]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Apply uncrustify changes
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2NVStorage.c
CommitLineData
c1d93242
JY		 1/** @file\r
2 Implement TPM2 NVStorage related command.\r
3\r
dd577319 4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
289b714b 5SPDX-License-Identifier: BSD-2-Clause-Patent\r
c1d93242
JY		 6\r
7**/\r
8\r
9#include <IndustryStandard/UefiTcgPlatform.h>\r
10#include <Library/Tpm2CommandLib.h>\r
11#include <Library/Tpm2DeviceLib.h>\r
12#include <Library/BaseMemoryLib.h>\r
13#include <Library/BaseLib.h>\r
14#include <Library/DebugLib.h>\r
15\r
16#pragma pack(1)\r
17\r
c411b485 18#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)\r
c1d93242 19\r
c411b485
MK		 20#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
21#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)\r
22#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)\r
c1d93242 23\r
c411b485
MK		 24#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
25#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)\r
c1d93242 26\r
c411b485
MK		 27#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)\r
28#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)\r
29#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)\r
30#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)\r
c1d93242 31\r
c411b485
MK		 32#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)\r
33#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)\r
34#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)\r
35#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)\r
c1d93242
JY		 36\r
37typedef struct {\r
c411b485
MK		 38 TPM2_COMMAND_HEADER Header;\r
39 TPMI_RH_NV_INDEX NvIndex;\r
c1d93242
JY		 40} TPM2_NV_READPUBLIC_COMMAND;\r
41\r
42typedef struct {\r
c411b485
MK		 43 TPM2_RESPONSE_HEADER Header;\r
44 TPM2B_NV_PUBLIC NvPublic;\r
45 TPM2B_NAME NvName;\r
c1d93242
JY		 46} TPM2_NV_READPUBLIC_RESPONSE;\r
47\r
48typedef struct {\r
c411b485
MK		 49 TPM2_COMMAND_HEADER Header;\r
50 TPMI_RH_PROVISION AuthHandle;\r
51 UINT32 AuthSessionSize;\r
52 TPMS_AUTH_COMMAND AuthSession;\r
53 TPM2B_AUTH Auth;\r
54 TPM2B_NV_PUBLIC NvPublic;\r
c1d93242
JY		 55} TPM2_NV_DEFINESPACE_COMMAND;\r
56\r
57typedef struct {\r
c411b485
MK		 58 TPM2_RESPONSE_HEADER Header;\r
59 UINT32 AuthSessionSize;\r
60 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 61} TPM2_NV_DEFINESPACE_RESPONSE;\r
62\r
63typedef struct {\r
c411b485
MK		 64 TPM2_COMMAND_HEADER Header;\r
65 TPMI_RH_PROVISION AuthHandle;\r
66 TPMI_RH_NV_INDEX NvIndex;\r
67 UINT32 AuthSessionSize;\r
68 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 69} TPM2_NV_UNDEFINESPACE_COMMAND;\r
70\r
71typedef struct {\r
c411b485
MK		 72 TPM2_RESPONSE_HEADER Header;\r
73 UINT32 AuthSessionSize;\r
74 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 75} TPM2_NV_UNDEFINESPACE_RESPONSE;\r
76\r
77typedef struct {\r
c411b485
MK		 78 TPM2_COMMAND_HEADER Header;\r
79 TPMI_RH_NV_AUTH AuthHandle;\r
80 TPMI_RH_NV_INDEX NvIndex;\r
81 UINT32 AuthSessionSize;\r
82 TPMS_AUTH_COMMAND AuthSession;\r
83 UINT16 Size;\r
84 UINT16 Offset;\r
c1d93242
JY		 85} TPM2_NV_READ_COMMAND;\r
86\r
87typedef struct {\r
c411b485
MK		 88 TPM2_RESPONSE_HEADER Header;\r
89 UINT32 AuthSessionSize;\r
90 TPM2B_MAX_BUFFER Data;\r
91 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 92} TPM2_NV_READ_RESPONSE;\r
93\r
94typedef struct {\r
c411b485
MK		 95 TPM2_COMMAND_HEADER Header;\r
96 TPMI_RH_NV_AUTH AuthHandle;\r
97 TPMI_RH_NV_INDEX NvIndex;\r
98 UINT32 AuthSessionSize;\r
99 TPMS_AUTH_COMMAND AuthSession;\r
100 TPM2B_MAX_BUFFER Data;\r
101 UINT16 Offset;\r
c1d93242
JY		 102} TPM2_NV_WRITE_COMMAND;\r
103\r
104typedef struct {\r
c411b485
MK		 105 TPM2_RESPONSE_HEADER Header;\r
106 UINT32 AuthSessionSize;\r
107 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 108} TPM2_NV_WRITE_RESPONSE;\r
109\r
110typedef struct {\r
c411b485
MK		 111 TPM2_COMMAND_HEADER Header;\r
112 TPMI_RH_NV_AUTH AuthHandle;\r
113 TPMI_RH_NV_INDEX NvIndex;\r
114 UINT32 AuthSessionSize;\r
115 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 116} TPM2_NV_READLOCK_COMMAND;\r
117\r
118typedef struct {\r
c411b485
MK		 119 TPM2_RESPONSE_HEADER Header;\r
120 UINT32 AuthSessionSize;\r
121 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 122} TPM2_NV_READLOCK_RESPONSE;\r
123\r
124typedef struct {\r
c411b485
MK		 125 TPM2_COMMAND_HEADER Header;\r
126 TPMI_RH_NV_AUTH AuthHandle;\r
127 TPMI_RH_NV_INDEX NvIndex;\r
128 UINT32 AuthSessionSize;\r
129 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 130} TPM2_NV_WRITELOCK_COMMAND;\r
131\r
132typedef struct {\r
c411b485
MK		 133 TPM2_RESPONSE_HEADER Header;\r
134 UINT32 AuthSessionSize;\r
135 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 136} TPM2_NV_WRITELOCK_RESPONSE;\r
137\r
138typedef struct {\r
c411b485
MK		 139 TPM2_COMMAND_HEADER Header;\r
140 TPMI_RH_PROVISION AuthHandle;\r
141 UINT32 AuthSessionSize;\r
142 TPMS_AUTH_COMMAND AuthSession;\r
c1d93242
JY		 143} TPM2_NV_GLOBALWRITELOCK_COMMAND;\r
144\r
145typedef struct {\r
c411b485
MK		 146 TPM2_RESPONSE_HEADER Header;\r
147 UINT32 AuthSessionSize;\r
148 TPMS_AUTH_RESPONSE AuthSession;\r
c1d93242
JY		 149} TPM2_NV_GLOBALWRITELOCK_RESPONSE;\r
150\r
151#pragma pack()\r
152\r
153/**\r
154 This command is used to read the public area and Name of an NV Index.\r
155\r
156 @param[in] NvIndex The NV Index.\r
157 @param[out] NvPublic The public area of the index.\r
158 @param[out] NvName The Name of the nvIndex.\r
b3548d32 159\r
c1d93242
JY		 160 @retval EFI_SUCCESS Operation completed successfully.\r
161 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
162 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
163**/\r
164EFI_STATUS\r
165EFIAPI\r
166Tpm2NvReadPublic (\r
c411b485
MK		 167 IN TPMI_RH_NV_INDEX NvIndex,\r
168 OUT TPM2B_NV_PUBLIC *NvPublic,\r
169 OUT TPM2B_NAME *NvName\r
c1d93242
JY		 170 )\r
171{\r
c411b485
MK		 172 EFI_STATUS Status;\r
173 TPM2_NV_READPUBLIC_COMMAND SendBuffer;\r
174 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer;\r
175 UINT32 SendBufferSize;\r
176 UINT32 RecvBufferSize;\r
177 UINT16 NvPublicSize;\r
178 UINT16 NvNameSize;\r
179 UINT8 *Buffer;\r
180 TPM_RC ResponseCode;\r
c1d93242
JY		 181\r
182 //\r
183 // Construct command\r
184 //\r
c411b485
MK		 185 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);\r
186 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadPublic);\r
c1d93242
JY		 187\r
188 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
b3548d32 189\r
c411b485 190 SendBufferSize = (UINT32)sizeof (SendBuffer);\r
c1d93242
JY		 191 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
192\r
193 //\r
194 // send Tpm command\r
195 //\r
196 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 197 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242
JY		 198 if (EFI_ERROR (Status)) {\r
199 return Status;\r
200 }\r
201\r
202 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 203 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
c1d93242
JY		 204 return EFI_DEVICE_ERROR;\r
205 }\r
c411b485
MK		 206\r
207 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 208 if (ResponseCode != TPM_RC_SUCCESS) {\r
c411b485 209 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
c1d93242 210 }\r
c411b485 211\r
c1d93242 212 switch (ResponseCode) {\r
c411b485
MK		 213 case TPM_RC_SUCCESS:\r
214 // return data\r
215 break;\r
216 case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED:\r
217 return EFI_NOT_FOUND;\r
218 case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex:\r
219 return EFI_INVALID_PARAMETER;\r
220 default:\r
221 return EFI_DEVICE_ERROR;\r
c1d93242
JY		 222 }\r
223\r
c411b485 224 if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof (UINT16)) {\r
e905fbb0 225 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
c1d93242
JY		 226 return EFI_NOT_FOUND;\r
227 }\r
228\r
229 //\r
230 // Basic check\r
231 //\r
232 NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);\r
c411b485 233 if (NvPublicSize > sizeof (TPMS_NV_PUBLIC)) {\r
dd577319
ZC		 234 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));\r
235 return EFI_DEVICE_ERROR;\r
236 }\r
237\r
c411b485
MK		 238 NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize)));\r
239 if (NvNameSize > sizeof (TPMU_NAME)) {\r
dd577319
ZC		 240 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));\r
241 return EFI_DEVICE_ERROR;\r
242 }\r
c1d93242 243\r
c411b485 244 if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16) + NvNameSize) {\r
e905fbb0 245 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));\r
c1d93242
JY		 246 return EFI_NOT_FOUND;\r
247 }\r
248\r
249 //\r
250 // Return the response\r
251 //\r
c411b485
MK		 252 CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof (UINT16) + NvPublicSize);\r
253 NvPublic->size = NvPublicSize;\r
c1d93242
JY		 254 NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);\r
255 NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);\r
256 WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
257 NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);\r
c411b485
MK		 258 Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;\r
259 Buffer += sizeof (UINT16) + NvPublic->nvPublic.authPolicy.size;\r
260 NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r
c1d93242 261\r
c411b485 262 CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16), NvNameSize);\r
c1d93242 263 NvName->size = NvNameSize;\r
b3548d32 264\r
c1d93242
JY		 265 return EFI_SUCCESS;\r
266}\r
267\r
268/**\r
269 This command defines the attributes of an NV Index and causes the TPM to\r
270 reserve space to hold the data associated with the index.\r
271 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r
272\r
273 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
274 @param[in] AuthSession Auth Session context\r
275 @param[in] Auth The authorization data.\r
276 @param[in] NvPublic The public area of the index.\r
b3548d32 277\r
c1d93242
JY		 278 @retval EFI_SUCCESS Operation completed successfully.\r
279 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
280 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r
281**/\r
282EFI_STATUS\r
283EFIAPI\r
284Tpm2NvDefineSpace (\r
c411b485
MK		 285 IN TPMI_RH_PROVISION AuthHandle,\r
286 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
287 IN TPM2B_AUTH *Auth,\r
288 IN TPM2B_NV_PUBLIC *NvPublic\r
c1d93242
JY		 289 )\r
290{\r
c411b485
MK		 291 EFI_STATUS Status;\r
292 TPM2_NV_DEFINESPACE_COMMAND SendBuffer;\r
293 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;\r
294 UINT32 SendBufferSize;\r
295 UINT32 RecvBufferSize;\r
296 UINT16 NvPublicSize;\r
297 UINT8 *Buffer;\r
298 UINT32 SessionInfoSize;\r
299 TPM_RC ResponseCode;\r
c1d93242
JY		 300\r
301 //\r
302 // Construct command\r
303 //\r
c411b485
MK		 304 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
305 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_DefineSpace);\r
306 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
c1d93242
JY		 307\r
308 //\r
309 // Add in Auth session\r
310 //\r
311 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
312\r
313 // sessionInfoSize\r
c411b485
MK		 314 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
315 Buffer += SessionInfoSize;\r
316 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242
JY		 317\r
318 //\r
319 // IndexAuth\r
320 //\r
c411b485
MK		 321 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Auth->size));\r
322 Buffer += sizeof (UINT16);\r
323 CopyMem (Buffer, Auth->buffer, Auth->size);\r
c1d93242
JY		 324 Buffer += Auth->size;\r
325\r
326 //\r
327 // NvPublic\r
328 //\r
329 NvPublicSize = NvPublic->size;\r
330\r
331 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));\r
c411b485 332 Buffer += sizeof (UINT16);\r
c1d93242 333 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));\r
c411b485 334 Buffer += sizeof (UINT32);\r
c1d93242 335 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));\r
c411b485 336 Buffer += sizeof (UINT16);\r
c1d93242 337 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
c411b485 338 Buffer += sizeof (UINT32);\r
c1d93242 339 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));\r
c411b485 340 Buffer += sizeof (UINT16);\r
c1d93242
JY		 341 CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);\r
342 Buffer += NvPublic->nvPublic.authPolicy.size;\r
343 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));\r
c411b485 344 Buffer += sizeof (UINT16);\r
c1d93242 345\r
c411b485 346 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 347 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
348\r
349 //\r
350 // send Tpm command\r
351 //\r
352 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 353 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 354 if (EFI_ERROR (Status)) {\r
7ae130da 355 goto Done;\r
c1d93242
JY		 356 }\r
357\r
358 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 359 DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 360 Status = EFI_DEVICE_ERROR;\r
361 goto Done;\r
c1d93242
JY		 362 }\r
363\r
c411b485 364 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 365 if (ResponseCode != TPM_RC_SUCCESS) {\r
c411b485 366 DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
c1d93242 367 }\r
c411b485 368\r
c1d93242 369 switch (ResponseCode) {\r
c411b485
MK		 370 case TPM_RC_SUCCESS:\r
371 // return data\r
372 break;\r
373 case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo:\r
374 case TPM_RC_SIZE + RC_NV_DefineSpace_auth:\r
375 Status = EFI_BAD_BUFFER_SIZE;\r
376 break;\r
377 case TPM_RC_ATTRIBUTES:\r
378 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo:\r
379 Status = EFI_UNSUPPORTED;\r
380 break;\r
381 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle:\r
382 Status = EFI_INVALID_PARAMETER;\r
383 break;\r
384 case TPM_RC_NV_DEFINED:\r
385 Status = EFI_ALREADY_STARTED;\r
386 break;\r
387 case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo:\r
388 case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle:\r
389 Status = EFI_INVALID_PARAMETER;\r
390 break;\r
391 case TPM_RC_NV_SPACE:\r
392 Status = EFI_OUT_OF_RESOURCES;\r
393 break;\r
394 default:\r
395 Status = EFI_DEVICE_ERROR;\r
396 break;\r
c1d93242 397 }\r
7ae130da
JY		 398\r
399Done:\r
400 //\r
401 // Clear AuthSession Content\r
402 //\r
c411b485
MK		 403 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
404 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 405 return Status;\r
c1d93242
JY		 406}\r
407\r
408/**\r
409 This command removes an index from the TPM.\r
410\r
411 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
412 @param[in] NvIndex The NV Index.\r
413 @param[in] AuthSession Auth Session context\r
b3548d32 414\r
c1d93242
JY		 415 @retval EFI_SUCCESS Operation completed successfully.\r
416 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
417 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
418**/\r
419EFI_STATUS\r
420EFIAPI\r
421Tpm2NvUndefineSpace (\r
c411b485
MK		 422 IN TPMI_RH_PROVISION AuthHandle,\r
423 IN TPMI_RH_NV_INDEX NvIndex,\r
424 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
c1d93242
JY		 425 )\r
426{\r
c411b485
MK		 427 EFI_STATUS Status;\r
428 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer;\r
429 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer;\r
430 UINT32 SendBufferSize;\r
431 UINT32 RecvBufferSize;\r
432 UINT8 *Buffer;\r
433 UINT32 SessionInfoSize;\r
434 TPM_RC ResponseCode;\r
c1d93242
JY		 435\r
436 //\r
437 // Construct command\r
438 //\r
c411b485
MK		 439 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
440 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_UndefineSpace);\r
c1d93242
JY		 441\r
442 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
c411b485 443 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
c1d93242
JY		 444\r
445 //\r
446 // Add in Auth session\r
447 //\r
448 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
449\r
450 // sessionInfoSize\r
c411b485
MK		 451 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
452 Buffer += SessionInfoSize;\r
453 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 454\r
c411b485 455 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 456 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
457\r
458 //\r
459 // send Tpm command\r
460 //\r
461 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 462 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 463 if (EFI_ERROR (Status)) {\r
7ae130da 464 goto Done;\r
c1d93242
JY		 465 }\r
466\r
467 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 468 DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 469 Status = EFI_DEVICE_ERROR;\r
470 goto Done;\r
c1d93242
JY		 471 }\r
472\r
c411b485 473 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 474 if (ResponseCode != TPM_RC_SUCCESS) {\r
c411b485 475 DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
c1d93242 476 }\r
c411b485 477\r
c1d93242 478 switch (ResponseCode) {\r
c411b485
MK		 479 case TPM_RC_SUCCESS:\r
480 // return data\r
481 break;\r
482 case TPM_RC_ATTRIBUTES:\r
483 case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex:\r
484 Status = EFI_UNSUPPORTED;\r
485 break;\r
486 case TPM_RC_NV_AUTHORIZATION:\r
487 Status = EFI_SECURITY_VIOLATION;\r
488 break;\r
489 case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED:\r
490 Status = EFI_NOT_FOUND;\r
491 break;\r
492 case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED:\r
493 Status = EFI_INVALID_PARAMETER;\r
494 break;\r
495 case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle:\r
496 case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:\r
497 Status = EFI_INVALID_PARAMETER;\r
498 break;\r
499 default:\r
500 Status = EFI_DEVICE_ERROR;\r
501 break;\r
c1d93242
JY		 502 }\r
503\r
7ae130da
JY		 504Done:\r
505 //\r
506 // Clear AuthSession Content\r
507 //\r
c411b485
MK		 508 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
509 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 510 return Status;\r
c1d93242
JY		 511}\r
512\r
513/**\r
514 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r
515\r
516 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
517 @param[in] NvIndex The index to be read.\r
518 @param[in] AuthSession Auth Session context\r
519 @param[in] Size Number of bytes to read.\r
520 @param[in] Offset Byte offset into the area.\r
521 @param[in,out] OutData The data read.\r
b3548d32 522\r
c1d93242
JY		 523 @retval EFI_SUCCESS Operation completed successfully.\r
524 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
525 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
526**/\r
527EFI_STATUS\r
528EFIAPI\r
529Tpm2NvRead (\r
c411b485
MK		 530 IN TPMI_RH_NV_AUTH AuthHandle,\r
531 IN TPMI_RH_NV_INDEX NvIndex,\r
532 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
533 IN UINT16 Size,\r
534 IN UINT16 Offset,\r
535 IN OUT TPM2B_MAX_BUFFER *OutData\r
c1d93242
JY		 536 )\r
537{\r
c411b485
MK		 538 EFI_STATUS Status;\r
539 TPM2_NV_READ_COMMAND SendBuffer;\r
540 TPM2_NV_READ_RESPONSE RecvBuffer;\r
541 UINT32 SendBufferSize;\r
542 UINT32 RecvBufferSize;\r
543 UINT8 *Buffer;\r
544 UINT32 SessionInfoSize;\r
545 TPM_RC ResponseCode;\r
c1d93242
JY		 546\r
547 //\r
548 // Construct command\r
549 //\r
c411b485
MK		 550 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
551 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Read);\r
c1d93242
JY		 552\r
553 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
c411b485 554 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
c1d93242
JY		 555\r
556 //\r
557 // Add in Auth session\r
558 //\r
559 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
560\r
561 // sessionInfoSize\r
c411b485
MK		 562 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
563 Buffer += SessionInfoSize;\r
564 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242
JY		 565\r
566 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));\r
c411b485 567 Buffer += sizeof (UINT16);\r
c1d93242 568 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
c411b485 569 Buffer += sizeof (UINT16);\r
c1d93242 570\r
c411b485 571 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 572 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
573\r
574 //\r
575 // send Tpm command\r
576 //\r
577 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 578 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 579 if (EFI_ERROR (Status)) {\r
7ae130da 580 goto Done;\r
c1d93242
JY		 581 }\r
582\r
583 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 584 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 585 Status = EFI_DEVICE_ERROR;\r
586 goto Done;\r
c1d93242 587 }\r
c411b485
MK		 588\r
589 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 590 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 591 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));\r
c1d93242 592 }\r
c411b485 593\r
c1d93242 594 switch (ResponseCode) {\r
c411b485
MK		 595 case TPM_RC_SUCCESS:\r
596 // return data\r
597 break;\r
598 case TPM_RC_NV_AUTHORIZATION:\r
599 Status = EFI_SECURITY_VIOLATION;\r
600 break;\r
601 case TPM_RC_NV_LOCKED:\r
602 Status = EFI_ACCESS_DENIED;\r
603 break;\r
604 case TPM_RC_NV_RANGE:\r
605 Status = EFI_BAD_BUFFER_SIZE;\r
606 break;\r
607 case TPM_RC_NV_UNINITIALIZED:\r
608 Status = EFI_NOT_READY;\r
609 break;\r
610 case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED:\r
611 Status = EFI_NOT_FOUND;\r
612 break;\r
613 case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED:\r
614 Status = EFI_INVALID_PARAMETER;\r
615 break;\r
616 case TPM_RC_VALUE + RC_NV_Read_nvIndex:\r
617 case TPM_RC_VALUE + RC_NV_Read_authHandle:\r
618 Status = EFI_INVALID_PARAMETER;\r
619 break;\r
620 case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S:\r
621 Status = EFI_INVALID_PARAMETER;\r
622 break;\r
623 case TPM_RC_AUTH_UNAVAILABLE:\r
624 Status = EFI_INVALID_PARAMETER;\r
625 break;\r
626 case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S:\r
627 Status = EFI_INVALID_PARAMETER;\r
628 break;\r
629 case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S:\r
630 Status = EFI_UNSUPPORTED;\r
631 break;\r
632 default:\r
633 Status = EFI_DEVICE_ERROR;\r
634 break;\r
7ae130da 635 }\r
c411b485 636\r
7ae130da
JY		 637 if (Status != EFI_SUCCESS) {\r
638 goto Done;\r
c1d93242
JY		 639 }\r
640\r
641 //\r
642 // Return the response\r
643 //\r
644 OutData->size = SwapBytes16 (RecvBuffer.Data.size);\r
dd577319
ZC		 645 if (OutData->size > MAX_DIGEST_BUFFER) {\r
646 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size));\r
647 Status = EFI_DEVICE_ERROR;\r
648 goto Done;\r
649 }\r
650\r
c1d93242 651 CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);\r
b3548d32 652\r
7ae130da
JY		 653Done:\r
654 //\r
655 // Clear AuthSession Content\r
656 //\r
c411b485
MK		 657 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
658 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 659 return Status;\r
c1d93242
JY		 660}\r
661\r
662/**\r
663 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r
664\r
665 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
666 @param[in] NvIndex The NV Index of the area to write.\r
667 @param[in] AuthSession Auth Session context\r
668 @param[in] InData The data to write.\r
669 @param[in] Offset The offset into the NV Area.\r
b3548d32 670\r
c1d93242
JY		 671 @retval EFI_SUCCESS Operation completed successfully.\r
672 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
673 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
674**/\r
675EFI_STATUS\r
676EFIAPI\r
677Tpm2NvWrite (\r
c411b485
MK		 678 IN TPMI_RH_NV_AUTH AuthHandle,\r
679 IN TPMI_RH_NV_INDEX NvIndex,\r
680 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r
681 IN TPM2B_MAX_BUFFER *InData,\r
682 IN UINT16 Offset\r
c1d93242
JY		 683 )\r
684{\r
c411b485
MK		 685 EFI_STATUS Status;\r
686 TPM2_NV_WRITE_COMMAND SendBuffer;\r
687 TPM2_NV_WRITE_RESPONSE RecvBuffer;\r
688 UINT32 SendBufferSize;\r
689 UINT32 RecvBufferSize;\r
690 UINT8 *Buffer;\r
691 UINT32 SessionInfoSize;\r
692 TPM_RC ResponseCode;\r
c1d93242
JY		 693\r
694 //\r
695 // Construct command\r
696 //\r
c411b485
MK		 697 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
698 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Write);\r
c1d93242
JY		 699\r
700 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
c411b485 701 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
c1d93242
JY		 702\r
703 //\r
704 // Add in Auth session\r
705 //\r
706 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
707\r
708 // sessionInfoSize\r
c411b485
MK		 709 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
710 Buffer += SessionInfoSize;\r
711 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242
JY		 712\r
713 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));\r
c411b485 714 Buffer += sizeof (UINT16);\r
c1d93242
JY		 715 CopyMem (Buffer, InData->buffer, InData->size);\r
716 Buffer += InData->size;\r
717 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
c411b485 718 Buffer += sizeof (UINT16);\r
c1d93242 719\r
c411b485 720 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 721 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
722\r
723 //\r
724 // send Tpm command\r
725 //\r
726 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 727 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 728 if (EFI_ERROR (Status)) {\r
7ae130da 729 goto Done;\r
c1d93242
JY		 730 }\r
731\r
732 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 733 DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 734 Status = EFI_DEVICE_ERROR;\r
735 goto Done;\r
c1d93242 736 }\r
c411b485
MK		 737\r
738 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 739 if (ResponseCode != TPM_RC_SUCCESS) {\r
e905fbb0 740 DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));\r
c1d93242 741 }\r
c411b485 742\r
c1d93242 743 switch (ResponseCode) {\r
c411b485
MK		 744 case TPM_RC_SUCCESS:\r
745 // return data\r
746 break;\r
747 case TPM_RC_ATTRIBUTES:\r
748 Status = EFI_UNSUPPORTED;\r
749 break;\r
750 case TPM_RC_NV_AUTHORIZATION:\r
751 Status = EFI_SECURITY_VIOLATION;\r
752 break;\r
753 case TPM_RC_NV_LOCKED:\r
754 Status = EFI_ACCESS_DENIED;\r
755 break;\r
756 case TPM_RC_NV_RANGE:\r
757 Status = EFI_BAD_BUFFER_SIZE;\r
758 break;\r
759 case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED:\r
760 Status = EFI_NOT_FOUND;\r
761 break;\r
762 case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED:\r
763 Status = EFI_INVALID_PARAMETER;\r
764 break;\r
765 case TPM_RC_VALUE + RC_NV_Write_nvIndex:\r
766 case TPM_RC_VALUE + RC_NV_Write_authHandle:\r
767 Status = EFI_INVALID_PARAMETER;\r
768 break;\r
769 case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S:\r
770 Status = EFI_INVALID_PARAMETER;\r
771 break;\r
772 case TPM_RC_AUTH_UNAVAILABLE:\r
773 Status = EFI_INVALID_PARAMETER;\r
774 break;\r
775 case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S:\r
776 Status = EFI_INVALID_PARAMETER;\r
777 break;\r
778 case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S:\r
779 Status = EFI_UNSUPPORTED;\r
780 break;\r
781 default:\r
782 Status = EFI_DEVICE_ERROR;\r
783 break;\r
c1d93242 784 }\r
7ae130da
JY		 785\r
786Done:\r
787 //\r
788 // Clear AuthSession Content\r
789 //\r
c411b485
MK		 790 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
791 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 792 return Status;\r
c1d93242
JY		 793}\r
794\r
795/**\r
796 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r
797\r
798 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
799 @param[in] NvIndex The NV Index of the area to lock.\r
800 @param[in] AuthSession Auth Session context\r
801\r
802 @retval EFI_SUCCESS Operation completed successfully.\r
803 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
804 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
805**/\r
806EFI_STATUS\r
807EFIAPI\r
808Tpm2NvReadLock (\r
c411b485
MK		 809 IN TPMI_RH_NV_AUTH AuthHandle,\r
810 IN TPMI_RH_NV_INDEX NvIndex,\r
811 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
c1d93242
JY		 812 )\r
813{\r
c411b485
MK		 814 EFI_STATUS Status;\r
815 TPM2_NV_READLOCK_COMMAND SendBuffer;\r
816 TPM2_NV_READLOCK_RESPONSE RecvBuffer;\r
817 UINT32 SendBufferSize;\r
818 UINT32 RecvBufferSize;\r
819 UINT8 *Buffer;\r
820 UINT32 SessionInfoSize;\r
821 TPM_RC ResponseCode;\r
c1d93242
JY		 822\r
823 //\r
824 // Construct command\r
825 //\r
c411b485
MK		 826 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
827 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadLock);\r
c1d93242
JY		 828\r
829 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
c411b485 830 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
c1d93242
JY		 831\r
832 //\r
833 // Add in Auth session\r
834 //\r
835 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
836\r
837 // sessionInfoSize\r
c411b485
MK		 838 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
839 Buffer += SessionInfoSize;\r
840 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 841\r
c411b485 842 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 843 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
844\r
845 //\r
846 // send Tpm command\r
847 //\r
848 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 849 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 850 if (EFI_ERROR (Status)) {\r
7ae130da 851 goto Done;\r
c1d93242
JY		 852 }\r
853\r
854 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 855 DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 856 Status = EFI_DEVICE_ERROR;\r
857 goto Done;\r
c1d93242
JY		 858 }\r
859\r
c411b485 860 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 861 if (ResponseCode != TPM_RC_SUCCESS) {\r
c411b485 862 DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
c1d93242 863 }\r
c411b485 864\r
c1d93242 865 switch (ResponseCode) {\r
c411b485
MK		 866 case TPM_RC_SUCCESS:\r
867 // return data\r
868 break;\r
869 default:\r
870 Status = EFI_DEVICE_ERROR;\r
871 break;\r
c1d93242
JY		 872 }\r
873\r
7ae130da
JY		 874Done:\r
875 //\r
876 // Clear AuthSession Content\r
877 //\r
c411b485
MK		 878 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
879 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 880 return Status;\r
c1d93242
JY		 881}\r
882\r
883/**\r
884 This command may be used to inhibit further writes of the Index.\r
885\r
886 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
887 @param[in] NvIndex The NV Index of the area to lock.\r
888 @param[in] AuthSession Auth Session context\r
889\r
890 @retval EFI_SUCCESS Operation completed successfully.\r
891 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
892 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
893**/\r
894EFI_STATUS\r
895EFIAPI\r
896Tpm2NvWriteLock (\r
c411b485
MK		 897 IN TPMI_RH_NV_AUTH AuthHandle,\r
898 IN TPMI_RH_NV_INDEX NvIndex,\r
899 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
c1d93242
JY		 900 )\r
901{\r
c411b485
MK		 902 EFI_STATUS Status;\r
903 TPM2_NV_WRITELOCK_COMMAND SendBuffer;\r
904 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer;\r
905 UINT32 SendBufferSize;\r
906 UINT32 RecvBufferSize;\r
907 UINT8 *Buffer;\r
908 UINT32 SessionInfoSize;\r
909 TPM_RC ResponseCode;\r
c1d93242
JY		 910\r
911 //\r
912 // Construct command\r
913 //\r
c411b485
MK		 914 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
915 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_WriteLock);\r
c1d93242
JY		 916\r
917 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
c411b485 918 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
c1d93242
JY		 919\r
920 //\r
921 // Add in Auth session\r
922 //\r
923 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
924\r
925 // sessionInfoSize\r
c411b485
MK		 926 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
927 Buffer += SessionInfoSize;\r
928 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 929\r
c411b485 930 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 931 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
932\r
933 //\r
934 // send Tpm command\r
935 //\r
936 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 937 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 938 if (EFI_ERROR (Status)) {\r
7ae130da 939 goto Done;\r
c1d93242
JY		 940 }\r
941\r
942 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 943 DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 944 Status = EFI_DEVICE_ERROR;\r
945 goto Done;\r
c1d93242
JY		 946 }\r
947\r
c411b485 948 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 949 if (ResponseCode != TPM_RC_SUCCESS) {\r
c411b485 950 DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
c1d93242 951 }\r
c411b485 952\r
c1d93242 953 switch (ResponseCode) {\r
c411b485
MK		 954 case TPM_RC_SUCCESS:\r
955 // return data\r
956 break;\r
957 default:\r
958 Status = EFI_DEVICE_ERROR;\r
959 break;\r
c1d93242
JY		 960 }\r
961\r
7ae130da
JY		 962Done:\r
963 //\r
964 // Clear AuthSession Content\r
965 //\r
c411b485
MK		 966 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
967 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 968 return Status;\r
c1d93242
JY		 969}\r
970\r
971/**\r
972 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r
973\r
974 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
975 @param[in] AuthSession Auth Session context\r
976\r
977 @retval EFI_SUCCESS Operation completed successfully.\r
978 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
979 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
980**/\r
981EFI_STATUS\r
982EFIAPI\r
983Tpm2NvGlobalWriteLock (\r
c411b485
MK		 984 IN TPMI_RH_PROVISION AuthHandle,\r
985 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
c1d93242
JY		 986 )\r
987{\r
988 EFI_STATUS Status;\r
989 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer;\r
990 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer;\r
991 UINT32 SendBufferSize;\r
992 UINT32 RecvBufferSize;\r
993 UINT8 *Buffer;\r
994 UINT32 SessionInfoSize;\r
995 TPM_RC ResponseCode;\r
996\r
997 //\r
998 // Construct command\r
999 //\r
c411b485
MK		 1000 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r
1001 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_GlobalWriteLock);\r
c1d93242
JY		 1002\r
1003 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
1004\r
1005 //\r
1006 // Add in Auth session\r
1007 //\r
1008 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
1009\r
1010 // sessionInfoSize\r
c411b485
MK		 1011 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
1012 Buffer += SessionInfoSize;\r
1013 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r
c1d93242 1014\r
c411b485 1015 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
c1d93242
JY		 1016 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
1017\r
1018 //\r
1019 // send Tpm command\r
1020 //\r
1021 RecvBufferSize = sizeof (RecvBuffer);\r
c411b485 1022 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
c1d93242 1023 if (EFI_ERROR (Status)) {\r
7ae130da 1024 goto Done;\r
c1d93242
JY		 1025 }\r
1026\r
1027 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0 1028 DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da
JY		 1029 Status = EFI_DEVICE_ERROR;\r
1030 goto Done;\r
c1d93242
JY		 1031 }\r
1032\r
c411b485 1033 ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r
c1d93242 1034 if (ResponseCode != TPM_RC_SUCCESS) {\r
c411b485 1035 DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r
c1d93242 1036 }\r
c411b485 1037\r
c1d93242 1038 switch (ResponseCode) {\r
c411b485
MK		 1039 case TPM_RC_SUCCESS:\r
1040 // return data\r
1041 break;\r
1042 default:\r
1043 Status = EFI_DEVICE_ERROR;\r
1044 break;\r
c1d93242
JY		 1045 }\r
1046\r
7ae130da
JY		 1047Done:\r
1048 //\r
1049 // Clear AuthSession Content\r
1050 //\r
c411b485
MK		 1051 ZeroMem (&SendBuffer, sizeof (SendBuffer));\r
1052 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r
7ae130da 1053 return Status;\r
c1d93242 1054}\r
EFI Development Kit II mirror for PVE