]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Change OPTIONAL keyword usage style
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2NVStorage.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 NVStorage related command.\r
3\r
dd577319 4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
289b714b 5SPDX-License-Identifier: BSD-2-Clause-Patent\r
c1d93242
JY		 6\r
7**/\r
8\r
9#include <IndustryStandard/UefiTcgPlatform.h>\r
10#include <Library/Tpm2CommandLib.h>\r
11#include <Library/Tpm2DeviceLib.h>\r
12#include <Library/BaseMemoryLib.h>\r
13#include <Library/BaseLib.h>\r
14#include <Library/DebugLib.h>\r
15\r
16#pragma pack(1)\r
17\r
18#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)\r
19\r
20#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
21#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)\r
22#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)\r
23\r
24#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
25#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)\r
26\r
27#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)\r
28#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)\r
29#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)\r
30#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)\r
31\r
32#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)\r
33#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)\r
34#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)\r
35#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)\r
36\r
37typedef struct {\r
38 TPM2_COMMAND_HEADER Header;\r
39 TPMI_RH_NV_INDEX NvIndex;\r
40} TPM2_NV_READPUBLIC_COMMAND;\r
41\r
42typedef struct {\r
43 TPM2_RESPONSE_HEADER Header;\r
44 TPM2B_NV_PUBLIC NvPublic;\r
45 TPM2B_NAME NvName;\r
46} TPM2_NV_READPUBLIC_RESPONSE;\r
47\r
48typedef struct {\r
49 TPM2_COMMAND_HEADER Header;\r
50 TPMI_RH_PROVISION AuthHandle;\r
51 UINT32 AuthSessionSize;\r
52 TPMS_AUTH_COMMAND AuthSession;\r
53 TPM2B_AUTH Auth;\r
54 TPM2B_NV_PUBLIC NvPublic;\r
55} TPM2_NV_DEFINESPACE_COMMAND;\r
56\r
57typedef struct {\r
58 TPM2_RESPONSE_HEADER Header;\r
59 UINT32 AuthSessionSize;\r
60 TPMS_AUTH_RESPONSE AuthSession;\r
61} TPM2_NV_DEFINESPACE_RESPONSE;\r
62\r
63typedef struct {\r
64 TPM2_COMMAND_HEADER Header;\r
65 TPMI_RH_PROVISION AuthHandle;\r
66 TPMI_RH_NV_INDEX NvIndex;\r
67 UINT32 AuthSessionSize;\r
68 TPMS_AUTH_COMMAND AuthSession;\r
69} TPM2_NV_UNDEFINESPACE_COMMAND;\r
70\r
71typedef struct {\r
72 TPM2_RESPONSE_HEADER Header;\r
73 UINT32 AuthSessionSize;\r
74 TPMS_AUTH_RESPONSE AuthSession;\r
75} TPM2_NV_UNDEFINESPACE_RESPONSE;\r
76\r
77typedef struct {\r
78 TPM2_COMMAND_HEADER Header;\r
79 TPMI_RH_NV_AUTH AuthHandle;\r
80 TPMI_RH_NV_INDEX NvIndex;\r
81 UINT32 AuthSessionSize;\r
82 TPMS_AUTH_COMMAND AuthSession;\r
83 UINT16 Size;\r
84 UINT16 Offset;\r
85} TPM2_NV_READ_COMMAND;\r
86\r
87typedef struct {\r
88 TPM2_RESPONSE_HEADER Header;\r
89 UINT32 AuthSessionSize;\r
90 TPM2B_MAX_BUFFER Data;\r
91 TPMS_AUTH_RESPONSE AuthSession;\r
92} TPM2_NV_READ_RESPONSE;\r
93\r
94typedef struct {\r
95 TPM2_COMMAND_HEADER Header;\r
96 TPMI_RH_NV_AUTH AuthHandle;\r
97 TPMI_RH_NV_INDEX NvIndex;\r
98 UINT32 AuthSessionSize;\r
99 TPMS_AUTH_COMMAND AuthSession;\r
100 TPM2B_MAX_BUFFER Data;\r
101 UINT16 Offset;\r
102} TPM2_NV_WRITE_COMMAND;\r
103\r
104typedef struct {\r
105 TPM2_RESPONSE_HEADER Header;\r
106 UINT32 AuthSessionSize;\r
107 TPMS_AUTH_RESPONSE AuthSession;\r
108} TPM2_NV_WRITE_RESPONSE;\r
109\r
110typedef struct {\r
111 TPM2_COMMAND_HEADER Header;\r
112 TPMI_RH_NV_AUTH AuthHandle;\r
113 TPMI_RH_NV_INDEX NvIndex;\r
114 UINT32 AuthSessionSize;\r
115 TPMS_AUTH_COMMAND AuthSession;\r
116} TPM2_NV_READLOCK_COMMAND;\r
117\r
118typedef struct {\r
119 TPM2_RESPONSE_HEADER Header;\r
120 UINT32 AuthSessionSize;\r
121 TPMS_AUTH_RESPONSE AuthSession;\r
122} TPM2_NV_READLOCK_RESPONSE;\r
123\r
124typedef struct {\r
125 TPM2_COMMAND_HEADER Header;\r
126 TPMI_RH_NV_AUTH AuthHandle;\r
127 TPMI_RH_NV_INDEX NvIndex;\r
128 UINT32 AuthSessionSize;\r
129 TPMS_AUTH_COMMAND AuthSession;\r
130} TPM2_NV_WRITELOCK_COMMAND;\r
131\r
132typedef struct {\r
133 TPM2_RESPONSE_HEADER Header;\r
134 UINT32 AuthSessionSize;\r
135 TPMS_AUTH_RESPONSE AuthSession;\r
136} TPM2_NV_WRITELOCK_RESPONSE;\r
137\r
138typedef struct {\r
139 TPM2_COMMAND_HEADER Header;\r
140 TPMI_RH_PROVISION AuthHandle;\r
141 UINT32 AuthSessionSize;\r
142 TPMS_AUTH_COMMAND AuthSession;\r
143} TPM2_NV_GLOBALWRITELOCK_COMMAND;\r
144\r
145typedef struct {\r
146 TPM2_RESPONSE_HEADER Header;\r
147 UINT32 AuthSessionSize;\r
148 TPMS_AUTH_RESPONSE AuthSession;\r
149} TPM2_NV_GLOBALWRITELOCK_RESPONSE;\r
150\r
151#pragma pack()\r
152\r
153/**\r
154 This command is used to read the public area and Name of an NV Index.\r
155\r
156 @param[in] NvIndex The NV Index.\r
157 @param[out] NvPublic The public area of the index.\r
158 @param[out] NvName The Name of the nvIndex.\r
b3548d32 159\r
c1d93242
JY		 160 @retval EFI_SUCCESS Operation completed successfully.\r
161 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
162 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
163**/\r
164EFI_STATUS\r
165EFIAPI\r
166Tpm2NvReadPublic (\r
167 IN TPMI_RH_NV_INDEX NvIndex,\r
168 OUT TPM2B_NV_PUBLIC *NvPublic,\r
169 OUT TPM2B_NAME *NvName\r
170 )\r
171{\r
172 EFI_STATUS Status;\r
173 TPM2_NV_READPUBLIC_COMMAND SendBuffer;\r
174 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer;\r
175 UINT32 SendBufferSize;\r
176 UINT32 RecvBufferSize;\r
177 UINT16 NvPublicSize;\r
178 UINT16 NvNameSize;\r
179 UINT8 *Buffer;\r
180 TPM_RC ResponseCode;\r
181\r
182 //\r
183 // Construct command\r
184 //\r
185 SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
186 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic);\r
187\r
188 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
b3548d32 189\r
c1d93242
JY		 190 SendBufferSize = (UINT32) sizeof (SendBuffer);\r
191 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
192\r
193 //\r
194 // send Tpm command\r
195 //\r
196 RecvBufferSize = sizeof (RecvBuffer);\r
197 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
198 if (EFI_ERROR (Status)) {\r
199 return Status;\r
200 }\r
201\r
202 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 203 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
c1d93242
JY		 204 return EFI_DEVICE_ERROR;\r
205 }\r
206 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
207 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 208 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
c1d93242
JY		 209 }\r
210 switch (ResponseCode) {\r
211 case TPM_RC_SUCCESS:\r
212 // return data\r
213 break;\r
214 case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED:\r
215 return EFI_NOT_FOUND;\r
216 case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex:\r
217 return EFI_INVALID_PARAMETER;\r
218 default:\r
219 return EFI_DEVICE_ERROR;\r
220 }\r
221\r
222 if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) {\r
e905fbb0 223 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
c1d93242
JY		 224 return EFI_NOT_FOUND;\r
225 }\r
226\r
227 //\r
228 // Basic check\r
229 //\r
230 NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);\r
dd577319
ZC		 231 if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) {\r
232 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));\r
233 return EFI_DEVICE_ERROR;\r
234 }\r
235\r
c1d93242 236 NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize)));\r
dd577319
ZC		 237 if (NvNameSize > sizeof(TPMU_NAME)){\r
238 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));\r
239 return EFI_DEVICE_ERROR;\r
240 }\r
c1d93242
JY		 241\r
242 if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) {\r
e905fbb0 243 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));\r
c1d93242
JY		 244 return EFI_NOT_FOUND;\r
245 }\r
246\r
247 //\r
248 // Return the response\r
249 //\r
250 CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize);\r
251 NvPublic->size = NvPublicSize;\r
252 NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);\r
253 NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);\r
254 WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
255 NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);\r
b1b1d646 256 Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;\r
c1d93242
JY		 257 Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size;\r
258 NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r
259\r
b1b1d646 260 CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);\r
c1d93242 261 NvName->size = NvNameSize;\r
b3548d32 262\r
c1d93242
JY		 263 return EFI_SUCCESS;\r
264}\r
265\r
266/**\r
267 This command defines the attributes of an NV Index and causes the TPM to\r
268 reserve space to hold the data associated with the index.\r
269 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r
270\r
271 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
272 @param[in] AuthSession Auth Session context\r
273 @param[in] Auth The authorization data.\r
274 @param[in] NvPublic The public area of the index.\r
b3548d32 275\r
c1d93242
JY		 276 @retval EFI_SUCCESS Operation completed successfully.\r
277 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
278 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r
279**/\r
280EFI_STATUS\r
281EFIAPI\r
282Tpm2NvDefineSpace (\r
283 IN TPMI_RH_PROVISION AuthHandle,\r
12710fe9 284 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
c1d93242
JY		 285 IN TPM2B_AUTH *Auth,\r
286 IN TPM2B_NV_PUBLIC *NvPublic\r
287 )\r
288{\r
289 EFI_STATUS Status;\r
290 TPM2_NV_DEFINESPACE_COMMAND SendBuffer;\r
291 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;\r
292 UINT32 SendBufferSize;\r
293 UINT32 RecvBufferSize;\r
294 UINT16 NvPublicSize;\r
295 UINT8 *Buffer;\r
296 UINT32 SessionInfoSize;\r
297 TPM_RC ResponseCode;\r
298\r
299 //\r
300 // Construct command\r
301 //\r
302 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
303 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);\r
304 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
305\r
306 //\r
307 // Add in Auth session\r
308 //\r
309 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
310\r
311 // sessionInfoSize\r
312 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
313 Buffer += SessionInfoSize;\r
314 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
315\r
316 //\r
317 // IndexAuth\r
318 //\r
319 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size));\r
320 Buffer += sizeof(UINT16);\r
321 CopyMem(Buffer, Auth->buffer, Auth->size);\r
322 Buffer += Auth->size;\r
323\r
324 //\r
325 // NvPublic\r
326 //\r
327 NvPublicSize = NvPublic->size;\r
328\r
329 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));\r
330 Buffer += sizeof(UINT16);\r
331 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));\r
332 Buffer += sizeof(UINT32);\r
333 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));\r
334 Buffer += sizeof(UINT16);\r
335 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
336 Buffer += sizeof(UINT32);\r
337 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));\r
338 Buffer += sizeof(UINT16);\r
339 CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);\r
340 Buffer += NvPublic->nvPublic.authPolicy.size;\r
341 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));\r
342 Buffer += sizeof(UINT16);\r
343\r
344 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
345 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
346\r
347 //\r
348 // send Tpm command\r
349 //\r
350 RecvBufferSize = sizeof (RecvBuffer);\r
351 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
352 if (EFI_ERROR (Status)) {\r
7ae130da 353 goto Done;\r
c1d93242
JY		 354 }\r
355\r
356 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 357 DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 358 Status = EFI_DEVICE_ERROR;\r
359 goto Done;\r
c1d93242
JY		 360 }\r
361\r
362 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
363 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 364 DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
c1d93242
JY		 365 }\r
366 switch (ResponseCode) {\r
367 case TPM_RC_SUCCESS:\r
368 // return data\r
369 break;\r
370 case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo:\r
371 case TPM_RC_SIZE + RC_NV_DefineSpace_auth:\r
7ae130da
JY		 372 Status = EFI_BAD_BUFFER_SIZE;\r
373 break;\r
c1d93242
JY		 374 case TPM_RC_ATTRIBUTES:\r
375 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo:\r
7ae130da
JY		 376 Status = EFI_UNSUPPORTED;\r
377 break;\r
c1d93242 378 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle:\r
7ae130da
JY		 379 Status = EFI_INVALID_PARAMETER;\r
380 break;\r
c1d93242 381 case TPM_RC_NV_DEFINED:\r
7ae130da
JY		 382 Status = EFI_ALREADY_STARTED;\r
383 break;\r
c1d93242
JY		 384 case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo:\r
385 case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle:\r
7ae130da
JY		 386 Status = EFI_INVALID_PARAMETER;\r
387 break;\r
c1d93242 388 case TPM_RC_NV_SPACE:\r
7ae130da
JY		 389 Status = EFI_OUT_OF_RESOURCES;\r
390 break;\r
c1d93242 391 default:\r
7ae130da
JY		 392 Status = EFI_DEVICE_ERROR;\r
393 break;\r
c1d93242 394 }\r
7ae130da
JY		 395\r
396Done:\r
397 //\r
398 // Clear AuthSession Content\r
399 //\r
400 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
401 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
402 return Status;\r
c1d93242
JY		 403}\r
404\r
405/**\r
406 This command removes an index from the TPM.\r
407\r
408 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
409 @param[in] NvIndex The NV Index.\r
410 @param[in] AuthSession Auth Session context\r
b3548d32 411\r
c1d93242
JY		 412 @retval EFI_SUCCESS Operation completed successfully.\r
413 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
414 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
415**/\r
416EFI_STATUS\r
417EFIAPI\r
418Tpm2NvUndefineSpace (\r
419 IN TPMI_RH_PROVISION AuthHandle,\r
420 IN TPMI_RH_NV_INDEX NvIndex,\r
421 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
422 )\r
423{\r
424 EFI_STATUS Status;\r
425 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer;\r
426 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer;\r
427 UINT32 SendBufferSize;\r
428 UINT32 RecvBufferSize;\r
429 UINT8 *Buffer;\r
430 UINT32 SessionInfoSize;\r
431 TPM_RC ResponseCode;\r
432\r
433 //\r
434 // Construct command\r
435 //\r
436 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
437 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace);\r
438\r
439 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
440 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
441\r
442 //\r
443 // Add in Auth session\r
444 //\r
445 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
446\r
447 // sessionInfoSize\r
448 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
449 Buffer += SessionInfoSize;\r
450 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
451\r
452 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
453 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
454\r
455 //\r
456 // send Tpm command\r
457 //\r
458 RecvBufferSize = sizeof (RecvBuffer);\r
459 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
460 if (EFI_ERROR (Status)) {\r
7ae130da 461 goto Done;\r
c1d93242
JY		 462 }\r
463\r
464 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 465 DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 466 Status = EFI_DEVICE_ERROR;\r
467 goto Done;\r
c1d93242
JY		 468 }\r
469\r
470 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
471 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 472 DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
c1d93242
JY		 473 }\r
474 switch (ResponseCode) {\r
475 case TPM_RC_SUCCESS:\r
476 // return data\r
477 break;\r
478 case TPM_RC_ATTRIBUTES:\r
479 case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex:\r
7ae130da
JY		 480 Status = EFI_UNSUPPORTED;\r
481 break;\r
c1d93242 482 case TPM_RC_NV_AUTHORIZATION:\r
7ae130da
JY		 483 Status = EFI_SECURITY_VIOLATION;\r
484 break;\r
c1d93242 485 case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 486 Status = EFI_NOT_FOUND;\r
487 break;\r
c1d93242 488 case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 489 Status = EFI_INVALID_PARAMETER;\r
490 break;\r
c1d93242
JY		 491 case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle:\r
492 case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:\r
7ae130da
JY		 493 Status = EFI_INVALID_PARAMETER;\r
494 break;\r
c1d93242 495 default:\r
7ae130da
JY		 496 Status = EFI_DEVICE_ERROR;\r
497 break;\r
c1d93242
JY		 498 }\r
499\r
7ae130da
JY		 500Done:\r
501 //\r
502 // Clear AuthSession Content\r
503 //\r
504 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
505 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
506 return Status;\r
c1d93242
JY		 507}\r
508\r
509/**\r
510 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r
511\r
512 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
513 @param[in] NvIndex The index to be read.\r
514 @param[in] AuthSession Auth Session context\r
515 @param[in] Size Number of bytes to read.\r
516 @param[in] Offset Byte offset into the area.\r
517 @param[in,out] OutData The data read.\r
b3548d32 518\r
c1d93242
JY		 519 @retval EFI_SUCCESS Operation completed successfully.\r
520 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
521 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
522**/\r
523EFI_STATUS\r
524EFIAPI\r
525Tpm2NvRead (\r
526 IN TPMI_RH_NV_AUTH AuthHandle,\r
527 IN TPMI_RH_NV_INDEX NvIndex,\r
12710fe9 528 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
c1d93242
JY		 529 IN UINT16 Size,\r
530 IN UINT16 Offset,\r
531 IN OUT TPM2B_MAX_BUFFER *OutData\r
532 )\r
533{\r
534 EFI_STATUS Status;\r
535 TPM2_NV_READ_COMMAND SendBuffer;\r
536 TPM2_NV_READ_RESPONSE RecvBuffer;\r
537 UINT32 SendBufferSize;\r
538 UINT32 RecvBufferSize;\r
539 UINT8 *Buffer;\r
540 UINT32 SessionInfoSize;\r
541 TPM_RC ResponseCode;\r
542\r
543 //\r
544 // Construct command\r
545 //\r
546 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
547 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read);\r
548\r
549 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
550 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
551\r
552 //\r
553 // Add in Auth session\r
554 //\r
555 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
556\r
557 // sessionInfoSize\r
558 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
559 Buffer += SessionInfoSize;\r
560 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
561\r
562 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));\r
563 Buffer += sizeof(UINT16);\r
564 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
565 Buffer += sizeof(UINT16);\r
566\r
567 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
568 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
569\r
570 //\r
571 // send Tpm command\r
572 //\r
573 RecvBufferSize = sizeof (RecvBuffer);\r
574 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
575 if (EFI_ERROR (Status)) {\r
7ae130da 576 goto Done;\r
c1d93242
JY		 577 }\r
578\r
579 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 580 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 581 Status = EFI_DEVICE_ERROR;\r
582 goto Done;\r
c1d93242
JY		 583 }\r
584 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
585 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 586 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));\r
c1d93242
JY		 587 }\r
588 switch (ResponseCode) {\r
589 case TPM_RC_SUCCESS:\r
590 // return data\r
591 break;\r
592 case TPM_RC_NV_AUTHORIZATION:\r
7ae130da
JY		 593 Status = EFI_SECURITY_VIOLATION;\r
594 break;\r
c1d93242 595 case TPM_RC_NV_LOCKED:\r
7ae130da
JY		 596 Status = EFI_ACCESS_DENIED;\r
597 break;\r
c1d93242 598 case TPM_RC_NV_RANGE:\r
7ae130da
JY		 599 Status = EFI_BAD_BUFFER_SIZE;\r
600 break;\r
c1d93242 601 case TPM_RC_NV_UNINITIALIZED:\r
7ae130da
JY		 602 Status = EFI_NOT_READY;\r
603 break;\r
c1d93242 604 case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 605 Status = EFI_NOT_FOUND;\r
606 break;\r
c1d93242 607 case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 608 Status = EFI_INVALID_PARAMETER;\r
609 break;\r
c1d93242
JY		 610 case TPM_RC_VALUE + RC_NV_Read_nvIndex:\r
611 case TPM_RC_VALUE + RC_NV_Read_authHandle:\r
7ae130da
JY		 612 Status = EFI_INVALID_PARAMETER;\r
613 break;\r
c1d93242 614 case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S:\r
7ae130da
JY		 615 Status = EFI_INVALID_PARAMETER;\r
616 break;\r
c1d93242 617 case TPM_RC_AUTH_UNAVAILABLE:\r
7ae130da
JY		 618 Status = EFI_INVALID_PARAMETER;\r
619 break;\r
c1d93242 620 case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S:\r
7ae130da
JY		 621 Status = EFI_INVALID_PARAMETER;\r
622 break;\r
c1d93242 623 case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S:\r
7ae130da
JY		 624 Status = EFI_UNSUPPORTED;\r
625 break;\r
626 default:\r
627 Status = EFI_DEVICE_ERROR;\r
628 break;\r
629 }\r
630 if (Status != EFI_SUCCESS) {\r
631 goto Done;\r
c1d93242
JY		 632 }\r
633\r
634 //\r
635 // Return the response\r
636 //\r
637 OutData->size = SwapBytes16 (RecvBuffer.Data.size);\r
dd577319
ZC		 638 if (OutData->size > MAX_DIGEST_BUFFER) {\r
639 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size));\r
640 Status = EFI_DEVICE_ERROR;\r
641 goto Done;\r
642 }\r
643\r
c1d93242 644 CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);\r
b3548d32 645\r
7ae130da
JY		 646Done:\r
647 //\r
648 // Clear AuthSession Content\r
649 //\r
650 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
651 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
652 return Status;\r
c1d93242
JY		 653}\r
654\r
655/**\r
656 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r
657\r
658 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
659 @param[in] NvIndex The NV Index of the area to write.\r
660 @param[in] AuthSession Auth Session context\r
661 @param[in] InData The data to write.\r
662 @param[in] Offset The offset into the NV Area.\r
b3548d32 663\r
c1d93242
JY		 664 @retval EFI_SUCCESS Operation completed successfully.\r
665 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
666 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
667**/\r
668EFI_STATUS\r
669EFIAPI\r
670Tpm2NvWrite (\r
671 IN TPMI_RH_NV_AUTH AuthHandle,\r
672 IN TPMI_RH_NV_INDEX NvIndex,\r
12710fe9 673 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
c1d93242
JY		 674 IN TPM2B_MAX_BUFFER *InData,\r
675 IN UINT16 Offset\r
676 )\r
677{\r
678 EFI_STATUS Status;\r
679 TPM2_NV_WRITE_COMMAND SendBuffer;\r
680 TPM2_NV_WRITE_RESPONSE RecvBuffer;\r
681 UINT32 SendBufferSize;\r
682 UINT32 RecvBufferSize;\r
683 UINT8 *Buffer;\r
684 UINT32 SessionInfoSize;\r
685 TPM_RC ResponseCode;\r
686\r
687 //\r
688 // Construct command\r
689 //\r
690 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
691 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write);\r
692\r
693 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
694 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
695\r
696 //\r
697 // Add in Auth session\r
698 //\r
699 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
700\r
701 // sessionInfoSize\r
702 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
703 Buffer += SessionInfoSize;\r
704 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
705\r
706 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));\r
707 Buffer += sizeof(UINT16);\r
708 CopyMem (Buffer, InData->buffer, InData->size);\r
709 Buffer += InData->size;\r
710 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
711 Buffer += sizeof(UINT16);\r
712\r
713 SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer);\r
714 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
715\r
716 //\r
717 // send Tpm command\r
718 //\r
719 RecvBufferSize = sizeof (RecvBuffer);\r
720 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
721 if (EFI_ERROR (Status)) {\r
7ae130da 722 goto Done;\r
c1d93242
JY		 723 }\r
724\r
725 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 726 DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 727 Status = EFI_DEVICE_ERROR;\r
728 goto Done;\r
c1d93242
JY		 729 }\r
730 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
731 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 732 DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));\r
c1d93242
JY		 733 }\r
734 switch (ResponseCode) {\r
735 case TPM_RC_SUCCESS:\r
7ae130da
JY		 736 // return data\r
737 break;\r
c1d93242 738 case TPM_RC_ATTRIBUTES:\r
7ae130da
JY		 739 Status = EFI_UNSUPPORTED;\r
740 break;\r
c1d93242 741 case TPM_RC_NV_AUTHORIZATION:\r
7ae130da
JY		 742 Status = EFI_SECURITY_VIOLATION;\r
743 break;\r
c1d93242 744 case TPM_RC_NV_LOCKED:\r
7ae130da
JY		 745 Status = EFI_ACCESS_DENIED;\r
746 break;\r
c1d93242 747 case TPM_RC_NV_RANGE:\r
7ae130da
JY		 748 Status = EFI_BAD_BUFFER_SIZE;\r
749 break;\r
c1d93242 750 case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 751 Status = EFI_NOT_FOUND;\r
752 break;\r
c1d93242 753 case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED:\r
7ae130da
JY		 754 Status = EFI_INVALID_PARAMETER;\r
755 break;\r
c1d93242
JY		 756 case TPM_RC_VALUE + RC_NV_Write_nvIndex:\r
757 case TPM_RC_VALUE + RC_NV_Write_authHandle:\r
7ae130da
JY		 758 Status = EFI_INVALID_PARAMETER;\r
759 break;\r
c1d93242 760 case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S:\r
7ae130da
JY		 761 Status = EFI_INVALID_PARAMETER;\r
762 break;\r
c1d93242 763 case TPM_RC_AUTH_UNAVAILABLE:\r
7ae130da
JY		 764 Status = EFI_INVALID_PARAMETER;\r
765 break;\r
c1d93242 766 case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S:\r
7ae130da
JY		 767 Status = EFI_INVALID_PARAMETER;\r
768 break;\r
c1d93242 769 case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S:\r
7ae130da
JY		 770 Status = EFI_UNSUPPORTED;\r
771 break;\r
772 default:\r
773 Status = EFI_DEVICE_ERROR;\r
774 break;\r
c1d93242 775 }\r
7ae130da
JY		 776\r
777Done:\r
778 //\r
779 // Clear AuthSession Content\r
780 //\r
781 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
782 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
783 return Status;\r
c1d93242
JY		 784}\r
785\r
786/**\r
787 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r
788\r
789 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
790 @param[in] NvIndex The NV Index of the area to lock.\r
791 @param[in] AuthSession Auth Session context\r
792\r
793 @retval EFI_SUCCESS Operation completed successfully.\r
794 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
795 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
796**/\r
797EFI_STATUS\r
798EFIAPI\r
799Tpm2NvReadLock (\r
800 IN TPMI_RH_NV_AUTH AuthHandle,\r
801 IN TPMI_RH_NV_INDEX NvIndex,\r
802 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
803 )\r
804{\r
805 EFI_STATUS Status;\r
806 TPM2_NV_READLOCK_COMMAND SendBuffer;\r
807 TPM2_NV_READLOCK_RESPONSE RecvBuffer;\r
808 UINT32 SendBufferSize;\r
809 UINT32 RecvBufferSize;\r
810 UINT8 *Buffer;\r
811 UINT32 SessionInfoSize;\r
812 TPM_RC ResponseCode;\r
813\r
814 //\r
815 // Construct command\r
816 //\r
817 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
818 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock);\r
819\r
820 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
821 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
822\r
823 //\r
824 // Add in Auth session\r
825 //\r
826 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
827\r
828 // sessionInfoSize\r
829 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
830 Buffer += SessionInfoSize;\r
831 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
832\r
833 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
834 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
835\r
836 //\r
837 // send Tpm command\r
838 //\r
839 RecvBufferSize = sizeof (RecvBuffer);\r
840 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
841 if (EFI_ERROR (Status)) {\r
7ae130da 842 goto Done;\r
c1d93242
JY		 843 }\r
844\r
845 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 846 DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 847 Status = EFI_DEVICE_ERROR;\r
848 goto Done;\r
c1d93242
JY		 849 }\r
850\r
851 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
852 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 853 DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
c1d93242
JY		 854 }\r
855 switch (ResponseCode) {\r
856 case TPM_RC_SUCCESS:\r
857 // return data\r
858 break;\r
859 default:\r
7ae130da
JY		 860 Status = EFI_DEVICE_ERROR;\r
861 break;\r
c1d93242
JY		 862 }\r
863\r
7ae130da
JY		 864Done:\r
865 //\r
866 // Clear AuthSession Content\r
867 //\r
868 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
869 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
870 return Status;\r
c1d93242
JY		 871}\r
872\r
873/**\r
874 This command may be used to inhibit further writes of the Index.\r
875\r
876 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
877 @param[in] NvIndex The NV Index of the area to lock.\r
878 @param[in] AuthSession Auth Session context\r
879\r
880 @retval EFI_SUCCESS Operation completed successfully.\r
881 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
882 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
883**/\r
884EFI_STATUS\r
885EFIAPI\r
886Tpm2NvWriteLock (\r
887 IN TPMI_RH_NV_AUTH AuthHandle,\r
888 IN TPMI_RH_NV_INDEX NvIndex,\r
889 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
890 )\r
891{\r
892 EFI_STATUS Status;\r
893 TPM2_NV_WRITELOCK_COMMAND SendBuffer;\r
894 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer;\r
895 UINT32 SendBufferSize;\r
896 UINT32 RecvBufferSize;\r
897 UINT8 *Buffer;\r
898 UINT32 SessionInfoSize;\r
899 TPM_RC ResponseCode;\r
900\r
901 //\r
902 // Construct command\r
903 //\r
904 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
905 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock);\r
906\r
907 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
908 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
909\r
910 //\r
911 // Add in Auth session\r
912 //\r
913 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
914\r
915 // sessionInfoSize\r
916 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
917 Buffer += SessionInfoSize;\r
918 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
919\r
920 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
921 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
922\r
923 //\r
924 // send Tpm command\r
925 //\r
926 RecvBufferSize = sizeof (RecvBuffer);\r
927 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
928 if (EFI_ERROR (Status)) {\r
7ae130da 929 goto Done;\r
c1d93242
JY		 930 }\r
931\r
932 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 933 DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 934 Status = EFI_DEVICE_ERROR;\r
935 goto Done;\r
c1d93242
JY		 936 }\r
937\r
938 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
939 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 940 DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
c1d93242
JY		 941 }\r
942 switch (ResponseCode) {\r
943 case TPM_RC_SUCCESS:\r
944 // return data\r
945 break;\r
946 default:\r
7ae130da
JY		 947 Status = EFI_DEVICE_ERROR;\r
948 break;\r
c1d93242
JY		 949 }\r
950\r
7ae130da
JY		 951Done:\r
952 //\r
953 // Clear AuthSession Content\r
954 //\r
955 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
956 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
957 return Status;\r
c1d93242
JY		 958}\r
959\r
960/**\r
961 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r
962\r
963 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
964 @param[in] AuthSession Auth Session context\r
965\r
966 @retval EFI_SUCCESS Operation completed successfully.\r
967 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
968 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
969**/\r
970EFI_STATUS\r
971EFIAPI\r
972Tpm2NvGlobalWriteLock (\r
973 IN TPMI_RH_PROVISION AuthHandle,\r
974 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
975 )\r
976{\r
977 EFI_STATUS Status;\r
978 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer;\r
979 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer;\r
980 UINT32 SendBufferSize;\r
981 UINT32 RecvBufferSize;\r
982 UINT8 *Buffer;\r
983 UINT32 SessionInfoSize;\r
984 TPM_RC ResponseCode;\r
985\r
986 //\r
987 // Construct command\r
988 //\r
989 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
990 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock);\r
991\r
992 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
993\r
994 //\r
995 // Add in Auth session\r
996 //\r
997 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
998\r
999 // sessionInfoSize\r
1000 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
1001 Buffer += SessionInfoSize;\r
1002 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
1003\r
1004 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
1005 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
1006\r
1007 //\r
1008 // send Tpm command\r
1009 //\r
1010 RecvBufferSize = sizeof (RecvBuffer);\r
1011 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
1012 if (EFI_ERROR (Status)) {\r
7ae130da 1013 goto Done;\r
c1d93242
JY		 1014 }\r
1015\r
1016 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 1017 DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 1018 Status = EFI_DEVICE_ERROR;\r
1019 goto Done;\r
c1d93242
JY		 1020 }\r
1021\r
1022 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
1023 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 1024 DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
c1d93242
JY		 1025 }\r
1026 switch (ResponseCode) {\r
1027 case TPM_RC_SUCCESS:\r
1028 // return data\r
1029 break;\r
1030 default:\r
7ae130da
JY		 1031 Status = EFI_DEVICE_ERROR;\r
1032 break;\r
c1d93242
JY		 1033 }\r
1034\r
7ae130da
JY		 1035Done:\r
1036 //\r
1037 // Clear AuthSession Content\r
1038 //\r
1039 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
1040 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
1041 return Status;\r
c1d93242 1042}\r
EFI Development Kit II mirror for PVE