]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | Implement TPM2 Hierarchy related command.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
c1d93242 JY |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include <IndustryStandard/UefiTcgPlatform.h>\r | |
10 | #include <Library/Tpm2CommandLib.h>\r | |
11 | #include <Library/Tpm2DeviceLib.h>\r | |
12 | #include <Library/BaseMemoryLib.h>\r | |
13 | #include <Library/BaseLib.h>\r | |
14 | #include <Library/DebugLib.h>\r | |
15 | \r | |
16 | #pragma pack(1)\r | |
17 | \r | |
967eacca JY |
18 | typedef struct {\r |
19 | TPM2_COMMAND_HEADER Header;\r | |
9093fb92 | 20 | TPMI_RH_HIERARCHY_AUTH AuthHandle;\r |
967eacca JY |
21 | UINT32 AuthSessionSize;\r |
22 | TPMS_AUTH_COMMAND AuthSession;\r | |
23 | TPM2B_DIGEST AuthPolicy;\r | |
24 | TPMI_ALG_HASH HashAlg;\r | |
25 | } TPM2_SET_PRIMARY_POLICY_COMMAND;\r | |
26 | \r | |
27 | typedef struct {\r | |
c411b485 MK |
28 | TPM2_RESPONSE_HEADER Header;\r |
29 | UINT32 AuthSessionSize;\r | |
30 | TPMS_AUTH_RESPONSE AuthSession;\r | |
967eacca JY |
31 | } TPM2_SET_PRIMARY_POLICY_RESPONSE;\r |
32 | \r | |
c1d93242 | 33 | typedef struct {\r |
c411b485 MK |
34 | TPM2_COMMAND_HEADER Header;\r |
35 | TPMI_RH_CLEAR AuthHandle;\r | |
36 | UINT32 AuthorizationSize;\r | |
37 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
38 | } TPM2_CLEAR_COMMAND;\r |
39 | \r | |
40 | typedef struct {\r | |
c411b485 MK |
41 | TPM2_RESPONSE_HEADER Header;\r |
42 | UINT32 ParameterSize;\r | |
43 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
44 | } TPM2_CLEAR_RESPONSE;\r |
45 | \r | |
46 | typedef struct {\r | |
c411b485 MK |
47 | TPM2_COMMAND_HEADER Header;\r |
48 | TPMI_RH_CLEAR AuthHandle;\r | |
49 | UINT32 AuthorizationSize;\r | |
50 | TPMS_AUTH_COMMAND AuthSession;\r | |
51 | TPMI_YES_NO Disable;\r | |
c1d93242 JY |
52 | } TPM2_CLEAR_CONTROL_COMMAND;\r |
53 | \r | |
54 | typedef struct {\r | |
c411b485 MK |
55 | TPM2_RESPONSE_HEADER Header;\r |
56 | UINT32 ParameterSize;\r | |
57 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
58 | } TPM2_CLEAR_CONTROL_RESPONSE;\r |
59 | \r | |
60 | typedef struct {\r | |
61 | TPM2_COMMAND_HEADER Header;\r | |
62 | TPMI_RH_HIERARCHY_AUTH AuthHandle;\r | |
63 | UINT32 AuthorizationSize;\r | |
64 | TPMS_AUTH_COMMAND AuthSession;\r | |
65 | TPM2B_AUTH NewAuth;\r | |
66 | } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;\r | |
67 | \r | |
68 | typedef struct {\r | |
c411b485 MK |
69 | TPM2_RESPONSE_HEADER Header;\r |
70 | UINT32 ParameterSize;\r | |
71 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
72 | } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;\r |
73 | \r | |
74 | typedef struct {\r | |
c411b485 MK |
75 | TPM2_COMMAND_HEADER Header;\r |
76 | TPMI_RH_PLATFORM AuthHandle;\r | |
77 | UINT32 AuthorizationSize;\r | |
78 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
79 | } TPM2_CHANGE_EPS_COMMAND;\r |
80 | \r | |
81 | typedef struct {\r | |
c411b485 MK |
82 | TPM2_RESPONSE_HEADER Header;\r |
83 | UINT32 ParameterSize;\r | |
84 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
85 | } TPM2_CHANGE_EPS_RESPONSE;\r |
86 | \r | |
87 | typedef struct {\r | |
c411b485 MK |
88 | TPM2_COMMAND_HEADER Header;\r |
89 | TPMI_RH_PLATFORM AuthHandle;\r | |
90 | UINT32 AuthorizationSize;\r | |
91 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
92 | } TPM2_CHANGE_PPS_COMMAND;\r |
93 | \r | |
94 | typedef struct {\r | |
c411b485 MK |
95 | TPM2_RESPONSE_HEADER Header;\r |
96 | UINT32 ParameterSize;\r | |
97 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
98 | } TPM2_CHANGE_PPS_RESPONSE;\r |
99 | \r | |
100 | typedef struct {\r | |
c411b485 MK |
101 | TPM2_COMMAND_HEADER Header;\r |
102 | TPMI_RH_HIERARCHY AuthHandle;\r | |
103 | UINT32 AuthorizationSize;\r | |
104 | TPMS_AUTH_COMMAND AuthSession;\r | |
105 | TPMI_RH_HIERARCHY Hierarchy;\r | |
106 | TPMI_YES_NO State;\r | |
c1d93242 JY |
107 | } TPM2_HIERARCHY_CONTROL_COMMAND;\r |
108 | \r | |
109 | typedef struct {\r | |
c411b485 MK |
110 | TPM2_RESPONSE_HEADER Header;\r |
111 | UINT32 ParameterSize;\r | |
112 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
113 | } TPM2_HIERARCHY_CONTROL_RESPONSE;\r |
114 | \r | |
115 | #pragma pack()\r | |
116 | \r | |
967eacca JY |
117 | /**\r |
118 | This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r | |
119 | storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r | |
120 | \r | |
121 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r | |
122 | @param[in] AuthSession Auth Session context\r | |
123 | @param[in] AuthPolicy An authorization policy hash\r | |
124 | @param[in] HashAlg The hash algorithm to use for the policy\r | |
125 | \r | |
126 | @retval EFI_SUCCESS Operation completed successfully.\r | |
127 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
128 | **/\r | |
129 | EFI_STATUS\r | |
130 | EFIAPI\r | |
131 | Tpm2SetPrimaryPolicy (\r | |
c411b485 MK |
132 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r |
133 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
134 | IN TPM2B_DIGEST *AuthPolicy,\r | |
135 | IN TPMI_ALG_HASH HashAlg\r | |
967eacca JY |
136 | )\r |
137 | {\r | |
c411b485 MK |
138 | EFI_STATUS Status;\r |
139 | TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r | |
140 | TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r | |
141 | UINT32 SendBufferSize;\r | |
142 | UINT32 RecvBufferSize;\r | |
143 | UINT8 *Buffer;\r | |
144 | UINT32 SessionInfoSize;\r | |
967eacca JY |
145 | \r |
146 | //\r | |
147 | // Construct command\r | |
148 | //\r | |
c411b485 MK |
149 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
150 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_SetPrimaryPolicy);\r | |
967eacca JY |
151 | \r |
152 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
153 | \r | |
154 | //\r | |
155 | // Add in Auth session\r | |
156 | //\r | |
157 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
158 | \r | |
159 | // sessionInfoSize\r | |
c411b485 MK |
160 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
161 | Buffer += SessionInfoSize;\r | |
162 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
967eacca JY |
163 | \r |
164 | //\r | |
165 | // Real data\r | |
166 | //\r | |
c411b485 MK |
167 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthPolicy->size));\r |
168 | Buffer += sizeof (UINT16);\r | |
967eacca JY |
169 | CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r |
170 | Buffer += AuthPolicy->size;\r | |
c411b485 MK |
171 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashAlg));\r |
172 | Buffer += sizeof (UINT16);\r | |
967eacca | 173 | \r |
c411b485 | 174 | SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r |
967eacca JY |
175 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
176 | \r | |
177 | //\r | |
178 | // send Tpm command\r | |
179 | //\r | |
180 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 181 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
967eacca | 182 | if (EFI_ERROR (Status)) {\r |
7ae130da | 183 | goto Done;\r |
967eacca JY |
184 | }\r |
185 | \r | |
186 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 187 | DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
188 | Status = EFI_DEVICE_ERROR;\r |
189 | goto Done;\r | |
967eacca | 190 | }\r |
c411b485 MK |
191 | \r |
192 | if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r | |
193 | DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r | |
7ae130da JY |
194 | Status = EFI_DEVICE_ERROR;\r |
195 | goto Done;\r | |
967eacca JY |
196 | }\r |
197 | \r | |
7ae130da JY |
198 | Done:\r |
199 | //\r | |
200 | // Clear AuthSession Content\r | |
201 | //\r | |
c411b485 MK |
202 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
203 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 204 | return Status;\r |
967eacca JY |
205 | }\r |
206 | \r | |
c1d93242 JY |
207 | /**\r |
208 | This command removes all TPM context associated with a specific Owner.\r | |
209 | \r | |
210 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
211 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 212 | \r |
c1d93242 JY |
213 | @retval EFI_SUCCESS Operation completed successfully.\r |
214 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
215 | **/\r | |
216 | EFI_STATUS\r | |
217 | EFIAPI\r | |
218 | Tpm2Clear (\r | |
c411b485 MK |
219 | IN TPMI_RH_CLEAR AuthHandle,\r |
220 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
c1d93242 JY |
221 | )\r |
222 | {\r | |
c411b485 MK |
223 | EFI_STATUS Status;\r |
224 | TPM2_CLEAR_COMMAND Cmd;\r | |
225 | TPM2_CLEAR_RESPONSE Res;\r | |
226 | UINT32 ResultBufSize;\r | |
227 | UINT32 CmdSize;\r | |
228 | UINT32 RespSize;\r | |
229 | UINT8 *Buffer;\r | |
230 | UINT32 SessionInfoSize;\r | |
c1d93242 | 231 | \r |
c411b485 MK |
232 | Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
233 | Cmd.Header.commandCode = SwapBytes32 (TPM_CC_Clear);\r | |
234 | Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
235 | \r |
236 | //\r | |
237 | // Add in Auth session\r | |
238 | //\r | |
239 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
240 | \r | |
241 | // sessionInfoSize\r | |
c411b485 MK |
242 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
243 | Buffer += SessionInfoSize;\r | |
244 | Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 245 | \r |
c411b485 MK |
246 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r |
247 | Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r | |
c1d93242 | 248 | \r |
c411b485 MK |
249 | ResultBufSize = sizeof (Res);\r |
250 | Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r | |
251 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 252 | goto Done;\r |
c1d93242 JY |
253 | }\r |
254 | \r | |
c411b485 | 255 | if (ResultBufSize > sizeof (Res)) {\r |
e905fbb0 | 256 | DEBUG ((DEBUG_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
257 | Status = EFI_BUFFER_TOO_SMALL;\r |
258 | goto Done;\r | |
c1d93242 JY |
259 | }\r |
260 | \r | |
261 | //\r | |
262 | // Validate response headers\r | |
263 | //\r | |
c411b485 MK |
264 | RespSize = SwapBytes32 (Res.Header.paramSize);\r |
265 | if (RespSize > sizeof (Res)) {\r | |
e905fbb0 | 266 | DEBUG ((DEBUG_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
267 | Status = EFI_BUFFER_TOO_SMALL;\r |
268 | goto Done;\r | |
c1d93242 JY |
269 | }\r |
270 | \r | |
271 | //\r | |
272 | // Fail if command failed\r | |
273 | //\r | |
c411b485 MK |
274 | if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r |
275 | DEBUG ((DEBUG_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r | |
7ae130da JY |
276 | Status = EFI_DEVICE_ERROR;\r |
277 | goto Done;\r | |
c1d93242 JY |
278 | }\r |
279 | \r | |
280 | //\r | |
281 | // Unmarshal the response\r | |
282 | //\r | |
283 | \r | |
284 | // None\r | |
7ae130da JY |
285 | Done:\r |
286 | //\r | |
287 | // Clear AuthSession Content\r | |
288 | //\r | |
c411b485 MK |
289 | ZeroMem (&Cmd, sizeof (Cmd));\r |
290 | ZeroMem (&Res, sizeof (Res));\r | |
7ae130da | 291 | return Status;\r |
c1d93242 JY |
292 | }\r |
293 | \r | |
294 | /**\r | |
295 | Disables and enables the execution of TPM2_Clear().\r | |
296 | \r | |
297 | @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r | |
298 | @param[in] AuthSession Auth Session context\r | |
299 | @param[in] Disable YES if the disableOwnerClear flag is to be SET,\r | |
300 | NO if the flag is to be CLEAR.\r | |
301 | \r | |
302 | @retval EFI_SUCCESS Operation completed successfully.\r | |
303 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
304 | **/\r | |
305 | EFI_STATUS\r | |
306 | EFIAPI\r | |
307 | Tpm2ClearControl (\r | |
c411b485 MK |
308 | IN TPMI_RH_CLEAR AuthHandle,\r |
309 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r | |
310 | IN TPMI_YES_NO Disable\r | |
c1d93242 JY |
311 | )\r |
312 | {\r | |
c411b485 MK |
313 | EFI_STATUS Status;\r |
314 | TPM2_CLEAR_CONTROL_COMMAND Cmd;\r | |
315 | TPM2_CLEAR_CONTROL_RESPONSE Res;\r | |
316 | UINT32 ResultBufSize;\r | |
317 | UINT32 CmdSize;\r | |
318 | UINT32 RespSize;\r | |
319 | UINT8 *Buffer;\r | |
320 | UINT32 SessionInfoSize;\r | |
c1d93242 | 321 | \r |
c411b485 MK |
322 | Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
323 | Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ClearControl);\r | |
324 | Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
325 | \r |
326 | //\r | |
327 | // Add in Auth session\r | |
328 | //\r | |
329 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
330 | \r | |
331 | // sessionInfoSize\r | |
c411b485 MK |
332 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
333 | Buffer += SessionInfoSize;\r | |
334 | Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 JY |
335 | \r |
336 | // disable\r | |
337 | *(UINT8 *)Buffer = Disable;\r | |
58dbfc3c | 338 | Buffer++;\r |
c1d93242 | 339 | \r |
c411b485 MK |
340 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r |
341 | Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r | |
c1d93242 | 342 | \r |
c411b485 MK |
343 | ResultBufSize = sizeof (Res);\r |
344 | Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r | |
345 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 346 | goto Done;\r |
c1d93242 JY |
347 | }\r |
348 | \r | |
c411b485 | 349 | if (ResultBufSize > sizeof (Res)) {\r |
e905fbb0 | 350 | DEBUG ((DEBUG_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
351 | Status = EFI_BUFFER_TOO_SMALL;\r |
352 | goto Done;\r | |
c1d93242 JY |
353 | }\r |
354 | \r | |
355 | //\r | |
356 | // Validate response headers\r | |
357 | //\r | |
c411b485 MK |
358 | RespSize = SwapBytes32 (Res.Header.paramSize);\r |
359 | if (RespSize > sizeof (Res)) {\r | |
e905fbb0 | 360 | DEBUG ((DEBUG_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
361 | Status = EFI_BUFFER_TOO_SMALL;\r |
362 | goto Done;\r | |
c1d93242 JY |
363 | }\r |
364 | \r | |
365 | //\r | |
366 | // Fail if command failed\r | |
367 | //\r | |
c411b485 MK |
368 | if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r |
369 | DEBUG ((DEBUG_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r | |
7ae130da JY |
370 | Status = EFI_DEVICE_ERROR;\r |
371 | goto Done;\r | |
c1d93242 JY |
372 | }\r |
373 | \r | |
374 | //\r | |
375 | // Unmarshal the response\r | |
376 | //\r | |
377 | \r | |
378 | // None\r | |
7ae130da JY |
379 | Done:\r |
380 | //\r | |
381 | // Clear AuthSession Content\r | |
382 | //\r | |
c411b485 MK |
383 | ZeroMem (&Cmd, sizeof (Cmd));\r |
384 | ZeroMem (&Res, sizeof (Res));\r | |
7ae130da | 385 | return Status;\r |
c1d93242 JY |
386 | }\r |
387 | \r | |
388 | /**\r | |
389 | This command allows the authorization secret for a hierarchy or lockout to be changed using the current\r | |
390 | authorization value as the command authorization.\r | |
391 | \r | |
392 | @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
393 | @param[in] AuthSession Auth Session context\r | |
394 | @param[in] NewAuth New authorization secret\r | |
395 | \r | |
396 | @retval EFI_SUCCESS Operation completed successfully.\r | |
397 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
398 | **/\r | |
399 | EFI_STATUS\r | |
400 | EFIAPI\r | |
401 | Tpm2HierarchyChangeAuth (\r | |
c411b485 MK |
402 | IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r |
403 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
404 | IN TPM2B_AUTH *NewAuth\r | |
c1d93242 JY |
405 | )\r |
406 | {\r | |
407 | EFI_STATUS Status;\r | |
408 | TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;\r | |
409 | TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;\r | |
410 | UINT32 CmdSize;\r | |
411 | UINT32 RespSize;\r | |
412 | UINT8 *Buffer;\r | |
413 | UINT32 SessionInfoSize;\r | |
414 | UINT8 *ResultBuf;\r | |
415 | UINT32 ResultBufSize;\r | |
416 | \r | |
417 | //\r | |
418 | // Construct command\r | |
419 | //\r | |
c411b485 MK |
420 | Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
421 | Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r | |
422 | Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyChangeAuth);\r | |
423 | Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
424 | \r |
425 | //\r | |
426 | // Add in Auth session\r | |
427 | //\r | |
428 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
429 | \r | |
430 | // sessionInfoSize\r | |
c411b485 MK |
431 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
432 | Buffer += SessionInfoSize;\r | |
433 | Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 JY |
434 | \r |
435 | // New Authorization size\r | |
c411b485 MK |
436 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NewAuth->size));\r |
437 | Buffer += sizeof (UINT16);\r | |
c1d93242 | 438 | \r |
d6b926e7 | 439 | // New Authorization\r |
c411b485 | 440 | CopyMem (Buffer, NewAuth->buffer, NewAuth->size);\r |
c1d93242 JY |
441 | Buffer += NewAuth->size;\r |
442 | \r | |
c411b485 MK |
443 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r |
444 | Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r | |
c1d93242 | 445 | \r |
c411b485 MK |
446 | ResultBuf = (UINT8 *)&Res;\r |
447 | ResultBufSize = sizeof (Res);\r | |
c1d93242 JY |
448 | \r |
449 | //\r | |
450 | // Call the TPM\r | |
451 | //\r | |
452 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
453 | CmdSize,\r |
454 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
455 | &ResultBufSize,\r |
456 | ResultBuf\r | |
457 | );\r | |
c411b485 | 458 | if (EFI_ERROR (Status)) {\r |
7ae130da JY |
459 | goto Done;\r |
460 | }\r | |
c1d93242 | 461 | \r |
c411b485 | 462 | if (ResultBufSize > sizeof (Res)) {\r |
e905fbb0 | 463 | DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
464 | Status = EFI_BUFFER_TOO_SMALL;\r |
465 | goto Done;\r | |
c1d93242 JY |
466 | }\r |
467 | \r | |
468 | //\r | |
469 | // Validate response headers\r | |
470 | //\r | |
c411b485 MK |
471 | RespSize = SwapBytes32 (Res.Header.paramSize);\r |
472 | if (RespSize > sizeof (Res)) {\r | |
e905fbb0 | 473 | DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
474 | Status = EFI_BUFFER_TOO_SMALL;\r |
475 | goto Done;\r | |
c1d93242 JY |
476 | }\r |
477 | \r | |
478 | //\r | |
479 | // Fail if command failed\r | |
480 | //\r | |
c411b485 MK |
481 | if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r |
482 | DEBUG ((DEBUG_ERROR, "HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r | |
7ae130da JY |
483 | Status = EFI_DEVICE_ERROR;\r |
484 | goto Done;\r | |
c1d93242 JY |
485 | }\r |
486 | \r | |
7ae130da JY |
487 | Done:\r |
488 | //\r | |
489 | // Clear AuthSession Content\r | |
490 | //\r | |
c411b485 MK |
491 | ZeroMem (&Cmd, sizeof (Cmd));\r |
492 | ZeroMem (&Res, sizeof (Res));\r | |
7ae130da | 493 | return Status;\r |
c1d93242 JY |
494 | }\r |
495 | \r | |
496 | /**\r | |
497 | This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to\r | |
498 | their default initialization values.\r | |
499 | \r | |
500 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
501 | @param[in] AuthSession Auth Session context\r | |
502 | \r | |
503 | @retval EFI_SUCCESS Operation completed successfully.\r | |
504 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
505 | **/\r | |
506 | EFI_STATUS\r | |
507 | EFIAPI\r | |
508 | Tpm2ChangeEPS (\r | |
c411b485 MK |
509 | IN TPMI_RH_PLATFORM AuthHandle,\r |
510 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
c1d93242 JY |
511 | )\r |
512 | {\r | |
513 | EFI_STATUS Status;\r | |
514 | TPM2_CHANGE_EPS_COMMAND Cmd;\r | |
515 | TPM2_CHANGE_EPS_RESPONSE Res;\r | |
516 | UINT32 CmdSize;\r | |
517 | UINT32 RespSize;\r | |
518 | UINT8 *Buffer;\r | |
519 | UINT32 SessionInfoSize;\r | |
520 | UINT8 *ResultBuf;\r | |
521 | UINT32 ResultBufSize;\r | |
522 | \r | |
523 | //\r | |
524 | // Construct command\r | |
525 | //\r | |
c411b485 MK |
526 | Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
527 | Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r | |
528 | Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangeEPS);\r | |
529 | Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
530 | \r |
531 | //\r | |
532 | // Add in Auth session\r | |
533 | //\r | |
534 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
535 | \r | |
536 | // sessionInfoSize\r | |
c411b485 MK |
537 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
538 | Buffer += SessionInfoSize;\r | |
539 | Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 540 | \r |
c411b485 MK |
541 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r |
542 | Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r | |
c1d93242 | 543 | \r |
c411b485 MK |
544 | ResultBuf = (UINT8 *)&Res;\r |
545 | ResultBufSize = sizeof (Res);\r | |
c1d93242 JY |
546 | \r |
547 | //\r | |
548 | // Call the TPM\r | |
549 | //\r | |
550 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
551 | CmdSize,\r |
552 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
553 | &ResultBufSize,\r |
554 | ResultBuf\r | |
555 | );\r | |
c411b485 | 556 | if (EFI_ERROR (Status)) {\r |
7ae130da JY |
557 | goto Done;\r |
558 | }\r | |
c1d93242 | 559 | \r |
c411b485 | 560 | if (ResultBufSize > sizeof (Res)) {\r |
e905fbb0 | 561 | DEBUG ((DEBUG_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
562 | Status = EFI_BUFFER_TOO_SMALL;\r |
563 | goto Done;\r | |
c1d93242 JY |
564 | }\r |
565 | \r | |
566 | //\r | |
567 | // Validate response headers\r | |
568 | //\r | |
c411b485 MK |
569 | RespSize = SwapBytes32 (Res.Header.paramSize);\r |
570 | if (RespSize > sizeof (Res)) {\r | |
e905fbb0 | 571 | DEBUG ((DEBUG_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
572 | Status = EFI_BUFFER_TOO_SMALL;\r |
573 | goto Done;\r | |
c1d93242 JY |
574 | }\r |
575 | \r | |
576 | //\r | |
577 | // Fail if command failed\r | |
578 | //\r | |
c411b485 MK |
579 | if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r |
580 | DEBUG ((DEBUG_ERROR, "ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r | |
7ae130da JY |
581 | Status = EFI_DEVICE_ERROR;\r |
582 | goto Done;\r | |
c1d93242 JY |
583 | }\r |
584 | \r | |
7ae130da JY |
585 | Done:\r |
586 | //\r | |
587 | // Clear AuthSession Content\r | |
588 | //\r | |
c411b485 MK |
589 | ZeroMem (&Cmd, sizeof (Cmd));\r |
590 | ZeroMem (&Res, sizeof (Res));\r | |
7ae130da | 591 | return Status;\r |
c1d93242 JY |
592 | }\r |
593 | \r | |
594 | /**\r | |
595 | This replaces the current PPS with a value from the RNG and sets platformPolicy to the default\r | |
596 | initialization value (the Empty Buffer).\r | |
597 | \r | |
598 | @param[in] AuthHandle TPM_RH_PLATFORM+{PP}\r | |
599 | @param[in] AuthSession Auth Session context\r | |
600 | \r | |
601 | @retval EFI_SUCCESS Operation completed successfully.\r | |
602 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
603 | **/\r | |
604 | EFI_STATUS\r | |
605 | EFIAPI\r | |
606 | Tpm2ChangePPS (\r | |
c411b485 MK |
607 | IN TPMI_RH_PLATFORM AuthHandle,\r |
608 | IN TPMS_AUTH_COMMAND *AuthSession\r | |
c1d93242 JY |
609 | )\r |
610 | {\r | |
611 | EFI_STATUS Status;\r | |
612 | TPM2_CHANGE_PPS_COMMAND Cmd;\r | |
613 | TPM2_CHANGE_PPS_RESPONSE Res;\r | |
614 | UINT32 CmdSize;\r | |
615 | UINT32 RespSize;\r | |
616 | UINT8 *Buffer;\r | |
617 | UINT32 SessionInfoSize;\r | |
618 | UINT8 *ResultBuf;\r | |
619 | UINT32 ResultBufSize;\r | |
620 | \r | |
621 | //\r | |
622 | // Construct command\r | |
623 | //\r | |
c411b485 MK |
624 | Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
625 | Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r | |
626 | Cmd.Header.commandCode = SwapBytes32 (TPM_CC_ChangePPS);\r | |
627 | Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
628 | \r |
629 | //\r | |
630 | // Add in Auth session\r | |
631 | //\r | |
632 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
633 | \r | |
634 | // sessionInfoSize\r | |
c411b485 MK |
635 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
636 | Buffer += SessionInfoSize;\r | |
637 | Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 638 | \r |
c411b485 MK |
639 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r |
640 | Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r | |
c1d93242 | 641 | \r |
c411b485 MK |
642 | ResultBuf = (UINT8 *)&Res;\r |
643 | ResultBufSize = sizeof (Res);\r | |
c1d93242 JY |
644 | \r |
645 | //\r | |
646 | // Call the TPM\r | |
647 | //\r | |
648 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
649 | CmdSize,\r |
650 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
651 | &ResultBufSize,\r |
652 | ResultBuf\r | |
653 | );\r | |
c411b485 | 654 | if (EFI_ERROR (Status)) {\r |
7ae130da JY |
655 | goto Done;\r |
656 | }\r | |
c1d93242 | 657 | \r |
c411b485 | 658 | if (ResultBufSize > sizeof (Res)) {\r |
e905fbb0 | 659 | DEBUG ((DEBUG_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
660 | Status = EFI_BUFFER_TOO_SMALL;\r |
661 | goto Done;\r | |
c1d93242 JY |
662 | }\r |
663 | \r | |
664 | //\r | |
665 | // Validate response headers\r | |
666 | //\r | |
c411b485 MK |
667 | RespSize = SwapBytes32 (Res.Header.paramSize);\r |
668 | if (RespSize > sizeof (Res)) {\r | |
e905fbb0 | 669 | DEBUG ((DEBUG_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
670 | Status = EFI_BUFFER_TOO_SMALL;\r |
671 | goto Done;\r | |
c1d93242 JY |
672 | }\r |
673 | \r | |
674 | //\r | |
675 | // Fail if command failed\r | |
676 | //\r | |
c411b485 MK |
677 | if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r |
678 | DEBUG ((DEBUG_ERROR, "ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r | |
7ae130da JY |
679 | Status = EFI_DEVICE_ERROR;\r |
680 | goto Done;\r | |
c1d93242 JY |
681 | }\r |
682 | \r | |
7ae130da JY |
683 | Done:\r |
684 | //\r | |
685 | // Clear AuthSession Content\r | |
686 | //\r | |
c411b485 MK |
687 | ZeroMem (&Cmd, sizeof (Cmd));\r |
688 | ZeroMem (&Res, sizeof (Res));\r | |
7ae130da | 689 | return Status;\r |
c1d93242 JY |
690 | }\r |
691 | \r | |
692 | /**\r | |
693 | This command enables and disables use of a hierarchy.\r | |
694 | \r | |
695 | @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}\r | |
696 | @param[in] AuthSession Auth Session context\r | |
697 | @param[in] Hierarchy Hierarchy of the enable being modified\r | |
698 | @param[in] State YES if the enable should be SET,\r | |
699 | NO if the enable should be CLEAR\r | |
700 | \r | |
701 | @retval EFI_SUCCESS Operation completed successfully.\r | |
702 | @retval EFI_DEVICE_ERROR Unexpected device behavior.\r | |
703 | **/\r | |
704 | EFI_STATUS\r | |
705 | EFIAPI\r | |
706 | Tpm2HierarchyControl (\r | |
c411b485 MK |
707 | IN TPMI_RH_HIERARCHY AuthHandle,\r |
708 | IN TPMS_AUTH_COMMAND *AuthSession,\r | |
709 | IN TPMI_RH_HIERARCHY Hierarchy,\r | |
710 | IN TPMI_YES_NO State\r | |
c1d93242 JY |
711 | )\r |
712 | {\r | |
713 | EFI_STATUS Status;\r | |
714 | TPM2_HIERARCHY_CONTROL_COMMAND Cmd;\r | |
715 | TPM2_HIERARCHY_CONTROL_RESPONSE Res;\r | |
716 | UINT32 CmdSize;\r | |
717 | UINT32 RespSize;\r | |
718 | UINT8 *Buffer;\r | |
719 | UINT32 SessionInfoSize;\r | |
720 | UINT8 *ResultBuf;\r | |
721 | UINT32 ResultBufSize;\r | |
722 | \r | |
723 | //\r | |
724 | // Construct command\r | |
725 | //\r | |
c411b485 MK |
726 | Cmd.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
727 | Cmd.Header.paramSize = SwapBytes32 (sizeof (Cmd));\r | |
728 | Cmd.Header.commandCode = SwapBytes32 (TPM_CC_HierarchyControl);\r | |
729 | Cmd.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
730 | \r |
731 | //\r | |
732 | // Add in Auth session\r | |
733 | //\r | |
734 | Buffer = (UINT8 *)&Cmd.AuthSession;\r | |
735 | \r | |
736 | // sessionInfoSize\r | |
c411b485 MK |
737 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
738 | Buffer += SessionInfoSize;\r | |
739 | Cmd.AuthorizationSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 740 | \r |
c411b485 MK |
741 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Hierarchy));\r |
742 | Buffer += sizeof (UINT32);\r | |
c1d93242 JY |
743 | \r |
744 | *(UINT8 *)Buffer = State;\r | |
58dbfc3c | 745 | Buffer++;\r |
c1d93242 | 746 | \r |
c411b485 MK |
747 | CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r |
748 | Cmd.Header.paramSize = SwapBytes32 (CmdSize);\r | |
c1d93242 | 749 | \r |
c411b485 MK |
750 | ResultBuf = (UINT8 *)&Res;\r |
751 | ResultBufSize = sizeof (Res);\r | |
c1d93242 JY |
752 | \r |
753 | //\r | |
754 | // Call the TPM\r | |
755 | //\r | |
756 | Status = Tpm2SubmitCommand (\r | |
b3548d32 LG |
757 | CmdSize,\r |
758 | (UINT8 *)&Cmd,\r | |
c1d93242 JY |
759 | &ResultBufSize,\r |
760 | ResultBuf\r | |
761 | );\r | |
c411b485 | 762 | if (EFI_ERROR (Status)) {\r |
7ae130da JY |
763 | goto Done;\r |
764 | }\r | |
c1d93242 | 765 | \r |
c411b485 | 766 | if (ResultBufSize > sizeof (Res)) {\r |
e905fbb0 | 767 | DEBUG ((DEBUG_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r |
7ae130da JY |
768 | Status = EFI_BUFFER_TOO_SMALL;\r |
769 | goto Done;\r | |
c1d93242 JY |
770 | }\r |
771 | \r | |
772 | //\r | |
773 | // Validate response headers\r | |
774 | //\r | |
c411b485 MK |
775 | RespSize = SwapBytes32 (Res.Header.paramSize);\r |
776 | if (RespSize > sizeof (Res)) {\r | |
e905fbb0 | 777 | DEBUG ((DEBUG_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r |
7ae130da JY |
778 | Status = EFI_BUFFER_TOO_SMALL;\r |
779 | goto Done;\r | |
c1d93242 JY |
780 | }\r |
781 | \r | |
782 | //\r | |
783 | // Fail if command failed\r | |
784 | //\r | |
c411b485 MK |
785 | if (SwapBytes32 (Res.Header.responseCode) != TPM_RC_SUCCESS) {\r |
786 | DEBUG ((DEBUG_ERROR, "HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32 (Res.Header.responseCode)));\r | |
7ae130da JY |
787 | Status = EFI_DEVICE_ERROR;\r |
788 | goto Done;\r | |
c1d93242 JY |
789 | }\r |
790 | \r | |
7ae130da JY |
791 | Done:\r |
792 | //\r | |
793 | // Clear AuthSession Content\r | |
794 | //\r | |
c411b485 MK |
795 | ZeroMem (&Cmd, sizeof (Cmd));\r |
796 | ZeroMem (&Res, sizeof (Res));\r | |
7ae130da | 797 | return Status;\r |
c1d93242 | 798 | }\r |