/** @file\r
This library is used by other modules to send TPM2 command.\r
\r
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>\r
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
IN TPMI_YES_NO FullTest\r
);\r
\r
+/**\r
+ This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
+ storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
+\r
+ @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
+ @param[in] AuthSession Auth Session context\r
+ @param[in] AuthPolicy An authorization policy hash\r
+ @param[in] HashAlg The hash algorithm to use for the policy\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2SetPrimaryPolicy (\r
+ IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
+ IN TPMS_AUTH_COMMAND *AuthSession,\r
+ IN TPM2B_DIGEST *AuthPolicy,\r
+ IN TPMI_ALG_HASH HashAlg\r
+ );\r
+\r
/**\r
This command removes all TPM context associated with a specific Owner.\r
\r
IN UINT32 AlgorithmSet\r
);\r
\r
+/**\r
+ This command is used to start an authorization session using alternative methods of\r
+ establishing the session key (sessionKey) that is used for authorization and encrypting value.\r
+\r
+ @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.\r
+ @param[in] Bind Entity providing the authValue.\r
+ @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.\r
+ @param[in] Salt Value encrypted according to the type of tpmKey.\r
+ @param[in] SessionType Indicates the type of the session.\r
+ @param[in] Symmetric The algorithm and key size for parameter encryption.\r
+ @param[in] AuthHash Hash algorithm to use for the session.\r
+ @param[out] SessionHandle Handle for the newly created session.\r
+ @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2StartAuthSession (\r
+ IN TPMI_DH_OBJECT TpmKey,\r
+ IN TPMI_DH_ENTITY Bind,\r
+ IN TPM2B_NONCE *NonceCaller,\r
+ IN TPM2B_ENCRYPTED_SECRET *Salt,\r
+ IN TPM_SE SessionType,\r
+ IN TPMT_SYM_DEF *Symmetric,\r
+ IN TPMI_ALG_HASH AuthHash,\r
+ OUT TPMI_SH_AUTH_SESSION *SessionHandle,\r
+ OUT TPM2B_NONCE *NonceTPM\r
+ );\r
+\r
+/**\r
+ This command causes all context associated with a loaded object or session to be removed from TPM memory.\r
+\r
+ @param[in] FlushHandle The handle of the item to flush.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2FlushContext (\r
+ IN TPMI_DH_CONTEXT FlushHandle\r
+ );\r
+\r
+/**\r
+ This command includes a secret-based authorization to a policy.\r
+ The caller proves knowledge of the secret value using an authorization\r
+ session using the authValue associated with authHandle.\r
+ \r
+ @param[in] AuthHandle Handle for an entity providing the authorization\r
+ @param[in] PolicySession Handle for the policy session being extended.\r
+ @param[in] AuthSession Auth Session context\r
+ @param[in] NonceTPM The policy nonce for the session.\r
+ @param[in] CpHashA Digest of the command parameters to which this authorization is limited.\r
+ @param[in] PolicyRef A reference to a policy relating to the authorization.\r
+ @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.\r
+ @param[out] Timeout Time value used to indicate to the TPM when the ticket expires.\r
+ @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2PolicySecret (\r
+ IN TPMI_DH_ENTITY AuthHandle,\r
+ IN TPMI_SH_POLICY PolicySession,\r
+ IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL\r
+ IN TPM2B_NONCE *NonceTPM,\r
+ IN TPM2B_DIGEST *CpHashA,\r
+ IN TPM2B_NONCE *PolicyRef,\r
+ IN INT32 Expiration,\r
+ OUT TPM2B_TIMEOUT *Timeout,\r
+ OUT TPMT_TK_AUTH *PolicyTicket\r
+ );\r
+\r
+/**\r
+ This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r
+ If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r
+ satisfies the policy. This command will indicate that one of the required sets of conditions has been\r
+ satisfied.\r
+\r
+ @param[in] PolicySession Handle for the policy session being extended.\r
+ @param[in] HashList the list of hashes to check for a match.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2PolicyOR (\r
+ IN TPMI_SH_POLICY PolicySession,\r
+ IN TPML_DIGEST *HashList\r
+ );\r
+\r
+/**\r
+ This command indicates that the authorization will be limited to a specific command code.\r
+\r
+ @param[in] PolicySession Handle for the policy session being extended.\r
+ @param[in] Code The allowed commandCode.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2PolicyCommandCode (\r
+ IN TPMI_SH_POLICY PolicySession,\r
+ IN TPM_CC Code\r
+ );\r
+\r
+/**\r
+ This command returns the current policyDigest of the session. This command allows the TPM\r
+ to be used to perform the actions required to precompute the authPolicy for an object.\r
+\r
+ @param[in] PolicySession Handle for the policy session.\r
+ @param[out] PolicyHash the current value of the policyHash of policySession.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2PolicyGetDigest (\r
+ IN TPMI_SH_POLICY PolicySession,\r
+ OUT TPM2B_DIGEST *PolicyHash\r
+ );\r
+\r
//\r
// Help function\r
//\r
projects / mirror_edk2.git / blobdiff