Lines Matching refs:TPM
547 This TPM 2.0 Part 3 of the Trusted Platform Module Library specification contains the definitions o…
548 TPM commands. These commands make use of the constants, flags, structures, and union definitions
549 defined in TPM 2.0 Part 2.
551 comments. The behavior of the C code in this TPM 2.0 Part 3 is normative but does not fully describ…
552 behavior of a TPM. The combination of this TPM 2.0 Part 3 and TPM 2.0 Part 4 is sufficient to fully
553 describe the required behavior of a TPM.
554 The code in parts 3 and 4 is written to define the behavior of a compliant TPM. In some cases (e.g.,
556 …mentation provided by the vendor that meets the general description of the function provided in TPM
559 specification require that a TPM meet any particular level of conformance.
564 For the purposes of this document, the terms and definitions given in TPM 2.0 Part 1 apply.
569 For the purposes of this document, the symbols and abbreviated terms given in TPM 2.0 Part 1 apply.
576 For the purposes of this document, the notation given in TPM 2.0 Part 1 applies.
598 Types" in TPM 2.0 Part 2). The null value is usually TPM_RH_NULL for a handle or
611 … throttling by the TPM. If the command code does not have this notation, then a write to NV
614 … A TPM may use the occasion of command execution to update the NV copy of clock.
619 … TPM when the command completes. This may be combined with the {NV} modifier but not with the
655 … determined by the settings of the attributes of the NV Index as described in TPM 2.0 Part 2,
695 When authorization is required to use the TPM entity associated with a handle, then at least one se…
715 normative and different TPM may give different responses when a command has multiple errors.
722 Before a TPM may begin the actions associated with a command, a set of command format and
725 a) The TPM shall successfully unmarshal a TPMI_ST_COMMAND_TAG and verify that it is either
727 b) The TPM shall successfully unmarshal a UINT32 as the commandSize. If the TPM has an interface
732 …NOTE A TPM may have direct access to system memory and unmarshal direc tly from that memo…
734 c) The TPM shall successfully unmarshal a TPM_CC and verify that the command is implemented
740 a) If the TPM is in Failure mode, then the commandCode is TPM_CC_GetTestResult or
744 …NOTE 1 In Failure mode, the TPM has no cryptographic capability and processing of sessions …
747 b) The TPM is in Field Upgrade mode (FUM), the commandCode is TPM_CC_FieldUpgradeData
749 c) If the TPM has not been initialized (TPM2_Startup()), then the commandCode is TPM_CC_Startup
752 …NOTE 2 The TPM may enter Failure mode during _TPM_Init processing, before TPM2_Startup(). S…
753 … the platform firmware cannot know that the TPM is in Failure mode without accessing it, and
756 indicating that the TPM is in Failure mode.
758 … There may be failures where a TPM cannot record that it received TPM2_Startup(). In those
759 … cases, a TPM in failure mode may process TPM2_GetTestResult(), TPM2_GetCapability(), or
760 … the field upgrade commands. As a side effect, that TPM may process TPM2_GetTestResult(),
773 After successfully unmarshaling and validating the command header, the TPM shall perform the follow…
776 NOTE 1 A TPM is required to perform the handle area validation before the authorization…
778 … entity are known by the TPM. For them to be known, the referenced entity must be in the TPM and
781 a) The TPM shall successfully unmarshal the number of handles required by the command and validate
782 that the value of the handle is consistent with the command syntax. If not, the TPM shall return
785 …NOTE 2 The TPM may unmarshal a handle and validate that it references an entity on th…
789 … the TPM may continue to read into the next area and attempt to interpret the data as a handle.
791 b) For all handles in the handle area of the command, the TPM will validate that the referenced ent…
792 present in the TPM.
802 … ii) the handle shall reference a persistent object that is currently in TPM non-volatile memory
810 iv) if the TPM implementation moves a persistent object to RAM for command processing then
819 4) If the handle references a session, then the session context shall be present in TPM memory
831 … 6) If the handle references a PCR, then the value is within the range of PCR supported by the TPM
840 a) If the tag is TPM_ST_SESSIONS and the command requires TPM_ST_NO_SESSIONS, the TPM will
842 b) If the tag is TPM_ST_NO_SESSIONS and the command requires TPM_ST_SESSIONS, the TPM will
844 c) If the tag is TPM_ST_SESSIONS, the TPM will attempt to unmarshal an authorizationSize and return
856 d) The TPM will unmarshal the authorization sessions and perform the following validations:
858 TPM_RS_PW then the TPM shall return TPM_RC_HANDLE.
859 2) If the session is not loaded, the TPM will return the warning TPM_RC_REFERENCE_S0 + N
866 … indicated in authorizationSize were unmarshaled (that is, authorizationSize is too large), the TPM
902 …itive portions of the object shall be present on the TPM
907 password, then the TPM is not in lockout (TPM_RC_LOCKOUT).
973 If the TPM returns an error other than TPM_RC_AUTH_FAIL then the TPM shall not alter any TPM state.
974 If the TPM return TPM_RC_AUTH_FAIL, then the TPM shall not alter any TPM state other than
977 NOTE 7 The TPM may decrease failedTries regardless of any other processing performed by…
978 is, the TPM may exit Lockout mode, regardless of the return code.
984 allow a command parameter to be encrypted, then the TPM will return TPM_RC_ATTRIBUTES.
985 Otherwise, the TPM will decrypt the parameter using the values associated with the session before
1009 required that the TPM validate that the parameters meet the requirements of the expected data type …
1010 defined in TPM 2.0 Part 2.
1036 value that is supported by the TPM
1038 supported by the TPM
1040 supported by the TPM
1042 is supported by the TPM
1046 have a value that is supported by the TPM
1047 …_KEY_SIZE a parameter that is a key size has a value that is not supported by the TPM
1049 a value that is supported by the TPM
1052 a value that is supported by the TPM
1055 value that is supported by the TPM
1057 the TPM
1059 not supported by the TPM
1064 by the TPM 2.0 Part 2 definition of the parameter type even if that parameter is not used in the co…
1073 will be in the response. If so, the TPM will encrypt the first parameter of the response if indicat…
1074 authorization attributes. The TPM will then generate a new nonce value for each session and, if
1119 command formatted for a TPM 1.2 but the TPM is not capable of executing TPM 1.2 commands. So that
1120 the TPM 1.2 compatible software will have a recognizable response, the TPM sets tag to
1122 This is the same response as the TPM 1.2 fatal error for TPM_BADTAG.
1127 command did not complete and the state of the TPM is unchanged. An exception to this general rule is
1149 … This response code may be returned by a TPM that supports command cancel.
1150 When the TPM receives an indication that the current command should be
1151 TPM_RC_CANCELED cancelled, the TPM may complete the command or return this code. If th…
1152 … is returned, then the TPM state is not changed and the same command may be
1160 TPM_RC_LOCKOUT are not allowed at this time because the TPM is in DA lockout mode. Th…
1162 A TPM may use a common pool of memory for objects, sessions, and other
1163 purposes. When the TPM does not have enough memory available to perform
1165 TPM_RC_MEMORY that the TPM resource manager may flush either sessions or objects in …
1166 make memory available for the command execution. A TPM may choose to
1169 … This response code indicates that the TPM is rate-limiting writes to the NV
1177 … until it is. This would occur in a system where the NV memory used by the TPM
1178 is not exclusive to the TPM and is a shared system resource.
1179 … This response code indicates that the TPM has exhausted its handle space and
1180 … no new objects can be loaded unless the TPM is rebooted. This does not occur in
1184 … unique handle each time the object is loaded. A TPM using this implementation
1187 … This response code can be returned by any command that causes the TPM to
1190 TPM2_ContextLoad()). However, the TPM implementation is allowed to use
1191 … object slots for other reasons. In the reference implementation, the TPM copies a
1194 … slots are previously occupied, the TPM may return this value. A TPM is allowed
1196 … this response is returned is for the TPM resource manager to flush a transient
1202 TPM_RC_REFERENCE_Hx provided for future use. The TPM resource manager needs to find the co…
1204 … NOTE Usually, this error indicates that the TPM resource manager has a corrupted
1221 TPM_RC_REFERENCE_Sx values are provided for future use. The TPM resource manager needs to…
1223 NOTE Usually, this error indicates that the TPM resource manager has a
1225 TPM_RC_RETRY the TPM was not able to start the command
1226 … This response code indicates that the TPM does not have a handle to assign to a
1229 listed here because the command is not in error and the TPM resource manager
1231 … This response code can be returned by any command that causes the TPM to
1235 … However, the TPM implementation is allowed to use object slots for other
1236 … purposes. The remedy when this response is returned is for the TPM resource
1243 … This response code indicates that the TPM is performing tests and cannot
1246 … the TPM has suspended operation on the command; forward progress was made
1249 See TPM 2.0 Part 1, “Multi-tasking.”
1289 … Verification that the handles in the handle area reference entities that are resident on the TPM.
1303 parameter type as defined in TPM 2.0 Part 2.
1330 This clause contains the commands used to manage the startup and restart state of a TPM.
1336 _TPM_Init initializes a TPM.
1337 …zation actions include testing code required to execute the next expected command. If the TPM is in
1341 NOTE 1 If the TPM performs self-tests after receiving _TPM_Init() and the TPM enters Fail…
1342 … receiving TPM2_Startup() or TPM2_FieldUpgradeData(), then the TPM may be able to accept
1346 physical interface to the TPM. The platform shall send this indication whenever the platform starts…
1352 … While this flag is CLEAR, the TPM will only accept the next expected command described above.
1413 TPM2_Startup() is always preceded by _TPM_Init, which is the physical indication that TPM initializ…
1415 TPM2_Startup() commands are not allowed after it has completed successfully. If a TPM requires
1416 TPM2_Startup() and another command is received, or if the TPM receives TPM2_Startup() when it is not
1417 required, the TPM shall return TPM_RC_INITIALIZE.
1419 NOTE 1 See 9.2.1 for other command options for a TPM supporting field upgrade mode.
1424 If in Failure mode, the TPM shall accept TPM2_GetTestResult() and TPM2_GetCapability() even if
1427 A Shutdown/Startup sequence determines the way in which the TPM will operate in response to
1429 1) TPM Reset – This is a Startup(CLEAR) preceded by either Shutdown(CLEAR) or no
1430 TPM2_Shutdown(). On TPM Reset, all variables go back to their default initialization state.
1432 … Only those values that are specified as having a default initialization state are changed by TPM
1437 2) TPM Restart – This is a Startup(CLEAR) preceded by Shutdown(STATE). This preserves much of the
1438 previous state of the TPM except that PCR and the controls associated with the Platform hierarchy
1440 3) TPM Resume – This is a Startup(STATE) preceded by Shutdown(STATE). This preserves the
1441 previous state of the TPM including the static Root of Trust for Measurement (S-RTM) PCR and the
1443 If a TPM receives Startup(STATE) and that was not preceded by Shutdown(STATE), the TPM shall return
1445 If, during TPM Restart or TPM Resume, the TPM fails to restore the state saved at the last
1446 Shutdown(STATE), the TPM shall enter Failure Mode and return TPM_RC_FAILURE.
1449 … all transient contexts (objects, sessions, and sequences) shall be flushed from TPM memory;
1453 On TPM Reset
1476 platform-specific specification and the H-CRTM state (for exceptions, see TPM 2.0 Part 1, H-
1480 are preserved by TPM Resume will need to be restored during TPM2_Startup().
1482 …NOTE 5 See "Initializing PCR" in TPM 2.0 Part 1 for a description of the default initial…
1485 On TPM Restart
1496 On TPM Resume
1500 PCR that are specified in a platform-specific specification to be preserved on TPM Resume are
1502 platform-specific specification. For constraints, see TPM 2.0 Part 1, H-CRTM before
1504 Other TPM state may change as required to meet the needs of the implementation.
1505 If the startupType is TPM_SU_STATE and the TPM requires TPM_SU_CLEAR, then the TPM shall return
1514 NOTE 6 The TPM will require TPM_SU_CLEAR when no shutdown was performed …
1616 49 // if this startup is a TPM Resume, then the H-CRTM states have to match.
1721 144 // Update TPM internal states if command succeeded.
1745 This command is used to prepare the TPM for a power cycle. The shutdownType parameter indicates
1757 The following items shall not be saved and will not be in TPM memory after the next TPM2_Startup:
1758 TPM-memory-resident session contexts;
1759 TPM-memory-resident transient objects; or
1760 TPM-memory-resident hash contexts created by TPM2_HashSequenceStart().
1762 This command saves TPM state but does not change the state other than the internal indication that …
1763 context has been saved. The TPM shall continue to accept commands. If a subsequent command
1764 changes TPM state saved by this command, then the effect of this command is nullified. The TPM MAY
1888 67 // if the TPM isn't actually shut down. This is OK because all other checks
1910 Compliance to standards for hardware security modules may require that the TPM test its functions
1911 before the results that depend on those functions may be returned. The TPM may perform operations
1912 using testable functions before those functions have been tested as long as the TPM returns no value
1917 that command may result in a value being returned to the TPM user. This means that
1922 If a command is received that requires return of a value that depends on untested functions, the TPM
1924 Once the TPM has received TPM2_SelfTest() and before completion of all tests, the TPM is required to
1926 If a self-test fails at any time, the TPM will enter Failure mode. While in Failure mode, the TPM w…
1928 TPM will remain in Failure mode until the next _TPM_Init.
1943 This command causes the TPM to perform a test of its capabilities. If the fullTest is YES, the TPM …
1944 all functions. If fullTest = NO, the TPM will only test those functions that have not previously be…
1945 If any tests are required, the TPM shall either
1948 …NOTE 1 If fullTest is NO, and all functions have been tested, the TPM shall return TPM_R…
1951 If the TPM uses option a), the TPM shall return TPM_RC_TESTING for any command that requires use
1955 NOTE 2 This command may cause the TPM to continue processing after it has returned the res…
1957 … would allow the TPM to generate an interrupt when th e “background” processing is complete. This
2039 This command causes the TPM to perform a test of the selected algorithms.
2041 NOTE 1 The toTest list indicates the algorithms that software would like the TPM to test …
2057 The TPM will return in toDoList a list of algorithms that are yet to be tested. This list is not th…
2067 If toTest is not an empty list, the TPM shall return TPM_RC_SUCCESS for this command and then return
2076 NOTE 6 The TPM cannot return TPM_RC_TESTING for this command, even when testing is not co…
2079 If all the parameters in this command are valid, the TPM returns TPM_RC_SUCCESS and the toDoList
2177 This command will operate when the TPM is in Failure mode so that software can determine the test
2178 status of the TPM and so that diagnostic information can be obtained for use in failure analysis. I…
2179 TPM is in Failure mode, then tag is required to be TPM_ST_NO_SESSIONS or the TPM shall return
2230 …In the reference implementation, this function is only reachable if the TPM is not in failure mode…
2265 This command allows injection of a secret into the TPM using either asymmetric or symmetric encrypt…
2271 The label value of “SECRET” (see “Terms and Definitions” in TPM 2.0 Part 1) is used in the recovery…
2273 The TPM generates the sessionKey from the recovered secret value.
2290 If the TPM does not have a free slot for an authorization session, …
2292 If the TPM implements a “gap” scheme for assigning contextID values, then the TPM shall return
2294 “Context Management” in TPM 2.0 Part 1).
2296 proper type for tpmKey. The TPM shall return TPM_RC_HANDLE if the sensitive portion of tpmKey is not
2297 loaded. The TPM shall return TPM_RC_VALUE if:
2320 If bind references a transient object, then the TPM shall return TPM_RC_HANDLE if the sensitive por…
2338 NOTE 4 Although this command changes the session allocation information in the TPM, it do…
2340 …establish the orderly state of the TPM. This is because the created cont ext will occupy an availa…
2341 … slot in the TPM and sessions in the TPM do not survive any TPM2_Startup(). However, if a created
2344 The TPM shall return TPM_RC_SIZE if nonceCaller is less than 16 octets or is greater than the size …
2387 TPMI_ALG_HASH authHash Shall be a hash algorithm supported by the TPM and
2399 … the initial nonce from the TPM, used in the computation
2423 the oldest active context is at the limits of the TPM
2443 11 OBJECT *tpmKey; // TPM key for decrypt salt
2548 used after the TPM returns TPM_RC_PCR_CHANGED. That response code indicates that a policy will
2634 This command is used to create an object that can be loaded into a TPM using TPM2_Load(). If the
2635 command completes successfully, the TPM will create the new object and return the object’s creation
2640 new object. The setting for these fields is defined in “Public Area Template” in TPM 2.0 Part 1 and
2641 “TPMA_OBJECT” in TPM 2.0 Part 2.
2646 symmetric object, an optional initial data value (inSensitive.data). The TPM shall validate the con…
2647 of inPublic.attributes according to the Creation rules in “TPMA_OBJECT” in TPM 2.0 Part 2.
2650 is indicated as being TPM-generated, the value is filled in by bits from the RNG if the command is
2652 of each creation value are specified in TPM 2.0 Part 1.
2654 CLEAR if inSensitive.data is not an Empty Buffer or the TPM shall return TPM_RC_ATTRIBUTES.
2655 The TPM will create new data for the sensitive area and compute a TPMT_PUBLIC.unique from the
2658 …1) If inSensitive.sensitive.data is the Empty Buffer, a TPM-generated key value is placed in the n…
2661 … 2) If inSensitive.sensitive.data is not the Empty Buffer, the TPM will validate that the size of
2664 3) A TPM-generated obfuscation value is placed in TPMT_SENSITIVE.sensitive.seedValue. The
2672 … 1) If inSensitive.sensitive.data is not the Empty Buffer, then the TPM shall return TPM_RC_VALUE.
2680 2) A TPM-generated private key value is created with the size determined by the parameters of
2682 3) If the key is a Storage Key, a TPM-generated TPMT_SENSITIVE.seedValue value is created;
2691 the public area of the template, then the TPM shall return TPM_RC_SCHEME.
2693 area of the template, then the TPM shall return TPM_RC_KDF.
2702 inPublic.attributes, the TPM shall return TPM_RC_ATTRIBUTES. This would be a data object
2704 …2) If inSensitive.sensitive.data is not an Empty Buffer, the TPM will …
2710 …3) If inSensitive.sensitive.data is an Empty Buffer, a TPM-generated key value that is the size of…
2712 4) A TPM-generated obfuscation value that is the size of the digest produced by the nameAlg of
2717 For TPM2_Load(), the TPM will apply normal symmetric protections to the created TPMT_SENSITIVE to
2722 In addition to outPublic and outPrivate, the TPM will build a TPMS_CREATION_DATA structure for the
2730 TPM shall return TPM_RC_TYPE. If inPublic.nameAlg does not match, the TPM shall return
2731 TPM_RC_HASH. If inPublic.parameters does not match, the TPM shall return TPM_RC_ASSYMETRIC.
2732 The TPM shall not differentiate between mismatches of the components of inPublic.parameters.
2739 EXAMPLE If the inPublic.parameters.ecc.symmetric.algorithm does not match the parent, the TPM …
2784 the creation data was produced by the TPM
2819 sensitive creation area; may also be returned if the TPM does not
2929 This command is used to load objects into the TPM. This command is used when both a TPM2B_PUBLIC
2936 “TPMA_OBJECT” in TPM 2.0 Part 2 of this specification.
2949 The command returns a handle for the loaded object and the Name that the TPM computed for
2952 NOTE 4 The TPM-computed Name is provided as a convenience to the caller for those cases …
2959 the public area or the TPM shall return TPM_RC_KEY_SIZE.
2962 object are not properly linked, the TPM shall return TPM_RC_BINDING.
2990 … TPM handle of parent key; shall not be a reserved
3141 This command is used to load an object that is not a Protected Object into the TPM. The command all…
3144 NOTE 1 Typical use for loading a public area is to allow the TPM to validate an asymmetric…
3145 …Typical use for loading both a public and sensitive area is to allow the TPM to be used as a crypto
3156 “TPMA_OBJECT” in TPM 2.0 Part 2. In particular, fixedTPM, fixedParent, and restricted shall be CLEAR
3160 …resident on a different TPM. If both the public and private parts of the key are loaded , then it …
3166 be the same as its Name. The TPM will validate that the authPolicy is either the size of the digest
3175 If the nameAlg is TPM_ALG_NULL, the TPM shall not verify the cryptographic binding between the publ…
3176 and sensitive areas, but the TPM will validate that the size of the key in the sensitive area is co…
3177 with the size indicated in the public area. If it is not, the TPM shall return TPM_RC_KEY_SIZE.
3179 NOTE 6 For an ECC object, the TPM will verify that the public key is on the curve of the k…
3188 The command returns a handle for the loaded object and the Name that the TPM computed for
3191 NOTE 8 The TPM-computed Name is provided as a convenience to the caller for those cases wh…
3211 next TPM Reset.
3316 35 // appear to be a key that was created by this TPM.
3372 If objectHandle references a sequence object, the TPM shall return TPM_RC_SEQUENCE.
3394 TPM handle of an object
3477 …s command enables the association of a credential with an object in a way that ensures that the TPM
3479 If both the public and private portions of activateHandle and keyHandle are not loaded, then the TPM
3481 If keyHandle is not a Storage Key, then the TPM shall return TPM_RC_TYPE.
3638 This command allows the TPM to perform the actions required of a Certificate Authority (CA) in crea…
3640 The TPM will produce a TPM_ID_OBJECT according to the methods in “Credential Protection” in TPM
3644 This command does not use any TPM secrets nor does it require authorization. It is a convenience
3645 function, using the TPM to perform cryptographic calculations that could be done externally.
3771 NOTE A random, TPM-generated, Sealed Data Object may be created by the TPM with TPM2_Cre…
3775 If either restricted, decrypt, or sign is SET in the attributes of itemHandle, then the TPM shall r…
3776 TPM_RC_ATTRIBUTES. If the type of itemHandle is not TPM_ALG_KEYEDHASH, then the TPM shall
3877 This command is used to change the authorization secret for a TPM-resident object.
3878 If successful, a new private area for the TPM-resident object associated with objectHandle is retur…
3880 This command does not change the authorization of the TPM-resident object on which it operates.
3881 Therefore, the old authValue (of the TPM-resident object) is used when generating the response HMAC
3886 NOTE 2 The TPM-resident object may be persistent and changing the authorization value of th…
3888 change the TPM-resident object.
4034 key for the duplicate may be on the same or different TPM or TPM_RH_NULL. Only the public area of
4037 NOTE 1 Since the new parent may only be extant on a different TPM, it is likely that the n…
4038 … sensitive area could not be loaded in the TPM from which objectHandle is being duplicated.
4040 If encryptedDuplication is SET in the object being duplicated, then the TPM shall return
4044 If fixedParent of objectHandle→attributes is SET, the TPM shall return TPM_RC_ATTRIBUTES. If
4045 objectHandle→nameAlg is TPM_ALG_NULL, the TPM shall return TPM_RC_TYPE.
4056 If the compared hashes are not the same, then the TPM shall return TPM_RC_POLICY_FAIL.
4065 The TPM shall follow the process of encryption defined in the “Duplication” subclause of “Protected
4066 Storage Hierarchy” in TPM 2.0 Part 1.
4094 …TA encryptionKeyIn The size for this key is set to zero when the TPM is to
4110 …ATA encryptionKeyOut the Empty Buffer; otherwise, it shall contain the TPM-
4262 This command allows the TPM to serve in the role as a Duplication Authority. If proper authorizatio…
4268 In the rewrap process, L is “DUPLICATE” (see “Terms and Definitions” in TPM 2.0 Part 1).
4272 a zero length. See TPM 2.0 Part 2 encryptedDuplication.
4427 74 // enabled in TPM
4474 If fixedTPM or fixedParent is SET in objectPublic, the TPM shall return TPM_RC_ATTRIBUTES.
4478 buffers (TPM_RC_ATTRIBUTES). Recovery of the sensitive data of the object occurs in the TPM in a
4508 … loaded, or before the TPM performs an operation for which the binding affects the outcome of the
4514 … If the new parent is not fixedTPM, then that object will be loadable on any TPM (including SW
4517 … parent is fixedTPM, then the new private blob is integrity protec ted by the TPM that “owns” the
4521 After integrity checks and decryption, the TPM will create a new symmetrically encrypted private ar…
4615 …NOTE: if the TPM provides parameter values, the parameter number will indicate symmetric…
4804 implemented in the TPM. Many of these commands are only allowed if the asymmetric key is an
4818 NOTE Requiring that the decrypt attribute be set allows the TPM to ensure that the schem…
4821 … may modify any key in any desired way. So, this constraint only serves to simplify the TPM logic.
4827 3) TPM_ALG_NULL – Data is not padded by the TPM and the TPM will treat message as an
4863 … manipulate the attributes of the key in any way desired. As a result , the TPM shall not check the
4882 The label parameter is optional. If provided (label.size != 0) then the TPM shall return TPM_RC_VAL…
4883 …octet in label is not zero. If a zero octet occurs before label.buffer[label.size-1], the TPM shall
4887 NOTE 4 If the scheme does not use a label, the TPM will still verify that label is prop…
5044 The TPM will perform a modular exponentiation of ciphertext using the private exponent associated w…
5056 0), it shall be a NULL-terminated string or the TPM will return TPM_RC_VALUE.
5214 This command uses the TPM to generate an ephemeral key pair ( de, Qe where Qe ≔ [de]G). It uses the
5356 This command uses the TPM to recover the Z value from a public point (QB) and a private key (ds). I…
5562 point of that ephemeral key along with a numeric value that allows the TPM to regenerate the associ…
5565 party B, and the commitCounter returned by TPM2_EC_Ephemeral(). The TPM uses the counter value to
5569 The TPM will compute Z or Zs and Ze according to the selected scheme. If the scheme is not a two-ph…
5570 key exchange scheme or if the scheme is not supported, the TPM will return TPM_RC_SCHEME.
5599 NOTE The Z values returned by the TPM are a full point and not just an x -coordinate.
5664 This command uses the TPM to recover one or two Z values in a two phase key exchange protocol
5765 implemented in the TPM that operate on blocks of data. These include symmetric encryption and
5767 no persistent state that is retained in the TPM when the command is complete.
5783 TPM_ALG_CTR The TPM will increment the entire IV provided by the caller. The next count va…
5787 … combination. If the size of ivIn is not correct, the TPM shall return TPM_RC_SIZE.
5800 … combination. If the size of ivIn is not correct, the TPM shall return TPM_RC_SIZE.
5808 … combination. If the size of ivIn is not correct, the TPM shall return TPM_RC_SIZE.
5810 and key combination. If the size of inData is not correct, the TPM shall return
5816 … combination. If the size of ivIn is not correct, the TPM shall return TPM_RC_SIZE.
5822 and key combination. If the size of inData is not correct, the TPM shall return
5844 If the TPM allows this command to be canceled before completion, then the TPM may produce
6024 NOTE If the data buffer to be hashed is larger than will fit into the TPM’s input buffer…
6029 If the digest is not safe to sign, then the TPM will return a TPMT_TK_HASHCHECK with the hierarchy …
6148 If the sign attribute is not SET in the key referenced by handle then the TPM shall return
6149 TPM_RC_ATTRIBUTES. If the key type is not TPM_ALG_KEYEDHASH then the TPM shall return
6150 TPM_RC_TYPE. If the key referenced by handle has the restricted attribute SET, the TPM shall return
6302 NOTE 1 It is recommended that a TPM implement the RNG in a manner that would allow it to re…
6307 If bytesRequested is more than will fit into a TPM2B_DIGEST on the TPM, no error is returned but the
6308 TPM will only return as much data as will fit into a TPM2B_DIGEST buffer for the TPM.
6310 …2 TPM2B_DIGEST is large enough to hold the largest dig est that may be produced by the TPM.
6312 data returned by this command is TPM implementation-dependent.
6467 maintained. For a description of sequences, see “Hash, HMAC, and Event Sequences” in TPM 2.0 Part 1.
6473 This command starts an HMAC sequence. The TPM will create and initialize an HMAC sequence
6480 If the sign attribute is not SET in the key referenced by handle then the TPM shall return
6481 TPM_RC_ATTRIBUTES. If the key type is not TPM_ALG_KEYEDHASH then the TPM shall return
6482 TPM_RC_TYPE. If the key referenced by handle has the restricted attribute SET, the TPM shall return
6636 neither an implemented algorithm nor TPM_ALG_NULL, then the TPM shall return TPM_RC_HASH.
6637 Depending on hashAlg, the TPM will create and initialize a Hash Sequence context or an Event
6640 context for each of the PCR banks implemented on the TPM.
6729 any size up to the limits of the TPM.
6731 NOTE 1 In all TPM, a buffer size of 1,024 octets is allowed.
6741 NOTE 2 This requirement allows the TPM to validate that the first block is safe to sign wi…
6889 … TPM had fewer than sizeof(TPM_GENERATED) octets, then the TPM will operate as if digest is not
6895 If sequenceHandle references an Event Sequence, then the TPM shall return TPM_RC_MODE.
7078 If sequenceHandle references a hash or HMAC sequence, the TPM shall return TPM_RC_MODE.
7235 The attestation commands cause the TPM to sign an internally generated data structure. The contents…
7243 The TPM shall return TPM_RC_SCHEME to indicate that the scheme is not appropriate.
7290 different manner (for details, see “ECDAA” in TPM 2.0 Part 1).
7305 The purpose of this command is to prove that an object with a specific Name is loaded in the TPM. By
7306 certifying that the object is loaded, the TPM warrants that a public area with a given Name is self-
7319 … The restriction occurs because the Name is used to identify the object being certified. If the TPM
7477 This command is used to prove the association between an object and its creation data. The TPM will
7478 validate that the ticket was produced by the TPM and that the ticket validates the association betw…
7483 The TPM will create a test ticket using the Name associated with objectHandle and creationHash as:
7485 This ticket is then compared to creation ticket. If the tickets are not the same, the TPM shall ret…
7487 If the ticket is valid, then the TPM will create a TPMS_ATTEST structure and place creationHash of …
7661 The TPM will hash the list of PCR selected by PCRselect using the hash algorithm associated with
7664 The concatenation of PCR is described in TPM 2.0 Part 1, Selecting Multiple PCR.
7826 If sessionHandle is not an audit session, the TPM shall return TPM_RC_TYPE.
7831 This command requires authorization from the privacy administrator of the TPM (expressed with
8016 NOTE 2 The way that the TPM tracks that the digest is clear is vendor-dependent. The refer…
8023 This command requires authorization from the privacy administrator of the TPM (expressed with
8244 TPM2B_ATTEST timeInfo standard TPM-generated attestation block
8352 The TPM generates keys that have different lifetimes. TPM keys in a hierarchy can be persistent for…
8353 long as the seed of the hierarchy is unchanged and these keys may be used multiple times. Other TPM-
8356 key is created for a single pass key exchange with another TPM. However, there are other cases, such
8358 key is used outside of the TPM before the final command "consumes" the ephemeral key.
8359 For these uses, TPM2_Commit() or TPM2_EC_Ephemeral() may be used to have the TPM create an
8361 the caller provides a reference to the ephemeral key so that the TPM can retrieve or recreate the
8367 The TPM uses that number to either look up or recompute the associated private key. After the key is
8368 used, the TPM records the fact that the key has been used so that it cannot be used again.
8369 As mentioned, the TPM can keep each assigned private ephemeral key in memory until it is used.
8370 However, this could consume a large amount of memory. To limit the memory size, the TPM is allowed …
8375 To further reduce the memory requirements for the ephemeral private keys, the TPM is allowed to use
8377 TPM can use a counter as input to a KDF. Incrementing the counter will cause the TPM to generate a
8383 Since the TPM is allowed to restrict the number of pending ephemeral keys, the array size can be li…
8386 TPM 2.0 Part 1.
8401 TPM2_Commit() performs the first part of an ECC anonymous signing operation. The TPM will perform
8410 For this command, p1, s2 and y2 are optional parameters. If s2 is an Empty Buffer, then the TPM sha…
8412 The algorithm is specified in the TPM 2.0 Part 1 Annex for ECC, TPM2_Commit().
8636 The TPM will use the commit mechanism to assign an ephemeral key r and compute a public point Q ≔
8738 to the TPM.
8739 If the signature check succeeds, then the TPM will produce a TPMT_TK_VERIFIED. Otherwise, the TPM
8742 … A valid ticket may be used in subsequent commands to provide proof to the TPM that the TPM has
8878 This command causes the TPM to sign an externally provided hash with the specified symmetric or
8881 NOTE 1 Symmetric “signing” is done with the TPM HMAC commands.
8883 …dle references a restricted signing key, then validation shall be provided, indicating that the TPM
8892 If the scheme of keyHandle is TPM_ALG_NULL, the TPM will sign using inScheme; otherwise, it will si…
8899 If inScheme is not a valid signing scheme for the type of keyHandle (or TPM_ALG_NULL), then the TPM
8937 proof that digest was created by the TPM
9069 If the TPM is in Failure mode, command audit is not functional.
9087 the TPM will check both setList and clearList are empty (zero length). If so, then the algorithm is…
9240 In TPM 1.2, an Event was hashed using SHA-1 and then the 20-octet digest was extended to a PCR
9243 Event with each being extended to a different PCR, the Event data may be sent to the TPM for hashin…
9249 To support recording of an Event that is larger than the TPM input buffer, the caller may use the
9293 For each list entry, the TPM will check to see if pcrNum is implemented for that algorithm. If so, …
9311 …he caller includes digests for algorithms that are not implemented, then the TPM will fail the call
9314 hashAlg will fail and the TPM will return TPM_RC_HASH.
9316 If the TPM unmarshals the hashAlg of a list entry and the unmarshaled value is not a hash algorithm
9317 implemented on the TPM, the TPM shall return TPM_RC_HASH.
9319 processed but no action is taken by the TPM. This permits the caller to probe for implemented hash
9445 A TPM shall support an Event.size of zero through 1,024 inclusive (Event.size is an octet count). An
9454 computed in preparation for extending the data into the PCR. At the option of the TPM, the list may
9456 If pcrHandle is TPM_RH_NULL, the TPM may return either an empty list or a digest for each bank.
9458 EXAMPLE 2 Assume a TPM that implements a SHA1 bank and a SHA256 bank and that PCR[22] is only
9579 The TPM will process the list of TPMS_PCR_SELECTION in pcrSelectionIn in order. Within each
9580 TPMS_PCR_SELECTION, the TPM will process the bits in the pcrSelect array in ascending PCR order
9581 (see TPM 2.0 Part 2 for definition of the PCR order). If a bit is SET, and the indicated PCR is pre…
9582 then the TPM will add the digest of the PCR to the list of values to be returned in pcrValues.
9583 The TPM will continue processing bits until all have been processed or until pcrValues would be too…
9676 The TPM will evaluate the request and, if sufficient memory is available for the requested allocati…
9677 TPM will store the allocation request for use during the next TPM2_Startup(TPM_SU_CLEAR) operation.
9682 EXAMPLE If a TPM supports SHA1 and SHA256, then it maintains an allocation for two banks (one …
9685 … allocation of a TPM from 24 SHA1 PCR and no SHA256 PCR to 24 SHA256 PCR and no SHA1 PCR, the
9690 …is listed more than once, then the last selection in the pcrAllocation list is the one that the TPM
9694 etc. In the response to this command, the TPM returns the maximum number of PCR allowed for any
9698 one bank with the HCRTM_PCR allocated. If not, the TPM returns TPM_RC_PCR.
9699 The TPM may return TPM_RC_SUCCESS even though the request fails. This is to allow the TPM to
9702 allocationSuccess parameter will be YES. Alternatively, if the request fails, The TPM may return
9705 NOTE 1 An example for this type of failure is a TPM that can only support one bank at a ti…
9710 NOTE 2 Even if this command does not cause the PCR allocation to change, the TPM cannot ha…
9712 … command as it is not expected to be used more than once in the lifetime of the TPM (it can be used
9829 allowing a policy. If the TPM implementation does not allow a policy for pcrNum, the TPM shall retu…
9835 Before this command is first executed on a TPM or after TPM2_ChangePPS(), the access control on the
9842 …ize of the data buffer in authPolicy is not the size of a digest produced by hashAlg, the TPM shall
9958 specification as allowing an authorization value. If the TPM implementation does not allow an
9959 authorization for pcrNum, the TPM shall return TPM_RC_VALUE. A platform-specific specification may
10070 NOTE 1 The definition of TPMI_DH_PCR in TPM 2.0 Part 2 indicates that if pcrHandle is out o…
10073 If pcrHandle references a PCR that cannot be reset, the TPM shall return TPM_RC_LOCALITY.
10175 This indication from the TPM interface indicates the start of an H-CRTM measurement sequence. On
10176 receipt of this indication, the TPM will initialize an H-CRTM Event Sequence context.
10177 If no object memory is available for creation of the sequence context, the TPM will flush the conte…
10182 … object context slot is available or to deal with the consequences of having the TPM select an
10267 This indication from the TPM interface indicates arrival of one or more octets of data that are to …
10269 The context holds data for each hash algorithm for each PCR bank implemented on the TPM.
10336 This indication from the TPM interface indicates the end of the H-CRTM measurement. This indication…
10337 discarded and no other action performed if the TPM does not contain an H-CRTM Event Sequence
10342 If the H-CRTM Event Sequence occurs after TPM2_Startup(), the TPM will set all of the PCR designated
10344 specific specification, and increment restartCount. The TPM will then Extend the Event Sequence
10360 complete before TPM2_Startup() or the sequence will have no effect on the TPM.
10469 NOTE 1 Many of the terms used in this clause are described in detail in TPM 2.0 Part 1 and…
10505 policySession→nonceTPM, then the TPM shall return TPM_RC_VALUE. This parameter is required
10509 expiration, the TPM shall return TPM_RC_EXPIRED. If nonceTPM is the Empty buffer, and expiration
10510 is non-zero, then the TPM shall return TPM_RC_EXPIRED.
10514 c) timeout – This parameter is compared to the current TPM time. If policySession→timeout is in the
10515 past, then the TPM shall return TPM_RC_EXPIRED.
10526 1) the TPM shall return TPM_RC_CPHASH if policySession→cpHash is set and the contents of
10531 …2) the TPM shall return TPM_RC_SIZE if cpHashA is not the same …
10586 … String). If cpHash is not the Empty String when a policy command attempts to update it, the TPM
10589 … update this value with a larger value (longer into the future), the TPM will discard the update
10599 value and its value is not the same as pcrUpdateCounter, the TPM shall return
10617 … the same way. The different commands simply indicate to the TPM the format used for the authValue
10632 and the nonceTPM matches policySession->nonceTPM, then the TPM will return a ticket that includes a
10633 value indicating when the authorization expires. If expiration is non-negative, then the TPM will r…
10639 TPM
10656 … reference. The timeout parameter is an absolute time, using TPM Clock as the reference.
10679 If policySession is a trial session, the TPM will not check the signature and will update
10682 If policySession is not a trial session, the TPM will validate auth and only perform the update if …
10722 The TPM will perform the parameter checks listed in 23.2.2
10723 If the parameter checks succeed, the TPM will construct a test digest (tHash) over the provided
10725 If tHash does not match the digest of the signed aHash, then the authorization fails and the TPM sh…
10736 policySession is updated as described in 23.2.4. The TPM will optionally produce a ticket as descri…
10780 supported on the TPM.
10797 the TPM when the ticket expires
10831 TPM_RC_SCHEME the signing scheme of auth is not supported by the TPM
10940 103 // TPM-specific.
10990 If a policy session is used and use of the authValue of authHandle is not required, the TPM will re…
10992 The secret is the authValue of the entity whose handle is authHandle, which may be any TPM entity w…
11005 policySession is updated as described in 23.2.4. The TPM will optionally produce a ticket as descri…
11052 supported on the TPM.
11068 TPM2B_TIMEOUT timeout the TPM when the ticket expires; this ticket w…
11161 59 // TPM-specific.
11205 If the checks succeed, the TPM uses the timeout, cpHashA, policyRef, and authName to construct a
11206 ticket to compare with the value in ticket. If these tickets match, then the TPM will create a TPM2…
11239 TPM2B_TIMEOUT timeout The contents are TPM specific. This shall be t…
11250 … an authorization ticket returned by the TPM in response
11311 30 // Restore timeout data. The format of timeout buffer is TPM-specific.
11374 This command allows options in authorizations without requiring that the TPM evaluate all of the op…
11375 If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set th…
11379 policySession→policyDigest does not match any value in the list, the TPM shall return TPM_RC_VALUE.
11382 If policySession is a trial session, the TPM will assume that policySession→policyDigest matches on…
11388 …NOTE 1 The TPM will not return an error if the size of an entry is not the same as the s…
11398 A TPM shall support a list with at least eight tagged digest values.
11531 than the values from digest of the TPM PCR.
11532 The TPM will modify the pcrs parameter so that bits that correspond to unimplemented PCR are CLEAR.
11533 If policySession is not a trial policy session, the TPM will use the modified value of pcrs to sele…
11534 values to hash according to TPM 2.0 Part 1, Selecting Multiple PCR. The hash algorithm of the policy
11536 of zero, then it is compared to digestTPM; and if the values do not match, the TPM shall return
11553 After this command completes successfully, the TPM shall return TPM_RC_PCR_CHANGED if the policy
11555 The TPM uses a “generation” number (pcrUpdateCounter) that is incremented each time PCR are
11564 have occurred. If the values are different, the TPM shall return TPM_RC_PCR_CHANGED.
11568 … is an optimization for the purposes of conserving internal TPM memory. This would be a rare
11582 If policySession is a trial policy session, the TPM will not check any PCR and will compute:
11586 NOTE 3 The pcrs parameter is expected to match the configuration of the TPM for which the …
11587 … computed which may not be the same as the TPM on which the trial policy is being computed.
11747 TPM will validate that policySession→commandLocality has not previously been set or that the current
11749 When locality is not an extended locality, the TPM will validate that the policySession→commandLoca…
11750 is not set to an extended locality value (TPM_RC_RANGE). If not the TPM will disable any locality n…
11752 TPM will return TPM_RC_RANGE.
11927 If policySession is a trial policy session, the TPM will update policySession→policyDigest as shown…
11935 If TPMA_NV_WRITTEN is not SET in the NV Index, the TPM shall return TPM_RC_NV_UNINITIALIZED.
11936 The TPM will validate that the size of operandB plus offset is not greater than the size of the NV …
11937 it is, the TPM shall return TPM_RC_SIZE.
11939 TPM will perform the indicated arithmetic check using operandA and operandB. . If the check fails, …
11940 TPM shall return TPM_RC_POLICY and not change policySession→policyDigest. If the check succeeds,
11941 the TPM will hash the arguments:
12223 If policySession is a trial policy session, the TPM will update policySession→policyDigest as shown…
12226 The TPM will perform the indicated arithmetic check on the indicated portion of the TPMS_TIME_INFO
12227 structure. If the check fails, the TPM shall return TPM_RC_POLICY and not change
12228 policySession→policyDigest. If the check succeeds, the TPM will hash the arguments:
12248 compared overflows the TPMS_TIME_INFO structure, the TPM returns TPM_RC_RANGE. The structure
12249 is marshaled into its canonical form with no padding. The TPM does not check for alignment of the o…
12497 policySession→commandCode does not have its default value, then the TPM will return
12499 If code is not implemented, the TPM will return TPM_RC_POLICY_CC.
12500 If the TPM does not return an error, it will update policySession→policyDigest by
12504 expression is improperly formed but the TPM does not return an error.
12508 When the policy session is used to authorize a command, the TPM will fail the command if the
12732 If policySession→cpHash is already set and not the same as cpHashA, then the TPM shall return
12733 TPM_RC_VALUE. If cpHashA does not have the size of the policySession→policyDigest, the TPM shall
12865 This command allows a policy to be bound to a specific set of TPM entities without being bound to t…
12876 If policySession→cpHash is already set, the TPM shall return TPM_RC_VALUE. If the size of nameHash
12877 is not the size of policySession→policyDigest, the TPM shall return TPM_RC_SIZE. Otherwise,
13034 If either policySession→cpHash or policySession→nameHash has been previously set, the TPM shall
13212 signed (symmetric or asymmetric) by keySign. That signature is then checked by the TPM in
13221 If the first two octets of keySign are not a valid hash algorithm, the TPM shall return TPM_RC_HASH…
13222 the remainder of the Name is not the size of the indicated digest, the TPM shall return TPM_RC_SIZE.
13223 The TPM validates that the approvedPolicy matches the current value of policySession→policyDigest a…
13225 The TPM then validates that the parameters to TPM2_PolicyAuthorize() match the values used to
13226 generate the ticket. If so, the TPM will reset policySession→policyDigest to a Zero Digest. Then it…
13229 If the ticket is not valid, the TPM shall return TPM_RC_POLICY.
13234 …t it may be a NULL Ticket. A NULL ticket is useful in a trial policy, where the caller uses the TPM
13515 …reason that two commands are present is to indicate to the TPM if the hmac field in the authorizat…
13615 This command returns the current policyDigest of the session. This command allows the TPM to be used
13701 writtenSet. If policySession→checkNVWritten is SET, the TPM will return TPM_RC_VALUE if
13703 If the TPM does not return an error, it will update policySession→policyDigest by
13705 When the policy session is used to authorize a command, the TPM will fail the command if
13856 The TPM will derive the object from the Primary Seed indicated in primaryHandle using an approved
13858 Primary Object from a Primary Seed are described in TPM 2.0 Part 1 and implemented in TPM 2.0 Part …
13860 Seed, the TPM shall produce the same Primary Object.
13895 TPM2B_SENSITIVE_CREATE inSensitive the sensitive data, see TPM 2.0 Part 1 Sensitiv…
13919 the creation data was produced by the TPM
14056 When this command is used to CLEAR phEnable, shEnable, or ehEnable, the TPM will disable use of
14059 When this command is used to CLEAR shEnable, the TPM will disable access to any NV index that has
14061 Authorization). As long as shEnable is CLEAR, the TPM will return an error in response to any comma…
14063 When this command is used to CLEAR phEnableNV, the TPM will disable access to any NV index that
14065 Authorization). As long as phEnableNV is CLEAR, the TPM will return an error in response to any
14655 This command removes all TPM context associated with a specific Owner.
14659 change the SPS to a new value from the TPM’s random number generator (RNG),
14676 disabled this command, the TPM shall return TPM_RC_DISABLED.
14839 The TPM will SET the TPM’s TPMA_PERMANENT.disableClear attribute if disable is YES and will
15030 21 // on the TPM.
15076 A TPM is required to have support for logic that will help prevent a dictionary attack on an author…
15078 HMAC authorization fails. When the counter reaches a predefined value, the TPM will not accept, for
15079 some time interval, further requests that require authorization and the TPM is in Lockout mode. Whi…
15080 TPM is in Lockout mode, the TPM will return TPM_RC_LOCKED if the command requires use of an
15084 … However, a command that requires multiple authorizations will not be accepted when the TPM is in
15088 If the TPM is continuously powered for the duration of newRecoveryTime and no authorization failures
15101 This command cancels the effect of a TPM lockout due to a number of successive authorization failur…
15194 NOTE Use of Time means that the TPM shall be continuously powered for the duration of a …
15197 failures will not cause the TPM to enter lockout.
15198 If newMaxTries is zero, the TPM will be in lockout and use of DA protected entities will be disable…
15434 This command allows the platform to change the set of algorithms that are used by the TPM. The
15436 …changing of the algorithm set results in a change of the algorithms of PCR banks, then the TPM will
15439 TPM_SU_CLEAR, the TPM shall return TPM_RC_VALUE and enter Failure mode.
15468 a TPM vendor-dependent value indicating the
15529 This clause contains the commands for managing field upgrade of the firmware in the TPM. The field
15530 upgrade scheme may be used for replacement or augmentation of the firmware installed in the TPM.
15537 parameters to the TPM data set.
15541 is from the TPM manufacturer and that proper authorization is provided using platformPolicy.
15544 … upgrade be signed by the PM or the TPM owner and include any other constraints that are desired
15547 If the proper authorization is given, the TPM will retain the signed digest and enter the Field Upg…
15548 mode (FUM). While in FUM, the TPM will accept TPM2_FieldUpgradeData() commands. It may accept
15553 TPM manufacturer. That signature and first block digest are the parameters for
15554 TPM2_FieldUpgradeStart(). The digest is saved in the TPM as the required digest for the next field
15556 For each field upgrade data block that is sent to the TPM by TPM2_FieldUpgradeData(), the TPM shall
15557 validate that the digest matches the required digest and if not, shall return TPM_RC_VALUE. The TPM
15561 TPM2_FieldUpdateData(). If the TPM is able to resume operation using the firmware present when the
15562 upgrade started, then the TPM will indicate that it has abandon the update by setting the digest of…
15563 next block to the Empty Buffer. If the TPM cannot abandon the update, it will return the expected n…
15565 The system may also attempt to abandon the update because of a power interruption. If the TPM is ab…
15566 to resume normal operations, then it will respond normally to TPM2_Startup(). If the TPM is not abl…
15570 when the power interruption occurred. In such case, the TPM firmware may be reset to one of two oth…
15573 … the firmware that was in the TPM when the field upgrade process started (“previous firmware”).
15574 The TPM retains the digest of the first block for these firmware images and checks to see if the fi…
15583 NOTE 2 The TPM is required to accept the previous firmware as either a vendor-provided u…
15584 recovered from the TPM using TPM2_FirmwareRead().
15586 When the last block of the firmware upgrade is loaded into the TPM (indicated to the TPM by data in…
15587 data block in a TPM vendor-specific manner), the TPM will complete the upgrade process. If the TPM …
15589 TPM_ALG_NULL and return TPM_RC_SUCCESS. If a reboot is required, the TPM shall return
15590 TPM_RC_REBOOT in response to the last TPM2_FieldUpgradeData() and all subsequent TPM
15593 … Because no additional data is allowed when the response code is not TPM_RC_SUCCESS, the TPM
15595 … manner, the TPM is able to indicate the digest of the next block. If a _TPM_Init occurs while the
15596 …TPM is in FUM, the next block may be the digest for the first block of the original firmware. If i…
15597 …not, then the TPM will not accept the original firmware until the next _TPM_Init when the TPM is in
15601 upgrade process, the TPM shall preserve:
15611 where a field upgrade fixes a flaw that might have compromised TPM secrets.
15625 This command uses platformPolicy and a TPM Vendor Authorization Key to authorize a Field Upgrade
15627 If the signature checks succeed, the authorization is valid and the TPM …
15630 that is the same as a value that is part of the TPM firmware data. If the signature is not valid, t…
15656 … handle of a public area that contains the TPM Vendor
15711 This command will take the actual field upgrade image to be installed on the TPM. The exact format …
15713 TPM2_FieldUpgradeStart(). If the TPM has not received a properly authorized
15714 TPM2_FieldUpgradeStart(), then the TPM shall return TPM_RC_FIELDUPGRADE.
15715 The TPM will validate that the digest of fuData matches an expected value. If so, the TPM may buffe…
15716 immediately apply the update. If the digest of fuData does not match an expected value, the TPM sha…
15793 This command is used to read a copy of the current firmware installed in the TPM.
15795 would be the first block given to the TPM in case of a failure recovery. If the TPM2_FirmwareRead
15796 …nce completes successfully, then the data provided from the TPM will be sufficient to allow the TPM
15798 To start the sequence of retrieving the data, the caller sets sequenceNumber to zero. When the TPM …
15799 returned all the firmware data, the TPM will return the Empty Buffer as fuData.
15802 … The caller should retain the ordering of the update blocks so that the blocks sent to the TPM have
15805 NOTE 2 Support for this command is optional even if the TPM implements TPM2_FieldUpgradeSt…
15882 clause in TPM 2.0 Part 1.
15884 objects in TPM memory. Background for this command may be found in the "Owner and Platform Evict
15885 Objects" clause in TPM 2.0 Part 1.
15891 This command saves a session context, object context, or sequence object context outside the TPM.
15897 …TPM and, because this capability would provide no application benefit, use of authorization sessio…
15900 The TPM shall encrypt and integrity protect the TPM2B_CONTEXT_SENSITIVE context as described in
15901 the "Context Protection" clause in TPM 2.0 Part 1.
15902 See the “Context Data” clause in TPM 2.0 Part 2 for a description of the context structure in the r…
16032 74 // If object context ID overflows, TPM should be put in failure mode
16162 The TPM will return TPM_RC_HIERARCHY if the context is associated with a hierarchy that is disabled.
16167 See the “Context Data” clause in TPM 2.0 Part 2 for a description of the values in the context para…
16168 If the integrity HMAC of the saved context is not valid, the TPM shall return TPM_RC_INTEGRITY.
16169 The TPM shall perform a check on the decrypted context as described in the "Context Confidentiality
16170 Protections" clause of TPM 2.0 Part 1 and enter failure mode if the check fails.
16299 66 // Check fingerprint. If the check fails, TPM should be put to failure mode
16400 This command causes all context associated with a loaded object or session to be removed from TPM
16402 This command may not be used to remove a persistent object from the TPM.
16403 A session does not have to be loaded in TPM memory to have its context flushed. The saved session
16407 …andle is for a transient object and the handle is not associated with a loaded object, then the TPM
16410 then the TPM shall return TPM_RC_HANDLE.
16411 NOTE flushHandle is a parameter and not a handle. If it were in the handle area, the TPM would
16412 validate that the context for the referenced entity is in the TPM. When a TPM2_FlushContext referen…
16413 saved session context, it is not necessary for the context to be in the TPM. When the flushHandle i…
16414 the parameter area, the TPM does not validate that associated context is actually in the TPM.
16522 NOTE 1 A transient object is one that may be removed from TPM memory using either TPM2_Fl…
16523 … or TPM2_Startup(). A persistent object is not removed from TPM memory by TPM2_FlushContext()
16529 Before execution of TPM2_EvictControl code below, the TPM verifies that objectHandle references an
16530 object that is resident on the TPM and that persistentHandle is a valid handle for a persistent obj…
16536 a) The TPM shall return TPM_RC_ATTRIBUTES if
16540 b) The TPM shall return TPM_RC_HIERARCHY if the object is not in the proper hierarchy as
16545 c) The TPM shall return TPM_RC_RANGE if persistentHandle is not in the proper range as determined
16551 d) The TPM shall return TPM_RC_NV_DEFINED if a persistent object exists with the same handle as
16553 e) The TPM shall return TPM_RC_NV_SPACE if insufficient space is available to make the object
16555 f) The TPM shall return TPM_RC_NV_SPACE if execution of this command will prevent the TPM from
16558 …NOTE 3 This requirement anticipates that a TPM may be implemented suc h that all TPM memo…
16560 … between memory of different types and it is necessary that the TPM ensure that it is always
16561 … possible for the management software to m ove objects to/from TPM memory in order to ensure
16564 g) If the TPM returns TPM_RC_SUCCESS, the object referenced by objectHandle will not be flushed
16572 a) The TPM shall return TPM_RC_RANGE if objectHandle is not in the proper range as determined by
16576 b) If the TPM returns TPM_RC_SUCCESS, objectHandle will be removed from persistent memory and
16836 This command is used to advance the value of the TPM’s Clock. The command will fail if newTime is l…
16838 these checks succeed, Clock is set to newTime. If either of these checks fails, the TPM shall return
16842 … the Clock update rate was set so that TPM time was passing 33 percent faster than real time. This
16844 …over in the lifetime of the TPM, there is no need for external software to deal with the possibili…
16848 TPMS_CLOCK_INFO.clock differ by more than the reported update interval, then the TPM shall update
16962 the input frequency, the TPM shall return TPM_RC_VALUE.
16964 EXAMPLE 2 If the frequency tolerance of the TPM's input clock is +/-10 percent, then the TPM …
16977 Changes to the current Clock update rate adjustment need not be persisted across TPM power cycles.
17049 The TPM has numerous values that indicate the state, capabilities, and properties of the TPM. These
17050 values are needed for proper management of the TPM. The TPM2_GetCapability() command is used to
17055 NOTE TPM2_TestParms()is used to determine if a TPM supports a particular combination of …
17063 This command returns various information regarding the TPM and its current state.
17068 EXAMPLE 1 The list of handles of transient objects currently loaded in the TPM may be read on…
17075 requested. The TPM will return the number of requested values (propertyCount) or until the last pro…
17089 The TPM is not required to return more than one value at a time. It is not required to provide the …
17092 EXAMPLE 2 A TPM may return 4 properties in response to a TPM2_GetCapability( capability =
17094 … latter request with the same parameters, the TPM m ay return as few as one and as many as 8
17097 When the TPM is in Failure mode, a TPM is required to allow use of this command for access of the
17125 A vendor may optionally allow the TPM to return other values.
17126 If in Failure mode and a capability is requested that is not available in Failure mode, the TPM sha…
17129 EXAMPLE 3 Assume the TPM is in Failure mode and the TPM only supports reporting of the minimu…
17132 TPM_PT_FIRMWARE_VERSION_2, the TPM will return a zero length list with the moreData
17133 … parameter set to NO. If the property type is less than TPM_PT_MANUFACTURER, the TPM will
17136 In Failure mode, tag is required to be TPM_ST_NO_SESSIONS or the TPM shall return
17170 …EXAMPLE 4 If the MSO of property is TPM_HT_NV_INDEX, then the TPM will return a list of NV …
17173 EXAMPLE 5 If the MSO of property is TPM_HT_PCR, then the TPM will return a list of PCR.
17179 all returned values will have the TPM_HT_HMAC_SESSION handle type because the TPM does
17184 … the TPM return a list of loaded HMAC sessions without including the policy sessions.
17187 implemented in the TPM, starting with the TPM_CC indicated by the property parameter. If
17200 property parameter shall be zero. The TPM will always respond to this command with the full
17205 The TPM will only return values in the same group as the property parameter in the command.
17208 The input command property is a TPM_PT_PCR (see TPM 2.0 Part 2 for PCR properties to be
17225 use in the TPM.
17228 If no next capability exists, the TPM will return a zero-length list and moreData will have a value…
17430 The TPM will unmarshal the provided TPMT_PUBLIC_PARMS. If the parameters unmarshal correctly,
17431 then the TPM will return TPM_RC_SUCCESS, indicating that the parameters are valid for the TPM. The
17432 TPM will return the appropriate unmarshaling error if a parameter is not valid.
17520 NV Index, then the nvIndex parameter must have the same value or the TPM will return
17560 When an NV counter is created, the TPM shall initialize the 8-octet counter value with a number tha…
17561 greater than any count value for any NV counter on the TPM since the time of TPM manufacture.
17563 …ected to be modified at a high frequency and that the data is only required to persist when the TPM
17564 goes through an orderly shutdown process. The TPM may update the counter value in RAM and
17569 Before an NV counter can be used, the TPM shall validate that the count is not less than a previous…
17570 reported value. If the TPMA_NV_ORDERLY attribute is not SET, or if the TPM experienced an orderly
17572 TPM shutdown was not orderly, then the TPM shall OR MAX_ORDERLY_COUNT to the contents of the
17575 NOTE 1 Because the TPM would have updated the NV Index if the difference between the count…
17579 NOTE 2 The TPM may implement the RAM portion of the counter such that the effective value …
17580 …counter is the sum of both the volatile and non-volatile parts. If so, then the TPM may initialize…
17583 NOTE 3 When a new NV counter is created, the TPM may search all the coun ters to determine…
17584 … highest value. In this search, the TPM would use the sum of the non -volatile and RAM portions of
17586 (orderly or not) of the TPM.
17600 This command defines the attributes of an NV Index and causes the TPM to reserve space to hold the
17601 data associated with the NV Index. If a definition already exists at the NV Index, the TPM will ret…
17603 The TPM will return TPM_RC_ATTRIBUTES if more than one of TPMA_N…
17608 The TPM shall return TPM_RC_ATTRIBUTES if TPMA_NV_WRITTEN, TPM_NV_READLOCKED, or
17611 the TPM shall return TPM_RC_SIZE.
17613 publicInfo.nameAlg or the TPM shall return TPM_RC_SIZE.
17614 If the NV Index is an ordinary Index and publicInfo→dataSize is larger than supported by the TPM
17615 implementation then the TPM shall return TPM_RC_SIZE.
17622 TPMA_NV_POLICYREAD shall be SET or the TPM shall return TPM_RC_ATTRIBUTES.
17624 TPMA_NV_POLICYWRITE shall be SET or the TPM shall return TPM_RC_ATTRIBUTES.
17625 If TPMA_NV_CLEAR_STCLEAR is SET, then TPMA_NV_COUNTER shall be CLEAR or the TPM shall
17630 the TPM shall return TPM_RC_ATTRIBUTES.
17632 TPM shall return TPM_RC_ATTRIBUTES.
17633 If the implementation does not support TPM2_NV_Increment(), the TPM …
17635 If the implementation does not support TPM2_NV_SetBits(), the TPM …
17637 If the implementation does not support TPM2_NV_Extend(), the TPM …
17639 If the implementation does not support TPM2_NV_UndefineSpaceSpecial(), the TPM shall return
17651 In some implementations, an NV Index with the TPMA_NV_COUNTER attribute may require special TPM
17653 fails because of lack of resources, the TPM will return TPM_RC_NV_SPACE.
17880 This command removes an Index from the TPM.
17881 If nvIndex is not defined, the TPM shall return TPM_RC_HANDLE.
17882 If nvIndex references an Index that has its TPMA_NV_PLATFORMCREATE attribute SET, the TPM shall
17884 If nvIndex references an Index that has its TPMA_NV_POLICY_DELETE attribute SET, the TPM shall
18003 If nvIndex is not defined, the TPM shall return TPM_RC_HANDLE.
18005 TPMA_NV_POLICY_DELETE attribute CLEAR, the TPM shall return TPM_RC_ATTRIBUTES.
18200 If the TPMA_NV_WRITELOCKED attribute of the NV Index is SET, then the TPM shall return
18207 TPM shall return TPM_RC_ATTRIBUTES.
18209 the NV Index data, the TPM shall return TPM_RC_NV_RANGE and not write any data to the NV Index.
18210 If the TPMA_NV_WRITEALL attribute of the NV Index is SET, then the TPM shall return
18213 If all checks succeed, the TPM will merge the data.size octets of data.buffer value into the nvInde…
18215 limitations, the TPM shall check that the merged data is different from the current contents of the…
18354 If TPMA_NV_COUNTER is not SET in the indicated NV Index, the TPM sh…
18356 If TPMA_NV_WRITELOCKED is SET, the TPM shall return TPM_RC_NV_LOCKED.
18361 NOTE 2 If a TPM implements TPMA_NV_ORDERLY and an Index is defined with TPMA_NV_ORDERLY and
18455 35 // Read NV data in native format for TPM CPU.
18503 If TPMA_NV_EXTEND is not SET, then the TPM shall return TPM_RC_ATTRIBUTES.
18509 TPMA_NV_CLEAR_STCLEAR attribute is SET and a TPM Reset or TPM Restart occurs.
18511 If the TPMA_NV_WRITELOCKED attribute of the NV Index is SET, then the TPM shall return
18680 If TPMA_NV_BITS is not SET, then the TPM shall return TPM_RC_ATTRIBUTES.
18826 TPM shall return TPM_RC_ATTRIBUTES.
18828 is SET, then the TPM shall SET TPMA_NV_WRITELOCKED for the NV Index.
19054 If TPMA_NV_READLOCKED of the NV Index is SET, then the TPM shall return TPM_RC_NV_LOCKED.
19060 Index data area, the TPM shall return TPM_RC_NV_RANGE and not read any data from the NV Index.
19189 TPM shall SET TPMA_NV_READLOCKED for the NV Index. If TPMA_NV_READ_STCLEAR of the NV
19190 Index is CLEAR, then the TPM shall return TPM_RC_ATTRIBUTES. TPMA_NV_READLOCKED will be
19334 is used when generating the response HMAC key if required. See TPM 2.0 Part 4