2 Implement TPM2 Hierarchy related command.
4 Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
25 TPM2_COMMAND_HEADER Header
;
26 TPMI_RH_HIERARCHY AuthHandle
;
27 UINT32 AuthSessionSize
;
28 TPMS_AUTH_COMMAND AuthSession
;
29 TPM2B_DIGEST AuthPolicy
;
30 TPMI_ALG_HASH HashAlg
;
31 } TPM2_SET_PRIMARY_POLICY_COMMAND
;
34 TPM2_RESPONSE_HEADER Header
;
35 UINT32 AuthSessionSize
;
36 TPMS_AUTH_RESPONSE AuthSession
;
37 } TPM2_SET_PRIMARY_POLICY_RESPONSE
;
40 TPM2_COMMAND_HEADER Header
;
41 TPMI_RH_CLEAR AuthHandle
;
42 UINT32 AuthorizationSize
;
43 TPMS_AUTH_COMMAND AuthSession
;
47 TPM2_RESPONSE_HEADER Header
;
49 TPMS_AUTH_RESPONSE AuthSession
;
50 } TPM2_CLEAR_RESPONSE
;
53 TPM2_COMMAND_HEADER Header
;
54 TPMI_RH_CLEAR AuthHandle
;
55 UINT32 AuthorizationSize
;
56 TPMS_AUTH_COMMAND AuthSession
;
58 } TPM2_CLEAR_CONTROL_COMMAND
;
61 TPM2_RESPONSE_HEADER Header
;
63 TPMS_AUTH_RESPONSE AuthSession
;
64 } TPM2_CLEAR_CONTROL_RESPONSE
;
67 TPM2_COMMAND_HEADER Header
;
68 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
69 UINT32 AuthorizationSize
;
70 TPMS_AUTH_COMMAND AuthSession
;
72 } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND
;
75 TPM2_RESPONSE_HEADER Header
;
77 TPMS_AUTH_RESPONSE AuthSession
;
78 } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE
;
81 TPM2_COMMAND_HEADER Header
;
82 TPMI_RH_PLATFORM AuthHandle
;
83 UINT32 AuthorizationSize
;
84 TPMS_AUTH_COMMAND AuthSession
;
85 } TPM2_CHANGE_EPS_COMMAND
;
88 TPM2_RESPONSE_HEADER Header
;
90 TPMS_AUTH_RESPONSE AuthSession
;
91 } TPM2_CHANGE_EPS_RESPONSE
;
94 TPM2_COMMAND_HEADER Header
;
95 TPMI_RH_PLATFORM AuthHandle
;
96 UINT32 AuthorizationSize
;
97 TPMS_AUTH_COMMAND AuthSession
;
98 } TPM2_CHANGE_PPS_COMMAND
;
101 TPM2_RESPONSE_HEADER Header
;
102 UINT32 ParameterSize
;
103 TPMS_AUTH_RESPONSE AuthSession
;
104 } TPM2_CHANGE_PPS_RESPONSE
;
107 TPM2_COMMAND_HEADER Header
;
108 TPMI_RH_HIERARCHY AuthHandle
;
109 UINT32 AuthorizationSize
;
110 TPMS_AUTH_COMMAND AuthSession
;
111 TPMI_RH_HIERARCHY Hierarchy
;
113 } TPM2_HIERARCHY_CONTROL_COMMAND
;
116 TPM2_RESPONSE_HEADER Header
;
117 UINT32 ParameterSize
;
118 TPMS_AUTH_RESPONSE AuthSession
;
119 } TPM2_HIERARCHY_CONTROL_RESPONSE
;
124 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
125 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
127 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
128 @param[in] AuthSession Auth Session context
129 @param[in] AuthPolicy An authorization policy hash
130 @param[in] HashAlg The hash algorithm to use for the policy
132 @retval EFI_SUCCESS Operation completed successfully.
133 @retval EFI_DEVICE_ERROR Unexpected device behavior.
137 Tpm2SetPrimaryPolicy (
138 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
139 IN TPMS_AUTH_COMMAND
*AuthSession
,
140 IN TPM2B_DIGEST
*AuthPolicy
,
141 IN TPMI_ALG_HASH HashAlg
145 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer
;
146 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer
;
147 UINT32 SendBufferSize
;
148 UINT32 RecvBufferSize
;
150 UINT32 SessionInfoSize
;
155 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
156 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_SetPrimaryPolicy
);
158 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
161 // Add in Auth session
163 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
166 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
167 Buffer
+= SessionInfoSize
;
168 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
173 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(AuthPolicy
->size
));
174 Buffer
+= sizeof(UINT16
);
175 CopyMem (Buffer
, AuthPolicy
->buffer
, AuthPolicy
->size
);
176 Buffer
+= AuthPolicy
->size
;
177 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(HashAlg
));
178 Buffer
+= sizeof(UINT16
);
180 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
181 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
186 RecvBufferSize
= sizeof (RecvBuffer
);
187 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
188 if (EFI_ERROR (Status
)) {
192 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
193 DEBUG ((EFI_D_ERROR
, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize
));
194 return EFI_DEVICE_ERROR
;
196 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
197 DEBUG ((EFI_D_ERROR
, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
198 return EFI_DEVICE_ERROR
;
205 This command removes all TPM context associated with a specific Owner.
207 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
208 @param[in] AuthSession Auth Session context
210 @retval EFI_SUCCESS Operation completed successfully.
211 @retval EFI_DEVICE_ERROR Unexpected device behavior.
216 IN TPMI_RH_CLEAR AuthHandle
,
217 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
221 TPM2_CLEAR_COMMAND Cmd
;
222 TPM2_CLEAR_RESPONSE Res
;
223 UINT32 ResultBufSize
;
227 UINT32 SessionInfoSize
;
229 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
230 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_Clear
);
231 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
234 // Add in Auth session
236 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
239 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
240 Buffer
+= SessionInfoSize
;
241 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
243 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
244 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
246 ResultBufSize
= sizeof(Res
);
247 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
248 if (EFI_ERROR(Status
)) {
252 if (ResultBufSize
> sizeof(Res
)) {
253 DEBUG ((EFI_D_ERROR
, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
254 return EFI_BUFFER_TOO_SMALL
;
258 // Validate response headers
260 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
261 if (RespSize
> sizeof(Res
)) {
262 DEBUG ((EFI_D_ERROR
, "Clear: Response size too large! %d\r\n", RespSize
));
263 return EFI_BUFFER_TOO_SMALL
;
267 // Fail if command failed
269 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
270 DEBUG ((EFI_D_ERROR
, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
271 return EFI_DEVICE_ERROR
;
275 // Unmarshal the response
284 Disables and enables the execution of TPM2_Clear().
286 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
287 @param[in] AuthSession Auth Session context
288 @param[in] Disable YES if the disableOwnerClear flag is to be SET,
289 NO if the flag is to be CLEAR.
291 @retval EFI_SUCCESS Operation completed successfully.
292 @retval EFI_DEVICE_ERROR Unexpected device behavior.
297 IN TPMI_RH_CLEAR AuthHandle
,
298 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
299 IN TPMI_YES_NO Disable
303 TPM2_CLEAR_CONTROL_COMMAND Cmd
;
304 TPM2_CLEAR_CONTROL_RESPONSE Res
;
305 UINT32 ResultBufSize
;
309 UINT32 SessionInfoSize
;
311 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
312 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ClearControl
);
313 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
316 // Add in Auth session
318 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
321 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
322 Buffer
+= SessionInfoSize
;
323 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
326 *(UINT8
*)Buffer
= Disable
;
329 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
330 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
332 ResultBufSize
= sizeof(Res
);
333 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
334 if (EFI_ERROR(Status
)) {
338 if (ResultBufSize
> sizeof(Res
)) {
339 DEBUG ((EFI_D_ERROR
, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
340 return EFI_BUFFER_TOO_SMALL
;
344 // Validate response headers
346 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
347 if (RespSize
> sizeof(Res
)) {
348 DEBUG ((EFI_D_ERROR
, "ClearControl: Response size too large! %d\r\n", RespSize
));
349 return EFI_BUFFER_TOO_SMALL
;
353 // Fail if command failed
355 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
356 DEBUG ((EFI_D_ERROR
, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
357 return EFI_DEVICE_ERROR
;
361 // Unmarshal the response
370 This command allows the authorization secret for a hierarchy or lockout to be changed using the current
371 authorization value as the command authorization.
373 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
374 @param[in] AuthSession Auth Session context
375 @param[in] NewAuth New authorization secret
377 @retval EFI_SUCCESS Operation completed successfully.
378 @retval EFI_DEVICE_ERROR Unexpected device behavior.
382 Tpm2HierarchyChangeAuth (
383 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
384 IN TPMS_AUTH_COMMAND
*AuthSession
,
385 IN TPM2B_AUTH
*NewAuth
389 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd
;
390 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res
;
394 UINT32 SessionInfoSize
;
396 UINT32 ResultBufSize
;
401 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
402 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
403 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_HierarchyChangeAuth
);
404 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
407 // Add in Auth session
409 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
412 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
413 Buffer
+= SessionInfoSize
;
414 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
416 // New Authorization size
417 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(NewAuth
->size
));
418 Buffer
+= sizeof(UINT16
);
420 // New Authorizeation
421 CopyMem(Buffer
, NewAuth
->buffer
, NewAuth
->size
);
422 Buffer
+= NewAuth
->size
;
424 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
425 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
427 ResultBuf
= (UINT8
*) &Res
;
428 ResultBufSize
= sizeof(Res
);
433 Status
= Tpm2SubmitCommand (
440 if (ResultBufSize
> sizeof(Res
)) {
441 DEBUG ((EFI_D_ERROR
, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
442 return EFI_BUFFER_TOO_SMALL
;
446 // Validate response headers
448 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
449 if (RespSize
> sizeof(Res
)) {
450 DEBUG ((EFI_D_ERROR
, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize
));
451 return EFI_BUFFER_TOO_SMALL
;
455 // Fail if command failed
457 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
458 DEBUG((EFI_D_ERROR
,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
459 return EFI_DEVICE_ERROR
;
466 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
467 their default initialization values.
469 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
470 @param[in] AuthSession Auth Session context
472 @retval EFI_SUCCESS Operation completed successfully.
473 @retval EFI_DEVICE_ERROR Unexpected device behavior.
478 IN TPMI_RH_PLATFORM AuthHandle
,
479 IN TPMS_AUTH_COMMAND
*AuthSession
483 TPM2_CHANGE_EPS_COMMAND Cmd
;
484 TPM2_CHANGE_EPS_RESPONSE Res
;
488 UINT32 SessionInfoSize
;
490 UINT32 ResultBufSize
;
495 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
496 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
497 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ChangeEPS
);
498 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
501 // Add in Auth session
503 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
506 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
507 Buffer
+= SessionInfoSize
;
508 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
510 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
511 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
513 ResultBuf
= (UINT8
*) &Res
;
514 ResultBufSize
= sizeof(Res
);
519 Status
= Tpm2SubmitCommand (
526 if (ResultBufSize
> sizeof(Res
)) {
527 DEBUG ((EFI_D_ERROR
, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
528 return EFI_BUFFER_TOO_SMALL
;
532 // Validate response headers
534 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
535 if (RespSize
> sizeof(Res
)) {
536 DEBUG ((EFI_D_ERROR
, "ChangeEPS: Response size too large! %d\r\n", RespSize
));
537 return EFI_BUFFER_TOO_SMALL
;
541 // Fail if command failed
543 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
544 DEBUG((EFI_D_ERROR
,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
545 return EFI_DEVICE_ERROR
;
552 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
553 initialization value (the Empty Buffer).
555 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
556 @param[in] AuthSession Auth Session context
558 @retval EFI_SUCCESS Operation completed successfully.
559 @retval EFI_DEVICE_ERROR Unexpected device behavior.
564 IN TPMI_RH_PLATFORM AuthHandle
,
565 IN TPMS_AUTH_COMMAND
*AuthSession
569 TPM2_CHANGE_PPS_COMMAND Cmd
;
570 TPM2_CHANGE_PPS_RESPONSE Res
;
574 UINT32 SessionInfoSize
;
576 UINT32 ResultBufSize
;
581 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
582 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
583 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ChangePPS
);
584 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
587 // Add in Auth session
589 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
592 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
593 Buffer
+= SessionInfoSize
;
594 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
596 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
597 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
599 ResultBuf
= (UINT8
*) &Res
;
600 ResultBufSize
= sizeof(Res
);
605 Status
= Tpm2SubmitCommand (
612 if (ResultBufSize
> sizeof(Res
)) {
613 DEBUG ((EFI_D_ERROR
, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
614 return EFI_BUFFER_TOO_SMALL
;
618 // Validate response headers
620 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
621 if (RespSize
> sizeof(Res
)) {
622 DEBUG ((EFI_D_ERROR
, "ChangePPS: Response size too large! %d\r\n", RespSize
));
623 return EFI_BUFFER_TOO_SMALL
;
627 // Fail if command failed
629 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
630 DEBUG((EFI_D_ERROR
,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
631 return EFI_DEVICE_ERROR
;
638 This command enables and disables use of a hierarchy.
640 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
641 @param[in] AuthSession Auth Session context
642 @param[in] Hierarchy Hierarchy of the enable being modified
643 @param[in] State YES if the enable should be SET,
644 NO if the enable should be CLEAR
646 @retval EFI_SUCCESS Operation completed successfully.
647 @retval EFI_DEVICE_ERROR Unexpected device behavior.
651 Tpm2HierarchyControl (
652 IN TPMI_RH_HIERARCHY AuthHandle
,
653 IN TPMS_AUTH_COMMAND
*AuthSession
,
654 IN TPMI_RH_HIERARCHY Hierarchy
,
659 TPM2_HIERARCHY_CONTROL_COMMAND Cmd
;
660 TPM2_HIERARCHY_CONTROL_RESPONSE Res
;
664 UINT32 SessionInfoSize
;
666 UINT32 ResultBufSize
;
671 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
672 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
673 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_HierarchyControl
);
674 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
677 // Add in Auth session
679 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
682 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
683 Buffer
+= SessionInfoSize
;
684 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
686 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(Hierarchy
));
687 Buffer
+= sizeof(UINT32
);
689 *(UINT8
*)Buffer
= State
;
692 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
693 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
695 ResultBuf
= (UINT8
*) &Res
;
696 ResultBufSize
= sizeof(Res
);
701 Status
= Tpm2SubmitCommand (
708 if (ResultBufSize
> sizeof(Res
)) {
709 DEBUG ((EFI_D_ERROR
, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
710 return EFI_BUFFER_TOO_SMALL
;
714 // Validate response headers
716 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
717 if (RespSize
> sizeof(Res
)) {
718 DEBUG ((EFI_D_ERROR
, "HierarchyControl: Response size too large! %d\r\n", RespSize
));
719 return EFI_BUFFER_TOO_SMALL
;
723 // Fail if command failed
725 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
726 DEBUG((EFI_D_ERROR
,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
727 return EFI_DEVICE_ERROR
;