]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | Implement TPM2 NVStorage related command.\r | |
3 | \r | |
dd577319 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
c1d93242 JY |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include <IndustryStandard/UefiTcgPlatform.h>\r | |
10 | #include <Library/Tpm2CommandLib.h>\r | |
11 | #include <Library/Tpm2DeviceLib.h>\r | |
12 | #include <Library/BaseMemoryLib.h>\r | |
13 | #include <Library/BaseLib.h>\r | |
14 | #include <Library/DebugLib.h>\r | |
15 | \r | |
16 | #pragma pack(1)\r | |
17 | \r | |
18 | #define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)\r | |
19 | \r | |
20 | #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r | |
21 | #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)\r | |
22 | #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)\r | |
23 | \r | |
24 | #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r | |
25 | #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)\r | |
26 | \r | |
27 | #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)\r | |
28 | #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)\r | |
29 | #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)\r | |
30 | #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)\r | |
31 | \r | |
32 | #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)\r | |
33 | #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)\r | |
34 | #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)\r | |
35 | #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)\r | |
36 | \r | |
37 | typedef struct {\r | |
38 | TPM2_COMMAND_HEADER Header;\r | |
39 | TPMI_RH_NV_INDEX NvIndex;\r | |
40 | } TPM2_NV_READPUBLIC_COMMAND;\r | |
41 | \r | |
42 | typedef struct {\r | |
43 | TPM2_RESPONSE_HEADER Header;\r | |
44 | TPM2B_NV_PUBLIC NvPublic;\r | |
45 | TPM2B_NAME NvName;\r | |
46 | } TPM2_NV_READPUBLIC_RESPONSE;\r | |
47 | \r | |
48 | typedef struct {\r | |
49 | TPM2_COMMAND_HEADER Header;\r | |
50 | TPMI_RH_PROVISION AuthHandle;\r | |
51 | UINT32 AuthSessionSize;\r | |
52 | TPMS_AUTH_COMMAND AuthSession;\r | |
53 | TPM2B_AUTH Auth;\r | |
54 | TPM2B_NV_PUBLIC NvPublic;\r | |
55 | } TPM2_NV_DEFINESPACE_COMMAND;\r | |
56 | \r | |
57 | typedef struct {\r | |
58 | TPM2_RESPONSE_HEADER Header;\r | |
59 | UINT32 AuthSessionSize;\r | |
60 | TPMS_AUTH_RESPONSE AuthSession;\r | |
61 | } TPM2_NV_DEFINESPACE_RESPONSE;\r | |
62 | \r | |
63 | typedef struct {\r | |
64 | TPM2_COMMAND_HEADER Header;\r | |
65 | TPMI_RH_PROVISION AuthHandle;\r | |
66 | TPMI_RH_NV_INDEX NvIndex;\r | |
67 | UINT32 AuthSessionSize;\r | |
68 | TPMS_AUTH_COMMAND AuthSession;\r | |
69 | } TPM2_NV_UNDEFINESPACE_COMMAND;\r | |
70 | \r | |
71 | typedef struct {\r | |
72 | TPM2_RESPONSE_HEADER Header;\r | |
73 | UINT32 AuthSessionSize;\r | |
74 | TPMS_AUTH_RESPONSE AuthSession;\r | |
75 | } TPM2_NV_UNDEFINESPACE_RESPONSE;\r | |
76 | \r | |
77 | typedef struct {\r | |
78 | TPM2_COMMAND_HEADER Header;\r | |
79 | TPMI_RH_NV_AUTH AuthHandle;\r | |
80 | TPMI_RH_NV_INDEX NvIndex;\r | |
81 | UINT32 AuthSessionSize;\r | |
82 | TPMS_AUTH_COMMAND AuthSession;\r | |
83 | UINT16 Size;\r | |
84 | UINT16 Offset;\r | |
85 | } TPM2_NV_READ_COMMAND;\r | |
86 | \r | |
87 | typedef struct {\r | |
88 | TPM2_RESPONSE_HEADER Header;\r | |
89 | UINT32 AuthSessionSize;\r | |
90 | TPM2B_MAX_BUFFER Data;\r | |
91 | TPMS_AUTH_RESPONSE AuthSession;\r | |
92 | } TPM2_NV_READ_RESPONSE;\r | |
93 | \r | |
94 | typedef struct {\r | |
95 | TPM2_COMMAND_HEADER Header;\r | |
96 | TPMI_RH_NV_AUTH AuthHandle;\r | |
97 | TPMI_RH_NV_INDEX NvIndex;\r | |
98 | UINT32 AuthSessionSize;\r | |
99 | TPMS_AUTH_COMMAND AuthSession;\r | |
100 | TPM2B_MAX_BUFFER Data;\r | |
101 | UINT16 Offset;\r | |
102 | } TPM2_NV_WRITE_COMMAND;\r | |
103 | \r | |
104 | typedef struct {\r | |
105 | TPM2_RESPONSE_HEADER Header;\r | |
106 | UINT32 AuthSessionSize;\r | |
107 | TPMS_AUTH_RESPONSE AuthSession;\r | |
108 | } TPM2_NV_WRITE_RESPONSE;\r | |
109 | \r | |
110 | typedef struct {\r | |
111 | TPM2_COMMAND_HEADER Header;\r | |
112 | TPMI_RH_NV_AUTH AuthHandle;\r | |
113 | TPMI_RH_NV_INDEX NvIndex;\r | |
114 | UINT32 AuthSessionSize;\r | |
115 | TPMS_AUTH_COMMAND AuthSession;\r | |
116 | } TPM2_NV_READLOCK_COMMAND;\r | |
117 | \r | |
118 | typedef struct {\r | |
119 | TPM2_RESPONSE_HEADER Header;\r | |
120 | UINT32 AuthSessionSize;\r | |
121 | TPMS_AUTH_RESPONSE AuthSession;\r | |
122 | } TPM2_NV_READLOCK_RESPONSE;\r | |
123 | \r | |
124 | typedef struct {\r | |
125 | TPM2_COMMAND_HEADER Header;\r | |
126 | TPMI_RH_NV_AUTH AuthHandle;\r | |
127 | TPMI_RH_NV_INDEX NvIndex;\r | |
128 | UINT32 AuthSessionSize;\r | |
129 | TPMS_AUTH_COMMAND AuthSession;\r | |
130 | } TPM2_NV_WRITELOCK_COMMAND;\r | |
131 | \r | |
132 | typedef struct {\r | |
133 | TPM2_RESPONSE_HEADER Header;\r | |
134 | UINT32 AuthSessionSize;\r | |
135 | TPMS_AUTH_RESPONSE AuthSession;\r | |
136 | } TPM2_NV_WRITELOCK_RESPONSE;\r | |
137 | \r | |
138 | typedef struct {\r | |
139 | TPM2_COMMAND_HEADER Header;\r | |
140 | TPMI_RH_PROVISION AuthHandle;\r | |
141 | UINT32 AuthSessionSize;\r | |
142 | TPMS_AUTH_COMMAND AuthSession;\r | |
143 | } TPM2_NV_GLOBALWRITELOCK_COMMAND;\r | |
144 | \r | |
145 | typedef struct {\r | |
146 | TPM2_RESPONSE_HEADER Header;\r | |
147 | UINT32 AuthSessionSize;\r | |
148 | TPMS_AUTH_RESPONSE AuthSession;\r | |
149 | } TPM2_NV_GLOBALWRITELOCK_RESPONSE;\r | |
150 | \r | |
151 | #pragma pack()\r | |
152 | \r | |
153 | /**\r | |
154 | This command is used to read the public area and Name of an NV Index.\r | |
155 | \r | |
156 | @param[in] NvIndex The NV Index.\r | |
157 | @param[out] NvPublic The public area of the index.\r | |
158 | @param[out] NvName The Name of the nvIndex.\r | |
b3548d32 | 159 | \r |
c1d93242 JY |
160 | @retval EFI_SUCCESS Operation completed successfully.\r |
161 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
162 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
163 | **/\r | |
164 | EFI_STATUS\r | |
165 | EFIAPI\r | |
166 | Tpm2NvReadPublic (\r | |
167 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
168 | OUT TPM2B_NV_PUBLIC *NvPublic,\r | |
169 | OUT TPM2B_NAME *NvName\r | |
170 | )\r | |
171 | {\r | |
172 | EFI_STATUS Status;\r | |
173 | TPM2_NV_READPUBLIC_COMMAND SendBuffer;\r | |
174 | TPM2_NV_READPUBLIC_RESPONSE RecvBuffer;\r | |
175 | UINT32 SendBufferSize;\r | |
176 | UINT32 RecvBufferSize;\r | |
177 | UINT16 NvPublicSize;\r | |
178 | UINT16 NvNameSize;\r | |
179 | UINT8 *Buffer;\r | |
180 | TPM_RC ResponseCode;\r | |
181 | \r | |
182 | //\r | |
183 | // Construct command\r | |
184 | //\r | |
185 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r | |
186 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic);\r | |
187 | \r | |
188 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
b3548d32 | 189 | \r |
c1d93242 JY |
190 | SendBufferSize = (UINT32) sizeof (SendBuffer);\r |
191 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
192 | \r | |
193 | //\r | |
194 | // send Tpm command\r | |
195 | //\r | |
196 | RecvBufferSize = sizeof (RecvBuffer);\r | |
197 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
198 | if (EFI_ERROR (Status)) {\r | |
199 | return Status;\r | |
200 | }\r | |
201 | \r | |
202 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 203 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
c1d93242 JY |
204 | return EFI_DEVICE_ERROR;\r |
205 | }\r | |
206 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
207 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 208 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
c1d93242 JY |
209 | }\r |
210 | switch (ResponseCode) {\r | |
211 | case TPM_RC_SUCCESS:\r | |
212 | // return data\r | |
213 | break;\r | |
214 | case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED:\r | |
215 | return EFI_NOT_FOUND;\r | |
216 | case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex:\r | |
217 | return EFI_INVALID_PARAMETER;\r | |
218 | default:\r | |
219 | return EFI_DEVICE_ERROR;\r | |
220 | }\r | |
221 | \r | |
222 | if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) {\r | |
e905fbb0 | 223 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
c1d93242 JY |
224 | return EFI_NOT_FOUND;\r |
225 | }\r | |
226 | \r | |
227 | //\r | |
228 | // Basic check\r | |
229 | //\r | |
230 | NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);\r | |
dd577319 ZC |
231 | if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) {\r |
232 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));\r | |
233 | return EFI_DEVICE_ERROR;\r | |
234 | }\r | |
235 | \r | |
c1d93242 | 236 | NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize)));\r |
dd577319 ZC |
237 | if (NvNameSize > sizeof(TPMU_NAME)){\r |
238 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));\r | |
239 | return EFI_DEVICE_ERROR;\r | |
240 | }\r | |
c1d93242 JY |
241 | \r |
242 | if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) {\r | |
e905fbb0 | 243 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));\r |
c1d93242 JY |
244 | return EFI_NOT_FOUND;\r |
245 | }\r | |
246 | \r | |
247 | //\r | |
248 | // Return the response\r | |
249 | //\r | |
250 | CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize);\r | |
251 | NvPublic->size = NvPublicSize;\r | |
252 | NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);\r | |
253 | NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);\r | |
254 | WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r | |
255 | NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);\r | |
b1b1d646 | 256 | Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;\r |
c1d93242 JY |
257 | Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size;\r |
258 | NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r | |
259 | \r | |
b1b1d646 | 260 | CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);\r |
c1d93242 | 261 | NvName->size = NvNameSize;\r |
b3548d32 | 262 | \r |
c1d93242 JY |
263 | return EFI_SUCCESS;\r |
264 | }\r | |
265 | \r | |
266 | /**\r | |
267 | This command defines the attributes of an NV Index and causes the TPM to\r | |
268 | reserve space to hold the data associated with the index.\r | |
269 | If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r | |
270 | \r | |
271 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
272 | @param[in] AuthSession Auth Session context\r | |
273 | @param[in] Auth The authorization data.\r | |
274 | @param[in] NvPublic The public area of the index.\r | |
b3548d32 | 275 | \r |
c1d93242 JY |
276 | @retval EFI_SUCCESS Operation completed successfully.\r |
277 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
278 | @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r | |
279 | **/\r | |
280 | EFI_STATUS\r | |
281 | EFIAPI\r | |
282 | Tpm2NvDefineSpace (\r | |
283 | IN TPMI_RH_PROVISION AuthHandle,\r | |
12710fe9 | 284 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r |
c1d93242 JY |
285 | IN TPM2B_AUTH *Auth,\r |
286 | IN TPM2B_NV_PUBLIC *NvPublic\r | |
287 | )\r | |
288 | {\r | |
289 | EFI_STATUS Status;\r | |
290 | TPM2_NV_DEFINESPACE_COMMAND SendBuffer;\r | |
291 | TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;\r | |
292 | UINT32 SendBufferSize;\r | |
293 | UINT32 RecvBufferSize;\r | |
294 | UINT16 NvPublicSize;\r | |
295 | UINT8 *Buffer;\r | |
296 | UINT32 SessionInfoSize;\r | |
297 | TPM_RC ResponseCode;\r | |
298 | \r | |
299 | //\r | |
300 | // Construct command\r | |
301 | //\r | |
302 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
303 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);\r | |
304 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
305 | \r | |
306 | //\r | |
307 | // Add in Auth session\r | |
308 | //\r | |
309 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
310 | \r | |
311 | // sessionInfoSize\r | |
312 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
313 | Buffer += SessionInfoSize;\r | |
314 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
315 | \r | |
316 | //\r | |
317 | // IndexAuth\r | |
318 | //\r | |
319 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size));\r | |
320 | Buffer += sizeof(UINT16);\r | |
321 | CopyMem(Buffer, Auth->buffer, Auth->size);\r | |
322 | Buffer += Auth->size;\r | |
323 | \r | |
324 | //\r | |
325 | // NvPublic\r | |
326 | //\r | |
327 | NvPublicSize = NvPublic->size;\r | |
328 | \r | |
329 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));\r | |
330 | Buffer += sizeof(UINT16);\r | |
331 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));\r | |
332 | Buffer += sizeof(UINT32);\r | |
333 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));\r | |
334 | Buffer += sizeof(UINT16);\r | |
335 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r | |
336 | Buffer += sizeof(UINT32);\r | |
337 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));\r | |
338 | Buffer += sizeof(UINT16);\r | |
339 | CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);\r | |
340 | Buffer += NvPublic->nvPublic.authPolicy.size;\r | |
341 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));\r | |
342 | Buffer += sizeof(UINT16);\r | |
343 | \r | |
344 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r | |
345 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
346 | \r | |
347 | //\r | |
348 | // send Tpm command\r | |
349 | //\r | |
350 | RecvBufferSize = sizeof (RecvBuffer);\r | |
351 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
352 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 353 | goto Done;\r |
c1d93242 JY |
354 | }\r |
355 | \r | |
356 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 357 | DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
358 | Status = EFI_DEVICE_ERROR;\r |
359 | goto Done;\r | |
c1d93242 JY |
360 | }\r |
361 | \r | |
362 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
363 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 364 | DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
c1d93242 JY |
365 | }\r |
366 | switch (ResponseCode) {\r | |
367 | case TPM_RC_SUCCESS:\r | |
368 | // return data\r | |
369 | break;\r | |
370 | case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo:\r | |
371 | case TPM_RC_SIZE + RC_NV_DefineSpace_auth:\r | |
7ae130da JY |
372 | Status = EFI_BAD_BUFFER_SIZE;\r |
373 | break;\r | |
c1d93242 JY |
374 | case TPM_RC_ATTRIBUTES:\r |
375 | case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo:\r | |
7ae130da JY |
376 | Status = EFI_UNSUPPORTED;\r |
377 | break;\r | |
c1d93242 | 378 | case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle:\r |
7ae130da JY |
379 | Status = EFI_INVALID_PARAMETER;\r |
380 | break;\r | |
c1d93242 | 381 | case TPM_RC_NV_DEFINED:\r |
7ae130da JY |
382 | Status = EFI_ALREADY_STARTED;\r |
383 | break;\r | |
c1d93242 JY |
384 | case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo:\r |
385 | case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle:\r | |
7ae130da JY |
386 | Status = EFI_INVALID_PARAMETER;\r |
387 | break;\r | |
c1d93242 | 388 | case TPM_RC_NV_SPACE:\r |
7ae130da JY |
389 | Status = EFI_OUT_OF_RESOURCES;\r |
390 | break;\r | |
c1d93242 | 391 | default:\r |
7ae130da JY |
392 | Status = EFI_DEVICE_ERROR;\r |
393 | break;\r | |
c1d93242 | 394 | }\r |
7ae130da JY |
395 | \r |
396 | Done:\r | |
397 | //\r | |
398 | // Clear AuthSession Content\r | |
399 | //\r | |
400 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
401 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
402 | return Status;\r | |
c1d93242 JY |
403 | }\r |
404 | \r | |
405 | /**\r | |
406 | This command removes an index from the TPM.\r | |
407 | \r | |
408 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
409 | @param[in] NvIndex The NV Index.\r | |
410 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 411 | \r |
c1d93242 JY |
412 | @retval EFI_SUCCESS Operation completed successfully.\r |
413 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
414 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
415 | **/\r | |
416 | EFI_STATUS\r | |
417 | EFIAPI\r | |
418 | Tpm2NvUndefineSpace (\r | |
419 | IN TPMI_RH_PROVISION AuthHandle,\r | |
420 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
421 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
422 | )\r | |
423 | {\r | |
424 | EFI_STATUS Status;\r | |
425 | TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer;\r | |
426 | TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer;\r | |
427 | UINT32 SendBufferSize;\r | |
428 | UINT32 RecvBufferSize;\r | |
429 | UINT8 *Buffer;\r | |
430 | UINT32 SessionInfoSize;\r | |
431 | TPM_RC ResponseCode;\r | |
432 | \r | |
433 | //\r | |
434 | // Construct command\r | |
435 | //\r | |
436 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
437 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace);\r | |
438 | \r | |
439 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
440 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
441 | \r | |
442 | //\r | |
443 | // Add in Auth session\r | |
444 | //\r | |
445 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
446 | \r | |
447 | // sessionInfoSize\r | |
448 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
449 | Buffer += SessionInfoSize;\r | |
450 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
451 | \r | |
452 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r | |
453 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
454 | \r | |
455 | //\r | |
456 | // send Tpm command\r | |
457 | //\r | |
458 | RecvBufferSize = sizeof (RecvBuffer);\r | |
459 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
460 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 461 | goto Done;\r |
c1d93242 JY |
462 | }\r |
463 | \r | |
464 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 465 | DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
466 | Status = EFI_DEVICE_ERROR;\r |
467 | goto Done;\r | |
c1d93242 JY |
468 | }\r |
469 | \r | |
470 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
471 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 472 | DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
c1d93242 JY |
473 | }\r |
474 | switch (ResponseCode) {\r | |
475 | case TPM_RC_SUCCESS:\r | |
476 | // return data\r | |
477 | break;\r | |
478 | case TPM_RC_ATTRIBUTES:\r | |
479 | case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex:\r | |
7ae130da JY |
480 | Status = EFI_UNSUPPORTED;\r |
481 | break;\r | |
c1d93242 | 482 | case TPM_RC_NV_AUTHORIZATION:\r |
7ae130da JY |
483 | Status = EFI_SECURITY_VIOLATION;\r |
484 | break;\r | |
c1d93242 | 485 | case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED:\r |
7ae130da JY |
486 | Status = EFI_NOT_FOUND;\r |
487 | break;\r | |
c1d93242 | 488 | case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED:\r |
7ae130da JY |
489 | Status = EFI_INVALID_PARAMETER;\r |
490 | break;\r | |
c1d93242 JY |
491 | case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle:\r |
492 | case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:\r | |
7ae130da JY |
493 | Status = EFI_INVALID_PARAMETER;\r |
494 | break;\r | |
c1d93242 | 495 | default:\r |
7ae130da JY |
496 | Status = EFI_DEVICE_ERROR;\r |
497 | break;\r | |
c1d93242 JY |
498 | }\r |
499 | \r | |
7ae130da JY |
500 | Done:\r |
501 | //\r | |
502 | // Clear AuthSession Content\r | |
503 | //\r | |
504 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
505 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
506 | return Status;\r | |
c1d93242 JY |
507 | }\r |
508 | \r | |
509 | /**\r | |
510 | This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r | |
511 | \r | |
512 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
513 | @param[in] NvIndex The index to be read.\r | |
514 | @param[in] AuthSession Auth Session context\r | |
515 | @param[in] Size Number of bytes to read.\r | |
516 | @param[in] Offset Byte offset into the area.\r | |
517 | @param[in,out] OutData The data read.\r | |
b3548d32 | 518 | \r |
c1d93242 JY |
519 | @retval EFI_SUCCESS Operation completed successfully.\r |
520 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
521 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
522 | **/\r | |
523 | EFI_STATUS\r | |
524 | EFIAPI\r | |
525 | Tpm2NvRead (\r | |
526 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
527 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
12710fe9 | 528 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r |
c1d93242 JY |
529 | IN UINT16 Size,\r |
530 | IN UINT16 Offset,\r | |
531 | IN OUT TPM2B_MAX_BUFFER *OutData\r | |
532 | )\r | |
533 | {\r | |
534 | EFI_STATUS Status;\r | |
535 | TPM2_NV_READ_COMMAND SendBuffer;\r | |
536 | TPM2_NV_READ_RESPONSE RecvBuffer;\r | |
537 | UINT32 SendBufferSize;\r | |
538 | UINT32 RecvBufferSize;\r | |
539 | UINT8 *Buffer;\r | |
540 | UINT32 SessionInfoSize;\r | |
541 | TPM_RC ResponseCode;\r | |
542 | \r | |
543 | //\r | |
544 | // Construct command\r | |
545 | //\r | |
546 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
547 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read);\r | |
548 | \r | |
549 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
550 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
551 | \r | |
552 | //\r | |
553 | // Add in Auth session\r | |
554 | //\r | |
555 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
556 | \r | |
557 | // sessionInfoSize\r | |
558 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
559 | Buffer += SessionInfoSize;\r | |
560 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
561 | \r | |
562 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));\r | |
563 | Buffer += sizeof(UINT16);\r | |
564 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r | |
565 | Buffer += sizeof(UINT16);\r | |
566 | \r | |
567 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r | |
568 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
569 | \r | |
570 | //\r | |
571 | // send Tpm command\r | |
572 | //\r | |
573 | RecvBufferSize = sizeof (RecvBuffer);\r | |
574 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
575 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 576 | goto Done;\r |
c1d93242 JY |
577 | }\r |
578 | \r | |
579 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 580 | DEBUG ((DEBUG_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
581 | Status = EFI_DEVICE_ERROR;\r |
582 | goto Done;\r | |
c1d93242 JY |
583 | }\r |
584 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
585 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 586 | DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));\r |
c1d93242 JY |
587 | }\r |
588 | switch (ResponseCode) {\r | |
589 | case TPM_RC_SUCCESS:\r | |
590 | // return data\r | |
591 | break;\r | |
592 | case TPM_RC_NV_AUTHORIZATION:\r | |
7ae130da JY |
593 | Status = EFI_SECURITY_VIOLATION;\r |
594 | break;\r | |
c1d93242 | 595 | case TPM_RC_NV_LOCKED:\r |
7ae130da JY |
596 | Status = EFI_ACCESS_DENIED;\r |
597 | break;\r | |
c1d93242 | 598 | case TPM_RC_NV_RANGE:\r |
7ae130da JY |
599 | Status = EFI_BAD_BUFFER_SIZE;\r |
600 | break;\r | |
c1d93242 | 601 | case TPM_RC_NV_UNINITIALIZED:\r |
7ae130da JY |
602 | Status = EFI_NOT_READY;\r |
603 | break;\r | |
c1d93242 | 604 | case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED:\r |
7ae130da JY |
605 | Status = EFI_NOT_FOUND;\r |
606 | break;\r | |
c1d93242 | 607 | case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED:\r |
7ae130da JY |
608 | Status = EFI_INVALID_PARAMETER;\r |
609 | break;\r | |
c1d93242 JY |
610 | case TPM_RC_VALUE + RC_NV_Read_nvIndex:\r |
611 | case TPM_RC_VALUE + RC_NV_Read_authHandle:\r | |
7ae130da JY |
612 | Status = EFI_INVALID_PARAMETER;\r |
613 | break;\r | |
c1d93242 | 614 | case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S:\r |
7ae130da JY |
615 | Status = EFI_INVALID_PARAMETER;\r |
616 | break;\r | |
c1d93242 | 617 | case TPM_RC_AUTH_UNAVAILABLE:\r |
7ae130da JY |
618 | Status = EFI_INVALID_PARAMETER;\r |
619 | break;\r | |
c1d93242 | 620 | case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S:\r |
7ae130da JY |
621 | Status = EFI_INVALID_PARAMETER;\r |
622 | break;\r | |
c1d93242 | 623 | case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S:\r |
7ae130da JY |
624 | Status = EFI_UNSUPPORTED;\r |
625 | break;\r | |
626 | default:\r | |
627 | Status = EFI_DEVICE_ERROR;\r | |
628 | break;\r | |
629 | }\r | |
630 | if (Status != EFI_SUCCESS) {\r | |
631 | goto Done;\r | |
c1d93242 JY |
632 | }\r |
633 | \r | |
634 | //\r | |
635 | // Return the response\r | |
636 | //\r | |
637 | OutData->size = SwapBytes16 (RecvBuffer.Data.size);\r | |
dd577319 ZC |
638 | if (OutData->size > MAX_DIGEST_BUFFER) {\r |
639 | DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size));\r | |
640 | Status = EFI_DEVICE_ERROR;\r | |
641 | goto Done;\r | |
642 | }\r | |
643 | \r | |
c1d93242 | 644 | CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);\r |
b3548d32 | 645 | \r |
7ae130da JY |
646 | Done:\r |
647 | //\r | |
648 | // Clear AuthSession Content\r | |
649 | //\r | |
650 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
651 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
652 | return Status;\r | |
c1d93242 JY |
653 | }\r |
654 | \r | |
655 | /**\r | |
656 | This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r | |
657 | \r | |
658 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
659 | @param[in] NvIndex The NV Index of the area to write.\r | |
660 | @param[in] AuthSession Auth Session context\r | |
661 | @param[in] InData The data to write.\r | |
662 | @param[in] Offset The offset into the NV Area.\r | |
b3548d32 | 663 | \r |
c1d93242 JY |
664 | @retval EFI_SUCCESS Operation completed successfully.\r |
665 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
666 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
667 | **/\r | |
668 | EFI_STATUS\r | |
669 | EFIAPI\r | |
670 | Tpm2NvWrite (\r | |
671 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
672 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
12710fe9 | 673 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r |
c1d93242 JY |
674 | IN TPM2B_MAX_BUFFER *InData,\r |
675 | IN UINT16 Offset\r | |
676 | )\r | |
677 | {\r | |
678 | EFI_STATUS Status;\r | |
679 | TPM2_NV_WRITE_COMMAND SendBuffer;\r | |
680 | TPM2_NV_WRITE_RESPONSE RecvBuffer;\r | |
681 | UINT32 SendBufferSize;\r | |
682 | UINT32 RecvBufferSize;\r | |
683 | UINT8 *Buffer;\r | |
684 | UINT32 SessionInfoSize;\r | |
685 | TPM_RC ResponseCode;\r | |
686 | \r | |
687 | //\r | |
688 | // Construct command\r | |
689 | //\r | |
690 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
691 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write);\r | |
692 | \r | |
693 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
694 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
695 | \r | |
696 | //\r | |
697 | // Add in Auth session\r | |
698 | //\r | |
699 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
700 | \r | |
701 | // sessionInfoSize\r | |
702 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
703 | Buffer += SessionInfoSize;\r | |
704 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
705 | \r | |
706 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));\r | |
707 | Buffer += sizeof(UINT16);\r | |
708 | CopyMem (Buffer, InData->buffer, InData->size);\r | |
709 | Buffer += InData->size;\r | |
710 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r | |
711 | Buffer += sizeof(UINT16);\r | |
712 | \r | |
713 | SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer);\r | |
714 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
715 | \r | |
716 | //\r | |
717 | // send Tpm command\r | |
718 | //\r | |
719 | RecvBufferSize = sizeof (RecvBuffer);\r | |
720 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
721 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 722 | goto Done;\r |
c1d93242 JY |
723 | }\r |
724 | \r | |
725 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 726 | DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
727 | Status = EFI_DEVICE_ERROR;\r |
728 | goto Done;\r | |
c1d93242 JY |
729 | }\r |
730 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
731 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 732 | DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));\r |
c1d93242 JY |
733 | }\r |
734 | switch (ResponseCode) {\r | |
735 | case TPM_RC_SUCCESS:\r | |
7ae130da JY |
736 | // return data\r |
737 | break;\r | |
c1d93242 | 738 | case TPM_RC_ATTRIBUTES:\r |
7ae130da JY |
739 | Status = EFI_UNSUPPORTED;\r |
740 | break;\r | |
c1d93242 | 741 | case TPM_RC_NV_AUTHORIZATION:\r |
7ae130da JY |
742 | Status = EFI_SECURITY_VIOLATION;\r |
743 | break;\r | |
c1d93242 | 744 | case TPM_RC_NV_LOCKED:\r |
7ae130da JY |
745 | Status = EFI_ACCESS_DENIED;\r |
746 | break;\r | |
c1d93242 | 747 | case TPM_RC_NV_RANGE:\r |
7ae130da JY |
748 | Status = EFI_BAD_BUFFER_SIZE;\r |
749 | break;\r | |
c1d93242 | 750 | case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED:\r |
7ae130da JY |
751 | Status = EFI_NOT_FOUND;\r |
752 | break;\r | |
c1d93242 | 753 | case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED:\r |
7ae130da JY |
754 | Status = EFI_INVALID_PARAMETER;\r |
755 | break;\r | |
c1d93242 JY |
756 | case TPM_RC_VALUE + RC_NV_Write_nvIndex:\r |
757 | case TPM_RC_VALUE + RC_NV_Write_authHandle:\r | |
7ae130da JY |
758 | Status = EFI_INVALID_PARAMETER;\r |
759 | break;\r | |
c1d93242 | 760 | case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S:\r |
7ae130da JY |
761 | Status = EFI_INVALID_PARAMETER;\r |
762 | break;\r | |
c1d93242 | 763 | case TPM_RC_AUTH_UNAVAILABLE:\r |
7ae130da JY |
764 | Status = EFI_INVALID_PARAMETER;\r |
765 | break;\r | |
c1d93242 | 766 | case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S:\r |
7ae130da JY |
767 | Status = EFI_INVALID_PARAMETER;\r |
768 | break;\r | |
c1d93242 | 769 | case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S:\r |
7ae130da JY |
770 | Status = EFI_UNSUPPORTED;\r |
771 | break;\r | |
772 | default:\r | |
773 | Status = EFI_DEVICE_ERROR;\r | |
774 | break;\r | |
c1d93242 | 775 | }\r |
7ae130da JY |
776 | \r |
777 | Done:\r | |
778 | //\r | |
779 | // Clear AuthSession Content\r | |
780 | //\r | |
781 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
782 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
783 | return Status;\r | |
c1d93242 JY |
784 | }\r |
785 | \r | |
786 | /**\r | |
787 | This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r | |
788 | \r | |
789 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
790 | @param[in] NvIndex The NV Index of the area to lock.\r | |
791 | @param[in] AuthSession Auth Session context\r | |
792 | \r | |
793 | @retval EFI_SUCCESS Operation completed successfully.\r | |
794 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
795 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
796 | **/\r | |
797 | EFI_STATUS\r | |
798 | EFIAPI\r | |
799 | Tpm2NvReadLock (\r | |
800 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
801 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
802 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
803 | )\r | |
804 | {\r | |
805 | EFI_STATUS Status;\r | |
806 | TPM2_NV_READLOCK_COMMAND SendBuffer;\r | |
807 | TPM2_NV_READLOCK_RESPONSE RecvBuffer;\r | |
808 | UINT32 SendBufferSize;\r | |
809 | UINT32 RecvBufferSize;\r | |
810 | UINT8 *Buffer;\r | |
811 | UINT32 SessionInfoSize;\r | |
812 | TPM_RC ResponseCode;\r | |
813 | \r | |
814 | //\r | |
815 | // Construct command\r | |
816 | //\r | |
817 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
818 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock);\r | |
819 | \r | |
820 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
821 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
822 | \r | |
823 | //\r | |
824 | // Add in Auth session\r | |
825 | //\r | |
826 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
827 | \r | |
828 | // sessionInfoSize\r | |
829 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
830 | Buffer += SessionInfoSize;\r | |
831 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
832 | \r | |
833 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r | |
834 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
835 | \r | |
836 | //\r | |
837 | // send Tpm command\r | |
838 | //\r | |
839 | RecvBufferSize = sizeof (RecvBuffer);\r | |
840 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
841 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 842 | goto Done;\r |
c1d93242 JY |
843 | }\r |
844 | \r | |
845 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 846 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
847 | Status = EFI_DEVICE_ERROR;\r |
848 | goto Done;\r | |
c1d93242 JY |
849 | }\r |
850 | \r | |
851 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
852 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 853 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
c1d93242 JY |
854 | }\r |
855 | switch (ResponseCode) {\r | |
856 | case TPM_RC_SUCCESS:\r | |
857 | // return data\r | |
858 | break;\r | |
859 | default:\r | |
7ae130da JY |
860 | Status = EFI_DEVICE_ERROR;\r |
861 | break;\r | |
c1d93242 JY |
862 | }\r |
863 | \r | |
7ae130da JY |
864 | Done:\r |
865 | //\r | |
866 | // Clear AuthSession Content\r | |
867 | //\r | |
868 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
869 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
870 | return Status;\r | |
c1d93242 JY |
871 | }\r |
872 | \r | |
873 | /**\r | |
874 | This command may be used to inhibit further writes of the Index.\r | |
875 | \r | |
876 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
877 | @param[in] NvIndex The NV Index of the area to lock.\r | |
878 | @param[in] AuthSession Auth Session context\r | |
879 | \r | |
880 | @retval EFI_SUCCESS Operation completed successfully.\r | |
881 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
882 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
883 | **/\r | |
884 | EFI_STATUS\r | |
885 | EFIAPI\r | |
886 | Tpm2NvWriteLock (\r | |
887 | IN TPMI_RH_NV_AUTH AuthHandle,\r | |
888 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
889 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
890 | )\r | |
891 | {\r | |
892 | EFI_STATUS Status;\r | |
893 | TPM2_NV_WRITELOCK_COMMAND SendBuffer;\r | |
894 | TPM2_NV_WRITELOCK_RESPONSE RecvBuffer;\r | |
895 | UINT32 SendBufferSize;\r | |
896 | UINT32 RecvBufferSize;\r | |
897 | UINT8 *Buffer;\r | |
898 | UINT32 SessionInfoSize;\r | |
899 | TPM_RC ResponseCode;\r | |
900 | \r | |
901 | //\r | |
902 | // Construct command\r | |
903 | //\r | |
904 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
905 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock);\r | |
906 | \r | |
907 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
908 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
909 | \r | |
910 | //\r | |
911 | // Add in Auth session\r | |
912 | //\r | |
913 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
914 | \r | |
915 | // sessionInfoSize\r | |
916 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
917 | Buffer += SessionInfoSize;\r | |
918 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
919 | \r | |
920 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r | |
921 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
922 | \r | |
923 | //\r | |
924 | // send Tpm command\r | |
925 | //\r | |
926 | RecvBufferSize = sizeof (RecvBuffer);\r | |
927 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
928 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 929 | goto Done;\r |
c1d93242 JY |
930 | }\r |
931 | \r | |
932 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 933 | DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
934 | Status = EFI_DEVICE_ERROR;\r |
935 | goto Done;\r | |
c1d93242 JY |
936 | }\r |
937 | \r | |
938 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
939 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 940 | DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
c1d93242 JY |
941 | }\r |
942 | switch (ResponseCode) {\r | |
943 | case TPM_RC_SUCCESS:\r | |
944 | // return data\r | |
945 | break;\r | |
946 | default:\r | |
7ae130da JY |
947 | Status = EFI_DEVICE_ERROR;\r |
948 | break;\r | |
c1d93242 JY |
949 | }\r |
950 | \r | |
7ae130da JY |
951 | Done:\r |
952 | //\r | |
953 | // Clear AuthSession Content\r | |
954 | //\r | |
955 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
956 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
957 | return Status;\r | |
c1d93242 JY |
958 | }\r |
959 | \r | |
960 | /**\r | |
961 | The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r | |
962 | \r | |
963 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
964 | @param[in] AuthSession Auth Session context\r | |
965 | \r | |
966 | @retval EFI_SUCCESS Operation completed successfully.\r | |
967 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
968 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
969 | **/\r | |
970 | EFI_STATUS\r | |
971 | EFIAPI\r | |
972 | Tpm2NvGlobalWriteLock (\r | |
973 | IN TPMI_RH_PROVISION AuthHandle,\r | |
974 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
975 | )\r | |
976 | {\r | |
977 | EFI_STATUS Status;\r | |
978 | TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer;\r | |
979 | TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer;\r | |
980 | UINT32 SendBufferSize;\r | |
981 | UINT32 RecvBufferSize;\r | |
982 | UINT8 *Buffer;\r | |
983 | UINT32 SessionInfoSize;\r | |
984 | TPM_RC ResponseCode;\r | |
985 | \r | |
986 | //\r | |
987 | // Construct command\r | |
988 | //\r | |
989 | SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r | |
990 | SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock);\r | |
991 | \r | |
992 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
993 | \r | |
994 | //\r | |
995 | // Add in Auth session\r | |
996 | //\r | |
997 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
998 | \r | |
999 | // sessionInfoSize\r | |
1000 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r | |
1001 | Buffer += SessionInfoSize;\r | |
1002 | SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r | |
1003 | \r | |
1004 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r | |
1005 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r | |
1006 | \r | |
1007 | //\r | |
1008 | // send Tpm command\r | |
1009 | //\r | |
1010 | RecvBufferSize = sizeof (RecvBuffer);\r | |
1011 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r | |
1012 | if (EFI_ERROR (Status)) {\r | |
7ae130da | 1013 | goto Done;\r |
c1d93242 JY |
1014 | }\r |
1015 | \r | |
1016 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 1017 | DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
1018 | Status = EFI_DEVICE_ERROR;\r |
1019 | goto Done;\r | |
c1d93242 JY |
1020 | }\r |
1021 | \r | |
1022 | ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r | |
1023 | if (ResponseCode != TPM_RC_SUCCESS) {\r | |
e905fbb0 | 1024 | DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r |
c1d93242 JY |
1025 | }\r |
1026 | switch (ResponseCode) {\r | |
1027 | case TPM_RC_SUCCESS:\r | |
1028 | // return data\r | |
1029 | break;\r | |
1030 | default:\r | |
7ae130da JY |
1031 | Status = EFI_DEVICE_ERROR;\r |
1032 | break;\r | |
c1d93242 JY |
1033 | }\r |
1034 | \r | |
7ae130da JY |
1035 | Done:\r |
1036 | //\r | |
1037 | // Clear AuthSession Content\r | |
1038 | //\r | |
1039 | ZeroMem (&SendBuffer, sizeof(SendBuffer));\r | |
1040 | ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r | |
1041 | return Status;\r | |
c1d93242 | 1042 | }\r |