]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | Implement TPM2 Hierarchy related command.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
c1d93242 JY |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include <IndustryStandard/UefiTcgPlatform.h>\r | |
10 | #include <Library/Tpm2CommandLib.h>\r | |
11 | #include <Library/Tpm2DeviceLib.h>\r | |
12 | #include <Library/BaseMemoryLib.h>\r | |
13 | #include <Library/BaseLib.h>\r | |
14 | #include <Library/DebugLib.h>\r | |
15 | \r | |
16 | #pragma pack(1)\r | |
17 | \r | |
967eacca JY |
18 | typedef struct {\r |
19 | TPM2_COMMAND_HEADER Header;\r | |
9093fb92 | 20 | TPMI_RH_HIERARCHY_AUTH AuthHandle;\r |
967eacca JY |
21 | UINT32 AuthSessionSize;\r |
22 | TPMS_AUTH_COMMAND AuthSession;\r | |
23 | TPM2B_DIGEST AuthPolicy;\r | |
24 | TPMI_ALG_HASH HashAlg;\r | |
25 | } TPM2_SET_PRIMARY_POLICY_COMMAND;\r | |
26 | \r | |
27 | typedef struct {\r | |
28 | TPM2_RESPONSE_HEADER Header;\r | |
29 | UINT32 AuthSessionSize;\r | |
30 | TPMS_AUTH_RESPONSE AuthSession;\r | |
31 | } TPM2_SET_PRIMARY_POLICY_RESPONSE;\r | |
32 | \r | |
c1d93242 JY |
33 | typedef struct {\r |
34 | TPM2_COMMAND_HEADER Header;\r | |
35 | TPMI_RH_CLEAR AuthHandle;\r | |
36 | UINT32 AuthorizationSize;\r | |
37 | TPMS_AUTH_COMMAND AuthSession;\r | |
38 | } TPM2_CLEAR_COMMAND;\r | |
39 | \r | |
40 | typedef struct {\r | |
41 | TPM2_RESPONSE_HEADER Header;\r | |
42 | UINT32 ParameterSize;\r | |
43 | TPMS_AUTH_RESPONSE AuthSession;\r | |
44 | } TPM2_CLEAR_RESPONSE;\r | |
45 | \r | |
46 | typedef struct {\r | |
47 | TPM2_COMMAND_HEADER Header;\r | |
48 | TPMI_RH_CLEAR AuthHandle;\r | |
49 | UINT32 AuthorizationSize;\r | |
50 | TPMS_AUTH_COMMAND AuthSession;\r | |
51 | TPMI_YES_NO Disable;\r | |
52 | } TPM2_CLEAR_CONTROL_COMMAND;\r | |
53 | \r | |
54 | typedef struct {\r | |
55 | TPM2_RESPONSE_HEADER Header;\r | |
56 | UINT32 ParameterSize;\r | |
57 | TPMS_AUTH_RESPONSE AuthSession;\r | |
58 | } TPM2_CLEAR_CONTROL_RESPONSE;\r | |
59 | \r | |
60 | typedef struct {\r | |
61 | TPM2_COMMAND_HEADER Header;\r | |
62 | TPMI_RH_HIERARCHY_AUTH AuthHandle;\r | |
63 | UINT32 AuthorizationSize;\r | |
64 | TPMS_AUTH_COMMAND AuthSession;\r | |
65 | TPM2B_AUTH NewAuth;\r | |
66 | } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r | |
67 | \r | |
68 | typedef struct {\r | |
69 | TPM2_RESPONSE_HEADER Header;\r | |
70 | UINT32 ParameterSize;\r | |
71 | TPMS_AUTH_RESPONSE AuthSession;\r | |
72 | } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r | |
73 | \r | |
74 | typedef struct {\r | |
75 | TPM2_COMMAND_HEADER Header;\r | |
76 | TPMI_RH_PLATFORM AuthHandle;\r | |
77 | UINT32 AuthorizationSize;\r | |
78 | TPMS_AUTH_COMMAND AuthSession;\r | |
79 | } TPM2_CHANGE_EPS_COMMAND;\r | |
80 | \r | |
81 | typedef struct {\r | |
82 | TPM2_RESPONSE_HEADER Header;\r | |
83 | UINT32 ParameterSize;\r | |
84 | TPMS_AUTH_RESPONSE AuthSession;\r | |
85 | } TPM2_CHANGE_EPS_RESPONSE;\r | |
86 | \r | |
87 | typedef struct {\r | |
88 | TPM2_COMMAND_HEADER Header;\r | |
89 | TPMI_RH_PLATFORM AuthHandle;\r | |
90 | UINT32 AuthorizationSize;\r | |
91 | TPMS_AUTH_COMMAND AuthSession;\r | |
92 | } TPM2_CHANGE_PPS_COMMAND;\r | |
93 | \r | |
94 | typedef struct {\r | |
95 | TPM2_RESPONSE_HEADER Header;\r | |
96 | UINT32 ParameterSize;\r | |
97 | TPMS_AUTH_RESPONSE AuthSession;\r | |
98 | } TPM2_CHANGE_PPS_RESPONSE;\r | |
99 | \r | |
100 | typedef struct {\r | |
101 | TPM2_COMMAND_HEADER Header;\r | |
102 | TPMI_RH_HIERARCHY AuthHandle;\r | |
103 | UINT32 AuthorizationSize;\r | |
104 | TPMS_AUTH_COMMAND AuthSession;\r | |
105 | TPMI_RH_HIERARCHY Hierarchy;\r | |
106 | TPMI_YES_NO State;\r | |
107 | } TPM2_HIERARCHY_CONTROL_COMMAND;\r | |
108 | \r | |
109 | typedef struct {\r | |
110 | TPM2_RESPONSE_HEADER Header;\r | |
111 | UINT32 ParameterSize;\r | |
112 | TPMS_AUTH_RESPONSE AuthSession;\r | |
113 | } TPM2_HIERARCHY_CONTROL_RESPONSE;\r | |
114 | \r | |
115 | #pragma pack()\r | |
116 | \r | |
967eacca JY |
117 | /**\r |
118 | This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r | |
119 | storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r | |
120 | \r | |
121 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r | |
122 | @param[in] AuthSession Auth Session context\r | |
123 | @param[in] AuthPolicy An authorization policy hash\r | |
124 | @param[in] HashAlg The hash algorithm to use for the policy\r | |
125 | \r | |
126 | @retval EFI_SUCCESS Operation completed successfully.\r | |
127 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
128 | **/\r | |
129 | EFI_STATUS\r | |
130 | EFIAPI\r | |
131 | Tpm2SetPrimaryPolicy (\r | |
132 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
133 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
134 | IN TPM2B_DIGEST *AuthPolicy,\r | |
135 | IN TPMI_ALG_HASH HashAlg\r | |
136 | )\r | |
137 | {\r | |
138 | EFI_STATUS Status;\r | |
139 | TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r | |
140 | TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r | |
141 | UINT32 SendBufferSize;\r | |
142 | UINT32 RecvBufferSize;\r | |
143 | UINT8 *Buffer;\r | |
144 | UINT32 SessionInfoSize;\r | |
145 | \r | |
146 | //\r | |
147 | // Construct command\r | |
148 | //\r | |
149 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
150 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r | |
151 | \r | |
152 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
153 | \r | |
154 | //\r | |
155 | // Add in Auth session\r | |
156 | //\r | |
157 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
158 | \r | |
159 | // sessionInfoSize\r | |
160 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
161 | Buffer += SessionInfoSize;\r | |
162 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
163 | \r | |
164 | //\r | |
165 | // Real data\r | |
166 | //\r | |
167 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r | |
168 | Buffer += sizeof(UINT16);\r | |
169 | CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r | |
170 | Buffer += AuthPolicy->size;\r | |
171 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r | |
172 | Buffer += sizeof(UINT16);\r | |
173 | \r | |
174 | SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r | |
175 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
176 | \r | |
177 | //\r | |
178 | // send Tpm command\r | |
179 | //\r | |
180 | RecvBufferSize = sizeof (RecvBuffer);\r | |
181 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
182 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 183 | goto Done;\r |
967eacca JY |
184 | }\r |
185 | \r | |
186 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 187 | DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
188 | Status = EFI_DEVICE_ERROR;\r |
189 | goto Done;\r | |
967eacca JY |
190 | }\r |
191 | if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 192 | DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
7ae130da JY |
193 | Status = EFI_DEVICE_ERROR;\r |
194 | goto Done;\r | |
967eacca JY |
195 | }\r |
196 | \r | |
7ae130da JY |
197 | Done:\r |
198 | //\r | |
199 | // Clear AuthSession Content\r | |
200 | //\r | |
201 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
202 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
203 | return Status;\r | |
967eacca JY |
204 | }\r |
205 | \r | |
c1d93242 JY |
206 | /**\r |
207 | This command removes all TPM context associated with a specific Owner.\r | |
208 | \r | |
209 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
210 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 211 | \r |
c1d93242 JY |
212 | @retval EFI_SUCCESS Operation completed successfully.\r |
213 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
214 | **/\r | |
215 | EFI_STATUS\r | |
216 | EFIAPI\r | |
217 | Tpm2Clear (\r | |
218 | IN TPMI_RH_CLEAR AuthHandle,\r | |
219 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
220 | )\r | |
221 | {\r | |
222 | EFI_STATUS Status;\r | |
223 | TPM2_CLEAR_COMMAND Cmd;\r | |
224 | TPM2_CLEAR_RESPONSE Res;\r | |
225 | UINT32 ResultBufSize;\r | |
226 | UINT32 CmdSize;\r | |
227 | UINT32 RespSize;\r | |
228 | UINT8 *Buffer;\r | |
229 | UINT32 SessionInfoSize;\r | |
230 | \r | |
231 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
232 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);\r | |
233 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
234 | \r | |
235 | //\r | |
236 | // Add in Auth session\r | |
237 | //\r | |
238 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
239 | \r | |
240 | // sessionInfoSize\r | |
241 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
242 | Buffer += SessionInfoSize;\r | |
243 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
244 | \r | |
245 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
246 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
247 | \r | |
248 | ResultBufSize = sizeof(Res);\r | |
249 | Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r | |
250 | if (EFI_ERROR(Status)) {\r | |
7ae130da | 251 | goto Done;\r |
c1d93242 JY |
252 | }\r |
253 | \r | |
254 | if (ResultBufSize > sizeof(Res)) {\r | |
e905fbb0 | 255 | DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
256 | Status = EFI_BUFFER_TOO_SMALL;\r |
257 | goto Done;\r | |
c1d93242 JY |
258 | }\r |
259 | \r | |
260 | //\r | |
261 | // Validate response headers\r | |
262 | //\r | |
263 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
264 | if (RespSize > sizeof(Res)) {\r | |
e905fbb0 | 265 | DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
266 | Status = EFI_BUFFER_TOO_SMALL;\r |
267 | goto Done;\r | |
c1d93242 JY |
268 | }\r |
269 | \r | |
270 | //\r | |
271 | // Fail if command failed\r | |
272 | //\r | |
273 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 274 | DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r |
7ae130da JY |
275 | Status = EFI_DEVICE_ERROR;\r |
276 | goto Done;\r | |
c1d93242 JY |
277 | }\r |
278 | \r | |
279 | //\r | |
280 | // Unmarshal the response\r | |
281 | //\r | |
282 | \r | |
283 | // None\r | |
7ae130da JY |
284 | Done:\r |
285 | //\r | |
286 | // Clear AuthSession Content\r | |
287 | //\r | |
288 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
289 | ZeroMem (&Res, sizeof(Res));\r | |
290 | return Status;\r | |
c1d93242 JY |
291 | }\r |
292 | \r | |
293 | /**\r | |
294 | Disables and enables the execution of TPM2_Clear().\r | |
295 | \r | |
296 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
297 | @param[in] AuthSession Auth Session context\r | |
298 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
299 | NO if the flag is to be CLEAR.\r | |
300 | \r | |
301 | @retval EFI_SUCCESS Operation completed successfully.\r | |
302 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
303 | **/\r | |
304 | EFI_STATUS\r | |
305 | EFIAPI\r | |
306 | Tpm2ClearControl (\r | |
307 | IN TPMI_RH_CLEAR AuthHandle,\r | |
12710fe9 | 308 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r |
c1d93242 JY |
309 | IN TPMI_YES_NO Disable\r |
310 | )\r | |
311 | {\r | |
312 | EFI_STATUS Status;\r | |
313 | TPM2_CLEAR_CONTROL_COMMAND Cmd;\r | |
314 | TPM2_CLEAR_CONTROL_RESPONSE Res;\r | |
315 | UINT32 ResultBufSize;\r | |
316 | UINT32 CmdSize;\r | |
317 | UINT32 RespSize;\r | |
318 | UINT8 *Buffer;\r | |
319 | UINT32 SessionInfoSize;\r | |
320 | \r | |
321 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
322 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);\r | |
323 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
324 | \r | |
325 | //\r | |
326 | // Add in Auth session\r | |
327 | //\r | |
328 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
329 | \r | |
330 | // sessionInfoSize\r | |
331 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
332 | Buffer += SessionInfoSize;\r | |
333 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
334 | \r | |
335 | // disable\r | |
336 | *(UINT8 *)Buffer = Disable;\r | |
58dbfc3c | 337 | Buffer++;\r |
c1d93242 JY |
338 | \r |
339 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
340 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
341 | \r | |
342 | ResultBufSize = sizeof(Res);\r | |
343 | Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r | |
344 | if (EFI_ERROR(Status)) {\r | |
7ae130da | 345 | goto Done;\r |
c1d93242 JY |
346 | }\r |
347 | \r | |
348 | if (ResultBufSize > sizeof(Res)) {\r | |
e905fbb0 | 349 | DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
350 | Status = EFI_BUFFER_TOO_SMALL;\r |
351 | goto Done;\r | |
c1d93242 JY |
352 | }\r |
353 | \r | |
354 | //\r | |
355 | // Validate response headers\r | |
356 | //\r | |
357 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
358 | if (RespSize > sizeof(Res)) {\r | |
e905fbb0 | 359 | DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
360 | Status = EFI_BUFFER_TOO_SMALL;\r |
361 | goto Done;\r | |
c1d93242 JY |
362 | }\r |
363 | \r | |
364 | //\r | |
365 | // Fail if command failed\r | |
366 | //\r | |
367 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 368 | DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r |
7ae130da JY |
369 | Status = EFI_DEVICE_ERROR;\r |
370 | goto Done;\r | |
c1d93242 JY |
371 | }\r |
372 | \r | |
373 | //\r | |
374 | // Unmarshal the response\r | |
375 | //\r | |
376 | \r | |
377 | // None\r | |
7ae130da JY |
378 | Done:\r |
379 | //\r | |
380 | // Clear AuthSession Content\r | |
381 | //\r | |
382 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
383 | ZeroMem (&Res, sizeof(Res));\r | |
384 | return Status;\r | |
c1d93242 JY |
385 | }\r |
386 | \r | |
387 | /**\r | |
388 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
389 | authorization value as the command authorization.\r | |
390 | \r | |
391 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
392 | @param[in] AuthSession Auth Session context\r | |
393 | @param[in] NewAuth New authorization secret\r | |
394 | \r | |
395 | @retval EFI_SUCCESS Operation completed successfully.\r | |
396 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
397 | **/\r | |
398 | EFI_STATUS\r | |
399 | EFIAPI\r | |
400 | Tpm2HierarchyChangeAuth (\r | |
401 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r | |
402 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
403 | IN TPM2B_AUTH *NewAuth\r | |
404 | )\r | |
405 | {\r | |
406 | EFI_STATUS Status;\r | |
407 | TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r | |
408 | TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r | |
409 | UINT32 CmdSize;\r | |
410 | UINT32 RespSize;\r | |
411 | UINT8 *Buffer;\r | |
412 | UINT32 SessionInfoSize;\r | |
413 | UINT8 *ResultBuf;\r | |
414 | UINT32 ResultBufSize;\r | |
415 | \r | |
416 | //\r | |
417 | // Construct command\r | |
418 | //\r | |
419 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
420 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
421 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);\r | |
422 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
423 | \r | |
424 | //\r | |
425 | // Add in Auth session\r | |
426 | //\r | |
427 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
428 | \r | |
429 | // sessionInfoSize\r | |
430 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
431 | Buffer += SessionInfoSize;\r | |
432 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
433 | \r | |
434 | // New Authorization size\r | |
435 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));\r | |
436 | Buffer += sizeof(UINT16);\r | |
437 | \r | |
d6b926e7 | 438 | // New Authorization\r |
c1d93242 JY |
439 | CopyMem(Buffer, NewAuth->buffer, NewAuth->size);\r |
440 | Buffer += NewAuth->size;\r | |
441 | \r | |
442 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
443 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
444 | \r | |
445 | ResultBuf = (UINT8 *) &Res;\r | |
446 | ResultBufSize = sizeof(Res);\r | |
447 | \r | |
448 | //\r | |
449 | // Call the TPM\r | |
450 | //\r | |
451 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
452 | CmdSize,\r |
453 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
454 | &ResultBufSize,\r |
455 | ResultBuf\r | |
456 | );\r | |
7ae130da JY |
457 | if (EFI_ERROR(Status)) {\r |
458 | goto Done;\r | |
459 | }\r | |
c1d93242 JY |
460 | \r |
461 | if (ResultBufSize > sizeof(Res)) {\r | |
e905fbb0 | 462 | DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
463 | Status = EFI_BUFFER_TOO_SMALL;\r |
464 | goto Done;\r | |
c1d93242 JY |
465 | }\r |
466 | \r | |
467 | //\r | |
468 | // Validate response headers\r | |
469 | //\r | |
470 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
471 | if (RespSize > sizeof(Res)) {\r | |
e905fbb0 | 472 | DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
473 | Status = EFI_BUFFER_TOO_SMALL;\r |
474 | goto Done;\r | |
c1d93242 JY |
475 | }\r |
476 | \r | |
477 | //\r | |
478 | // Fail if command failed\r | |
479 | //\r | |
480 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 481 | DEBUG((DEBUG_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r |
7ae130da JY |
482 | Status = EFI_DEVICE_ERROR;\r |
483 | goto Done;\r | |
c1d93242 JY |
484 | }\r |
485 | \r | |
7ae130da JY |
486 | Done:\r |
487 | //\r | |
488 | // Clear AuthSession Content\r | |
489 | //\r | |
490 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
491 | ZeroMem (&Res, sizeof(Res));\r | |
492 | return Status;\r | |
c1d93242 JY |
493 | }\r |
494 | \r | |
495 | /**\r | |
496 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
497 | their default initialization values.\r | |
498 | \r | |
499 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
500 | @param[in] AuthSession Auth Session context\r | |
501 | \r | |
502 | @retval EFI_SUCCESS Operation completed successfully.\r | |
503 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
504 | **/\r | |
505 | EFI_STATUS\r | |
506 | EFIAPI\r | |
507 | Tpm2ChangeEPS (\r | |
508 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
509 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
510 | )\r | |
511 | {\r | |
512 | EFI_STATUS Status;\r | |
513 | TPM2_CHANGE_EPS_COMMAND Cmd;\r | |
514 | TPM2_CHANGE_EPS_RESPONSE Res;\r | |
515 | UINT32 CmdSize;\r | |
516 | UINT32 RespSize;\r | |
517 | UINT8 *Buffer;\r | |
518 | UINT32 SessionInfoSize;\r | |
519 | UINT8 *ResultBuf;\r | |
520 | UINT32 ResultBufSize;\r | |
521 | \r | |
522 | //\r | |
523 | // Construct command\r | |
524 | //\r | |
525 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
526 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
527 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);\r | |
528 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
529 | \r | |
530 | //\r | |
531 | // Add in Auth session\r | |
532 | //\r | |
533 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
534 | \r | |
535 | // sessionInfoSize\r | |
536 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
537 | Buffer += SessionInfoSize;\r | |
538 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
539 | \r | |
540 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
541 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
542 | \r | |
543 | ResultBuf = (UINT8 *) &Res;\r | |
544 | ResultBufSize = sizeof(Res);\r | |
545 | \r | |
546 | //\r | |
547 | // Call the TPM\r | |
548 | //\r | |
549 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
550 | CmdSize,\r |
551 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
552 | &ResultBufSize,\r |
553 | ResultBuf\r | |
554 | );\r | |
7ae130da JY |
555 | if (EFI_ERROR(Status)) {\r |
556 | goto Done;\r | |
557 | }\r | |
c1d93242 JY |
558 | \r |
559 | if (ResultBufSize > sizeof(Res)) {\r | |
e905fbb0 | 560 | DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
561 | Status = EFI_BUFFER_TOO_SMALL;\r |
562 | goto Done;\r | |
c1d93242 JY |
563 | }\r |
564 | \r | |
565 | //\r | |
566 | // Validate response headers\r | |
567 | //\r | |
568 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
569 | if (RespSize > sizeof(Res)) {\r | |
e905fbb0 | 570 | DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
571 | Status = EFI_BUFFER_TOO_SMALL;\r |
572 | goto Done;\r | |
c1d93242 JY |
573 | }\r |
574 | \r | |
575 | //\r | |
576 | // Fail if command failed\r | |
577 | //\r | |
578 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 579 | DEBUG((DEBUG_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r |
7ae130da JY |
580 | Status = EFI_DEVICE_ERROR;\r |
581 | goto Done;\r | |
c1d93242 JY |
582 | }\r |
583 | \r | |
7ae130da JY |
584 | Done:\r |
585 | //\r | |
586 | // Clear AuthSession Content\r | |
587 | //\r | |
588 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
589 | ZeroMem (&Res, sizeof(Res));\r | |
590 | return Status;\r | |
c1d93242 JY |
591 | }\r |
592 | \r | |
593 | /**\r | |
594 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
595 | initialization value (the Empty Buffer).\r | |
596 | \r | |
597 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
598 | @param[in] AuthSession Auth Session context\r | |
599 | \r | |
600 | @retval EFI_SUCCESS Operation completed successfully.\r | |
601 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
602 | **/\r | |
603 | EFI_STATUS\r | |
604 | EFIAPI\r | |
605 | Tpm2ChangePPS (\r | |
606 | IN TPMI_RH_PLATFORM AuthHandle,\r | |
607 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
608 | )\r | |
609 | {\r | |
610 | EFI_STATUS Status;\r | |
611 | TPM2_CHANGE_PPS_COMMAND Cmd;\r | |
612 | TPM2_CHANGE_PPS_RESPONSE Res;\r | |
613 | UINT32 CmdSize;\r | |
614 | UINT32 RespSize;\r | |
615 | UINT8 *Buffer;\r | |
616 | UINT32 SessionInfoSize;\r | |
617 | UINT8 *ResultBuf;\r | |
618 | UINT32 ResultBufSize;\r | |
619 | \r | |
620 | //\r | |
621 | // Construct command\r | |
622 | //\r | |
623 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
624 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
625 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);\r | |
626 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
627 | \r | |
628 | //\r | |
629 | // Add in Auth session\r | |
630 | //\r | |
631 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
632 | \r | |
633 | // sessionInfoSize\r | |
634 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
635 | Buffer += SessionInfoSize;\r | |
636 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
637 | \r | |
638 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
639 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
640 | \r | |
641 | ResultBuf = (UINT8 *) &Res;\r | |
642 | ResultBufSize = sizeof(Res);\r | |
643 | \r | |
644 | //\r | |
645 | // Call the TPM\r | |
646 | //\r | |
647 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
648 | CmdSize,\r |
649 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
650 | &ResultBufSize,\r |
651 | ResultBuf\r | |
652 | );\r | |
7ae130da JY |
653 | if (EFI_ERROR(Status)) {\r |
654 | goto Done;\r | |
655 | }\r | |
c1d93242 JY |
656 | \r |
657 | if (ResultBufSize > sizeof(Res)) {\r | |
e905fbb0 | 658 | DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
659 | Status = EFI_BUFFER_TOO_SMALL;\r |
660 | goto Done;\r | |
c1d93242 JY |
661 | }\r |
662 | \r | |
663 | //\r | |
664 | // Validate response headers\r | |
665 | //\r | |
666 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
667 | if (RespSize > sizeof(Res)) {\r | |
e905fbb0 | 668 | DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
669 | Status = EFI_BUFFER_TOO_SMALL;\r |
670 | goto Done;\r | |
c1d93242 JY |
671 | }\r |
672 | \r | |
673 | //\r | |
674 | // Fail if command failed\r | |
675 | //\r | |
676 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 677 | DEBUG((DEBUG_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r |
7ae130da JY |
678 | Status = EFI_DEVICE_ERROR;\r |
679 | goto Done;\r | |
c1d93242 JY |
680 | }\r |
681 | \r | |
7ae130da JY |
682 | Done:\r |
683 | //\r | |
684 | // Clear AuthSession Content\r | |
685 | //\r | |
686 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
687 | ZeroMem (&Res, sizeof(Res));\r | |
688 | return Status;\r | |
c1d93242 JY |
689 | }\r |
690 | \r | |
691 | /**\r | |
692 | This command enables and disables use of a hierarchy.\r | |
693 | \r | |
694 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
695 | @param[in] AuthSession Auth Session context\r | |
696 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
697 | @param[in] State YES if the enable should be SET,\r | |
698 | NO if the enable should be CLEAR\r | |
699 | \r | |
700 | @retval EFI_SUCCESS Operation completed successfully.\r | |
701 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
702 | **/\r | |
703 | EFI_STATUS\r | |
704 | EFIAPI\r | |
705 | Tpm2HierarchyControl (\r | |
706 | IN TPMI_RH_HIERARCHY AuthHandle,\r | |
707 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
708 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
709 | IN TPMI_YES_NO State\r | |
710 | )\r | |
711 | {\r | |
712 | EFI_STATUS Status;\r | |
713 | TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r | |
714 | TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r | |
715 | UINT32 CmdSize;\r | |
716 | UINT32 RespSize;\r | |
717 | UINT8 *Buffer;\r | |
718 | UINT32 SessionInfoSize;\r | |
719 | UINT8 *ResultBuf;\r | |
720 | UINT32 ResultBufSize;\r | |
721 | \r | |
722 | //\r | |
723 | // Construct command\r | |
724 | //\r | |
725 | Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
726 | Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r | |
727 | Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);\r | |
728 | Cmd.AuthHandle = SwapBytes32(AuthHandle);\r | |
729 | \r | |
730 | //\r | |
731 | // Add in Auth session\r | |
732 | //\r | |
733 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
734 | \r | |
735 | // sessionInfoSize\r | |
736 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
737 | Buffer += SessionInfoSize;\r | |
738 | Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r | |
739 | \r | |
740 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));\r | |
741 | Buffer += sizeof(UINT32);\r | |
742 | \r | |
743 | *(UINT8 *)Buffer = State;\r | |
58dbfc3c | 744 | Buffer++;\r |
c1d93242 JY |
745 | \r |
746 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r | |
747 | Cmd.Header.paramSize = SwapBytes32(CmdSize);\r | |
748 | \r | |
749 | ResultBuf = (UINT8 *) &Res;\r | |
750 | ResultBufSize = sizeof(Res);\r | |
751 | \r | |
752 | //\r | |
753 | // Call the TPM\r | |
754 | //\r | |
755 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
756 | CmdSize,\r |
757 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
758 | &ResultBufSize,\r |
759 | ResultBuf\r | |
760 | );\r | |
7ae130da JY |
761 | if (EFI_ERROR(Status)) {\r |
762 | goto Done;\r | |
763 | }\r | |
c1d93242 JY |
764 | \r |
765 | if (ResultBufSize > sizeof(Res)) {\r | |
e905fbb0 | 766 | DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
767 | Status = EFI_BUFFER_TOO_SMALL;\r |
768 | goto Done;\r | |
c1d93242 JY |
769 | }\r |
770 | \r | |
771 | //\r | |
772 | // Validate response headers\r | |
773 | //\r | |
774 | RespSize = SwapBytes32(Res.Header.paramSize);\r | |
775 | if (RespSize > sizeof(Res)) {\r | |
e905fbb0 | 776 | DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
777 | Status = EFI_BUFFER_TOO_SMALL;\r |
778 | goto Done;\r | |
c1d93242 JY |
779 | }\r |
780 | \r | |
781 | //\r | |
782 | // Fail if command failed\r | |
783 | //\r | |
784 | if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 785 | DEBUG((DEBUG_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r |
7ae130da JY |
786 | Status = EFI_DEVICE_ERROR;\r |
787 | goto Done;\r | |
c1d93242 JY |
788 | }\r |
789 | \r | |
7ae130da JY |
790 | Done:\r |
791 | //\r | |
792 | // Clear AuthSession Content\r | |
793 | //\r | |
794 | ZeroMem (&Cmd, sizeof(Cmd));\r | |
795 | ZeroMem (&Res, sizeof(Res));\r | |
796 | return Status;\r | |
c1d93242 | 797 | }\r |