2 Implement TPM2 NVStorage related command.
4 Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
24 #define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)
26 #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
27 #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)
28 #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)
30 #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
31 #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)
33 #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)
34 #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)
35 #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)
36 #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)
38 #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)
39 #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)
40 #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)
41 #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)
44 TPM2_COMMAND_HEADER Header
;
45 TPMI_RH_NV_INDEX NvIndex
;
46 } TPM2_NV_READPUBLIC_COMMAND
;
49 TPM2_RESPONSE_HEADER Header
;
50 TPM2B_NV_PUBLIC NvPublic
;
52 } TPM2_NV_READPUBLIC_RESPONSE
;
55 TPM2_COMMAND_HEADER Header
;
56 TPMI_RH_PROVISION AuthHandle
;
57 UINT32 AuthSessionSize
;
58 TPMS_AUTH_COMMAND AuthSession
;
60 TPM2B_NV_PUBLIC NvPublic
;
61 } TPM2_NV_DEFINESPACE_COMMAND
;
64 TPM2_RESPONSE_HEADER Header
;
65 UINT32 AuthSessionSize
;
66 TPMS_AUTH_RESPONSE AuthSession
;
67 } TPM2_NV_DEFINESPACE_RESPONSE
;
70 TPM2_COMMAND_HEADER Header
;
71 TPMI_RH_PROVISION AuthHandle
;
72 TPMI_RH_NV_INDEX NvIndex
;
73 UINT32 AuthSessionSize
;
74 TPMS_AUTH_COMMAND AuthSession
;
75 } TPM2_NV_UNDEFINESPACE_COMMAND
;
78 TPM2_RESPONSE_HEADER Header
;
79 UINT32 AuthSessionSize
;
80 TPMS_AUTH_RESPONSE AuthSession
;
81 } TPM2_NV_UNDEFINESPACE_RESPONSE
;
84 TPM2_COMMAND_HEADER Header
;
85 TPMI_RH_NV_AUTH AuthHandle
;
86 TPMI_RH_NV_INDEX NvIndex
;
87 UINT32 AuthSessionSize
;
88 TPMS_AUTH_COMMAND AuthSession
;
91 } TPM2_NV_READ_COMMAND
;
94 TPM2_RESPONSE_HEADER Header
;
95 UINT32 AuthSessionSize
;
96 TPM2B_MAX_BUFFER Data
;
97 TPMS_AUTH_RESPONSE AuthSession
;
98 } TPM2_NV_READ_RESPONSE
;
101 TPM2_COMMAND_HEADER Header
;
102 TPMI_RH_NV_AUTH AuthHandle
;
103 TPMI_RH_NV_INDEX NvIndex
;
104 UINT32 AuthSessionSize
;
105 TPMS_AUTH_COMMAND AuthSession
;
106 TPM2B_MAX_BUFFER Data
;
108 } TPM2_NV_WRITE_COMMAND
;
111 TPM2_RESPONSE_HEADER Header
;
112 UINT32 AuthSessionSize
;
113 TPMS_AUTH_RESPONSE AuthSession
;
114 } TPM2_NV_WRITE_RESPONSE
;
117 TPM2_COMMAND_HEADER Header
;
118 TPMI_RH_NV_AUTH AuthHandle
;
119 TPMI_RH_NV_INDEX NvIndex
;
120 UINT32 AuthSessionSize
;
121 TPMS_AUTH_COMMAND AuthSession
;
122 } TPM2_NV_READLOCK_COMMAND
;
125 TPM2_RESPONSE_HEADER Header
;
126 UINT32 AuthSessionSize
;
127 TPMS_AUTH_RESPONSE AuthSession
;
128 } TPM2_NV_READLOCK_RESPONSE
;
131 TPM2_COMMAND_HEADER Header
;
132 TPMI_RH_NV_AUTH AuthHandle
;
133 TPMI_RH_NV_INDEX NvIndex
;
134 UINT32 AuthSessionSize
;
135 TPMS_AUTH_COMMAND AuthSession
;
136 } TPM2_NV_WRITELOCK_COMMAND
;
139 TPM2_RESPONSE_HEADER Header
;
140 UINT32 AuthSessionSize
;
141 TPMS_AUTH_RESPONSE AuthSession
;
142 } TPM2_NV_WRITELOCK_RESPONSE
;
145 TPM2_COMMAND_HEADER Header
;
146 TPMI_RH_PROVISION AuthHandle
;
147 UINT32 AuthSessionSize
;
148 TPMS_AUTH_COMMAND AuthSession
;
149 } TPM2_NV_GLOBALWRITELOCK_COMMAND
;
152 TPM2_RESPONSE_HEADER Header
;
153 UINT32 AuthSessionSize
;
154 TPMS_AUTH_RESPONSE AuthSession
;
155 } TPM2_NV_GLOBALWRITELOCK_RESPONSE
;
160 This command is used to read the public area and Name of an NV Index.
162 @param[in] NvIndex The NV Index.
163 @param[out] NvPublic The public area of the index.
164 @param[out] NvName The Name of the nvIndex.
166 @retval EFI_SUCCESS Operation completed successfully.
167 @retval EFI_DEVICE_ERROR The command was unsuccessful.
168 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
173 IN TPMI_RH_NV_INDEX NvIndex
,
174 OUT TPM2B_NV_PUBLIC
*NvPublic
,
175 OUT TPM2B_NAME
*NvName
179 TPM2_NV_READPUBLIC_COMMAND SendBuffer
;
180 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer
;
181 UINT32 SendBufferSize
;
182 UINT32 RecvBufferSize
;
191 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_NO_SESSIONS
);
192 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_ReadPublic
);
194 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
196 SendBufferSize
= (UINT32
) sizeof (SendBuffer
);
197 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
202 RecvBufferSize
= sizeof (RecvBuffer
);
203 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
204 if (EFI_ERROR (Status
)) {
208 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
209 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize
));
210 return EFI_DEVICE_ERROR
;
212 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
213 if (ResponseCode
!= TPM_RC_SUCCESS
) {
214 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
216 switch (ResponseCode
) {
220 case TPM_RC_HANDLE
+ RC_NV_ReadPublic_nvIndex
: // TPM_RC_NV_DEFINED:
221 return EFI_NOT_FOUND
;
222 case TPM_RC_VALUE
+ RC_NV_ReadPublic_nvIndex
:
223 return EFI_INVALID_PARAMETER
;
225 return EFI_DEVICE_ERROR
;
228 if (RecvBufferSize
<= sizeof (TPM2_RESPONSE_HEADER
) + sizeof (UINT16
) + sizeof(UINT16
)) {
229 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize
));
230 return EFI_NOT_FOUND
;
236 NvPublicSize
= SwapBytes16 (RecvBuffer
.NvPublic
.size
);
237 NvNameSize
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)((UINT8
*)&RecvBuffer
+ sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
)));
239 if (RecvBufferSize
!= sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
+ sizeof(UINT16
) + NvNameSize
) {
240 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x, NvNameSize %x\n", RecvBufferSize
, NvNameSize
));
241 return EFI_NOT_FOUND
;
245 // Return the response
247 CopyMem (NvPublic
, &RecvBuffer
.NvPublic
, sizeof(UINT16
) + NvPublicSize
);
248 NvPublic
->size
= NvPublicSize
;
249 NvPublic
->nvPublic
.nvIndex
= SwapBytes32 (NvPublic
->nvPublic
.nvIndex
);
250 NvPublic
->nvPublic
.nameAlg
= SwapBytes16 (NvPublic
->nvPublic
.nameAlg
);
251 WriteUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
, SwapBytes32 (ReadUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
)));
252 NvPublic
->nvPublic
.authPolicy
.size
= SwapBytes16 (NvPublic
->nvPublic
.authPolicy
.size
);
253 Buffer
= (UINT8
*)&NvPublic
->nvPublic
.authPolicy
;
254 Buffer
+= sizeof(UINT16
) + NvPublic
->nvPublic
.authPolicy
.size
;
255 NvPublic
->nvPublic
.dataSize
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)Buffer
));
257 CopyMem (NvName
, (UINT8
*)&RecvBuffer
+ sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
, NvNameSize
);
258 NvName
->size
= NvNameSize
;
264 This command defines the attributes of an NV Index and causes the TPM to
265 reserve space to hold the data associated with the index.
266 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.
268 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
269 @param[in] AuthSession Auth Session context
270 @param[in] Auth The authorization data.
271 @param[in] NvPublic The public area of the index.
273 @retval EFI_SUCCESS Operation completed successfully.
274 @retval EFI_DEVICE_ERROR The command was unsuccessful.
275 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
280 IN TPMI_RH_PROVISION AuthHandle
,
281 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
283 IN TPM2B_NV_PUBLIC
*NvPublic
287 TPM2_NV_DEFINESPACE_COMMAND SendBuffer
;
288 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer
;
289 UINT32 SendBufferSize
;
290 UINT32 RecvBufferSize
;
293 UINT32 SessionInfoSize
;
299 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
300 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_DefineSpace
);
301 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
304 // Add in Auth session
306 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
309 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
310 Buffer
+= SessionInfoSize
;
311 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
316 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(Auth
->size
));
317 Buffer
+= sizeof(UINT16
);
318 CopyMem(Buffer
, Auth
->buffer
, Auth
->size
);
319 Buffer
+= Auth
->size
;
324 NvPublicSize
= NvPublic
->size
;
326 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublicSize
));
327 Buffer
+= sizeof(UINT16
);
328 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (NvPublic
->nvPublic
.nvIndex
));
329 Buffer
+= sizeof(UINT32
);
330 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.nameAlg
));
331 Buffer
+= sizeof(UINT16
);
332 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (ReadUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
)));
333 Buffer
+= sizeof(UINT32
);
334 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.authPolicy
.size
));
335 Buffer
+= sizeof(UINT16
);
336 CopyMem (Buffer
, NvPublic
->nvPublic
.authPolicy
.buffer
, NvPublic
->nvPublic
.authPolicy
.size
);
337 Buffer
+= NvPublic
->nvPublic
.authPolicy
.size
;
338 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.dataSize
));
339 Buffer
+= sizeof(UINT16
);
341 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
342 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
347 RecvBufferSize
= sizeof (RecvBuffer
);
348 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
349 if (EFI_ERROR (Status
)) {
353 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
354 DEBUG ((EFI_D_ERROR
, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize
));
355 return EFI_DEVICE_ERROR
;
358 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
359 if (ResponseCode
!= TPM_RC_SUCCESS
) {
360 DEBUG ((EFI_D_ERROR
, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
362 switch (ResponseCode
) {
366 case TPM_RC_SIZE
+ RC_NV_DefineSpace_publicInfo
:
367 case TPM_RC_SIZE
+ RC_NV_DefineSpace_auth
:
368 return EFI_BAD_BUFFER_SIZE
;
369 case TPM_RC_ATTRIBUTES
:
370 case TPM_RC_ATTRIBUTES
+ RC_NV_DefineSpace_publicInfo
:
371 return EFI_UNSUPPORTED
;
372 case TPM_RC_ATTRIBUTES
+ RC_NV_DefineSpace_authHandle
:
373 return EFI_INVALID_PARAMETER
;
374 case TPM_RC_NV_DEFINED
:
375 return EFI_ALREADY_STARTED
;
376 case TPM_RC_VALUE
+ RC_NV_DefineSpace_publicInfo
:
377 case TPM_RC_VALUE
+ RC_NV_DefineSpace_authHandle
:
378 return EFI_INVALID_PARAMETER
;
379 case TPM_RC_NV_SPACE
:
380 return EFI_OUT_OF_RESOURCES
;
382 return EFI_DEVICE_ERROR
;
389 This command removes an index from the TPM.
391 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
392 @param[in] NvIndex The NV Index.
393 @param[in] AuthSession Auth Session context
395 @retval EFI_SUCCESS Operation completed successfully.
396 @retval EFI_DEVICE_ERROR The command was unsuccessful.
397 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
401 Tpm2NvUndefineSpace (
402 IN TPMI_RH_PROVISION AuthHandle
,
403 IN TPMI_RH_NV_INDEX NvIndex
,
404 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
408 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer
;
409 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer
;
410 UINT32 SendBufferSize
;
411 UINT32 RecvBufferSize
;
413 UINT32 SessionInfoSize
;
419 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
420 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_UndefineSpace
);
422 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
423 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
426 // Add in Auth session
428 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
431 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
432 Buffer
+= SessionInfoSize
;
433 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
435 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
436 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
441 RecvBufferSize
= sizeof (RecvBuffer
);
442 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
443 if (EFI_ERROR (Status
)) {
447 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
448 DEBUG ((EFI_D_ERROR
, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize
));
449 return EFI_DEVICE_ERROR
;
452 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
453 if (ResponseCode
!= TPM_RC_SUCCESS
) {
454 DEBUG ((EFI_D_ERROR
, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
456 switch (ResponseCode
) {
460 case TPM_RC_ATTRIBUTES
:
461 case TPM_RC_ATTRIBUTES
+ RC_NV_UndefineSpace_nvIndex
:
462 return EFI_UNSUPPORTED
;
463 case TPM_RC_NV_AUTHORIZATION
:
464 return EFI_SECURITY_VIOLATION
;
465 case TPM_RC_HANDLE
+ RC_NV_UndefineSpace_nvIndex
: // TPM_RC_NV_DEFINED:
466 return EFI_NOT_FOUND
;
467 case TPM_RC_HANDLE
+ RC_NV_UndefineSpace_authHandle
: // TPM_RC_NV_DEFINED:
468 return EFI_INVALID_PARAMETER
;
469 case TPM_RC_VALUE
+ RC_NV_UndefineSpace_authHandle
:
470 case TPM_RC_VALUE
+ RC_NV_UndefineSpace_nvIndex
:
471 return EFI_INVALID_PARAMETER
;
473 return EFI_DEVICE_ERROR
;
480 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
482 @param[in] AuthHandle the handle indicating the source of the authorization value.
483 @param[in] NvIndex The index to be read.
484 @param[in] AuthSession Auth Session context
485 @param[in] Size Number of bytes to read.
486 @param[in] Offset Byte offset into the area.
487 @param[in,out] OutData The data read.
489 @retval EFI_SUCCESS Operation completed successfully.
490 @retval EFI_DEVICE_ERROR The command was unsuccessful.
491 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
496 IN TPMI_RH_NV_AUTH AuthHandle
,
497 IN TPMI_RH_NV_INDEX NvIndex
,
498 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
501 IN OUT TPM2B_MAX_BUFFER
*OutData
505 TPM2_NV_READ_COMMAND SendBuffer
;
506 TPM2_NV_READ_RESPONSE RecvBuffer
;
507 UINT32 SendBufferSize
;
508 UINT32 RecvBufferSize
;
510 UINT32 SessionInfoSize
;
516 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
517 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_Read
);
519 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
520 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
523 // Add in Auth session
525 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
528 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
529 Buffer
+= SessionInfoSize
;
530 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
532 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Size
));
533 Buffer
+= sizeof(UINT16
);
534 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Offset
));
535 Buffer
+= sizeof(UINT16
);
537 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
538 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
543 RecvBufferSize
= sizeof (RecvBuffer
);
544 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
545 if (EFI_ERROR (Status
)) {
549 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
550 DEBUG ((EFI_D_ERROR
, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
551 return EFI_DEVICE_ERROR
;
553 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
554 if (ResponseCode
!= TPM_RC_SUCCESS
) {
555 DEBUG ((EFI_D_ERROR
, "Tpm2NvRead - responseCode - %x\n", ResponseCode
));
557 switch (ResponseCode
) {
561 case TPM_RC_NV_AUTHORIZATION
:
562 return EFI_SECURITY_VIOLATION
;
563 case TPM_RC_NV_LOCKED
:
564 return EFI_ACCESS_DENIED
;
565 case TPM_RC_NV_RANGE
:
566 return EFI_BAD_BUFFER_SIZE
;
567 case TPM_RC_NV_UNINITIALIZED
:
568 return EFI_NOT_READY
;
569 case TPM_RC_HANDLE
+ RC_NV_Read_nvIndex
: // TPM_RC_NV_DEFINED:
570 return EFI_NOT_FOUND
;
571 case TPM_RC_HANDLE
+ RC_NV_Read_authHandle
: // TPM_RC_NV_DEFINED:
572 return EFI_INVALID_PARAMETER
;
573 case TPM_RC_VALUE
+ RC_NV_Read_nvIndex
:
574 case TPM_RC_VALUE
+ RC_NV_Read_authHandle
:
575 return EFI_INVALID_PARAMETER
;
576 case TPM_RC_BAD_AUTH
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
577 return EFI_INVALID_PARAMETER
;
578 case TPM_RC_AUTH_UNAVAILABLE
:
579 return EFI_INVALID_PARAMETER
;
580 case TPM_RC_AUTH_FAIL
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
581 return EFI_INVALID_PARAMETER
;
583 return EFI_DEVICE_ERROR
;
584 case TPM_RC_ATTRIBUTES
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
585 return EFI_UNSUPPORTED
;
589 // Return the response
591 OutData
->size
= SwapBytes16 (RecvBuffer
.Data
.size
);
592 CopyMem (OutData
->buffer
, &RecvBuffer
.Data
.buffer
, OutData
->size
);
598 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
600 @param[in] AuthHandle the handle indicating the source of the authorization value.
601 @param[in] NvIndex The NV Index of the area to write.
602 @param[in] AuthSession Auth Session context
603 @param[in] InData The data to write.
604 @param[in] Offset The offset into the NV Area.
606 @retval EFI_SUCCESS Operation completed successfully.
607 @retval EFI_DEVICE_ERROR The command was unsuccessful.
608 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
613 IN TPMI_RH_NV_AUTH AuthHandle
,
614 IN TPMI_RH_NV_INDEX NvIndex
,
615 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
616 IN TPM2B_MAX_BUFFER
*InData
,
621 TPM2_NV_WRITE_COMMAND SendBuffer
;
622 TPM2_NV_WRITE_RESPONSE RecvBuffer
;
623 UINT32 SendBufferSize
;
624 UINT32 RecvBufferSize
;
626 UINT32 SessionInfoSize
;
632 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
633 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_Write
);
635 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
636 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
639 // Add in Auth session
641 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
644 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
645 Buffer
+= SessionInfoSize
;
646 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
648 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (InData
->size
));
649 Buffer
+= sizeof(UINT16
);
650 CopyMem (Buffer
, InData
->buffer
, InData
->size
);
651 Buffer
+= InData
->size
;
652 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Offset
));
653 Buffer
+= sizeof(UINT16
);
655 SendBufferSize
= (UINT32
) (Buffer
- (UINT8
*)&SendBuffer
);
656 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
661 RecvBufferSize
= sizeof (RecvBuffer
);
662 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
663 if (EFI_ERROR (Status
)) {
667 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
668 DEBUG ((EFI_D_ERROR
, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize
));
669 return EFI_DEVICE_ERROR
;
671 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
672 if (ResponseCode
!= TPM_RC_SUCCESS
) {
673 DEBUG ((EFI_D_ERROR
, "Tpm2NvWrite - responseCode - %x\n", ResponseCode
));
675 switch (ResponseCode
) {
678 case TPM_RC_ATTRIBUTES
:
679 return EFI_UNSUPPORTED
;
680 case TPM_RC_NV_AUTHORIZATION
:
681 return EFI_SECURITY_VIOLATION
;
682 case TPM_RC_NV_LOCKED
:
683 return EFI_ACCESS_DENIED
;
684 case TPM_RC_NV_RANGE
:
685 return EFI_BAD_BUFFER_SIZE
;
686 case TPM_RC_HANDLE
+ RC_NV_Write_nvIndex
: // TPM_RC_NV_DEFINED:
687 return EFI_NOT_FOUND
;
688 case TPM_RC_HANDLE
+ RC_NV_Write_authHandle
: // TPM_RC_NV_DEFINED:
689 return EFI_INVALID_PARAMETER
;
690 case TPM_RC_VALUE
+ RC_NV_Write_nvIndex
:
691 case TPM_RC_VALUE
+ RC_NV_Write_authHandle
:
692 return EFI_INVALID_PARAMETER
;
693 case TPM_RC_BAD_AUTH
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
694 return EFI_INVALID_PARAMETER
;
695 case TPM_RC_AUTH_UNAVAILABLE
:
696 return EFI_INVALID_PARAMETER
;
697 case TPM_RC_AUTH_FAIL
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
698 return EFI_INVALID_PARAMETER
;
700 return EFI_DEVICE_ERROR
;
701 case TPM_RC_ATTRIBUTES
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
702 return EFI_UNSUPPORTED
;
707 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).
709 @param[in] AuthHandle the handle indicating the source of the authorization value.
710 @param[in] NvIndex The NV Index of the area to lock.
711 @param[in] AuthSession Auth Session context
713 @retval EFI_SUCCESS Operation completed successfully.
714 @retval EFI_DEVICE_ERROR The command was unsuccessful.
715 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
720 IN TPMI_RH_NV_AUTH AuthHandle
,
721 IN TPMI_RH_NV_INDEX NvIndex
,
722 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
726 TPM2_NV_READLOCK_COMMAND SendBuffer
;
727 TPM2_NV_READLOCK_RESPONSE RecvBuffer
;
728 UINT32 SendBufferSize
;
729 UINT32 RecvBufferSize
;
731 UINT32 SessionInfoSize
;
737 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
738 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_ReadLock
);
740 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
741 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
744 // Add in Auth session
746 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
749 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
750 Buffer
+= SessionInfoSize
;
751 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
753 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
754 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
759 RecvBufferSize
= sizeof (RecvBuffer
);
760 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
761 if (EFI_ERROR (Status
)) {
765 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
766 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
767 return EFI_DEVICE_ERROR
;
770 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
771 if (ResponseCode
!= TPM_RC_SUCCESS
) {
772 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
774 switch (ResponseCode
) {
779 return EFI_DEVICE_ERROR
;
786 This command may be used to inhibit further writes of the Index.
788 @param[in] AuthHandle the handle indicating the source of the authorization value.
789 @param[in] NvIndex The NV Index of the area to lock.
790 @param[in] AuthSession Auth Session context
792 @retval EFI_SUCCESS Operation completed successfully.
793 @retval EFI_DEVICE_ERROR The command was unsuccessful.
794 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
799 IN TPMI_RH_NV_AUTH AuthHandle
,
800 IN TPMI_RH_NV_INDEX NvIndex
,
801 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
805 TPM2_NV_WRITELOCK_COMMAND SendBuffer
;
806 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer
;
807 UINT32 SendBufferSize
;
808 UINT32 RecvBufferSize
;
810 UINT32 SessionInfoSize
;
816 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
817 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_WriteLock
);
819 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
820 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
823 // Add in Auth session
825 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
828 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
829 Buffer
+= SessionInfoSize
;
830 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
832 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
833 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
838 RecvBufferSize
= sizeof (RecvBuffer
);
839 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
840 if (EFI_ERROR (Status
)) {
844 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
845 DEBUG ((EFI_D_ERROR
, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
846 return EFI_DEVICE_ERROR
;
849 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
850 if (ResponseCode
!= TPM_RC_SUCCESS
) {
851 DEBUG ((EFI_D_ERROR
, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
853 switch (ResponseCode
) {
858 return EFI_DEVICE_ERROR
;
865 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
867 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
868 @param[in] AuthSession Auth Session context
870 @retval EFI_SUCCESS Operation completed successfully.
871 @retval EFI_DEVICE_ERROR The command was unsuccessful.
872 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
876 Tpm2NvGlobalWriteLock (
877 IN TPMI_RH_PROVISION AuthHandle
,
878 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
882 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer
;
883 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer
;
884 UINT32 SendBufferSize
;
885 UINT32 RecvBufferSize
;
887 UINT32 SessionInfoSize
;
893 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
894 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_GlobalWriteLock
);
896 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
899 // Add in Auth session
901 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
904 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
905 Buffer
+= SessionInfoSize
;
906 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
908 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
909 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
914 RecvBufferSize
= sizeof (RecvBuffer
);
915 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
916 if (EFI_ERROR (Status
)) {
920 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
921 DEBUG ((EFI_D_ERROR
, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
922 return EFI_DEVICE_ERROR
;
925 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
926 if (ResponseCode
!= TPM_RC_SUCCESS
) {
927 DEBUG ((EFI_D_ERROR
, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
929 switch (ResponseCode
) {
934 return EFI_DEVICE_ERROR
;