2 Implement TPM2 NVStorage related command.
4 Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
24 #define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1)
26 #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
27 #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1)
28 #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2)
30 #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
31 #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)
33 #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)
34 #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)
35 #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)
36 #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2)
38 #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1)
39 #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2)
40 #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1)
41 #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2)
44 TPM2_COMMAND_HEADER Header
;
45 TPMI_RH_NV_INDEX NvIndex
;
46 } TPM2_NV_READPUBLIC_COMMAND
;
49 TPM2_RESPONSE_HEADER Header
;
50 TPM2B_NV_PUBLIC NvPublic
;
52 } TPM2_NV_READPUBLIC_RESPONSE
;
55 TPM2_COMMAND_HEADER Header
;
56 TPMI_RH_PROVISION AuthHandle
;
57 UINT32 AuthSessionSize
;
58 TPMS_AUTH_COMMAND AuthSession
;
60 TPM2B_NV_PUBLIC NvPublic
;
61 } TPM2_NV_DEFINESPACE_COMMAND
;
64 TPM2_RESPONSE_HEADER Header
;
65 UINT32 AuthSessionSize
;
66 TPMS_AUTH_RESPONSE AuthSession
;
67 } TPM2_NV_DEFINESPACE_RESPONSE
;
70 TPM2_COMMAND_HEADER Header
;
71 TPMI_RH_PROVISION AuthHandle
;
72 TPMI_RH_NV_INDEX NvIndex
;
73 UINT32 AuthSessionSize
;
74 TPMS_AUTH_COMMAND AuthSession
;
75 } TPM2_NV_UNDEFINESPACE_COMMAND
;
78 TPM2_RESPONSE_HEADER Header
;
79 UINT32 AuthSessionSize
;
80 TPMS_AUTH_RESPONSE AuthSession
;
81 } TPM2_NV_UNDEFINESPACE_RESPONSE
;
84 TPM2_COMMAND_HEADER Header
;
85 TPMI_RH_NV_AUTH AuthHandle
;
86 TPMI_RH_NV_INDEX NvIndex
;
87 UINT32 AuthSessionSize
;
88 TPMS_AUTH_COMMAND AuthSession
;
91 } TPM2_NV_READ_COMMAND
;
94 TPM2_RESPONSE_HEADER Header
;
95 UINT32 AuthSessionSize
;
96 TPM2B_MAX_BUFFER Data
;
97 TPMS_AUTH_RESPONSE AuthSession
;
98 } TPM2_NV_READ_RESPONSE
;
101 TPM2_COMMAND_HEADER Header
;
102 TPMI_RH_NV_AUTH AuthHandle
;
103 TPMI_RH_NV_INDEX NvIndex
;
104 UINT32 AuthSessionSize
;
105 TPMS_AUTH_COMMAND AuthSession
;
106 TPM2B_MAX_BUFFER Data
;
108 } TPM2_NV_WRITE_COMMAND
;
111 TPM2_RESPONSE_HEADER Header
;
112 UINT32 AuthSessionSize
;
113 TPMS_AUTH_RESPONSE AuthSession
;
114 } TPM2_NV_WRITE_RESPONSE
;
117 TPM2_COMMAND_HEADER Header
;
118 TPMI_RH_NV_AUTH AuthHandle
;
119 TPMI_RH_NV_INDEX NvIndex
;
120 UINT32 AuthSessionSize
;
121 TPMS_AUTH_COMMAND AuthSession
;
122 } TPM2_NV_READLOCK_COMMAND
;
125 TPM2_RESPONSE_HEADER Header
;
126 UINT32 AuthSessionSize
;
127 TPMS_AUTH_RESPONSE AuthSession
;
128 } TPM2_NV_READLOCK_RESPONSE
;
131 TPM2_COMMAND_HEADER Header
;
132 TPMI_RH_NV_AUTH AuthHandle
;
133 TPMI_RH_NV_INDEX NvIndex
;
134 UINT32 AuthSessionSize
;
135 TPMS_AUTH_COMMAND AuthSession
;
136 } TPM2_NV_WRITELOCK_COMMAND
;
139 TPM2_RESPONSE_HEADER Header
;
140 UINT32 AuthSessionSize
;
141 TPMS_AUTH_RESPONSE AuthSession
;
142 } TPM2_NV_WRITELOCK_RESPONSE
;
145 TPM2_COMMAND_HEADER Header
;
146 TPMI_RH_PROVISION AuthHandle
;
147 UINT32 AuthSessionSize
;
148 TPMS_AUTH_COMMAND AuthSession
;
149 } TPM2_NV_GLOBALWRITELOCK_COMMAND
;
152 TPM2_RESPONSE_HEADER Header
;
153 UINT32 AuthSessionSize
;
154 TPMS_AUTH_RESPONSE AuthSession
;
155 } TPM2_NV_GLOBALWRITELOCK_RESPONSE
;
160 This command is used to read the public area and Name of an NV Index.
162 @param[in] NvIndex The NV Index.
163 @param[out] NvPublic The public area of the index.
164 @param[out] NvName The Name of the nvIndex.
166 @retval EFI_SUCCESS Operation completed successfully.
167 @retval EFI_DEVICE_ERROR The command was unsuccessful.
168 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
173 IN TPMI_RH_NV_INDEX NvIndex
,
174 OUT TPM2B_NV_PUBLIC
*NvPublic
,
175 OUT TPM2B_NAME
*NvName
179 TPM2_NV_READPUBLIC_COMMAND SendBuffer
;
180 TPM2_NV_READPUBLIC_RESPONSE RecvBuffer
;
181 UINT32 SendBufferSize
;
182 UINT32 RecvBufferSize
;
191 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_NO_SESSIONS
);
192 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_ReadPublic
);
194 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
196 SendBufferSize
= (UINT32
) sizeof (SendBuffer
);
197 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
202 RecvBufferSize
= sizeof (RecvBuffer
);
203 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
204 if (EFI_ERROR (Status
)) {
208 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
209 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize
));
210 return EFI_DEVICE_ERROR
;
212 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
213 if (ResponseCode
!= TPM_RC_SUCCESS
) {
214 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
216 switch (ResponseCode
) {
220 case TPM_RC_HANDLE
+ RC_NV_ReadPublic_nvIndex
: // TPM_RC_NV_DEFINED:
221 return EFI_NOT_FOUND
;
222 case TPM_RC_VALUE
+ RC_NV_ReadPublic_nvIndex
:
223 return EFI_INVALID_PARAMETER
;
225 return EFI_DEVICE_ERROR
;
228 if (RecvBufferSize
<= sizeof (TPM2_RESPONSE_HEADER
) + sizeof (UINT16
) + sizeof(UINT16
)) {
229 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize
));
230 return EFI_NOT_FOUND
;
236 NvPublicSize
= SwapBytes16 (RecvBuffer
.NvPublic
.size
);
237 NvNameSize
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)((UINT8
*)&RecvBuffer
+ sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
)));
239 if (RecvBufferSize
!= sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
+ sizeof(UINT16
) + NvNameSize
) {
240 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x, NvNameSize %x\n", RecvBufferSize
, NvNameSize
));
241 return EFI_NOT_FOUND
;
245 // Return the response
247 CopyMem (NvPublic
, &RecvBuffer
.NvPublic
, sizeof(UINT16
) + NvPublicSize
);
248 NvPublic
->size
= NvPublicSize
;
249 NvPublic
->nvPublic
.nvIndex
= SwapBytes32 (NvPublic
->nvPublic
.nvIndex
);
250 NvPublic
->nvPublic
.nameAlg
= SwapBytes16 (NvPublic
->nvPublic
.nameAlg
);
251 WriteUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
, SwapBytes32 (ReadUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
)));
252 NvPublic
->nvPublic
.authPolicy
.size
= SwapBytes16 (NvPublic
->nvPublic
.authPolicy
.size
);
253 Buffer
= (UINT8
*)&NvPublic
->nvPublic
.authPolicy
;
254 Buffer
+= sizeof(UINT16
) + NvPublic
->nvPublic
.authPolicy
.size
;
255 NvPublic
->nvPublic
.dataSize
= SwapBytes16 (ReadUnaligned16 ((UINT16
*)Buffer
));
257 CopyMem (NvName
, (UINT8
*)&RecvBuffer
+ sizeof(TPM2_RESPONSE_HEADER
) + sizeof(UINT16
) + NvPublicSize
, NvNameSize
);
258 NvName
->size
= NvNameSize
;
264 This command defines the attributes of an NV Index and causes the TPM to
265 reserve space to hold the data associated with the index.
266 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.
268 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
269 @param[in] AuthSession Auth Session context
270 @param[in] Auth The authorization data.
271 @param[in] NvPublic The public area of the index.
273 @retval EFI_SUCCESS Operation completed successfully.
274 @retval EFI_DEVICE_ERROR The command was unsuccessful.
275 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
280 IN TPMI_RH_PROVISION AuthHandle
,
281 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
283 IN TPM2B_NV_PUBLIC
*NvPublic
287 TPM2_NV_DEFINESPACE_COMMAND SendBuffer
;
288 TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer
;
289 UINT32 SendBufferSize
;
290 UINT32 RecvBufferSize
;
293 UINT32 SessionInfoSize
;
299 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
300 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_DefineSpace
);
301 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
304 // Add in Auth session
306 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
309 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
310 Buffer
+= SessionInfoSize
;
311 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
316 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16(Auth
->size
));
317 Buffer
+= sizeof(UINT16
);
318 CopyMem(Buffer
, Auth
->buffer
, Auth
->size
);
319 Buffer
+= Auth
->size
;
324 NvPublicSize
= NvPublic
->size
;
326 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublicSize
));
327 Buffer
+= sizeof(UINT16
);
328 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (NvPublic
->nvPublic
.nvIndex
));
329 Buffer
+= sizeof(UINT32
);
330 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.nameAlg
));
331 Buffer
+= sizeof(UINT16
);
332 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32 (ReadUnaligned32 ((UINT32
*)&NvPublic
->nvPublic
.attributes
)));
333 Buffer
+= sizeof(UINT32
);
334 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.authPolicy
.size
));
335 Buffer
+= sizeof(UINT16
);
336 CopyMem (Buffer
, NvPublic
->nvPublic
.authPolicy
.buffer
, NvPublic
->nvPublic
.authPolicy
.size
);
337 Buffer
+= NvPublic
->nvPublic
.authPolicy
.size
;
338 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (NvPublic
->nvPublic
.dataSize
));
339 Buffer
+= sizeof(UINT16
);
341 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
342 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
347 RecvBufferSize
= sizeof (RecvBuffer
);
348 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
349 if (EFI_ERROR (Status
)) {
353 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
354 DEBUG ((EFI_D_ERROR
, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize
));
355 Status
= EFI_DEVICE_ERROR
;
359 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
360 if (ResponseCode
!= TPM_RC_SUCCESS
) {
361 DEBUG ((EFI_D_ERROR
, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
363 switch (ResponseCode
) {
367 case TPM_RC_SIZE
+ RC_NV_DefineSpace_publicInfo
:
368 case TPM_RC_SIZE
+ RC_NV_DefineSpace_auth
:
369 Status
= EFI_BAD_BUFFER_SIZE
;
371 case TPM_RC_ATTRIBUTES
:
372 case TPM_RC_ATTRIBUTES
+ RC_NV_DefineSpace_publicInfo
:
373 Status
= EFI_UNSUPPORTED
;
375 case TPM_RC_ATTRIBUTES
+ RC_NV_DefineSpace_authHandle
:
376 Status
= EFI_INVALID_PARAMETER
;
378 case TPM_RC_NV_DEFINED
:
379 Status
= EFI_ALREADY_STARTED
;
381 case TPM_RC_VALUE
+ RC_NV_DefineSpace_publicInfo
:
382 case TPM_RC_VALUE
+ RC_NV_DefineSpace_authHandle
:
383 Status
= EFI_INVALID_PARAMETER
;
385 case TPM_RC_NV_SPACE
:
386 Status
= EFI_OUT_OF_RESOURCES
;
389 Status
= EFI_DEVICE_ERROR
;
395 // Clear AuthSession Content
397 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
398 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
403 This command removes an index from the TPM.
405 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
406 @param[in] NvIndex The NV Index.
407 @param[in] AuthSession Auth Session context
409 @retval EFI_SUCCESS Operation completed successfully.
410 @retval EFI_DEVICE_ERROR The command was unsuccessful.
411 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
415 Tpm2NvUndefineSpace (
416 IN TPMI_RH_PROVISION AuthHandle
,
417 IN TPMI_RH_NV_INDEX NvIndex
,
418 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
422 TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer
;
423 TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer
;
424 UINT32 SendBufferSize
;
425 UINT32 RecvBufferSize
;
427 UINT32 SessionInfoSize
;
433 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
434 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_UndefineSpace
);
436 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
437 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
440 // Add in Auth session
442 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
445 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
446 Buffer
+= SessionInfoSize
;
447 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
449 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
450 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
455 RecvBufferSize
= sizeof (RecvBuffer
);
456 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
457 if (EFI_ERROR (Status
)) {
461 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
462 DEBUG ((EFI_D_ERROR
, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize
));
463 Status
= EFI_DEVICE_ERROR
;
467 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
468 if (ResponseCode
!= TPM_RC_SUCCESS
) {
469 DEBUG ((EFI_D_ERROR
, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
471 switch (ResponseCode
) {
475 case TPM_RC_ATTRIBUTES
:
476 case TPM_RC_ATTRIBUTES
+ RC_NV_UndefineSpace_nvIndex
:
477 Status
= EFI_UNSUPPORTED
;
479 case TPM_RC_NV_AUTHORIZATION
:
480 Status
= EFI_SECURITY_VIOLATION
;
482 case TPM_RC_HANDLE
+ RC_NV_UndefineSpace_nvIndex
: // TPM_RC_NV_DEFINED:
483 Status
= EFI_NOT_FOUND
;
485 case TPM_RC_HANDLE
+ RC_NV_UndefineSpace_authHandle
: // TPM_RC_NV_DEFINED:
486 Status
= EFI_INVALID_PARAMETER
;
488 case TPM_RC_VALUE
+ RC_NV_UndefineSpace_authHandle
:
489 case TPM_RC_VALUE
+ RC_NV_UndefineSpace_nvIndex
:
490 Status
= EFI_INVALID_PARAMETER
;
493 Status
= EFI_DEVICE_ERROR
;
499 // Clear AuthSession Content
501 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
502 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
507 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
509 @param[in] AuthHandle the handle indicating the source of the authorization value.
510 @param[in] NvIndex The index to be read.
511 @param[in] AuthSession Auth Session context
512 @param[in] Size Number of bytes to read.
513 @param[in] Offset Byte offset into the area.
514 @param[in,out] OutData The data read.
516 @retval EFI_SUCCESS Operation completed successfully.
517 @retval EFI_DEVICE_ERROR The command was unsuccessful.
518 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
523 IN TPMI_RH_NV_AUTH AuthHandle
,
524 IN TPMI_RH_NV_INDEX NvIndex
,
525 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
528 IN OUT TPM2B_MAX_BUFFER
*OutData
532 TPM2_NV_READ_COMMAND SendBuffer
;
533 TPM2_NV_READ_RESPONSE RecvBuffer
;
534 UINT32 SendBufferSize
;
535 UINT32 RecvBufferSize
;
537 UINT32 SessionInfoSize
;
543 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
544 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_Read
);
546 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
547 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
550 // Add in Auth session
552 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
555 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
556 Buffer
+= SessionInfoSize
;
557 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
559 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Size
));
560 Buffer
+= sizeof(UINT16
);
561 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Offset
));
562 Buffer
+= sizeof(UINT16
);
564 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
565 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
570 RecvBufferSize
= sizeof (RecvBuffer
);
571 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
572 if (EFI_ERROR (Status
)) {
576 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
577 DEBUG ((EFI_D_ERROR
, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize
));
578 Status
= EFI_DEVICE_ERROR
;
581 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
582 if (ResponseCode
!= TPM_RC_SUCCESS
) {
583 DEBUG ((EFI_D_ERROR
, "Tpm2NvRead - responseCode - %x\n", ResponseCode
));
585 switch (ResponseCode
) {
589 case TPM_RC_NV_AUTHORIZATION
:
590 Status
= EFI_SECURITY_VIOLATION
;
592 case TPM_RC_NV_LOCKED
:
593 Status
= EFI_ACCESS_DENIED
;
595 case TPM_RC_NV_RANGE
:
596 Status
= EFI_BAD_BUFFER_SIZE
;
598 case TPM_RC_NV_UNINITIALIZED
:
599 Status
= EFI_NOT_READY
;
601 case TPM_RC_HANDLE
+ RC_NV_Read_nvIndex
: // TPM_RC_NV_DEFINED:
602 Status
= EFI_NOT_FOUND
;
604 case TPM_RC_HANDLE
+ RC_NV_Read_authHandle
: // TPM_RC_NV_DEFINED:
605 Status
= EFI_INVALID_PARAMETER
;
607 case TPM_RC_VALUE
+ RC_NV_Read_nvIndex
:
608 case TPM_RC_VALUE
+ RC_NV_Read_authHandle
:
609 Status
= EFI_INVALID_PARAMETER
;
611 case TPM_RC_BAD_AUTH
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
612 Status
= EFI_INVALID_PARAMETER
;
614 case TPM_RC_AUTH_UNAVAILABLE
:
615 Status
= EFI_INVALID_PARAMETER
;
617 case TPM_RC_AUTH_FAIL
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
618 Status
= EFI_INVALID_PARAMETER
;
620 case TPM_RC_ATTRIBUTES
+ RC_NV_Read_authHandle
+ TPM_RC_S
:
621 Status
= EFI_UNSUPPORTED
;
624 Status
= EFI_DEVICE_ERROR
;
627 if (Status
!= EFI_SUCCESS
) {
632 // Return the response
634 OutData
->size
= SwapBytes16 (RecvBuffer
.Data
.size
);
635 CopyMem (OutData
->buffer
, &RecvBuffer
.Data
.buffer
, OutData
->size
);
639 // Clear AuthSession Content
641 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
642 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
647 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
649 @param[in] AuthHandle the handle indicating the source of the authorization value.
650 @param[in] NvIndex The NV Index of the area to write.
651 @param[in] AuthSession Auth Session context
652 @param[in] InData The data to write.
653 @param[in] Offset The offset into the NV Area.
655 @retval EFI_SUCCESS Operation completed successfully.
656 @retval EFI_DEVICE_ERROR The command was unsuccessful.
657 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
662 IN TPMI_RH_NV_AUTH AuthHandle
,
663 IN TPMI_RH_NV_INDEX NvIndex
,
664 IN TPMS_AUTH_COMMAND
*AuthSession
, OPTIONAL
665 IN TPM2B_MAX_BUFFER
*InData
,
670 TPM2_NV_WRITE_COMMAND SendBuffer
;
671 TPM2_NV_WRITE_RESPONSE RecvBuffer
;
672 UINT32 SendBufferSize
;
673 UINT32 RecvBufferSize
;
675 UINT32 SessionInfoSize
;
681 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
682 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_Write
);
684 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
685 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
688 // Add in Auth session
690 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
693 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
694 Buffer
+= SessionInfoSize
;
695 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
697 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (InData
->size
));
698 Buffer
+= sizeof(UINT16
);
699 CopyMem (Buffer
, InData
->buffer
, InData
->size
);
700 Buffer
+= InData
->size
;
701 WriteUnaligned16 ((UINT16
*)Buffer
, SwapBytes16 (Offset
));
702 Buffer
+= sizeof(UINT16
);
704 SendBufferSize
= (UINT32
) (Buffer
- (UINT8
*)&SendBuffer
);
705 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
710 RecvBufferSize
= sizeof (RecvBuffer
);
711 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
712 if (EFI_ERROR (Status
)) {
716 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
717 DEBUG ((EFI_D_ERROR
, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize
));
718 Status
= EFI_DEVICE_ERROR
;
721 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
722 if (ResponseCode
!= TPM_RC_SUCCESS
) {
723 DEBUG ((EFI_D_ERROR
, "Tpm2NvWrite - responseCode - %x\n", ResponseCode
));
725 switch (ResponseCode
) {
729 case TPM_RC_ATTRIBUTES
:
730 Status
= EFI_UNSUPPORTED
;
732 case TPM_RC_NV_AUTHORIZATION
:
733 Status
= EFI_SECURITY_VIOLATION
;
735 case TPM_RC_NV_LOCKED
:
736 Status
= EFI_ACCESS_DENIED
;
738 case TPM_RC_NV_RANGE
:
739 Status
= EFI_BAD_BUFFER_SIZE
;
741 case TPM_RC_HANDLE
+ RC_NV_Write_nvIndex
: // TPM_RC_NV_DEFINED:
742 Status
= EFI_NOT_FOUND
;
744 case TPM_RC_HANDLE
+ RC_NV_Write_authHandle
: // TPM_RC_NV_DEFINED:
745 Status
= EFI_INVALID_PARAMETER
;
747 case TPM_RC_VALUE
+ RC_NV_Write_nvIndex
:
748 case TPM_RC_VALUE
+ RC_NV_Write_authHandle
:
749 Status
= EFI_INVALID_PARAMETER
;
751 case TPM_RC_BAD_AUTH
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
752 Status
= EFI_INVALID_PARAMETER
;
754 case TPM_RC_AUTH_UNAVAILABLE
:
755 Status
= EFI_INVALID_PARAMETER
;
757 case TPM_RC_AUTH_FAIL
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
758 Status
= EFI_INVALID_PARAMETER
;
760 case TPM_RC_ATTRIBUTES
+ RC_NV_Write_authHandle
+ TPM_RC_S
:
761 Status
= EFI_UNSUPPORTED
;
764 Status
= EFI_DEVICE_ERROR
;
770 // Clear AuthSession Content
772 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
773 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
778 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).
780 @param[in] AuthHandle the handle indicating the source of the authorization value.
781 @param[in] NvIndex The NV Index of the area to lock.
782 @param[in] AuthSession Auth Session context
784 @retval EFI_SUCCESS Operation completed successfully.
785 @retval EFI_DEVICE_ERROR The command was unsuccessful.
786 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
791 IN TPMI_RH_NV_AUTH AuthHandle
,
792 IN TPMI_RH_NV_INDEX NvIndex
,
793 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
797 TPM2_NV_READLOCK_COMMAND SendBuffer
;
798 TPM2_NV_READLOCK_RESPONSE RecvBuffer
;
799 UINT32 SendBufferSize
;
800 UINT32 RecvBufferSize
;
802 UINT32 SessionInfoSize
;
808 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
809 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_ReadLock
);
811 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
812 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
815 // Add in Auth session
817 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
820 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
821 Buffer
+= SessionInfoSize
;
822 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
824 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
825 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
830 RecvBufferSize
= sizeof (RecvBuffer
);
831 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
832 if (EFI_ERROR (Status
)) {
836 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
837 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
838 Status
= EFI_DEVICE_ERROR
;
842 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
843 if (ResponseCode
!= TPM_RC_SUCCESS
) {
844 DEBUG ((EFI_D_ERROR
, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
846 switch (ResponseCode
) {
851 Status
= EFI_DEVICE_ERROR
;
857 // Clear AuthSession Content
859 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
860 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
865 This command may be used to inhibit further writes of the Index.
867 @param[in] AuthHandle the handle indicating the source of the authorization value.
868 @param[in] NvIndex The NV Index of the area to lock.
869 @param[in] AuthSession Auth Session context
871 @retval EFI_SUCCESS Operation completed successfully.
872 @retval EFI_DEVICE_ERROR The command was unsuccessful.
873 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
878 IN TPMI_RH_NV_AUTH AuthHandle
,
879 IN TPMI_RH_NV_INDEX NvIndex
,
880 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
884 TPM2_NV_WRITELOCK_COMMAND SendBuffer
;
885 TPM2_NV_WRITELOCK_RESPONSE RecvBuffer
;
886 UINT32 SendBufferSize
;
887 UINT32 RecvBufferSize
;
889 UINT32 SessionInfoSize
;
895 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
896 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_WriteLock
);
898 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
899 SendBuffer
.NvIndex
= SwapBytes32 (NvIndex
);
902 // Add in Auth session
904 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
907 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
908 Buffer
+= SessionInfoSize
;
909 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
911 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
912 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
917 RecvBufferSize
= sizeof (RecvBuffer
);
918 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
919 if (EFI_ERROR (Status
)) {
923 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
924 DEBUG ((EFI_D_ERROR
, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
925 Status
= EFI_DEVICE_ERROR
;
929 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
930 if (ResponseCode
!= TPM_RC_SUCCESS
) {
931 DEBUG ((EFI_D_ERROR
, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
933 switch (ResponseCode
) {
938 Status
= EFI_DEVICE_ERROR
;
944 // Clear AuthSession Content
946 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
947 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
952 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
954 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
955 @param[in] AuthSession Auth Session context
957 @retval EFI_SUCCESS Operation completed successfully.
958 @retval EFI_DEVICE_ERROR The command was unsuccessful.
959 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
963 Tpm2NvGlobalWriteLock (
964 IN TPMI_RH_PROVISION AuthHandle
,
965 IN TPMS_AUTH_COMMAND
*AuthSession OPTIONAL
969 TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer
;
970 TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer
;
971 UINT32 SendBufferSize
;
972 UINT32 RecvBufferSize
;
974 UINT32 SessionInfoSize
;
980 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
981 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_NV_GlobalWriteLock
);
983 SendBuffer
.AuthHandle
= SwapBytes32 (AuthHandle
);
986 // Add in Auth session
988 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
991 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
992 Buffer
+= SessionInfoSize
;
993 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
995 SendBufferSize
= (UINT32
)(Buffer
- (UINT8
*)&SendBuffer
);
996 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
1001 RecvBufferSize
= sizeof (RecvBuffer
);
1002 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
1003 if (EFI_ERROR (Status
)) {
1007 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
1008 DEBUG ((EFI_D_ERROR
, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize
));
1009 Status
= EFI_DEVICE_ERROR
;
1013 ResponseCode
= SwapBytes32(RecvBuffer
.Header
.responseCode
);
1014 if (ResponseCode
!= TPM_RC_SUCCESS
) {
1015 DEBUG ((EFI_D_ERROR
, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
1017 switch (ResponseCode
) {
1018 case TPM_RC_SUCCESS
:
1022 Status
= EFI_DEVICE_ERROR
;
1028 // Clear AuthSession Content
1030 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
1031 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));