2 Implement TPM2 Hierarchy related command.
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
19 TPM2_COMMAND_HEADER Header
;
20 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
21 UINT32 AuthSessionSize
;
22 TPMS_AUTH_COMMAND AuthSession
;
23 TPM2B_DIGEST AuthPolicy
;
24 TPMI_ALG_HASH HashAlg
;
25 } TPM2_SET_PRIMARY_POLICY_COMMAND
;
28 TPM2_RESPONSE_HEADER Header
;
29 UINT32 AuthSessionSize
;
30 TPMS_AUTH_RESPONSE AuthSession
;
31 } TPM2_SET_PRIMARY_POLICY_RESPONSE
;
34 TPM2_COMMAND_HEADER Header
;
35 TPMI_RH_CLEAR AuthHandle
;
36 UINT32 AuthorizationSize
;
37 TPMS_AUTH_COMMAND AuthSession
;
41 TPM2_RESPONSE_HEADER Header
;
43 TPMS_AUTH_RESPONSE AuthSession
;
44 } TPM2_CLEAR_RESPONSE
;
47 TPM2_COMMAND_HEADER Header
;
48 TPMI_RH_CLEAR AuthHandle
;
49 UINT32 AuthorizationSize
;
50 TPMS_AUTH_COMMAND AuthSession
;
52 } TPM2_CLEAR_CONTROL_COMMAND
;
55 TPM2_RESPONSE_HEADER Header
;
57 TPMS_AUTH_RESPONSE AuthSession
;
58 } TPM2_CLEAR_CONTROL_RESPONSE
;
61 TPM2_COMMAND_HEADER Header
;
62 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
63 UINT32 AuthorizationSize
;
64 TPMS_AUTH_COMMAND AuthSession
;
66 } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND
;
69 TPM2_RESPONSE_HEADER Header
;
71 TPMS_AUTH_RESPONSE AuthSession
;
72 } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE
;
75 TPM2_COMMAND_HEADER Header
;
76 TPMI_RH_PLATFORM AuthHandle
;
77 UINT32 AuthorizationSize
;
78 TPMS_AUTH_COMMAND AuthSession
;
79 } TPM2_CHANGE_EPS_COMMAND
;
82 TPM2_RESPONSE_HEADER Header
;
84 TPMS_AUTH_RESPONSE AuthSession
;
85 } TPM2_CHANGE_EPS_RESPONSE
;
88 TPM2_COMMAND_HEADER Header
;
89 TPMI_RH_PLATFORM AuthHandle
;
90 UINT32 AuthorizationSize
;
91 TPMS_AUTH_COMMAND AuthSession
;
92 } TPM2_CHANGE_PPS_COMMAND
;
95 TPM2_RESPONSE_HEADER Header
;
97 TPMS_AUTH_RESPONSE AuthSession
;
98 } TPM2_CHANGE_PPS_RESPONSE
;
101 TPM2_COMMAND_HEADER Header
;
102 TPMI_RH_HIERARCHY AuthHandle
;
103 UINT32 AuthorizationSize
;
104 TPMS_AUTH_COMMAND AuthSession
;
105 TPMI_RH_HIERARCHY Hierarchy
;
107 } TPM2_HIERARCHY_CONTROL_COMMAND
;
110 TPM2_RESPONSE_HEADER Header
;
111 UINT32 ParameterSize
;
112 TPMS_AUTH_RESPONSE AuthSession
;
113 } TPM2_HIERARCHY_CONTROL_RESPONSE
;
118 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
119 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
121 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
122 @param[in] AuthSession Auth Session context
123 @param[in] AuthPolicy An authorization policy hash
124 @param[in] HashAlg The hash algorithm to use for the policy
126 @retval EFI_SUCCESS Operation completed successfully.
127 @retval EFI_DEVICE_ERROR Unexpected device behavior.
131 Tpm2SetPrimaryPolicy (
132 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
133 IN TPMS_AUTH_COMMAND
*AuthSession
,
134 IN TPM2B_DIGEST
*AuthPolicy
,
135 IN TPMI_ALG_HASH HashAlg
139 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer
;
140 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer
;
141 UINT32 SendBufferSize
;
142 UINT32 RecvBufferSize
;
144 UINT32 SessionInfoSize
;
149 SendBuffer
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
150 SendBuffer
.Header
.commandCode
= SwapBytes32 (TPM_CC_SetPrimaryPolicy
);
152 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
155 // Add in Auth session
157 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
160 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
161 Buffer
+= SessionInfoSize
;
162 SendBuffer
.AuthSessionSize
= SwapBytes32 (SessionInfoSize
);
167 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (AuthPolicy
->size
));
168 Buffer
+= sizeof (UINT16
);
169 CopyMem (Buffer
, AuthPolicy
->buffer
, AuthPolicy
->size
);
170 Buffer
+= AuthPolicy
->size
;
171 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (HashAlg
));
172 Buffer
+= sizeof (UINT16
);
174 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
175 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
180 RecvBufferSize
= sizeof (RecvBuffer
);
181 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
182 if (EFI_ERROR (Status
)) {
186 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
187 DEBUG ((DEBUG_ERROR
, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize
));
188 Status
= EFI_DEVICE_ERROR
;
192 if (SwapBytes32 (RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
193 DEBUG ((DEBUG_ERROR
, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer
.Header
.responseCode
)));
194 Status
= EFI_DEVICE_ERROR
;
200 // Clear AuthSession Content
202 ZeroMem (&SendBuffer
, sizeof (SendBuffer
));
203 ZeroMem (&RecvBuffer
, sizeof (RecvBuffer
));
208 This command removes all TPM context associated with a specific Owner.
210 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
211 @param[in] AuthSession Auth Session context
213 @retval EFI_SUCCESS Operation completed successfully.
214 @retval EFI_DEVICE_ERROR Unexpected device behavior.
219 IN TPMI_RH_CLEAR AuthHandle
,
220 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
224 TPM2_CLEAR_COMMAND Cmd
;
225 TPM2_CLEAR_RESPONSE Res
;
226 UINT32 ResultBufSize
;
230 UINT32 SessionInfoSize
;
232 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
233 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_Clear
);
234 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
237 // Add in Auth session
239 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
242 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
243 Buffer
+= SessionInfoSize
;
244 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
246 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
247 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
249 ResultBufSize
= sizeof (Res
);
250 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
251 if (EFI_ERROR (Status
)) {
255 if (ResultBufSize
> sizeof (Res
)) {
256 DEBUG ((DEBUG_ERROR
, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
257 Status
= EFI_BUFFER_TOO_SMALL
;
262 // Validate response headers
264 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
265 if (RespSize
> sizeof (Res
)) {
266 DEBUG ((DEBUG_ERROR
, "Clear: Response size too large! %d\r\n", RespSize
));
267 Status
= EFI_BUFFER_TOO_SMALL
;
272 // Fail if command failed
274 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
275 DEBUG ((DEBUG_ERROR
, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
276 Status
= EFI_DEVICE_ERROR
;
281 // Unmarshal the response
287 // Clear AuthSession Content
289 ZeroMem (&Cmd
, sizeof (Cmd
));
290 ZeroMem (&Res
, sizeof (Res
));
295 Disables and enables the execution of TPM2_Clear().
297 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
298 @param[in] AuthSession Auth Session context
299 @param[in] Disable YES if the disableOwnerClear flag is to be SET,
300 NO if the flag is to be CLEAR.
302 @retval EFI_SUCCESS Operation completed successfully.
303 @retval EFI_DEVICE_ERROR Unexpected device behavior.
308 IN TPMI_RH_CLEAR AuthHandle
,
309 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
,
310 IN TPMI_YES_NO Disable
314 TPM2_CLEAR_CONTROL_COMMAND Cmd
;
315 TPM2_CLEAR_CONTROL_RESPONSE Res
;
316 UINT32 ResultBufSize
;
320 UINT32 SessionInfoSize
;
322 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
323 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_ClearControl
);
324 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
327 // Add in Auth session
329 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
332 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
333 Buffer
+= SessionInfoSize
;
334 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
337 *(UINT8
*)Buffer
= Disable
;
340 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
341 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
343 ResultBufSize
= sizeof (Res
);
344 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
345 if (EFI_ERROR (Status
)) {
349 if (ResultBufSize
> sizeof (Res
)) {
350 DEBUG ((DEBUG_ERROR
, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
351 Status
= EFI_BUFFER_TOO_SMALL
;
356 // Validate response headers
358 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
359 if (RespSize
> sizeof (Res
)) {
360 DEBUG ((DEBUG_ERROR
, "ClearControl: Response size too large! %d\r\n", RespSize
));
361 Status
= EFI_BUFFER_TOO_SMALL
;
366 // Fail if command failed
368 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
369 DEBUG ((DEBUG_ERROR
, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
370 Status
= EFI_DEVICE_ERROR
;
375 // Unmarshal the response
381 // Clear AuthSession Content
383 ZeroMem (&Cmd
, sizeof (Cmd
));
384 ZeroMem (&Res
, sizeof (Res
));
389 This command allows the authorization secret for a hierarchy or lockout to be changed using the current
390 authorization value as the command authorization.
392 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
393 @param[in] AuthSession Auth Session context
394 @param[in] NewAuth New authorization secret
396 @retval EFI_SUCCESS Operation completed successfully.
397 @retval EFI_DEVICE_ERROR Unexpected device behavior.
401 Tpm2HierarchyChangeAuth (
402 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
403 IN TPMS_AUTH_COMMAND
*AuthSession
,
404 IN TPM2B_AUTH
*NewAuth
408 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd
;
409 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res
;
413 UINT32 SessionInfoSize
;
415 UINT32 ResultBufSize
;
420 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
421 Cmd
.Header
.paramSize
= SwapBytes32 (sizeof (Cmd
));
422 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_HierarchyChangeAuth
);
423 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
426 // Add in Auth session
428 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
431 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
432 Buffer
+= SessionInfoSize
;
433 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
435 // New Authorization size
436 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NewAuth
->size
));
437 Buffer
+= sizeof (UINT16
);
440 CopyMem (Buffer
, NewAuth
->buffer
, NewAuth
->size
);
441 Buffer
+= NewAuth
->size
;
443 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
444 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
446 ResultBuf
= (UINT8
*)&Res
;
447 ResultBufSize
= sizeof (Res
);
452 Status
= Tpm2SubmitCommand (
458 if (EFI_ERROR (Status
)) {
462 if (ResultBufSize
> sizeof (Res
)) {
463 DEBUG ((DEBUG_ERROR
, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
464 Status
= EFI_BUFFER_TOO_SMALL
;
469 // Validate response headers
471 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
472 if (RespSize
> sizeof (Res
)) {
473 DEBUG ((DEBUG_ERROR
, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize
));
474 Status
= EFI_BUFFER_TOO_SMALL
;
479 // Fail if command failed
481 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
482 DEBUG ((DEBUG_ERROR
, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
483 Status
= EFI_DEVICE_ERROR
;
489 // Clear AuthSession Content
491 ZeroMem (&Cmd
, sizeof (Cmd
));
492 ZeroMem (&Res
, sizeof (Res
));
497 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
498 their default initialization values.
500 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
501 @param[in] AuthSession Auth Session context
503 @retval EFI_SUCCESS Operation completed successfully.
504 @retval EFI_DEVICE_ERROR Unexpected device behavior.
509 IN TPMI_RH_PLATFORM AuthHandle
,
510 IN TPMS_AUTH_COMMAND
*AuthSession
514 TPM2_CHANGE_EPS_COMMAND Cmd
;
515 TPM2_CHANGE_EPS_RESPONSE Res
;
519 UINT32 SessionInfoSize
;
521 UINT32 ResultBufSize
;
526 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
527 Cmd
.Header
.paramSize
= SwapBytes32 (sizeof (Cmd
));
528 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_ChangeEPS
);
529 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
532 // Add in Auth session
534 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
537 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
538 Buffer
+= SessionInfoSize
;
539 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
541 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
542 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
544 ResultBuf
= (UINT8
*)&Res
;
545 ResultBufSize
= sizeof (Res
);
550 Status
= Tpm2SubmitCommand (
556 if (EFI_ERROR (Status
)) {
560 if (ResultBufSize
> sizeof (Res
)) {
561 DEBUG ((DEBUG_ERROR
, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
562 Status
= EFI_BUFFER_TOO_SMALL
;
567 // Validate response headers
569 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
570 if (RespSize
> sizeof (Res
)) {
571 DEBUG ((DEBUG_ERROR
, "ChangeEPS: Response size too large! %d\r\n", RespSize
));
572 Status
= EFI_BUFFER_TOO_SMALL
;
577 // Fail if command failed
579 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
580 DEBUG ((DEBUG_ERROR
, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
581 Status
= EFI_DEVICE_ERROR
;
587 // Clear AuthSession Content
589 ZeroMem (&Cmd
, sizeof (Cmd
));
590 ZeroMem (&Res
, sizeof (Res
));
595 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
596 initialization value (the Empty Buffer).
598 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
599 @param[in] AuthSession Auth Session context
601 @retval EFI_SUCCESS Operation completed successfully.
602 @retval EFI_DEVICE_ERROR Unexpected device behavior.
607 IN TPMI_RH_PLATFORM AuthHandle
,
608 IN TPMS_AUTH_COMMAND
*AuthSession
612 TPM2_CHANGE_PPS_COMMAND Cmd
;
613 TPM2_CHANGE_PPS_RESPONSE Res
;
617 UINT32 SessionInfoSize
;
619 UINT32 ResultBufSize
;
624 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
625 Cmd
.Header
.paramSize
= SwapBytes32 (sizeof (Cmd
));
626 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_ChangePPS
);
627 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
630 // Add in Auth session
632 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
635 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
636 Buffer
+= SessionInfoSize
;
637 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
639 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
640 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
642 ResultBuf
= (UINT8
*)&Res
;
643 ResultBufSize
= sizeof (Res
);
648 Status
= Tpm2SubmitCommand (
654 if (EFI_ERROR (Status
)) {
658 if (ResultBufSize
> sizeof (Res
)) {
659 DEBUG ((DEBUG_ERROR
, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
660 Status
= EFI_BUFFER_TOO_SMALL
;
665 // Validate response headers
667 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
668 if (RespSize
> sizeof (Res
)) {
669 DEBUG ((DEBUG_ERROR
, "ChangePPS: Response size too large! %d\r\n", RespSize
));
670 Status
= EFI_BUFFER_TOO_SMALL
;
675 // Fail if command failed
677 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
678 DEBUG ((DEBUG_ERROR
, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
679 Status
= EFI_DEVICE_ERROR
;
685 // Clear AuthSession Content
687 ZeroMem (&Cmd
, sizeof (Cmd
));
688 ZeroMem (&Res
, sizeof (Res
));
693 This command enables and disables use of a hierarchy.
695 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
696 @param[in] AuthSession Auth Session context
697 @param[in] Hierarchy Hierarchy of the enable being modified
698 @param[in] State YES if the enable should be SET,
699 NO if the enable should be CLEAR
701 @retval EFI_SUCCESS Operation completed successfully.
702 @retval EFI_DEVICE_ERROR Unexpected device behavior.
706 Tpm2HierarchyControl (
707 IN TPMI_RH_HIERARCHY AuthHandle
,
708 IN TPMS_AUTH_COMMAND
*AuthSession
,
709 IN TPMI_RH_HIERARCHY Hierarchy
,
714 TPM2_HIERARCHY_CONTROL_COMMAND Cmd
;
715 TPM2_HIERARCHY_CONTROL_RESPONSE Res
;
719 UINT32 SessionInfoSize
;
721 UINT32 ResultBufSize
;
726 Cmd
.Header
.tag
= SwapBytes16 (TPM_ST_SESSIONS
);
727 Cmd
.Header
.paramSize
= SwapBytes32 (sizeof (Cmd
));
728 Cmd
.Header
.commandCode
= SwapBytes32 (TPM_CC_HierarchyControl
);
729 Cmd
.AuthHandle
= SwapBytes32 (AuthHandle
);
732 // Add in Auth session
734 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
737 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
738 Buffer
+= SessionInfoSize
;
739 Cmd
.AuthorizationSize
= SwapBytes32 (SessionInfoSize
);
741 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (Hierarchy
));
742 Buffer
+= sizeof (UINT32
);
744 *(UINT8
*)Buffer
= State
;
747 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
748 Cmd
.Header
.paramSize
= SwapBytes32 (CmdSize
);
750 ResultBuf
= (UINT8
*)&Res
;
751 ResultBufSize
= sizeof (Res
);
756 Status
= Tpm2SubmitCommand (
762 if (EFI_ERROR (Status
)) {
766 if (ResultBufSize
> sizeof (Res
)) {
767 DEBUG ((DEBUG_ERROR
, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
768 Status
= EFI_BUFFER_TOO_SMALL
;
773 // Validate response headers
775 RespSize
= SwapBytes32 (Res
.Header
.paramSize
);
776 if (RespSize
> sizeof (Res
)) {
777 DEBUG ((DEBUG_ERROR
, "HierarchyControl: Response size too large! %d\r\n", RespSize
));
778 Status
= EFI_BUFFER_TOO_SMALL
;
783 // Fail if command failed
785 if (SwapBytes32 (Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
786 DEBUG ((DEBUG_ERROR
, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res
.Header
.responseCode
)));
787 Status
= EFI_DEVICE_ERROR
;
793 // Clear AuthSession Content
795 ZeroMem (&Cmd
, sizeof (Cmd
));
796 ZeroMem (&Res
, sizeof (Res
));