]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Correct AuthHandle definition for Tpm2SetPrimaryPolicy.
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Hierarchy.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 Hierarchy related command.\r
3\r
58dbfc3c 4Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>\r
c1d93242
JY		 5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <IndustryStandard/UefiTcgPlatform.h>\r
16#include <Library/Tpm2CommandLib.h>\r
17#include <Library/Tpm2DeviceLib.h>\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21\r
22#pragma pack(1)\r
23\r
967eacca
JY		 24typedef struct {\r
25 TPM2_COMMAND_HEADER Header;\r
9093fb92 26 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
967eacca
JY		 27 UINT32 AuthSessionSize;\r
28 TPMS_AUTH_COMMAND AuthSession;\r
29 TPM2B_DIGEST AuthPolicy;\r
30 TPMI_ALG_HASH HashAlg;\r
31} TPM2_SET_PRIMARY_POLICY_COMMAND;\r
32\r
33typedef struct {\r
34 TPM2_RESPONSE_HEADER Header;\r
35 UINT32 AuthSessionSize;\r
36 TPMS_AUTH_RESPONSE AuthSession;\r
37} TPM2_SET_PRIMARY_POLICY_RESPONSE;\r
38\r
c1d93242
JY		 39typedef struct {\r
40 TPM2_COMMAND_HEADER Header;\r
41 TPMI_RH_CLEAR AuthHandle;\r
42 UINT32 AuthorizationSize;\r
43 TPMS_AUTH_COMMAND AuthSession;\r
44} TPM2_CLEAR_COMMAND;\r
45\r
46typedef struct {\r
47 TPM2_RESPONSE_HEADER Header;\r
48 UINT32 ParameterSize;\r
49 TPMS_AUTH_RESPONSE AuthSession;\r
50} TPM2_CLEAR_RESPONSE;\r
51\r
52typedef struct {\r
53 TPM2_COMMAND_HEADER Header;\r
54 TPMI_RH_CLEAR AuthHandle;\r
55 UINT32 AuthorizationSize;\r
56 TPMS_AUTH_COMMAND AuthSession;\r
57 TPMI_YES_NO Disable;\r
58} TPM2_CLEAR_CONTROL_COMMAND;\r
59\r
60typedef struct {\r
61 TPM2_RESPONSE_HEADER Header;\r
62 UINT32 ParameterSize;\r
63 TPMS_AUTH_RESPONSE AuthSession;\r
64} TPM2_CLEAR_CONTROL_RESPONSE;\r
65\r
66typedef struct {\r
67 TPM2_COMMAND_HEADER Header;\r
68 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
69 UINT32 AuthorizationSize;\r
70 TPMS_AUTH_COMMAND AuthSession;\r
71 TPM2B_AUTH NewAuth;\r
72} TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r
73\r
74typedef struct {\r
75 TPM2_RESPONSE_HEADER Header;\r
76 UINT32 ParameterSize;\r
77 TPMS_AUTH_RESPONSE AuthSession;\r
78} TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r
79\r
80typedef struct {\r
81 TPM2_COMMAND_HEADER Header;\r
82 TPMI_RH_PLATFORM AuthHandle;\r
83 UINT32 AuthorizationSize;\r
84 TPMS_AUTH_COMMAND AuthSession;\r
85} TPM2_CHANGE_EPS_COMMAND;\r
86\r
87typedef struct {\r
88 TPM2_RESPONSE_HEADER Header;\r
89 UINT32 ParameterSize;\r
90 TPMS_AUTH_RESPONSE AuthSession;\r
91} TPM2_CHANGE_EPS_RESPONSE;\r
92\r
93typedef struct {\r
94 TPM2_COMMAND_HEADER Header;\r
95 TPMI_RH_PLATFORM AuthHandle;\r
96 UINT32 AuthorizationSize;\r
97 TPMS_AUTH_COMMAND AuthSession;\r
98} TPM2_CHANGE_PPS_COMMAND;\r
99\r
100typedef struct {\r
101 TPM2_RESPONSE_HEADER Header;\r
102 UINT32 ParameterSize;\r
103 TPMS_AUTH_RESPONSE AuthSession;\r
104} TPM2_CHANGE_PPS_RESPONSE;\r
105\r
106typedef struct {\r
107 TPM2_COMMAND_HEADER Header;\r
108 TPMI_RH_HIERARCHY AuthHandle;\r
109 UINT32 AuthorizationSize;\r
110 TPMS_AUTH_COMMAND AuthSession;\r
111 TPMI_RH_HIERARCHY Hierarchy;\r
112 TPMI_YES_NO State;\r
113} TPM2_HIERARCHY_CONTROL_COMMAND;\r
114\r
115typedef struct {\r
116 TPM2_RESPONSE_HEADER Header;\r
117 UINT32 ParameterSize;\r
118 TPMS_AUTH_RESPONSE AuthSession;\r
119} TPM2_HIERARCHY_CONTROL_RESPONSE;\r
120\r
121#pragma pack()\r
122\r
967eacca
JY		 123/**\r
124 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
125 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
126\r
127 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
128 @param[in] AuthSession Auth Session context\r
129 @param[in] AuthPolicy An authorization policy hash\r
130 @param[in] HashAlg The hash algorithm to use for the policy\r
131\r
132 @retval EFI_SUCCESS Operation completed successfully.\r
133 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
134**/\r
135EFI_STATUS\r
136EFIAPI\r
137Tpm2SetPrimaryPolicy (\r
138 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
139 IN TPMS_AUTH_COMMAND *AuthSession,\r
140 IN TPM2B_DIGEST *AuthPolicy,\r
141 IN TPMI_ALG_HASH HashAlg\r
142 )\r
143{\r
144 EFI_STATUS Status;\r
145 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r
146 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r
147 UINT32 SendBufferSize;\r
148 UINT32 RecvBufferSize;\r
149 UINT8 *Buffer;\r
150 UINT32 SessionInfoSize;\r
151\r
152 //\r
153 // Construct command\r
154 //\r
155 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
156 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r
157\r
158 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
159\r
160 //\r
161 // Add in Auth session\r
162 //\r
163 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
164\r
165 // sessionInfoSize\r
166 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
167 Buffer += SessionInfoSize;\r
168 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
169\r
170 //\r
171 // Real data\r
172 //\r
173 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r
174 Buffer += sizeof(UINT16);\r
175 CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r
176 Buffer += AuthPolicy->size;\r
177 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r
178 Buffer += sizeof(UINT16);\r
179\r
180 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
181 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
182\r
183 //\r
184 // send Tpm command\r
185 //\r
186 RecvBufferSize = sizeof (RecvBuffer);\r
187 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
188 if (EFI_ERROR (Status)) {\r
189 return Status;\r
190 }\r
191\r
192 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
193 DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r
194 return EFI_DEVICE_ERROR;\r
195 }\r
196 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
197 DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
198 return EFI_DEVICE_ERROR;\r
199 }\r
200\r
201 return EFI_SUCCESS;\r
202}\r
203\r
c1d93242
JY		 204/**\r
205 This command removes all TPM context associated with a specific Owner.\r
206\r
207 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
208 @param[in] AuthSession Auth Session context\r
209 \r
210 @retval EFI_SUCCESS Operation completed successfully.\r
211 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
212**/\r
213EFI_STATUS\r
214EFIAPI\r
215Tpm2Clear (\r
216 IN TPMI_RH_CLEAR AuthHandle,\r
217 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
218 )\r
219{\r
220 EFI_STATUS Status;\r
221 TPM2_CLEAR_COMMAND Cmd;\r
222 TPM2_CLEAR_RESPONSE Res;\r
223 UINT32 ResultBufSize;\r
224 UINT32 CmdSize;\r
225 UINT32 RespSize;\r
226 UINT8 *Buffer;\r
227 UINT32 SessionInfoSize;\r
228\r
229 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
230 Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);\r
231 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
232\r
233 //\r
234 // Add in Auth session\r
235 //\r
236 Buffer = (UINT8 *)&Cmd.AuthSession;\r
237\r
238 // sessionInfoSize\r
239 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
240 Buffer += SessionInfoSize;\r
241 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
242\r
243 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
244 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
245\r
246 ResultBufSize = sizeof(Res);\r
247 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
248 if (EFI_ERROR(Status)) {\r
249 return Status;\r
250 }\r
251\r
252 if (ResultBufSize > sizeof(Res)) {\r
253 DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
254 return EFI_BUFFER_TOO_SMALL;\r
255 }\r
256\r
257 //\r
258 // Validate response headers\r
259 //\r
260 RespSize = SwapBytes32(Res.Header.paramSize);\r
261 if (RespSize > sizeof(Res)) {\r
262 DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r
263 return EFI_BUFFER_TOO_SMALL;\r
264 }\r
265\r
266 //\r
267 // Fail if command failed\r
268 //\r
269 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
270 DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
271 return EFI_DEVICE_ERROR;\r
272 }\r
273\r
274 //\r
275 // Unmarshal the response\r
276 //\r
277\r
278 // None\r
279\r
280 return EFI_SUCCESS;\r
281}\r
282\r
283/**\r
284 Disables and enables the execution of TPM2_Clear().\r
285\r
286 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
287 @param[in] AuthSession Auth Session context\r
288 @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r
289 NO if the flag is to be CLEAR.\r
290\r
291 @retval EFI_SUCCESS Operation completed successfully.\r
292 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
293**/\r
294EFI_STATUS\r
295EFIAPI\r
296Tpm2ClearControl (\r
297 IN TPMI_RH_CLEAR AuthHandle,\r
298 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
299 IN TPMI_YES_NO Disable\r
300 )\r
301{\r
302 EFI_STATUS Status;\r
303 TPM2_CLEAR_CONTROL_COMMAND Cmd;\r
304 TPM2_CLEAR_CONTROL_RESPONSE Res;\r
305 UINT32 ResultBufSize;\r
306 UINT32 CmdSize;\r
307 UINT32 RespSize;\r
308 UINT8 *Buffer;\r
309 UINT32 SessionInfoSize;\r
310\r
311 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
312 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);\r
313 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
314\r
315 //\r
316 // Add in Auth session\r
317 //\r
318 Buffer = (UINT8 *)&Cmd.AuthSession;\r
319\r
320 // sessionInfoSize\r
321 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
322 Buffer += SessionInfoSize;\r
323 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
324\r
325 // disable\r
326 *(UINT8 *)Buffer = Disable;\r
58dbfc3c 327 Buffer++;\r
c1d93242
JY		 328\r
329 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
330 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
331\r
332 ResultBufSize = sizeof(Res);\r
333 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
334 if (EFI_ERROR(Status)) {\r
335 return Status;\r
336 }\r
337\r
338 if (ResultBufSize > sizeof(Res)) {\r
339 DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
340 return EFI_BUFFER_TOO_SMALL;\r
341 }\r
342\r
343 //\r
344 // Validate response headers\r
345 //\r
346 RespSize = SwapBytes32(Res.Header.paramSize);\r
347 if (RespSize > sizeof(Res)) {\r
348 DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r
349 return EFI_BUFFER_TOO_SMALL;\r
350 }\r
351\r
352 //\r
353 // Fail if command failed\r
354 //\r
355 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
356 DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
357 return EFI_DEVICE_ERROR;\r
358 }\r
359\r
360 //\r
361 // Unmarshal the response\r
362 //\r
363\r
364 // None\r
365\r
366 return EFI_SUCCESS;\r
367}\r
368\r
369/**\r
370 This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r
371 authorization value as the command authorization.\r
372\r
373 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
374 @param[in] AuthSession Auth Session context\r
375 @param[in] NewAuth New authorization secret\r
376\r
377 @retval EFI_SUCCESS Operation completed successfully.\r
378 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
379**/\r
380EFI_STATUS\r
381EFIAPI\r
382Tpm2HierarchyChangeAuth (\r
383 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
384 IN TPMS_AUTH_COMMAND *AuthSession,\r
385 IN TPM2B_AUTH *NewAuth\r
386 )\r
387{\r
388 EFI_STATUS Status;\r
389 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r
390 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r
391 UINT32 CmdSize;\r
392 UINT32 RespSize;\r
393 UINT8 *Buffer;\r
394 UINT32 SessionInfoSize;\r
395 UINT8 *ResultBuf;\r
396 UINT32 ResultBufSize;\r
397\r
398 //\r
399 // Construct command\r
400 //\r
401 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
402 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
403 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);\r
404 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
405\r
406 //\r
407 // Add in Auth session\r
408 //\r
409 Buffer = (UINT8 *)&Cmd.AuthSession;\r
410\r
411 // sessionInfoSize\r
412 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
413 Buffer += SessionInfoSize;\r
414 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
415\r
416 // New Authorization size\r
417 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));\r
418 Buffer += sizeof(UINT16);\r
419\r
420 // New Authorizeation\r
421 CopyMem(Buffer, NewAuth->buffer, NewAuth->size);\r
422 Buffer += NewAuth->size;\r
423\r
424 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
425 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
426\r
427 ResultBuf = (UINT8 *) &Res;\r
428 ResultBufSize = sizeof(Res);\r
429\r
430 //\r
431 // Call the TPM\r
432 //\r
433 Status = Tpm2SubmitCommand (\r
434 CmdSize, \r
435 (UINT8 *)&Cmd, \r
436 &ResultBufSize,\r
437 ResultBuf\r
438 );\r
439\r
440 if (ResultBufSize > sizeof(Res)) {\r
441 DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
442 return EFI_BUFFER_TOO_SMALL;\r
443 }\r
444\r
445 //\r
446 // Validate response headers\r
447 //\r
448 RespSize = SwapBytes32(Res.Header.paramSize);\r
449 if (RespSize > sizeof(Res)) {\r
450 DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r
451 return EFI_BUFFER_TOO_SMALL;\r
452 }\r
453\r
454 //\r
455 // Fail if command failed\r
456 //\r
457 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
458 DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
459 return EFI_DEVICE_ERROR;\r
460 }\r
461\r
462 return EFI_SUCCESS;\r
463}\r
464\r
465/**\r
466 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r
467 their default initialization values.\r
468\r
469 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
470 @param[in] AuthSession Auth Session context\r
471\r
472 @retval EFI_SUCCESS Operation completed successfully.\r
473 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
474**/\r
475EFI_STATUS\r
476EFIAPI\r
477Tpm2ChangeEPS (\r
478 IN TPMI_RH_PLATFORM AuthHandle,\r
479 IN TPMS_AUTH_COMMAND *AuthSession\r
480 )\r
481{\r
482 EFI_STATUS Status;\r
483 TPM2_CHANGE_EPS_COMMAND Cmd;\r
484 TPM2_CHANGE_EPS_RESPONSE Res;\r
485 UINT32 CmdSize;\r
486 UINT32 RespSize;\r
487 UINT8 *Buffer;\r
488 UINT32 SessionInfoSize;\r
489 UINT8 *ResultBuf;\r
490 UINT32 ResultBufSize;\r
491\r
492 //\r
493 // Construct command\r
494 //\r
495 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
496 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
497 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);\r
498 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
499\r
500 //\r
501 // Add in Auth session\r
502 //\r
503 Buffer = (UINT8 *)&Cmd.AuthSession;\r
504\r
505 // sessionInfoSize\r
506 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
507 Buffer += SessionInfoSize;\r
508 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
509\r
510 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
511 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
512\r
513 ResultBuf = (UINT8 *) &Res;\r
514 ResultBufSize = sizeof(Res);\r
515\r
516 //\r
517 // Call the TPM\r
518 //\r
519 Status = Tpm2SubmitCommand (\r
520 CmdSize, \r
521 (UINT8 *)&Cmd, \r
522 &ResultBufSize,\r
523 ResultBuf\r
524 );\r
525\r
526 if (ResultBufSize > sizeof(Res)) {\r
527 DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
528 return EFI_BUFFER_TOO_SMALL;\r
529 }\r
530\r
531 //\r
532 // Validate response headers\r
533 //\r
534 RespSize = SwapBytes32(Res.Header.paramSize);\r
535 if (RespSize > sizeof(Res)) {\r
536 DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r
537 return EFI_BUFFER_TOO_SMALL;\r
538 }\r
539\r
540 //\r
541 // Fail if command failed\r
542 //\r
543 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
544 DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
545 return EFI_DEVICE_ERROR;\r
546 }\r
547\r
548 return EFI_SUCCESS;\r
549}\r
550\r
551/**\r
552 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r
553 initialization value (the Empty Buffer).\r
554\r
555 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
556 @param[in] AuthSession Auth Session context\r
557\r
558 @retval EFI_SUCCESS Operation completed successfully.\r
559 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
560**/\r
561EFI_STATUS\r
562EFIAPI\r
563Tpm2ChangePPS (\r
564 IN TPMI_RH_PLATFORM AuthHandle,\r
565 IN TPMS_AUTH_COMMAND *AuthSession\r
566 )\r
567{\r
568 EFI_STATUS Status;\r
569 TPM2_CHANGE_PPS_COMMAND Cmd;\r
570 TPM2_CHANGE_PPS_RESPONSE Res;\r
571 UINT32 CmdSize;\r
572 UINT32 RespSize;\r
573 UINT8 *Buffer;\r
574 UINT32 SessionInfoSize;\r
575 UINT8 *ResultBuf;\r
576 UINT32 ResultBufSize;\r
577\r
578 //\r
579 // Construct command\r
580 //\r
581 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
582 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
583 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);\r
584 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
585\r
586 //\r
587 // Add in Auth session\r
588 //\r
589 Buffer = (UINT8 *)&Cmd.AuthSession;\r
590\r
591 // sessionInfoSize\r
592 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
593 Buffer += SessionInfoSize;\r
594 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
595\r
596 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
597 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
598\r
599 ResultBuf = (UINT8 *) &Res;\r
600 ResultBufSize = sizeof(Res);\r
601\r
602 //\r
603 // Call the TPM\r
604 //\r
605 Status = Tpm2SubmitCommand (\r
606 CmdSize, \r
607 (UINT8 *)&Cmd, \r
608 &ResultBufSize,\r
609 ResultBuf\r
610 );\r
611\r
612 if (ResultBufSize > sizeof(Res)) {\r
613 DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
614 return EFI_BUFFER_TOO_SMALL;\r
615 }\r
616\r
617 //\r
618 // Validate response headers\r
619 //\r
620 RespSize = SwapBytes32(Res.Header.paramSize);\r
621 if (RespSize > sizeof(Res)) {\r
622 DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r
623 return EFI_BUFFER_TOO_SMALL;\r
624 }\r
625\r
626 //\r
627 // Fail if command failed\r
628 //\r
629 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
630 DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
631 return EFI_DEVICE_ERROR;\r
632 }\r
633\r
634 return EFI_SUCCESS;\r
635}\r
636\r
637/**\r
638 This command enables and disables use of a hierarchy.\r
639\r
640 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
641 @param[in] AuthSession Auth Session context\r
642 @param[in] Hierarchy Hierarchy of the enable being modified\r
643 @param[in] State YES if the enable should be SET,\r
644 NO if the enable should be CLEAR\r
645\r
646 @retval EFI_SUCCESS Operation completed successfully.\r
647 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
648**/\r
649EFI_STATUS\r
650EFIAPI\r
651Tpm2HierarchyControl (\r
652 IN TPMI_RH_HIERARCHY AuthHandle,\r
653 IN TPMS_AUTH_COMMAND *AuthSession,\r
654 IN TPMI_RH_HIERARCHY Hierarchy,\r
655 IN TPMI_YES_NO State\r
656 )\r
657{\r
658 EFI_STATUS Status;\r
659 TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r
660 TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r
661 UINT32 CmdSize;\r
662 UINT32 RespSize;\r
663 UINT8 *Buffer;\r
664 UINT32 SessionInfoSize;\r
665 UINT8 *ResultBuf;\r
666 UINT32 ResultBufSize;\r
667\r
668 //\r
669 // Construct command\r
670 //\r
671 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
672 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));\r
673 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);\r
674 Cmd.AuthHandle = SwapBytes32(AuthHandle);\r
675\r
676 //\r
677 // Add in Auth session\r
678 //\r
679 Buffer = (UINT8 *)&Cmd.AuthSession;\r
680\r
681 // sessionInfoSize\r
682 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
683 Buffer += SessionInfoSize;\r
684 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);\r
685\r
686 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));\r
687 Buffer += sizeof(UINT32);\r
688\r
689 *(UINT8 *)Buffer = State;\r
58dbfc3c 690 Buffer++;\r
c1d93242
JY		 691\r
692 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
693 Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
694\r
695 ResultBuf = (UINT8 *) &Res;\r
696 ResultBufSize = sizeof(Res);\r
697\r
698 //\r
699 // Call the TPM\r
700 //\r
701 Status = Tpm2SubmitCommand (\r
702 CmdSize, \r
703 (UINT8 *)&Cmd, \r
704 &ResultBufSize,\r
705 ResultBuf\r
706 );\r
707\r
708 if (ResultBufSize > sizeof(Res)) {\r
709 DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
710 return EFI_BUFFER_TOO_SMALL;\r
711 }\r
712\r
713 //\r
714 // Validate response headers\r
715 //\r
716 RespSize = SwapBytes32(Res.Header.paramSize);\r
717 if (RespSize > sizeof(Res)) {\r
718 DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r
719 return EFI_BUFFER_TOO_SMALL;\r
720 }\r
721\r
722 //\r
723 // Fail if command failed\r
724 //\r
725 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
726 DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
727 return EFI_DEVICE_ERROR;\r
728 }\r
729\r
730 return EFI_SUCCESS;\r
731}\r
EFI Development Kit II mirror for PVE