]> git.proxmox.com Git - mirror_edk2.git/blame_incremental - SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
projects / mirror_edk2.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
SecurityPkg Tpm2DeviceLibDTpm: Update enum type name to match the one in lib
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2NVStorage.c
... / ...
CommitLineData
1/** @file\r
2 Implement TPM2 NVStorage related command.\r
3\r
4Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <IndustryStandard/UefiTcgPlatform.h>\r
16#include <Library/Tpm2CommandLib.h>\r
17#include <Library/Tpm2DeviceLib.h>\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21\r
22#pragma pack(1)\r
23\r
24#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)\r
25\r
26#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
27#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)\r
28#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)\r
29\r
30#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)\r
31#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)\r
32\r
33#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)\r
34#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)\r
35#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)\r
36#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)\r
37\r
38#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)\r
39#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)\r
40#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)\r
41#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)\r
42\r
43typedef struct {\r
44 TPM2_COMMAND_HEADER Header;\r
45 TPMI_RH_NV_INDEX NvIndex;\r
46} TPM2_NV_READPUBLIC_COMMAND;\r
47\r
48typedef struct {\r
49 TPM2_RESPONSE_HEADER Header;\r
50 TPM2B_NV_PUBLIC NvPublic;\r
51 TPM2B_NAME NvName;\r
52} TPM2_NV_READPUBLIC_RESPONSE;\r
53\r
54typedef struct {\r
55 TPM2_COMMAND_HEADER Header;\r
56 TPMI_RH_PROVISION AuthHandle;\r
57 UINT32 AuthSessionSize;\r
58 TPMS_AUTH_COMMAND AuthSession;\r
59 TPM2B_AUTH Auth;\r
60 TPM2B_NV_PUBLIC NvPublic;\r
61} TPM2_NV_DEFINESPACE_COMMAND;\r
62\r
63typedef struct {\r
64 TPM2_RESPONSE_HEADER Header;\r
65 UINT32 AuthSessionSize;\r
66 TPMS_AUTH_RESPONSE AuthSession;\r
67} TPM2_NV_DEFINESPACE_RESPONSE;\r
68\r
69typedef struct {\r
70 TPM2_COMMAND_HEADER Header;\r
71 TPMI_RH_PROVISION AuthHandle;\r
72 TPMI_RH_NV_INDEX NvIndex;\r
73 UINT32 AuthSessionSize;\r
74 TPMS_AUTH_COMMAND AuthSession;\r
75} TPM2_NV_UNDEFINESPACE_COMMAND;\r
76\r
77typedef struct {\r
78 TPM2_RESPONSE_HEADER Header;\r
79 UINT32 AuthSessionSize;\r
80 TPMS_AUTH_RESPONSE AuthSession;\r
81} TPM2_NV_UNDEFINESPACE_RESPONSE;\r
82\r
83typedef struct {\r
84 TPM2_COMMAND_HEADER Header;\r
85 TPMI_RH_NV_AUTH AuthHandle;\r
86 TPMI_RH_NV_INDEX NvIndex;\r
87 UINT32 AuthSessionSize;\r
88 TPMS_AUTH_COMMAND AuthSession;\r
89 UINT16 Size;\r
90 UINT16 Offset;\r
91} TPM2_NV_READ_COMMAND;\r
92\r
93typedef struct {\r
94 TPM2_RESPONSE_HEADER Header;\r
95 UINT32 AuthSessionSize;\r
96 TPM2B_MAX_BUFFER Data;\r
97 TPMS_AUTH_RESPONSE AuthSession;\r
98} TPM2_NV_READ_RESPONSE;\r
99\r
100typedef struct {\r
101 TPM2_COMMAND_HEADER Header;\r
102 TPMI_RH_NV_AUTH AuthHandle;\r
103 TPMI_RH_NV_INDEX NvIndex;\r
104 UINT32 AuthSessionSize;\r
105 TPMS_AUTH_COMMAND AuthSession;\r
106 TPM2B_MAX_BUFFER Data;\r
107 UINT16 Offset;\r
108} TPM2_NV_WRITE_COMMAND;\r
109\r
110typedef struct {\r
111 TPM2_RESPONSE_HEADER Header;\r
112 UINT32 AuthSessionSize;\r
113 TPMS_AUTH_RESPONSE AuthSession;\r
114} TPM2_NV_WRITE_RESPONSE;\r
115\r
116typedef struct {\r
117 TPM2_COMMAND_HEADER Header;\r
118 TPMI_RH_NV_AUTH AuthHandle;\r
119 TPMI_RH_NV_INDEX NvIndex;\r
120 UINT32 AuthSessionSize;\r
121 TPMS_AUTH_COMMAND AuthSession;\r
122} TPM2_NV_READLOCK_COMMAND;\r
123\r
124typedef struct {\r
125 TPM2_RESPONSE_HEADER Header;\r
126 UINT32 AuthSessionSize;\r
127 TPMS_AUTH_RESPONSE AuthSession;\r
128} TPM2_NV_READLOCK_RESPONSE;\r
129\r
130typedef struct {\r
131 TPM2_COMMAND_HEADER Header;\r
132 TPMI_RH_NV_AUTH AuthHandle;\r
133 TPMI_RH_NV_INDEX NvIndex;\r
134 UINT32 AuthSessionSize;\r
135 TPMS_AUTH_COMMAND AuthSession;\r
136} TPM2_NV_WRITELOCK_COMMAND;\r
137\r
138typedef struct {\r
139 TPM2_RESPONSE_HEADER Header;\r
140 UINT32 AuthSessionSize;\r
141 TPMS_AUTH_RESPONSE AuthSession;\r
142} TPM2_NV_WRITELOCK_RESPONSE;\r
143\r
144typedef struct {\r
145 TPM2_COMMAND_HEADER Header;\r
146 TPMI_RH_PROVISION AuthHandle;\r
147 UINT32 AuthSessionSize;\r
148 TPMS_AUTH_COMMAND AuthSession;\r
149} TPM2_NV_GLOBALWRITELOCK_COMMAND;\r
150\r
151typedef struct {\r
152 TPM2_RESPONSE_HEADER Header;\r
153 UINT32 AuthSessionSize;\r
154 TPMS_AUTH_RESPONSE AuthSession;\r
155} TPM2_NV_GLOBALWRITELOCK_RESPONSE;\r
156\r
157#pragma pack()\r
158\r
159/**\r
160 This command is used to read the public area and Name of an NV Index.\r
161\r
162 @param[in] NvIndex The NV Index.\r
163 @param[out] NvPublic The public area of the index.\r
164 @param[out] NvName The Name of the nvIndex.\r
165 \r
166 @retval EFI_SUCCESS Operation completed successfully.\r
167 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
168 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
169**/\r
170EFI_STATUS\r
171EFIAPI\r
172Tpm2NvReadPublic (\r
173 IN TPMI_RH_NV_INDEX NvIndex,\r
174 OUT TPM2B_NV_PUBLIC *NvPublic,\r
175 OUT TPM2B_NAME *NvName\r
176 )\r
177{\r
178 EFI_STATUS Status;\r
179 TPM2_NV_READPUBLIC_COMMAND SendBuffer;\r
180 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer;\r
181 UINT32 SendBufferSize;\r
182 UINT32 RecvBufferSize;\r
183 UINT16 NvPublicSize;\r
184 UINT16 NvNameSize;\r
185 UINT8 *Buffer;\r
186 TPM_RC ResponseCode;\r
187\r
188 //\r
189 // Construct command\r
190 //\r
191 SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
192 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic);\r
193\r
194 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
195 \r
196 SendBufferSize = (UINT32) sizeof (SendBuffer);\r
197 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
198\r
199 //\r
200 // send Tpm command\r
201 //\r
202 RecvBufferSize = sizeof (RecvBuffer);\r
203 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
204 if (EFI_ERROR (Status)) {\r
205 return Status;\r
206 }\r
207\r
208 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
209 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
210 return EFI_DEVICE_ERROR;\r
211 }\r
212 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
213 if (ResponseCode != TPM_RC_SUCCESS) {\r
214 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
215 }\r
216 switch (ResponseCode) {\r
217 case TPM_RC_SUCCESS:\r
218 // return data\r
219 break;\r
220 case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED:\r
221 return EFI_NOT_FOUND;\r
222 case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex:\r
223 return EFI_INVALID_PARAMETER;\r
224 default:\r
225 return EFI_DEVICE_ERROR;\r
226 }\r
227\r
228 if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) {\r
229 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));\r
230 return EFI_NOT_FOUND;\r
231 }\r
232\r
233 //\r
234 // Basic check\r
235 //\r
236 NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size);\r
237 if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) {\r
238 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize));\r
239 return EFI_DEVICE_ERROR;\r
240 }\r
241\r
242 NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize)));\r
243 if (NvNameSize > sizeof(TPMU_NAME)){\r
244 DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize));\r
245 return EFI_DEVICE_ERROR;\r
246 }\r
247\r
248 if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) {\r
249 DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize));\r
250 return EFI_NOT_FOUND;\r
251 }\r
252\r
253 //\r
254 // Return the response\r
255 //\r
256 CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize);\r
257 NvPublic->size = NvPublicSize;\r
258 NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex);\r
259 NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);\r
260 WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
261 NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size);\r
262 Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy;\r
263 Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size;\r
264 NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));\r
265\r
266 CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);\r
267 NvName->size = NvNameSize;\r
268 \r
269 return EFI_SUCCESS;\r
270}\r
271\r
272/**\r
273 This command defines the attributes of an NV Index and causes the TPM to\r
274 reserve space to hold the data associated with the index.\r
275 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.\r
276\r
277 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
278 @param[in] AuthSession Auth Session context\r
279 @param[in] Auth The authorization data.\r
280 @param[in] NvPublic The public area of the index.\r
281 \r
282 @retval EFI_SUCCESS Operation completed successfully.\r
283 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
284 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.\r
285**/\r
286EFI_STATUS\r
287EFIAPI\r
288Tpm2NvDefineSpace (\r
289 IN TPMI_RH_PROVISION AuthHandle,\r
290 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
291 IN TPM2B_AUTH *Auth,\r
292 IN TPM2B_NV_PUBLIC *NvPublic\r
293 )\r
294{\r
295 EFI_STATUS Status;\r
296 TPM2_NV_DEFINESPACE_COMMAND SendBuffer;\r
297 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;\r
298 UINT32 SendBufferSize;\r
299 UINT32 RecvBufferSize;\r
300 UINT16 NvPublicSize;\r
301 UINT8 *Buffer;\r
302 UINT32 SessionInfoSize;\r
303 TPM_RC ResponseCode;\r
304\r
305 //\r
306 // Construct command\r
307 //\r
308 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
309 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);\r
310 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
311\r
312 //\r
313 // Add in Auth session\r
314 //\r
315 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
316\r
317 // sessionInfoSize\r
318 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
319 Buffer += SessionInfoSize;\r
320 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
321\r
322 //\r
323 // IndexAuth\r
324 //\r
325 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size));\r
326 Buffer += sizeof(UINT16);\r
327 CopyMem(Buffer, Auth->buffer, Auth->size);\r
328 Buffer += Auth->size;\r
329\r
330 //\r
331 // NvPublic\r
332 //\r
333 NvPublicSize = NvPublic->size;\r
334\r
335 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize));\r
336 Buffer += sizeof(UINT16);\r
337 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex));\r
338 Buffer += sizeof(UINT32);\r
339 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg));\r
340 Buffer += sizeof(UINT16);\r
341 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes)));\r
342 Buffer += sizeof(UINT32);\r
343 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size));\r
344 Buffer += sizeof(UINT16);\r
345 CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size);\r
346 Buffer += NvPublic->nvPublic.authPolicy.size;\r
347 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize));\r
348 Buffer += sizeof(UINT16);\r
349\r
350 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
351 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
352\r
353 //\r
354 // send Tpm command\r
355 //\r
356 RecvBufferSize = sizeof (RecvBuffer);\r
357 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
358 if (EFI_ERROR (Status)) {\r
359 goto Done;\r
360 }\r
361\r
362 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
363 DEBUG ((EFI_D_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
364 Status = EFI_DEVICE_ERROR;\r
365 goto Done;\r
366 }\r
367\r
368 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
369 if (ResponseCode != TPM_RC_SUCCESS) {\r
370 DEBUG ((EFI_D_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
371 }\r
372 switch (ResponseCode) {\r
373 case TPM_RC_SUCCESS:\r
374 // return data\r
375 break;\r
376 case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo:\r
377 case TPM_RC_SIZE + RC_NV_DefineSpace_auth:\r
378 Status = EFI_BAD_BUFFER_SIZE;\r
379 break;\r
380 case TPM_RC_ATTRIBUTES:\r
381 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo:\r
382 Status = EFI_UNSUPPORTED;\r
383 break;\r
384 case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle:\r
385 Status = EFI_INVALID_PARAMETER;\r
386 break;\r
387 case TPM_RC_NV_DEFINED:\r
388 Status = EFI_ALREADY_STARTED;\r
389 break;\r
390 case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo:\r
391 case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle:\r
392 Status = EFI_INVALID_PARAMETER;\r
393 break;\r
394 case TPM_RC_NV_SPACE:\r
395 Status = EFI_OUT_OF_RESOURCES;\r
396 break;\r
397 default:\r
398 Status = EFI_DEVICE_ERROR;\r
399 break;\r
400 }\r
401\r
402Done:\r
403 //\r
404 // Clear AuthSession Content\r
405 //\r
406 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
407 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
408 return Status;\r
409}\r
410\r
411/**\r
412 This command removes an index from the TPM.\r
413\r
414 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
415 @param[in] NvIndex The NV Index.\r
416 @param[in] AuthSession Auth Session context\r
417 \r
418 @retval EFI_SUCCESS Operation completed successfully.\r
419 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
420 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
421**/\r
422EFI_STATUS\r
423EFIAPI\r
424Tpm2NvUndefineSpace (\r
425 IN TPMI_RH_PROVISION AuthHandle,\r
426 IN TPMI_RH_NV_INDEX NvIndex,\r
427 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
428 )\r
429{\r
430 EFI_STATUS Status;\r
431 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer;\r
432 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer;\r
433 UINT32 SendBufferSize;\r
434 UINT32 RecvBufferSize;\r
435 UINT8 *Buffer;\r
436 UINT32 SessionInfoSize;\r
437 TPM_RC ResponseCode;\r
438\r
439 //\r
440 // Construct command\r
441 //\r
442 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
443 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace);\r
444\r
445 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
446 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
447\r
448 //\r
449 // Add in Auth session\r
450 //\r
451 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
452\r
453 // sessionInfoSize\r
454 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
455 Buffer += SessionInfoSize;\r
456 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
457\r
458 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
459 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
460\r
461 //\r
462 // send Tpm command\r
463 //\r
464 RecvBufferSize = sizeof (RecvBuffer);\r
465 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
466 if (EFI_ERROR (Status)) {\r
467 goto Done;\r
468 }\r
469\r
470 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
471 DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize));\r
472 Status = EFI_DEVICE_ERROR;\r
473 goto Done;\r
474 }\r
475\r
476 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
477 if (ResponseCode != TPM_RC_SUCCESS) {\r
478 DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
479 }\r
480 switch (ResponseCode) {\r
481 case TPM_RC_SUCCESS:\r
482 // return data\r
483 break;\r
484 case TPM_RC_ATTRIBUTES:\r
485 case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex:\r
486 Status = EFI_UNSUPPORTED;\r
487 break;\r
488 case TPM_RC_NV_AUTHORIZATION:\r
489 Status = EFI_SECURITY_VIOLATION;\r
490 break;\r
491 case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED:\r
492 Status = EFI_NOT_FOUND;\r
493 break;\r
494 case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED:\r
495 Status = EFI_INVALID_PARAMETER;\r
496 break;\r
497 case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle:\r
498 case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:\r
499 Status = EFI_INVALID_PARAMETER;\r
500 break;\r
501 default:\r
502 Status = EFI_DEVICE_ERROR;\r
503 break;\r
504 }\r
505\r
506Done:\r
507 //\r
508 // Clear AuthSession Content\r
509 //\r
510 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
511 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
512 return Status;\r
513}\r
514\r
515/**\r
516 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().\r
517\r
518 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
519 @param[in] NvIndex The index to be read.\r
520 @param[in] AuthSession Auth Session context\r
521 @param[in] Size Number of bytes to read.\r
522 @param[in] Offset Byte offset into the area.\r
523 @param[in,out] OutData The data read.\r
524 \r
525 @retval EFI_SUCCESS Operation completed successfully.\r
526 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
527 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
528**/\r
529EFI_STATUS\r
530EFIAPI\r
531Tpm2NvRead (\r
532 IN TPMI_RH_NV_AUTH AuthHandle,\r
533 IN TPMI_RH_NV_INDEX NvIndex,\r
534 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
535 IN UINT16 Size,\r
536 IN UINT16 Offset,\r
537 IN OUT TPM2B_MAX_BUFFER *OutData\r
538 )\r
539{\r
540 EFI_STATUS Status;\r
541 TPM2_NV_READ_COMMAND SendBuffer;\r
542 TPM2_NV_READ_RESPONSE RecvBuffer;\r
543 UINT32 SendBufferSize;\r
544 UINT32 RecvBufferSize;\r
545 UINT8 *Buffer;\r
546 UINT32 SessionInfoSize;\r
547 TPM_RC ResponseCode;\r
548\r
549 //\r
550 // Construct command\r
551 //\r
552 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
553 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read);\r
554\r
555 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
556 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
557\r
558 //\r
559 // Add in Auth session\r
560 //\r
561 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
562\r
563 // sessionInfoSize\r
564 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
565 Buffer += SessionInfoSize;\r
566 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
567\r
568 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size));\r
569 Buffer += sizeof(UINT16);\r
570 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
571 Buffer += sizeof(UINT16);\r
572\r
573 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
574 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
575\r
576 //\r
577 // send Tpm command\r
578 //\r
579 RecvBufferSize = sizeof (RecvBuffer);\r
580 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
581 if (EFI_ERROR (Status)) {\r
582 goto Done;\r
583 }\r
584\r
585 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
586 DEBUG ((EFI_D_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize));\r
587 Status = EFI_DEVICE_ERROR;\r
588 goto Done;\r
589 }\r
590 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
591 if (ResponseCode != TPM_RC_SUCCESS) {\r
592 DEBUG ((EFI_D_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));\r
593 }\r
594 switch (ResponseCode) {\r
595 case TPM_RC_SUCCESS:\r
596 // return data\r
597 break;\r
598 case TPM_RC_NV_AUTHORIZATION:\r
599 Status = EFI_SECURITY_VIOLATION;\r
600 break;\r
601 case TPM_RC_NV_LOCKED:\r
602 Status = EFI_ACCESS_DENIED;\r
603 break;\r
604 case TPM_RC_NV_RANGE:\r
605 Status = EFI_BAD_BUFFER_SIZE;\r
606 break;\r
607 case TPM_RC_NV_UNINITIALIZED:\r
608 Status = EFI_NOT_READY;\r
609 break;\r
610 case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED:\r
611 Status = EFI_NOT_FOUND;\r
612 break;\r
613 case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED:\r
614 Status = EFI_INVALID_PARAMETER;\r
615 break;\r
616 case TPM_RC_VALUE + RC_NV_Read_nvIndex:\r
617 case TPM_RC_VALUE + RC_NV_Read_authHandle:\r
618 Status = EFI_INVALID_PARAMETER;\r
619 break;\r
620 case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S:\r
621 Status = EFI_INVALID_PARAMETER;\r
622 break;\r
623 case TPM_RC_AUTH_UNAVAILABLE:\r
624 Status = EFI_INVALID_PARAMETER;\r
625 break;\r
626 case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S:\r
627 Status = EFI_INVALID_PARAMETER;\r
628 break;\r
629 case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S:\r
630 Status = EFI_UNSUPPORTED;\r
631 break;\r
632 default:\r
633 Status = EFI_DEVICE_ERROR;\r
634 break;\r
635 }\r
636 if (Status != EFI_SUCCESS) {\r
637 goto Done;\r
638 }\r
639\r
640 //\r
641 // Return the response\r
642 //\r
643 OutData->size = SwapBytes16 (RecvBuffer.Data.size);\r
644 if (OutData->size > MAX_DIGEST_BUFFER) {\r
645 DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size));\r
646 Status = EFI_DEVICE_ERROR;\r
647 goto Done;\r
648 }\r
649\r
650 CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);\r
651 \r
652Done:\r
653 //\r
654 // Clear AuthSession Content\r
655 //\r
656 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
657 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
658 return Status;\r
659}\r
660\r
661/**\r
662 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().\r
663\r
664 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
665 @param[in] NvIndex The NV Index of the area to write.\r
666 @param[in] AuthSession Auth Session context\r
667 @param[in] InData The data to write.\r
668 @param[in] Offset The offset into the NV Area.\r
669 \r
670 @retval EFI_SUCCESS Operation completed successfully.\r
671 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
672 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
673**/\r
674EFI_STATUS\r
675EFIAPI\r
676Tpm2NvWrite (\r
677 IN TPMI_RH_NV_AUTH AuthHandle,\r
678 IN TPMI_RH_NV_INDEX NvIndex,\r
679 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
680 IN TPM2B_MAX_BUFFER *InData,\r
681 IN UINT16 Offset\r
682 )\r
683{\r
684 EFI_STATUS Status;\r
685 TPM2_NV_WRITE_COMMAND SendBuffer;\r
686 TPM2_NV_WRITE_RESPONSE RecvBuffer;\r
687 UINT32 SendBufferSize;\r
688 UINT32 RecvBufferSize;\r
689 UINT8 *Buffer;\r
690 UINT32 SessionInfoSize;\r
691 TPM_RC ResponseCode;\r
692\r
693 //\r
694 // Construct command\r
695 //\r
696 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
697 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write);\r
698\r
699 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
700 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
701\r
702 //\r
703 // Add in Auth session\r
704 //\r
705 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
706\r
707 // sessionInfoSize\r
708 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
709 Buffer += SessionInfoSize;\r
710 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
711\r
712 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size));\r
713 Buffer += sizeof(UINT16);\r
714 CopyMem (Buffer, InData->buffer, InData->size);\r
715 Buffer += InData->size;\r
716 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset));\r
717 Buffer += sizeof(UINT16);\r
718\r
719 SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer);\r
720 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
721\r
722 //\r
723 // send Tpm command\r
724 //\r
725 RecvBufferSize = sizeof (RecvBuffer);\r
726 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
727 if (EFI_ERROR (Status)) {\r
728 goto Done;\r
729 }\r
730\r
731 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
732 DEBUG ((EFI_D_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize));\r
733 Status = EFI_DEVICE_ERROR;\r
734 goto Done;\r
735 }\r
736 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
737 if (ResponseCode != TPM_RC_SUCCESS) {\r
738 DEBUG ((EFI_D_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));\r
739 }\r
740 switch (ResponseCode) {\r
741 case TPM_RC_SUCCESS:\r
742 // return data\r
743 break;\r
744 case TPM_RC_ATTRIBUTES:\r
745 Status = EFI_UNSUPPORTED;\r
746 break;\r
747 case TPM_RC_NV_AUTHORIZATION:\r
748 Status = EFI_SECURITY_VIOLATION;\r
749 break;\r
750 case TPM_RC_NV_LOCKED:\r
751 Status = EFI_ACCESS_DENIED;\r
752 break;\r
753 case TPM_RC_NV_RANGE:\r
754 Status = EFI_BAD_BUFFER_SIZE;\r
755 break;\r
756 case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED:\r
757 Status = EFI_NOT_FOUND;\r
758 break;\r
759 case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED:\r
760 Status = EFI_INVALID_PARAMETER;\r
761 break;\r
762 case TPM_RC_VALUE + RC_NV_Write_nvIndex:\r
763 case TPM_RC_VALUE + RC_NV_Write_authHandle:\r
764 Status = EFI_INVALID_PARAMETER;\r
765 break;\r
766 case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S:\r
767 Status = EFI_INVALID_PARAMETER;\r
768 break;\r
769 case TPM_RC_AUTH_UNAVAILABLE:\r
770 Status = EFI_INVALID_PARAMETER;\r
771 break;\r
772 case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S:\r
773 Status = EFI_INVALID_PARAMETER;\r
774 break;\r
775 case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S:\r
776 Status = EFI_UNSUPPORTED;\r
777 break;\r
778 default:\r
779 Status = EFI_DEVICE_ERROR;\r
780 break;\r
781 }\r
782\r
783Done:\r
784 //\r
785 // Clear AuthSession Content\r
786 //\r
787 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
788 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
789 return Status;\r
790}\r
791\r
792/**\r
793 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).\r
794\r
795 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
796 @param[in] NvIndex The NV Index of the area to lock.\r
797 @param[in] AuthSession Auth Session context\r
798\r
799 @retval EFI_SUCCESS Operation completed successfully.\r
800 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
801 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
802**/\r
803EFI_STATUS\r
804EFIAPI\r
805Tpm2NvReadLock (\r
806 IN TPMI_RH_NV_AUTH AuthHandle,\r
807 IN TPMI_RH_NV_INDEX NvIndex,\r
808 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
809 )\r
810{\r
811 EFI_STATUS Status;\r
812 TPM2_NV_READLOCK_COMMAND SendBuffer;\r
813 TPM2_NV_READLOCK_RESPONSE RecvBuffer;\r
814 UINT32 SendBufferSize;\r
815 UINT32 RecvBufferSize;\r
816 UINT8 *Buffer;\r
817 UINT32 SessionInfoSize;\r
818 TPM_RC ResponseCode;\r
819\r
820 //\r
821 // Construct command\r
822 //\r
823 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
824 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock);\r
825\r
826 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
827 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
828\r
829 //\r
830 // Add in Auth session\r
831 //\r
832 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
833\r
834 // sessionInfoSize\r
835 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
836 Buffer += SessionInfoSize;\r
837 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
838\r
839 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
840 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
841\r
842 //\r
843 // send Tpm command\r
844 //\r
845 RecvBufferSize = sizeof (RecvBuffer);\r
846 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
847 if (EFI_ERROR (Status)) {\r
848 goto Done;\r
849 }\r
850\r
851 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
852 DEBUG ((EFI_D_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
853 Status = EFI_DEVICE_ERROR;\r
854 goto Done;\r
855 }\r
856\r
857 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
858 if (ResponseCode != TPM_RC_SUCCESS) {\r
859 DEBUG ((EFI_D_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
860 }\r
861 switch (ResponseCode) {\r
862 case TPM_RC_SUCCESS:\r
863 // return data\r
864 break;\r
865 default:\r
866 Status = EFI_DEVICE_ERROR;\r
867 break;\r
868 }\r
869\r
870Done:\r
871 //\r
872 // Clear AuthSession Content\r
873 //\r
874 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
875 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
876 return Status;\r
877}\r
878\r
879/**\r
880 This command may be used to inhibit further writes of the Index.\r
881\r
882 @param[in] AuthHandle the handle indicating the source of the authorization value.\r
883 @param[in] NvIndex The NV Index of the area to lock.\r
884 @param[in] AuthSession Auth Session context\r
885\r
886 @retval EFI_SUCCESS Operation completed successfully.\r
887 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
888 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
889**/\r
890EFI_STATUS\r
891EFIAPI\r
892Tpm2NvWriteLock (\r
893 IN TPMI_RH_NV_AUTH AuthHandle,\r
894 IN TPMI_RH_NV_INDEX NvIndex,\r
895 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
896 )\r
897{\r
898 EFI_STATUS Status;\r
899 TPM2_NV_WRITELOCK_COMMAND SendBuffer;\r
900 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer;\r
901 UINT32 SendBufferSize;\r
902 UINT32 RecvBufferSize;\r
903 UINT8 *Buffer;\r
904 UINT32 SessionInfoSize;\r
905 TPM_RC ResponseCode;\r
906\r
907 //\r
908 // Construct command\r
909 //\r
910 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
911 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock);\r
912\r
913 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
914 SendBuffer.NvIndex = SwapBytes32 (NvIndex);\r
915\r
916 //\r
917 // Add in Auth session\r
918 //\r
919 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
920\r
921 // sessionInfoSize\r
922 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
923 Buffer += SessionInfoSize;\r
924 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
925\r
926 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
927 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
928\r
929 //\r
930 // send Tpm command\r
931 //\r
932 RecvBufferSize = sizeof (RecvBuffer);\r
933 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
934 if (EFI_ERROR (Status)) {\r
935 goto Done;\r
936 }\r
937\r
938 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
939 DEBUG ((EFI_D_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
940 Status = EFI_DEVICE_ERROR;\r
941 goto Done;\r
942 }\r
943\r
944 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
945 if (ResponseCode != TPM_RC_SUCCESS) {\r
946 DEBUG ((EFI_D_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
947 }\r
948 switch (ResponseCode) {\r
949 case TPM_RC_SUCCESS:\r
950 // return data\r
951 break;\r
952 default:\r
953 Status = EFI_DEVICE_ERROR;\r
954 break;\r
955 }\r
956\r
957Done:\r
958 //\r
959 // Clear AuthSession Content\r
960 //\r
961 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
962 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
963 return Status;\r
964}\r
965\r
966/**\r
967 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.\r
968\r
969 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.\r
970 @param[in] AuthSession Auth Session context\r
971\r
972 @retval EFI_SUCCESS Operation completed successfully.\r
973 @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
974 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.\r
975**/\r
976EFI_STATUS\r
977EFIAPI\r
978Tpm2NvGlobalWriteLock (\r
979 IN TPMI_RH_PROVISION AuthHandle,\r
980 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL\r
981 )\r
982{\r
983 EFI_STATUS Status;\r
984 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer;\r
985 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer;\r
986 UINT32 SendBufferSize;\r
987 UINT32 RecvBufferSize;\r
988 UINT8 *Buffer;\r
989 UINT32 SessionInfoSize;\r
990 TPM_RC ResponseCode;\r
991\r
992 //\r
993 // Construct command\r
994 //\r
995 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
996 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock);\r
997\r
998 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
999\r
1000 //\r
1001 // Add in Auth session\r
1002 //\r
1003 Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
1004\r
1005 // sessionInfoSize\r
1006 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
1007 Buffer += SessionInfoSize;\r
1008 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
1009\r
1010 SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);\r
1011 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
1012\r
1013 //\r
1014 // send Tpm command\r
1015 //\r
1016 RecvBufferSize = sizeof (RecvBuffer);\r
1017 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
1018 if (EFI_ERROR (Status)) {\r
1019 goto Done;\r
1020 }\r
1021\r
1022 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
1023 DEBUG ((EFI_D_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize));\r
1024 Status = EFI_DEVICE_ERROR;\r
1025 goto Done;\r
1026 }\r
1027\r
1028 ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);\r
1029 if (ResponseCode != TPM_RC_SUCCESS) {\r
1030 DEBUG ((EFI_D_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
1031 }\r
1032 switch (ResponseCode) {\r
1033 case TPM_RC_SUCCESS:\r
1034 // return data\r
1035 break;\r
1036 default:\r
1037 Status = EFI_DEVICE_ERROR;\r
1038 break;\r
1039 }\r
1040\r
1041Done:\r
1042 //\r
1043 // Clear AuthSession Content\r
1044 //\r
1045 ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
1046 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
1047 return Status;\r
1048}\r
EFI Development Kit II mirror for PVE