[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2EnhancedAuthorization.c

/** @file\r
  Implement TPM2 EnhancedAuthorization related command.\r
\r
Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_DH_ENTITY            AuthHandle;\r
  TPMI_SH_POLICY            PolicySession;\r
  UINT32                    AuthSessionSize;\r
  TPMS_AUTH_COMMAND         AuthSession;\r
  TPM2B_NONCE               NonceTPM;\r
  TPM2B_DIGEST              CpHashA;\r
  TPM2B_NONCE               PolicyRef;\r
  INT32                     Expiration;\r
} TPM2_POLICY_SECRET_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
  UINT32                    AuthSessionSize;\r
  TPM2B_TIMEOUT             Timeout;\r
  TPMT_TK_AUTH              PolicyTicket;\r
  TPMS_AUTH_RESPONSE        AuthSession;\r
} TPM2_POLICY_SECRET_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_SH_POLICY            PolicySession;\r
  TPM_CC                    Code;\r
} TPM2_POLICY_COMMAND_CODE_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
} TPM2_POLICY_COMMAND_CODE_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_SH_POLICY            PolicySession;\r
} TPM2_POLICY_GET_DIGEST_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
  TPM2B_DIGEST              PolicyHash;\r
} TPM2_POLICY_GET_DIGEST_RESPONSE;\r
\r
#pragma pack()\r
\r
/**\r
  This command includes a secret-based authorization to a policy.\r
  The caller proves knowledge of the secret value using an authorization\r
  session using the authValue associated with authHandle.\r
\r
  @param[in]  AuthHandle         Handle for an entity providing the authorization\r
  @param[in]  PolicySession      Handle for the policy session being extended.\r
  @param[in]  AuthSession        Auth Session context\r
  @param[in]  NonceTPM           The policy nonce for the session.\r
  @param[in]  CpHashA            Digest of the command parameters to which this authorization is limited.\r
  @param[in]  PolicyRef          A reference to a policy relating to the authorization.\r
  @param[in]  Expiration         Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
  @param[out] Timeout            Time value used to indicate to the TPM when the ticket expires.\r
  @param[out] PolicyTicket       A ticket that includes a value indicating when the authorization expires.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicySecret (\r
  IN      TPMI_DH_ENTITY            AuthHandle,\r
  IN      TPMI_SH_POLICY            PolicySession,\r
  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL\r
  IN      TPM2B_NONCE               *NonceTPM,\r
  IN      TPM2B_DIGEST              *CpHashA,\r
  IN      TPM2B_NONCE               *PolicyRef,\r
  IN      INT32                     Expiration,\r
  OUT     TPM2B_TIMEOUT             *Timeout,\r
  OUT     TPMT_TK_AUTH              *PolicyTicket\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_SECRET_COMMAND        SendBuffer;\r
  TPM2_POLICY_SECRET_RESPONSE       RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
  UINT8                             *Buffer;\r
  UINT32                            SessionInfoSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);\r
  SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
  \r
  //\r
  // Add in Auth session\r
  //\r
  Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
\r
  // sessionInfoSize\r
  SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
  Buffer += SessionInfoSize;\r
  SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
\r
  //\r
  // Real data\r
  //\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);\r
  Buffer += NonceTPM->size;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, CpHashA->buffer, CpHashA->size);\r
  Buffer += CpHashA->size;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);\r
  Buffer += PolicyRef->size;\r
  \r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));\r
  Buffer += sizeof(UINT32);\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
  Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
\r
  PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
  Buffer += sizeof(UINT16);\r
  PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));\r
  Buffer += sizeof(UINT32);\r
  PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command indicates that the authorization will be limited to a specific command code.\r
\r
  @param[in]  PolicySession      Handle for the policy session being extended.\r
  @param[in]  Code               The allowed commandCode.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicyCommandCode (\r
  IN      TPMI_SH_POLICY            PolicySession,\r
  IN      TPM_CC                    Code\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_COMMAND_CODE_COMMAND  SendBuffer;\r
  TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);\r
\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
  SendBuffer.Code = SwapBytes32 (Code);\r
\r
  SendBufferSize = (UINT32) sizeof (SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  This command returns the current policyDigest of the session. This command allows the TPM\r
  to be used to perform the actions required to precompute the authPolicy for an object.\r
\r
  @param[in]  PolicySession      Handle for the policy session.\r
  @param[out] PolicyHash         the current value of the policyHash of policySession.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2PolicyGetDigest (\r
  IN      TPMI_SH_POLICY            PolicySession,\r
     OUT  TPM2B_DIGEST              *PolicyHash\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_POLICY_GET_DIGEST_COMMAND    SendBuffer;\r
  TPM2_POLICY_GET_DIGEST_RESPONSE   RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);\r
\r
  SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
\r
  SendBufferSize = (UINT32) sizeof (SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
  CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
967eacca JY	1	/** @file\r
	2	Implement TPM2 EnhancedAuthorization related command.\r
	3	\r
	4	Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include <IndustryStandard/UefiTcgPlatform.h>\r
	16	#include <Library/Tpm2CommandLib.h>\r
	17	#include <Library/Tpm2DeviceLib.h>\r
	18	#include <Library/BaseMemoryLib.h>\r
	19	#include <Library/BaseLib.h>\r
	20	#include <Library/DebugLib.h>\r
	21	\r
	22	#pragma pack(1)\r
	23	\r
	24	typedef struct {\r
	25	TPM2_COMMAND_HEADER Header;\r
	26	TPMI_DH_ENTITY AuthHandle;\r
	27	TPMI_SH_POLICY PolicySession;\r
	28	UINT32 AuthSessionSize;\r
	29	TPMS_AUTH_COMMAND AuthSession;\r
	30	TPM2B_NONCE NonceTPM;\r
	31	TPM2B_DIGEST CpHashA;\r
	32	TPM2B_NONCE PolicyRef;\r
	33	INT32 Expiration;\r
	34	} TPM2_POLICY_SECRET_COMMAND;\r
	35	\r
	36	typedef struct {\r
	37	TPM2_RESPONSE_HEADER Header;\r
	38	UINT32 AuthSessionSize;\r
	39	TPM2B_TIMEOUT Timeout;\r
	40	TPMT_TK_AUTH PolicyTicket;\r
	41	TPMS_AUTH_RESPONSE AuthSession;\r
	42	} TPM2_POLICY_SECRET_RESPONSE;\r
	43	\r
	44	typedef struct {\r
	45	TPM2_COMMAND_HEADER Header;\r
	46	TPMI_SH_POLICY PolicySession;\r
	47	TPM_CC Code;\r
	48	} TPM2_POLICY_COMMAND_CODE_COMMAND;\r
	49	\r
	50	typedef struct {\r
	51	TPM2_RESPONSE_HEADER Header;\r
	52	} TPM2_POLICY_COMMAND_CODE_RESPONSE;\r
	53	\r
	54	typedef struct {\r
	55	TPM2_COMMAND_HEADER Header;\r
	56	TPMI_SH_POLICY PolicySession;\r
	57	} TPM2_POLICY_GET_DIGEST_COMMAND;\r
	58	\r
	59	typedef struct {\r
	60	TPM2_RESPONSE_HEADER Header;\r
	61	TPM2B_DIGEST PolicyHash;\r
	62	} TPM2_POLICY_GET_DIGEST_RESPONSE;\r
	63	\r
	64	#pragma pack()\r
65	\r
66	/**\r
67	This command includes a secret-based authorization to a policy.\r
68	The caller proves knowledge of the secret value using an authorization\r
69	session using the authValue associated with authHandle.\r
70	\r
71	@param[in] AuthHandle Handle for an entity providing the authorization\r
72	@param[in] PolicySession Handle for the policy session being extended.\r
73	@param[in] AuthSession Auth Session context\r
74	@param[in] NonceTPM The policy nonce for the session.\r
75	@param[in] CpHashA Digest of the command parameters to which this authorization is limited.\r
76	@param[in] PolicyRef A reference to a policy relating to the authorization.\r
77	@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
78	@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.\r
79	@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.\r
80	\r
81	@retval EFI_SUCCESS Operation completed successfully.\r
82	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
83	**/\r
84	EFI_STATUS\r
85	EFIAPI\r
86	Tpm2PolicySecret (\r
87	IN TPMI_DH_ENTITY AuthHandle,\r
88	IN TPMI_SH_POLICY PolicySession,\r
89	IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
90	IN TPM2B_NONCE *NonceTPM,\r
91	IN TPM2B_DIGEST *CpHashA,\r
92	IN TPM2B_NONCE *PolicyRef,\r
93	IN INT32 Expiration,\r
94	OUT TPM2B_TIMEOUT *Timeout,\r
95	OUT TPMT_TK_AUTH *PolicyTicket\r
96	)\r
97	{\r
98	EFI_STATUS Status;\r
99	TPM2_POLICY_SECRET_COMMAND SendBuffer;\r
100	TPM2_POLICY_SECRET_RESPONSE RecvBuffer;\r
101	UINT32 SendBufferSize;\r
102	UINT32 RecvBufferSize;\r
103	UINT8 *Buffer;\r
104	UINT32 SessionInfoSize;\r
105	\r
106	//\r
107	// Construct command\r
108	//\r
109	SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
110	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);\r
111	SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
112	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
113	\r
114	//\r
115	// Add in Auth session\r
116	//\r
117	Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
118	\r
119	// sessionInfoSize\r
120	SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
121	Buffer += SessionInfoSize;\r
122	SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
123	\r
124	//\r
125	// Real data\r
126	//\r
127	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));\r
128	Buffer += sizeof(UINT16);\r
129	CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);\r
130	Buffer += NonceTPM->size;\r
131	\r
132	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));\r
133	Buffer += sizeof(UINT16);\r
134	CopyMem (Buffer, CpHashA->buffer, CpHashA->size);\r
135	Buffer += CpHashA->size;\r
136	\r
137	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));\r
138	Buffer += sizeof(UINT16);\r
139	CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);\r
140	Buffer += PolicyRef->size;\r
141	\r
142	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));\r
143	Buffer += sizeof(UINT32);\r
144	\r
145	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
146	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
147	\r
148	//\r
149	// send Tpm command\r
150	//\r
151	RecvBufferSize = sizeof (RecvBuffer);\r
152	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
153	if (EFI_ERROR (Status)) {\r
154	return Status;\r
155	}\r
156	\r
157	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
158	DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));\r
159	return EFI_DEVICE_ERROR;\r
160	}\r
161	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
162	DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
163	return EFI_DEVICE_ERROR;\r
164	}\r
165	\r
166	//\r
167	// Return the response\r
168	//\r
169	Buffer = (UINT8 *)&RecvBuffer.Timeout;\r
170	Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
171	Buffer += sizeof(UINT16);\r
172	CopyMem (Timeout->buffer, Buffer, Timeout->size);\r
173	\r
174	PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
175	Buffer += sizeof(UINT16);\r
176	PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));\r
177	Buffer += sizeof(UINT32);\r
178	PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));\r
179	Buffer += sizeof(UINT16);\r
180	CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);\r
181	\r
182	return EFI_SUCCESS;\r
183	}\r
184	\r
185	/**\r
186	This command indicates that the authorization will be limited to a specific command code.\r
187	\r
188	@param[in] PolicySession Handle for the policy session being extended.\r
189	@param[in] Code The allowed commandCode.\r
190	\r
191	@retval EFI_SUCCESS Operation completed successfully.\r
192	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
193	**/\r
194	EFI_STATUS\r
195	EFIAPI\r
196	Tpm2PolicyCommandCode (\r
197	IN TPMI_SH_POLICY PolicySession,\r
198	IN TPM_CC Code\r
199	)\r
200	{\r
201	EFI_STATUS Status;\r
202	TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;\r
203	TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;\r
204	UINT32 SendBufferSize;\r
205	UINT32 RecvBufferSize;\r
206	\r
207	//\r
208	// Construct command\r
209	//\r
210	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
211	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);\r
212	\r
213	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
214	SendBuffer.Code = SwapBytes32 (Code);\r
215	\r
216	SendBufferSize = (UINT32) sizeof (SendBuffer);\r
217	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
218	\r
219	//\r
220	// send Tpm command\r
221	//\r
222	RecvBufferSize = sizeof (RecvBuffer);\r
223	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
224	if (EFI_ERROR (Status)) {\r
225	return Status;\r
226	}\r
227	\r
228	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
229	DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));\r
230	return EFI_DEVICE_ERROR;\r
231	}\r
232	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
233	DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
234	return EFI_DEVICE_ERROR;\r
235	}\r
236	\r
237	return EFI_SUCCESS;\r
238	}\r
239	\r
240	/**\r
241	This command returns the current policyDigest of the session. This command allows the TPM\r
242	to be used to perform the actions required to precompute the authPolicy for an object.\r
243	\r
244	@param[in] PolicySession Handle for the policy session.\r
245	@param[out] PolicyHash the current value of the policyHash of policySession.\r
246	\r
247	@retval EFI_SUCCESS Operation completed successfully.\r
248	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
249	**/\r
250	EFI_STATUS\r
251	EFIAPI\r
252	Tpm2PolicyGetDigest (\r
253	IN TPMI_SH_POLICY PolicySession,\r
254	OUT TPM2B_DIGEST *PolicyHash\r
255	)\r
256	{\r
257	EFI_STATUS Status;\r
258	TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;\r
259	TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;\r
260	UINT32 SendBufferSize;\r
261	UINT32 RecvBufferSize;\r
262	\r
263	//\r
264	// Construct command\r
265	//\r
266	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
267	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);\r
268	\r
269	SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
270	\r
271	SendBufferSize = (UINT32) sizeof (SendBuffer);\r
272	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
273	\r
274	//\r
275	// send Tpm command\r
276	//\r
277	RecvBufferSize = sizeof (RecvBuffer);\r
278	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
279	if (EFI_ERROR (Status)) {\r
280	return Status;\r
281	}\r
282	\r
283	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
284	DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));\r
285	return EFI_DEVICE_ERROR;\r
286	}\r
287	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
288	DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
289	return EFI_DEVICE_ERROR;\r
290	}\r
291	\r
292	//\r
293	// Return the response\r
294	//\r
295	PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);\r
296	CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);\r
297	\r
298	return EFI_SUCCESS;\r
299	}\r