]>
Commit | Line | Data |
---|---|---|
c1d93242 JY |
1 | /** @file\r |
2 | Implement TPM2 NVStorage related command.\r | |
3 | \r | |
dd577319 | 4 | Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
c1d93242 JY |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include <IndustryStandard/UefiTcgPlatform.h>\r | |
10 | #include <Library/Tpm2CommandLib.h>\r | |
11 | #include <Library/Tpm2DeviceLib.h>\r | |
12 | #include <Library/BaseMemoryLib.h>\r | |
13 | #include <Library/BaseLib.h>\r | |
14 | #include <Library/DebugLib.h>\r | |
15 | \r | |
16 | #pragma pack(1)\r | |
17 | \r | |
c411b485 | 18 | #define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)\r |
c1d93242 | 19 | \r |
c411b485 MK |
20 | #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r |
21 | #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)\r | |
22 | #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)\r | |
c1d93242 | 23 | \r |
c411b485 MK |
24 | #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r |
25 | #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)\r | |
c1d93242 | 26 | \r |
c411b485 MK |
27 | #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)\r |
28 | #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)\r | |
29 | #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)\r | |
30 | #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)\r | |
c1d93242 | 31 | \r |
c411b485 MK |
32 | #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)\r |
33 | #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)\r | |
34 | #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)\r | |
35 | #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)\r | |
c1d93242 JY |
36 | \r |
37 | typedef struct {\r | |
c411b485 MK |
38 | TPM2_COMMAND_HEADER Header;\r |
39 | TPMI_RH_NV_INDEX NvIndex;\r | |
c1d93242 JY |
40 | } TPM2_NV_READPUBLIC_COMMAND;\r |
41 | \r | |
42 | typedef struct {\r | |
c411b485 MK |
43 | TPM2_RESPONSE_HEADER Header;\r |
44 | TPM2B_NV_PUBLIC NvPublic;\r | |
45 | TPM2B_NAME NvName;\r | |
c1d93242 JY |
46 | } TPM2_NV_READPUBLIC_RESPONSE;\r |
47 | \r | |
48 | typedef struct {\r | |
c411b485 MK |
49 | TPM2_COMMAND_HEADER Header;\r |
50 | TPMI_RH_PROVISION AuthHandle;\r | |
51 | UINT32 AuthSessionSize;\r | |
52 | TPMS_AUTH_COMMAND AuthSession;\r | |
53 | TPM2B_AUTH Auth;\r | |
54 | TPM2B_NV_PUBLIC NvPublic;\r | |
c1d93242 JY |
55 | } TPM2_NV_DEFINESPACE_COMMAND;\r |
56 | \r | |
57 | typedef struct {\r | |
c411b485 MK |
58 | TPM2_RESPONSE_HEADER Header;\r |
59 | UINT32 AuthSessionSize;\r | |
60 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
61 | } TPM2_NV_DEFINESPACE_RESPONSE;\r |
62 | \r | |
63 | typedef struct {\r | |
c411b485 MK |
64 | TPM2_COMMAND_HEADER Header;\r |
65 | TPMI_RH_PROVISION AuthHandle;\r | |
66 | TPMI_RH_NV_INDEX NvIndex;\r | |
67 | UINT32 AuthSessionSize;\r | |
68 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
69 | } TPM2_NV_UNDEFINESPACE_COMMAND;\r |
70 | \r | |
71 | typedef struct {\r | |
c411b485 MK |
72 | TPM2_RESPONSE_HEADER Header;\r |
73 | UINT32 AuthSessionSize;\r | |
74 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
75 | } TPM2_NV_UNDEFINESPACE_RESPONSE;\r |
76 | \r | |
77 | typedef struct {\r | |
c411b485 MK |
78 | TPM2_COMMAND_HEADER Header;\r |
79 | TPMI_RH_NV_AUTH AuthHandle;\r | |
80 | TPMI_RH_NV_INDEX NvIndex;\r | |
81 | UINT32 AuthSessionSize;\r | |
82 | TPMS_AUTH_COMMAND AuthSession;\r | |
83 | UINT16 Size;\r | |
84 | UINT16 Offset;\r | |
c1d93242 JY |
85 | } TPM2_NV_READ_COMMAND;\r |
86 | \r | |
87 | typedef struct {\r | |
c411b485 MK |
88 | TPM2_RESPONSE_HEADER Header;\r |
89 | UINT32 AuthSessionSize;\r | |
90 | TPM2B_MAX_BUFFER Data;\r | |
91 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
92 | } TPM2_NV_READ_RESPONSE;\r |
93 | \r | |
94 | typedef struct {\r | |
c411b485 MK |
95 | TPM2_COMMAND_HEADER Header;\r |
96 | TPMI_RH_NV_AUTH AuthHandle;\r | |
97 | TPMI_RH_NV_INDEX NvIndex;\r | |
98 | UINT32 AuthSessionSize;\r | |
99 | TPMS_AUTH_COMMAND AuthSession;\r | |
100 | TPM2B_MAX_BUFFER Data;\r | |
101 | UINT16 Offset;\r | |
c1d93242 JY |
102 | } TPM2_NV_WRITE_COMMAND;\r |
103 | \r | |
104 | typedef struct {\r | |
c411b485 MK |
105 | TPM2_RESPONSE_HEADER Header;\r |
106 | UINT32 AuthSessionSize;\r | |
107 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
108 | } TPM2_NV_WRITE_RESPONSE;\r |
109 | \r | |
110 | typedef struct {\r | |
c411b485 MK |
111 | TPM2_COMMAND_HEADER Header;\r |
112 | TPMI_RH_NV_AUTH AuthHandle;\r | |
113 | TPMI_RH_NV_INDEX NvIndex;\r | |
114 | UINT32 AuthSessionSize;\r | |
115 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
116 | } TPM2_NV_READLOCK_COMMAND;\r |
117 | \r | |
118 | typedef struct {\r | |
c411b485 MK |
119 | TPM2_RESPONSE_HEADER Header;\r |
120 | UINT32 AuthSessionSize;\r | |
121 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
122 | } TPM2_NV_READLOCK_RESPONSE;\r |
123 | \r | |
124 | typedef struct {\r | |
c411b485 MK |
125 | TPM2_COMMAND_HEADER Header;\r |
126 | TPMI_RH_NV_AUTH AuthHandle;\r | |
127 | TPMI_RH_NV_INDEX NvIndex;\r | |
128 | UINT32 AuthSessionSize;\r | |
129 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
130 | } TPM2_NV_WRITELOCK_COMMAND;\r |
131 | \r | |
132 | typedef struct {\r | |
c411b485 MK |
133 | TPM2_RESPONSE_HEADER Header;\r |
134 | UINT32 AuthSessionSize;\r | |
135 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
136 | } TPM2_NV_WRITELOCK_RESPONSE;\r |
137 | \r | |
138 | typedef struct {\r | |
c411b485 MK |
139 | TPM2_COMMAND_HEADER Header;\r |
140 | TPMI_RH_PROVISION AuthHandle;\r | |
141 | UINT32 AuthSessionSize;\r | |
142 | TPMS_AUTH_COMMAND AuthSession;\r | |
c1d93242 JY |
143 | } TPM2_NV_GLOBALWRITELOCK_COMMAND;\r |
144 | \r | |
145 | typedef struct {\r | |
c411b485 MK |
146 | TPM2_RESPONSE_HEADER Header;\r |
147 | UINT32 AuthSessionSize;\r | |
148 | TPMS_AUTH_RESPONSE AuthSession;\r | |
c1d93242 JY |
149 | } TPM2_NV_GLOBALWRITELOCK_RESPONSE;\r |
150 | \r | |
151 | #pragma pack()\r | |
152 | \r | |
153 | /**\r | |
154 | This command is used to read the public area and Name of an NV Index.\r | |
155 | \r | |
156 | @param[in] NvIndex The NV Index.\r | |
157 | @param[out] NvPublic The public area of the index.\r | |
158 | @param[out] NvName The Name of the nvIndex.\r | |
b3548d32 | 159 | \r |
c1d93242 JY |
160 | @retval EFI_SUCCESS Operation completed successfully.\r |
161 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
162 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
163 | **/\r | |
164 | EFI_STATUS\r | |
165 | EFIAPI\r | |
166 | Tpm2NvReadPublic (\r | |
c411b485 MK |
167 | IN TPMI_RH_NV_INDEX NvIndex,\r |
168 | OUT TPM2B_NV_PUBLIC *NvPublic,\r | |
169 | OUT TPM2B_NAME *NvName\r | |
c1d93242 JY |
170 | )\r |
171 | {\r | |
c411b485 MK |
172 | EFI_STATUS Status;\r |
173 | TPM2_NV_READPUBLIC_COMMAND SendBuffer;\r | |
174 | TPM2_NV_READPUBLIC_RESPONSE RecvBuffer;\r | |
175 | UINT32 SendBufferSize;\r | |
176 | UINT32 RecvBufferSize;\r | |
177 | UINT16 NvPublicSize;\r | |
178 | UINT16 NvNameSize;\r | |
179 | UINT8 *Buffer;\r | |
180 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
181 | \r |
182 | //\r | |
183 | // Construct command\r | |
184 | //\r | |
c411b485 MK |
185 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);\r |
186 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadPublic);\r | |
c1d93242 JY |
187 | \r |
188 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r | |
b3548d32 | 189 | \r |
c411b485 | 190 | SendBufferSize = (UINT32)sizeof (SendBuffer);\r |
c1d93242 JY |
191 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
192 | \r | |
193 | //\r | |
194 | // send Tpm command\r | |
195 | //\r | |
196 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 197 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 JY |
198 | if (EFI_ERROR (Status)) {\r |
199 | return Status;\r | |
200 | }\r | |
201 | \r | |
202 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 203 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
c1d93242 JY |
204 | return EFI_DEVICE_ERROR;\r |
205 | }\r | |
c411b485 MK |
206 | \r |
207 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r | |
c1d93242 | 208 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
c411b485 | 209 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r |
c1d93242 | 210 | }\r |
c411b485 | 211 | \r |
c1d93242 | 212 | switch (ResponseCode) {\r |
c411b485 MK |
213 | case TPM_RC_SUCCESS:\r |
214 | // return data\r | |
215 | break;\r | |
216 | case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED:\r | |
217 | return EFI_NOT_FOUND;\r | |
218 | case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex:\r | |
219 | return EFI_INVALID_PARAMETER;\r | |
220 | default:\r | |
221 | return EFI_DEVICE_ERROR;\r | |
c1d93242 JY |
222 | }\r |
223 | \r | |
c411b485 | 224 | if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof (UINT16)) {\r |
e905fbb0 | 225 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
c1d93242 JY |
226 | return EFI_NOT_FOUND;\r |
227 | }\r | |
228 | \r | |
229 | //\r | |
230 | // Basic check\r | |
231 | //\r | |
232 | NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);\r | |
c411b485 | 233 | if (NvPublicSize > sizeof (TPMS_NV_PUBLIC)) {\r |
dd577319 ZC |
234 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));\r |
235 | return EFI_DEVICE_ERROR;\r | |
236 | }\r | |
237 | \r | |
c411b485 MK |
238 | NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize)));\r |
239 | if (NvNameSize > sizeof (TPMU_NAME)) {\r | |
dd577319 ZC |
240 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));\r |
241 | return EFI_DEVICE_ERROR;\r | |
242 | }\r | |
c1d93242 | 243 | \r |
c411b485 | 244 | if (RecvBufferSize != sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16) + NvNameSize) {\r |
e905fbb0 | 245 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));\r |
c1d93242 JY |
246 | return EFI_NOT_FOUND;\r |
247 | }\r | |
248 | \r | |
249 | //\r | |
250 | // Return the response\r | |
251 | //\r | |
c411b485 MK |
252 | CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof (UINT16) + NvPublicSize);\r |
253 | NvPublic->size = NvPublicSize;\r | |
c1d93242 JY |
254 | NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);\r |
255 | NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);\r | |
256 | WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r | |
257 | NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);\r | |
c411b485 MK |
258 | Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;\r |
259 | Buffer += sizeof (UINT16) + NvPublic->nvPublic.authPolicy.size;\r | |
260 | NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r | |
c1d93242 | 261 | \r |
c411b485 | 262 | CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + NvPublicSize + sizeof (UINT16), NvNameSize);\r |
c1d93242 | 263 | NvName->size = NvNameSize;\r |
b3548d32 | 264 | \r |
c1d93242 JY |
265 | return EFI_SUCCESS;\r |
266 | }\r | |
267 | \r | |
268 | /**\r | |
269 | This command defines the attributes of an NV Index and causes the TPM to\r | |
270 | reserve space to hold the data associated with the index.\r | |
271 | If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r | |
272 | \r | |
273 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
274 | @param[in] AuthSession Auth Session context\r | |
275 | @param[in] Auth The authorization data.\r | |
276 | @param[in] NvPublic The public area of the index.\r | |
b3548d32 | 277 | \r |
c1d93242 JY |
278 | @retval EFI_SUCCESS Operation completed successfully.\r |
279 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
280 | @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r | |
281 | **/\r | |
282 | EFI_STATUS\r | |
283 | EFIAPI\r | |
284 | Tpm2NvDefineSpace (\r | |
c411b485 MK |
285 | IN TPMI_RH_PROVISION AuthHandle,\r |
286 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r | |
287 | IN TPM2B_AUTH *Auth,\r | |
288 | IN TPM2B_NV_PUBLIC *NvPublic\r | |
c1d93242 JY |
289 | )\r |
290 | {\r | |
c411b485 MK |
291 | EFI_STATUS Status;\r |
292 | TPM2_NV_DEFINESPACE_COMMAND SendBuffer;\r | |
293 | TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;\r | |
294 | UINT32 SendBufferSize;\r | |
295 | UINT32 RecvBufferSize;\r | |
296 | UINT16 NvPublicSize;\r | |
297 | UINT8 *Buffer;\r | |
298 | UINT32 SessionInfoSize;\r | |
299 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
300 | \r |
301 | //\r | |
302 | // Construct command\r | |
303 | //\r | |
c411b485 MK |
304 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
305 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_DefineSpace);\r | |
306 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c1d93242 JY |
307 | \r |
308 | //\r | |
309 | // Add in Auth session\r | |
310 | //\r | |
311 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
312 | \r | |
313 | // sessionInfoSize\r | |
c411b485 MK |
314 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
315 | Buffer += SessionInfoSize;\r | |
316 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 JY |
317 | \r |
318 | //\r | |
319 | // IndexAuth\r | |
320 | //\r | |
c411b485 MK |
321 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Auth->size));\r |
322 | Buffer += sizeof (UINT16);\r | |
323 | CopyMem (Buffer, Auth->buffer, Auth->size);\r | |
c1d93242 JY |
324 | Buffer += Auth->size;\r |
325 | \r | |
326 | //\r | |
327 | // NvPublic\r | |
328 | //\r | |
329 | NvPublicSize = NvPublic->size;\r | |
330 | \r | |
331 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));\r | |
c411b485 | 332 | Buffer += sizeof (UINT16);\r |
c1d93242 | 333 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));\r |
c411b485 | 334 | Buffer += sizeof (UINT32);\r |
c1d93242 | 335 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));\r |
c411b485 | 336 | Buffer += sizeof (UINT16);\r |
c1d93242 | 337 | WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r |
c411b485 | 338 | Buffer += sizeof (UINT32);\r |
c1d93242 | 339 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));\r |
c411b485 | 340 | Buffer += sizeof (UINT16);\r |
c1d93242 JY |
341 | CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);\r |
342 | Buffer += NvPublic->nvPublic.authPolicy.size;\r | |
343 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));\r | |
c411b485 | 344 | Buffer += sizeof (UINT16);\r |
c1d93242 | 345 | \r |
c411b485 | 346 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
347 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
348 | \r | |
349 | //\r | |
350 | // send Tpm command\r | |
351 | //\r | |
352 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 353 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 354 | if (EFI_ERROR (Status)) {\r |
7ae130da | 355 | goto Done;\r |
c1d93242 JY |
356 | }\r |
357 | \r | |
358 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 359 | DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
360 | Status = EFI_DEVICE_ERROR;\r |
361 | goto Done;\r | |
c1d93242 JY |
362 | }\r |
363 | \r | |
c411b485 | 364 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r |
c1d93242 | 365 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
c411b485 | 366 | DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r |
c1d93242 | 367 | }\r |
c411b485 | 368 | \r |
c1d93242 | 369 | switch (ResponseCode) {\r |
c411b485 MK |
370 | case TPM_RC_SUCCESS:\r |
371 | // return data\r | |
372 | break;\r | |
373 | case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo:\r | |
374 | case TPM_RC_SIZE + RC_NV_DefineSpace_auth:\r | |
375 | Status = EFI_BAD_BUFFER_SIZE;\r | |
376 | break;\r | |
377 | case TPM_RC_ATTRIBUTES:\r | |
378 | case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo:\r | |
379 | Status = EFI_UNSUPPORTED;\r | |
380 | break;\r | |
381 | case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle:\r | |
382 | Status = EFI_INVALID_PARAMETER;\r | |
383 | break;\r | |
384 | case TPM_RC_NV_DEFINED:\r | |
385 | Status = EFI_ALREADY_STARTED;\r | |
386 | break;\r | |
387 | case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo:\r | |
388 | case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle:\r | |
389 | Status = EFI_INVALID_PARAMETER;\r | |
390 | break;\r | |
391 | case TPM_RC_NV_SPACE:\r | |
392 | Status = EFI_OUT_OF_RESOURCES;\r | |
393 | break;\r | |
394 | default:\r | |
395 | Status = EFI_DEVICE_ERROR;\r | |
396 | break;\r | |
c1d93242 | 397 | }\r |
7ae130da JY |
398 | \r |
399 | Done:\r | |
400 | //\r | |
401 | // Clear AuthSession Content\r | |
402 | //\r | |
c411b485 MK |
403 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
404 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 405 | return Status;\r |
c1d93242 JY |
406 | }\r |
407 | \r | |
408 | /**\r | |
409 | This command removes an index from the TPM.\r | |
410 | \r | |
411 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
412 | @param[in] NvIndex The NV Index.\r | |
413 | @param[in] AuthSession Auth Session context\r | |
b3548d32 | 414 | \r |
c1d93242 JY |
415 | @retval EFI_SUCCESS Operation completed successfully.\r |
416 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
417 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
418 | **/\r | |
419 | EFI_STATUS\r | |
420 | EFIAPI\r | |
421 | Tpm2NvUndefineSpace (\r | |
c411b485 MK |
422 | IN TPMI_RH_PROVISION AuthHandle,\r |
423 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
424 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
c1d93242 JY |
425 | )\r |
426 | {\r | |
c411b485 MK |
427 | EFI_STATUS Status;\r |
428 | TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer;\r | |
429 | TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer;\r | |
430 | UINT32 SendBufferSize;\r | |
431 | UINT32 RecvBufferSize;\r | |
432 | UINT8 *Buffer;\r | |
433 | UINT32 SessionInfoSize;\r | |
434 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
435 | \r |
436 | //\r | |
437 | // Construct command\r | |
438 | //\r | |
c411b485 MK |
439 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
440 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_UndefineSpace);\r | |
c1d93242 JY |
441 | \r |
442 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c411b485 | 443 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r |
c1d93242 JY |
444 | \r |
445 | //\r | |
446 | // Add in Auth session\r | |
447 | //\r | |
448 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
449 | \r | |
450 | // sessionInfoSize\r | |
c411b485 MK |
451 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
452 | Buffer += SessionInfoSize;\r | |
453 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 454 | \r |
c411b485 | 455 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
456 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
457 | \r | |
458 | //\r | |
459 | // send Tpm command\r | |
460 | //\r | |
461 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 462 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 463 | if (EFI_ERROR (Status)) {\r |
7ae130da | 464 | goto Done;\r |
c1d93242 JY |
465 | }\r |
466 | \r | |
467 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 468 | DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
469 | Status = EFI_DEVICE_ERROR;\r |
470 | goto Done;\r | |
c1d93242 JY |
471 | }\r |
472 | \r | |
c411b485 | 473 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r |
c1d93242 | 474 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
c411b485 | 475 | DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r |
c1d93242 | 476 | }\r |
c411b485 | 477 | \r |
c1d93242 | 478 | switch (ResponseCode) {\r |
c411b485 MK |
479 | case TPM_RC_SUCCESS:\r |
480 | // return data\r | |
481 | break;\r | |
482 | case TPM_RC_ATTRIBUTES:\r | |
483 | case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex:\r | |
484 | Status = EFI_UNSUPPORTED;\r | |
485 | break;\r | |
486 | case TPM_RC_NV_AUTHORIZATION:\r | |
487 | Status = EFI_SECURITY_VIOLATION;\r | |
488 | break;\r | |
489 | case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED:\r | |
490 | Status = EFI_NOT_FOUND;\r | |
491 | break;\r | |
492 | case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED:\r | |
493 | Status = EFI_INVALID_PARAMETER;\r | |
494 | break;\r | |
495 | case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle:\r | |
496 | case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:\r | |
497 | Status = EFI_INVALID_PARAMETER;\r | |
498 | break;\r | |
499 | default:\r | |
500 | Status = EFI_DEVICE_ERROR;\r | |
501 | break;\r | |
c1d93242 JY |
502 | }\r |
503 | \r | |
7ae130da JY |
504 | Done:\r |
505 | //\r | |
506 | // Clear AuthSession Content\r | |
507 | //\r | |
c411b485 MK |
508 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
509 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 510 | return Status;\r |
c1d93242 JY |
511 | }\r |
512 | \r | |
513 | /**\r | |
514 | This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r | |
515 | \r | |
516 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
517 | @param[in] NvIndex The index to be read.\r | |
518 | @param[in] AuthSession Auth Session context\r | |
519 | @param[in] Size Number of bytes to read.\r | |
520 | @param[in] Offset Byte offset into the area.\r | |
521 | @param[in,out] OutData The data read.\r | |
b3548d32 | 522 | \r |
c1d93242 JY |
523 | @retval EFI_SUCCESS Operation completed successfully.\r |
524 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
525 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
526 | **/\r | |
527 | EFI_STATUS\r | |
528 | EFIAPI\r | |
529 | Tpm2NvRead (\r | |
c411b485 MK |
530 | IN TPMI_RH_NV_AUTH AuthHandle,\r |
531 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
532 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r | |
533 | IN UINT16 Size,\r | |
534 | IN UINT16 Offset,\r | |
535 | IN OUT TPM2B_MAX_BUFFER *OutData\r | |
c1d93242 JY |
536 | )\r |
537 | {\r | |
c411b485 MK |
538 | EFI_STATUS Status;\r |
539 | TPM2_NV_READ_COMMAND SendBuffer;\r | |
540 | TPM2_NV_READ_RESPONSE RecvBuffer;\r | |
541 | UINT32 SendBufferSize;\r | |
542 | UINT32 RecvBufferSize;\r | |
543 | UINT8 *Buffer;\r | |
544 | UINT32 SessionInfoSize;\r | |
545 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
546 | \r |
547 | //\r | |
548 | // Construct command\r | |
549 | //\r | |
c411b485 MK |
550 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
551 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Read);\r | |
c1d93242 JY |
552 | \r |
553 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c411b485 | 554 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r |
c1d93242 JY |
555 | \r |
556 | //\r | |
557 | // Add in Auth session\r | |
558 | //\r | |
559 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
560 | \r | |
561 | // sessionInfoSize\r | |
c411b485 MK |
562 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
563 | Buffer += SessionInfoSize;\r | |
564 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 JY |
565 | \r |
566 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));\r | |
c411b485 | 567 | Buffer += sizeof (UINT16);\r |
c1d93242 | 568 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r |
c411b485 | 569 | Buffer += sizeof (UINT16);\r |
c1d93242 | 570 | \r |
c411b485 | 571 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
572 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
573 | \r | |
574 | //\r | |
575 | // send Tpm command\r | |
576 | //\r | |
577 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 578 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 579 | if (EFI_ERROR (Status)) {\r |
7ae130da | 580 | goto Done;\r |
c1d93242 JY |
581 | }\r |
582 | \r | |
583 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 584 | DEBUG ((DEBUG_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
585 | Status = EFI_DEVICE_ERROR;\r |
586 | goto Done;\r | |
c1d93242 | 587 | }\r |
c411b485 MK |
588 | \r |
589 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r | |
c1d93242 | 590 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
e905fbb0 | 591 | DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));\r |
c1d93242 | 592 | }\r |
c411b485 | 593 | \r |
c1d93242 | 594 | switch (ResponseCode) {\r |
c411b485 MK |
595 | case TPM_RC_SUCCESS:\r |
596 | // return data\r | |
597 | break;\r | |
598 | case TPM_RC_NV_AUTHORIZATION:\r | |
599 | Status = EFI_SECURITY_VIOLATION;\r | |
600 | break;\r | |
601 | case TPM_RC_NV_LOCKED:\r | |
602 | Status = EFI_ACCESS_DENIED;\r | |
603 | break;\r | |
604 | case TPM_RC_NV_RANGE:\r | |
605 | Status = EFI_BAD_BUFFER_SIZE;\r | |
606 | break;\r | |
607 | case TPM_RC_NV_UNINITIALIZED:\r | |
608 | Status = EFI_NOT_READY;\r | |
609 | break;\r | |
610 | case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED:\r | |
611 | Status = EFI_NOT_FOUND;\r | |
612 | break;\r | |
613 | case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED:\r | |
614 | Status = EFI_INVALID_PARAMETER;\r | |
615 | break;\r | |
616 | case TPM_RC_VALUE + RC_NV_Read_nvIndex:\r | |
617 | case TPM_RC_VALUE + RC_NV_Read_authHandle:\r | |
618 | Status = EFI_INVALID_PARAMETER;\r | |
619 | break;\r | |
620 | case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S:\r | |
621 | Status = EFI_INVALID_PARAMETER;\r | |
622 | break;\r | |
623 | case TPM_RC_AUTH_UNAVAILABLE:\r | |
624 | Status = EFI_INVALID_PARAMETER;\r | |
625 | break;\r | |
626 | case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S:\r | |
627 | Status = EFI_INVALID_PARAMETER;\r | |
628 | break;\r | |
629 | case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S:\r | |
630 | Status = EFI_UNSUPPORTED;\r | |
631 | break;\r | |
632 | default:\r | |
633 | Status = EFI_DEVICE_ERROR;\r | |
634 | break;\r | |
7ae130da | 635 | }\r |
c411b485 | 636 | \r |
7ae130da JY |
637 | if (Status != EFI_SUCCESS) {\r |
638 | goto Done;\r | |
c1d93242 JY |
639 | }\r |
640 | \r | |
641 | //\r | |
642 | // Return the response\r | |
643 | //\r | |
644 | OutData->size = SwapBytes16 (RecvBuffer.Data.size);\r | |
dd577319 ZC |
645 | if (OutData->size > MAX_DIGEST_BUFFER) {\r |
646 | DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size));\r | |
647 | Status = EFI_DEVICE_ERROR;\r | |
648 | goto Done;\r | |
649 | }\r | |
650 | \r | |
c1d93242 | 651 | CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);\r |
b3548d32 | 652 | \r |
7ae130da JY |
653 | Done:\r |
654 | //\r | |
655 | // Clear AuthSession Content\r | |
656 | //\r | |
c411b485 MK |
657 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
658 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 659 | return Status;\r |
c1d93242 JY |
660 | }\r |
661 | \r | |
662 | /**\r | |
663 | This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r | |
664 | \r | |
665 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
666 | @param[in] NvIndex The NV Index of the area to write.\r | |
667 | @param[in] AuthSession Auth Session context\r | |
668 | @param[in] InData The data to write.\r | |
669 | @param[in] Offset The offset into the NV Area.\r | |
b3548d32 | 670 | \r |
c1d93242 JY |
671 | @retval EFI_SUCCESS Operation completed successfully.\r |
672 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
673 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
674 | **/\r | |
675 | EFI_STATUS\r | |
676 | EFIAPI\r | |
677 | Tpm2NvWrite (\r | |
c411b485 MK |
678 | IN TPMI_RH_NV_AUTH AuthHandle,\r |
679 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
680 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,\r | |
681 | IN TPM2B_MAX_BUFFER *InData,\r | |
682 | IN UINT16 Offset\r | |
c1d93242 JY |
683 | )\r |
684 | {\r | |
c411b485 MK |
685 | EFI_STATUS Status;\r |
686 | TPM2_NV_WRITE_COMMAND SendBuffer;\r | |
687 | TPM2_NV_WRITE_RESPONSE RecvBuffer;\r | |
688 | UINT32 SendBufferSize;\r | |
689 | UINT32 RecvBufferSize;\r | |
690 | UINT8 *Buffer;\r | |
691 | UINT32 SessionInfoSize;\r | |
692 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
693 | \r |
694 | //\r | |
695 | // Construct command\r | |
696 | //\r | |
c411b485 MK |
697 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
698 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_Write);\r | |
c1d93242 JY |
699 | \r |
700 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c411b485 | 701 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r |
c1d93242 JY |
702 | \r |
703 | //\r | |
704 | // Add in Auth session\r | |
705 | //\r | |
706 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
707 | \r | |
708 | // sessionInfoSize\r | |
c411b485 MK |
709 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
710 | Buffer += SessionInfoSize;\r | |
711 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 JY |
712 | \r |
713 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));\r | |
c411b485 | 714 | Buffer += sizeof (UINT16);\r |
c1d93242 JY |
715 | CopyMem (Buffer, InData->buffer, InData->size);\r |
716 | Buffer += InData->size;\r | |
717 | WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r | |
c411b485 | 718 | Buffer += sizeof (UINT16);\r |
c1d93242 | 719 | \r |
c411b485 | 720 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
721 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
722 | \r | |
723 | //\r | |
724 | // send Tpm command\r | |
725 | //\r | |
726 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 727 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 728 | if (EFI_ERROR (Status)) {\r |
7ae130da | 729 | goto Done;\r |
c1d93242 JY |
730 | }\r |
731 | \r | |
732 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 733 | DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
734 | Status = EFI_DEVICE_ERROR;\r |
735 | goto Done;\r | |
c1d93242 | 736 | }\r |
c411b485 MK |
737 | \r |
738 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r | |
c1d93242 | 739 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
e905fbb0 | 740 | DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));\r |
c1d93242 | 741 | }\r |
c411b485 | 742 | \r |
c1d93242 | 743 | switch (ResponseCode) {\r |
c411b485 MK |
744 | case TPM_RC_SUCCESS:\r |
745 | // return data\r | |
746 | break;\r | |
747 | case TPM_RC_ATTRIBUTES:\r | |
748 | Status = EFI_UNSUPPORTED;\r | |
749 | break;\r | |
750 | case TPM_RC_NV_AUTHORIZATION:\r | |
751 | Status = EFI_SECURITY_VIOLATION;\r | |
752 | break;\r | |
753 | case TPM_RC_NV_LOCKED:\r | |
754 | Status = EFI_ACCESS_DENIED;\r | |
755 | break;\r | |
756 | case TPM_RC_NV_RANGE:\r | |
757 | Status = EFI_BAD_BUFFER_SIZE;\r | |
758 | break;\r | |
759 | case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED:\r | |
760 | Status = EFI_NOT_FOUND;\r | |
761 | break;\r | |
762 | case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED:\r | |
763 | Status = EFI_INVALID_PARAMETER;\r | |
764 | break;\r | |
765 | case TPM_RC_VALUE + RC_NV_Write_nvIndex:\r | |
766 | case TPM_RC_VALUE + RC_NV_Write_authHandle:\r | |
767 | Status = EFI_INVALID_PARAMETER;\r | |
768 | break;\r | |
769 | case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S:\r | |
770 | Status = EFI_INVALID_PARAMETER;\r | |
771 | break;\r | |
772 | case TPM_RC_AUTH_UNAVAILABLE:\r | |
773 | Status = EFI_INVALID_PARAMETER;\r | |
774 | break;\r | |
775 | case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S:\r | |
776 | Status = EFI_INVALID_PARAMETER;\r | |
777 | break;\r | |
778 | case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S:\r | |
779 | Status = EFI_UNSUPPORTED;\r | |
780 | break;\r | |
781 | default:\r | |
782 | Status = EFI_DEVICE_ERROR;\r | |
783 | break;\r | |
c1d93242 | 784 | }\r |
7ae130da JY |
785 | \r |
786 | Done:\r | |
787 | //\r | |
788 | // Clear AuthSession Content\r | |
789 | //\r | |
c411b485 MK |
790 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
791 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 792 | return Status;\r |
c1d93242 JY |
793 | }\r |
794 | \r | |
795 | /**\r | |
796 | This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r | |
797 | \r | |
798 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
799 | @param[in] NvIndex The NV Index of the area to lock.\r | |
800 | @param[in] AuthSession Auth Session context\r | |
801 | \r | |
802 | @retval EFI_SUCCESS Operation completed successfully.\r | |
803 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
804 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
805 | **/\r | |
806 | EFI_STATUS\r | |
807 | EFIAPI\r | |
808 | Tpm2NvReadLock (\r | |
c411b485 MK |
809 | IN TPMI_RH_NV_AUTH AuthHandle,\r |
810 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
811 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
c1d93242 JY |
812 | )\r |
813 | {\r | |
c411b485 MK |
814 | EFI_STATUS Status;\r |
815 | TPM2_NV_READLOCK_COMMAND SendBuffer;\r | |
816 | TPM2_NV_READLOCK_RESPONSE RecvBuffer;\r | |
817 | UINT32 SendBufferSize;\r | |
818 | UINT32 RecvBufferSize;\r | |
819 | UINT8 *Buffer;\r | |
820 | UINT32 SessionInfoSize;\r | |
821 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
822 | \r |
823 | //\r | |
824 | // Construct command\r | |
825 | //\r | |
c411b485 MK |
826 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
827 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_ReadLock);\r | |
c1d93242 JY |
828 | \r |
829 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c411b485 | 830 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r |
c1d93242 JY |
831 | \r |
832 | //\r | |
833 | // Add in Auth session\r | |
834 | //\r | |
835 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
836 | \r | |
837 | // sessionInfoSize\r | |
c411b485 MK |
838 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
839 | Buffer += SessionInfoSize;\r | |
840 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 841 | \r |
c411b485 | 842 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
843 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
844 | \r | |
845 | //\r | |
846 | // send Tpm command\r | |
847 | //\r | |
848 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 849 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 850 | if (EFI_ERROR (Status)) {\r |
7ae130da | 851 | goto Done;\r |
c1d93242 JY |
852 | }\r |
853 | \r | |
854 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 855 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
856 | Status = EFI_DEVICE_ERROR;\r |
857 | goto Done;\r | |
c1d93242 JY |
858 | }\r |
859 | \r | |
c411b485 | 860 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r |
c1d93242 | 861 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
c411b485 | 862 | DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r |
c1d93242 | 863 | }\r |
c411b485 | 864 | \r |
c1d93242 | 865 | switch (ResponseCode) {\r |
c411b485 MK |
866 | case TPM_RC_SUCCESS:\r |
867 | // return data\r | |
868 | break;\r | |
869 | default:\r | |
870 | Status = EFI_DEVICE_ERROR;\r | |
871 | break;\r | |
c1d93242 JY |
872 | }\r |
873 | \r | |
7ae130da JY |
874 | Done:\r |
875 | //\r | |
876 | // Clear AuthSession Content\r | |
877 | //\r | |
c411b485 MK |
878 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
879 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 880 | return Status;\r |
c1d93242 JY |
881 | }\r |
882 | \r | |
883 | /**\r | |
884 | This command may be used to inhibit further writes of the Index.\r | |
885 | \r | |
886 | @param[in] AuthHandle the handle indicating the source of the authorization value.\r | |
887 | @param[in] NvIndex The NV Index of the area to lock.\r | |
888 | @param[in] AuthSession Auth Session context\r | |
889 | \r | |
890 | @retval EFI_SUCCESS Operation completed successfully.\r | |
891 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
892 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
893 | **/\r | |
894 | EFI_STATUS\r | |
895 | EFIAPI\r | |
896 | Tpm2NvWriteLock (\r | |
c411b485 MK |
897 | IN TPMI_RH_NV_AUTH AuthHandle,\r |
898 | IN TPMI_RH_NV_INDEX NvIndex,\r | |
899 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
c1d93242 JY |
900 | )\r |
901 | {\r | |
c411b485 MK |
902 | EFI_STATUS Status;\r |
903 | TPM2_NV_WRITELOCK_COMMAND SendBuffer;\r | |
904 | TPM2_NV_WRITELOCK_RESPONSE RecvBuffer;\r | |
905 | UINT32 SendBufferSize;\r | |
906 | UINT32 RecvBufferSize;\r | |
907 | UINT8 *Buffer;\r | |
908 | UINT32 SessionInfoSize;\r | |
909 | TPM_RC ResponseCode;\r | |
c1d93242 JY |
910 | \r |
911 | //\r | |
912 | // Construct command\r | |
913 | //\r | |
c411b485 MK |
914 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
915 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_WriteLock);\r | |
c1d93242 JY |
916 | \r |
917 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
c411b485 | 918 | SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r |
c1d93242 JY |
919 | \r |
920 | //\r | |
921 | // Add in Auth session\r | |
922 | //\r | |
923 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
924 | \r | |
925 | // sessionInfoSize\r | |
c411b485 MK |
926 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
927 | Buffer += SessionInfoSize;\r | |
928 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 929 | \r |
c411b485 | 930 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
931 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
932 | \r | |
933 | //\r | |
934 | // send Tpm command\r | |
935 | //\r | |
936 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 937 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 938 | if (EFI_ERROR (Status)) {\r |
7ae130da | 939 | goto Done;\r |
c1d93242 JY |
940 | }\r |
941 | \r | |
942 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 943 | DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
944 | Status = EFI_DEVICE_ERROR;\r |
945 | goto Done;\r | |
c1d93242 JY |
946 | }\r |
947 | \r | |
c411b485 | 948 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r |
c1d93242 | 949 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
c411b485 | 950 | DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r |
c1d93242 | 951 | }\r |
c411b485 | 952 | \r |
c1d93242 | 953 | switch (ResponseCode) {\r |
c411b485 MK |
954 | case TPM_RC_SUCCESS:\r |
955 | // return data\r | |
956 | break;\r | |
957 | default:\r | |
958 | Status = EFI_DEVICE_ERROR;\r | |
959 | break;\r | |
c1d93242 JY |
960 | }\r |
961 | \r | |
7ae130da JY |
962 | Done:\r |
963 | //\r | |
964 | // Clear AuthSession Content\r | |
965 | //\r | |
c411b485 MK |
966 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
967 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 968 | return Status;\r |
c1d93242 JY |
969 | }\r |
970 | \r | |
971 | /**\r | |
972 | The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r | |
973 | \r | |
974 | @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r | |
975 | @param[in] AuthSession Auth Session context\r | |
976 | \r | |
977 | @retval EFI_SUCCESS Operation completed successfully.\r | |
978 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
979 | @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r | |
980 | **/\r | |
981 | EFI_STATUS\r | |
982 | EFIAPI\r | |
983 | Tpm2NvGlobalWriteLock (\r | |
c411b485 MK |
984 | IN TPMI_RH_PROVISION AuthHandle,\r |
985 | IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r | |
c1d93242 JY |
986 | )\r |
987 | {\r | |
988 | EFI_STATUS Status;\r | |
989 | TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer;\r | |
990 | TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer;\r | |
991 | UINT32 SendBufferSize;\r | |
992 | UINT32 RecvBufferSize;\r | |
993 | UINT8 *Buffer;\r | |
994 | UINT32 SessionInfoSize;\r | |
995 | TPM_RC ResponseCode;\r | |
996 | \r | |
997 | //\r | |
998 | // Construct command\r | |
999 | //\r | |
c411b485 MK |
1000 | SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);\r |
1001 | SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_NV_GlobalWriteLock);\r | |
c1d93242 JY |
1002 | \r |
1003 | SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r | |
1004 | \r | |
1005 | //\r | |
1006 | // Add in Auth session\r | |
1007 | //\r | |
1008 | Buffer = (UINT8 *)&SendBuffer.AuthSession;\r | |
1009 | \r | |
1010 | // sessionInfoSize\r | |
c411b485 MK |
1011 | SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r |
1012 | Buffer += SessionInfoSize;\r | |
1013 | SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);\r | |
c1d93242 | 1014 | \r |
c411b485 | 1015 | SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r |
c1d93242 JY |
1016 | SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r |
1017 | \r | |
1018 | //\r | |
1019 | // send Tpm command\r | |
1020 | //\r | |
1021 | RecvBufferSize = sizeof (RecvBuffer);\r | |
c411b485 | 1022 | Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r |
c1d93242 | 1023 | if (EFI_ERROR (Status)) {\r |
7ae130da | 1024 | goto Done;\r |
c1d93242 JY |
1025 | }\r |
1026 | \r | |
1027 | if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r | |
e905fbb0 | 1028 | DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r |
7ae130da JY |
1029 | Status = EFI_DEVICE_ERROR;\r |
1030 | goto Done;\r | |
c1d93242 JY |
1031 | }\r |
1032 | \r | |
c411b485 | 1033 | ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);\r |
c1d93242 | 1034 | if (ResponseCode != TPM_RC_SUCCESS) {\r |
c411b485 | 1035 | DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));\r |
c1d93242 | 1036 | }\r |
c411b485 | 1037 | \r |
c1d93242 | 1038 | switch (ResponseCode) {\r |
c411b485 MK |
1039 | case TPM_RC_SUCCESS:\r |
1040 | // return data\r | |
1041 | break;\r | |
1042 | default:\r | |
1043 | Status = EFI_DEVICE_ERROR;\r | |
1044 | break;\r | |
c1d93242 JY |
1045 | }\r |
1046 | \r | |
7ae130da JY |
1047 | Done:\r |
1048 | //\r | |
1049 | // Clear AuthSession Content\r | |
1050 | //\r | |
c411b485 MK |
1051 | ZeroMem (&SendBuffer, sizeof (SendBuffer));\r |
1052 | ZeroMem (&RecvBuffer, sizeof (RecvBuffer));\r | |
7ae130da | 1053 | return Status;\r |
c1d93242 | 1054 | }\r |