2 Implement TPM2 Hierarchy related command.
4 Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
25 TPM2_COMMAND_HEADER Header
;
26 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
27 UINT32 AuthSessionSize
;
28 TPMS_AUTH_COMMAND AuthSession
;
29 TPM2B_DIGEST AuthPolicy
;
30 TPMI_ALG_HASH HashAlg
;
31 } TPM2_SET_PRIMARY_POLICY_COMMAND
;
34 TPM2_RESPONSE_HEADER Header
;
35 UINT32 AuthSessionSize
;
36 TPMS_AUTH_RESPONSE AuthSession
;
37 } TPM2_SET_PRIMARY_POLICY_RESPONSE
;
40 TPM2_COMMAND_HEADER Header
;
41 TPMI_RH_CLEAR AuthHandle
;
42 UINT32 AuthorizationSize
;
43 TPMS_AUTH_COMMAND AuthSession
;
47 TPM2_RESPONSE_HEADER Header
;
49 TPMS_AUTH_RESPONSE AuthSession
;
50 } TPM2_CLEAR_RESPONSE
;
53 TPM2_COMMAND_HEADER Header
;
54 TPMI_RH_CLEAR AuthHandle
;
55 UINT32 AuthorizationSize
;
56 TPMS_AUTH_COMMAND AuthSession
;
58 } TPM2_CLEAR_CONTROL_COMMAND
;
61 TPM2_RESPONSE_HEADER Header
;
63 TPMS_AUTH_RESPONSE AuthSession
;
64 } TPM2_CLEAR_CONTROL_RESPONSE
;
67 TPM2_COMMAND_HEADER Header
;
68 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
69 UINT32 AuthorizationSize
;
70 TPMS_AUTH_COMMAND AuthSession
;
72 } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND
;
75 TPM2_RESPONSE_HEADER Header
;
77 TPMS_AUTH_RESPONSE AuthSession
;
78 } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE
;
81 TPM2_COMMAND_HEADER Header
;
82 TPMI_RH_PLATFORM AuthHandle
;
83 UINT32 AuthorizationSize
;
84 TPMS_AUTH_COMMAND AuthSession
;
85 } TPM2_CHANGE_EPS_COMMAND
;
88 TPM2_RESPONSE_HEADER Header
;
90 TPMS_AUTH_RESPONSE AuthSession
;
91 } TPM2_CHANGE_EPS_RESPONSE
;
94 TPM2_COMMAND_HEADER Header
;
95 TPMI_RH_PLATFORM AuthHandle
;
96 UINT32 AuthorizationSize
;
97 TPMS_AUTH_COMMAND AuthSession
;
98 } TPM2_CHANGE_PPS_COMMAND
;
101 TPM2_RESPONSE_HEADER Header
;
102 UINT32 ParameterSize
;
103 TPMS_AUTH_RESPONSE AuthSession
;
104 } TPM2_CHANGE_PPS_RESPONSE
;
107 TPM2_COMMAND_HEADER Header
;
108 TPMI_RH_HIERARCHY AuthHandle
;
109 UINT32 AuthorizationSize
;
110 TPMS_AUTH_COMMAND AuthSession
;
111 TPMI_RH_HIERARCHY Hierarchy
;
113 } TPM2_HIERARCHY_CONTROL_COMMAND
;
116 TPM2_RESPONSE_HEADER Header
;
117 UINT32 ParameterSize
;
118 TPMS_AUTH_RESPONSE AuthSession
;
119 } TPM2_HIERARCHY_CONTROL_RESPONSE
;
124 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
125 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
127 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
128 @param[in] AuthSession Auth Session context
129 @param[in] AuthPolicy An authorization policy hash
130 @param[in] HashAlg The hash algorithm to use for the policy
132 @retval EFI_SUCCESS Operation completed successfully.
133 @retval EFI_DEVICE_ERROR Unexpected device behavior.
137 Tpm2SetPrimaryPolicy (
138 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
139 IN TPMS_AUTH_COMMAND
*AuthSession
,
140 IN TPM2B_DIGEST
*AuthPolicy
,
141 IN TPMI_ALG_HASH HashAlg
145 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer
;
146 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer
;
147 UINT32 SendBufferSize
;
148 UINT32 RecvBufferSize
;
150 UINT32 SessionInfoSize
;
155 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
156 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_SetPrimaryPolicy
);
158 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
161 // Add in Auth session
163 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
166 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
167 Buffer
+= SessionInfoSize
;
168 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
173 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(AuthPolicy
->size
));
174 Buffer
+= sizeof(UINT16
);
175 CopyMem (Buffer
, AuthPolicy
->buffer
, AuthPolicy
->size
);
176 Buffer
+= AuthPolicy
->size
;
177 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(HashAlg
));
178 Buffer
+= sizeof(UINT16
);
180 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
181 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
186 RecvBufferSize
= sizeof (RecvBuffer
);
187 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
188 if (EFI_ERROR (Status
)) {
192 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
193 DEBUG ((EFI_D_ERROR
, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize
));
194 Status
= EFI_DEVICE_ERROR
;
197 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
198 DEBUG ((EFI_D_ERROR
, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
199 Status
= EFI_DEVICE_ERROR
;
205 // Clear AuthSession Content
207 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
208 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
213 This command removes all TPM context associated with a specific Owner.
215 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
216 @param[in] AuthSession Auth Session context
218 @retval EFI_SUCCESS Operation completed successfully.
219 @retval EFI_DEVICE_ERROR Unexpected device behavior.
224 IN TPMI_RH_CLEAR AuthHandle
,
225 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
229 TPM2_CLEAR_COMMAND Cmd
;
230 TPM2_CLEAR_RESPONSE Res
;
231 UINT32 ResultBufSize
;
235 UINT32 SessionInfoSize
;
237 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
238 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_Clear
);
239 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
242 // Add in Auth session
244 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
247 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
248 Buffer
+= SessionInfoSize
;
249 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
251 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
252 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
254 ResultBufSize
= sizeof(Res
);
255 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
256 if (EFI_ERROR(Status
)) {
260 if (ResultBufSize
> sizeof(Res
)) {
261 DEBUG ((EFI_D_ERROR
, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
262 Status
= EFI_BUFFER_TOO_SMALL
;
267 // Validate response headers
269 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
270 if (RespSize
> sizeof(Res
)) {
271 DEBUG ((EFI_D_ERROR
, "Clear: Response size too large! %d\r\n", RespSize
));
272 Status
= EFI_BUFFER_TOO_SMALL
;
277 // Fail if command failed
279 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
280 DEBUG ((EFI_D_ERROR
, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
281 Status
= EFI_DEVICE_ERROR
;
286 // Unmarshal the response
292 // Clear AuthSession Content
294 ZeroMem (&Cmd
, sizeof(Cmd
));
295 ZeroMem (&Res
, sizeof(Res
));
300 Disables and enables the execution of TPM2_Clear().
302 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
303 @param[in] AuthSession Auth Session context
304 @param[in] Disable YES if the disableOwnerClear flag is to be SET,
305 NO if the flag is to be CLEAR.
307 @retval EFI_SUCCESS Operation completed successfully.
308 @retval EFI_DEVICE_ERROR Unexpected device behavior.
313 IN TPMI_RH_CLEAR AuthHandle
,
314 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
315 IN TPMI_YES_NO Disable
319 TPM2_CLEAR_CONTROL_COMMAND Cmd
;
320 TPM2_CLEAR_CONTROL_RESPONSE Res
;
321 UINT32 ResultBufSize
;
325 UINT32 SessionInfoSize
;
327 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
328 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ClearControl
);
329 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
332 // Add in Auth session
334 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
337 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
338 Buffer
+= SessionInfoSize
;
339 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
342 *(UINT8
*)Buffer
= Disable
;
345 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
346 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
348 ResultBufSize
= sizeof(Res
);
349 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
350 if (EFI_ERROR(Status
)) {
354 if (ResultBufSize
> sizeof(Res
)) {
355 DEBUG ((EFI_D_ERROR
, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
356 Status
= EFI_BUFFER_TOO_SMALL
;
361 // Validate response headers
363 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
364 if (RespSize
> sizeof(Res
)) {
365 DEBUG ((EFI_D_ERROR
, "ClearControl: Response size too large! %d\r\n", RespSize
));
366 Status
= EFI_BUFFER_TOO_SMALL
;
371 // Fail if command failed
373 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
374 DEBUG ((EFI_D_ERROR
, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
375 Status
= EFI_DEVICE_ERROR
;
380 // Unmarshal the response
386 // Clear AuthSession Content
388 ZeroMem (&Cmd
, sizeof(Cmd
));
389 ZeroMem (&Res
, sizeof(Res
));
394 This command allows the authorization secret for a hierarchy or lockout to be changed using the current
395 authorization value as the command authorization.
397 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
398 @param[in] AuthSession Auth Session context
399 @param[in] NewAuth New authorization secret
401 @retval EFI_SUCCESS Operation completed successfully.
402 @retval EFI_DEVICE_ERROR Unexpected device behavior.
406 Tpm2HierarchyChangeAuth (
407 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
408 IN TPMS_AUTH_COMMAND
*AuthSession
,
409 IN TPM2B_AUTH
*NewAuth
413 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd
;
414 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res
;
418 UINT32 SessionInfoSize
;
420 UINT32 ResultBufSize
;
425 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
426 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
427 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_HierarchyChangeAuth
);
428 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
431 // Add in Auth session
433 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
436 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
437 Buffer
+= SessionInfoSize
;
438 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
440 // New Authorization size
441 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(NewAuth
->size
));
442 Buffer
+= sizeof(UINT16
);
444 // New Authorizeation
445 CopyMem(Buffer
, NewAuth
->buffer
, NewAuth
->size
);
446 Buffer
+= NewAuth
->size
;
448 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
449 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
451 ResultBuf
= (UINT8
*) &Res
;
452 ResultBufSize
= sizeof(Res
);
457 Status
= Tpm2SubmitCommand (
463 if (EFI_ERROR(Status
)) {
467 if (ResultBufSize
> sizeof(Res
)) {
468 DEBUG ((EFI_D_ERROR
, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
469 Status
= EFI_BUFFER_TOO_SMALL
;
474 // Validate response headers
476 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
477 if (RespSize
> sizeof(Res
)) {
478 DEBUG ((EFI_D_ERROR
, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize
));
479 Status
= EFI_BUFFER_TOO_SMALL
;
484 // Fail if command failed
486 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
487 DEBUG((EFI_D_ERROR
,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
488 Status
= EFI_DEVICE_ERROR
;
494 // Clear AuthSession Content
496 ZeroMem (&Cmd
, sizeof(Cmd
));
497 ZeroMem (&Res
, sizeof(Res
));
502 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
503 their default initialization values.
505 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
506 @param[in] AuthSession Auth Session context
508 @retval EFI_SUCCESS Operation completed successfully.
509 @retval EFI_DEVICE_ERROR Unexpected device behavior.
514 IN TPMI_RH_PLATFORM AuthHandle
,
515 IN TPMS_AUTH_COMMAND
*AuthSession
519 TPM2_CHANGE_EPS_COMMAND Cmd
;
520 TPM2_CHANGE_EPS_RESPONSE Res
;
524 UINT32 SessionInfoSize
;
526 UINT32 ResultBufSize
;
531 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
532 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
533 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ChangeEPS
);
534 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
537 // Add in Auth session
539 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
542 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
543 Buffer
+= SessionInfoSize
;
544 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
546 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
547 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
549 ResultBuf
= (UINT8
*) &Res
;
550 ResultBufSize
= sizeof(Res
);
555 Status
= Tpm2SubmitCommand (
561 if (EFI_ERROR(Status
)) {
565 if (ResultBufSize
> sizeof(Res
)) {
566 DEBUG ((EFI_D_ERROR
, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
567 Status
= EFI_BUFFER_TOO_SMALL
;
572 // Validate response headers
574 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
575 if (RespSize
> sizeof(Res
)) {
576 DEBUG ((EFI_D_ERROR
, "ChangeEPS: Response size too large! %d\r\n", RespSize
));
577 Status
= EFI_BUFFER_TOO_SMALL
;
582 // Fail if command failed
584 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
585 DEBUG((EFI_D_ERROR
,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
586 Status
= EFI_DEVICE_ERROR
;
592 // Clear AuthSession Content
594 ZeroMem (&Cmd
, sizeof(Cmd
));
595 ZeroMem (&Res
, sizeof(Res
));
600 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
601 initialization value (the Empty Buffer).
603 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
604 @param[in] AuthSession Auth Session context
606 @retval EFI_SUCCESS Operation completed successfully.
607 @retval EFI_DEVICE_ERROR Unexpected device behavior.
612 IN TPMI_RH_PLATFORM AuthHandle
,
613 IN TPMS_AUTH_COMMAND
*AuthSession
617 TPM2_CHANGE_PPS_COMMAND Cmd
;
618 TPM2_CHANGE_PPS_RESPONSE Res
;
622 UINT32 SessionInfoSize
;
624 UINT32 ResultBufSize
;
629 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
630 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
631 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ChangePPS
);
632 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
635 // Add in Auth session
637 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
640 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
641 Buffer
+= SessionInfoSize
;
642 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
644 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
645 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
647 ResultBuf
= (UINT8
*) &Res
;
648 ResultBufSize
= sizeof(Res
);
653 Status
= Tpm2SubmitCommand (
659 if (EFI_ERROR(Status
)) {
663 if (ResultBufSize
> sizeof(Res
)) {
664 DEBUG ((EFI_D_ERROR
, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
665 Status
= EFI_BUFFER_TOO_SMALL
;
670 // Validate response headers
672 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
673 if (RespSize
> sizeof(Res
)) {
674 DEBUG ((EFI_D_ERROR
, "ChangePPS: Response size too large! %d\r\n", RespSize
));
675 Status
= EFI_BUFFER_TOO_SMALL
;
680 // Fail if command failed
682 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
683 DEBUG((EFI_D_ERROR
,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
684 Status
= EFI_DEVICE_ERROR
;
690 // Clear AuthSession Content
692 ZeroMem (&Cmd
, sizeof(Cmd
));
693 ZeroMem (&Res
, sizeof(Res
));
698 This command enables and disables use of a hierarchy.
700 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
701 @param[in] AuthSession Auth Session context
702 @param[in] Hierarchy Hierarchy of the enable being modified
703 @param[in] State YES if the enable should be SET,
704 NO if the enable should be CLEAR
706 @retval EFI_SUCCESS Operation completed successfully.
707 @retval EFI_DEVICE_ERROR Unexpected device behavior.
711 Tpm2HierarchyControl (
712 IN TPMI_RH_HIERARCHY AuthHandle
,
713 IN TPMS_AUTH_COMMAND
*AuthSession
,
714 IN TPMI_RH_HIERARCHY Hierarchy
,
719 TPM2_HIERARCHY_CONTROL_COMMAND Cmd
;
720 TPM2_HIERARCHY_CONTROL_RESPONSE Res
;
724 UINT32 SessionInfoSize
;
726 UINT32 ResultBufSize
;
731 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
732 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
733 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_HierarchyControl
);
734 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
737 // Add in Auth session
739 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
742 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
743 Buffer
+= SessionInfoSize
;
744 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
746 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(Hierarchy
));
747 Buffer
+= sizeof(UINT32
);
749 *(UINT8
*)Buffer
= State
;
752 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
753 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
755 ResultBuf
= (UINT8
*) &Res
;
756 ResultBufSize
= sizeof(Res
);
761 Status
= Tpm2SubmitCommand (
767 if (EFI_ERROR(Status
)) {
771 if (ResultBufSize
> sizeof(Res
)) {
772 DEBUG ((EFI_D_ERROR
, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
773 Status
= EFI_BUFFER_TOO_SMALL
;
778 // Validate response headers
780 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
781 if (RespSize
> sizeof(Res
)) {
782 DEBUG ((EFI_D_ERROR
, "HierarchyControl: Response size too large! %d\r\n", RespSize
));
783 Status
= EFI_BUFFER_TOO_SMALL
;
788 // Fail if command failed
790 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
791 DEBUG((EFI_D_ERROR
,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
792 Status
= EFI_DEVICE_ERROR
;
798 // Clear AuthSession Content
800 ZeroMem (&Cmd
, sizeof(Cmd
));
801 ZeroMem (&Res
, sizeof(Res
));