2 Implement TPM2 NVStorage related command.
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
18 #define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)
20 #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
21 #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)
22 #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)
24 #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
25 #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)
27 #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)
28 #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)
29 #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)
30 #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)
32 #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)
33 #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)
34 #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)
35 #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)
38 TPM2_COMMAND_HEADER Header
;
39 TPMI_RH_NV_INDEX NvIndex
;
40 } TPM2_NV_READPUBLIC_COMMAND
;
43 TPM2_RESPONSE_HEADER Header
;
44 TPM2B_NV_PUBLIC NvPublic
;
46 } TPM2_NV_READPUBLIC_RESPONSE
;
49 TPM2_COMMAND_HEADER Header
;
50 TPMI_RH_PROVISION AuthHandle
;
51 UINT32 AuthSessionSize
;
52 TPMS_AUTH_COMMAND AuthSession
;
54 TPM2B_NV_PUBLIC NvPublic
;
55 } TPM2_NV_DEFINESPACE_COMMAND
;
58 TPM2_RESPONSE_HEADER Header
;
59 UINT32 AuthSessionSize
;
60 TPMS_AUTH_RESPONSE AuthSession
;
61 } TPM2_NV_DEFINESPACE_RESPONSE
;
64 TPM2_COMMAND_HEADER Header
;
65 TPMI_RH_PROVISION AuthHandle
;
66 TPMI_RH_NV_INDEX NvIndex
;
67 UINT32 AuthSessionSize
;
68 TPMS_AUTH_COMMAND AuthSession
;
69 } TPM2_NV_UNDEFINESPACE_COMMAND
;
72 TPM2_RESPONSE_HEADER Header
;
73 UINT32 AuthSessionSize
;
74 TPMS_AUTH_RESPONSE AuthSession
;
75 } TPM2_NV_UNDEFINESPACE_RESPONSE
;
78 TPM2_COMMAND_HEADER Header
;
79 TPMI_RH_NV_AUTH AuthHandle
;
80 TPMI_RH_NV_INDEX NvIndex
;
81 UINT32 AuthSessionSize
;
82 TPMS_AUTH_COMMAND AuthSession
;
85 } TPM2_NV_READ_COMMAND
;
88 TPM2_RESPONSE_HEADER Header
;
89 UINT32 AuthSessionSize
;
90 TPM2B_MAX_BUFFER Data
;
91 TPMS_AUTH_RESPONSE AuthSession
;
92 } TPM2_NV_READ_RESPONSE
;
95 TPM2_COMMAND_HEADER Header
;
96 TPMI_RH_NV_AUTH AuthHandle
;
97 TPMI_RH_NV_INDEX NvIndex
;
98 UINT32 AuthSessionSize
;
99 TPMS_AUTH_COMMAND AuthSession
;
100 TPM2B_MAX_BUFFER Data
;
102 } TPM2_NV_WRITE_COMMAND
;
105 TPM2_RESPONSE_HEADER Header
;
106 UINT32 AuthSessionSize
;
107 TPMS_AUTH_RESPONSE AuthSession
;
108 } TPM2_NV_WRITE_RESPONSE
;
111 TPM2_COMMAND_HEADER Header
;
112 TPMI_RH_NV_AUTH AuthHandle
;
113 TPMI_RH_NV_INDEX NvIndex
;
114 UINT32 AuthSessionSize
;
115 TPMS_AUTH_COMMAND AuthSession
;
116 } TPM2_NV_READLOCK_COMMAND
;
119 TPM2_RESPONSE_HEADER Header
;
120 UINT32 AuthSessionSize
;
121 TPMS_AUTH_RESPONSE AuthSession
;
122 } TPM2_NV_READLOCK_RESPONSE
;
125 TPM2_COMMAND_HEADER Header
;
126 TPMI_RH_NV_AUTH AuthHandle
;
127 TPMI_RH_NV_INDEX NvIndex
;
128 UINT32 AuthSessionSize
;
129 TPMS_AUTH_COMMAND AuthSession
;
130 } TPM2_NV_WRITELOCK_COMMAND
;
133 TPM2_RESPONSE_HEADER Header
;
134 UINT32 AuthSessionSize
;
135 TPMS_AUTH_RESPONSE AuthSession
;
136 } TPM2_NV_WRITELOCK_RESPONSE
;
139 TPM2_COMMAND_HEADER Header
;
140 TPMI_RH_PROVISION AuthHandle
;
141 UINT32 AuthSessionSize
;
142 TPMS_AUTH_COMMAND AuthSession
;
143 } TPM2_NV_GLOBALWRITELOCK_COMMAND
;
146 TPM2_RESPONSE_HEADER Header
;
147 UINT32 AuthSessionSize
;
148 TPMS_AUTH_RESPONSE AuthSession
;
149 } TPM2_NV_GLOBALWRITELOCK_RESPONSE
;
154 This command is used to read the public area and Name of an NV Index.
156 @param[in] NvIndex The NV Index.
157 @param[out] NvPublic The public area of the index.
158 @param[out] NvName The Name of the nvIndex.
160 @retval EFI_SUCCESS Operation completed successfully.
161 @retval EFI_DEVICE_ERROR The command was unsuccessful.
162 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
167 IN TPMI_RH_NV_INDEX NvIndex
,
168 OUT TPM2B_NV_PUBLIC
*NvPublic
,
169 OUT TPM2B_NAME
*NvName
173 TPM2_NV_READPUBLIC_COMMAND SendBuffer
;
174 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer
;
175 UINT32 SendBufferSize
;
176 UINT32 RecvBufferSize
;
185 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_NO_SESSIONS
);
186 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_ReadPublic
);
188 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
190 SendBufferSize
= (UINT32
) sizeof (SendBuffer
);
191 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
196 RecvBufferSize
= sizeof (RecvBuffer
);
197 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
198 if (EFI_ERROR (Status
)) {
202 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
203 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize
));
204 return EFI_DEVICE_ERROR
;
206 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
207 if (ResponseCode
!= TPM_RC_SUCCESS
) {
208 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
210 switch (ResponseCode
) {
214 case TPM_RC_HANDLE
+ RC_NV_ReadPublic_nvIndex
: // TPM_RC_NV_DEFINED:
215 return EFI_NOT_FOUND
;
216 case TPM_RC_VALUE
+ RC_NV_ReadPublic_nvIndex
:
217 return EFI_INVALID_PARAMETER
;
219 return EFI_DEVICE_ERROR
;
222 if (RecvBufferSize
<= sizeof (TPM2_RESPONSE_HEADER
) + sizeof (UINT16
) + sizeof(UINT16
)) {
223 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize
));
224 return EFI_NOT_FOUND
;
230 NvPublicSize
= SwapBytes16 (RecvBuffer
.NvPublic
.size
);
231 if (NvPublicSize
> sizeof(TPMS_NV_PUBLIC
)) {
232 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize
));
233 return EFI_DEVICE_ERROR
;
236 NvNameSize
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)((UINT8
*)&RecvBuffer
+ sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
)));
237 if (NvNameSize
> sizeof(TPMU_NAME
)){
238 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize
));
239 return EFI_DEVICE_ERROR
;
242 if (RecvBufferSize
!= sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
+ sizeof(UINT16
) + NvNameSize
) {
243 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize
));
244 return EFI_NOT_FOUND
;
248 // Return the response
250 CopyMem (NvPublic
, &RecvBuffer
.NvPublic
, sizeof(UINT16
) + NvPublicSize
);
251 NvPublic
->size
= NvPublicSize
;
252 NvPublic
->nvPublic
.nvIndex
= SwapBytes32 (NvPublic
->nvPublic
.nvIndex
);
253 NvPublic
->nvPublic
.nameAlg
= SwapBytes16 (NvPublic
->nvPublic
.nameAlg
);
254 WriteUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
, SwapBytes32 (ReadUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
)));
255 NvPublic
->nvPublic
.authPolicy
.size
= SwapBytes16 (NvPublic
->nvPublic
.authPolicy
.size
);
256 Buffer
= (UINT8
*)&RecvBuffer
.NvPublic
.nvPublic
.authPolicy
;
257 Buffer
+= sizeof(UINT16
) + NvPublic
->nvPublic
.authPolicy
.size
;
258 NvPublic
->nvPublic
.dataSize
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)Buffer
));
260 CopyMem (NvName
->name
, (UINT8
*)&RecvBuffer
+ sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
+ sizeof(UINT16
), NvNameSize
);
261 NvName
->size
= NvNameSize
;
267 This command defines the attributes of an NV Index and causes the TPM to
268 reserve space to hold the data associated with the index.
269 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.
271 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
272 @param[in] AuthSession Auth Session context
273 @param[in] Auth The authorization data.
274 @param[in] NvPublic The public area of the index.
276 @retval EFI_SUCCESS Operation completed successfully.
277 @retval EFI_DEVICE_ERROR The command was unsuccessful.
278 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
283 IN TPMI_RH_PROVISION AuthHandle
,
284 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
286 IN TPM2B_NV_PUBLIC
*NvPublic
290 TPM2_NV_DEFINESPACE_COMMAND SendBuffer
;
291 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer
;
292 UINT32 SendBufferSize
;
293 UINT32 RecvBufferSize
;
296 UINT32 SessionInfoSize
;
302 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
303 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_DefineSpace
);
304 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
307 // Add in Auth session
309 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
312 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
313 Buffer
+= SessionInfoSize
;
314 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
319 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(Auth
->size
));
320 Buffer
+= sizeof(UINT16
);
321 CopyMem(Buffer
, Auth
->buffer
, Auth
->size
);
322 Buffer
+= Auth
->size
;
327 NvPublicSize
= NvPublic
->size
;
329 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublicSize
));
330 Buffer
+= sizeof(UINT16
);
331 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (NvPublic
->nvPublic
.nvIndex
));
332 Buffer
+= sizeof(UINT32
);
333 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.nameAlg
));
334 Buffer
+= sizeof(UINT16
);
335 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (ReadUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
)));
336 Buffer
+= sizeof(UINT32
);
337 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.authPolicy
.size
));
338 Buffer
+= sizeof(UINT16
);
339 CopyMem (Buffer
, NvPublic
->nvPublic
.authPolicy
.buffer
, NvPublic
->nvPublic
.authPolicy
.size
);
340 Buffer
+= NvPublic
->nvPublic
.authPolicy
.size
;
341 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.dataSize
));
342 Buffer
+= sizeof(UINT16
);
344 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
345 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
350 RecvBufferSize
= sizeof (RecvBuffer
);
351 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
352 if (EFI_ERROR (Status
)) {
356 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
357 DEBUG ((DEBUG_ERROR
, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize
));
358 Status
= EFI_DEVICE_ERROR
;
362 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
363 if (ResponseCode
!= TPM_RC_SUCCESS
) {
364 DEBUG ((DEBUG_ERROR
, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
366 switch (ResponseCode
) {
370 case TPM_RC_SIZE
+ RC_NV_DefineSpace_publicInfo
:
371 case TPM_RC_SIZE
+ RC_NV_DefineSpace_auth
:
372 Status
= EFI_BAD_BUFFER_SIZE
;
374 case TPM_RC_ATTRIBUTES
:
375 case TPM_RC_ATTRIBUTES
+ RC_NV_DefineSpace_publicInfo
:
376 Status
= EFI_UNSUPPORTED
;
378 case TPM_RC_ATTRIBUTES
+ RC_NV_DefineSpace_authHandle
:
379 Status
= EFI_INVALID_PARAMETER
;
381 case TPM_RC_NV_DEFINED
:
382 Status
= EFI_ALREADY_STARTED
;
384 case TPM_RC_VALUE
+ RC_NV_DefineSpace_publicInfo
:
385 case TPM_RC_VALUE
+ RC_NV_DefineSpace_authHandle
:
386 Status
= EFI_INVALID_PARAMETER
;
388 case TPM_RC_NV_SPACE
:
389 Status
= EFI_OUT_OF_RESOURCES
;
392 Status
= EFI_DEVICE_ERROR
;
398 // Clear AuthSession Content
400 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
401 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
406 This command removes an index from the TPM.
408 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
409 @param[in] NvIndex The NV Index.
410 @param[in] AuthSession Auth Session context
412 @retval EFI_SUCCESS Operation completed successfully.
413 @retval EFI_DEVICE_ERROR The command was unsuccessful.
414 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
418 Tpm2NvUndefineSpace (
419 IN TPMI_RH_PROVISION AuthHandle
,
420 IN TPMI_RH_NV_INDEX NvIndex
,
421 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
425 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer
;
426 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer
;
427 UINT32 SendBufferSize
;
428 UINT32 RecvBufferSize
;
430 UINT32 SessionInfoSize
;
436 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
437 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_UndefineSpace
);
439 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
440 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
443 // Add in Auth session
445 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
448 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
449 Buffer
+= SessionInfoSize
;
450 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
452 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
453 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
458 RecvBufferSize
= sizeof (RecvBuffer
);
459 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
460 if (EFI_ERROR (Status
)) {
464 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
465 DEBUG ((DEBUG_ERROR
, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize
));
466 Status
= EFI_DEVICE_ERROR
;
470 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
471 if (ResponseCode
!= TPM_RC_SUCCESS
) {
472 DEBUG ((DEBUG_ERROR
, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
474 switch (ResponseCode
) {
478 case TPM_RC_ATTRIBUTES
:
479 case TPM_RC_ATTRIBUTES
+ RC_NV_UndefineSpace_nvIndex
:
480 Status
= EFI_UNSUPPORTED
;
482 case TPM_RC_NV_AUTHORIZATION
:
483 Status
= EFI_SECURITY_VIOLATION
;
485 case TPM_RC_HANDLE
+ RC_NV_UndefineSpace_nvIndex
: // TPM_RC_NV_DEFINED:
486 Status
= EFI_NOT_FOUND
;
488 case TPM_RC_HANDLE
+ RC_NV_UndefineSpace_authHandle
: // TPM_RC_NV_DEFINED:
489 Status
= EFI_INVALID_PARAMETER
;
491 case TPM_RC_VALUE
+ RC_NV_UndefineSpace_authHandle
:
492 case TPM_RC_VALUE
+ RC_NV_UndefineSpace_nvIndex
:
493 Status
= EFI_INVALID_PARAMETER
;
496 Status
= EFI_DEVICE_ERROR
;
502 // Clear AuthSession Content
504 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
505 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
510 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
512 @param[in] AuthHandle the handle indicating the source of the authorization value.
513 @param[in] NvIndex The index to be read.
514 @param[in] AuthSession Auth Session context
515 @param[in] Size Number of bytes to read.
516 @param[in] Offset Byte offset into the area.
517 @param[in,out] OutData The data read.
519 @retval EFI_SUCCESS Operation completed successfully.
520 @retval EFI_DEVICE_ERROR The command was unsuccessful.
521 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
526 IN TPMI_RH_NV_AUTH AuthHandle
,
527 IN TPMI_RH_NV_INDEX NvIndex
,
528 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
531 IN OUT TPM2B_MAX_BUFFER
*OutData
535 TPM2_NV_READ_COMMAND SendBuffer
;
536 TPM2_NV_READ_RESPONSE RecvBuffer
;
537 UINT32 SendBufferSize
;
538 UINT32 RecvBufferSize
;
540 UINT32 SessionInfoSize
;
546 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
547 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_Read
);
549 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
550 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
553 // Add in Auth session
555 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
558 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
559 Buffer
+= SessionInfoSize
;
560 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
562 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Size
));
563 Buffer
+= sizeof(UINT16
);
564 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Offset
));
565 Buffer
+= sizeof(UINT16
);
567 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
568 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
573 RecvBufferSize
= sizeof (RecvBuffer
);
574 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
575 if (EFI_ERROR (Status
)) {
579 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
580 DEBUG ((DEBUG_ERROR
, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
581 Status
= EFI_DEVICE_ERROR
;
584 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
585 if (ResponseCode
!= TPM_RC_SUCCESS
) {
586 DEBUG ((DEBUG_ERROR
, "Tpm2NvRead - responseCode - %x\n", ResponseCode
));
588 switch (ResponseCode
) {
592 case TPM_RC_NV_AUTHORIZATION
:
593 Status
= EFI_SECURITY_VIOLATION
;
595 case TPM_RC_NV_LOCKED
:
596 Status
= EFI_ACCESS_DENIED
;
598 case TPM_RC_NV_RANGE
:
599 Status
= EFI_BAD_BUFFER_SIZE
;
601 case TPM_RC_NV_UNINITIALIZED
:
602 Status
= EFI_NOT_READY
;
604 case TPM_RC_HANDLE
+ RC_NV_Read_nvIndex
: // TPM_RC_NV_DEFINED:
605 Status
= EFI_NOT_FOUND
;
607 case TPM_RC_HANDLE
+ RC_NV_Read_authHandle
: // TPM_RC_NV_DEFINED:
608 Status
= EFI_INVALID_PARAMETER
;
610 case TPM_RC_VALUE
+ RC_NV_Read_nvIndex
:
611 case TPM_RC_VALUE
+ RC_NV_Read_authHandle
:
612 Status
= EFI_INVALID_PARAMETER
;
614 case TPM_RC_BAD_AUTH
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
615 Status
= EFI_INVALID_PARAMETER
;
617 case TPM_RC_AUTH_UNAVAILABLE
:
618 Status
= EFI_INVALID_PARAMETER
;
620 case TPM_RC_AUTH_FAIL
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
621 Status
= EFI_INVALID_PARAMETER
;
623 case TPM_RC_ATTRIBUTES
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
624 Status
= EFI_UNSUPPORTED
;
627 Status
= EFI_DEVICE_ERROR
;
630 if (Status
!= EFI_SUCCESS
) {
635 // Return the response
637 OutData
->size
= SwapBytes16 (RecvBuffer
.Data
.size
);
638 if (OutData
->size
> MAX_DIGEST_BUFFER
) {
639 DEBUG ((DEBUG_ERROR
, "Tpm2NvRead - OutData->size error %x\n", OutData
->size
));
640 Status
= EFI_DEVICE_ERROR
;
644 CopyMem (OutData
->buffer
, &RecvBuffer
.Data
.buffer
, OutData
->size
);
648 // Clear AuthSession Content
650 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
651 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
656 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
658 @param[in] AuthHandle the handle indicating the source of the authorization value.
659 @param[in] NvIndex The NV Index of the area to write.
660 @param[in] AuthSession Auth Session context
661 @param[in] InData The data to write.
662 @param[in] Offset The offset into the NV Area.
664 @retval EFI_SUCCESS Operation completed successfully.
665 @retval EFI_DEVICE_ERROR The command was unsuccessful.
666 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
671 IN TPMI_RH_NV_AUTH AuthHandle
,
672 IN TPMI_RH_NV_INDEX NvIndex
,
673 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
674 IN TPM2B_MAX_BUFFER
*InData
,
679 TPM2_NV_WRITE_COMMAND SendBuffer
;
680 TPM2_NV_WRITE_RESPONSE RecvBuffer
;
681 UINT32 SendBufferSize
;
682 UINT32 RecvBufferSize
;
684 UINT32 SessionInfoSize
;
690 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
691 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_Write
);
693 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
694 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
697 // Add in Auth session
699 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
702 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
703 Buffer
+= SessionInfoSize
;
704 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
706 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (InData
->size
));
707 Buffer
+= sizeof(UINT16
);
708 CopyMem (Buffer
, InData
->buffer
, InData
->size
);
709 Buffer
+= InData
->size
;
710 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Offset
));
711 Buffer
+= sizeof(UINT16
);
713 SendBufferSize
= (UINT32
) (Buffer
- (UINT8
*)&SendBuffer
);
714 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
719 RecvBufferSize
= sizeof (RecvBuffer
);
720 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
721 if (EFI_ERROR (Status
)) {
725 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
726 DEBUG ((DEBUG_ERROR
, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize
));
727 Status
= EFI_DEVICE_ERROR
;
730 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
731 if (ResponseCode
!= TPM_RC_SUCCESS
) {
732 DEBUG ((DEBUG_ERROR
, "Tpm2NvWrite - responseCode - %x\n", ResponseCode
));
734 switch (ResponseCode
) {
738 case TPM_RC_ATTRIBUTES
:
739 Status
= EFI_UNSUPPORTED
;
741 case TPM_RC_NV_AUTHORIZATION
:
742 Status
= EFI_SECURITY_VIOLATION
;
744 case TPM_RC_NV_LOCKED
:
745 Status
= EFI_ACCESS_DENIED
;
747 case TPM_RC_NV_RANGE
:
748 Status
= EFI_BAD_BUFFER_SIZE
;
750 case TPM_RC_HANDLE
+ RC_NV_Write_nvIndex
: // TPM_RC_NV_DEFINED:
751 Status
= EFI_NOT_FOUND
;
753 case TPM_RC_HANDLE
+ RC_NV_Write_authHandle
: // TPM_RC_NV_DEFINED:
754 Status
= EFI_INVALID_PARAMETER
;
756 case TPM_RC_VALUE
+ RC_NV_Write_nvIndex
:
757 case TPM_RC_VALUE
+ RC_NV_Write_authHandle
:
758 Status
= EFI_INVALID_PARAMETER
;
760 case TPM_RC_BAD_AUTH
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
761 Status
= EFI_INVALID_PARAMETER
;
763 case TPM_RC_AUTH_UNAVAILABLE
:
764 Status
= EFI_INVALID_PARAMETER
;
766 case TPM_RC_AUTH_FAIL
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
767 Status
= EFI_INVALID_PARAMETER
;
769 case TPM_RC_ATTRIBUTES
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
770 Status
= EFI_UNSUPPORTED
;
773 Status
= EFI_DEVICE_ERROR
;
779 // Clear AuthSession Content
781 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
782 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
787 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).
789 @param[in] AuthHandle the handle indicating the source of the authorization value.
790 @param[in] NvIndex The NV Index of the area to lock.
791 @param[in] AuthSession Auth Session context
793 @retval EFI_SUCCESS Operation completed successfully.
794 @retval EFI_DEVICE_ERROR The command was unsuccessful.
795 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
800 IN TPMI_RH_NV_AUTH AuthHandle
,
801 IN TPMI_RH_NV_INDEX NvIndex
,
802 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
806 TPM2_NV_READLOCK_COMMAND SendBuffer
;
807 TPM2_NV_READLOCK_RESPONSE RecvBuffer
;
808 UINT32 SendBufferSize
;
809 UINT32 RecvBufferSize
;
811 UINT32 SessionInfoSize
;
817 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
818 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_ReadLock
);
820 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
821 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
824 // Add in Auth session
826 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
829 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
830 Buffer
+= SessionInfoSize
;
831 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
833 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
834 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
839 RecvBufferSize
= sizeof (RecvBuffer
);
840 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
841 if (EFI_ERROR (Status
)) {
845 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
846 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
847 Status
= EFI_DEVICE_ERROR
;
851 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
852 if (ResponseCode
!= TPM_RC_SUCCESS
) {
853 DEBUG ((DEBUG_ERROR
, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
855 switch (ResponseCode
) {
860 Status
= EFI_DEVICE_ERROR
;
866 // Clear AuthSession Content
868 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
869 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
874 This command may be used to inhibit further writes of the Index.
876 @param[in] AuthHandle the handle indicating the source of the authorization value.
877 @param[in] NvIndex The NV Index of the area to lock.
878 @param[in] AuthSession Auth Session context
880 @retval EFI_SUCCESS Operation completed successfully.
881 @retval EFI_DEVICE_ERROR The command was unsuccessful.
882 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
887 IN TPMI_RH_NV_AUTH AuthHandle
,
888 IN TPMI_RH_NV_INDEX NvIndex
,
889 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
893 TPM2_NV_WRITELOCK_COMMAND SendBuffer
;
894 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer
;
895 UINT32 SendBufferSize
;
896 UINT32 RecvBufferSize
;
898 UINT32 SessionInfoSize
;
904 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
905 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_WriteLock
);
907 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
908 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
911 // Add in Auth session
913 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
916 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
917 Buffer
+= SessionInfoSize
;
918 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
920 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
921 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
926 RecvBufferSize
= sizeof (RecvBuffer
);
927 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
928 if (EFI_ERROR (Status
)) {
932 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
933 DEBUG ((DEBUG_ERROR
, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
934 Status
= EFI_DEVICE_ERROR
;
938 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
939 if (ResponseCode
!= TPM_RC_SUCCESS
) {
940 DEBUG ((DEBUG_ERROR
, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
942 switch (ResponseCode
) {
947 Status
= EFI_DEVICE_ERROR
;
953 // Clear AuthSession Content
955 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
956 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
961 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
963 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
964 @param[in] AuthSession Auth Session context
966 @retval EFI_SUCCESS Operation completed successfully.
967 @retval EFI_DEVICE_ERROR The command was unsuccessful.
968 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
972 Tpm2NvGlobalWriteLock (
973 IN TPMI_RH_PROVISION AuthHandle
,
974 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
978 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer
;
979 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer
;
980 UINT32 SendBufferSize
;
981 UINT32 RecvBufferSize
;
983 UINT32 SessionInfoSize
;
989 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
990 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_GlobalWriteLock
);
992 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
995 // Add in Auth session
997 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
1000 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
1001 Buffer
+= SessionInfoSize
;
1002 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
1004 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
1005 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
1010 RecvBufferSize
= sizeof (RecvBuffer
);
1011 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
1012 if (EFI_ERROR (Status
)) {
1016 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
1017 DEBUG ((DEBUG_ERROR
, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
1018 Status
= EFI_DEVICE_ERROR
;
1022 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
1023 if (ResponseCode
!= TPM_RC_SUCCESS
) {
1024 DEBUG ((DEBUG_ERROR
, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
1026 switch (ResponseCode
) {
1027 case TPM_RC_SUCCESS
:
1031 Status
= EFI_DEVICE_ERROR
;
1037 // Clear AuthSession Content
1039 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
1040 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));