534 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
535 | \r | |
536 | //\r | |
537 | // Add in Auth session\r | |
538 | //\r | |
539 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
540 | \r | |
541 | // sessionInfoSize\r | |
542 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
543 | Buffer += SessionInfoSize;\r | |
544 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
545 | \r | |
546 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
547 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
548 | \r | |
549 | ResultBuf = (UINT8 *) &Res;\r | |
550 | ResultBufSize = sizeof(Res);\r | |
551 | \r | |
552 | //\r | |
553 | // Call the TPM\r | |
554 | //\r | |
555 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
556 | CmdSize,\r |
557 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
558 | &ResultBufSize,\r |
559 | ResultBuf\r | |
560 | );\r | |
7ae130da JY |
561 | if (EFI_ERROR(Status)) {\r |
562 | goto Done;\r | |
563 | }\r | |
c1d93242 JY |
564 | \r |
565 | if (ResultBufSize > sizeof(Res)) {\r | |
566 | DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r | |
7ae130da JY |
567 | Status = EFI_BUFFER_TOO_SMALL;\r |
568 | goto Done;\r | |
c1d93242 JY |
569 | }\r |
570 | \r | |
571 | //\r | |
572 | // Validate response headers\r | |
573 | //\r | |
574 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
575 | if (RespSize > sizeof(Res)) {\r | |
576 | DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r | |
7ae130da JY |
577 | Status = EFI_BUFFER_TOO_SMALL;\r |
578 | goto Done;\r | |
c1d93242 JY |
579 | }\r |
580 | \r | |
581 | //\r | |
582 | // Fail if command failed\r | |
583 | //\r | |
584 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
585 | DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r | |
7ae130da JY |
586 | Status = EFI_DEVICE_ERROR;\r |
587 | goto Done;\r | |
c1d93242 JY |
588 | }\r |
589 | \r | |
7ae130da JY |
590 | Done:\r |
591 | //\r | |
592 | // Clear AuthSession Content\r | |
593 | //\r | |
594 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
595 | ZeroMem (&Res, sizeof(Res));\r | |
596 | return Status;\r | |
c1d93242 JY |
597 | }\r |
598 | \r | |
599 | /**\r | |
600 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
601 | initialization value (the Empty Buffer).\r | |
602 | \r | |
603 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
604 | @param[in] AuthSession Auth Session context\r | |
605 | \r | |
606 | @retval EFI_SUCCESS Operation completed successfully.\r | |
607 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
608 | **/\r | |
609 | EFI_STATUS\r | |
610 | EFIAPI\r | |
611 | Tpm2ChangePPS (\r | |
612 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
613 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
614 | )\r | |
615 | {\r | |
616 | EFI_STATUS Status;\r | |
617 | TPM2_CHANGE_PPS_COMMAND Cmd;\r | |
618 | TPM2_CHANGE_PPS_RESPONSE Res;\r | |
619 | UINT32 CmdSize;\r | |
620 | UINT32 RespSize;\r | |
621 | UINT8 *Buffer;\r | |
622 | UINT32 SessionInfoSize;\r | |
623 | UINT8 *ResultBuf;\r | |
624 | UINT32 ResultBufSize;\r | |
625 | \r | |
626 | //\r | |
627 | // Construct command\r | |
628 | //\r | |
629 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
630 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
631 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);\r | |
632 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
633 | \r | |
634 | //\r | |
635 | // Add in Auth session\r | |
636 | //\r | |
637 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
638 | \r | |
639 | // sessionInfoSize\r | |
640 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
641 | Buffer += SessionInfoSize;\r | |
642 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
643 | \r | |
644 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
645 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
646 | \r | |
647 | ResultBuf = (UINT8 *) &Res;\r | |
648 | ResultBufSize = sizeof(Res);\r | |
649 | \r | |
650 | //\r | |
651 | // Call the TPM\r | |
652 | //\r | |
653 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
654 | CmdSize,\r |
655 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
656 | &ResultBufSize,\r |
657 | ResultBuf\r | |
658 | );\r | |
7ae130da JY |
659 | if (EFI_ERROR(Status)) {\r |
660 | goto Done;\r | |
661 | }\r | |
c1d93242 JY |
662 | \r |
663 | if (ResultBufSize > sizeof(Res)) {\r | |
664 | DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r | |
7ae130da JY |
665 | Status = EFI_BUFFER_TOO_SMALL;\r |
666 | goto Done;\r | |
c1d93242 JY |
667 | }\r |
668 | \r | |
669 | //\r | |
670 | // Validate response headers\r | |
671 | //\r | |
672 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
673 | if (RespSize > sizeof(Res)) {\r | |
674 | DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r | |
7ae130da JY |
675 | Status = EFI_BUFFER_TOO_SMALL;\r |
676 | goto Done;\r | |
c1d93242 JY |
677 | }\r |
678 | \r | |
679 | //\r | |
680 | // Fail if command failed\r | |
681 | //\r | |
682 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
683 | DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r | |
7ae130da JY |
684 | Status = EFI_DEVICE_ERROR;\r |
685 | goto Done;\r | |
c1d93242 JY |
686 | }\r |
687 | \r | |
7ae130da JY |
688 | Done:\r |
689 | //\r | |
690 | // Clear AuthSession Content\r | |
691 | //\r | |
692 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
693 | ZeroMem (&Res, sizeof(Res));\r | |
694 | return Status;\r | |
c1d93242 JY |
695 | }\r |
696 | \r | |
697 | /**\r | |
698 | This command enables and disables use of a hierarchy.\r | |
699 | \r | |
700 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
701 | @param[in] AuthSession Auth Session context\r | |
702 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
703 | @param[in] State YES if the enable should be SET,\r | |
704 | NO if the enable should be CLEAR\r | |
705 | \r | |
706 | @retval EFI_SUCCESS Operation completed successfully.\r | |
707 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
708 | **/\r | |
709 | EFI_STATUS\r | |
710 | EFIAPI\r | |
711 | Tpm2HierarchyControl (\r | |
712 | IN TPMI_RH_HIERARCHY AuthHandle,\r | |
713 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
714 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
715 | IN TPMI_YES_NO State\r | |
716 | )\r | |
717 | {\r | |
718 | EFI_STATUS Status;\r | |
719 | TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r | |
720 | TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r | |
721 | UINT32 CmdSize;\r | |
722 | UINT32 RespSize;\r | |
723 | UINT8 *Buffer;\r | |
724 | UINT32 SessionInfoSize;\r | |
725 | UINT8 *ResultBuf;\r | |
726 | UINT32 ResultBufSize;\r | |
727 | \r | |
728 | //\r | |
729 | // Construct command\r | |
730 | //\r | |
731 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
732 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
733 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);\r | |
734 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
735 | \r | |
736 | //\r | |
737 | // Add in Auth session\r | |
738 | //\r | |
739 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
740 | \r | |
741 | // sessionInfoSize\r | |
742 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
743 | Buffer += SessionInfoSize;\r | |
744 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
745 | \r | |
746 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));\r | |
747 | Buffer += sizeof(UINT32);\r | |
748 | \r | |
749 | *(UINT8 *)Buffer = State;\r | |
58dbfc3c | 750 | Buffer++;\r |
c1d93242 JY |
751 | \r |
752 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
753 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
754 | \r | |
755 | ResultBuf = (UINT8 *) &Res;\r | |
756 | ResultBufSize = sizeof(Res);\r | |
757 | \r | |
758 | //\r | |
759 | // Call the TPM\r | |
760 | //\r | |
761 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
762 | CmdSize,\r |
763 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
764 | &ResultBufSize,\r |
765 | ResultBuf\r | |
766 | );\r | |
7ae130da JY |
767 | if (EFI_ERROR(Status)) {\r |
768 | goto Done;\r | |
769 | }\r | |
c1d93242 JY |
770 | \r |
771 | if (ResultBufSize > sizeof(Res)) {\r | |
772 | DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r | |
7ae130da JY |
773 | Status = EFI_BUFFER_TOO_SMALL;\r |
774 | goto Done;\r | |
c1d93242 JY |
775 | }\r |
776 | \r | |
777 | //\r | |
778 | // Validate response headers\r | |
779 | //\r | |
780 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
781 | if (RespSize > sizeof(Res)) {\r | |
782 | DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r | |
7ae130da JY |
783 | Status = EFI_BUFFER_TOO_SMALL;\r |
784 | goto Done;\r | |
c1d93242 JY |
785 | }\r |
786 | \r | |
787 | //\r | |
788 | // Fail if command failed\r | |
789 | //\r | |
790 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
791 | DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r | |
7ae130da JY |
792 | Status = EFI_DEVICE_ERROR;\r |
793 | goto Done;\r | |
c1d93242 JY |
794 | }\r |
795 | \r | |
7ae130da JY |
796 | Done:\r |
797 | //\r | |
798 | // Clear AuthSession Content\r | |
799 | //\r | |
800 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
801 | ZeroMem (&Res, sizeof(Res));\r | |
802 | return Status;\r | |
c1d93242 | 803 | }\r |