]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Clear AuthSession content after use.
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Hierarchy.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 Hierarchy related command.\r
3\r
7ae130da 4Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
c1d93242
JY		 5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <IndustryStandard/UefiTcgPlatform.h>\r
16#include <Library/Tpm2CommandLib.h>\r
17#include <Library/Tpm2DeviceLib.h>\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21\r
22#pragma pack(1)\r
23\r
967eacca
JY		 24typedef struct {\r
25 TPM2_COMMAND_HEADER Header;\r
9093fb92 26 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
967eacca
JY		 27 UINT32 AuthSessionSize;\r
28 TPMS_AUTH_COMMAND AuthSession;\r
29 TPM2B_DIGEST AuthPolicy;\r
30 TPMI_ALG_HASH HashAlg;\r
31} TPM2_SET_PRIMARY_POLICY_COMMAND;\r
32\r
33typedef struct {\r
34 TPM2_RESPONSE_HEADER Header;\r
35 UINT32 AuthSessionSize;\r
36 TPMS_AUTH_RESPONSE AuthSession;\r
37} TPM2_SET_PRIMARY_POLICY_RESPONSE;\r
38\r
c1d93242
JY		 39typedef struct {\r
40 TPM2_COMMAND_HEADER Header;\r
41 TPMI_RH_CLEAR AuthHandle;\r
42 UINT32 AuthorizationSize;\r
43 TPMS_AUTH_COMMAND AuthSession;\r
44} TPM2_CLEAR_COMMAND;\r
45\r
46typedef struct {\r
47 TPM2_RESPONSE_HEADER Header;\r
48 UINT32 ParameterSize;\r
49 TPMS_AUTH_RESPONSE AuthSession;\r
50} TPM2_CLEAR_RESPONSE;\r
51\r
52typedef struct {\r
53 TPM2_COMMAND_HEADER Header;\r
54 TPMI_RH_CLEAR AuthHandle;\r
55 UINT32 AuthorizationSize;\r
56 TPMS_AUTH_COMMAND AuthSession;\r
57 TPMI_YES_NO Disable;\r
58} TPM2_CLEAR_CONTROL_COMMAND;\r
59\r
60typedef struct {\r
61 TPM2_RESPONSE_HEADER Header;\r
62 UINT32 ParameterSize;\r
63 TPMS_AUTH_RESPONSE AuthSession;\r
64} TPM2_CLEAR_CONTROL_RESPONSE;\r
65\r
66typedef struct {\r
67 TPM2_COMMAND_HEADER Header;\r
68 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
69 UINT32 AuthorizationSize;\r
70 TPMS_AUTH_COMMAND AuthSession;\r
71 TPM2B_AUTH NewAuth;\r
72} TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r
73\r
74typedef struct {\r
75 TPM2_RESPONSE_HEADER Header;\r
76 UINT32 ParameterSize;\r
77 TPMS_AUTH_RESPONSE AuthSession;\r
78} TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r
79\r
80typedef struct {\r
81 TPM2_COMMAND_HEADER Header;\r
82 TPMI_RH_PLATFORM AuthHandle;\r
83 UINT32 AuthorizationSize;\r
84 TPMS_AUTH_COMMAND AuthSession;\r
85} TPM2_CHANGE_EPS_COMMAND;\r
86\r
87typedef struct {\r
88 TPM2_RESPONSE_HEADER Header;\r
89 UINT32 ParameterSize;\r
90 TPMS_AUTH_RESPONSE AuthSession;\r
91} TPM2_CHANGE_EPS_RESPONSE;\r
92\r
93typedef struct {\r
94 TPM2_COMMAND_HEADER Header;\r
95 TPMI_RH_PLATFORM AuthHandle;\r
96 UINT32 AuthorizationSize;\r
97 TPMS_AUTH_COMMAND AuthSession;\r
98} TPM2_CHANGE_PPS_COMMAND;\r
99\r
100typedef struct {\r
101 TPM2_RESPONSE_HEADER Header;\r
102 UINT32 ParameterSize;\r
103 TPMS_AUTH_RESPONSE AuthSession;\r
104} TPM2_CHANGE_PPS_RESPONSE;\r
105\r
106typedef struct {\r
107 TPM2_COMMAND_HEADER Header;\r
108 TPMI_RH_HIERARCHY AuthHandle;\r
109 UINT32 AuthorizationSize;\r
110 TPMS_AUTH_COMMAND AuthSession;\r
111 TPMI_RH_HIERARCHY Hierarchy;\r
112 TPMI_YES_NO State;\r
113} TPM2_HIERARCHY_CONTROL_COMMAND;\r
114\r
115typedef struct {\r
116 TPM2_RESPONSE_HEADER Header;\r
117 UINT32 ParameterSize;\r
118 TPMS_AUTH_RESPONSE AuthSession;\r
119} TPM2_HIERARCHY_CONTROL_RESPONSE;\r
120\r
121#pragma pack()\r
122\r
967eacca
JY		 123/**\r
124 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
125 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
126\r
127 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
128 @param[in] AuthSession Auth Session context\r
129 @param[in] AuthPolicy An authorization policy hash\r
130 @param[in] HashAlg The hash algorithm to use for the policy\r
131\r
132 @retval EFI_SUCCESS Operation completed successfully.\r
133 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
134**/\r
135EFI_STATUS\r
136EFIAPI\r
137Tpm2SetPrimaryPolicy (\r
138 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
139 IN TPMS_AUTH_COMMAND *AuthSession,\r
140 IN TPM2B_DIGEST *AuthPolicy,\r
141 IN TPMI_ALG_HASH HashAlg\r
142 )\r
143{\r
144 EFI_STATUS Status;\r
145 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r
146 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r
147 UINT32 SendBufferSize;\r
148 UINT32 RecvBufferSize;\r
149 UINT8 *Buffer;\r
150 UINT32 SessionInfoSize;\r
151\r
152 //\r
153 // Construct command\r
154 //\r
155 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
156 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r
157\r
158 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
159\r
160 //\r
161 // Add in Auth session\r
162 //\r
163 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
164\r
165 // sessionInfoSize\r
166 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
167 Buffer += SessionInfoSize;\r
168 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
169\r
170 //\r
171 // Real data\r
172 //\r
173 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r
174 Buffer += sizeof(UINT16);\r
175 CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r
176 Buffer += AuthPolicy->size;\r
177 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r
178 Buffer += sizeof(UINT16);\r
179\r
180 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
181 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
182\r
183 //\r
184 // send Tpm command\r
185 //\r
186 RecvBufferSize = sizeof (RecvBuffer);\r
187 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
188 if (EFI_ERROR (Status)) {\r
7ae130da 189 goto Done;\r
967eacca
JY		 190 }\r
191\r
192 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
193 DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 194 Status = EFI_DEVICE_ERROR;\r
195 goto Done;\r
967eacca
JY		 196 }\r
197 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
198 DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
7ae130da
JY		 199 Status = EFI_DEVICE_ERROR;\r
200 goto Done;\r
967eacca
JY		 201 }\r
202\r
7ae130da
JY		 203Done:\r
204 //\r
205 // Clear AuthSession Content\r
206 //\r
207 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
208 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
209 return Status;\r
967eacca
JY		 210}\r
211\r
c1d93242
JY		 212/**\r
213 This command removes all TPM context associated with a specific Owner.\r
214\r
215 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
216 @param[in] AuthSession Auth Session context\r
217 \r
218 @retval EFI_SUCCESS Operation completed successfully.\r
219 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
220**/\r
221EFI_STATUS\r
222EFIAPI\r
223Tpm2Clear (\r
224 IN TPMI_RH_CLEAR AuthHandle,\r
225 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
226 )\r
227{\r
228 EFI_STATUS Status;\r
229 TPM2_CLEAR_COMMAND Cmd;\r
230 TPM2_CLEAR_RESPONSE Res;\r
231 UINT32 ResultBufSize;\r
232 UINT32 CmdSize;\r
233 UINT32 RespSize;\r
234 UINT8 *Buffer;\r
235 UINT32 SessionInfoSize;\r
236\r
237 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
238 Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);\r
239 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
240\r
241 //\r
242 // Add in Auth session\r
243 //\r
244 Buffer = (UINT8 *)&Cmd.AuthSession;\r
245\r
246 // sessionInfoSize\r
247 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
248 Buffer += SessionInfoSize;\r
249 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
250\r
251 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
252 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
253\r
254 ResultBufSize = sizeof(Res);\r
255 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
256 if (EFI_ERROR(Status)) {\r
7ae130da 257 goto Done;\r
c1d93242
JY		 258 }\r
259\r
260 if (ResultBufSize > sizeof(Res)) {\r
261 DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 262 Status = EFI_BUFFER_TOO_SMALL;\r
263 goto Done;\r
c1d93242
JY		 264 }\r
265\r
266 //\r
267 // Validate response headers\r
268 //\r
269 RespSize = SwapBytes32(Res.Header.paramSize);\r
270 if (RespSize > sizeof(Res)) {\r
271 DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 272 Status = EFI_BUFFER_TOO_SMALL;\r
273 goto Done;\r
c1d93242
JY		 274 }\r
275\r
276 //\r
277 // Fail if command failed\r
278 //\r
279 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
280 DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 281 Status = EFI_DEVICE_ERROR;\r
282 goto Done;\r
c1d93242
JY		 283 }\r
284\r
285 //\r
286 // Unmarshal the response\r
287 //\r
288\r
289 // None\r
7ae130da
JY		 290Done:\r
291 //\r
292 // Clear AuthSession Content\r
293 //\r
294 ZeroMem (&Cmd, sizeof(Cmd));\r
295 ZeroMem (&Res, sizeof(Res));\r
296 return Status;\r
c1d93242
JY		 297}\r
298\r
299/**\r
300 Disables and enables the execution of TPM2_Clear().\r
301\r
302 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
303 @param[in] AuthSession Auth Session context\r
304 @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r
305 NO if the flag is to be CLEAR.\r
306\r
307 @retval EFI_SUCCESS Operation completed successfully.\r
308 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
309**/\r
310EFI_STATUS\r
311EFIAPI\r
312Tpm2ClearControl (\r
313 IN TPMI_RH_CLEAR AuthHandle,\r
314 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
315 IN TPMI_YES_NO Disable\r
316 )\r
317{\r
318 EFI_STATUS Status;\r
319 TPM2_CLEAR_CONTROL_COMMAND Cmd;\r
320 TPM2_CLEAR_CONTROL_RESPONSE Res;\r
321 UINT32 ResultBufSize;\r
322 UINT32 CmdSize;\r
323 UINT32 RespSize;\r
324 UINT8 *Buffer;\r
325 UINT32 SessionInfoSize;\r
326\r
327 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
328 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);\r
329 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
330\r
331 //\r
332 // Add in Auth session\r
333 //\r
334 Buffer = (UINT8 *)&Cmd.AuthSession;\r
335\r
336 // sessionInfoSize\r
337 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
338 Buffer += SessionInfoSize;\r
339 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
340\r
341 // disable\r
342 *(UINT8 *)Buffer = Disable;\r
58dbfc3c 343 Buffer++;\r
c1d93242
JY		 344\r
345 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
346 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
347\r
348 ResultBufSize = sizeof(Res);\r
349 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
350 if (EFI_ERROR(Status)) {\r
7ae130da 351 goto Done;\r
c1d93242
JY		 352 }\r
353\r
354 if (ResultBufSize > sizeof(Res)) {\r
355 DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 356 Status = EFI_BUFFER_TOO_SMALL;\r
357 goto Done;\r
c1d93242
JY		 358 }\r
359\r
360 //\r
361 // Validate response headers\r
362 //\r
363 RespSize = SwapBytes32(Res.Header.paramSize);\r
364 if (RespSize > sizeof(Res)) {\r
365 DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 366 Status = EFI_BUFFER_TOO_SMALL;\r
367 goto Done;\r
c1d93242
JY		 368 }\r
369\r
370 //\r
371 // Fail if command failed\r
372 //\r
373 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
374 DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 375 Status = EFI_DEVICE_ERROR;\r
376 goto Done;\r
c1d93242
JY		 377 }\r
378\r
379 //\r
380 // Unmarshal the response\r
381 //\r
382\r
383 // None\r
7ae130da
JY		 384Done:\r
385 //\r
386 // Clear AuthSession Content\r
387 //\r
388 ZeroMem (&Cmd, sizeof(Cmd));\r
389 ZeroMem (&Res, sizeof(Res));\r
390 return Status;\r
c1d93242
JY		 391}\r
392\r
393/**\r
394 This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r
395 authorization value as the command authorization.\r
396\r
397 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
398 @param[in] AuthSession Auth Session context\r
399 @param[in] NewAuth New authorization secret\r
400\r
401 @retval EFI_SUCCESS Operation completed successfully.\r
402 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
403**/\r
404EFI_STATUS\r
405EFIAPI\r
406Tpm2HierarchyChangeAuth (\r
407 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
408 IN TPMS_AUTH_COMMAND *AuthSession,\r
409 IN TPM2B_AUTH *NewAuth\r
410 )\r
411{\r
412 EFI_STATUS Status;\r
413 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r
414 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r
415 UINT32 CmdSize;\r
416 UINT32 RespSize;\r
417 UINT8 *Buffer;\r
418 UINT32 SessionInfoSize;\r
419 UINT8 *ResultBuf;\r
420 UINT32 ResultBufSize;\r
421\r
422 //\r
423 // Construct command\r
424 //\r
425 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
426 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
427 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);\r
428 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
429\r
430 //\r
431 // Add in Auth session\r
432 //\r
433 Buffer = (UINT8 *)&Cmd.AuthSession;\r
434\r
435 // sessionInfoSize\r
436 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
437 Buffer += SessionInfoSize;\r
438 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
439\r
440 // New Authorization size\r
441 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));\r
442 Buffer += sizeof(UINT16);\r
443\r
444 // New Authorizeation\r
445 CopyMem(Buffer, NewAuth->buffer, NewAuth->size);\r
446 Buffer += NewAuth->size;\r
447\r
448 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
449 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
450\r
451 ResultBuf = (UINT8 *) &Res;\r
452 ResultBufSize = sizeof(Res);\r
453\r
454 //\r
455 // Call the TPM\r
456 //\r
457 Status = Tpm2SubmitCommand (\r
458 CmdSize, \r
459 (UINT8 *)&Cmd, \r
460 &ResultBufSize,\r
461 ResultBuf\r
462 );\r
7ae130da
JY		 463 if (EFI_ERROR(Status)) {\r
464 goto Done;\r
465 }\r
c1d93242
JY		 466\r
467 if (ResultBufSize > sizeof(Res)) {\r
468 DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 469 Status = EFI_BUFFER_TOO_SMALL;\r
470 goto Done;\r
c1d93242
JY		 471 }\r
472\r
473 //\r
474 // Validate response headers\r
475 //\r
476 RespSize = SwapBytes32(Res.Header.paramSize);\r
477 if (RespSize > sizeof(Res)) {\r
478 DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 479 Status = EFI_BUFFER_TOO_SMALL;\r
480 goto Done;\r
c1d93242
JY		 481 }\r
482\r
483 //\r
484 // Fail if command failed\r
485 //\r
486 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
487 DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 488 Status = EFI_DEVICE_ERROR;\r
489 goto Done;\r
c1d93242
JY		 490 }\r
491\r
7ae130da
JY		 492Done:\r
493 //\r
494 // Clear AuthSession Content\r
495 //\r
496 ZeroMem (&Cmd, sizeof(Cmd));\r
497 ZeroMem (&Res, sizeof(Res));\r
498 return Status;\r
c1d93242
JY		 499}\r
500\r
501/**\r
502 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r
503 their default initialization values.\r
504\r
505 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
506 @param[in] AuthSession Auth Session context\r
507\r
508 @retval EFI_SUCCESS Operation completed successfully.\r
509 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
510**/\r
511EFI_STATUS\r
512EFIAPI\r
513Tpm2ChangeEPS (\r
514 IN TPMI_RH_PLATFORM AuthHandle,\r
515 IN TPMS_AUTH_COMMAND *AuthSession\r
516 )\r
517{\r
518 EFI_STATUS Status;\r
519 TPM2_CHANGE_EPS_COMMAND Cmd;\r
520 TPM2_CHANGE_EPS_RESPONSE Res;\r
521 UINT32 CmdSize;\r
522 UINT32 RespSize;\r
523 UINT8 *Buffer;\r
524 UINT32 SessionInfoSize;\r
525 UINT8 *ResultBuf;\r
526 UINT32 ResultBufSize;\r
527\r
528 //\r
529 // Construct command\r
530 //\r
531 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
532 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
533 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);\r
534 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
535\r
536 //\r
537 // Add in Auth session\r
538 //\r
539 Buffer = (UINT8 *)&Cmd.AuthSession;\r
540\r
541 // sessionInfoSize\r
542 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
543 Buffer += SessionInfoSize;\r
544 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
545\r
546 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
547 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
548\r
549 ResultBuf = (UINT8 *) &Res;\r
550 ResultBufSize = sizeof(Res);\r
551\r
552 //\r
553 // Call the TPM\r
554 //\r
555 Status = Tpm2SubmitCommand (\r
556 CmdSize, \r
557 (UINT8 *)&Cmd, \r
558 &ResultBufSize,\r
559 ResultBuf\r
560 );\r
7ae130da
JY		 561 if (EFI_ERROR(Status)) {\r
562 goto Done;\r
563 }\r
c1d93242
JY		 564\r
565 if (ResultBufSize > sizeof(Res)) {\r
566 DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 567 Status = EFI_BUFFER_TOO_SMALL;\r
568 goto Done;\r
c1d93242
JY		 569 }\r
570\r
571 //\r
572 // Validate response headers\r
573 //\r
574 RespSize = SwapBytes32(Res.Header.paramSize);\r
575 if (RespSize > sizeof(Res)) {\r
576 DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 577 Status = EFI_BUFFER_TOO_SMALL;\r
578 goto Done;\r
c1d93242
JY		 579 }\r
580\r
581 //\r
582 // Fail if command failed\r
583 //\r
584 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
585 DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 586 Status = EFI_DEVICE_ERROR;\r
587 goto Done;\r
c1d93242
JY		 588 }\r
589\r
7ae130da
JY		 590Done:\r
591 //\r
592 // Clear AuthSession Content\r
593 //\r
594 ZeroMem (&Cmd, sizeof(Cmd));\r
595 ZeroMem (&Res, sizeof(Res));\r
596 return Status;\r
c1d93242
JY		 597}\r
598\r
599/**\r
600 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r
601 initialization value (the Empty Buffer).\r
602\r
603 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
604 @param[in] AuthSession Auth Session context\r
605\r
606 @retval EFI_SUCCESS Operation completed successfully.\r
607 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
608**/\r
609EFI_STATUS\r
610EFIAPI\r
611Tpm2ChangePPS (\r
612 IN TPMI_RH_PLATFORM AuthHandle,\r
613 IN TPMS_AUTH_COMMAND *AuthSession\r
614 )\r
615{\r
616 EFI_STATUS Status;\r
617 TPM2_CHANGE_PPS_COMMAND Cmd;\r
618 TPM2_CHANGE_PPS_RESPONSE Res;\r
619 UINT32 CmdSize;\r
620 UINT32 RespSize;\r
621 UINT8 *Buffer;\r
622 UINT32 SessionInfoSize;\r
623 UINT8 *ResultBuf;\r
624 UINT32 ResultBufSize;\r
625\r
626 //\r
627 // Construct command\r
628 //\r
629 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
630 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
631 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);\r
632 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
633\r
634 //\r
635 // Add in Auth session\r
636 //\r
637 Buffer = (UINT8 *)&Cmd.AuthSession;\r
638\r
639 // sessionInfoSize\r
640 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
641 Buffer += SessionInfoSize;\r
642 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
643\r
644 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
645 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
646\r
647 ResultBuf = (UINT8 *) &Res;\r
648 ResultBufSize = sizeof(Res);\r
649\r
650 //\r
651 // Call the TPM\r
652 //\r
653 Status = Tpm2SubmitCommand (\r
654 CmdSize, \r
655 (UINT8 *)&Cmd, \r
656 &ResultBufSize,\r
657 ResultBuf\r
658 );\r
7ae130da
JY		 659 if (EFI_ERROR(Status)) {\r
660 goto Done;\r
661 }\r
c1d93242
JY		 662\r
663 if (ResultBufSize > sizeof(Res)) {\r
664 DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 665 Status = EFI_BUFFER_TOO_SMALL;\r
666 goto Done;\r
c1d93242
JY		 667 }\r
668\r
669 //\r
670 // Validate response headers\r
671 //\r
672 RespSize = SwapBytes32(Res.Header.paramSize);\r
673 if (RespSize > sizeof(Res)) {\r
674 DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 675 Status = EFI_BUFFER_TOO_SMALL;\r
676 goto Done;\r
c1d93242
JY		 677 }\r
678\r
679 //\r
680 // Fail if command failed\r
681 //\r
682 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
683 DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 684 Status = EFI_DEVICE_ERROR;\r
685 goto Done;\r
c1d93242
JY		 686 }\r
687\r
7ae130da
JY		 688Done:\r
689 //\r
690 // Clear AuthSession Content\r
691 //\r
692 ZeroMem (&Cmd, sizeof(Cmd));\r
693 ZeroMem (&Res, sizeof(Res));\r
694 return Status;\r
c1d93242
JY		 695}\r
696\r
697/**\r
698 This command enables and disables use of a hierarchy.\r
699\r
700 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
701 @param[in] AuthSession Auth Session context\r
702 @param[in] Hierarchy Hierarchy of the enable being modified\r
703 @param[in] State YES if the enable should be SET,\r
704 NO if the enable should be CLEAR\r
705\r
706 @retval EFI_SUCCESS Operation completed successfully.\r
707 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
708**/\r
709EFI_STATUS\r
710EFIAPI\r
711Tpm2HierarchyControl (\r
712 IN TPMI_RH_HIERARCHY AuthHandle,\r
713 IN TPMS_AUTH_COMMAND *AuthSession,\r
714 IN TPMI_RH_HIERARCHY Hierarchy,\r
715 IN TPMI_YES_NO State\r
716 )\r
717{\r
718 EFI_STATUS Status;\r
719 TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r
720 TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r
721 UINT32 CmdSize;\r
722 UINT32 RespSize;\r
723 UINT8 *Buffer;\r
724 UINT32 SessionInfoSize;\r
725 UINT8 *ResultBuf;\r
726 UINT32 ResultBufSize;\r
727\r
728 //\r
729 // Construct command\r
730 //\r
731 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
732 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
733 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);\r
734 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
735\r
736 //\r
737 // Add in Auth session\r
738 //\r
739 Buffer = (UINT8 *)&Cmd.AuthSession;\r
740\r
741 // sessionInfoSize\r
742 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
743 Buffer += SessionInfoSize;\r
744 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
745\r
746 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));\r
747 Buffer += sizeof(UINT32);\r
748\r
749 *(UINT8 *)Buffer = State;\r
58dbfc3c 750 Buffer++;\r
c1d93242
JY		 751\r
752 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
753 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
754\r
755 ResultBuf = (UINT8 *) &Res;\r
756 ResultBufSize = sizeof(Res);\r
757\r
758 //\r
759 // Call the TPM\r
760 //\r
761 Status = Tpm2SubmitCommand (\r
762 CmdSize, \r
763 (UINT8 *)&Cmd, \r
764 &ResultBufSize,\r
765 ResultBuf\r
766 );\r
7ae130da
JY		 767 if (EFI_ERROR(Status)) {\r
768 goto Done;\r
769 }\r
c1d93242
JY		 770\r
771 if (ResultBufSize > sizeof(Res)) {\r
772 DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 773 Status = EFI_BUFFER_TOO_SMALL;\r
774 goto Done;\r
c1d93242
JY		 775 }\r
776\r
777 //\r
778 // Validate response headers\r
779 //\r
780 RespSize = SwapBytes32(Res.Header.paramSize);\r
781 if (RespSize > sizeof(Res)) {\r
782 DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 783 Status = EFI_BUFFER_TOO_SMALL;\r
784 goto Done;\r
c1d93242
JY		 785 }\r
786\r
787 //\r
788 // Fail if command failed\r
789 //\r
790 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
791 DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
7ae130da
JY		 792 Status = EFI_DEVICE_ERROR;\r
793 goto Done;\r
c1d93242
JY		 794 }\r
795\r
7ae130da
JY		 796Done:\r
797 //\r
798 // Clear AuthSession Content\r
799 //\r
800 ZeroMem (&Cmd, sizeof(Cmd));\r
801 ZeroMem (&Res, sizeof(Res));\r
802 return Status;\r
c1d93242 803}\r
EFI Development Kit II mirror for PVE