\r
Abstract:\r
\r
- TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 94)\r
+ TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 103)\r
\r
See http://trustedcomputinggroup.org for latest specification updates\r
\r
typedef UINT8 TPM_AUTH_DATA_USAGE;\r
typedef UINT8 TPM_PAYLOAD_TYPE;\r
typedef UINT8 TPM_VERSION_BYTE;\r
+typedef UINT8 TPM_DA_STATE;\r
typedef UINT16 TPM_TAG;\r
typedef UINT16 TPM_PROTOCOL_ID;\r
typedef UINT16 TPM_STARTUP_TYPE;\r
#define TPM_TAG_CMK_SIGTICKET ((TPM_STRUCTURE_TAG) 0x0034)\r
#define TPM_TAG_CMK_MA_APPROVAL ((TPM_STRUCTURE_TAG) 0x0035)\r
#define TPM_TAG_QUOTE_INFO2 ((TPM_STRUCTURE_TAG) 0x0036)\r
+#define TPM_TAG_DA_INFO ((TPM_STRUCTURE_TAG) 0x0037)\r
+#define TPM_TAG_DA_LIMITED ((TPM_STRUCTURE_TAG) 0x0038)\r
+#define TPM_TAG_DA_ACTION_TYPE ((TPM_STRUCTURE_TAG) 0x0039)\r
\r
//\r
// Part 2, section 4: TPM Types\r
#define TPM_ET_DEL_KEY_BLOB ((UINT16) 0x0009) // The entity is a delegate key blob\r
#define TPM_ET_COUNTER ((UINT16) 0x000A) // The entity is a counter\r
#define TPM_ET_NV ((UINT16) 0x000B) // The entity is a NV index\r
+#define TPM_ET_OPERATOR ((UINT16) 0x000C) // The entity is the operator\r
#define TPM_ET_RESERVED_HANDLE ((UINT16) 0x0040) // Reserved. This value avoids collisions with the handle MSB setting.\r
//\r
// TPM_ENTITY_TYPE MSB Values: The MSB is used to indicate the ADIP encryption sheme when applicable\r
typedef TPM_DIGEST TPM_HMAC;\r
typedef TPM_DIGEST TPM_PCRVALUE; // The value inside of the PCR\r
typedef TPM_DIGEST TPM_AUDITDIGEST; // This SHALL be the value of the current internal audit state\r
-typedef TPM_DIGEST TPM_DAA_TPM_SEED; // This SHALL be a random value generated by a TPM immediately after the EK is installed in that TPM, whenever an EK is installed in that TPM\r
-typedef TPM_DIGEST TPM_DAA_CONTEXT_SEED; // This SHALL be a random value\r
\r
//\r
// Part 2, section 5.5: TPM_NONCE\r
UINT8 nonce[20];\r
} TPM_NONCE;\r
\r
+typedef TPM_NONCE TPM_DAA_TPM_SEED; // This SHALL be a random value generated by a TPM immediately after the EK is installed in that TPM, whenever an EK is installed in that TPM\r
+typedef TPM_NONCE TPM_DAA_CONTEXT_SEED; // This SHALL be a random value\r
+\r
//\r
// Part 2, section 5.6: TPM_AUTHDATA\r
//\r
#define TPM_ES_NONE ((TPM_ENC_SCHEME) 0x0001)\r
#define TPM_ES_RSAESPKCSv15 ((TPM_ENC_SCHEME) 0x0002)\r
#define TPM_ES_RSAESOAEP_SHA1_MGF1 ((TPM_ENC_SCHEME) 0x0003)\r
-#define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004)\r
+#define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004) // rev94 defined\r
+#define TPM_ES_SYM_CTR ((TPM_ENC_SCHEME) 0x0004)\r
#define TPM_ES_SYM_OFB ((TPM_ENC_SCHEME) 0x0005)\r
\r
#define TPM_SS_NONE ((TPM_SIG_SCHEME) 0x0001)\r
BOOLEAN readSRKPub;\r
BOOLEAN tpmEstablished;\r
BOOLEAN maintenanceDone;\r
+ BOOLEAN disableFullDALogicInfo;\r
} TPM_PERMANENT_FLAGS;\r
\r
//\r
#define TPM_PF_READSRKPUB ((TPM_CAPABILITY_AREA) 17)\r
#define TPM_PF_TPMESTABLISHED ((TPM_CAPABILITY_AREA) 18)\r
#define TPM_PF_MAINTENANCEDONE ((TPM_CAPABILITY_AREA) 19)\r
+#define TPM_PF_DISABLEFULLDALOGICINFO ((TPM_CAPABILITY_AREA) 20)\r
\r
//\r
// Part 2, section 7.2: TPM_STCLEAR_FLAGS\r
//\r
// Part 2, section 7.4: TPM_PERMANENT_DATA\r
//\r
-//#define TPM_MIN_COUNTERS 4 // the minimum number of counters is 4\r
-//#define TPM_DELEGATE_KEY TPM_KEY\r
-//#define TPM_NUM_PCR 16\r
-//#define TPM_MAX_NV_WRITE_NOOWNER 64\r
+#define TPM_MIN_COUNTERS 4 // the minimum number of counters is 4\r
+#define TPM_DELEGATE_KEY TPM_KEY\r
+#define TPM_NUM_PCR 16\r
+#define TPM_MAX_NV_WRITE_NOOWNER 64\r
+\r
//typedef struct tdTPM_PERMANENT_DATA\r
//{\r
// TPM_STRUCTURE_TAG tag;\r
// UINT32 noOwnerNVWrite;\r
// TPM_CMK_DELEGATE restrictDelegate;\r
// TPM_DAA_TPM_SEED tpmDAASeed;\r
+// TPM_NONCE daaProff;\r
+// TPM_KEY daaBlobKey;\r
//} TPM_PERMANENT_DATA;\r
\r
+//\r
+// Part 2, section 7.4.1: PERMANENT_DATA Subcap for SetCapability\r
+//\r
+#define TPM_PD_REVMAJOR ((TPM_CAPABILITY_AREA) 1)\r
+#define TPM_PD_REVMINOR ((TPM_CAPABILITY_AREA) 2)\r
+#define TPM_PD_TPMPROOF ((TPM_CAPABILITY_AREA) 3)\r
+#define TPM_PD_OWNERAUTH ((TPM_CAPABILITY_AREA) 4)\r
+#define TPM_PD_OPERATORAUTH ((TPM_CAPABILITY_AREA) 5)\r
+#define TPM_PD_MANUMAINTPUB ((TPM_CAPABILITY_AREA) 6)\r
+#define TPM_PD_ENDORSEMENTKEY ((TPM_CAPABILITY_AREA) 7)\r
+#define TPM_PD_SRK ((TPM_CAPABILITY_AREA) 8)\r
+#define TPM_PD_DELEGATEKEY ((TPM_CAPABILITY_AREA) 9)\r
+#define TPM_PD_CONTEXTKEY ((TPM_CAPABILITY_AREA) 10)\r
+#define TPM_PD_AUDITMONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 11)\r
+#define TPM_PD_MONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 12)\r
+#define TPM_PD_PCRATTRIB ((TPM_CAPABILITY_AREA) 13)\r
+#define TPM_PD_ORDINALAUDITSTATUS ((TPM_CAPABILITY_AREA) 14)\r
+#define TPM_PD_AUTHDIR ((TPM_CAPABILITY_AREA) 15)\r
+#define TPM_PD_RNGSTATE ((TPM_CAPABILITY_AREA) 16)\r
+#define TPM_PD_FAMILYTABLE ((TPM_CAPABILITY_AREA) 17)\r
+#define TPM_DELEGATETABLE ((TPM_CAPABILITY_AREA) 18)\r
+#define TPM_PD_EKRESET ((TPM_CAPABILITY_AREA) 19)\r
+#define TPM_PD_MAXNVBUFSIZE ((TPM_CAPABILITY_AREA) 20)\r
+#define TPM_PD_LASTFAMILYID ((TPM_CAPABILITY_AREA) 21)\r
+#define TPM_PD_NOOWNERNVWRITE ((TPM_CAPABILITY_AREA) 22)\r
+#define TPM_PD_RESTRICTDELEGATE ((TPM_CAPABILITY_AREA) 23)\r
+#define TPM_PD_TPMDAASEED ((TPM_CAPABILITY_AREA) 24)\r
+#define TPM_PD_DAAPROOF ((TPM_CAPABILITY_AREA) 25)\r
+\r
//\r
// Part 2, section 7.5: TPM_STCLEAR_DATA\r
// available inside TPM only\r
//\r
-//typedef struct tdTPM_STCLEAR_DATA\r
-//{\r
-// TPM_STRUCTURE_TAG tag;\r
-// TPM_NONCE contextNonceKey;\r
-// TPM_COUNT_ID countID;\r
-// UINT32 ownerReference;\r
-// BOOLEAN disableResetLock;\r
-//} TPM_STCLEAR_DATA;\r
+ typedef struct tdTPM_STCLEAR_DATA{\r
+ TPM_STRUCTURE_TAG tag;\r
+ TPM_NONCE contextNonceKey;\r
+ TPM_COUNT_ID countID;\r
+ UINT32 ownerReference;\r
+ BOOLEAN disableResetLock;\r
+ TPM_PCRVALUE PCR[TPM_NUM_PCR];\r
+ UINT32 deferredPhysicalPresence;\r
+ }TPM_STCLEAR_DATA;\r
+\r
+//\r
+// Part 2, section 7.5.1: STCLEAR_DATA Subcap for SetCapability\r
+//\r
+#define TPM_SD_CONTEXTNONCEKEY ((TPM_CAPABILITY_AREA)0x00000001)\r
+#define TPM_SD_COUNTID ((TPM_CAPABILITY_AREA)0x00000002)\r
+#define TPM_SD_OWNERREFERENCE ((TPM_CAPABILITY_AREA)0x00000003)\r
+#define TPM_SD_DISABLERESETLOCK ((TPM_CAPABILITY_AREA)0x00000004)\r
+#define TPM_SD_PCR ((TPM_CAPABILITY_AREA)0x00000005)\r
+#define TPM_SD_DEFERREDPHYSICALPRESENCE ((TPM_CAPABILITY_AREA)0x00000006)\r
\r
//\r
// Part 2, section 7.6: TPM_STANY_DATA\r
// TPM_SESSION_DATA sessions[TPM_MIN_SESSIONS];\r
//} TPM_STANY_DATA;\r
\r
+//\r
+// Part 2, section 7.6.1: STANY_DATA Subcap for SetCapability\r
+//\r
+#define TPM_AD_CONTEXTNONCESESSION ((TPM_CAPABILITY_AREA) 1)\r
+#define TPM_AD_AUDITDIGEST ((TPM_CAPABILITY_AREA) 2)\r
+#define TPM_AD_CURRENTTICKS ((TPM_CAPABILITY_AREA) 3)\r
+#define TPM_AD_CONTEXTCOUNT ((TPM_CAPABILITY_AREA) 4)\r
+#define TPM_AD_CONTEXTLIST ((TPM_CAPABILITY_AREA) 5)\r
+#define TPM_AD_SESSIONS ((TPM_CAPABILITY_AREA) 6)\r
+\r
//\r
// Part 2, section 8: PCR Structures\r
// \r
//\r
// Part 2, section 16: Return Codes\r
//\r
-#define TPM_BASE 0\r
+#ifndef TPM_BASE\r
+#error "TPM Error Codes require definition of TPM_BASE"\r
+#endif\r
\r
#define TPM_VENDOR_ERROR TPM_Vendor_Specific32\r
#define TPM_NON_FATAL 0x00000800\r
//\r
\r
//\r
-// Part 2, section 20.3: Owner Permissions Settings for per1 bits\r
+// Part 2, section 20.2.1: Owner Permissions Settings for per1 bits\r
//\r
#define TPM_DELEGATE_SetOrdinalAuditStatus (((UINT32)1)<<30)\r
#define TPM_DELEGATE_DirWriteAuth (((UINT32)1)<<29)\r
#define TPM_DELEGATE_CMK_ApproveMA (((UINT32)1)<<28)\r
+#define TPM_DELEGATE_NV_WriteValue (((UINT32)1)<<27)\r
#define TPM_DELEGATE_CMK_CreateTicket (((UINT32)1)<<26)\r
+#define TPM_DELEGATE_NV_ReadValue (((UINT32)1)<<25)\r
#define TPM_DELEGATE_Delegate_LoadOwnerDelegation (((UINT32)1)<<24)\r
#define TPM_DELEGATE_DAA_Join (((UINT32)1)<<23)\r
#define TPM_DELEGATE_AuthorizeMigrationKey (((UINT32)1)<<22)\r
#define TPM_DELEGATE_ResetLockValue (((UINT32)1)<<17)\r
#define TPM_DELEGATE_OwnerClear (((UINT32)1)<<16)\r
#define TPM_DELEGATE_DisableOwnerClear (((UINT32)1)<<15)\r
+#define TPM_DELEGATE_NV_DefineSpace (((UINT32)1)<<14)\r
#define TPM_DELEGATE_OwnerSetDisable (((UINT32)1)<<13)\r
#define TPM_DELEGATE_SetCapability (((UINT32)1)<<12)\r
#define TPM_DELEGATE_MakeIdentity (((UINT32)1)<<11)\r
#define TPM_DELEGATE_DAA_Sign (((UINT32)1)<<0)\r
\r
//\r
-// Part 2, section 20.3: Key Permissions Settings for per1 bits\r
+// Part 2, section 20.2.3: Key Permissions Settings for per1 bits\r
//\r
#define TPM_KEY_DELEGATE_CMK_ConvertMigration (((UINT32)1)<<28)\r
#define TPM_KEY_DELEGATE_TickStampBlob (((UINT32)1)<<27)\r
#define TPM_CAP_PROP_INPUT_BUFFER ((TPM_CAPABILITY_AREA) 0x00000124)\r
\r
//\r
+// Part 2, section 21.4: TPM_CAPABILITY_AREA for SetCapability\r
+//\r
+#define TPM_SET_PERM_FLAGS ((TPM_CAPABILITY_AREA) 0x00000001)\r
+#define TPM_SET_PERM_DATA ((TPM_CAPABILITY_AREA) 0x00000002)\r
+#define TPM_SET_STCLEAR_FLAGS ((TPM_CAPABILITY_AREA) 0x00000003)\r
+#define TPM_SET_STCLEAR_DATA ((TPM_CAPABILITY_AREA) 0x00000004)\r
+#define TPM_SET_STANY_FLAGS ((TPM_CAPABILITY_AREA) 0x00000005)\r
+#define TPM_SET_STANY_DATA ((TPM_CAPABILITY_AREA) 0x00000006)\r
+\r
// Part 2, section 21.6: TPM_CAP_VERSION_INFO\r
// [size_is(vendorSpecificSize)] BYTE* vendorSpecific;\r
//\r
UINT8 *vendorSpecific;\r
} TPM_CAP_VERSION_INFO;\r
\r
+//\r
+// Part 2, section 21.10: TPM_DA_ACTION_TYPE\r
+//\r
+typedef struct tdTPM_DA_ACTION_TYPE {\r
+ TPM_STRUCTURE_TAG tag;\r
+ UINT32 actions;\r
+} TPM_DA_ACTION_TYPE;\r
+\r
+#define TPM_DA_ACTION_FAILURE_MODE (((UINT32)1)<<3)\r
+#define TPM_DA_ACTION_DEACTIVATE (((UINT32)1)<<2)\r
+#define TPM_DA_ACTION_DISABLE (((UINT32)1)<<1)\r
+#define TPM_DA_ACTION_TIMEOUT (((UINT32)1)<<0)\r
+\r
+//\r
+// Part 2, section 21.7: TPM_DA_INFO\r
+//\r
+typedef struct tdTPM_DA_INFO {\r
+ TPM_STRUCTURE_TAG tag;\r
+ TPM_DA_STATE state;\r
+ UINT16 currentCount;\r
+ UINT16 thresholdCount;\r
+ TPM_DA_ACTION_TYPE actionAtThreshold;\r
+ UINT32 actionDependValue;\r
+ UINT32 vendorDataSize;\r
+ UINT8 *vendorData;\r
+} TPM_DA_INFO;\r
+\r
+//\r
+// Part 2, section 21.8: TPM_DA_INFO_LIMITED\r
+//\r
+typedef struct tdTPM_DA_INFO_LIMITED {\r
+ TPM_STRUCTURE_TAG tag;\r
+ TPM_DA_STATE state;\r
+ TPM_DA_ACTION_TYPE actionAtThreshold;\r
+ UINT32 vendorDataSize;\r
+ UINT8 *vendorData;\r
+} TPM_DA_INFO_LIMITED;\r
+\r
+//\r
+// Part 2, section 21.9: CAP_PROPERTY Subcap values for GetCapability\r
+//\r
+#define TPM_DA_STATE_INACTIVE ((UINT8)0x00)\r
+#define TPM_DA_STATE_ACTIVE ((UINT8)0x01)\r
+\r
//\r
// Part 2, section 22: DAA Structures\r
//\r