]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Apply uncrustify changes
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Hierarchy.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 Hierarchy related command.\r
3\r
b3548d32 4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
289b714b 5SPDX-License-Identifier: BSD-2-Clause-Patent\r
c1d93242
JY		 6\r
7**/\r
8\r
9#include <IndustryStandard/UefiTcgPlatform.h>\r
10#include <Library/Tpm2CommandLib.h>\r
11#include <Library/Tpm2DeviceLib.h>\r
12#include <Library/BaseMemoryLib.h>\r
13#include <Library/BaseLib.h>\r
14#include <Library/DebugLib.h>\r
15\r
16#pragma pack(1)\r
17\r
967eacca
JY		 18typedef struct {\r
19 TPM2_COMMAND_HEADER Header;\r
9093fb92 20 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
967eacca
JY		 21 UINT32 AuthSessionSize;\r
22 TPMS_AUTH_COMMAND AuthSession;\r
23 TPM2B_DIGEST AuthPolicy;\r
24 TPMI_ALG_HASH HashAlg;\r
25} TPM2_SET_PRIMARY_POLICY_COMMAND;\r
26\r
27typedef struct {\r
c411b485
MK		 28 TPM2_RESPONSE_HEADER Header;\r
29 UINT32 AuthSessionSize;\r
30 TPMS_AUTH_RESPONSE AuthSession;\r
967eacca
JY		 31} TPM2_SET_PRIMARY_POLICY_RESPONSE;\r
32\r
c1d93242 33typedef struct {\r
c411b485
MK		 34 TPM2_COMMAND_HEADER Header;\r
35 TPMI_RH_CLEAR AuthHandle;\r
36 UINT32 AuthorizationSize;\r
37 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 38} TPM2_CLEAR_COMMAND;\r
39\r
40typedef struct {\r
c411b485
MK		 41 TPM2_RESPONSE_HEADER Header;\r
42 UINT32 ParameterSize;\r
43 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 44} TPM2_CLEAR_RESPONSE;\r
45\r
46typedef struct {\r
c411b485
MK		 47 TPM2_COMMAND_HEADER Header;\r
48 TPMI_RH_CLEAR AuthHandle;\r
49 UINT32 AuthorizationSize;\r
50 TPMS_AUTH_COMMAND AuthSession;\r
51 TPMI_YES_NO Disable;\r
c1d93242
JY		 52} TPM2_CLEAR_CONTROL_COMMAND;\r
53\r
54typedef struct {\r
c411b485
MK		 55 TPM2_RESPONSE_HEADER Header;\r
56 UINT32 ParameterSize;\r
57 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 58} TPM2_CLEAR_CONTROL_RESPONSE;\r
59\r
60typedef struct {\r
61 TPM2_COMMAND_HEADER Header;\r
62 TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
63 UINT32 AuthorizationSize;\r
64 TPMS_AUTH_COMMAND AuthSession;\r
65 TPM2B_AUTH NewAuth;\r
66} TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r
67\r
68typedef struct {\r
c411b485
MK		 69 TPM2_RESPONSE_HEADER Header;\r
70 UINT32 ParameterSize;\r
71 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 72} TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r
73\r
74typedef struct {\r
c411b485
MK		 75 TPM2_COMMAND_HEADER Header;\r
76 TPMI_RH_PLATFORM AuthHandle;\r
77 UINT32 AuthorizationSize;\r
78 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 79} TPM2_CHANGE_EPS_COMMAND;\r
80\r
81typedef struct {\r
c411b485
MK		 82 TPM2_RESPONSE_HEADER Header;\r
83 UINT32 ParameterSize;\r
84 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 85} TPM2_CHANGE_EPS_RESPONSE;\r
86\r
87typedef struct {\r
c411b485
MK		 88 TPM2_COMMAND_HEADER Header;\r
89 TPMI_RH_PLATFORM AuthHandle;\r
90 UINT32 AuthorizationSize;\r
91 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 92} TPM2_CHANGE_PPS_COMMAND;\r
93\r
94typedef struct {\r
c411b485
MK		 95 TPM2_RESPONSE_HEADER Header;\r
96 UINT32 ParameterSize;\r
97 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 98} TPM2_CHANGE_PPS_RESPONSE;\r
99\r
100typedef struct {\r
c411b485
MK		 101 TPM2_COMMAND_HEADER Header;\r
102 TPMI_RH_HIERARCHY AuthHandle;\r
103 UINT32 AuthorizationSize;\r
104 TPMS_AUTH_COMMAND AuthSession;\r
105 TPMI_RH_HIERARCHY Hierarchy;\r
106 TPMI_YES_NO State;\r
c1d93242
JY		 107} TPM2_HIERARCHY_CONTROL_COMMAND;\r
108\r
109typedef struct {\r
c411b485
MK		 110 TPM2_RESPONSE_HEADER Header;\r
111 UINT32 ParameterSize;\r
112 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 113} TPM2_HIERARCHY_CONTROL_RESPONSE;\r
114\r
115#pragma pack()\r
116\r
967eacca
JY		 117/**\r
118 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
119 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
120\r
121 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
122 @param[in] AuthSession Auth Session context\r
123 @param[in] AuthPolicy An authorization policy hash\r
124 @param[in] HashAlg The hash algorithm to use for the policy\r
125\r
126 @retval EFI_SUCCESS Operation completed successfully.\r
127 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
128**/\r
129EFI_STATUS\r
130EFIAPI\r
131Tpm2SetPrimaryPolicy (\r
c411b485
MK		 132 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
133 IN TPMS_AUTH_COMMAND *AuthSession,\r
134 IN TPM2B_DIGEST *AuthPolicy,\r
135 IN TPMI_ALG_HASH HashAlg\r
967eacca
JY		 136 )\r
137{\r
c411b485
MK		 138 EFI_STATUS Status;\r
139 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r
140 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r
141 UINT32 SendBufferSize;\r
142 UINT32 RecvBufferSize;\r
143 UINT8 *Buffer;\r
144 UINT32 SessionInfoSize;\r
967eacca
JY		 145\r
146 //\r
147 // Construct command\r
148 //\r
c411b485
MK		 149 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
150 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetPrimaryPolicy);\r
967eacca
JY		 151\r
152 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
153\r
154 //\r
155 // Add in Auth session\r
156 //\r
157 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
158\r
159 // sessionInfoSize\r
c411b485
MK		 160 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
161 Buffer += SessionInfoSize;\r
162 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
967eacca
JY		 163\r
164 //\r
165 // Real data\r
166 //\r
c411b485
MK		 167 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthPolicy->size));\r
168 Buffer += sizeof (UINT16);\r
967eacca
JY		 169 CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r
170 Buffer += AuthPolicy->size;\r
c411b485
MK		 171 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));\r
172 Buffer += sizeof (UINT16);\r
967eacca 173\r
c411b485 174 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
967eacca
JY		 175 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
176\r
177 //\r
178 // send Tpm command\r
179 //\r
180 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 181 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
967eacca 182 if (EFI_ERROR (Status)) {\r
7ae130da 183 goto Done;\r
967eacca
JY		 184 }\r
185\r
186 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 187 DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 188 Status = EFI_DEVICE_ERROR;\r
189 goto Done;\r
967eacca 190 }\r
c411b485
MK		 191\r
192 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
193 DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
7ae130da
JY		 194 Status = EFI_DEVICE_ERROR;\r
195 goto Done;\r
967eacca
JY		 196 }\r
197\r
7ae130da
JY		 198Done:\r
199 //\r
200 // Clear AuthSession Content\r
201 //\r
c411b485
MK		 202 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
203 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 204 return Status;\r
967eacca
JY		 205}\r
206\r
c1d93242
JY		 207/**\r
208 This command removes all TPM context associated with a specific Owner.\r
209\r
210 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
211 @param[in] AuthSession Auth Session context\r
b3548d32 212\r
c1d93242
JY		 213 @retval EFI_SUCCESS Operation completed successfully.\r
214 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
215**/\r
216EFI_STATUS\r
217EFIAPI\r
218Tpm2Clear (\r
c411b485
MK		 219 IN TPMI_RH_CLEAR AuthHandle,\r
220 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
c1d93242
JY		 221 )\r
222{\r
c411b485
MK		 223 EFI_STATUS Status;\r
224 TPM2_CLEAR_COMMAND Cmd;\r
225 TPM2_CLEAR_RESPONSE Res;\r
226 UINT32 ResultBufSize;\r
227 UINT32 CmdSize;\r
228 UINT32 RespSize;\r
229 UINT8 *Buffer;\r
230 UINT32 SessionInfoSize;\r
c1d93242 231\r
c411b485
MK		 232 Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
233 Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Clear);\r
234 Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 235\r
236 //\r
237 // Add in Auth session\r
238 //\r
239 Buffer = (UINT8 *)&Cmd.AuthSession;\r
240\r
241 // sessionInfoSize\r
c411b485
MK		 242 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
243 Buffer += SessionInfoSize;\r
244 Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 245\r
c411b485
MK		 246 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
247 Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r
c1d93242 248\r
c411b485
MK		 249 ResultBufSize = sizeof (Res);\r
250 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
251 if (EFI_ERROR (Status)) {\r
7ae130da 252 goto Done;\r
c1d93242
JY		 253 }\r
254\r
c411b485 255 if (ResultBufSize > sizeof (Res)) {\r
e905fbb0 256 DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 257 Status = EFI_BUFFER_TOO_SMALL;\r
258 goto Done;\r
c1d93242
JY		 259 }\r
260\r
261 //\r
262 // Validate response headers\r
263 //\r
c411b485
MK		 264 RespSize = SwapBytes32 (Res.Header.paramSize);\r
265 if (RespSize > sizeof (Res)) {\r
e905fbb0 266 DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 267 Status = EFI_BUFFER_TOO_SMALL;\r
268 goto Done;\r
c1d93242
JY		 269 }\r
270\r
271 //\r
272 // Fail if command failed\r
273 //\r
c411b485
MK		 274 if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
275 DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r
7ae130da
JY		 276 Status = EFI_DEVICE_ERROR;\r
277 goto Done;\r
c1d93242
JY		 278 }\r
279\r
280 //\r
281 // Unmarshal the response\r
282 //\r
283\r
284 // None\r
7ae130da
JY		 285Done:\r
286 //\r
287 // Clear AuthSession Content\r
288 //\r
c411b485
MK		 289 ZeroMem (&Cmd, sizeof (Cmd));\r
290 ZeroMem (&Res, sizeof (Res));\r
7ae130da 291 return Status;\r
c1d93242
JY		 292}\r
293\r
294/**\r
295 Disables and enables the execution of TPM2_Clear().\r
296\r
297 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
298 @param[in] AuthSession Auth Session context\r
299 @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r
300 NO if the flag is to be CLEAR.\r
301\r
302 @retval EFI_SUCCESS Operation completed successfully.\r
303 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
304**/\r
305EFI_STATUS\r
306EFIAPI\r
307Tpm2ClearControl (\r
c411b485
MK		 308 IN TPMI_RH_CLEAR AuthHandle,\r
309 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
310 IN TPMI_YES_NO Disable\r
c1d93242
JY		 311 )\r
312{\r
c411b485
MK		 313 EFI_STATUS Status;\r
314 TPM2_CLEAR_CONTROL_COMMAND Cmd;\r
315 TPM2_CLEAR_CONTROL_RESPONSE Res;\r
316 UINT32 ResultBufSize;\r
317 UINT32 CmdSize;\r
318 UINT32 RespSize;\r
319 UINT8 *Buffer;\r
320 UINT32 SessionInfoSize;\r
c1d93242 321\r
c411b485
MK		 322 Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
323 Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ClearControl);\r
324 Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 325\r
326 //\r
327 // Add in Auth session\r
328 //\r
329 Buffer = (UINT8 *)&Cmd.AuthSession;\r
330\r
331 // sessionInfoSize\r
c411b485
MK		 332 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
333 Buffer += SessionInfoSize;\r
334 Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r
c1d93242
JY		 335\r
336 // disable\r
337 *(UINT8 *)Buffer = Disable;\r
58dbfc3c 338 Buffer++;\r
c1d93242 339\r
c411b485
MK		 340 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
341 Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r
c1d93242 342\r
c411b485
MK		 343 ResultBufSize = sizeof (Res);\r
344 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
345 if (EFI_ERROR (Status)) {\r
7ae130da 346 goto Done;\r
c1d93242
JY		 347 }\r
348\r
c411b485 349 if (ResultBufSize > sizeof (Res)) {\r
e905fbb0 350 DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 351 Status = EFI_BUFFER_TOO_SMALL;\r
352 goto Done;\r
c1d93242
JY		 353 }\r
354\r
355 //\r
356 // Validate response headers\r
357 //\r
c411b485
MK		 358 RespSize = SwapBytes32 (Res.Header.paramSize);\r
359 if (RespSize > sizeof (Res)) {\r
e905fbb0 360 DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 361 Status = EFI_BUFFER_TOO_SMALL;\r
362 goto Done;\r
c1d93242
JY		 363 }\r
364\r
365 //\r
366 // Fail if command failed\r
367 //\r
c411b485
MK		 368 if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
369 DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r
7ae130da
JY		 370 Status = EFI_DEVICE_ERROR;\r
371 goto Done;\r
c1d93242
JY		 372 }\r
373\r
374 //\r
375 // Unmarshal the response\r
376 //\r
377\r
378 // None\r
7ae130da
JY		 379Done:\r
380 //\r
381 // Clear AuthSession Content\r
382 //\r
c411b485
MK		 383 ZeroMem (&Cmd, sizeof (Cmd));\r
384 ZeroMem (&Res, sizeof (Res));\r
7ae130da 385 return Status;\r
c1d93242
JY		 386}\r
387\r
388/**\r
389 This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r
390 authorization value as the command authorization.\r
391\r
392 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
393 @param[in] AuthSession Auth Session context\r
394 @param[in] NewAuth New authorization secret\r
395\r
396 @retval EFI_SUCCESS Operation completed successfully.\r
397 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
398**/\r
399EFI_STATUS\r
400EFIAPI\r
401Tpm2HierarchyChangeAuth (\r
c411b485
MK		 402 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
403 IN TPMS_AUTH_COMMAND *AuthSession,\r
404 IN TPM2B_AUTH *NewAuth\r
c1d93242
JY		 405 )\r
406{\r
407 EFI_STATUS Status;\r
408 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r
409 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r
410 UINT32 CmdSize;\r
411 UINT32 RespSize;\r
412 UINT8 *Buffer;\r
413 UINT32 SessionInfoSize;\r
414 UINT8 *ResultBuf;\r
415 UINT32 ResultBufSize;\r
416\r
417 //\r
418 // Construct command\r
419 //\r
c411b485
MK		 420 Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
421 Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r
422 Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyChangeAuth);\r
423 Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 424\r
425 //\r
426 // Add in Auth session\r
427 //\r
428 Buffer = (UINT8 *)&Cmd.AuthSession;\r
429\r
430 // sessionInfoSize\r
c411b485
MK		 431 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
432 Buffer += SessionInfoSize;\r
433 Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r
c1d93242
JY		 434\r
435 // New Authorization size\r
c411b485
MK		 436 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NewAuth->size));\r
437 Buffer += sizeof (UINT16);\r
c1d93242 438\r
d6b926e7 439 // New Authorization\r
c411b485 440 CopyMem (Buffer, NewAuth->buffer, NewAuth->size);\r
c1d93242
JY		 441 Buffer += NewAuth->size;\r
442\r
c411b485
MK		 443 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
444 Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r
c1d93242 445\r
c411b485
MK		 446 ResultBuf = (UINT8 *)&Res;\r
447 ResultBufSize = sizeof (Res);\r
c1d93242
JY		 448\r
449 //\r
450 // Call the TPM\r
451 //\r
452 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 453 CmdSize,\r
454 (UINT8 *)&Cmd,\r
c1d93242
JY		 455 &ResultBufSize,\r
456 ResultBuf\r
457 );\r
c411b485 458 if (EFI_ERROR (Status)) {\r
7ae130da
JY		 459 goto Done;\r
460 }\r
c1d93242 461\r
c411b485 462 if (ResultBufSize > sizeof (Res)) {\r
e905fbb0 463 DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 464 Status = EFI_BUFFER_TOO_SMALL;\r
465 goto Done;\r
c1d93242
JY		 466 }\r
467\r
468 //\r
469 // Validate response headers\r
470 //\r
c411b485
MK		 471 RespSize = SwapBytes32 (Res.Header.paramSize);\r
472 if (RespSize > sizeof (Res)) {\r
e905fbb0 473 DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 474 Status = EFI_BUFFER_TOO_SMALL;\r
475 goto Done;\r
c1d93242
JY		 476 }\r
477\r
478 //\r
479 // Fail if command failed\r
480 //\r
c411b485
MK		 481 if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
482 DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r
7ae130da
JY		 483 Status = EFI_DEVICE_ERROR;\r
484 goto Done;\r
c1d93242
JY		 485 }\r
486\r
7ae130da
JY		 487Done:\r
488 //\r
489 // Clear AuthSession Content\r
490 //\r
c411b485
MK		 491 ZeroMem (&Cmd, sizeof (Cmd));\r
492 ZeroMem (&Res, sizeof (Res));\r
7ae130da 493 return Status;\r
c1d93242
JY		 494}\r
495\r
496/**\r
497 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r
498 their default initialization values.\r
499\r
500 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
501 @param[in] AuthSession Auth Session context\r
502\r
503 @retval EFI_SUCCESS Operation completed successfully.\r
504 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
505**/\r
506EFI_STATUS\r
507EFIAPI\r
508Tpm2ChangeEPS (\r
c411b485
MK		 509 IN TPMI_RH_PLATFORM AuthHandle,\r
510 IN TPMS_AUTH_COMMAND *AuthSession\r
c1d93242
JY		 511 )\r
512{\r
513 EFI_STATUS Status;\r
514 TPM2_CHANGE_EPS_COMMAND Cmd;\r
515 TPM2_CHANGE_EPS_RESPONSE Res;\r
516 UINT32 CmdSize;\r
517 UINT32 RespSize;\r
518 UINT8 *Buffer;\r
519 UINT32 SessionInfoSize;\r
520 UINT8 *ResultBuf;\r
521 UINT32 ResultBufSize;\r
522\r
523 //\r
524 // Construct command\r
525 //\r
c411b485
MK		 526 Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
527 Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r
528 Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangeEPS);\r
529 Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 530\r
531 //\r
532 // Add in Auth session\r
533 //\r
534 Buffer = (UINT8 *)&Cmd.AuthSession;\r
535\r
536 // sessionInfoSize\r
c411b485
MK		 537 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
538 Buffer += SessionInfoSize;\r
539 Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 540\r
c411b485
MK		 541 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
542 Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r
c1d93242 543\r
c411b485
MK		 544 ResultBuf = (UINT8 *)&Res;\r
545 ResultBufSize = sizeof (Res);\r
c1d93242
JY		 546\r
547 //\r
548 // Call the TPM\r
549 //\r
550 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 551 CmdSize,\r
552 (UINT8 *)&Cmd,\r
c1d93242
JY		 553 &ResultBufSize,\r
554 ResultBuf\r
555 );\r
c411b485 556 if (EFI_ERROR (Status)) {\r
7ae130da
JY		 557 goto Done;\r
558 }\r
c1d93242 559\r
c411b485 560 if (ResultBufSize > sizeof (Res)) {\r
e905fbb0 561 DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 562 Status = EFI_BUFFER_TOO_SMALL;\r
563 goto Done;\r
c1d93242
JY		 564 }\r
565\r
566 //\r
567 // Validate response headers\r
568 //\r
c411b485
MK		 569 RespSize = SwapBytes32 (Res.Header.paramSize);\r
570 if (RespSize > sizeof (Res)) {\r
e905fbb0 571 DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 572 Status = EFI_BUFFER_TOO_SMALL;\r
573 goto Done;\r
c1d93242
JY		 574 }\r
575\r
576 //\r
577 // Fail if command failed\r
578 //\r
c411b485
MK		 579 if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
580 DEBUG ((DEBUG_ERROR, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r
7ae130da
JY		 581 Status = EFI_DEVICE_ERROR;\r
582 goto Done;\r
c1d93242
JY		 583 }\r
584\r
7ae130da
JY		 585Done:\r
586 //\r
587 // Clear AuthSession Content\r
588 //\r
c411b485
MK		 589 ZeroMem (&Cmd, sizeof (Cmd));\r
590 ZeroMem (&Res, sizeof (Res));\r
7ae130da 591 return Status;\r
c1d93242
JY		 592}\r
593\r
594/**\r
595 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r
596 initialization value (the Empty Buffer).\r
597\r
598 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r
599 @param[in] AuthSession Auth Session context\r
600\r
601 @retval EFI_SUCCESS Operation completed successfully.\r
602 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
603**/\r
604EFI_STATUS\r
605EFIAPI\r
606Tpm2ChangePPS (\r
c411b485
MK		 607 IN TPMI_RH_PLATFORM AuthHandle,\r
608 IN TPMS_AUTH_COMMAND *AuthSession\r
c1d93242
JY		 609 )\r
610{\r
611 EFI_STATUS Status;\r
612 TPM2_CHANGE_PPS_COMMAND Cmd;\r
613 TPM2_CHANGE_PPS_RESPONSE Res;\r
614 UINT32 CmdSize;\r
615 UINT32 RespSize;\r
616 UINT8 *Buffer;\r
617 UINT32 SessionInfoSize;\r
618 UINT8 *ResultBuf;\r
619 UINT32 ResultBufSize;\r
620\r
621 //\r
622 // Construct command\r
623 //\r
c411b485
MK		 624 Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
625 Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r
626 Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangePPS);\r
627 Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 628\r
629 //\r
630 // Add in Auth session\r
631 //\r
632 Buffer = (UINT8 *)&Cmd.AuthSession;\r
633\r
634 // sessionInfoSize\r
c411b485
MK		 635 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
636 Buffer += SessionInfoSize;\r
637 Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 638\r
c411b485
MK		 639 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
640 Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r
c1d93242 641\r
c411b485
MK		 642 ResultBuf = (UINT8 *)&Res;\r
643 ResultBufSize = sizeof (Res);\r
c1d93242
JY		 644\r
645 //\r
646 // Call the TPM\r
647 //\r
648 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 649 CmdSize,\r
650 (UINT8 *)&Cmd,\r
c1d93242
JY		 651 &ResultBufSize,\r
652 ResultBuf\r
653 );\r
c411b485 654 if (EFI_ERROR (Status)) {\r
7ae130da
JY		 655 goto Done;\r
656 }\r
c1d93242 657\r
c411b485 658 if (ResultBufSize > sizeof (Res)) {\r
e905fbb0 659 DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 660 Status = EFI_BUFFER_TOO_SMALL;\r
661 goto Done;\r
c1d93242
JY		 662 }\r
663\r
664 //\r
665 // Validate response headers\r
666 //\r
c411b485
MK		 667 RespSize = SwapBytes32 (Res.Header.paramSize);\r
668 if (RespSize > sizeof (Res)) {\r
e905fbb0 669 DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 670 Status = EFI_BUFFER_TOO_SMALL;\r
671 goto Done;\r
c1d93242
JY		 672 }\r
673\r
674 //\r
675 // Fail if command failed\r
676 //\r
c411b485
MK		 677 if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
678 DEBUG ((DEBUG_ERROR, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r
7ae130da
JY		 679 Status = EFI_DEVICE_ERROR;\r
680 goto Done;\r
c1d93242
JY		 681 }\r
682\r
7ae130da
JY		 683Done:\r
684 //\r
685 // Clear AuthSession Content\r
686 //\r
c411b485
MK		 687 ZeroMem (&Cmd, sizeof (Cmd));\r
688 ZeroMem (&Res, sizeof (Res));\r
7ae130da 689 return Status;\r
c1d93242
JY		 690}\r
691\r
692/**\r
693 This command enables and disables use of a hierarchy.\r
694\r
695 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r
696 @param[in] AuthSession Auth Session context\r
697 @param[in] Hierarchy Hierarchy of the enable being modified\r
698 @param[in] State YES if the enable should be SET,\r
699 NO if the enable should be CLEAR\r
700\r
701 @retval EFI_SUCCESS Operation completed successfully.\r
702 @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
703**/\r
704EFI_STATUS\r
705EFIAPI\r
706Tpm2HierarchyControl (\r
c411b485
MK		 707 IN TPMI_RH_HIERARCHY AuthHandle,\r
708 IN TPMS_AUTH_COMMAND *AuthSession,\r
709 IN TPMI_RH_HIERARCHY Hierarchy,\r
710 IN TPMI_YES_NO State\r
c1d93242
JY		 711 )\r
712{\r
713 EFI_STATUS Status;\r
714 TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r
715 TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r
716 UINT32 CmdSize;\r
717 UINT32 RespSize;\r
718 UINT8 *Buffer;\r
719 UINT32 SessionInfoSize;\r
720 UINT8 *ResultBuf;\r
721 UINT32 ResultBufSize;\r
722\r
723 //\r
724 // Construct command\r
725 //\r
c411b485
MK		 726 Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
727 Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r
728 Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyControl);\r
729 Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 730\r
731 //\r
732 // Add in Auth session\r
733 //\r
734 Buffer = (UINT8 *)&Cmd.AuthSession;\r
735\r
736 // sessionInfoSize\r
c411b485
MK		 737 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
738 Buffer += SessionInfoSize;\r
739 Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 740\r
c411b485
MK		 741 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Hierarchy));\r
742 Buffer += sizeof (UINT32);\r
c1d93242
JY		 743\r
744 *(UINT8 *)Buffer = State;\r
58dbfc3c 745 Buffer++;\r
c1d93242 746\r
c411b485
MK		 747 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
748 Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r
c1d93242 749\r
c411b485
MK		 750 ResultBuf = (UINT8 *)&Res;\r
751 ResultBufSize = sizeof (Res);\r
c1d93242
JY		 752\r
753 //\r
754 // Call the TPM\r
755 //\r
756 Status = Tpm2SubmitCommand (\r
b3548d32
LG		 757 CmdSize,\r
758 (UINT8 *)&Cmd,\r
c1d93242
JY		 759 &ResultBufSize,\r
760 ResultBuf\r
761 );\r
c411b485 762 if (EFI_ERROR (Status)) {\r
7ae130da
JY		 763 goto Done;\r
764 }\r
c1d93242 765\r
c411b485 766 if (ResultBufSize > sizeof (Res)) {\r
e905fbb0 767 DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
7ae130da
JY		 768 Status = EFI_BUFFER_TOO_SMALL;\r
769 goto Done;\r
c1d93242
JY		 770 }\r
771\r
772 //\r
773 // Validate response headers\r
774 //\r
c411b485
MK		 775 RespSize = SwapBytes32 (Res.Header.paramSize);\r
776 if (RespSize > sizeof (Res)) {\r
e905fbb0 777 DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r
7ae130da
JY		 778 Status = EFI_BUFFER_TOO_SMALL;\r
779 goto Done;\r
c1d93242
JY		 780 }\r
781\r
782 //\r
783 // Fail if command failed\r
784 //\r
c411b485
MK		 785 if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
786 DEBUG ((DEBUG_ERROR, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r
7ae130da
JY		 787 Status = EFI_DEVICE_ERROR;\r
788 goto Done;\r
c1d93242
JY		 789 }\r
790\r
7ae130da
JY		 791Done:\r
792 //\r
793 // Clear AuthSession Content\r
794 //\r
c411b485
MK		 795 ZeroMem (&Cmd, sizeof (Cmd));\r
796 ZeroMem (&Res, sizeof (Res));\r
7ae130da 797 return Status;\r
c1d93242 798}\r
EFI Development Kit II mirror for PVE