]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg: Fix spelling errors
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Hierarchy.c
1 /** @file
2 Implement TPM2 Hierarchy related command.
3
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
15
16 #pragma pack(1)
17
18 typedef struct {
19 TPM2_COMMAND_HEADER Header;
20 TPMI_RH_HIERARCHY_AUTH AuthHandle;
21 UINT32 AuthSessionSize;
22 TPMS_AUTH_COMMAND AuthSession;
23 TPM2B_DIGEST AuthPolicy;
24 TPMI_ALG_HASH HashAlg;
25 } TPM2_SET_PRIMARY_POLICY_COMMAND;
26
27 typedef struct {
28 TPM2_RESPONSE_HEADER Header;
29 UINT32 AuthSessionSize;
30 TPMS_AUTH_RESPONSE AuthSession;
31 } TPM2_SET_PRIMARY_POLICY_RESPONSE;
32
33 typedef struct {
34 TPM2_COMMAND_HEADER Header;
35 TPMI_RH_CLEAR AuthHandle;
36 UINT32 AuthorizationSize;
37 TPMS_AUTH_COMMAND AuthSession;
38 } TPM2_CLEAR_COMMAND;
39
40 typedef struct {
41 TPM2_RESPONSE_HEADER Header;
42 UINT32 ParameterSize;
43 TPMS_AUTH_RESPONSE AuthSession;
44 } TPM2_CLEAR_RESPONSE;
45
46 typedef struct {
47 TPM2_COMMAND_HEADER Header;
48 TPMI_RH_CLEAR AuthHandle;
49 UINT32 AuthorizationSize;
50 TPMS_AUTH_COMMAND AuthSession;
51 TPMI_YES_NO Disable;
52 } TPM2_CLEAR_CONTROL_COMMAND;
53
54 typedef struct {
55 TPM2_RESPONSE_HEADER Header;
56 UINT32 ParameterSize;
57 TPMS_AUTH_RESPONSE AuthSession;
58 } TPM2_CLEAR_CONTROL_RESPONSE;
59
60 typedef struct {
61 TPM2_COMMAND_HEADER Header;
62 TPMI_RH_HIERARCHY_AUTH AuthHandle;
63 UINT32 AuthorizationSize;
64 TPMS_AUTH_COMMAND AuthSession;
65 TPM2B_AUTH NewAuth;
66 } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND;
67
68 typedef struct {
69 TPM2_RESPONSE_HEADER Header;
70 UINT32 ParameterSize;
71 TPMS_AUTH_RESPONSE AuthSession;
72 } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE;
73
74 typedef struct {
75 TPM2_COMMAND_HEADER Header;
76 TPMI_RH_PLATFORM AuthHandle;
77 UINT32 AuthorizationSize;
78 TPMS_AUTH_COMMAND AuthSession;
79 } TPM2_CHANGE_EPS_COMMAND;
80
81 typedef struct {
82 TPM2_RESPONSE_HEADER Header;
83 UINT32 ParameterSize;
84 TPMS_AUTH_RESPONSE AuthSession;
85 } TPM2_CHANGE_EPS_RESPONSE;
86
87 typedef struct {
88 TPM2_COMMAND_HEADER Header;
89 TPMI_RH_PLATFORM AuthHandle;
90 UINT32 AuthorizationSize;
91 TPMS_AUTH_COMMAND AuthSession;
92 } TPM2_CHANGE_PPS_COMMAND;
93
94 typedef struct {
95 TPM2_RESPONSE_HEADER Header;
96 UINT32 ParameterSize;
97 TPMS_AUTH_RESPONSE AuthSession;
98 } TPM2_CHANGE_PPS_RESPONSE;
99
100 typedef struct {
101 TPM2_COMMAND_HEADER Header;
102 TPMI_RH_HIERARCHY AuthHandle;
103 UINT32 AuthorizationSize;
104 TPMS_AUTH_COMMAND AuthSession;
105 TPMI_RH_HIERARCHY Hierarchy;
106 TPMI_YES_NO State;
107 } TPM2_HIERARCHY_CONTROL_COMMAND;
108
109 typedef struct {
110 TPM2_RESPONSE_HEADER Header;
111 UINT32 ParameterSize;
112 TPMS_AUTH_RESPONSE AuthSession;
113 } TPM2_HIERARCHY_CONTROL_RESPONSE;
114
115 #pragma pack()
116
117 /**
118 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
119 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
120
121 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
122 @param[in] AuthSession Auth Session context
123 @param[in] AuthPolicy An authorization policy hash
124 @param[in] HashAlg The hash algorithm to use for the policy
125
126 @retval EFI_SUCCESS Operation completed successfully.
127 @retval EFI_DEVICE_ERROR Unexpected device behavior.
128 **/
129 EFI_STATUS
130 EFIAPI
131 Tpm2SetPrimaryPolicy (
132 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
133 IN TPMS_AUTH_COMMAND *AuthSession,
134 IN TPM2B_DIGEST *AuthPolicy,
135 IN TPMI_ALG_HASH HashAlg
136 )
137 {
138 EFI_STATUS Status;
139 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;
140 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;
141 UINT32 SendBufferSize;
142 UINT32 RecvBufferSize;
143 UINT8 *Buffer;
144 UINT32 SessionInfoSize;
145
146 //
147 // Construct command
148 //
149 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
150 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);
151
152 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
153
154 //
155 // Add in Auth session
156 //
157 Buffer = (UINT8 *)&SendBuffer.AuthSession;
158
159 // sessionInfoSize
160 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
161 Buffer += SessionInfoSize;
162 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
163
164 //
165 // Real data
166 //
167 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));
168 Buffer += sizeof(UINT16);
169 CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);
170 Buffer += AuthPolicy->size;
171 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
172 Buffer += sizeof(UINT16);
173
174 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
175 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
176
177 //
178 // send Tpm command
179 //
180 RecvBufferSize = sizeof (RecvBuffer);
181 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
182 if (EFI_ERROR (Status)) {
183 goto Done;
184 }
185
186 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
187 DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));
188 Status = EFI_DEVICE_ERROR;
189 goto Done;
190 }
191 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
192 DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
193 Status = EFI_DEVICE_ERROR;
194 goto Done;
195 }
196
197 Done:
198 //
199 // Clear AuthSession Content
200 //
201 ZeroMem (&SendBuffer, sizeof(SendBuffer));
202 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
203 return Status;
204 }
205
206 /**
207 This command removes all TPM context associated with a specific Owner.
208
209 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
210 @param[in] AuthSession Auth Session context
211
212 @retval EFI_SUCCESS Operation completed successfully.
213 @retval EFI_DEVICE_ERROR Unexpected device behavior.
214 **/
215 EFI_STATUS
216 EFIAPI
217 Tpm2Clear (
218 IN TPMI_RH_CLEAR AuthHandle,
219 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
220 )
221 {
222 EFI_STATUS Status;
223 TPM2_CLEAR_COMMAND Cmd;
224 TPM2_CLEAR_RESPONSE Res;
225 UINT32 ResultBufSize;
226 UINT32 CmdSize;
227 UINT32 RespSize;
228 UINT8 *Buffer;
229 UINT32 SessionInfoSize;
230
231 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
232 Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear);
233 Cmd.AuthHandle = SwapBytes32(AuthHandle);
234
235 //
236 // Add in Auth session
237 //
238 Buffer = (UINT8 *)&Cmd.AuthSession;
239
240 // sessionInfoSize
241 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
242 Buffer += SessionInfoSize;
243 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
244
245 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
246 Cmd.Header.paramSize = SwapBytes32(CmdSize);
247
248 ResultBufSize = sizeof(Res);
249 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
250 if (EFI_ERROR(Status)) {
251 goto Done;
252 }
253
254 if (ResultBufSize > sizeof(Res)) {
255 DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
256 Status = EFI_BUFFER_TOO_SMALL;
257 goto Done;
258 }
259
260 //
261 // Validate response headers
262 //
263 RespSize = SwapBytes32(Res.Header.paramSize);
264 if (RespSize > sizeof(Res)) {
265 DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));
266 Status = EFI_BUFFER_TOO_SMALL;
267 goto Done;
268 }
269
270 //
271 // Fail if command failed
272 //
273 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
274 DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
275 Status = EFI_DEVICE_ERROR;
276 goto Done;
277 }
278
279 //
280 // Unmarshal the response
281 //
282
283 // None
284 Done:
285 //
286 // Clear AuthSession Content
287 //
288 ZeroMem (&Cmd, sizeof(Cmd));
289 ZeroMem (&Res, sizeof(Res));
290 return Status;
291 }
292
293 /**
294 Disables and enables the execution of TPM2_Clear().
295
296 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
297 @param[in] AuthSession Auth Session context
298 @param[in] Disable YES if the disableOwnerClear flag is to be SET,
299 NO if the flag is to be CLEAR.
300
301 @retval EFI_SUCCESS Operation completed successfully.
302 @retval EFI_DEVICE_ERROR Unexpected device behavior.
303 **/
304 EFI_STATUS
305 EFIAPI
306 Tpm2ClearControl (
307 IN TPMI_RH_CLEAR AuthHandle,
308 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
309 IN TPMI_YES_NO Disable
310 )
311 {
312 EFI_STATUS Status;
313 TPM2_CLEAR_CONTROL_COMMAND Cmd;
314 TPM2_CLEAR_CONTROL_RESPONSE Res;
315 UINT32 ResultBufSize;
316 UINT32 CmdSize;
317 UINT32 RespSize;
318 UINT8 *Buffer;
319 UINT32 SessionInfoSize;
320
321 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
322 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl);
323 Cmd.AuthHandle = SwapBytes32(AuthHandle);
324
325 //
326 // Add in Auth session
327 //
328 Buffer = (UINT8 *)&Cmd.AuthSession;
329
330 // sessionInfoSize
331 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
332 Buffer += SessionInfoSize;
333 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
334
335 // disable
336 *(UINT8 *)Buffer = Disable;
337 Buffer++;
338
339 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
340 Cmd.Header.paramSize = SwapBytes32(CmdSize);
341
342 ResultBufSize = sizeof(Res);
343 Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
344 if (EFI_ERROR(Status)) {
345 goto Done;
346 }
347
348 if (ResultBufSize > sizeof(Res)) {
349 DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
350 Status = EFI_BUFFER_TOO_SMALL;
351 goto Done;
352 }
353
354 //
355 // Validate response headers
356 //
357 RespSize = SwapBytes32(Res.Header.paramSize);
358 if (RespSize > sizeof(Res)) {
359 DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));
360 Status = EFI_BUFFER_TOO_SMALL;
361 goto Done;
362 }
363
364 //
365 // Fail if command failed
366 //
367 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
368 DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
369 Status = EFI_DEVICE_ERROR;
370 goto Done;
371 }
372
373 //
374 // Unmarshal the response
375 //
376
377 // None
378 Done:
379 //
380 // Clear AuthSession Content
381 //
382 ZeroMem (&Cmd, sizeof(Cmd));
383 ZeroMem (&Res, sizeof(Res));
384 return Status;
385 }
386
387 /**
388 This command allows the authorization secret for a hierarchy or lockout to be changed using the current
389 authorization value as the command authorization.
390
391 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
392 @param[in] AuthSession Auth Session context
393 @param[in] NewAuth New authorization secret
394
395 @retval EFI_SUCCESS Operation completed successfully.
396 @retval EFI_DEVICE_ERROR Unexpected device behavior.
397 **/
398 EFI_STATUS
399 EFIAPI
400 Tpm2HierarchyChangeAuth (
401 IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
402 IN TPMS_AUTH_COMMAND *AuthSession,
403 IN TPM2B_AUTH *NewAuth
404 )
405 {
406 EFI_STATUS Status;
407 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd;
408 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res;
409 UINT32 CmdSize;
410 UINT32 RespSize;
411 UINT8 *Buffer;
412 UINT32 SessionInfoSize;
413 UINT8 *ResultBuf;
414 UINT32 ResultBufSize;
415
416 //
417 // Construct command
418 //
419 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
420 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
421 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth);
422 Cmd.AuthHandle = SwapBytes32(AuthHandle);
423
424 //
425 // Add in Auth session
426 //
427 Buffer = (UINT8 *)&Cmd.AuthSession;
428
429 // sessionInfoSize
430 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
431 Buffer += SessionInfoSize;
432 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
433
434 // New Authorization size
435 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));
436 Buffer += sizeof(UINT16);
437
438 // New Authorization
439 CopyMem(Buffer, NewAuth->buffer, NewAuth->size);
440 Buffer += NewAuth->size;
441
442 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
443 Cmd.Header.paramSize = SwapBytes32(CmdSize);
444
445 ResultBuf = (UINT8 *) &Res;
446 ResultBufSize = sizeof(Res);
447
448 //
449 // Call the TPM
450 //
451 Status = Tpm2SubmitCommand (
452 CmdSize,
453 (UINT8 *)&Cmd,
454 &ResultBufSize,
455 ResultBuf
456 );
457 if (EFI_ERROR(Status)) {
458 goto Done;
459 }
460
461 if (ResultBufSize > sizeof(Res)) {
462 DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
463 Status = EFI_BUFFER_TOO_SMALL;
464 goto Done;
465 }
466
467 //
468 // Validate response headers
469 //
470 RespSize = SwapBytes32(Res.Header.paramSize);
471 if (RespSize > sizeof(Res)) {
472 DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));
473 Status = EFI_BUFFER_TOO_SMALL;
474 goto Done;
475 }
476
477 //
478 // Fail if command failed
479 //
480 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
481 DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
482 Status = EFI_DEVICE_ERROR;
483 goto Done;
484 }
485
486 Done:
487 //
488 // Clear AuthSession Content
489 //
490 ZeroMem (&Cmd, sizeof(Cmd));
491 ZeroMem (&Res, sizeof(Res));
492 return Status;
493 }
494
495 /**
496 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
497 their default initialization values.
498
499 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
500 @param[in] AuthSession Auth Session context
501
502 @retval EFI_SUCCESS Operation completed successfully.
503 @retval EFI_DEVICE_ERROR Unexpected device behavior.
504 **/
505 EFI_STATUS
506 EFIAPI
507 Tpm2ChangeEPS (
508 IN TPMI_RH_PLATFORM AuthHandle,
509 IN TPMS_AUTH_COMMAND *AuthSession
510 )
511 {
512 EFI_STATUS Status;
513 TPM2_CHANGE_EPS_COMMAND Cmd;
514 TPM2_CHANGE_EPS_RESPONSE Res;
515 UINT32 CmdSize;
516 UINT32 RespSize;
517 UINT8 *Buffer;
518 UINT32 SessionInfoSize;
519 UINT8 *ResultBuf;
520 UINT32 ResultBufSize;
521
522 //
523 // Construct command
524 //
525 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
526 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
527 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS);
528 Cmd.AuthHandle = SwapBytes32(AuthHandle);
529
530 //
531 // Add in Auth session
532 //
533 Buffer = (UINT8 *)&Cmd.AuthSession;
534
535 // sessionInfoSize
536 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
537 Buffer += SessionInfoSize;
538 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
539
540 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
541 Cmd.Header.paramSize = SwapBytes32(CmdSize);
542
543 ResultBuf = (UINT8 *) &Res;
544 ResultBufSize = sizeof(Res);
545
546 //
547 // Call the TPM
548 //
549 Status = Tpm2SubmitCommand (
550 CmdSize,
551 (UINT8 *)&Cmd,
552 &ResultBufSize,
553 ResultBuf
554 );
555 if (EFI_ERROR(Status)) {
556 goto Done;
557 }
558
559 if (ResultBufSize > sizeof(Res)) {
560 DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
561 Status = EFI_BUFFER_TOO_SMALL;
562 goto Done;
563 }
564
565 //
566 // Validate response headers
567 //
568 RespSize = SwapBytes32(Res.Header.paramSize);
569 if (RespSize > sizeof(Res)) {
570 DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));
571 Status = EFI_BUFFER_TOO_SMALL;
572 goto Done;
573 }
574
575 //
576 // Fail if command failed
577 //
578 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
579 DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
580 Status = EFI_DEVICE_ERROR;
581 goto Done;
582 }
583
584 Done:
585 //
586 // Clear AuthSession Content
587 //
588 ZeroMem (&Cmd, sizeof(Cmd));
589 ZeroMem (&Res, sizeof(Res));
590 return Status;
591 }
592
593 /**
594 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
595 initialization value (the Empty Buffer).
596
597 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
598 @param[in] AuthSession Auth Session context
599
600 @retval EFI_SUCCESS Operation completed successfully.
601 @retval EFI_DEVICE_ERROR Unexpected device behavior.
602 **/
603 EFI_STATUS
604 EFIAPI
605 Tpm2ChangePPS (
606 IN TPMI_RH_PLATFORM AuthHandle,
607 IN TPMS_AUTH_COMMAND *AuthSession
608 )
609 {
610 EFI_STATUS Status;
611 TPM2_CHANGE_PPS_COMMAND Cmd;
612 TPM2_CHANGE_PPS_RESPONSE Res;
613 UINT32 CmdSize;
614 UINT32 RespSize;
615 UINT8 *Buffer;
616 UINT32 SessionInfoSize;
617 UINT8 *ResultBuf;
618 UINT32 ResultBufSize;
619
620 //
621 // Construct command
622 //
623 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
624 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
625 Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS);
626 Cmd.AuthHandle = SwapBytes32(AuthHandle);
627
628 //
629 // Add in Auth session
630 //
631 Buffer = (UINT8 *)&Cmd.AuthSession;
632
633 // sessionInfoSize
634 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
635 Buffer += SessionInfoSize;
636 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
637
638 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
639 Cmd.Header.paramSize = SwapBytes32(CmdSize);
640
641 ResultBuf = (UINT8 *) &Res;
642 ResultBufSize = sizeof(Res);
643
644 //
645 // Call the TPM
646 //
647 Status = Tpm2SubmitCommand (
648 CmdSize,
649 (UINT8 *)&Cmd,
650 &ResultBufSize,
651 ResultBuf
652 );
653 if (EFI_ERROR(Status)) {
654 goto Done;
655 }
656
657 if (ResultBufSize > sizeof(Res)) {
658 DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
659 Status = EFI_BUFFER_TOO_SMALL;
660 goto Done;
661 }
662
663 //
664 // Validate response headers
665 //
666 RespSize = SwapBytes32(Res.Header.paramSize);
667 if (RespSize > sizeof(Res)) {
668 DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));
669 Status = EFI_BUFFER_TOO_SMALL;
670 goto Done;
671 }
672
673 //
674 // Fail if command failed
675 //
676 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
677 DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
678 Status = EFI_DEVICE_ERROR;
679 goto Done;
680 }
681
682 Done:
683 //
684 // Clear AuthSession Content
685 //
686 ZeroMem (&Cmd, sizeof(Cmd));
687 ZeroMem (&Res, sizeof(Res));
688 return Status;
689 }
690
691 /**
692 This command enables and disables use of a hierarchy.
693
694 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
695 @param[in] AuthSession Auth Session context
696 @param[in] Hierarchy Hierarchy of the enable being modified
697 @param[in] State YES if the enable should be SET,
698 NO if the enable should be CLEAR
699
700 @retval EFI_SUCCESS Operation completed successfully.
701 @retval EFI_DEVICE_ERROR Unexpected device behavior.
702 **/
703 EFI_STATUS
704 EFIAPI
705 Tpm2HierarchyControl (
706 IN TPMI_RH_HIERARCHY AuthHandle,
707 IN TPMS_AUTH_COMMAND *AuthSession,
708 IN TPMI_RH_HIERARCHY Hierarchy,
709 IN TPMI_YES_NO State
710 )
711 {
712 EFI_STATUS Status;
713 TPM2_HIERARCHY_CONTROL_COMMAND Cmd;
714 TPM2_HIERARCHY_CONTROL_RESPONSE Res;
715 UINT32 CmdSize;
716 UINT32 RespSize;
717 UINT8 *Buffer;
718 UINT32 SessionInfoSize;
719 UINT8 *ResultBuf;
720 UINT32 ResultBufSize;
721
722 //
723 // Construct command
724 //
725 Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
726 Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd));
727 Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl);
728 Cmd.AuthHandle = SwapBytes32(AuthHandle);
729
730 //
731 // Add in Auth session
732 //
733 Buffer = (UINT8 *)&Cmd.AuthSession;
734
735 // sessionInfoSize
736 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
737 Buffer += SessionInfoSize;
738 Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
739
740 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy));
741 Buffer += sizeof(UINT32);
742
743 *(UINT8 *)Buffer = State;
744 Buffer++;
745
746 CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);
747 Cmd.Header.paramSize = SwapBytes32(CmdSize);
748
749 ResultBuf = (UINT8 *) &Res;
750 ResultBufSize = sizeof(Res);
751
752 //
753 // Call the TPM
754 //
755 Status = Tpm2SubmitCommand (
756 CmdSize,
757 (UINT8 *)&Cmd,
758 &ResultBufSize,
759 ResultBuf
760 );
761 if (EFI_ERROR(Status)) {
762 goto Done;
763 }
764
765 if (ResultBufSize > sizeof(Res)) {
766 DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
767 Status = EFI_BUFFER_TOO_SMALL;
768 goto Done;
769 }
770
771 //
772 // Validate response headers
773 //
774 RespSize = SwapBytes32(Res.Header.paramSize);
775 if (RespSize > sizeof(Res)) {
776 DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));
777 Status = EFI_BUFFER_TOO_SMALL;
778 goto Done;
779 }
780
781 //
782 // Fail if command failed
783 //
784 if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
785 DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
786 Status = EFI_DEVICE_ERROR;
787 goto Done;
788 }
789
790 Done:
791 //
792 // Clear AuthSession Content
793 //
794 ZeroMem (&Cmd, sizeof(Cmd));
795 ZeroMem (&Res, sizeof(Res));
796 return Status;
797 }
EFI Development Kit II mirror for PVE