TPMS_AUTH_RESPONSE AuthSession;\r
} TPM2_POLICY_SECRET_RESPONSE;\r
\r
+typedef struct {\r
+ TPM2_COMMAND_HEADER Header;\r
+ TPMI_SH_POLICY PolicySession;\r
+ TPML_DIGEST HashList;\r
+} TPM2_POLICY_OR_COMMAND;\r
+\r
+typedef struct {\r
+ TPM2_RESPONSE_HEADER Header;\r
+} TPM2_POLICY_OR_RESPONSE;\r
+\r
typedef struct {\r
TPM2_COMMAND_HEADER Header;\r
TPMI_SH_POLICY PolicySession;\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+ This command allows options in authorizations without requiring that the TPM evaluate all of the options.\r
+ If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that\r
+ satisfies the policy. This command will indicate that one of the required sets of conditions has been\r
+ satisfied.\r
+\r
+ @param[in] PolicySession Handle for the policy session being extended.\r
+ @param[in] HashList the list of hashes to check for a match.\r
+ \r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2PolicyOR (\r
+ IN TPMI_SH_POLICY PolicySession,\r
+ IN TPML_DIGEST *HashList\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM2_POLICY_OR_COMMAND SendBuffer;\r
+ TPM2_POLICY_OR_RESPONSE RecvBuffer;\r
+ UINT32 SendBufferSize;\r
+ UINT32 RecvBufferSize;\r
+ UINT8 *Buffer;\r
+ UINTN Index;\r
+\r
+ //\r
+ // Construct command\r
+ //\r
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);\r
+\r
+ SendBuffer.PolicySession = SwapBytes32 (PolicySession);\r
+ Buffer = (UINT8 *)&SendBuffer.HashList;\r
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));\r
+ Buffer += sizeof(UINT32);\r
+ for (Index = 0; Index < HashList->count; Index++) {\r
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));\r
+ Buffer += sizeof(UINT16);\r
+ CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);\r
+ Buffer += HashList->digests[Index].size;\r
+ }\r
+\r
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
+\r
+ //\r
+ // send Tpm command\r
+ //\r
+ RecvBufferSize = sizeof (RecvBuffer);\r
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
/**\r
This command indicates that the authorization will be limited to a specific command code.\r
\r