]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | This library is used by other modules to send TPM2 command.\r | |
3 | \r | |
4 | Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #ifndef _TPM2_COMMAND_LIB_H_\r | |
16 | #define _TPM2_COMMAND_LIB_H_\r | |
17 | \r | |
18 | #include <IndustryStandard/Tpm20.h>\r | |
19 | \r | |
20 | /**\r | |
21 | This command starts a hash or an Event sequence.\r | |
22 | If hashAlg is an implemented hash, then a hash sequence is started.\r | |
23 | If hashAlg is TPM_ALG_NULL, then an Event sequence is started.\r | |
24 | \r | |
25 | @param[in] HashAlg The hash algorithm to use for the hash sequence\r | |
26 | An Event sequence starts if this is TPM_ALG_NULL.\r | |
27 | @param[out] SequenceHandle A handle to reference the sequence\r | |
28 | \r | |
29 | @retval EFI_SUCCESS Operation completed successfully.\r | |
30 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
31 | **/\r | |
32 | EFI_STATUS\r | |
33 | EFIAPI\r | |
34 | Tpm2HashSequenceStart (\r | |
35 | IN TPMI_ALG_HASH HashAlg,\r | |
36 | OUT TPMI_DH_OBJECT *SequenceHandle\r | |
37 | );\r | |
38 | \r | |
39 | /**\r | |
40 | This command is used to add data to a hash or HMAC sequence.\r | |
41 | The amount of data in buffer may be any size up to the limits of the TPM.\r | |
42 | NOTE: In all TPM, a buffer size of 1,024 octets is allowed.\r | |
43 | \r | |
44 | @param[in] SequenceHandle Handle for the sequence object\r | |
45 | @param[in] Buffer Data to be added to hash\r | |
46 | \r | |
47 | @retval EFI_SUCCESS Operation completed successfully.\r | |
48 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
49 | **/\r | |
50 | EFI_STATUS\r | |
51 | EFIAPI\r | |
52 | Tpm2SequenceUpdate (\r | |
53 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
54 | IN TPM2B_MAX_BUFFER *Buffer\r | |
55 | );\r | |
56 | \r | |
57 | /**\r | |
58 | This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list.\r | |
59 | If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in\r | |
60 | the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each\r | |
61 | bank extended with the associated digest value.\r | |
62 | \r | |
63 | @param[in] PcrHandle PCR to be extended with the Event data\r | |
64 | @param[in] SequenceHandle Authorization for the sequence\r | |
65 | @param[in] Buffer Data to be added to the Event\r | |
66 | @param[out] Results List of digests computed for the PCR\r | |
67 | \r | |
68 | @retval EFI_SUCCESS Operation completed successfully.\r | |
69 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
70 | **/\r | |
71 | EFI_STATUS\r | |
72 | EFIAPI\r | |
73 | Tpm2EventSequenceComplete (\r | |
74 | IN TPMI_DH_PCR PcrHandle,\r | |
75 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
76 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
77 | OUT TPML_DIGEST_VALUES *Results\r | |
78 | );\r | |
79 | \r | |
80 | /**\r | |
81 | This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.\r | |
82 | \r | |
83 | @param[in] SequenceHandle Authorization for the sequence\r | |
84 | @param[in] Buffer Data to be added to the hash/HMAC\r | |
85 | @param[out] Result The returned HMAC or digest in a sized buffer\r | |
86 | \r | |
87 | @retval EFI_SUCCESS Operation completed successfully.\r | |
88 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
89 | **/\r | |
90 | EFI_STATUS\r | |
91 | EFIAPI\r | |
92 | Tpm2SequenceComplete (\r | |
93 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
94 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
95 | OUT TPM2B_DIGEST *Result\r | |
96 | );\r | |
97 | \r | |
98 | /**\r | |
99 | Send Startup command to TPM2.\r | |
100 | \r | |
101 | @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE\r | |
102 | \r | |
103 | @retval EFI_SUCCESS Operation completed successfully.\r | |
104 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
105 | **/\r | |
106 | EFI_STATUS\r | |
107 | EFIAPI\r | |
108 | Tpm2Startup (\r | |
109 | IN TPM_SU StartupType\r | |
110 | );\r | |
111 | \r | |
112 | /**\r | |
113 | Send Shutdown command to TPM2.\r | |
114 | \r | |
115 | @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE.\r | |
116 | \r | |
117 | @retval EFI_SUCCESS Operation completed successfully.\r | |
118 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
119 | **/\r | |
120 | EFI_STATUS\r | |
121 | EFIAPI\r | |
122 | Tpm2Shutdown (\r | |
123 | IN TPM_SU ShutdownType\r | |
124 | );\r | |
125 | \r | |
126 | /**\r | |
127 | This command causes the TPM to perform a test of its capabilities.\r | |
128 | If the fullTest is YES, the TPM will test all functions.\r | |
129 | If fullTest = NO, the TPM will only test those functions that have not previously been tested.\r | |
130 | \r | |
131 | @param[in] FullTest YES if full test to be performed\r | |
132 | NO if only test of untested functions required\r | |
133 | \r | |
134 | @retval EFI_SUCCESS Operation completed successfully.\r | |
135 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
136 | **/\r | |
137 | EFI_STATUS\r | |
138 | EFIAPI\r | |
139 | Tpm2SelfTest (\r | |
140 | IN TPMI_YES_NO FullTest\r | |
141 | );\r | |
142 | \r | |
143 | /**\r | |
144 | This command removes all TPM context associated with a specific Owner.\r | |
145 | \r | |
146 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
147 | @param[in] AuthSession Auth Session context\r | |
148 | \r | |
149 | @retval EFI_SUCCESS Operation completed successfully.\r | |
150 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
151 | **/\r | |
152 | EFI_STATUS\r | |
153 | EFIAPI\r | |
154 | Tpm2Clear (\r | |
155 | IN TPMI_RH_CLEAR AuthHandle,\r | |
156 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
157 | );\r | |
158 | \r | |
159 | /**\r | |
160 | Disables and enables the execution of TPM2_Clear().\r | |
161 | \r | |
162 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
163 | @param[in] AuthSession Auth Session context\r | |
164 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
165 | NO if the flag is to be CLEAR.\r | |
166 | \r | |
167 | @retval EFI_SUCCESS Operation completed successfully.\r | |
168 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
169 | **/\r | |
170 | EFI_STATUS\r | |
171 | EFIAPI\r | |
172 | Tpm2ClearControl (\r | |
173 | IN TPMI_RH_CLEAR AuthHandle,\r | |
174 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
175 | IN TPMI_YES_NO Disable\r | |
176 | );\r | |
177 | \r | |
178 | /**\r | |
179 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
180 | authorization value as the command authorization.\r | |
181 | \r | |
182 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
183 | @param[in] AuthSession Auth Session context\r | |
184 | @param[in] NewAuth New authorization secret\r | |
185 | \r | |
186 | @retval EFI_SUCCESS Operation completed successfully.\r | |
187 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
188 | **/\r | |
189 | EFI_STATUS\r | |
190 | EFIAPI\r | |
191 | Tpm2HierarchyChangeAuth (\r | |
192 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
193 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
194 | IN TPM2B_AUTH *NewAuth\r | |
195 | );\r | |
196 | \r | |
197 | /**\r | |
198 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
199 | their default initialization values.\r | |
200 | \r | |
201 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
202 | @param[in] AuthSession Auth Session context\r | |
203 | \r | |
204 | @retval EFI_SUCCESS Operation completed successfully.\r | |
205 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
206 | **/\r | |
207 | EFI_STATUS\r | |
208 | EFIAPI\r | |
209 | Tpm2ChangeEPS (\r | |
210 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
211 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
212 | );\r | |
213 | \r | |
214 | /**\r | |
215 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
216 | initialization value (the Empty Buffer).\r | |
217 | \r | |
218 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
219 | @param[in] AuthSession Auth Session context\r | |
220 | \r | |
221 | @retval EFI_SUCCESS Operation completed successfully.\r | |
222 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
223 | **/\r | |
224 | EFI_STATUS\r | |
225 | EFIAPI\r | |
226 | Tpm2ChangePPS (\r | |
227 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
228 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
229 | );\r | |
230 | \r | |
231 | /**\r | |
232 | This command enables and disables use of a hierarchy.\r | |
233 | \r | |
234 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
235 | @param[in] AuthSession Auth Session context\r | |
236 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
237 | @param[in] State YES if the enable should be SET,\r | |
238 | NO if the enable should be CLEAR\r | |
239 | \r | |
240 | @retval EFI_SUCCESS Operation completed successfully.\r | |
241 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
242 | **/\r | |
243 | EFI_STATUS\r | |
244 | EFIAPI\r | |
245 | Tpm2HierarchyControl (\r | |
246 | IN TPMI_RH_HIERARCHY AuthHandle,\r | |
247 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
248 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
249 | IN TPMI_YES_NO State\r | |
250 | );\r | |
251 | \r | |
252 | /**\r | |
253 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
254 | If this command is properly authorized, the lockout counter is set to zero.\r | |
255 | \r | |
256 | @param[in] LockHandle LockHandle\r | |
257 | @param[in] AuthSession Auth Session context\r | |
258 | \r | |
259 | @retval EFI_SUCCESS Operation completed successfully.\r | |
260 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
261 | **/\r | |
262 | EFI_STATUS\r | |
263 | EFIAPI\r | |
264 | Tpm2DictionaryAttackLockReset (\r | |
265 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
266 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
267 | );\r | |
268 | \r | |
269 | /**\r | |
270 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
271 | If this command is properly authorized, the lockout counter is set to zero.\r | |
272 | \r | |
273 | @param[in] LockHandle LockHandle\r | |
274 | @param[in] AuthSession Auth Session context\r | |
275 | @param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r | |
276 | @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r | |
277 | @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r | |
278 | \r | |
279 | @retval EFI_SUCCESS Operation completed successfully.\r | |
280 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
281 | **/\r | |
282 | EFI_STATUS\r | |
283 | EFIAPI\r | |
284 | Tpm2DictionaryAttackParameters (\r | |
285 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
286 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
287 | IN UINT32 NewMaxTries,\r | |
288 | IN UINT32 NewRecoveryTime,\r | |
289 | IN UINT32 LockoutRecovery\r | |
290 | );\r | |
291 | \r | |
292 | /**\r | |
293 | This command is used to read the public area and Name of an NV Index.\r | |
294 | \r | |
295 | @param[in] NvIndex The NV Index.\r | |
296 | @param[out] NvPublic The public area of the index.\r | |
297 | @param[out] NvName The Name of the nvIndex.\r | |
298 | \r | |
299 | @retval EFI_SUCCESS Operation completed successfully.\r | |
300 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
301 | **/\r | |
302 | EFI_STATUS\r | |
303 | EFIAPI\r | |
304 | Tpm2NvReadPublic (\r | |
305 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
306 | OUT TPM2B_NV_PUBLIC *NvPublic,\r | |
307 | OUT TPM2B_NAME *NvName\r | |
308 | );\r | |
309 | \r | |
310 | /**\r | |
311 | This command defines the attributes of an NV Index and causes the TPM to\r | |
312 | reserve space to hold the data associated with the index.\r | |
313 | If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r | |
314 | \r | |
315 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
316 | @param[in] AuthSession Auth Session context\r | |
317 | @param[in] Auth The authorization data.\r | |
318 | @param[in] NvPublic The public area of the index.\r | |
319 | \r | |
320 | @retval EFI_SUCCESS Operation completed successfully.\r | |
321 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
322 | @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r | |
323 | **/\r | |
324 | EFI_STATUS\r | |
325 | EFIAPI\r | |
326 | Tpm2NvDefineSpace (\r | |
327 | IN TPMI_RH_PROVISION AuthHandle,\r | |
328 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
329 | IN TPM2B_AUTH *Auth,\r | |
330 | IN TPM2B_NV_PUBLIC *NvPublic\r | |
331 | );\r | |
332 | \r | |
333 | /**\r | |
334 | This command removes an index from the TPM.\r | |
335 | \r | |
336 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
337 | @param[in] NvIndex The NV Index.\r | |
338 | @param[in] AuthSession Auth Session context\r | |
339 | \r | |
340 | @retval EFI_SUCCESS Operation completed successfully.\r | |
341 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
342 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
343 | **/\r | |
344 | EFI_STATUS\r | |
345 | EFIAPI\r | |
346 | Tpm2NvUndefineSpace (\r | |
347 | IN TPMI_RH_PROVISION AuthHandle,\r | |
348 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
349 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
350 | );\r | |
351 | \r | |
352 | /**\r | |
353 | This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r | |
354 | \r | |
355 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
356 | @param[in] NvIndex The index to be read.\r | |
357 | @param[in] AuthSession Auth Session context\r | |
358 | @param[in] Size Number of bytes to read.\r | |
359 | @param[in] Offset Byte offset into the area.\r | |
360 | @param[in,out] OutData The data read.\r | |
361 | \r | |
362 | @retval EFI_SUCCESS Operation completed successfully.\r | |
363 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
364 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
365 | **/\r | |
366 | EFI_STATUS\r | |
367 | EFIAPI\r | |
368 | Tpm2NvRead (\r | |
369 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
370 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
371 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
372 | IN UINT16 Size,\r | |
373 | IN UINT16 Offset,\r | |
374 | IN OUT TPM2B_MAX_BUFFER *OutData\r | |
375 | );\r | |
376 | \r | |
377 | /**\r | |
378 | This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r | |
379 | \r | |
380 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
381 | @param[in] NvIndex The NV Index of the area to write.\r | |
382 | @param[in] AuthSession Auth Session context\r | |
383 | @param[in] InData The data to write.\r | |
384 | @param[in] Offset The offset into the NV Area.\r | |
385 | \r | |
386 | @retval EFI_SUCCESS Operation completed successfully.\r | |
387 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
388 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
389 | **/\r | |
390 | EFI_STATUS\r | |
391 | EFIAPI\r | |
392 | Tpm2NvWrite (\r | |
393 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
394 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
395 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
396 | IN TPM2B_MAX_BUFFER *InData,\r | |
397 | IN UINT16 Offset\r | |
398 | );\r | |
399 | \r | |
400 | /**\r | |
401 | This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r | |
402 | \r | |
403 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
404 | @param[in] NvIndex The NV Index of the area to lock.\r | |
405 | @param[in] AuthSession Auth Session context\r | |
406 | \r | |
407 | @retval EFI_SUCCESS Operation completed successfully.\r | |
408 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
409 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
410 | **/\r | |
411 | EFI_STATUS\r | |
412 | EFIAPI\r | |
413 | Tpm2NvReadLock (\r | |
414 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
415 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
416 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
417 | );\r | |
418 | \r | |
419 | /**\r | |
420 | This command may be used to inhibit further writes of the Index.\r | |
421 | \r | |
422 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
423 | @param[in] NvIndex The NV Index of the area to lock.\r | |
424 | @param[in] AuthSession Auth Session context\r | |
425 | \r | |
426 | @retval EFI_SUCCESS Operation completed successfully.\r | |
427 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
428 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
429 | **/\r | |
430 | EFI_STATUS\r | |
431 | EFIAPI\r | |
432 | Tpm2NvWriteLock (\r | |
433 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
434 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
435 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
436 | );\r | |
437 | \r | |
438 | /**\r | |
439 | The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r | |
440 | \r | |
441 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
442 | @param[in] AuthSession Auth Session context\r | |
443 | \r | |
444 | @retval EFI_SUCCESS Operation completed successfully.\r | |
445 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
446 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
447 | **/\r | |
448 | EFI_STATUS\r | |
449 | EFIAPI\r | |
450 | Tpm2NvGlobalWriteLock (\r | |
451 | IN TPMI_RH_PROVISION AuthHandle,\r | |
452 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
453 | );\r | |
454 | \r | |
455 | /**\r | |
456 | This command is used to cause an update to the indicated PCR.\r | |
457 | The digests parameter contains one or more tagged digest value identified by an algorithm ID.\r | |
458 | For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).\r | |
459 | \r | |
460 | @param[in] PcrHandle Handle of the PCR\r | |
461 | @param[in] Digests List of tagged digest values to be extended\r | |
462 | \r | |
463 | @retval EFI_SUCCESS Operation completed successfully.\r | |
464 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
465 | **/\r | |
466 | EFI_STATUS\r | |
467 | EFIAPI\r | |
468 | Tpm2PcrExtend (\r | |
469 | IN TPMI_DH_PCR PcrHandle,\r | |
470 | IN TPML_DIGEST_VALUES *Digests\r | |
471 | );\r | |
472 | \r | |
473 | /**\r | |
474 | This command is used to cause an update to the indicated PCR.\r | |
475 | The data in eventData is hashed using the hash algorithm associated with each bank in which the\r | |
476 | indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle\r | |
477 | references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in\r | |
478 | TPM2_PCR_Extend().\r | |
479 | A TPM shall support an Event.size of zero through 1,024 inclusive.\r | |
480 | \r | |
481 | @param[in] PcrHandle Handle of the PCR\r | |
482 | @param[in] EventData Event data in sized buffer\r | |
483 | @param[out] Digests List of digest\r | |
484 | \r | |
485 | @retval EFI_SUCCESS Operation completed successfully.\r | |
486 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
487 | **/\r | |
488 | EFI_STATUS\r | |
489 | EFIAPI\r | |
490 | Tpm2PcrEvent (\r | |
491 | IN TPMI_DH_PCR PcrHandle,\r | |
492 | IN TPM2B_EVENT *EventData,\r | |
493 | OUT TPML_DIGEST_VALUES *Digests\r | |
494 | );\r | |
495 | \r | |
496 | /**\r | |
497 | This command returns the values of all PCR specified in pcrSelect.\r | |
498 | \r | |
499 | @param[in] PcrSelectionIn The selection of PCR to read.\r | |
500 | @param[out] PcrUpdateCounter The current value of the PCR update counter.\r | |
501 | @param[out] PcrSelectionOut The PCR in the returned list.\r | |
502 | @param[out] PcrValues The contents of the PCR indicated in pcrSelect.\r | |
503 | \r | |
504 | @retval EFI_SUCCESS Operation completed successfully.\r | |
505 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
506 | **/\r | |
507 | EFI_STATUS\r | |
508 | EFIAPI\r | |
509 | Tpm2PcrRead (\r | |
510 | IN TPML_PCR_SELECTION *PcrSelectionIn,\r | |
511 | OUT UINT32 *PcrUpdateCounter,\r | |
512 | OUT TPML_PCR_SELECTION *PcrSelectionOut,\r | |
513 | OUT TPML_DIGEST *PcrValues\r | |
514 | );\r | |
515 | \r | |
516 | /**\r | |
517 | This command is used to set the desired PCR allocation of PCR and algorithms.\r | |
518 | \r | |
519 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
520 | @param[in] AuthSession Auth Session context\r | |
521 | @param[in] PcrAllocation The requested allocation\r | |
522 | @param[out] AllocationSuccess YES if the allocation succeeded\r | |
523 | @param[out] MaxPCR maximum number of PCR that may be in a bank\r | |
524 | @param[out] SizeNeeded number of octets required to satisfy the request\r | |
525 | @param[out] SizeAvailable Number of octets available. Computed before the allocation\r | |
526 | \r | |
527 | @retval EFI_SUCCESS Operation completed successfully.\r | |
528 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
529 | **/\r | |
530 | EFI_STATUS\r | |
531 | EFIAPI\r | |
532 | Tpm2PcrAllocate (\r | |
533 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
534 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
535 | IN TPML_PCR_SELECTION *PcrAllocation,\r | |
536 | OUT TPMI_YES_NO *AllocationSuccess,\r | |
537 | OUT UINT32 *MaxPCR,\r | |
538 | OUT UINT32 *SizeNeeded,\r | |
539 | OUT UINT32 *SizeAvailable\r | |
540 | );\r | |
541 | \r | |
542 | /**\r | |
543 | This command returns various information regarding the TPM and its current state.\r | |
544 | \r | |
545 | The capability parameter determines the category of data returned. The property parameter \r | |
546 | selects the first value of the selected category to be returned. If there is no property \r | |
547 | that corresponds to the value of property, the next higher value is returned, if it exists.\r | |
548 | The moreData parameter will have a value of YES if there are more values of the requested \r | |
549 | type that were not returned.\r | |
550 | If no next capability exists, the TPM will return a zero-length list and moreData will have \r | |
551 | a value of NO.\r | |
552 | \r | |
553 | NOTE: \r | |
554 | To simplify this function, leave returned CapabilityData for caller to unpack since there are \r | |
555 | many capability categories and only few categories will be used in firmware. It means the caller\r | |
556 | need swap the byte order for the feilds in CapabilityData.\r | |
557 | \r | |
558 | @param[in] Capability Group selection; determines the format of the response.\r | |
559 | @param[in] Property Further definition of information. \r | |
560 | @param[in] PropertyCount Number of properties of the indicated type to return.\r | |
561 | @param[out] MoreData Flag to indicate if there are more values of this type.\r | |
562 | @param[out] CapabilityData The capability data.\r | |
563 | \r | |
564 | @retval EFI_SUCCESS Operation completed successfully.\r | |
565 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
566 | **/\r | |
567 | EFI_STATUS\r | |
568 | EFIAPI\r | |
569 | Tpm2GetCapability (\r | |
570 | IN TPM_CAP Capability,\r | |
571 | IN UINT32 Property,\r | |
572 | IN UINT32 PropertyCount,\r | |
573 | OUT TPMI_YES_NO *MoreData,\r | |
574 | OUT TPMS_CAPABILITY_DATA *CapabilityData\r | |
575 | );\r | |
576 | \r | |
577 | /**\r | |
578 | This command returns the information of TPM Family.\r | |
579 | \r | |
580 | This function parse the value got from TPM2_GetCapability and return the Family.\r | |
581 | \r | |
582 | @param[out] Family The Family of TPM. (a 4-octet character string)\r | |
583 | \r | |
584 | @retval EFI_SUCCESS Operation completed successfully.\r | |
585 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
586 | **/\r | |
587 | EFI_STATUS\r | |
588 | EFIAPI\r | |
589 | Tpm2GetCapabilityFamily (\r | |
590 | OUT CHAR8 *Family\r | |
591 | );\r | |
592 | \r | |
593 | /**\r | |
594 | This command returns the information of TPM manufacture ID.\r | |
595 | \r | |
596 | This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.\r | |
597 | \r | |
598 | @param[out] ManufactureId The manufacture ID of TPM.\r | |
599 | \r | |
600 | @retval EFI_SUCCESS Operation completed successfully.\r | |
601 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
602 | **/\r | |
603 | EFI_STATUS\r | |
604 | EFIAPI\r | |
605 | Tpm2GetCapabilityManufactureID (\r | |
606 | OUT UINT32 *ManufactureId\r | |
607 | );\r | |
608 | \r | |
609 | /**\r | |
610 | This command returns the information of TPM FirmwareVersion.\r | |
611 | \r | |
612 | This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.\r | |
613 | \r | |
614 | @param[out] FirmwareVersion1 The FirmwareVersion1.\r | |
615 | @param[out] FirmwareVersion2 The FirmwareVersion2.\r | |
616 | \r | |
617 | @retval EFI_SUCCESS Operation completed successfully.\r | |
618 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
619 | **/\r | |
620 | EFI_STATUS\r | |
621 | EFIAPI\r | |
622 | Tpm2GetCapabilityFirmwareVersion (\r | |
623 | OUT UINT32 *FirmwareVersion1,\r | |
624 | OUT UINT32 *FirmwareVersion2\r | |
625 | );\r | |
626 | \r | |
627 | /**\r | |
628 | This command returns the information of the maximum value for commandSize and responseSize in a command.\r | |
629 | \r | |
630 | This function parse the value got from TPM2_GetCapability and return the max command size and response size\r | |
631 | \r | |
632 | @param[out] MaxCommandSize The maximum value for commandSize in a command.\r | |
633 | @param[out] MaxResponseSize The maximum value for responseSize in a command.\r | |
634 | \r | |
635 | @retval EFI_SUCCESS Operation completed successfully.\r | |
636 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
637 | **/\r | |
638 | EFI_STATUS\r | |
639 | EFIAPI\r | |
640 | Tpm2GetCapabilityMaxCommandResponseSize (\r | |
641 | OUT UINT32 *MaxCommandSize,\r | |
642 | OUT UINT32 *MaxResponseSize\r | |
643 | );\r | |
644 | \r | |
645 | /**\r | |
646 | This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an\r | |
647 | algorithm ID and a set of properties of the algorithm. \r | |
648 | \r | |
649 | This function parse the value got from TPM2_GetCapability and return the list.\r | |
650 | \r | |
651 | @param[out] AlgList List of algorithm.\r | |
652 | \r | |
653 | @retval EFI_SUCCESS Operation completed successfully.\r | |
654 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
655 | **/\r | |
656 | EFI_STATUS\r | |
657 | EFIAPI\r | |
658 | Tpm2GetCapabilitySupportedAlg (\r | |
659 | OUT TPML_ALG_PROPERTY *AlgList\r | |
660 | );\r | |
661 | \r | |
662 | /**\r | |
663 | This command returns the information of TPM LockoutCounter.\r | |
664 | \r | |
665 | This function parse the value got from TPM2_GetCapability and return the LockoutCounter.\r | |
666 | \r | |
667 | @param[out] LockoutCounter The LockoutCounter of TPM.\r | |
668 | \r | |
669 | @retval EFI_SUCCESS Operation completed successfully.\r | |
670 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
671 | **/\r | |
672 | EFI_STATUS\r | |
673 | EFIAPI\r | |
674 | Tpm2GetCapabilityLockoutCounter (\r | |
675 | OUT UINT32 *LockoutCounter\r | |
676 | );\r | |
677 | \r | |
678 | /**\r | |
679 | This command returns the information of TPM LockoutInterval.\r | |
680 | \r | |
681 | This function parse the value got from TPM2_GetCapability and return the LockoutInterval.\r | |
682 | \r | |
683 | @param[out] LockoutInterval The LockoutInterval of TPM.\r | |
684 | \r | |
685 | @retval EFI_SUCCESS Operation completed successfully.\r | |
686 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
687 | **/\r | |
688 | EFI_STATUS\r | |
689 | EFIAPI\r | |
690 | Tpm2GetCapabilityLockoutInterval (\r | |
691 | OUT UINT32 *LockoutInterval\r | |
692 | );\r | |
693 | \r | |
694 | /**\r | |
695 | This command returns the information of TPM InputBufferSize.\r | |
696 | \r | |
697 | This function parse the value got from TPM2_GetCapability and return the InputBufferSize.\r | |
698 | \r | |
699 | @param[out] InputBufferSize The InputBufferSize of TPM.\r | |
700 | the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)\r | |
701 | \r | |
702 | @retval EFI_SUCCESS Operation completed successfully.\r | |
703 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
704 | **/\r | |
705 | EFI_STATUS\r | |
706 | EFIAPI\r | |
707 | Tpm2GetCapabilityInputBufferSize (\r | |
708 | OUT UINT32 *InputBufferSize\r | |
709 | );\r | |
710 | \r | |
711 | /**\r | |
712 | This command returns the information of TPM PCRs.\r | |
713 | \r | |
714 | This function parse the value got from TPM2_GetCapability and return the PcrSelection.\r | |
715 | \r | |
716 | @param[out] Pcrs The Pcr Selection\r | |
717 | \r | |
718 | @retval EFI_SUCCESS Operation completed successfully.\r | |
719 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
720 | **/\r | |
721 | EFI_STATUS\r | |
722 | EFIAPI\r | |
723 | Tpm2GetCapabilityPcrs (\r | |
724 | OUT TPML_PCR_SELECTION *Pcrs\r | |
725 | );\r | |
726 | \r | |
727 | /**\r | |
728 | This command returns the information of TPM AlgorithmSet.\r | |
729 | \r | |
730 | This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.\r | |
731 | \r | |
732 | @param[out] AlgorithmSet The AlgorithmSet of TPM.\r | |
733 | \r | |
734 | @retval EFI_SUCCESS Operation completed successfully.\r | |
735 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
736 | **/\r | |
737 | EFI_STATUS\r | |
738 | EFIAPI\r | |
739 | Tpm2GetCapabilityAlgorithmSet (\r | |
740 | OUT UINT32 *AlgorithmSet\r | |
741 | );\r | |
742 | \r | |
743 | /**\r | |
744 | This command is used to check to see if specific combinations of algorithm parameters are supported.\r | |
745 | \r | |
746 | @param[in] Parameters Algorithm parameters to be validated\r | |
747 | \r | |
748 | @retval EFI_SUCCESS Operation completed successfully.\r | |
749 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
750 | **/\r | |
751 | EFI_STATUS\r | |
752 | EFIAPI\r | |
753 | Tpm2TestParms (\r | |
754 | IN TPMT_PUBLIC_PARMS *Parameters\r | |
755 | );\r | |
756 | \r | |
757 | /**\r | |
758 | This command allows the platform to change the set of algorithms that are used by the TPM.\r | |
759 | The algorithmSet setting is a vendor-dependent value.\r | |
760 | \r | |
761 | @param[in] AuthHandle TPM_RH_PLATFORM\r | |
762 | @param[in] AuthSession Auth Session context\r | |
763 | @param[in] AlgorithmSet A TPM vendor-dependent value indicating the\r | |
764 | algorithm set selection\r | |
765 | \r | |
766 | @retval EFI_SUCCESS Operation completed successfully.\r | |
767 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
768 | **/\r | |
769 | EFI_STATUS\r | |
770 | EFIAPI\r | |
771 | Tpm2SetAlgorithmSet (\r | |
772 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
773 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
774 | IN UINT32 AlgorithmSet\r | |
775 | );\r | |
776 | \r | |
777 | //\r | |
778 | // Help function\r | |
779 | //\r | |
780 | \r | |
781 | /**\r | |
782 | Copy AuthSessionIn to TPM2 command buffer.\r | |
783 | \r | |
784 | @param [in] AuthSessionIn Input AuthSession data\r | |
785 | @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer\r | |
786 | \r | |
787 | @return AuthSession size\r | |
788 | **/\r | |
789 | UINT32\r | |
790 | EFIAPI\r | |
791 | CopyAuthSessionCommand (\r | |
792 | IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL\r | |
793 | OUT UINT8 *AuthSessionOut\r | |
794 | );\r | |
795 | \r | |
796 | /**\r | |
797 | Copy AuthSessionIn from TPM2 response buffer.\r | |
798 | \r | |
799 | @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer\r | |
800 | @param [out] AuthSessionOut Output AuthSession data\r | |
801 | \r | |
802 | @return AuthSession size\r | |
803 | **/\r | |
804 | UINT32\r | |
805 | EFIAPI\r | |
806 | CopyAuthSessionResponse (\r | |
807 | IN UINT8 *AuthSessionIn,\r | |
808 | OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL\r | |
809 | );\r | |
810 | \r | |
811 | /**\r | |
812 | Return size of digest.\r | |
813 | \r | |
814 | @param[in] HashAlgo Hash algorithm\r | |
815 | \r | |
816 | @return size of digest\r | |
817 | **/\r | |
818 | UINT16\r | |
819 | EFIAPI\r | |
820 | GetHashSizeFromAlgo (\r | |
821 | IN TPMI_ALG_HASH HashAlgo\r | |
822 | );\r | |
823 | \r | |
824 | #endif\r |