projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| c1d93242 JY |
1 | /** @file\r |
| 2 | This library is used by other modules to send TPM2 command.\r | |
| 3 | \r | |
| 4 | Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>\r | |
| 5 | This program and the accompanying materials\r | |
| 6 | are licensed and made available under the terms and conditions of the BSD License\r | |
| 7 | which accompanies this distribution. The full text of the license may be found at\r | |
| 8 | http://opensource.org/licenses/bsd-license.php\r | |
| 9 | \r | |
| 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
| 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
| 12 | \r | |
| 13 | **/\r | |
| 14 | \r | |
| 15 | #ifndef _TPM2_COMMAND_LIB_H_\r | |
| 16 | #define _TPM2_COMMAND_LIB_H_\r | |
| 17 | \r | |
| 18 | #include <IndustryStandard/Tpm20.h>\r | |
| 19 | \r | |
| 20 | /**\r | |
| 21 | This command starts a hash or an Event sequence.\r | |
| 22 | If hashAlg is an implemented hash, then a hash sequence is started.\r | |
| 23 | If hashAlg is TPM_ALG_NULL, then an Event sequence is started.\r | |
| 24 | \r | |
| 25 | @param[in] HashAlg The hash algorithm to use for the hash sequence\r | |
| 26 | An Event sequence starts if this is TPM_ALG_NULL.\r | |
| 27 | @param[out] SequenceHandle A handle to reference the sequence\r | |
| 28 | \r | |
| 29 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 30 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 31 | **/\r | |
| 32 | EFI_STATUS\r | |
| 33 | EFIAPI\r | |
| 34 | Tpm2HashSequenceStart (\r | |
| 35 | IN TPMI_ALG_HASH HashAlg,\r | |
| 36 | OUT TPMI_DH_OBJECT *SequenceHandle\r | |
| 37 | );\r | |
| 38 | \r | |
| 39 | /**\r | |
| 40 | This command is used to add data to a hash or HMAC sequence.\r | |
| 41 | The amount of data in buffer may be any size up to the limits of the TPM.\r | |
| 42 | NOTE: In all TPM, a buffer size of 1,024 octets is allowed.\r | |
| 43 | \r | |
| 44 | @param[in] SequenceHandle Handle for the sequence object\r | |
| 45 | @param[in] Buffer Data to be added to hash\r | |
| 46 | \r | |
| 47 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 48 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 49 | **/\r | |
| 50 | EFI_STATUS\r | |
| 51 | EFIAPI\r | |
| 52 | Tpm2SequenceUpdate (\r | |
| 53 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
| 54 | IN TPM2B_MAX_BUFFER *Buffer\r | |
| 55 | );\r | |
| 56 | \r | |
| 57 | /**\r | |
| 58 | This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list.\r | |
| 59 | If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in\r | |
| 60 | the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each\r | |
| 61 | bank extended with the associated digest value.\r | |
| 62 | \r | |
| 63 | @param[in] PcrHandle PCR to be extended with the Event data\r | |
| 64 | @param[in] SequenceHandle Authorization for the sequence\r | |
| 65 | @param[in] Buffer Data to be added to the Event\r | |
| 66 | @param[out] Results List of digests computed for the PCR\r | |
| 67 | \r | |
| 68 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 69 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 70 | **/\r | |
| 71 | EFI_STATUS\r | |
| 72 | EFIAPI\r | |
| 73 | Tpm2EventSequenceComplete (\r | |
| 74 | IN TPMI_DH_PCR PcrHandle,\r | |
| 75 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
| 76 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
| 77 | OUT TPML_DIGEST_VALUES *Results\r | |
| 78 | );\r | |
| 79 | \r | |
| 80 | /**\r | |
| 81 | This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.\r | |
| 82 | \r | |
| 83 | @param[in] SequenceHandle Authorization for the sequence\r | |
| 84 | @param[in] Buffer Data to be added to the hash/HMAC\r | |
| 85 | @param[out] Result The returned HMAC or digest in a sized buffer\r | |
| 86 | \r | |
| 87 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 88 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 89 | **/\r | |
| 90 | EFI_STATUS\r | |
| 91 | EFIAPI\r | |
| 92 | Tpm2SequenceComplete (\r | |
| 93 | IN TPMI_DH_OBJECT SequenceHandle,\r | |
| 94 | IN TPM2B_MAX_BUFFER *Buffer,\r | |
| 95 | OUT TPM2B_DIGEST *Result\r | |
| 96 | );\r | |
| 97 | \r | |
| 98 | /**\r | |
| 99 | Send Startup command to TPM2.\r | |
| 100 | \r | |
| 101 | @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE\r | |
| 102 | \r | |
| 103 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 104 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 105 | **/\r | |
| 106 | EFI_STATUS\r | |
| 107 | EFIAPI\r | |
| 108 | Tpm2Startup (\r | |
| 109 | IN TPM_SU StartupType\r | |
| 110 | );\r | |
| 111 | \r | |
| 112 | /**\r | |
| 113 | Send Shutdown command to TPM2.\r | |
| 114 | \r | |
| 115 | @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE.\r | |
| 116 | \r | |
| 117 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 118 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 119 | **/\r | |
| 120 | EFI_STATUS\r | |
| 121 | EFIAPI\r | |
| 122 | Tpm2Shutdown (\r | |
| 123 | IN TPM_SU ShutdownType\r | |
| 124 | );\r | |
| 125 | \r | |
| 126 | /**\r | |
| 127 | This command causes the TPM to perform a test of its capabilities.\r | |
| 128 | If the fullTest is YES, the TPM will test all functions.\r | |
| 129 | If fullTest = NO, the TPM will only test those functions that have not previously been tested.\r | |
| 130 | \r | |
| 131 | @param[in] FullTest YES if full test to be performed\r | |
| 132 | NO if only test of untested functions required\r | |
| 133 | \r | |
| 134 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 135 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 136 | **/\r | |
| 137 | EFI_STATUS\r | |
| 138 | EFIAPI\r | |
| 139 | Tpm2SelfTest (\r | |
| 140 | IN TPMI_YES_NO FullTest\r | |
| 141 | );\r | |
| 142 | \r | |
| 143 | /**\r | |
| 144 | This command removes all TPM context associated with a specific Owner.\r | |
| 145 | \r | |
| 146 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
| 147 | @param[in] AuthSession Auth Session context\r | |
| 148 | \r | |
| 149 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 150 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 151 | **/\r | |
| 152 | EFI_STATUS\r | |
| 153 | EFIAPI\r | |
| 154 | Tpm2Clear (\r | |
| 155 | IN TPMI_RH_CLEAR AuthHandle,\r | |
| 156 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
| 157 | );\r | |
| 158 | \r | |
| 159 | /**\r | |
| 160 | Disables and enables the execution of TPM2_Clear().\r | |
| 161 | \r | |
| 162 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
| 163 | @param[in] AuthSession Auth Session context\r | |
| 164 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
| 165 | NO if the flag is to be CLEAR.\r | |
| 166 | \r | |
| 167 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 168 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 169 | **/\r | |
| 170 | EFI_STATUS\r | |
| 171 | EFIAPI\r | |
| 172 | Tpm2ClearControl (\r | |
| 173 | IN TPMI_RH_CLEAR AuthHandle,\r | |
| 174 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
| 175 | IN TPMI_YES_NO Disable\r | |
| 176 | );\r | |
| 177 | \r | |
| 178 | /**\r | |
| 179 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
| 180 | authorization value as the command authorization.\r | |
| 181 | \r | |
| 182 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
| 183 | @param[in] AuthSession Auth Session context\r | |
| 184 | @param[in] NewAuth New authorization secret\r | |
| 185 | \r | |
| 186 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 187 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 188 | **/\r | |
| 189 | EFI_STATUS\r | |
| 190 | EFIAPI\r | |
| 191 | Tpm2HierarchyChangeAuth (\r | |
| 192 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
| 193 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
| 194 | IN TPM2B_AUTH *NewAuth\r | |
| 195 | );\r | |
| 196 | \r | |
| 197 | /**\r | |
| 198 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
| 199 | their default initialization values.\r | |
| 200 | \r | |
| 201 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
| 202 | @param[in] AuthSession Auth Session context\r | |
| 203 | \r | |
| 204 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 205 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 206 | **/\r | |
| 207 | EFI_STATUS\r | |
| 208 | EFIAPI\r | |
| 209 | Tpm2ChangeEPS (\r | |
| 210 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
| 211 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
| 212 | );\r | |
| 213 | \r | |
| 214 | /**\r | |
| 215 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
| 216 | initialization value (the Empty Buffer).\r | |
| 217 | \r | |
| 218 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
| 219 | @param[in] AuthSession Auth Session context\r | |
| 220 | \r | |
| 221 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 222 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 223 | **/\r | |
| 224 | EFI_STATUS\r | |
| 225 | EFIAPI\r | |
| 226 | Tpm2ChangePPS (\r | |
| 227 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
| 228 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
| 229 | );\r | |
| 230 | \r | |
| 231 | /**\r | |
| 232 | This command enables and disables use of a hierarchy.\r | |
| 233 | \r | |
| 234 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
| 235 | @param[in] AuthSession Auth Session context\r | |
| 236 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
| 237 | @param[in] State YES if the enable should be SET,\r | |
| 238 | NO if the enable should be CLEAR\r | |
| 239 | \r | |
| 240 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 241 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 242 | **/\r | |
| 243 | EFI_STATUS\r | |
| 244 | EFIAPI\r | |
| 245 | Tpm2HierarchyControl (\r | |
| 246 | IN TPMI_RH_HIERARCHY AuthHandle,\r | |
| 247 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
| 248 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
| 249 | IN TPMI_YES_NO State\r | |
| 250 | );\r | |
| 251 | \r | |
| 252 | /**\r | |
| 253 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
| 254 | If this command is properly authorized, the lockout counter is set to zero.\r | |
| 255 | \r | |
| 256 | @param[in] LockHandle LockHandle\r | |
| 257 | @param[in] AuthSession Auth Session context\r | |
| 258 | \r | |
| 259 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 260 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 261 | **/\r | |
| 262 | EFI_STATUS\r | |
| 263 | EFIAPI\r | |
| 264 | Tpm2DictionaryAttackLockReset (\r | |
| 265 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
| 266 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
| 267 | );\r | |
| 268 | \r | |
| 269 | /**\r | |
| 270 | This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r | |
| 271 | If this command is properly authorized, the lockout counter is set to zero.\r | |
| 272 | \r | |
| 273 | @param[in] LockHandle LockHandle\r | |
| 274 | @param[in] AuthSession Auth Session context\r | |
| 275 | @param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r | |
| 276 | @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r | |
| 277 | @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r | |
| 278 | \r | |
| 279 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 280 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 281 | **/\r | |
| 282 | EFI_STATUS\r | |
| 283 | EFIAPI\r | |
| 284 | Tpm2DictionaryAttackParameters (\r | |
| 285 | IN TPMI_RH_LOCKOUT LockHandle,\r | |
| 286 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
| 287 | IN UINT32 NewMaxTries,\r | |
| 288 | IN UINT32 NewRecoveryTime,\r | |
| 289 | IN UINT32 LockoutRecovery\r | |
| 290 | );\r | |
| 291 | \r | |
| 292 | /**\r | |
| 293 | This command is used to read the public area and Name of an NV Index.\r | |
| 294 | \r | |
| 295 | @param[in] NvIndex The NV Index.\r | |
| 296 | @param[out] NvPublic The public area of the index.\r | |
| 297 | @param[out] NvName The Name of the nvIndex.\r | |
| 298 | \r | |
| 299 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 300 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 301 | **/\r | |
| 302 | EFI_STATUS\r | |
| 303 | EFIAPI\r | |
| 304 | Tpm2NvReadPublic (\r | |
| 305 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
| 306 | OUT TPM2B_NV_PUBLIC *NvPublic,\r | |
| 307 | OUT TPM2B_NAME *NvName\r | |
| 308 | );\r | |
| 309 | \r | |
| 310 | /**\r | |
| 311 | This command defines the attributes of an NV Index and causes the TPM to\r | |
| 312 | reserve space to hold the data associated with the index.\r | |
| 313 | If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r | |
| 314 | \r | |
| 315 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
| 316 | @param[in] AuthSession Auth Session context\r | |
| 317 | @param[in] Auth The authorization data.\r | |
| 318 | @param[in] NvPublic The public area of the index.\r | |
| 319 | \r | |
| 320 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 321 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 322 | @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r | |
| 323 | **/\r | |
| 324 | EFI_STATUS\r | |
| 325 | EFIAPI\r | |
| 326 | Tpm2NvDefineSpace (\r | |
| 327 | IN TPMI_RH_PROVISION AuthHandle,\r | |
| 328 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
| 329 | IN TPM2B_AUTH *Auth,\r | |
| 330 | IN TPM2B_NV_PUBLIC *NvPublic\r | |
| 331 | );\r | |
| 332 | \r | |
| 333 | /**\r | |
| 334 | This command removes an index from the TPM.\r | |
| 335 | \r | |
| 336 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
| 337 | @param[in] NvIndex The NV Index.\r | |
| 338 | @param[in] AuthSession Auth Session context\r | |
| 339 | \r | |
| 340 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 341 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 342 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
| 343 | **/\r | |
| 344 | EFI_STATUS\r | |
| 345 | EFIAPI\r | |
| 346 | Tpm2NvUndefineSpace (\r | |
| 347 | IN TPMI_RH_PROVISION AuthHandle,\r | |
| 348 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
| 349 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
| 350 | );\r | |
| 351 | \r | |
| 352 | /**\r | |
| 353 | This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r | |
| 354 | \r | |
| 355 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
| 356 | @param[in] NvIndex The index to be read.\r | |
| 357 | @param[in] AuthSession Auth Session context\r | |
| 358 | @param[in] Size Number of bytes to read.\r | |
| 359 | @param[in] Offset Byte offset into the area.\r | |
| 360 | @param[in,out] OutData The data read.\r | |
| 361 | \r | |
| 362 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 363 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 364 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
| 365 | **/\r | |
| 366 | EFI_STATUS\r | |
| 367 | EFIAPI\r | |
| 368 | Tpm2NvRead (\r | |
| 369 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
| 370 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
| 371 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
| 372 | IN UINT16 Size,\r | |
| 373 | IN UINT16 Offset,\r | |
| 374 | IN OUT TPM2B_MAX_BUFFER *OutData\r | |
| 375 | );\r | |
| 376 | \r | |
| 377 | /**\r | |
| 378 | This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r | |
| 379 | \r | |
| 380 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
| 381 | @param[in] NvIndex The NV Index of the area to write.\r | |
| 382 | @param[in] AuthSession Auth Session context\r | |
| 383 | @param[in] InData The data to write.\r | |
| 384 | @param[in] Offset The offset into the NV Area.\r | |
| 385 | \r | |
| 386 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 387 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 388 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
| 389 | **/\r | |
| 390 | EFI_STATUS\r | |
| 391 | EFIAPI\r | |
| 392 | Tpm2NvWrite (\r | |
| 393 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
| 394 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
| 395 | IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r | |
| 396 | IN TPM2B_MAX_BUFFER *InData,\r | |
| 397 | IN UINT16 Offset\r | |
| 398 | );\r | |
| 399 | \r | |
| 400 | /**\r | |
| 401 | This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r | |
| 402 | \r | |
| 403 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
| 404 | @param[in] NvIndex The NV Index of the area to lock.\r | |
| 405 | @param[in] AuthSession Auth Session context\r | |
| 406 | \r | |
| 407 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 408 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 409 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
| 410 | **/\r | |
| 411 | EFI_STATUS\r | |
| 412 | EFIAPI\r | |
| 413 | Tpm2NvReadLock (\r | |
| 414 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
| 415 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
| 416 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
| 417 | );\r | |
| 418 | \r | |
| 419 | /**\r | |
| 420 | This command may be used to inhibit further writes of the Index.\r | |
| 421 | \r | |
| 422 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
| 423 | @param[in] NvIndex The NV Index of the area to lock.\r | |
| 424 | @param[in] AuthSession Auth Session context\r | |
| 425 | \r | |
| 426 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 427 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 428 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
| 429 | **/\r | |
| 430 | EFI_STATUS\r | |
| 431 | EFIAPI\r | |
| 432 | Tpm2NvWriteLock (\r | |
| 433 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
| 434 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
| 435 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
| 436 | );\r | |
| 437 | \r | |
| 438 | /**\r | |
| 439 | The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r | |
| 440 | \r | |
| 441 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
| 442 | @param[in] AuthSession Auth Session context\r | |
| 443 | \r | |
| 444 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 445 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 446 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
| 447 | **/\r | |
| 448 | EFI_STATUS\r | |
| 449 | EFIAPI\r | |
| 450 | Tpm2NvGlobalWriteLock (\r | |
| 451 | IN TPMI_RH_PROVISION AuthHandle,\r | |
| 452 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
| 453 | );\r | |
| 454 | \r | |
| 455 | /**\r | |
| 456 | This command is used to cause an update to the indicated PCR.\r | |
| 457 | The digests parameter contains one or more tagged digest value identified by an algorithm ID.\r | |
| 458 | For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).\r | |
| 459 | \r | |
| 460 | @param[in] PcrHandle Handle of the PCR\r | |
| 461 | @param[in] Digests List of tagged digest values to be extended\r | |
| 462 | \r | |
| 463 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 464 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 465 | **/\r | |
| 466 | EFI_STATUS\r | |
| 467 | EFIAPI\r | |
| 468 | Tpm2PcrExtend (\r | |
| 469 | IN TPMI_DH_PCR PcrHandle,\r | |
| 470 | IN TPML_DIGEST_VALUES *Digests\r | |
| 471 | );\r | |
| 472 | \r | |
| 473 | /**\r | |
| 474 | This command is used to cause an update to the indicated PCR.\r | |
| 475 | The data in eventData is hashed using the hash algorithm associated with each bank in which the\r | |
| 476 | indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle\r | |
| 477 | references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in\r | |
| 478 | TPM2_PCR_Extend().\r | |
| 479 | A TPM shall support an Event.size of zero through 1,024 inclusive.\r | |
| 480 | \r | |
| 481 | @param[in] PcrHandle Handle of the PCR\r | |
| 482 | @param[in] EventData Event data in sized buffer\r | |
| 483 | @param[out] Digests List of digest\r | |
| 484 | \r | |
| 485 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 486 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 487 | **/\r | |
| 488 | EFI_STATUS\r | |
| 489 | EFIAPI\r | |
| 490 | Tpm2PcrEvent (\r | |
| 491 | IN TPMI_DH_PCR PcrHandle,\r | |
| 492 | IN TPM2B_EVENT *EventData,\r | |
| 493 | OUT TPML_DIGEST_VALUES *Digests\r | |
| 494 | );\r | |
| 495 | \r | |
| 496 | /**\r | |
| 497 | This command returns the values of all PCR specified in pcrSelect.\r | |
| 498 | \r | |
| 499 | @param[in] PcrSelectionIn The selection of PCR to read.\r | |
| 500 | @param[out] PcrUpdateCounter The current value of the PCR update counter.\r | |
| 501 | @param[out] PcrSelectionOut The PCR in the returned list.\r | |
| 502 | @param[out] PcrValues The contents of the PCR indicated in pcrSelect.\r | |
| 503 | \r | |
| 504 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 505 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 506 | **/\r | |
| 507 | EFI_STATUS\r | |
| 508 | EFIAPI\r | |
| 509 | Tpm2PcrRead (\r | |
| 510 | IN TPML_PCR_SELECTION *PcrSelectionIn,\r | |
| 511 | OUT UINT32 *PcrUpdateCounter,\r | |
| 512 | OUT TPML_PCR_SELECTION *PcrSelectionOut,\r | |
| 513 | OUT TPML_DIGEST *PcrValues\r | |
| 514 | );\r | |
| 515 | \r | |
| 516 | /**\r | |
| 517 | This command is used to set the desired PCR allocation of PCR and algorithms.\r | |
| 518 | \r | |
| 519 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
| 520 | @param[in] AuthSession Auth Session context\r | |
| 521 | @param[in] PcrAllocation The requested allocation\r | |
| 522 | @param[out] AllocationSuccess YES if the allocation succeeded\r | |
| 523 | @param[out] MaxPCR maximum number of PCR that may be in a bank\r | |
| 524 | @param[out] SizeNeeded number of octets required to satisfy the request\r | |
| 525 | @param[out] SizeAvailable Number of octets available. Computed before the allocation\r | |
| 526 | \r | |
| 527 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 528 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 529 | **/\r | |
| 530 | EFI_STATUS\r | |
| 531 | EFIAPI\r | |
| 532 | Tpm2PcrAllocate (\r | |
| 533 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
| 534 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
| 535 | IN TPML_PCR_SELECTION *PcrAllocation,\r | |
| 536 | OUT TPMI_YES_NO *AllocationSuccess,\r | |
| 537 | OUT UINT32 *MaxPCR,\r | |
| 538 | OUT UINT32 *SizeNeeded,\r | |
| 539 | OUT UINT32 *SizeAvailable\r | |
| 540 | );\r | |
| 541 | \r | |
| 542 | /**\r | |
| 543 | This command returns various information regarding the TPM and its current state.\r | |
| 544 | \r | |
| 545 | The capability parameter determines the category of data returned. The property parameter \r | |
| 546 | selects the first value of the selected category to be returned. If there is no property \r | |
| 547 | that corresponds to the value of property, the next higher value is returned, if it exists.\r | |
| 548 | The moreData parameter will have a value of YES if there are more values of the requested \r | |
| 549 | type that were not returned.\r | |
| 550 | If no next capability exists, the TPM will return a zero-length list and moreData will have \r | |
| 551 | a value of NO.\r | |
| 552 | \r | |
| 553 | NOTE: \r | |
| 554 | To simplify this function, leave returned CapabilityData for caller to unpack since there are \r | |
| 555 | many capability categories and only few categories will be used in firmware. It means the caller\r | |
| 556 | need swap the byte order for the feilds in CapabilityData.\r | |
| 557 | \r | |
| 558 | @param[in] Capability Group selection; determines the format of the response.\r | |
| 559 | @param[in] Property Further definition of information. \r | |
| 560 | @param[in] PropertyCount Number of properties of the indicated type to return.\r | |
| 561 | @param[out] MoreData Flag to indicate if there are more values of this type.\r | |
| 562 | @param[out] CapabilityData The capability data.\r | |
| 563 | \r | |
| 564 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 565 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 566 | **/\r | |
| 567 | EFI_STATUS\r | |
| 568 | EFIAPI\r | |
| 569 | Tpm2GetCapability (\r | |
| 570 | IN TPM_CAP Capability,\r | |
| 571 | IN UINT32 Property,\r | |
| 572 | IN UINT32 PropertyCount,\r | |
| 573 | OUT TPMI_YES_NO *MoreData,\r | |
| 574 | OUT TPMS_CAPABILITY_DATA *CapabilityData\r | |
| 575 | );\r | |
| 576 | \r | |
| 577 | /**\r | |
| 578 | This command returns the information of TPM Family.\r | |
| 579 | \r | |
| 580 | This function parse the value got from TPM2_GetCapability and return the Family.\r | |
| 581 | \r | |
| 582 | @param[out] Family The Family of TPM. (a 4-octet character string)\r | |
| 583 | \r | |
| 584 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 585 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 586 | **/\r | |
| 587 | EFI_STATUS\r | |
| 588 | EFIAPI\r | |
| 589 | Tpm2GetCapabilityFamily (\r | |
| 590 | OUT CHAR8 *Family\r | |
| 591 | );\r | |
| 592 | \r | |
| 593 | /**\r | |
| 594 | This command returns the information of TPM manufacture ID.\r | |
| 595 | \r | |
| 596 | This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.\r | |
| 597 | \r | |
| 598 | @param[out] ManufactureId The manufacture ID of TPM.\r | |
| 599 | \r | |
| 600 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 601 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 602 | **/\r | |
| 603 | EFI_STATUS\r | |
| 604 | EFIAPI\r | |
| 605 | Tpm2GetCapabilityManufactureID (\r | |
| 606 | OUT UINT32 *ManufactureId\r | |
| 607 | );\r | |
| 608 | \r | |
| 609 | /**\r | |
| 610 | This command returns the information of TPM FirmwareVersion.\r | |
| 611 | \r | |
| 612 | This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.\r | |
| 613 | \r | |
| 614 | @param[out] FirmwareVersion1 The FirmwareVersion1.\r | |
| 615 | @param[out] FirmwareVersion2 The FirmwareVersion2.\r | |
| 616 | \r | |
| 617 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 618 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 619 | **/\r | |
| 620 | EFI_STATUS\r | |
| 621 | EFIAPI\r | |
| 622 | Tpm2GetCapabilityFirmwareVersion (\r | |
| 623 | OUT UINT32 *FirmwareVersion1,\r | |
| 624 | OUT UINT32 *FirmwareVersion2\r | |
| 625 | );\r | |
| 626 | \r | |
| 627 | /**\r | |
| 628 | This command returns the information of the maximum value for commandSize and responseSize in a command.\r | |
| 629 | \r | |
| 630 | This function parse the value got from TPM2_GetCapability and return the max command size and response size\r | |
| 631 | \r | |
| 632 | @param[out] MaxCommandSize The maximum value for commandSize in a command.\r | |
| 633 | @param[out] MaxResponseSize The maximum value for responseSize in a command.\r | |
| 634 | \r | |
| 635 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 636 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 637 | **/\r | |
| 638 | EFI_STATUS\r | |
| 639 | EFIAPI\r | |
| 640 | Tpm2GetCapabilityMaxCommandResponseSize (\r | |
| 641 | OUT UINT32 *MaxCommandSize,\r | |
| 642 | OUT UINT32 *MaxResponseSize\r | |
| 643 | );\r | |
| 644 | \r | |
| 645 | /**\r | |
| 646 | This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an\r | |
| 647 | algorithm ID and a set of properties of the algorithm. \r | |
| 648 | \r | |
| 649 | This function parse the value got from TPM2_GetCapability and return the list.\r | |
| 650 | \r | |
| 651 | @param[out] AlgList List of algorithm.\r | |
| 652 | \r | |
| 653 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 654 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 655 | **/\r | |
| 656 | EFI_STATUS\r | |
| 657 | EFIAPI\r | |
| 658 | Tpm2GetCapabilitySupportedAlg (\r | |
| 659 | OUT TPML_ALG_PROPERTY *AlgList\r | |
| 660 | );\r | |
| 661 | \r | |
| 662 | /**\r | |
| 663 | This command returns the information of TPM LockoutCounter.\r | |
| 664 | \r | |
| 665 | This function parse the value got from TPM2_GetCapability and return the LockoutCounter.\r | |
| 666 | \r | |
| 667 | @param[out] LockoutCounter The LockoutCounter of TPM.\r | |
| 668 | \r | |
| 669 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 670 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 671 | **/\r | |
| 672 | EFI_STATUS\r | |
| 673 | EFIAPI\r | |
| 674 | Tpm2GetCapabilityLockoutCounter (\r | |
| 675 | OUT UINT32 *LockoutCounter\r | |
| 676 | );\r | |
| 677 | \r | |
| 678 | /**\r | |
| 679 | This command returns the information of TPM LockoutInterval.\r | |
| 680 | \r | |
| 681 | This function parse the value got from TPM2_GetCapability and return the LockoutInterval.\r | |
| 682 | \r | |
| 683 | @param[out] LockoutInterval The LockoutInterval of TPM.\r | |
| 684 | \r | |
| 685 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 686 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 687 | **/\r | |
| 688 | EFI_STATUS\r | |
| 689 | EFIAPI\r | |
| 690 | Tpm2GetCapabilityLockoutInterval (\r | |
| 691 | OUT UINT32 *LockoutInterval\r | |
| 692 | );\r | |
| 693 | \r | |
| 694 | /**\r | |
| 695 | This command returns the information of TPM InputBufferSize.\r | |
| 696 | \r | |
| 697 | This function parse the value got from TPM2_GetCapability and return the InputBufferSize.\r | |
| 698 | \r | |
| 699 | @param[out] InputBufferSize The InputBufferSize of TPM.\r | |
| 700 | the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)\r | |
| 701 | \r | |
| 702 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 703 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 704 | **/\r | |
| 705 | EFI_STATUS\r | |
| 706 | EFIAPI\r | |
| 707 | Tpm2GetCapabilityInputBufferSize (\r | |
| 708 | OUT UINT32 *InputBufferSize\r | |
| 709 | );\r | |
| 710 | \r | |
| 711 | /**\r | |
| 712 | This command returns the information of TPM PCRs.\r | |
| 713 | \r | |
| 714 | This function parse the value got from TPM2_GetCapability and return the PcrSelection.\r | |
| 715 | \r | |
| 716 | @param[out] Pcrs The Pcr Selection\r | |
| 717 | \r | |
| 718 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 719 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 720 | **/\r | |
| 721 | EFI_STATUS\r | |
| 722 | EFIAPI\r | |
| 723 | Tpm2GetCapabilityPcrs (\r | |
| 724 | OUT TPML_PCR_SELECTION *Pcrs\r | |
| 725 | );\r | |
| 726 | \r | |
| 727 | /**\r | |
| 728 | This command returns the information of TPM AlgorithmSet.\r | |
| 729 | \r | |
| 730 | This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.\r | |
| 731 | \r | |
| 732 | @param[out] AlgorithmSet The AlgorithmSet of TPM.\r | |
| 733 | \r | |
| 734 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 735 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
| 736 | **/\r | |
| 737 | EFI_STATUS\r | |
| 738 | EFIAPI\r | |
| 739 | Tpm2GetCapabilityAlgorithmSet (\r | |
| 740 | OUT UINT32 *AlgorithmSet\r | |
| 741 | );\r | |
| 742 | \r | |
| 743 | /**\r | |
| 744 | This command is used to check to see if specific combinations of algorithm parameters are supported.\r | |
| 745 | \r | |
| 746 | @param[in] Parameters Algorithm parameters to be validated\r | |
| 747 | \r | |
| 748 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 749 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 750 | **/\r | |
| 751 | EFI_STATUS\r | |
| 752 | EFIAPI\r | |
| 753 | Tpm2TestParms (\r | |
| 754 | IN TPMT_PUBLIC_PARMS *Parameters\r | |
| 755 | );\r | |
| 756 | \r | |
| 757 | /**\r | |
| 758 | This command allows the platform to change the set of algorithms that are used by the TPM.\r | |
| 759 | The algorithmSet setting is a vendor-dependent value.\r | |
| 760 | \r | |
| 761 | @param[in] AuthHandle TPM_RH_PLATFORM\r | |
| 762 | @param[in] AuthSession Auth Session context\r | |
| 763 | @param[in] AlgorithmSet A TPM vendor-dependent value indicating the\r | |
| 764 | algorithm set selection\r | |
| 765 | \r | |
| 766 | @retval EFI_SUCCESS Operation completed successfully.\r | |
| 767 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
| 768 | **/\r | |
| 769 | EFI_STATUS\r | |
| 770 | EFIAPI\r | |
| 771 | Tpm2SetAlgorithmSet (\r | |
| 772 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
| 773 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
| 774 | IN UINT32 AlgorithmSet\r | |
| 775 | );\r | |
| 776 | \r | |
| 777 | //\r | |
| 778 | // Help function\r | |
| 779 | //\r | |
| 780 | \r | |
| 781 | /**\r | |
| 782 | Copy AuthSessionIn to TPM2 command buffer.\r | |
| 783 | \r | |
| 784 | @param [in] AuthSessionIn Input AuthSession data\r | |
| 785 | @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer\r | |
| 786 | \r | |
| 787 | @return AuthSession size\r | |
| 788 | **/\r | |
| 789 | UINT32\r | |
| 790 | EFIAPI\r | |
| 791 | CopyAuthSessionCommand (\r | |
| 792 | IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL\r | |
| 793 | OUT UINT8 *AuthSessionOut\r | |
| 794 | );\r | |
| 795 | \r | |
| 796 | /**\r | |
| 797 | Copy AuthSessionIn from TPM2 response buffer.\r | |
| 798 | \r | |
| 799 | @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer\r | |
| 800 | @param [out] AuthSessionOut Output AuthSession data\r | |
| 801 | \r | |
| 802 | @return AuthSession size\r | |
| 803 | **/\r | |
| 804 | UINT32\r | |
| 805 | EFIAPI\r | |
| 806 | CopyAuthSessionResponse (\r | |
| 807 | IN UINT8 *AuthSessionIn,\r | |
| 808 | OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL\r | |
| 809 | );\r | |
| 810 | \r | |
| 811 | /**\r | |
| 812 | Return size of digest.\r | |
| 813 | \r | |
| 814 | @param[in] HashAlgo Hash algorithm\r | |
| 815 | \r | |
| 816 | @return size of digest\r | |
| 817 | **/\r | |
| 818 | UINT16\r | |
| 819 | EFIAPI\r | |
| 820 | GetHashSizeFromAlgo (\r | |
| 821 | IN TPMI_ALG_HASH HashAlgo\r | |
| 822 | );\r | |
| 823 | \r | |
| 824 | #endif\r |