]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Change OPTIONAL keyword usage style
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Hierarchy.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 Hierarchy related command.\r
3\r
b3548d32 4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
289b714b 5SPDX-License-Identifier: BSD-2-Clause-Patent\r
c1d93242
JY		 6\r
7**/\r
8\r
9#include <IndustryStandard/UefiTcgPlatform.h>\r
10#include <Library/Tpm2CommandLib.h>\r
11#include <Library/Tpm2DeviceLib.h>\r
12#include <Library/BaseMemoryLib.h>\r
13#include <Library/BaseLib.h>\r
14#include <Library/DebugLib.h>\r
15\r
16#pragma pack(1)\r
17\r
967eacca
JY		 18typedef struct {\r
19 TPM2_COMMAND_HEADER Header;\r
9093fb92 20 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
967eacca
JY		 21 UINT32 AuthSessionSize;\r
22 TPMS_AUTH_COMMAND AuthSession;\r
23 TPM2B_DIGEST AuthPolicy;\r
24 TPMI_ALG_HASH HashAlg;\r
25} TPM2_SET_PRIMARY_POLICY_COMMAND;\r
26\r
27typedef struct {\r
28 TPM2_RESPONSE_HEADER Header;\r
29 UINT32 AuthSessionSize;\r
30 TPMS_AUTH_RESPONSE AuthSession;\r
31} TPM2_SET_PRIMARY_POLICY_RESPONSE;\r
32\r
c1d93242
JY		 33typedef struct {\r
34 TPM2_COMMAND_HEADER Header;\r
35 TPMI_RH_CLEAR AuthHandle;\r
36 UINT32 AuthorizationSize;\r
37 TPMS_AUTH_COMMAND AuthSession;\r
38} TPM2_CLEAR_COMMAND;\r
39\r
40typedef struct {\r
41 TPM2_RESPONSE_HEADER Header;\r
42 UINT32 ParameterSize;\r
43 TPMS_AUTH_RESPONSE AuthSession;\r
44} TPM2_CLEAR_RESPONSE;\r
45\r
46typedef struct {\r
47 TPM2_COMMAND_HEADER Header;\r
48 TPMI_RH_CLEAR AuthHandle;\r
49 UINT32 AuthorizationSize;\r
50 TPMS_AUTH_COMMAND AuthSession;\r
51 TPMI_YES_NO Disable;\r
52} TPM2_CLEAR_CONTROL_COMMAND;\r
53\r
54typedef struct {\r
55 TPM2_RESPONSE_HEADER Header;\r
56 UINT32 ParameterSize;\r
57 TPMS_AUTH_RESPONSE AuthSession;\r
58} TPM2_CLEAR_CONTROL_RESPONSE;\r
59\r
60typedef struct {\r
61 TPM2_COMMAND_HEADER Header;\r
62 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
63 UINT32 AuthorizationSize;\r
64 TPMS_AUTH_COMMAND AuthSession;\r
65 TPM2B_AUTH NewAuth;\r
66} TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r
67\r
68typedef struct {\r
69 TPM2_RESPONSE_HEADER Header;\r
70 UINT32 ParameterSize;\r
71 TPMS_AUTH_RESPONSE AuthSession;\r
72} TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r
73\r
74typedef struct {\r
75 TPM2_COMMAND_HEADER Header;\r
76 TPMI_RH_PLATFORM AuthHandle;\r
77 UINT32 AuthorizationSize;\r
78 TPMS_AUTH_COMMAND AuthSession;\r
79} TPM2_CHANGE_EPS_COMMAND;\r
80\r
81typedef struct {\r
82 TPM2_RESPONSE_HEADER Header;\r
83 UINT32 ParameterSize;\r
84 TPMS_AUTH_RESPONSE AuthSession;\r
85} TPM2_CHANGE_EPS_RESPONSE;\r
86\r
87typedef struct {\r
88 TPM2_COMMAND_HEADER Header;\r
89 TPMI_RH_PLATFORM AuthHandle;\r
90 UINT32 AuthorizationSize;\r
91 TPMS_AUTH_COMMAND AuthSession;\r
92} TPM2_CHANGE_PPS_COMMAND;\r
93\r
94typedef struct {\r
95 TPM2_RESPONSE_HEADER Header;\r
96 UINT32 ParameterSize;\r
97 TPMS_AUTH_RESPONSE AuthSession;\r
98} TPM2_CHANGE_PPS_RESPONSE;\r
99\r
100typedef struct {\r
101 TPM2_COMMAND_HEADER Header;\r
102 TPMI_RH_HIERARCHY AuthHandle;\r
103 UINT32 AuthorizationSize;\r
104 TPMS_AUTH_COMMAND AuthSession;\r
105 TPMI_RH_HIERARCHY Hierarchy;\r
106 TPMI_YES_NO State;\r
107} TPM2_HIERARCHY_CONTROL_COMMAND;\r
108\r
109typedef struct {\r
110 TPM2_RESPONSE_HEADER Header;\r
111 UINT32 ParameterSize;\r
112 TPMS_AUTH_RESPONSE AuthSession;\r
113} TPM2_HIERARCHY_CONTROL_RESPONSE;\r
114\r
115#pragma pack()\r
116\r
967eacca
JY		 117/**\r
118 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
119 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
120\r
121 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
122 @param[in] AuthSession Auth Session context\r
123 @param[in] AuthPolicy An authorization policy hash\r
124 @param[in] HashAlg The hash algorithm to use for the policy\r
125\r
126 @retval EFI_SUCCESS Operation completed successfully.\r
127 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
128**/\r
129EFI_STATUS\r
130EFIAPI\r
131Tpm2SetPrimaryPolicy (\r
132 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
133 IN TPMS_AUTH_COMMAND *AuthSession,\r
134 IN TPM2B_DIGEST *AuthPolicy,\r
135 IN TPMI_ALG_HASH HashAlg\r
136 )\r
137{\r
138 EFI_STATUS Status;\r
139 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r
140 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r
141 UINT32 SendBufferSize;\r
142 UINT32 RecvBufferSize;\r
143 UINT8 *Buffer;\r
144 UINT32 SessionInfoSize;\r
145\r
146 //\r
147 // Construct command\r
148 //\r
149 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
150 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r
151\r
152 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
153\r
154 //\r
155 // Add in Auth session\r
156 //\r
157 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
158\r
159 // sessionInfoSize\r
160 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
161 Buffer += SessionInfoSize;\r
162 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
163\r
164 //\r
165 // Real data\r
166 //\r
167 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r
168 Buffer += sizeof(UINT16);\r
169 CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r
170 Buffer += AuthPolicy->size;\r
171 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r
172 Buffer += sizeof(UINT16);\r
173\r
174 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
175 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
176\r
177 //\r
178 // send Tpm command\r
179 //\r
180 RecvBufferSize = sizeof (RecvBuffer);\r
181 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
182 if (EFI_ERROR (Status)) {\r
7ae130da 183 goto Done;\r
967eacca
JY		 184 }\r
185\r
186 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 187 DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 188 Status = EFI_DEVICE_ERROR;\r
189 goto Done;\r
967eacca
JY		 190 }\r
191 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 192 DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
7ae130da
JY		 193 Status = EFI_DEVICE_ERROR;\r
194 goto Done;\r
967eacca
JY		 195 }\r
196\r
7ae130da
JY		 197Done:\r
198 //\r
199 // Clear AuthSession Content\r
200 //\r
201 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
202 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
203 return Status;\r
967eacca
JY		 204}\r
205\r
c1d93242
JY		 206/**\r
207 This command removes all TPM context associated with a specific Owner.\r
208\r
209 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
210 @param[in] AuthSession Auth Session context\r
b3548d32 211\r
c1d93242
JY		 212 @retval EFI_SUCCESS Operation completed successfully.\r
213 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
214**/\r
215EFI_STATUS\r
216EFIAPI\r
217Tpm2Clear (\r
218 IN TPMI_RH_CLEAR AuthHandle,\r
219 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
220 )\r
221{\r
222 EFI_STATUS Status;\r
223 TPM2_CLEAR_COMMAND Cmd;\r
224 TPM2_CLEAR_RESPONSE Res;\r
225 UINT32 ResultBufSize;\r
226 UINT32 CmdSize;\r
227 UINT32 RespSize;\r
228 UINT8 *Buffer;\r
229 UINT32 SessionInfoSize;\r
230\r
231 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
232 Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);\r
233 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
234\r
235 //\r
236 // Add in Auth session\r
237 //\r
238 Buffer = (UINT8 *)&Cmd.AuthSession;\r
239\r
240 // sessionInfoSize\r
241 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
242 Buffer += SessionInfoSize;\r
243 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
244\r
245 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
246 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
247\r
248 ResultBufSize = sizeof(Res);\r
249 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
250 if (EFI_ERROR(Status)) {\r
7ae130da 251 goto Done;\r
c1d93242
JY		 252 }\r
253\r
254 if (ResultBufSize > sizeof(Res)) {\r
e905fbb0 255 DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 256 Status = EFI_BUFFER_TOO_SMALL;\r
257 goto Done;\r
c1d93242
JY		 258 }\r
259\r
260 //\r
261 // Validate response headers\r
262 //\r
263 RespSize = SwapBytes32(Res.Header.paramSize);\r
264 if (RespSize > sizeof(Res)) {\r
e905fbb0 265 DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 266 Status = EFI_BUFFER_TOO_SMALL;\r
267 goto Done;\r
c1d93242
JY		 268 }\r
269\r
270 //\r
271 // Fail if command failed\r
272 //\r
273 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 274 DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 275 Status = EFI_DEVICE_ERROR;\r
276 goto Done;\r
c1d93242
JY		 277 }\r
278\r
279 //\r
280 // Unmarshal the response\r
281 //\r
282\r
283 // None\r
7ae130da
JY		 284Done:\r
285 //\r
286 // Clear AuthSession Content\r
287 //\r
288 ZeroMem (&Cmd, sizeof(Cmd));\r
289 ZeroMem (&Res, sizeof(Res));\r
290 return Status;\r
c1d93242
JY		 291}\r
292\r
293/**\r
294 Disables and enables the execution of TPM2_Clear().\r
295\r
296 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
297 @param[in] AuthSession Auth Session context\r
298 @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r
299 NO if the flag is to be CLEAR.\r
300\r
301 @retval EFI_SUCCESS Operation completed successfully.\r
302 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
303**/\r
304EFI_STATUS\r
305EFIAPI\r
306Tpm2ClearControl (\r
307 IN TPMI_RH_CLEAR AuthHandle,\r
12710fe9 308 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
c1d93242
JY		 309 IN TPMI_YES_NO Disable\r
310 )\r
311{\r
312 EFI_STATUS Status;\r
313 TPM2_CLEAR_CONTROL_COMMAND Cmd;\r
314 TPM2_CLEAR_CONTROL_RESPONSE Res;\r
315 UINT32 ResultBufSize;\r
316 UINT32 CmdSize;\r
317 UINT32 RespSize;\r
318 UINT8 *Buffer;\r
319 UINT32 SessionInfoSize;\r
320\r
321 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
322 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);\r
323 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
324\r
325 //\r
326 // Add in Auth session\r
327 //\r
328 Buffer = (UINT8 *)&Cmd.AuthSession;\r
329\r
330 // sessionInfoSize\r
331 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
332 Buffer += SessionInfoSize;\r
333 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
334\r
335 // disable\r
336 *(UINT8 *)Buffer = Disable;\r
58dbfc3c 337 Buffer++;\r
c1d93242
JY		 338\r
339 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
340 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
341\r
342 ResultBufSize = sizeof(Res);\r
343 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
344 if (EFI_ERROR(Status)) {\r
7ae130da 345 goto Done;\r
c1d93242
JY		 346 }\r
347\r
348 if (ResultBufSize > sizeof(Res)) {\r
e905fbb0 349 DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 350 Status = EFI_BUFFER_TOO_SMALL;\r
351 goto Done;\r
c1d93242
JY		 352 }\r
353\r
354 //\r
355 // Validate response headers\r
356 //\r
357 RespSize = SwapBytes32(Res.Header.paramSize);\r
358 if (RespSize > sizeof(Res)) {\r
e905fbb0 359 DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 360 Status = EFI_BUFFER_TOO_SMALL;\r
361 goto Done;\r
c1d93242
JY		 362 }\r
363\r
364 //\r
365 // Fail if command failed\r
366 //\r
367 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 368 DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 369 Status = EFI_DEVICE_ERROR;\r
370 goto Done;\r
c1d93242
JY		 371 }\r
372\r
373 //\r
374 // Unmarshal the response\r
375 //\r
376\r
377 // None\r
7ae130da
JY		 378Done:\r
379 //\r
380 // Clear AuthSession Content\r
381 //\r
382 ZeroMem (&Cmd, sizeof(Cmd));\r
383 ZeroMem (&Res, sizeof(Res));\r
384 return Status;\r
c1d93242
JY		 385}\r
386\r
387/**\r
388 This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r
389 authorization value as the command authorization.\r
390\r
391 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
392 @param[in] AuthSession Auth Session context\r
393 @param[in] NewAuth New authorization secret\r
394\r
395 @retval EFI_SUCCESS Operation completed successfully.\r
396 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
397**/\r
398EFI_STATUS\r
399EFIAPI\r
400Tpm2HierarchyChangeAuth (\r
401 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
402 IN TPMS_AUTH_COMMAND *AuthSession,\r
403 IN TPM2B_AUTH *NewAuth\r
404 )\r
405{\r
406 EFI_STATUS Status;\r
407 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r
408 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r
409 UINT32 CmdSize;\r
410 UINT32 RespSize;\r
411 UINT8 *Buffer;\r
412 UINT32 SessionInfoSize;\r
413 UINT8 *ResultBuf;\r
414 UINT32 ResultBufSize;\r
415\r
416 //\r
417 // Construct command\r
418 //\r
419 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
420 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
421 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);\r
422 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
423\r
424 //\r
425 // Add in Auth session\r
426 //\r
427 Buffer = (UINT8 *)&Cmd.AuthSession;\r
428\r
429 // sessionInfoSize\r
430 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
431 Buffer += SessionInfoSize;\r
432 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
433\r
434 // New Authorization size\r
435 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));\r
436 Buffer += sizeof(UINT16);\r
437\r
d6b926e7 438 // New Authorization\r
c1d93242
JY		 439 CopyMem(Buffer, NewAuth->buffer, NewAuth->size);\r
440 Buffer += NewAuth->size;\r
441\r
442 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
443 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
444\r
445 ResultBuf = (UINT8 *) &Res;\r
446 ResultBufSize = sizeof(Res);\r
447\r
448 //\r
449 // Call the TPM\r
450 //\r
451 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 452 CmdSize,\r
453 (UINT8 *)&Cmd,\r
c1d93242
JY		 454 &ResultBufSize,\r
455 ResultBuf\r
456 );\r
7ae130da
JY		 457 if (EFI_ERROR(Status)) {\r
458 goto Done;\r
459 }\r
c1d93242
JY		 460\r
461 if (ResultBufSize > sizeof(Res)) {\r
e905fbb0 462 DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 463 Status = EFI_BUFFER_TOO_SMALL;\r
464 goto Done;\r
c1d93242
JY		 465 }\r
466\r
467 //\r
468 // Validate response headers\r
469 //\r
470 RespSize = SwapBytes32(Res.Header.paramSize);\r
471 if (RespSize > sizeof(Res)) {\r
e905fbb0 472 DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 473 Status = EFI_BUFFER_TOO_SMALL;\r
474 goto Done;\r
c1d93242
JY		 475 }\r
476\r
477 //\r
478 // Fail if command failed\r
479 //\r
480 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 481 DEBUG((DEBUG_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 482 Status = EFI_DEVICE_ERROR;\r
483 goto Done;\r
c1d93242
JY		 484 }\r
485\r
7ae130da
JY		 486Done:\r
487 //\r
488 // Clear AuthSession Content\r
489 //\r
490 ZeroMem (&Cmd, sizeof(Cmd));\r
491 ZeroMem (&Res, sizeof(Res));\r
492 return Status;\r
c1d93242
JY		 493}\r
494\r
495/**\r
496 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r
497 their default initialization values.\r
498\r
499 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
500 @param[in] AuthSession Auth Session context\r
501\r
502 @retval EFI_SUCCESS Operation completed successfully.\r
503 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
504**/\r
505EFI_STATUS\r
506EFIAPI\r
507Tpm2ChangeEPS (\r
508 IN TPMI_RH_PLATFORM AuthHandle,\r
509 IN TPMS_AUTH_COMMAND *AuthSession\r
510 )\r
511{\r
512 EFI_STATUS Status;\r
513 TPM2_CHANGE_EPS_COMMAND Cmd;\r
514 TPM2_CHANGE_EPS_RESPONSE Res;\r
515 UINT32 CmdSize;\r
516 UINT32 RespSize;\r
517 UINT8 *Buffer;\r
518 UINT32 SessionInfoSize;\r
519 UINT8 *ResultBuf;\r
520 UINT32 ResultBufSize;\r
521\r
522 //\r
523 // Construct command\r
524 //\r
525 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
526 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
527 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);\r
528 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
529\r
530 //\r
531 // Add in Auth session\r
532 //\r
533 Buffer = (UINT8 *)&Cmd.AuthSession;\r
534\r
535 // sessionInfoSize\r
536 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
537 Buffer += SessionInfoSize;\r
538 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
539\r
540 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
541 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
542\r
543 ResultBuf = (UINT8 *) &Res;\r
544 ResultBufSize = sizeof(Res);\r
545\r
546 //\r
547 // Call the TPM\r
548 //\r
549 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 550 CmdSize,\r
551 (UINT8 *)&Cmd,\r
c1d93242
JY		 552 &ResultBufSize,\r
553 ResultBuf\r
554 );\r
7ae130da
JY		 555 if (EFI_ERROR(Status)) {\r
556 goto Done;\r
557 }\r
c1d93242
JY		 558\r
559 if (ResultBufSize > sizeof(Res)) {\r
e905fbb0 560 DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 561 Status = EFI_BUFFER_TOO_SMALL;\r
562 goto Done;\r
c1d93242
JY		 563 }\r
564\r
565 //\r
566 // Validate response headers\r
567 //\r
568 RespSize = SwapBytes32(Res.Header.paramSize);\r
569 if (RespSize > sizeof(Res)) {\r
e905fbb0 570 DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 571 Status = EFI_BUFFER_TOO_SMALL;\r
572 goto Done;\r
c1d93242
JY		 573 }\r
574\r
575 //\r
576 // Fail if command failed\r
577 //\r
578 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 579 DEBUG((DEBUG_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 580 Status = EFI_DEVICE_ERROR;\r
581 goto Done;\r
c1d93242
JY		 582 }\r
583\r
7ae130da
JY		 584Done:\r
585 //\r
586 // Clear AuthSession Content\r
587 //\r
588 ZeroMem (&Cmd, sizeof(Cmd));\r
589 ZeroMem (&Res, sizeof(Res));\r
590 return Status;\r
c1d93242
JY		 591}\r
592\r
593/**\r
594 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r
595 initialization value (the Empty Buffer).\r
596\r
597 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
598 @param[in] AuthSession Auth Session context\r
599\r
600 @retval EFI_SUCCESS Operation completed successfully.\r
601 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
602**/\r
603EFI_STATUS\r
604EFIAPI\r
605Tpm2ChangePPS (\r
606 IN TPMI_RH_PLATFORM AuthHandle,\r
607 IN TPMS_AUTH_COMMAND *AuthSession\r
608 )\r
609{\r
610 EFI_STATUS Status;\r
611 TPM2_CHANGE_PPS_COMMAND Cmd;\r
612 TPM2_CHANGE_PPS_RESPONSE Res;\r
613 UINT32 CmdSize;\r
614 UINT32 RespSize;\r
615 UINT8 *Buffer;\r
616 UINT32 SessionInfoSize;\r
617 UINT8 *ResultBuf;\r
618 UINT32 ResultBufSize;\r
619\r
620 //\r
621 // Construct command\r
622 //\r
623 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
624 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
625 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);\r
626 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
627\r
628 //\r
629 // Add in Auth session\r
630 //\r
631 Buffer = (UINT8 *)&Cmd.AuthSession;\r
632\r
633 // sessionInfoSize\r
634 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
635 Buffer += SessionInfoSize;\r
636 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
637\r
638 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
639 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
640\r
641 ResultBuf = (UINT8 *) &Res;\r
642 ResultBufSize = sizeof(Res);\r
643\r
644 //\r
645 // Call the TPM\r
646 //\r
647 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 648 CmdSize,\r
649 (UINT8 *)&Cmd,\r
c1d93242
JY		 650 &ResultBufSize,\r
651 ResultBuf\r
652 );\r
7ae130da
JY		 653 if (EFI_ERROR(Status)) {\r
654 goto Done;\r
655 }\r
c1d93242
JY		 656\r
657 if (ResultBufSize > sizeof(Res)) {\r
e905fbb0 658 DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 659 Status = EFI_BUFFER_TOO_SMALL;\r
660 goto Done;\r
c1d93242
JY		 661 }\r
662\r
663 //\r
664 // Validate response headers\r
665 //\r
666 RespSize = SwapBytes32(Res.Header.paramSize);\r
667 if (RespSize > sizeof(Res)) {\r
e905fbb0 668 DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 669 Status = EFI_BUFFER_TOO_SMALL;\r
670 goto Done;\r
c1d93242
JY		 671 }\r
672\r
673 //\r
674 // Fail if command failed\r
675 //\r
676 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 677 DEBUG((DEBUG_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 678 Status = EFI_DEVICE_ERROR;\r
679 goto Done;\r
c1d93242
JY		 680 }\r
681\r
7ae130da
JY		 682Done:\r
683 //\r
684 // Clear AuthSession Content\r
685 //\r
686 ZeroMem (&Cmd, sizeof(Cmd));\r
687 ZeroMem (&Res, sizeof(Res));\r
688 return Status;\r
c1d93242
JY		 689}\r
690\r
691/**\r
692 This command enables and disables use of a hierarchy.\r
693\r
694 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
695 @param[in] AuthSession Auth Session context\r
696 @param[in] Hierarchy Hierarchy of the enable being modified\r
697 @param[in] State YES if the enable should be SET,\r
698 NO if the enable should be CLEAR\r
699\r
700 @retval EFI_SUCCESS Operation completed successfully.\r
701 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
702**/\r
703EFI_STATUS\r
704EFIAPI\r
705Tpm2HierarchyControl (\r
706 IN TPMI_RH_HIERARCHY AuthHandle,\r
707 IN TPMS_AUTH_COMMAND *AuthSession,\r
708 IN TPMI_RH_HIERARCHY Hierarchy,\r
709 IN TPMI_YES_NO State\r
710 )\r
711{\r
712 EFI_STATUS Status;\r
713 TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r
714 TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r
715 UINT32 CmdSize;\r
716 UINT32 RespSize;\r
717 UINT8 *Buffer;\r
718 UINT32 SessionInfoSize;\r
719 UINT8 *ResultBuf;\r
720 UINT32 ResultBufSize;\r
721\r
722 //\r
723 // Construct command\r
724 //\r
725 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
726 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
727 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);\r
728 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
729\r
730 //\r
731 // Add in Auth session\r
732 //\r
733 Buffer = (UINT8 *)&Cmd.AuthSession;\r
734\r
735 // sessionInfoSize\r
736 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
737 Buffer += SessionInfoSize;\r
738 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
739\r
740 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));\r
741 Buffer += sizeof(UINT32);\r
742\r
743 *(UINT8 *)Buffer = State;\r
58dbfc3c 744 Buffer++;\r
c1d93242
JY		 745\r
746 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
747 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
748\r
749 ResultBuf = (UINT8 *) &Res;\r
750 ResultBufSize = sizeof(Res);\r
751\r
752 //\r
753 // Call the TPM\r
754 //\r
755 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 756 CmdSize,\r
757 (UINT8 *)&Cmd,\r
c1d93242
JY		 758 &ResultBufSize,\r
759 ResultBuf\r
760 );\r
7ae130da
JY		 761 if (EFI_ERROR(Status)) {\r
762 goto Done;\r
763 }\r
c1d93242
JY		 764\r
765 if (ResultBufSize > sizeof(Res)) {\r
e905fbb0 766 DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 767 Status = EFI_BUFFER_TOO_SMALL;\r
768 goto Done;\r
c1d93242
JY		 769 }\r
770\r
771 //\r
772 // Validate response headers\r
773 //\r
774 RespSize = SwapBytes32(Res.Header.paramSize);\r
775 if (RespSize > sizeof(Res)) {\r
e905fbb0 776 DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 777 Status = EFI_BUFFER_TOO_SMALL;\r
778 goto Done;\r
c1d93242
JY		 779 }\r
780\r
781 //\r
782 // Fail if command failed\r
783 //\r
784 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0 785 DEBUG((DEBUG_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 786 Status = EFI_DEVICE_ERROR;\r
787 goto Done;\r
c1d93242
JY		 788 }\r
789\r
7ae130da
JY		 790Done:\r
791 //\r
792 // Clear AuthSession Content\r
793 //\r
794 ZeroMem (&Cmd, sizeof(Cmd));\r
795 ZeroMem (&Res, sizeof(Res));\r
796 return Status;\r
c1d93242 797}\r
EFI Development Kit II mirror for PVE