2 Implement TPM2 Hierarchy related command.
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
19 TPM2_COMMAND_HEADER Header
;
20 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
21 UINT32 AuthSessionSize
;
22 TPMS_AUTH_COMMAND AuthSession
;
23 TPM2B_DIGEST AuthPolicy
;
24 TPMI_ALG_HASH HashAlg
;
25 } TPM2_SET_PRIMARY_POLICY_COMMAND
;
28 TPM2_RESPONSE_HEADER Header
;
29 UINT32 AuthSessionSize
;
30 TPMS_AUTH_RESPONSE AuthSession
;
31 } TPM2_SET_PRIMARY_POLICY_RESPONSE
;
34 TPM2_COMMAND_HEADER Header
;
35 TPMI_RH_CLEAR AuthHandle
;
36 UINT32 AuthorizationSize
;
37 TPMS_AUTH_COMMAND AuthSession
;
41 TPM2_RESPONSE_HEADER Header
;
43 TPMS_AUTH_RESPONSE AuthSession
;
44 } TPM2_CLEAR_RESPONSE
;
47 TPM2_COMMAND_HEADER Header
;
48 TPMI_RH_CLEAR AuthHandle
;
49 UINT32 AuthorizationSize
;
50 TPMS_AUTH_COMMAND AuthSession
;
52 } TPM2_CLEAR_CONTROL_COMMAND
;
55 TPM2_RESPONSE_HEADER Header
;
57 TPMS_AUTH_RESPONSE AuthSession
;
58 } TPM2_CLEAR_CONTROL_RESPONSE
;
61 TPM2_COMMAND_HEADER Header
;
62 TPMI_RH_HIERARCHY_AUTH AuthHandle
;
63 UINT32 AuthorizationSize
;
64 TPMS_AUTH_COMMAND AuthSession
;
66 } TPM2_HIERARCHY_CHANGE_AUTH_COMMAND
;
69 TPM2_RESPONSE_HEADER Header
;
71 TPMS_AUTH_RESPONSE AuthSession
;
72 } TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE
;
75 TPM2_COMMAND_HEADER Header
;
76 TPMI_RH_PLATFORM AuthHandle
;
77 UINT32 AuthorizationSize
;
78 TPMS_AUTH_COMMAND AuthSession
;
79 } TPM2_CHANGE_EPS_COMMAND
;
82 TPM2_RESPONSE_HEADER Header
;
84 TPMS_AUTH_RESPONSE AuthSession
;
85 } TPM2_CHANGE_EPS_RESPONSE
;
88 TPM2_COMMAND_HEADER Header
;
89 TPMI_RH_PLATFORM AuthHandle
;
90 UINT32 AuthorizationSize
;
91 TPMS_AUTH_COMMAND AuthSession
;
92 } TPM2_CHANGE_PPS_COMMAND
;
95 TPM2_RESPONSE_HEADER Header
;
97 TPMS_AUTH_RESPONSE AuthSession
;
98 } TPM2_CHANGE_PPS_RESPONSE
;
101 TPM2_COMMAND_HEADER Header
;
102 TPMI_RH_HIERARCHY AuthHandle
;
103 UINT32 AuthorizationSize
;
104 TPMS_AUTH_COMMAND AuthSession
;
105 TPMI_RH_HIERARCHY Hierarchy
;
107 } TPM2_HIERARCHY_CONTROL_COMMAND
;
110 TPM2_RESPONSE_HEADER Header
;
111 UINT32 ParameterSize
;
112 TPMS_AUTH_RESPONSE AuthSession
;
113 } TPM2_HIERARCHY_CONTROL_RESPONSE
;
118 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
119 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
121 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
122 @param[in] AuthSession Auth Session context
123 @param[in] AuthPolicy An authorization policy hash
124 @param[in] HashAlg The hash algorithm to use for the policy
126 @retval EFI_SUCCESS Operation completed successfully.
127 @retval EFI_DEVICE_ERROR Unexpected device behavior.
131 Tpm2SetPrimaryPolicy (
132 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
133 IN TPMS_AUTH_COMMAND
*AuthSession
,
134 IN TPM2B_DIGEST
*AuthPolicy
,
135 IN TPMI_ALG_HASH HashAlg
139 TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer
;
140 TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer
;
141 UINT32 SendBufferSize
;
142 UINT32 RecvBufferSize
;
144 UINT32 SessionInfoSize
;
149 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
150 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_SetPrimaryPolicy
);
152 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
155 // Add in Auth session
157 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
160 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
161 Buffer
+= SessionInfoSize
;
162 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
167 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(AuthPolicy
->size
));
168 Buffer
+= sizeof(UINT16
);
169 CopyMem (Buffer
, AuthPolicy
->buffer
, AuthPolicy
->size
);
170 Buffer
+= AuthPolicy
->size
;
171 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(HashAlg
));
172 Buffer
+= sizeof(UINT16
);
174 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
175 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
180 RecvBufferSize
= sizeof (RecvBuffer
);
181 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
182 if (EFI_ERROR (Status
)) {
186 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
187 DEBUG ((EFI_D_ERROR
, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize
));
188 Status
= EFI_DEVICE_ERROR
;
191 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
192 DEBUG ((EFI_D_ERROR
, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
193 Status
= EFI_DEVICE_ERROR
;
199 // Clear AuthSession Content
201 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
202 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
207 This command removes all TPM context associated with a specific Owner.
209 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
210 @param[in] AuthSession Auth Session context
212 @retval EFI_SUCCESS Operation completed successfully.
213 @retval EFI_DEVICE_ERROR Unexpected device behavior.
218 IN TPMI_RH_CLEAR AuthHandle
,
219 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
223 TPM2_CLEAR_COMMAND Cmd
;
224 TPM2_CLEAR_RESPONSE Res
;
225 UINT32 ResultBufSize
;
229 UINT32 SessionInfoSize
;
231 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
232 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_Clear
);
233 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
236 // Add in Auth session
238 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
241 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
242 Buffer
+= SessionInfoSize
;
243 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
245 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
246 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
248 ResultBufSize
= sizeof(Res
);
249 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
250 if (EFI_ERROR(Status
)) {
254 if (ResultBufSize
> sizeof(Res
)) {
255 DEBUG ((EFI_D_ERROR
, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
256 Status
= EFI_BUFFER_TOO_SMALL
;
261 // Validate response headers
263 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
264 if (RespSize
> sizeof(Res
)) {
265 DEBUG ((EFI_D_ERROR
, "Clear: Response size too large! %d\r\n", RespSize
));
266 Status
= EFI_BUFFER_TOO_SMALL
;
271 // Fail if command failed
273 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
274 DEBUG ((EFI_D_ERROR
, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
275 Status
= EFI_DEVICE_ERROR
;
280 // Unmarshal the response
286 // Clear AuthSession Content
288 ZeroMem (&Cmd
, sizeof(Cmd
));
289 ZeroMem (&Res
, sizeof(Res
));
294 Disables and enables the execution of TPM2_Clear().
296 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
297 @param[in] AuthSession Auth Session context
298 @param[in] Disable YES if the disableOwnerClear flag is to be SET,
299 NO if the flag is to be CLEAR.
301 @retval EFI_SUCCESS Operation completed successfully.
302 @retval EFI_DEVICE_ERROR Unexpected device behavior.
307 IN TPMI_RH_CLEAR AuthHandle
,
308 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
309 IN TPMI_YES_NO Disable
313 TPM2_CLEAR_CONTROL_COMMAND Cmd
;
314 TPM2_CLEAR_CONTROL_RESPONSE Res
;
315 UINT32 ResultBufSize
;
319 UINT32 SessionInfoSize
;
321 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
322 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ClearControl
);
323 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
326 // Add in Auth session
328 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
331 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
332 Buffer
+= SessionInfoSize
;
333 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
336 *(UINT8
*)Buffer
= Disable
;
339 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
340 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
342 ResultBufSize
= sizeof(Res
);
343 Status
= Tpm2SubmitCommand (CmdSize
, (UINT8
*)&Cmd
, &ResultBufSize
, (UINT8
*)&Res
);
344 if (EFI_ERROR(Status
)) {
348 if (ResultBufSize
> sizeof(Res
)) {
349 DEBUG ((EFI_D_ERROR
, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
350 Status
= EFI_BUFFER_TOO_SMALL
;
355 // Validate response headers
357 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
358 if (RespSize
> sizeof(Res
)) {
359 DEBUG ((EFI_D_ERROR
, "ClearControl: Response size too large! %d\r\n", RespSize
));
360 Status
= EFI_BUFFER_TOO_SMALL
;
365 // Fail if command failed
367 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
368 DEBUG ((EFI_D_ERROR
, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
369 Status
= EFI_DEVICE_ERROR
;
374 // Unmarshal the response
380 // Clear AuthSession Content
382 ZeroMem (&Cmd
, sizeof(Cmd
));
383 ZeroMem (&Res
, sizeof(Res
));
388 This command allows the authorization secret for a hierarchy or lockout to be changed using the current
389 authorization value as the command authorization.
391 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
392 @param[in] AuthSession Auth Session context
393 @param[in] NewAuth New authorization secret
395 @retval EFI_SUCCESS Operation completed successfully.
396 @retval EFI_DEVICE_ERROR Unexpected device behavior.
400 Tpm2HierarchyChangeAuth (
401 IN TPMI_RH_HIERARCHY_AUTH AuthHandle
,
402 IN TPMS_AUTH_COMMAND
*AuthSession
,
403 IN TPM2B_AUTH
*NewAuth
407 TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd
;
408 TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res
;
412 UINT32 SessionInfoSize
;
414 UINT32 ResultBufSize
;
419 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
420 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
421 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_HierarchyChangeAuth
);
422 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
425 // Add in Auth session
427 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
430 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
431 Buffer
+= SessionInfoSize
;
432 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
434 // New Authorization size
435 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(NewAuth
->size
));
436 Buffer
+= sizeof(UINT16
);
439 CopyMem(Buffer
, NewAuth
->buffer
, NewAuth
->size
);
440 Buffer
+= NewAuth
->size
;
442 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
443 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
445 ResultBuf
= (UINT8
*) &Res
;
446 ResultBufSize
= sizeof(Res
);
451 Status
= Tpm2SubmitCommand (
457 if (EFI_ERROR(Status
)) {
461 if (ResultBufSize
> sizeof(Res
)) {
462 DEBUG ((EFI_D_ERROR
, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
463 Status
= EFI_BUFFER_TOO_SMALL
;
468 // Validate response headers
470 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
471 if (RespSize
> sizeof(Res
)) {
472 DEBUG ((EFI_D_ERROR
, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize
));
473 Status
= EFI_BUFFER_TOO_SMALL
;
478 // Fail if command failed
480 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
481 DEBUG((EFI_D_ERROR
,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
482 Status
= EFI_DEVICE_ERROR
;
488 // Clear AuthSession Content
490 ZeroMem (&Cmd
, sizeof(Cmd
));
491 ZeroMem (&Res
, sizeof(Res
));
496 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
497 their default initialization values.
499 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
500 @param[in] AuthSession Auth Session context
502 @retval EFI_SUCCESS Operation completed successfully.
503 @retval EFI_DEVICE_ERROR Unexpected device behavior.
508 IN TPMI_RH_PLATFORM AuthHandle
,
509 IN TPMS_AUTH_COMMAND
*AuthSession
513 TPM2_CHANGE_EPS_COMMAND Cmd
;
514 TPM2_CHANGE_EPS_RESPONSE Res
;
518 UINT32 SessionInfoSize
;
520 UINT32 ResultBufSize
;
525 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
526 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
527 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ChangeEPS
);
528 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
531 // Add in Auth session
533 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
536 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
537 Buffer
+= SessionInfoSize
;
538 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
540 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
541 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
543 ResultBuf
= (UINT8
*) &Res
;
544 ResultBufSize
= sizeof(Res
);
549 Status
= Tpm2SubmitCommand (
555 if (EFI_ERROR(Status
)) {
559 if (ResultBufSize
> sizeof(Res
)) {
560 DEBUG ((EFI_D_ERROR
, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
561 Status
= EFI_BUFFER_TOO_SMALL
;
566 // Validate response headers
568 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
569 if (RespSize
> sizeof(Res
)) {
570 DEBUG ((EFI_D_ERROR
, "ChangeEPS: Response size too large! %d\r\n", RespSize
));
571 Status
= EFI_BUFFER_TOO_SMALL
;
576 // Fail if command failed
578 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
579 DEBUG((EFI_D_ERROR
,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
580 Status
= EFI_DEVICE_ERROR
;
586 // Clear AuthSession Content
588 ZeroMem (&Cmd
, sizeof(Cmd
));
589 ZeroMem (&Res
, sizeof(Res
));
594 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
595 initialization value (the Empty Buffer).
597 @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
598 @param[in] AuthSession Auth Session context
600 @retval EFI_SUCCESS Operation completed successfully.
601 @retval EFI_DEVICE_ERROR Unexpected device behavior.
606 IN TPMI_RH_PLATFORM AuthHandle
,
607 IN TPMS_AUTH_COMMAND
*AuthSession
611 TPM2_CHANGE_PPS_COMMAND Cmd
;
612 TPM2_CHANGE_PPS_RESPONSE Res
;
616 UINT32 SessionInfoSize
;
618 UINT32 ResultBufSize
;
623 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
624 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
625 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_ChangePPS
);
626 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
629 // Add in Auth session
631 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
634 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
635 Buffer
+= SessionInfoSize
;
636 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
638 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
639 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
641 ResultBuf
= (UINT8
*) &Res
;
642 ResultBufSize
= sizeof(Res
);
647 Status
= Tpm2SubmitCommand (
653 if (EFI_ERROR(Status
)) {
657 if (ResultBufSize
> sizeof(Res
)) {
658 DEBUG ((EFI_D_ERROR
, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
659 Status
= EFI_BUFFER_TOO_SMALL
;
664 // Validate response headers
666 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
667 if (RespSize
> sizeof(Res
)) {
668 DEBUG ((EFI_D_ERROR
, "ChangePPS: Response size too large! %d\r\n", RespSize
));
669 Status
= EFI_BUFFER_TOO_SMALL
;
674 // Fail if command failed
676 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
677 DEBUG((EFI_D_ERROR
,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
678 Status
= EFI_DEVICE_ERROR
;
684 // Clear AuthSession Content
686 ZeroMem (&Cmd
, sizeof(Cmd
));
687 ZeroMem (&Res
, sizeof(Res
));
692 This command enables and disables use of a hierarchy.
694 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
695 @param[in] AuthSession Auth Session context
696 @param[in] Hierarchy Hierarchy of the enable being modified
697 @param[in] State YES if the enable should be SET,
698 NO if the enable should be CLEAR
700 @retval EFI_SUCCESS Operation completed successfully.
701 @retval EFI_DEVICE_ERROR Unexpected device behavior.
705 Tpm2HierarchyControl (
706 IN TPMI_RH_HIERARCHY AuthHandle
,
707 IN TPMS_AUTH_COMMAND
*AuthSession
,
708 IN TPMI_RH_HIERARCHY Hierarchy
,
713 TPM2_HIERARCHY_CONTROL_COMMAND Cmd
;
714 TPM2_HIERARCHY_CONTROL_RESPONSE Res
;
718 UINT32 SessionInfoSize
;
720 UINT32 ResultBufSize
;
725 Cmd
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
726 Cmd
.Header
.paramSize
= SwapBytes32(sizeof(Cmd
));
727 Cmd
.Header
.commandCode
= SwapBytes32(TPM_CC_HierarchyControl
);
728 Cmd
.AuthHandle
= SwapBytes32(AuthHandle
);
731 // Add in Auth session
733 Buffer
= (UINT8
*)&Cmd
.AuthSession
;
736 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
737 Buffer
+= SessionInfoSize
;
738 Cmd
.AuthorizationSize
= SwapBytes32(SessionInfoSize
);
740 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(Hierarchy
));
741 Buffer
+= sizeof(UINT32
);
743 *(UINT8
*)Buffer
= State
;
746 CmdSize
= (UINT32
)(Buffer
- (UINT8
*)&Cmd
);
747 Cmd
.Header
.paramSize
= SwapBytes32(CmdSize
);
749 ResultBuf
= (UINT8
*) &Res
;
750 ResultBufSize
= sizeof(Res
);
755 Status
= Tpm2SubmitCommand (
761 if (EFI_ERROR(Status
)) {
765 if (ResultBufSize
> sizeof(Res
)) {
766 DEBUG ((EFI_D_ERROR
, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
767 Status
= EFI_BUFFER_TOO_SMALL
;
772 // Validate response headers
774 RespSize
= SwapBytes32(Res
.Header
.paramSize
);
775 if (RespSize
> sizeof(Res
)) {
776 DEBUG ((EFI_D_ERROR
, "HierarchyControl: Response size too large! %d\r\n", RespSize
));
777 Status
= EFI_BUFFER_TOO_SMALL
;
782 // Fail if command failed
784 if (SwapBytes32(Res
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
785 DEBUG((EFI_D_ERROR
,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res
.Header
.responseCode
)));
786 Status
= EFI_DEVICE_ERROR
;
792 // Clear AuthSession Content
794 ZeroMem (&Cmd
, sizeof(Cmd
));
795 ZeroMem (&Res
, sizeof(Res
));