]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg Tpm2DeviceLibDTpm: Update enum type name to match the one in lib
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2NVStorage.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 NVStorage related command.\r
3\r
dd577319 4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
c1d93242
JY		 5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <IndustryStandard/UefiTcgPlatform.h>\r
16#include <Library/Tpm2CommandLib.h>\r
17#include <Library/Tpm2DeviceLib.h>\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21\r
22#pragma pack(1)\r
23\r
24#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)\r
25\r
26#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
27#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)\r
28#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)\r
29\r
30#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
31#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)\r
32\r
33#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)\r
34#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)\r
35#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)\r
36#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)\r
37\r
38#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)\r
39#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)\r
40#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)\r
41#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)\r
42\r
43typedef struct {\r
44 TPM2_COMMAND_HEADER Header;\r
45 TPMI_RH_NV_INDEX NvIndex;\r
46} TPM2_NV_READPUBLIC_COMMAND;\r
47\r
48typedef struct {\r
49 TPM2_RESPONSE_HEADER Header;\r
50 TPM2B_NV_PUBLIC NvPublic;\r
51 TPM2B_NAME NvName;\r
52} TPM2_NV_READPUBLIC_RESPONSE;\r
53\r
54typedef struct {\r
55 TPM2_COMMAND_HEADER Header;\r
56 TPMI_RH_PROVISION AuthHandle;\r
57 UINT32 AuthSessionSize;\r
58 TPMS_AUTH_COMMAND AuthSession;\r
59 TPM2B_AUTH Auth;\r
60 TPM2B_NV_PUBLIC NvPublic;\r
61} TPM2_NV_DEFINESPACE_COMMAND;\r
62\r
63typedef struct {\r
64 TPM2_RESPONSE_HEADER Header;\r
65 UINT32 AuthSessionSize;\r
66 TPMS_AUTH_RESPONSE AuthSession;\r
67} TPM2_NV_DEFINESPACE_RESPONSE;\r
68\r
69typedef struct {\r
70 TPM2_COMMAND_HEADER Header;\r
71 TPMI_RH_PROVISION AuthHandle;\r
72 TPMI_RH_NV_INDEX NvIndex;\r
73 UINT32 AuthSessionSize;\r
74 TPMS_AUTH_COMMAND AuthSession;\r
75} TPM2_NV_UNDEFINESPACE_COMMAND;\r
76\r
77typedef struct {\r
78 TPM2_RESPONSE_HEADER Header;\r
79 UINT32 AuthSessionSize;\r
80 TPMS_AUTH_RESPONSE AuthSession;\r
81} TPM2_NV_UNDEFINESPACE_RESPONSE;\r
82\r
83typedef struct {\r
84 TPM2_COMMAND_HEADER Header;\r
85 TPMI_RH_NV_AUTH AuthHandle;\r
86 TPMI_RH_NV_INDEX NvIndex;\r
87 UINT32 AuthSessionSize;\r
88 TPMS_AUTH_COMMAND AuthSession;\r
89 UINT16 Size;\r
90 UINT16 Offset;\r
91} TPM2_NV_READ_COMMAND;\r
92\r
93typedef struct {\r
94 TPM2_RESPONSE_HEADER Header;\r
95 UINT32 AuthSessionSize;\r
96 TPM2B_MAX_BUFFER Data;\r
97 TPMS_AUTH_RESPONSE AuthSession;\r
98} TPM2_NV_READ_RESPONSE;\r
99\r
100typedef struct {\r
101 TPM2_COMMAND_HEADER Header;\r
102 TPMI_RH_NV_AUTH AuthHandle;\r
103 TPMI_RH_NV_INDEX NvIndex;\r
104 UINT32 AuthSessionSize;\r
105 TPMS_AUTH_COMMAND AuthSession;\r
106 TPM2B_MAX_BUFFER Data;\r
107 UINT16 Offset;\r
108} TPM2_NV_WRITE_COMMAND;\r
109\r
110typedef struct {\r
111 TPM2_RESPONSE_HEADER Header;\r
112 UINT32 AuthSessionSize;\r
113 TPMS_AUTH_RESPONSE AuthSession;\r
114} TPM2_NV_WRITE_RESPONSE;\r
115\r
116typedef struct {\r
117 TPM2_COMMAND_HEADER Header;\r
118 TPMI_RH_NV_AUTH AuthHandle;\r
119 TPMI_RH_NV_INDEX NvIndex;\r
120 UINT32 AuthSessionSize;\r
121 TPMS_AUTH_COMMAND AuthSession;\r
122} TPM2_NV_READLOCK_COMMAND;\r
123\r
124typedef struct {\r
125 TPM2_RESPONSE_HEADER Header;\r
126 UINT32 AuthSessionSize;\r
127 TPMS_AUTH_RESPONSE AuthSession;\r
128} TPM2_NV_READLOCK_RESPONSE;\r
129\r
130typedef struct {\r
131 TPM2_COMMAND_HEADER Header;\r
132 TPMI_RH_NV_AUTH AuthHandle;\r
133 TPMI_RH_NV_INDEX NvIndex;\r
134 UINT32 AuthSessionSize;\r
135 TPMS_AUTH_COMMAND AuthSession;\r
136} TPM2_NV_WRITELOCK_COMMAND;\r
137\r
138typedef struct {\r
139 TPM2_RESPONSE_HEADER Header;\r
140 UINT32 AuthSessionSize;\r
141 TPMS_AUTH_RESPONSE AuthSession;\r
142} TPM2_NV_WRITELOCK_RESPONSE;\r
143\r
144typedef struct {\r
145 TPM2_COMMAND_HEADER Header;\r
146 TPMI_RH_PROVISION AuthHandle;\r
147 UINT32 AuthSessionSize;\r
148 TPMS_AUTH_COMMAND AuthSession;\r
149} TPM2_NV_GLOBALWRITELOCK_COMMAND;\r
150\r
151typedef struct {\r
152 TPM2_RESPONSE_HEADER Header;\r
153 UINT32 AuthSessionSize;\r
154 TPMS_AUTH_RESPONSE AuthSession;\r
155} TPM2_NV_GLOBALWRITELOCK_RESPONSE;\r
156\r
157#pragma pack()\r
158\r
159/**\r
160 This command is used to read the public area and Name of an NV Index.\r
161\r
162 @param[in] NvIndex The NV Index.\r
163 @param[out] NvPublic The public area of the index.\r
164 @param[out] NvName The Name of the nvIndex.\r
165 \r
166 @retval EFI_SUCCESS Operation completed successfully.\r
167 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
168 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
169**/\r
170EFI_STATUS\r
171EFIAPI\r
172Tpm2NvReadPublic (\r
173 IN TPMI_RH_NV_INDEX NvIndex,\r
174 OUT TPM2B_NV_PUBLIC *NvPublic,\r
175 OUT TPM2B_NAME *NvName\r
176 )\r
177{\r
178 EFI_STATUS Status;\r
179 TPM2_NV_READPUBLIC_COMMAND SendBuffer;\r
180 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer;\r
181 UINT32 SendBufferSize;\r
182 UINT32 RecvBufferSize;\r
183 UINT16 NvPublicSize;\r
184 UINT16 NvNameSize;\r
185 UINT8 *Buffer;\r
186 TPM_RC ResponseCode;\r
187\r
188 //\r
189 // Construct command\r
190 //\r
191 SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
192 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic);\r
193\r
194 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
195 \r
196 SendBufferSize = (UINT32) sizeof (SendBuffer);\r
197 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
198\r
199 //\r
200 // send Tpm command\r
201 //\r
202 RecvBufferSize = sizeof (RecvBuffer);\r
203 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
204 if (EFI_ERROR (Status)) {\r
205 return Status;\r
206 }\r
207\r
208 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
209 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
210 return EFI_DEVICE_ERROR;\r
211 }\r
212 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
213 if (ResponseCode != TPM_RC_SUCCESS) {\r
214 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
215 }\r
216 switch (ResponseCode) {\r
217 case TPM_RC_SUCCESS:\r
218 // return data\r
219 break;\r
220 case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED:\r
221 return EFI_NOT_FOUND;\r
222 case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex:\r
223 return EFI_INVALID_PARAMETER;\r
224 default:\r
225 return EFI_DEVICE_ERROR;\r
226 }\r
227\r
228 if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) {\r
229 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
230 return EFI_NOT_FOUND;\r
231 }\r
232\r
233 //\r
234 // Basic check\r
235 //\r
236 NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);\r
dd577319
ZC		 237 if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) {\r
238 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));\r
239 return EFI_DEVICE_ERROR;\r
240 }\r
241\r
c1d93242 242 NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize)));\r
dd577319
ZC		 243 if (NvNameSize > sizeof(TPMU_NAME)){\r
244 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));\r
245 return EFI_DEVICE_ERROR;\r
246 }\r
c1d93242
JY		 247\r
248 if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) {\r
dd577319 249 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));\r
c1d93242
JY		 250 return EFI_NOT_FOUND;\r
251 }\r
252\r
253 //\r
254 // Return the response\r
255 //\r
256 CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize);\r
257 NvPublic->size = NvPublicSize;\r
258 NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);\r
259 NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);\r
260 WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
261 NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);\r
b1b1d646 262 Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;\r
c1d93242
JY		 263 Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size;\r
264 NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r
265\r
b1b1d646 266 CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);\r
c1d93242
JY		 267 NvName->size = NvNameSize;\r
268 \r
269 return EFI_SUCCESS;\r
270}\r
271\r
272/**\r
273 This command defines the attributes of an NV Index and causes the TPM to\r
274 reserve space to hold the data associated with the index.\r
275 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r
276\r
277 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
278 @param[in] AuthSession Auth Session context\r
279 @param[in] Auth The authorization data.\r
280 @param[in] NvPublic The public area of the index.\r
281 \r
282 @retval EFI_SUCCESS Operation completed successfully.\r
283 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
284 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r
285**/\r
286EFI_STATUS\r
287EFIAPI\r
288Tpm2NvDefineSpace (\r
289 IN TPMI_RH_PROVISION AuthHandle,\r
290 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
291 IN TPM2B_AUTH *Auth,\r
292 IN TPM2B_NV_PUBLIC *NvPublic\r
293 )\r
294{\r
295 EFI_STATUS Status;\r
296 TPM2_NV_DEFINESPACE_COMMAND SendBuffer;\r
297 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;\r
298 UINT32 SendBufferSize;\r
299 UINT32 RecvBufferSize;\r
300 UINT16 NvPublicSize;\r
301 UINT8 *Buffer;\r
302 UINT32 SessionInfoSize;\r
303 TPM_RC ResponseCode;\r
304\r
305 //\r
306 // Construct command\r
307 //\r
308 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
309 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);\r
310 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
311\r
312 //\r
313 // Add in Auth session\r
314 //\r
315 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
316\r
317 // sessionInfoSize\r
318 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
319 Buffer += SessionInfoSize;\r
320 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
321\r
322 //\r
323 // IndexAuth\r
324 //\r
325 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size));\r
326 Buffer += sizeof(UINT16);\r
327 CopyMem(Buffer, Auth->buffer, Auth->size);\r
328 Buffer += Auth->size;\r
329\r
330 //\r
331 // NvPublic\r
332 //\r
333 NvPublicSize = NvPublic->size;\r
334\r
335 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));\r
336 Buffer += sizeof(UINT16);\r
337 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));\r
338 Buffer += sizeof(UINT32);\r
339 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));\r
340 Buffer += sizeof(UINT16);\r
341 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
342 Buffer += sizeof(UINT32);\r
343 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));\r
344 Buffer += sizeof(UINT16);\r
345 CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);\r
346 Buffer += NvPublic->nvPublic.authPolicy.size;\r
347 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));\r
348 Buffer += sizeof(UINT16);\r
349\r
350 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
351 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
352\r
353 //\r
354 // send Tpm command\r
355 //\r
356 RecvBufferSize = sizeof (RecvBuffer);\r
357 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
358 if (EFI_ERROR (Status)) {\r
7ae130da 359 goto Done;\r
c1d93242
JY		 360 }\r
361\r
362 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
363 DEBUG ((EFI_D_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 364 Status = EFI_DEVICE_ERROR;\r
365 goto Done;\r
c1d93242
JY		 366 }\r
367\r
368 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
369 if (ResponseCode != TPM_RC_SUCCESS) {\r
370 DEBUG ((EFI_D_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
371 }\r
372 switch (ResponseCode) {\r
373 case TPM_RC_SUCCESS:\r
374 // return data\r
375 break;\r
376 case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo:\r
377 case TPM_RC_SIZE + RC_NV_DefineSpace_auth:\r
7ae130da
JY		 378 Status = EFI_BAD_BUFFER_SIZE;\r
379 break;\r
c1d93242
JY		 380 case TPM_RC_ATTRIBUTES:\r
381 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo:\r
7ae130da
JY		 382 Status = EFI_UNSUPPORTED;\r
383 break;\r
c1d93242 384 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle:\r
7ae130da
JY		 385 Status = EFI_INVALID_PARAMETER;\r
386 break;\r
c1d93242 387 case TPM_RC_NV_DEFINED:\r
7ae130da
JY		 388 Status = EFI_ALREADY_STARTED;\r
389 break;\r
c1d93242
JY		 390 case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo:\r
391 case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle:\r
7ae130da
JY		 392 Status = EFI_INVALID_PARAMETER;\r
393 break;\r
c1d93242 394 case TPM_RC_NV_SPACE:\r
7ae130da
JY		 395 Status = EFI_OUT_OF_RESOURCES;\r
396 break;\r
c1d93242 397 default:\r
7ae130da
JY		 398 Status = EFI_DEVICE_ERROR;\r
399 break;\r
c1d93242 400 }\r
7ae130da
JY		 401\r
402Done:\r
403 //\r
404 // Clear AuthSession Content\r
405 //\r
406 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
407 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
408 return Status;\r
c1d93242
JY		 409}\r
410\r
411/**\r
412 This command removes an index from the TPM.\r
413\r
414 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
415 @param[in] NvIndex The NV Index.\r
416 @param[in] AuthSession Auth Session context\r
417 \r
418 @retval EFI_SUCCESS Operation completed successfully.\r
419 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
420 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
421**/\r
422EFI_STATUS\r
423EFIAPI\r
424Tpm2NvUndefineSpace (\r
425 IN TPMI_RH_PROVISION AuthHandle,\r
426 IN TPMI_RH_NV_INDEX NvIndex,\r
427 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
428 )\r
429{\r
430 EFI_STATUS Status;\r
431 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer;\r
432 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer;\r
433 UINT32 SendBufferSize;\r
434 UINT32 RecvBufferSize;\r
435 UINT8 *Buffer;\r
436 UINT32 SessionInfoSize;\r
437 TPM_RC ResponseCode;\r
438\r
439 //\r
440 // Construct command\r
441 //\r
442 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
443 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace);\r
444\r
445 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
446 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
447\r
448 //\r
449 // Add in Auth session\r
450 //\r
451 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
452\r
453 // sessionInfoSize\r
454 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
455 Buffer += SessionInfoSize;\r
456 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
457\r
458 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
459 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
460\r
461 //\r
462 // send Tpm command\r
463 //\r
464 RecvBufferSize = sizeof (RecvBuffer);\r
465 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
466 if (EFI_ERROR (Status)) {\r
7ae130da 467 goto Done;\r
c1d93242
JY		 468 }\r
469\r
470 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
471 DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 472 Status = EFI_DEVICE_ERROR;\r
473 goto Done;\r
c1d93242
JY		 474 }\r
475\r
476 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
477 if (ResponseCode != TPM_RC_SUCCESS) {\r
478 DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
479 }\r
480 switch (ResponseCode) {\r
481 case TPM_RC_SUCCESS:\r
482 // return data\r
483 break;\r
484 case TPM_RC_ATTRIBUTES:\r
485 case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex:\r
7ae130da
JY		 486 Status = EFI_UNSUPPORTED;\r
487 break;\r
c1d93242 488 case TPM_RC_NV_AUTHORIZATION:\r
7ae130da
JY		 489 Status = EFI_SECURITY_VIOLATION;\r
490 break;\r
c1d93242 491 case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 492 Status = EFI_NOT_FOUND;\r
493 break;\r
c1d93242 494 case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 495 Status = EFI_INVALID_PARAMETER;\r
496 break;\r
c1d93242
JY		 497 case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle:\r
498 case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:\r
7ae130da
JY		 499 Status = EFI_INVALID_PARAMETER;\r
500 break;\r
c1d93242 501 default:\r
7ae130da
JY		 502 Status = EFI_DEVICE_ERROR;\r
503 break;\r
c1d93242
JY		 504 }\r
505\r
7ae130da
JY		 506Done:\r
507 //\r
508 // Clear AuthSession Content\r
509 //\r
510 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
511 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
512 return Status;\r
c1d93242
JY		 513}\r
514\r
515/**\r
516 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r
517\r
518 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
519 @param[in] NvIndex The index to be read.\r
520 @param[in] AuthSession Auth Session context\r
521 @param[in] Size Number of bytes to read.\r
522 @param[in] Offset Byte offset into the area.\r
523 @param[in,out] OutData The data read.\r
524 \r
525 @retval EFI_SUCCESS Operation completed successfully.\r
526 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
527 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
528**/\r
529EFI_STATUS\r
530EFIAPI\r
531Tpm2NvRead (\r
532 IN TPMI_RH_NV_AUTH AuthHandle,\r
533 IN TPMI_RH_NV_INDEX NvIndex,\r
534 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
535 IN UINT16 Size,\r
536 IN UINT16 Offset,\r
537 IN OUT TPM2B_MAX_BUFFER *OutData\r
538 )\r
539{\r
540 EFI_STATUS Status;\r
541 TPM2_NV_READ_COMMAND SendBuffer;\r
542 TPM2_NV_READ_RESPONSE RecvBuffer;\r
543 UINT32 SendBufferSize;\r
544 UINT32 RecvBufferSize;\r
545 UINT8 *Buffer;\r
546 UINT32 SessionInfoSize;\r
547 TPM_RC ResponseCode;\r
548\r
549 //\r
550 // Construct command\r
551 //\r
552 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
553 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read);\r
554\r
555 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
556 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
557\r
558 //\r
559 // Add in Auth session\r
560 //\r
561 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
562\r
563 // sessionInfoSize\r
564 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
565 Buffer += SessionInfoSize;\r
566 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
567\r
568 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));\r
569 Buffer += sizeof(UINT16);\r
570 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
571 Buffer += sizeof(UINT16);\r
572\r
573 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
574 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
575\r
576 //\r
577 // send Tpm command\r
578 //\r
579 RecvBufferSize = sizeof (RecvBuffer);\r
580 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
581 if (EFI_ERROR (Status)) {\r
7ae130da 582 goto Done;\r
c1d93242
JY		 583 }\r
584\r
585 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
586 DEBUG ((EFI_D_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 587 Status = EFI_DEVICE_ERROR;\r
588 goto Done;\r
c1d93242
JY		 589 }\r
590 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
591 if (ResponseCode != TPM_RC_SUCCESS) {\r
592 DEBUG ((EFI_D_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));\r
593 }\r
594 switch (ResponseCode) {\r
595 case TPM_RC_SUCCESS:\r
596 // return data\r
597 break;\r
598 case TPM_RC_NV_AUTHORIZATION:\r
7ae130da
JY		 599 Status = EFI_SECURITY_VIOLATION;\r
600 break;\r
c1d93242 601 case TPM_RC_NV_LOCKED:\r
7ae130da
JY		 602 Status = EFI_ACCESS_DENIED;\r
603 break;\r
c1d93242 604 case TPM_RC_NV_RANGE:\r
7ae130da
JY		 605 Status = EFI_BAD_BUFFER_SIZE;\r
606 break;\r
c1d93242 607 case TPM_RC_NV_UNINITIALIZED:\r
7ae130da
JY		 608 Status = EFI_NOT_READY;\r
609 break;\r
c1d93242 610 case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 611 Status = EFI_NOT_FOUND;\r
612 break;\r
c1d93242 613 case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 614 Status = EFI_INVALID_PARAMETER;\r
615 break;\r
c1d93242
JY		 616 case TPM_RC_VALUE + RC_NV_Read_nvIndex:\r
617 case TPM_RC_VALUE + RC_NV_Read_authHandle:\r
7ae130da
JY		 618 Status = EFI_INVALID_PARAMETER;\r
619 break;\r
c1d93242 620 case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S:\r
7ae130da
JY		 621 Status = EFI_INVALID_PARAMETER;\r
622 break;\r
c1d93242 623 case TPM_RC_AUTH_UNAVAILABLE:\r
7ae130da
JY		 624 Status = EFI_INVALID_PARAMETER;\r
625 break;\r
c1d93242 626 case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S:\r
7ae130da
JY		 627 Status = EFI_INVALID_PARAMETER;\r
628 break;\r
c1d93242 629 case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S:\r
7ae130da
JY		 630 Status = EFI_UNSUPPORTED;\r
631 break;\r
632 default:\r
633 Status = EFI_DEVICE_ERROR;\r
634 break;\r
635 }\r
636 if (Status != EFI_SUCCESS) {\r
637 goto Done;\r
c1d93242
JY		 638 }\r
639\r
640 //\r
641 // Return the response\r
642 //\r
643 OutData->size = SwapBytes16 (RecvBuffer.Data.size);\r
dd577319
ZC		 644 if (OutData->size > MAX_DIGEST_BUFFER) {\r
645 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size));\r
646 Status = EFI_DEVICE_ERROR;\r
647 goto Done;\r
648 }\r
649\r
c1d93242
JY		 650 CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);\r
651 \r
7ae130da
JY		 652Done:\r
653 //\r
654 // Clear AuthSession Content\r
655 //\r
656 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
657 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
658 return Status;\r
c1d93242
JY		 659}\r
660\r
661/**\r
662 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r
663\r
664 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
665 @param[in] NvIndex The NV Index of the area to write.\r
666 @param[in] AuthSession Auth Session context\r
667 @param[in] InData The data to write.\r
668 @param[in] Offset The offset into the NV Area.\r
669 \r
670 @retval EFI_SUCCESS Operation completed successfully.\r
671 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
672 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
673**/\r
674EFI_STATUS\r
675EFIAPI\r
676Tpm2NvWrite (\r
677 IN TPMI_RH_NV_AUTH AuthHandle,\r
678 IN TPMI_RH_NV_INDEX NvIndex,\r
679 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
680 IN TPM2B_MAX_BUFFER *InData,\r
681 IN UINT16 Offset\r
682 )\r
683{\r
684 EFI_STATUS Status;\r
685 TPM2_NV_WRITE_COMMAND SendBuffer;\r
686 TPM2_NV_WRITE_RESPONSE RecvBuffer;\r
687 UINT32 SendBufferSize;\r
688 UINT32 RecvBufferSize;\r
689 UINT8 *Buffer;\r
690 UINT32 SessionInfoSize;\r
691 TPM_RC ResponseCode;\r
692\r
693 //\r
694 // Construct command\r
695 //\r
696 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
697 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write);\r
698\r
699 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
700 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
701\r
702 //\r
703 // Add in Auth session\r
704 //\r
705 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
706\r
707 // sessionInfoSize\r
708 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
709 Buffer += SessionInfoSize;\r
710 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
711\r
712 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));\r
713 Buffer += sizeof(UINT16);\r
714 CopyMem (Buffer, InData->buffer, InData->size);\r
715 Buffer += InData->size;\r
716 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
717 Buffer += sizeof(UINT16);\r
718\r
719 SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer);\r
720 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
721\r
722 //\r
723 // send Tpm command\r
724 //\r
725 RecvBufferSize = sizeof (RecvBuffer);\r
726 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
727 if (EFI_ERROR (Status)) {\r
7ae130da 728 goto Done;\r
c1d93242
JY		 729 }\r
730\r
731 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
732 DEBUG ((EFI_D_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 733 Status = EFI_DEVICE_ERROR;\r
734 goto Done;\r
c1d93242
JY		 735 }\r
736 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
737 if (ResponseCode != TPM_RC_SUCCESS) {\r
738 DEBUG ((EFI_D_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));\r
739 }\r
740 switch (ResponseCode) {\r
741 case TPM_RC_SUCCESS:\r
7ae130da
JY		 742 // return data\r
743 break;\r
c1d93242 744 case TPM_RC_ATTRIBUTES:\r
7ae130da
JY		 745 Status = EFI_UNSUPPORTED;\r
746 break;\r
c1d93242 747 case TPM_RC_NV_AUTHORIZATION:\r
7ae130da
JY		 748 Status = EFI_SECURITY_VIOLATION;\r
749 break;\r
c1d93242 750 case TPM_RC_NV_LOCKED:\r
7ae130da
JY		 751 Status = EFI_ACCESS_DENIED;\r
752 break;\r
c1d93242 753 case TPM_RC_NV_RANGE:\r
7ae130da
JY		 754 Status = EFI_BAD_BUFFER_SIZE;\r
755 break;\r
c1d93242 756 case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 757 Status = EFI_NOT_FOUND;\r
758 break;\r
c1d93242 759 case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 760 Status = EFI_INVALID_PARAMETER;\r
761 break;\r
c1d93242
JY		 762 case TPM_RC_VALUE + RC_NV_Write_nvIndex:\r
763 case TPM_RC_VALUE + RC_NV_Write_authHandle:\r
7ae130da
JY		 764 Status = EFI_INVALID_PARAMETER;\r
765 break;\r
c1d93242 766 case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S:\r
7ae130da
JY		 767 Status = EFI_INVALID_PARAMETER;\r
768 break;\r
c1d93242 769 case TPM_RC_AUTH_UNAVAILABLE:\r
7ae130da
JY		 770 Status = EFI_INVALID_PARAMETER;\r
771 break;\r
c1d93242 772 case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S:\r
7ae130da
JY		 773 Status = EFI_INVALID_PARAMETER;\r
774 break;\r
c1d93242 775 case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S:\r
7ae130da
JY		 776 Status = EFI_UNSUPPORTED;\r
777 break;\r
778 default:\r
779 Status = EFI_DEVICE_ERROR;\r
780 break;\r
c1d93242 781 }\r
7ae130da
JY		 782\r
783Done:\r
784 //\r
785 // Clear AuthSession Content\r
786 //\r
787 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
788 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
789 return Status;\r
c1d93242
JY		 790}\r
791\r
792/**\r
793 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r
794\r
795 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
796 @param[in] NvIndex The NV Index of the area to lock.\r
797 @param[in] AuthSession Auth Session context\r
798\r
799 @retval EFI_SUCCESS Operation completed successfully.\r
800 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
801 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
802**/\r
803EFI_STATUS\r
804EFIAPI\r
805Tpm2NvReadLock (\r
806 IN TPMI_RH_NV_AUTH AuthHandle,\r
807 IN TPMI_RH_NV_INDEX NvIndex,\r
808 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
809 )\r
810{\r
811 EFI_STATUS Status;\r
812 TPM2_NV_READLOCK_COMMAND SendBuffer;\r
813 TPM2_NV_READLOCK_RESPONSE RecvBuffer;\r
814 UINT32 SendBufferSize;\r
815 UINT32 RecvBufferSize;\r
816 UINT8 *Buffer;\r
817 UINT32 SessionInfoSize;\r
818 TPM_RC ResponseCode;\r
819\r
820 //\r
821 // Construct command\r
822 //\r
823 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
824 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock);\r
825\r
826 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
827 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
828\r
829 //\r
830 // Add in Auth session\r
831 //\r
832 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
833\r
834 // sessionInfoSize\r
835 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
836 Buffer += SessionInfoSize;\r
837 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
838\r
839 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
840 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
841\r
842 //\r
843 // send Tpm command\r
844 //\r
845 RecvBufferSize = sizeof (RecvBuffer);\r
846 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
847 if (EFI_ERROR (Status)) {\r
7ae130da 848 goto Done;\r
c1d93242
JY		 849 }\r
850\r
851 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
852 DEBUG ((EFI_D_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 853 Status = EFI_DEVICE_ERROR;\r
854 goto Done;\r
c1d93242
JY		 855 }\r
856\r
857 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
858 if (ResponseCode != TPM_RC_SUCCESS) {\r
859 DEBUG ((EFI_D_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
860 }\r
861 switch (ResponseCode) {\r
862 case TPM_RC_SUCCESS:\r
863 // return data\r
864 break;\r
865 default:\r
7ae130da
JY		 866 Status = EFI_DEVICE_ERROR;\r
867 break;\r
c1d93242
JY		 868 }\r
869\r
7ae130da
JY		 870Done:\r
871 //\r
872 // Clear AuthSession Content\r
873 //\r
874 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
875 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
876 return Status;\r
c1d93242
JY		 877}\r
878\r
879/**\r
880 This command may be used to inhibit further writes of the Index.\r
881\r
882 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
883 @param[in] NvIndex The NV Index of the area to lock.\r
884 @param[in] AuthSession Auth Session context\r
885\r
886 @retval EFI_SUCCESS Operation completed successfully.\r
887 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
888 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
889**/\r
890EFI_STATUS\r
891EFIAPI\r
892Tpm2NvWriteLock (\r
893 IN TPMI_RH_NV_AUTH AuthHandle,\r
894 IN TPMI_RH_NV_INDEX NvIndex,\r
895 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
896 )\r
897{\r
898 EFI_STATUS Status;\r
899 TPM2_NV_WRITELOCK_COMMAND SendBuffer;\r
900 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer;\r
901 UINT32 SendBufferSize;\r
902 UINT32 RecvBufferSize;\r
903 UINT8 *Buffer;\r
904 UINT32 SessionInfoSize;\r
905 TPM_RC ResponseCode;\r
906\r
907 //\r
908 // Construct command\r
909 //\r
910 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
911 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock);\r
912\r
913 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
914 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
915\r
916 //\r
917 // Add in Auth session\r
918 //\r
919 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
920\r
921 // sessionInfoSize\r
922 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
923 Buffer += SessionInfoSize;\r
924 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
925\r
926 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
927 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
928\r
929 //\r
930 // send Tpm command\r
931 //\r
932 RecvBufferSize = sizeof (RecvBuffer);\r
933 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
934 if (EFI_ERROR (Status)) {\r
7ae130da 935 goto Done;\r
c1d93242
JY		 936 }\r
937\r
938 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
939 DEBUG ((EFI_D_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 940 Status = EFI_DEVICE_ERROR;\r
941 goto Done;\r
c1d93242
JY		 942 }\r
943\r
944 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
945 if (ResponseCode != TPM_RC_SUCCESS) {\r
946 DEBUG ((EFI_D_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
947 }\r
948 switch (ResponseCode) {\r
949 case TPM_RC_SUCCESS:\r
950 // return data\r
951 break;\r
952 default:\r
7ae130da
JY		 953 Status = EFI_DEVICE_ERROR;\r
954 break;\r
c1d93242
JY		 955 }\r
956\r
7ae130da
JY		 957Done:\r
958 //\r
959 // Clear AuthSession Content\r
960 //\r
961 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
962 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
963 return Status;\r
c1d93242
JY		 964}\r
965\r
966/**\r
967 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r
968\r
969 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
970 @param[in] AuthSession Auth Session context\r
971\r
972 @retval EFI_SUCCESS Operation completed successfully.\r
973 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
974 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
975**/\r
976EFI_STATUS\r
977EFIAPI\r
978Tpm2NvGlobalWriteLock (\r
979 IN TPMI_RH_PROVISION AuthHandle,\r
980 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
981 )\r
982{\r
983 EFI_STATUS Status;\r
984 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer;\r
985 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer;\r
986 UINT32 SendBufferSize;\r
987 UINT32 RecvBufferSize;\r
988 UINT8 *Buffer;\r
989 UINT32 SessionInfoSize;\r
990 TPM_RC ResponseCode;\r
991\r
992 //\r
993 // Construct command\r
994 //\r
995 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
996 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock);\r
997\r
998 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
999\r
1000 //\r
1001 // Add in Auth session\r
1002 //\r
1003 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
1004\r
1005 // sessionInfoSize\r
1006 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
1007 Buffer += SessionInfoSize;\r
1008 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
1009\r
1010 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
1011 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
1012\r
1013 //\r
1014 // send Tpm command\r
1015 //\r
1016 RecvBufferSize = sizeof (RecvBuffer);\r
1017 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
1018 if (EFI_ERROR (Status)) {\r
7ae130da 1019 goto Done;\r
c1d93242
JY		 1020 }\r
1021\r
1022 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
1023 DEBUG ((EFI_D_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 1024 Status = EFI_DEVICE_ERROR;\r
1025 goto Done;\r
c1d93242
JY		 1026 }\r
1027\r
1028 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
1029 if (ResponseCode != TPM_RC_SUCCESS) {\r
1030 DEBUG ((EFI_D_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
1031 }\r
1032 switch (ResponseCode) {\r
1033 case TPM_RC_SUCCESS:\r
1034 // return data\r
1035 break;\r
1036 default:\r
7ae130da
JY		 1037 Status = EFI_DEVICE_ERROR;\r
1038 break;\r
c1d93242
JY		 1039 }\r
1040\r
7ae130da
JY		 1041Done:\r
1042 //\r
1043 // Clear AuthSession Content\r
1044 //\r
1045 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
1046 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
1047 return Status;\r
c1d93242 1048}\r
EFI Development Kit II mirror for PVE