1_BEGIN 2_INPUT_START TPM2_Startup 3_TYPE TPMI_ST_COMMAND_TAG 4_NAME tag 5_COMMENT TPM_ST_NO_SESSIONS 6_TYPE UINT32 7_NAME commandSize 8_TYPE TPM_CC 9_NAME commandCode 10_COMMENT TPM_CC_Startup {NV} 11_TYPE TPM_SU 12_NAME startupType 13_COMMENT TPM_SU_CLEAR or TPM_SU_STATE 14_OUTPUT_START TPM2_Startup 15_TYPE TPM_ST 16_NAME tag 17_COMMENT see clause 8 18_TYPE UINT32 19_NAME responseSize 20_TYPE TPM_RC 21_NAME responseCode 22_INPUT_START TPM2_Shutdown 23_TYPE TPMI_ST_COMMAND_TAG 24_NAME tag 25_TYPE UINT32 26_NAME commandSize 27_TYPE TPM_CC 28_NAME commandCode 29_COMMENT TPM_CC_Shutdown {NV} 30_TYPE TPM_SU 31_NAME shutdownType 32_COMMENT TPM_SU_CLEAR or TPM_SU_STATE 33_OUTPUT_START TPM2_Shutdown 34_TYPE TPM_ST 35_NAME tag 36_COMMENT see clause 8 37_TYPE UINT32 38_NAME responseSize 39_TYPE TPM_RC 40_NAME responseCode 41_INPUT_START TPM2_SelfTest 42_TYPE TPMI_ST_COMMAND_TAG 43_NAME tag 44_TYPE UINT32 45_NAME commandSize 46_TYPE TPM_CC 47_NAME commandCode 48_COMMENT TPM_CC_SelfTest {NV} 49_TYPE TPMI_YES_NO 50_NAME fullTest 51_COMMENT YES if full test to be performed NO if only test of untested functions required 52_OUTPUT_START TPM2_SelfTest 53_TYPE TPM_ST 54_NAME tag 55_COMMENT see clause 8 56_TYPE UINT32 57_NAME responseSize 58_TYPE TPM_RC 59_NAME responseCode 60_INPUT_START TPM2_IncrementalSelfTest 61_TYPE TPMI_ST_COMMAND_TAG 62_NAME tag 63_TYPE UINT32 64_NAME commandSize 65_TYPE TPM_CC 66_NAME commandCode 67_COMMENT TPM_CC_IncrementalSelfTest {NV} 68_TYPE TPML_ALG 69_NAME toTest 70_COMMENT list of algorithms that should be tested 71_OUTPUT_START TPM2_IncrementalSelfTest 72_TYPE TPM_ST 73_NAME tag 74_COMMENT see clause 8 75_TYPE UINT32 76_NAME responseSize 77_TYPE TPM_RC 78_NAME responseCode 79_TYPE TPML_ALG 80_NAME toDoList 81_COMMENT list of algorithms that need testing 82_INPUT_START TPM2_GetTestResult 83_TYPE TPMI_ST_COMMAND_TAG 84_NAME tag 85_TYPE UINT32 86_NAME commandSize 87_TYPE TPM_CC 88_NAME commandCode 89_COMMENT TPM_CC_GetTestResult 90_OUTPUT_START TPM2_GetTestResult 91_TYPE TPMI_ST_COMMAND_TAG 92_NAME tag 93_COMMENT see clause 8 94_TYPE UINT32 95_NAME responseSize 96_TYPE TPM_RC 97_NAME responseCode 98_TYPE TPM2B_MAX_BUFFER 99_NAME outData 100_TYPE TPM_RC 101_NAME testResult 102_COMMENT test result data contains manufacturer-specific information 103_INPUT_START TPM2_StartAuthSession 104_TYPE TPMI_ST_COMMAND_TAG 105_NAME tag 106_TYPE UINT32 107_NAME commandSize 108_TYPE TPM_CC 109_NAME commandCode 110_COMMENT TPM_CC_StartAuthSession 111_TYPE TPMI_DH_OBJECT+ 112_NAME tpmKey 113_COMMENT handle of a loaded decrypt key used to encrypt salt may be TPM_RH_NULL Auth Index: None 114_TYPE TPMI_DH_ENTITY+ 115_NAME bind 116_COMMENT entity providing the authValue may be TPM_RH_NULL Auth Index: None 117_TYPE TPM2B_NONCE 118_NAME nonceCaller 119_COMMENT initial nonceCaller, sets nonce size for the session shall be at least 16 octets 120_TYPE TPM2B_ENCRYPTED_SECRET 121_NAME encryptedSalt 122_COMMENT value encrypted according to the type of tpmKey If tpmKey is TPM_RH_NULL, this shall be the Empty Buffer. 123_TYPE TPM_SE 124_NAME sessionType 125_COMMENT indicates the type of the session; simple HMAC or policy (including a trial policy) 126_TYPE TPMT_SYM_DEF+ 127_NAME symmetric 128_COMMENT the algorithm and key size for parameter encryption may select TPM_ALG_NULL 129_TYPE TPMI_ALG_HASH 130_NAME authHash 131_COMMENT hash algorithm to use for the session Shall be a hash algorithm supported by the TPM and not TPM_ALG_NULL 132_OUTPUT_START TPM2_StartAuthSession 133_TYPE TPM_ST 134_NAME tag 135_COMMENT see clause 8 136_TYPE UINT32 137_NAME responseSize 138_TYPE TPM_RC 139_NAME responseCode 140_TYPE TPMI_SH_AUTH_SESSION 141_NAME sessionHandle 142_COMMENT handle for the newly created session 143_TYPE TPM2B_NONCE 144_NAME nonceTPM 145_COMMENT the initial nonce from the TPM, used in the computation of the sessionKey 146_INPUT_START TPM2_PolicyRestart 147_TYPE TPMI_ST_COMMAND_TAG 148_NAME tag 149_TYPE UINT32 150_NAME commandSize 151_TYPE TPM_CC 152_NAME commandCode 153_COMMENT TPM_CC_PolicyRestart 154_TYPE TPMI_SH_POLICY 155_NAME sessionHandle 156_COMMENT the handle for the policy session 157_OUTPUT_START TPM2_PolicyRestart 158_TYPE TPM_ST 159_NAME tag 160_COMMENT see clause 8 161_TYPE UINT32 162_NAME responseSize 163_TYPE TPM_RC 164_NAME responseCode 165_INPUT_START TPM2_Create 166_TYPE TPMI_ST_COMMAND_TAG 167_NAME tag 168_TYPE UINT32 169_NAME commandSize 170_TYPE TPM_CC 171_NAME commandCode 172_COMMENT TPM_CC_Create 173_TYPE TPMI_DH_OBJECT 174_NAME parentHandle 175_COMMENT handle of parent for new object Auth Index: 1 Auth Role: USER 176_TYPE TPM2B_SENSITIVE_CREATE 177_NAME inSensitive 178_COMMENT the sensitive data 179_TYPE TPM2B_PUBLIC 180_NAME inPublic 181_COMMENT the public template 182_TYPE TPM2B_DATA 183_NAME outsideInfo 184_COMMENT data that will be included in the creation data for this object to provide permanent, verifiable linkage between this object and some object owner data 185_TYPE TPML_PCR_SELECTION 186_NAME creationPCR 187_COMMENT PCR that will be used in creation data 188_OUTPUT_START TPM2_Create 189_TYPE TPM_ST 190_NAME tag 191_COMMENT see clause 8 192_TYPE UINT32 193_NAME responseSize 194_TYPE TPM_RC 195_NAME responseCode 196_TYPE TPM2B_PRIVATE 197_NAME outPrivate 198_COMMENT the private portion of the object 199_TYPE TPM2B_PUBLIC 200_NAME outPublic 201_COMMENT the public portion of the created object 202_TYPE TPM2B_CREATION_DATA 203_NAME creationData 204_COMMENT contains a TPMS_CREATION_DATA 205_TYPE TPM2B_DIGEST 206_NAME creationHash 207_COMMENT digest of creationData using nameAlg of outPublic 208_TYPE TPMT_TK_CREATION 209_NAME creationTicket 210_COMMENT ticket used by TPM2_CertifyCreation() to validate that the creation data was produced by the TPM 211_INPUT_START TPM2_Load 212_TYPE TPMI_ST_COMMAND_TAG 213_NAME tag 214_TYPE UINT32 215_NAME commandSize 216_TYPE TPM_CC 217_NAME commandCode 218_COMMENT TPM_CC_Load 219_TYPE TPMI_DH_OBJECT 220_NAME parentHandle 221_COMMENT TPM handle of parent key; shall not be a reserved handle Auth Index: 1 Auth Role: USER 222_TYPE TPM2B_PRIVATE 223_NAME inPrivate 224_COMMENT the private portion of the object 225_TYPE TPM2B_PUBLIC 226_NAME inPublic 227_COMMENT the public portion of the object 228_OUTPUT_START TPM2_Load 229_TYPE TPM_ST 230_NAME tag 231_COMMENT see clause 8 232_TYPE UINT32 233_NAME responseSize 234_TYPE TPM_RC 235_NAME responseCode 236_TYPE TPM_HANDLE 237_NAME objectHandle 238_COMMENT handle for the loaded object 239_TYPE TPM2B_NAME 240_NAME name 241_COMMENT Name of the loaded object 242_INPUT_START TPM2_LoadExternal 243_TYPE TPMI_ST_COMMAND_TAG 244_NAME tag 245_TYPE UINT32 246_NAME commandSize 247_TYPE TPM_CC 248_NAME commandCode 249_COMMENT TPM_CC_LoadExternal 250_TYPE TPM2B_SENSITIVE 251_NAME inPrivate 252_COMMENT the sensitive portion of the object (optional) 253_TYPE TPM2B_PUBLIC+ 254_NAME inPublic 255_COMMENT the public portion of the object 256_TYPE TPMI_RH_HIERARCHY+ 257_NAME hierarchy 258_COMMENT hierarchy with which the object area is associated 259_OUTPUT_START TPM2_LoadExternal 260_TYPE TPM_ST 261_NAME tag 262_COMMENT see clause 8 263_TYPE UINT32 264_NAME responseSize 265_TYPE TPM_RC 266_NAME responseCode 267_TYPE TPM_HANDLE 268_NAME objectHandle 269_COMMENT handle for the loaded object 270_TYPE TPM2B_NAME 271_NAME name 272_COMMENT name of the loaded object 273_INPUT_START TPM2_ReadPublic 274_TYPE TPMI_ST_COMMAND_TAG 275_NAME tag 276_TYPE UINT32 277_NAME commandSize 278_TYPE TPM_CC 279_NAME commandCode 280_COMMENT TPM_CC_ReadPublic 281_TYPE TPMI_DH_OBJECT 282_NAME objectHandle 283_COMMENT TPM handle of an object Auth Index: None 284_OUTPUT_START TPM2_ReadPublic 285_TYPE TPM_ST 286_NAME tag 287_COMMENT see clause 8 288_TYPE UINT32 289_NAME responseSize 290_TYPE TPM_RC 291_NAME responseCode 292_TYPE TPM2B_PUBLIC 293_NAME outPublic 294_COMMENT structure containing the public area of an object 295_TYPE TPM2B_NAME 296_NAME name 297_COMMENT name of the object 298_TYPE TPM2B_NAME 299_NAME qualifiedName 300_COMMENT the Qualified Name of the object 301_INPUT_START TPM2_ActivateCredential 302_TYPE TPMI_ST_COMMAND_TAG 303_NAME tag 304_TYPE UINT32 305_NAME commandSize 306_TYPE TPM_CC 307_NAME commandCode 308_COMMENT TPM_CC_ActivateCredential 309_TYPE TPMI_DH_OBJECT 310_NAME activateHandle 311_COMMENT handle of the object associated with certificate in credentialBlob Auth Index: 1 Auth Role: ADMIN 312_TYPE TPMI_DH_OBJECT 313_NAME keyHandle 314_COMMENT loaded key used to decrypt the TPMS_SENSITIVE in credentialBlob Auth Index: 2 Auth Role: USER 315_TYPE TPM2B_ID_OBJECT 316_NAME credentialBlob 317_COMMENT the credential 318_TYPE TPM2B_ENCRYPTED_SECRET 319_NAME secret 320_COMMENT keyHandle algorithm-dependent encrypted seed that protects credentialBlob 321_OUTPUT_START TPM2_ActivateCredential 322_TYPE TPM_ST 323_NAME tag 324_COMMENT see clause 8 325_TYPE UINT32 326_NAME responseSize 327_TYPE TPM_RC 328_NAME responseCode 329_TYPE TPM2B_DIGEST 330_NAME certInfo 331_COMMENT the decrypted certificate information the data should be no larger than the size of the digest of the nameAlg associated with keyHandle 332_INPUT_START TPM2_MakeCredential 333_TYPE TPMI_ST_COMMAND_TAG 334_NAME tag 335_TYPE UINT32 336_NAME commandSize 337_TYPE TPM_CC 338_NAME commandCode 339_COMMENT TPM_CC_MakeCredential 340_TYPE TPMI_DH_OBJECT 341_NAME handle 342_COMMENT loaded public area, used to encrypt the sensitive area containing the credential key Auth Index: None 343_TYPE TPM2B_DIGEST 344_NAME credential 345_COMMENT the credential information 346_TYPE TPM2B_NAME 347_NAME objectName 348_COMMENT Name of the object to which the credential applies 349_OUTPUT_START TPM2_MakeCredential 350_TYPE TPM_ST 351_NAME tag 352_COMMENT see clause 8 353_TYPE UINT32 354_NAME responseSize 355_TYPE TPM_RC 356_NAME responseCode 357_TYPE TPM2B_ID_OBJECT 358_NAME credentialBlob 359_TYPE TPM2B_ENCRYPTED_SECRET 360_NAME secret 361_COMMENT the credential handle algorithm-dependent data that wraps the key that encrypts credentialBlob 362_INPUT_START TPM2_Unseal 363_TYPE TPMI_ST_COMMAND_TAG 364_NAME Tag 365_TYPE UINT32 366_NAME commandSize 367_TYPE TPM_CC 368_NAME commandCode 369_COMMENT TPM_CC_Unseal 370_TYPE TPMI_DH_OBJECT 371_NAME itemHandle 372_COMMENT handle of a loaded data object Auth Index: 1 Auth Role: USER 373_OUTPUT_START TPM2_Unseal 374_TYPE TPM_ST 375_NAME tag 376_COMMENT see clause 8 377_TYPE UINT32 378_NAME responseSize 379_TYPE TPM_RC 380_NAME responseCode 381_TYPE TPM2B_SENSITIVE_DATA 382_NAME outData 383_COMMENT unsealed data Size of outData is limited to be no more than 128 octets. 384_INPUT_START TPM2_ObjectChangeAuth 385_TYPE TPMI_ST_COMMAND_TAG 386_NAME tag 387_TYPE UINT32 388_NAME commandSize 389_TYPE TPM_CC 390_NAME commandCode 391_COMMENT TPM_CC_ObjectChangeAuth 392_TYPE TPMI_DH_OBJECT 393_NAME objectHandle 394_COMMENT handle of the object Auth Index: 1 Auth Role: ADMIN 395_TYPE TPMI_DH_OBJECT 396_NAME parentHandle 397_COMMENT handle of the parent Auth Index: None 398_TYPE TPM2B_AUTH 399_NAME newAuth 400_COMMENT new authorization value 401_OUTPUT_START TPM2_ObjectChangeAuth 402_TYPE TPM_ST 403_NAME tag 404_COMMENT see clause 8 405_TYPE UINT32 406_NAME responseSize 407_TYPE TPM_RC 408_NAME responseCode 409_TYPE TPM2B_PRIVATE 410_NAME outPrivate 411_COMMENT private area containing the new authorization value 412_INPUT_START TPM2_Duplicate 413_TYPE TPMI_ST_COMMAND_TAG 414_NAME tag 415_TYPE UINT32 416_NAME commandSize 417_TYPE TPM_CC 418_NAME commandCode 419_COMMENT TPM_CC_Duplicate 420_TYPE TPMI_DH_OBJECT 421_NAME objectHandle 422_COMMENT loaded object to duplicate Auth Index: 1 Auth Role: DUP 423_TYPE TPMI_DH_OBJECT+ 424_NAME newParentHandle 425_COMMENT shall reference the public area of an asymmetric key Auth Index: None 426_TYPE TPM2B_DATA 427_NAME encryptionKeyIn 428_COMMENT optional symmetric encryption key The size for this key is set to zero when the TPM is to generate the key. This parameter may be encrypted. 429_TYPE TPMT_SYM_DEF_OBJECT+ 430_NAME symmetricAlg 431_COMMENT definition for the symmetric algorithm to be used for the inner wrapper may be TPM_ALG_NULL if no inner wrapper is applied 432_OUTPUT_START TPM2_Duplicate 433_TYPE TPM_ST 434_NAME tag 435_COMMENT see clause 8 436_TYPE UINT32 437_NAME responseSize 438_TYPE TPM_RC 439_NAME responseCode 440_TYPE TPM2B_DATA 441_NAME encryptionKeyOut 442_COMMENT If the caller provided an encryption key or if symmetricAlg was TPM_ALG_NULL, then this will be the Empty Buffer; otherwise, it shall contain the TPMgenerated, symmetric encryption key for the inner wrapper. 443_TYPE TPM2B_PRIVATE 444_NAME duplicate 445_COMMENT private area that may be encrypted by encryptionKeyIn; and may be doubly encrypted 446_TYPE TPM2B_ENCRYPTED_SECRET 447_NAME outSymSeed 448_COMMENT seed protected by the asymmetric algorithms of new parent (NP) 449_INPUT_START TPM2_Rewrap 450_TYPE TPMI_ST_COMMAND_TAG 451_NAME tag 452_TYPE UINT32 453_NAME commandSize 454_TYPE TPM_CC 455_NAME commandCode 456_COMMENT TPM_CC_Rewrap 457_TYPE TPMI_DH_OBJECT+ 458_NAME oldParent 459_COMMENT parent of object Auth Index: 1 Auth Role: User 460_TYPE TPMI_DH_OBJECT+ 461_NAME newParent 462_COMMENT new parent of the object Auth Index: None 463_TYPE TPM2B_PRIVATE 464_NAME inDuplicate 465_COMMENT an object encrypted using symmetric key derived from inSymSeed 466_TYPE TPM2B_NAME 467_NAME name 468_COMMENT the Name of the object being rewrapped 469_TYPE TPM2B_ENCRYPTED_SECRET 470_NAME inSymSeed 471_COMMENT seed for symmetric key needs oldParent private key to recover the seed and generate the symmetric key 472_OUTPUT_START TPM2_Rewrap 473_TYPE TPM_ST 474_NAME tag 475_COMMENT see clause 8 476_TYPE UINT32 477_NAME responseSize 478_TYPE TPM_RC 479_NAME responseCode 480_TYPE TPM2B_PRIVATE 481_NAME outDuplicate 482_TYPE TPM2B_ENCRYPTED_SECRET 483_NAME outSymSeed 484_COMMENT an object encrypted using symmetric key derived from outSymSeed seed for a symmetric key protected by newParent asymmetric key 485_INPUT_START TPM2_Import 486_TYPE TPMI_ST_COMMAND_TAG 487_NAME tag 488_TYPE UINT32 489_NAME commandSize 490_TYPE TPM_CC 491_NAME commandCode 492_COMMENT TPM_CC_Import 493_TYPE TPMI_DH_OBJECT 494_NAME parentHandle 495_COMMENT the handle of the new parent for the object Auth Index: 1 Auth Role: USER 496_TYPE TPM2B_DATA 497_NAME encryptionKey 498_COMMENT the optional symmetric encryption key used as the inner wrapper for duplicate If symmetricAlg is TPM_ALG_NULL, then this parameter shall be the Empty Buffer. 499_TYPE TPM2B_PUBLIC 500_NAME objectPublic 501_COMMENT the public area of the object to be imported This is provided so that the integrity value for duplicate and the object attributes can be checked. NOTE 502_TYPE TPM2B_PRIVATE 503_NAME duplicate 504_COMMENT Even if the integrity value of the object is not checked on input, the object Name is required to create the integrity value for the imported object. the symmetrically encrypted duplicate object that may contain an inner symmetric wrapper 505_TYPE TPM2B_ENCRYPTED_SECRET 506_NAME inSymSeed 507_COMMENT symmetric key used to encrypt duplicate inSymSeed is encrypted/encoded using the algorithms of newParent. 508_TYPE TPMT_SYM_DEF_OBJECT+ 509_NAME symmetricAlg 510_COMMENT definition for the symmetric algorithm to use for the inner wrapper If this algorithm is TPM_ALG_NULL, no inner wrapper is present and encryptionKey shall be the Empty Buffer. 511_OUTPUT_START TPM2_Import 512_TYPE TPM_ST 513_NAME tag 514_COMMENT see clause 8 515_TYPE UINT32 516_NAME responseSize 517_TYPE TPM_RC 518_NAME responseCode 519_TYPE TPM2B_PRIVATE 520_NAME outPrivate 521_COMMENT the sensitive area encrypted with the symmetric key of parentHandle 522_INPUT_START TPM2_RSA_Encrypt 523_TYPE TPMI_ST_COMMAND_TAG 524_NAME tag 525_TYPE UINT32 526_NAME commandSize 527_TYPE TPM_CC 528_NAME commandCode 529_COMMENT TPM_CC_RSA_Encrypt 530_TYPE TPMI_DH_OBJECT 531_NAME keyHandle 532_COMMENT reference to public portion of RSA key to use for encryption Auth Index: None message to be encrypted 533_TYPE TPM2B_PUBLIC_KEY_RSA 534_NAME message 535_TYPE TPMT_RSA_DECRYPT+ 536_NAME inScheme 537_TYPE TPM2B_DATA 538_NAME label 539_COMMENT NOTE 1 The data type was chosen because it limits the overall size of the input to no greater than the size of the largest RSA public key. This may be larger than allowed for keyHandle. the padding scheme to use if scheme associated with keyHandle is TPM_ALG_NULL optional label L to be associated with the message Size of the buffer is zero if no label is present NOTE 2 See description of label above. 540_OUTPUT_START TPM2_RSA_Encrypt 541_TYPE TPM_ST 542_NAME tag 543_COMMENT see clause 8 544_TYPE UINT32 545_NAME responseSize 546_TYPE TPM_RC 547_NAME responseCode 548_TYPE TPM2B_PUBLIC_KEY_RSA 549_NAME outData 550_COMMENT encrypted output 551_INPUT_START TPM2_RSA_Decrypt 552_TYPE TPMI_ST_COMMAND_TAG 553_NAME tag 554_TYPE UINT32 555_NAME commandSize 556_TYPE TPM_CC 557_NAME commandCode 558_COMMENT TPM_CC_RSA_Decrypt 559_TYPE TPMI_DH_OBJECT 560_NAME keyHandle 561_COMMENT RSA key to use for decryption Auth Index: 1 Auth Role: USER 562_TYPE TPM2B_PUBLIC_KEY_RSA 563_NAME cipherText 564_COMMENT NOTE 565_TYPE TPMT_RSA_DECRYPT+ 566_NAME inScheme 567_COMMENT the padding scheme to use if scheme associated with keyHandle is TPM_ALG_NULL 568_TYPE TPM2B_DATA 569_NAME label 570_COMMENT label whose association with the message is to be verified cipher text to be decrypted An encrypted RSA data block is the size of the public modulus. 571_OUTPUT_START TPM2_RSA_Decrypt 572_TYPE TPM_ST 573_NAME tag 574_COMMENT see clause 8 575_TYPE UINT32 576_NAME responseSize 577_TYPE TPM_RC 578_NAME responseCode 579_TYPE TPM2B_PUBLIC_KEY_RSA 580_NAME message 581_COMMENT decrypted output 582_INPUT_START TPM2_ECDH_KeyGen 583_TYPE TPMI_ST_COMMAND_TAG 584_NAME tag 585_TYPE UINT32 586_NAME commandSize 587_TYPE TPM_CC 588_NAME commandCode 589_COMMENT TPM_CC_ECDH_KeyGen 590_TYPE TPMI_DH_OBJECT 591_NAME keyHandle 592_COMMENT Handle of a loaded ECC key public area. Auth Index: None 593_OUTPUT_START TPM2_ECDH_KeyGen 594_TYPE TPM_ST 595_NAME tag 596_COMMENT see clause 8 597_TYPE UINT32 598_NAME responseSize 599_TYPE TPM_RC 600_NAME responseCode 601_TYPE TPM2B_ECC_POINT 602_NAME zPoint 603_COMMENT results of P ≔ h[de]Qs 604_TYPE TPM2B_ECC_POINT 605_NAME pubPoint 606_COMMENT generated ephemeral public point (Qe) 607_INPUT_START TPM2_ECDH_ZGen 608_TYPE TPMI_ST_COMMAND_TAG 609_NAME tag 610_TYPE UINT32 611_NAME commandSize 612_TYPE TPM_CC 613_NAME commandCode 614_COMMENT TPM_CC_ECDH_ZGen 615_TYPE TPMI_DH_OBJECT 616_NAME keyHandle 617_COMMENT handle of a loaded ECC key Auth Index: 1 Auth Role: USER 618_TYPE TPM2B_ECC_POINT 619_NAME inPoint 620_COMMENT a public key 621_OUTPUT_START TPM2_ECDH_ZGen 622_TYPE TPM_ST 623_NAME tag 624_COMMENT see clause 8 625_TYPE UINT32 626_NAME responseSize 627_TYPE TPM_RC 628_NAME responseCode 629_TYPE TPM2B_ECC_POINT 630_NAME outPoint 631_COMMENT X and Y coordinates of the product of the multiplication Z = (xZ , yZ) ≔ [hdS]QB 632_INPUT_START TPM2_ECC_Parameters 633_TYPE TPMI_ST_COMMAND_TAG 634_NAME tag 635_TYPE UINT32 636_NAME commandSize 637_TYPE TPM_CC 638_NAME commandCode 639_COMMENT TPM_CC_ECC_Parameters 640_TYPE TPMI_ECC_CURVE 641_NAME curveID 642_COMMENT parameter set selector 643_OUTPUT_START TPM2_ECC_Parameters 644_TYPE TPM_ST 645_NAME tag 646_COMMENT see clause 8 647_TYPE UINT32 648_NAME responseSize 649_TYPE TPM_RC 650_NAME responseCode 651_TYPE TPMS_ALGORITHM_DETAIL_ECC 652_NAME parameters 653_COMMENT ECC parameters for the selected curve 654_INPUT_START TPM2_ZGen_2Phase 655_TYPE TPMI_ST_COMMAND_TAG 656_NAME tag 657_TYPE UINT32 658_NAME commandSize 659_TYPE TPM_CC 660_NAME commandCode 661_COMMENT TPM_CC_ZGen_2Phase handle of an unrestricted decryption key ECC The private key referenced by this handle is used as dS,A 662_TYPE TPMI_DH_OBJECT 663_NAME keyA 664_TYPE TPM2B_ECC_POINT 665_NAME inQsB 666_COMMENT other party’s static public key (Qs,B = (Xs,B, Ys,B)) 667_TYPE TPM2B_ECC_POINT 668_NAME inQeB 669_COMMENT other party's ephemeral public key (Qe,B = (Xe,B, Ye,B)) 670_TYPE TPMI_ECC_KEY_EXCHANGE 671_NAME inScheme 672_COMMENT the key exchange scheme 673_TYPE UINT16 674_NAME counter 675_COMMENT value returned by TPM2_EC_Ephemeral() Auth Index: 1 Auth Role: USER 676_OUTPUT_START TPM2_ZGen_2Phase 677_TYPE TPM_ST 678_NAME tag 679_TYPE UINT32 680_NAME responseSize 681_TYPE TPM_RC 682_NAME responseCode 683_TYPE TPM2B_ECC_POINT 684_NAME outZ1 685_COMMENT X and Y coordinates of the computed value (scheme dependent) 686_TYPE TPM2B_ECC_POINT 687_NAME outZ2 688_COMMENT X and Y coordinates of the second computed value (scheme dependent) 16.7.3 1 2 3 689_INPUT_START TPM2_EncryptDecrypt 690_TYPE TPMI_ST_COMMAND_TAG 691_NAME tag 692_TYPE UINT32 693_NAME commandSize 694_TYPE TPM_CC 695_NAME commandCode 696_COMMENT TPM_CC_EncryptDecrypt 697_TYPE TPMI_DH_OBJECT 698_NAME keyHandle 699_COMMENT the symmetric key used for the operation Auth Index: 1 Auth Role: USER 700_TYPE TPMI_YES_NO 701_NAME decrypt 702_COMMENT if YES, then the operation is decryption; if NO, the operation is encryption 703_TYPE TPMI_ALG_SYM_MODE+ 704_NAME mode 705_COMMENT symmetric mode For a restricted key, this field shall match the default mode of the key or be TPM_ALG_NULL. 706_TYPE TPM2B_IV 707_NAME ivIn 708_COMMENT an initial value as required by the algorithm 709_TYPE TPM2B_MAX_BUFFER 710_NAME inData 711_COMMENT the data to be encrypted/decrypted 712_OUTPUT_START TPM2_EncryptDecrypt 713_TYPE TPM_ST 714_NAME tag 715_COMMENT see clause 8 716_TYPE UINT32 717_NAME responseSize 718_TYPE TPM_RC 719_NAME responseCode 720_TYPE TPM2B_MAX_BUFFER 721_NAME outData 722_COMMENT encrypted output 723_TYPE TPM2B_IV 724_NAME ivOut 725_COMMENT chaining value to use for IV in next round 726_INPUT_START TPM2_Hash 727_TYPE TPMI_ST_COMMAND_TAG 728_NAME tag 729_COMMENT Shall have at least one session 730_TYPE UINT32 731_NAME commandSize 732_TYPE TPM_CC 733_NAME commandCode 734_COMMENT TPM_CC_Hash 735_TYPE TPM2B_MAX_BUFFER 736_NAME data 737_COMMENT data to be hashed 738_TYPE TPMI_ALG_HASH 739_NAME hashAlg 740_COMMENT algorithm for the hash being computed – shall not be TPM_ALG_NULL 741_TYPE TPMI_RH_HIERARCHY+ 742_NAME hierarchy 743_COMMENT hierarchy to use for the ticket (TPM_RH_NULL allowed) 744_OUTPUT_START TPM2_Hash 745_TYPE TPM_ST 746_NAME tag 747_COMMENT see clause 8 748_TYPE UINT32 749_NAME responseSize 750_TYPE TPM_RC 751_NAME responseCode 752_TYPE TPM2B_DIGEST 753_NAME outHash 754_COMMENT results 755_TYPE TPMT_TK_HASHCHECK 756_NAME validation 757_COMMENT ticket indicating that the sequence of octets used to compute outDigest did not start with TPM_GENERATED_VALUE will be a NULL ticket if the digest may not be signed with a restricted key 758_INPUT_START TPM2_HMAC 759_TYPE TPMI_ST_COMMAND_TAG 760_NAME tag 761_TYPE UINT32 762_NAME commandSize 763_TYPE TPM_CC 764_NAME commandCode 765_COMMENT TPM_CC_HMAC 766_TYPE TPMI_DH_OBJECT 767_NAME handle 768_COMMENT handle for the symmetric signing key providing the HMAC key Auth Index: 1 Auth Role: USER 769_TYPE TPM2B_MAX_BUFFER 770_NAME buffer 771_COMMENT HMAC data 772_TYPE TPMI_ALG_HASH+ 773_NAME hashAlg 774_COMMENT algorithm to use for HMAC 775_OUTPUT_START TPM2_HMAC 776_TYPE TPM_ST 777_NAME tag 778_COMMENT see clause 8 779_TYPE UINT32 780_NAME responseSize 781_TYPE TPM_RC 782_NAME responseCode 783_TYPE TPM2B_DIGEST 784_NAME outHMAC 785_COMMENT the returned HMAC in a sized buffer 786_INPUT_START TPM2_GetRandom 787_TYPE TPMI_ST_COMMAND_TAG 788_NAME tag 789_TYPE UINT32 790_NAME commandSize 791_TYPE TPM_CC 792_NAME commandCode 793_COMMENT TPM_CC_GetRandom 794_TYPE UINT16 795_NAME bytesRequested 796_COMMENT number of octets to return 797_OUTPUT_START TPM2_GetRandom 798_TYPE TPM_ST 799_NAME tag 800_COMMENT see clause 8 801_TYPE UINT32 802_NAME responseSize 803_TYPE TPM_RC 804_NAME responseCode 805_TYPE TPM2B_DIGEST 806_NAME randomBytes 807_COMMENT the random octets 808_INPUT_START TPM2_StirRandom 809_TYPE TPMI_ST_COMMAND_TAG 810_NAME tag 811_TYPE UINT32 812_NAME commandSize 813_TYPE TPM_CC 814_NAME commandCode 815_COMMENT TPM_CC_StirRandom {NV} 816_TYPE TPM2B_SENSITIVE_DATA 817_NAME inData 818_COMMENT additional information 819_OUTPUT_START TPM2_StirRandom 820_TYPE TPM_ST 821_NAME tag 822_COMMENT see clause 8 823_TYPE UINT32 824_NAME responseSize 825_TYPE TPM_RC 826_NAME responseCode 827_INPUT_START TPM2_HMAC_Start 828_TYPE TPMI_ST_COMMAND_TAG 829_NAME tag 830_TYPE UINT32 831_NAME commandSize 832_TYPE TPM_CC 833_NAME commandCode 834_COMMENT TPM_CC_HMAC_Start 835_TYPE TPMI_DH_OBJECT 836_NAME handle 837_COMMENT handle of an HMAC key Auth Index: 1 Auth Role: USER 838_TYPE TPM2B_AUTH 839_NAME auth 840_COMMENT authorization value for subsequent use of the sequence 841_TYPE TPMI_ALG_HASH+ 842_NAME hashAlg 843_COMMENT the hash algorithm to use for the HMAC 844_OUTPUT_START TPM2_HMAC_Start 845_TYPE TPM_ST 846_NAME tag 847_COMMENT see clause 8 848_TYPE UINT32 849_NAME responseSize 850_TYPE TPM_RC 851_NAME responseCode 852_TYPE TPMI_DH_OBJECT 853_NAME sequenceHandle 854_COMMENT a handle to reference the sequence 855_INPUT_START TPM2_HashSequenceStart 856_TYPE TPMI_ST_COMMAND_TAG 857_NAME tag 858_TYPE UINT32 859_NAME commandSize 860_TYPE TPM_CC 861_NAME commandCode 862_COMMENT TPM_CC_HashSequenceStart 863_TYPE TPM2B_AUTH 864_NAME auth 865_COMMENT authorization value for subsequent use of the sequence 866_TYPE TPMI_ALG_HASH+ 867_NAME hashAlg 868_COMMENT the hash algorithm to use for the hash sequence An Event sequence starts if this is TPM_ALG_NULL. 869_OUTPUT_START TPM2_HashSequenceStart 870_TYPE TPM_ST 871_NAME tag 872_COMMENT see clause 8 873_TYPE UINT32 874_NAME responseSize 875_TYPE TPM_RC 876_NAME responseCode 877_TYPE TPMI_DH_OBJECT 878_NAME sequenceHandle 879_COMMENT a handle to reference the sequence 880_INPUT_START TPM2_SequenceUpdate 881_TYPE TPMI_ST_COMMAND_TAG 882_NAME tag 883_TYPE UINT32 884_NAME commandSize 885_TYPE TPM_CC 886_NAME commandCode 887_COMMENT TPM_CC_SequenceUpdate 888_TYPE TPMI_DH_OBJECT 889_NAME sequenceHandle 890_COMMENT handle for the sequence object Auth Index: 1 Auth Role: USER 891_TYPE TPM2B_MAX_BUFFER 892_NAME buffer 893_COMMENT data to be added to hash 894_OUTPUT_START TPM2_SequenceUpdate 895_TYPE TPM_ST 896_NAME tag 897_COMMENT see clause 8 898_TYPE UINT32 899_NAME responseSize 900_TYPE TPM_RC 901_NAME responseCode 902_INPUT_START TPM2_SequenceComplete 903_TYPE TPMI_ST_COMMAND_TAG 904_NAME tag 905_TYPE UINT32 906_NAME commandSize 907_TYPE TPM_CC 908_NAME commandCode 909_COMMENT TPM_CC_SequenceComplete {F} 910_TYPE TPMI_DH_OBJECT 911_NAME sequenceHandle 912_COMMENT authorization for the sequence Auth Index: 1 Auth Role: USER 913_TYPE TPM2B_MAX_BUFFER 914_NAME buffer 915_COMMENT data to be added to the hash/HMAC 916_TYPE TPMI_RH_HIERARCHY+ 917_NAME hierarchy 918_COMMENT hierarchy of the ticket for a hash 919_OUTPUT_START TPM2_SequenceComplete 920_TYPE TPM_ST 921_NAME tag 922_COMMENT see clause 8 923_TYPE UINT32 924_NAME responseSize 925_TYPE TPM_RC 926_NAME responseCode 927_TYPE TPM2B_DIGEST 928_NAME result 929_COMMENT the returned HMAC or digest in a sized buffer 930_TYPE TPMT_TK_HASHCHECK 931_NAME validation 932_COMMENT ticket indicating that the sequence of octets used to compute outDigest did not start with TPM_GENERATED_VALUE This is a NULL Ticket when the session is HMAC. 933_INPUT_START TPM2_EventSequenceComplete 934_TYPE TPMI_ST_COMMAND_TAG 935_NAME tag 936_TYPE UINT32 937_NAME commandSize 938_TYPE TPM_CC 939_NAME commandCode 940_COMMENT TPM_CC_EventSequenceComplete {NV F} 941_TYPE TPMI_DH_PCR+ 942_NAME pcrHandle 943_COMMENT PCR to be extended with the Event data Auth Index: 1 Auth Role: USER 944_TYPE TPMI_DH_OBJECT 945_NAME sequenceHandle 946_COMMENT authorization for the sequence Auth Index: 2 Auth Role: USER 947_TYPE TPM2B_MAX_BUFFER 948_NAME buffer 949_COMMENT data to be added to the Event 950_OUTPUT_START TPM2_EventSequenceComplete 951_TYPE TPM_ST 952_NAME tag 953_COMMENT see clause 8 954_TYPE UINT32 955_NAME responseSize 956_TYPE TPM_RC 957_NAME responseCode 958_TYPE TPML_DIGEST_VALUES 959_NAME results 960_COMMENT list of digests computed for the PCR 961_INPUT_START TPM2_Certify 962_TYPE TPMI_ST_COMMAND_TAG 963_NAME tag 964_TYPE UINT32 965_NAME commandSize 966_TYPE TPM_CC 967_NAME commandCode 968_COMMENT TPM_CC_Certify 969_TYPE TPMI_DH_OBJECT 970_NAME objectHandle 971_COMMENT handle of the object to be certified Auth Index: 1 Auth Role: ADMIN 972_TYPE TPMI_DH_OBJECT+ 973_NAME signHandle 974_COMMENT handle of the key used to sign the attestation structure Auth Index: 2 Auth Role: USER 975_TYPE TPM2B_DATA 976_NAME qualifyingData 977_COMMENT user provided qualifying data 978_TYPE TPMT_SIG_SCHEME+ 979_NAME inScheme 980_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 981_OUTPUT_START TPM2_Certify 982_TYPE TPM_ST 983_NAME tag 984_COMMENT see clause 8 985_TYPE UINT32 986_NAME responseSize 987_TYPE TPM_RC 988_NAME responseCode 989_COMMENT . 990_TYPE TPM2B_ATTEST 991_NAME certifyInfo 992_COMMENT the structure that was signed 993_TYPE TPMT_SIGNATURE 994_NAME signature 995_COMMENT the asymmetric signature over certifyInfo using the key referenced by signHandle 996_INPUT_START TPM2_CertifyCreation 997_TYPE TPMI_ST_COMMAND_TAG 998_NAME tag 999_TYPE UINT32 1000_NAME commandSize 1001_TYPE TPM_CC 1002_NAME commandCode 1003_COMMENT TPM_CC_CertifyCreation 1004_TYPE TPMI_DH_OBJECT+ 1005_NAME signHandle 1006_COMMENT handle of the key that will sign the attestation block Auth Index: 1 Auth Role: USER 1007_TYPE TPMI_DH_OBJECT 1008_NAME objectHandle 1009_COMMENT the object associated with the creation data Auth Index: None 1010_TYPE TPM2B_DATA 1011_NAME qualifyingData 1012_COMMENT user-provided qualifying data 1013_TYPE TPM2B_DIGEST 1014_NAME creationHash 1015_COMMENT hash of the creation data produced by TPM2_Create() or TPM2_CreatePrimary() 1016_TYPE TPMT_SIG_SCHEME+ 1017_NAME inScheme 1018_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 1019_TYPE TPMT_TK_CREATION 1020_NAME creationTicket 1021_COMMENT ticket produced by TPM2_Create() or TPM2_CreatePrimary() 1022_OUTPUT_START TPM2_CertifyCreation 1023_TYPE TPM_ST 1024_NAME tag 1025_COMMENT see clause 8 1026_TYPE UINT32 1027_NAME responseSize 1028_TYPE TPM_RC 1029_NAME responseCode 1030_TYPE TPM2B_ATTEST 1031_NAME certifyInfo 1032_COMMENT the structure that was signed 1033_TYPE TPMT_SIGNATURE 1034_NAME signature 1035_COMMENT the signature over certifyInfo 1036_INPUT_START TPM2_Quote 1037_TYPE TPMI_ST_COMMAND_TAG 1038_NAME tag 1039_TYPE UINT32 1040_NAME commandSize 1041_TYPE TPM_CC 1042_NAME commandCode 1043_COMMENT TPM_CC_Quote 1044_TYPE TPMI_DH_OBJECT 1045_NAME signHandle 1046_COMMENT handle of key that will perform signature Auth Index: 1 Auth Role: USER 1047_TYPE TPM2B_DATA 1048_NAME qualifyingData 1049_COMMENT data supplied by the caller 1050_TYPE TPMT_SIG_SCHEME+ 1051_NAME inScheme 1052_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 1053_TYPE TPML_PCR_SELECTION 1054_NAME PCRselect 1055_COMMENT PCR set to quote 1056_OUTPUT_START TPM2_Quote 1057_TYPE TPM_ST 1058_NAME tag 1059_COMMENT see clause 8 1060_TYPE UINT32 1061_NAME responseSize 1062_TYPE TPM_RC 1063_NAME responseCode 1064_TYPE TPM2B_ATTEST 1065_NAME quoted 1066_COMMENT the quoted information 1067_TYPE TPMT_SIGNATURE 1068_NAME signature 1069_COMMENT the signature over quoted 1070_INPUT_START TPM2_GetSessionAuditDigest 1071_TYPE TPMI_ST_COMMAND_TAG 1072_NAME tag 1073_TYPE UINT32 1074_NAME commandSize 1075_TYPE TPM_CC 1076_NAME commandCode 1077_COMMENT TPM_CC_GetSessionAuditDigest 1078_TYPE TPMI_RH_ENDORSEMENT 1079_NAME privacyAdminHandle 1080_COMMENT handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER 1081_TYPE TPMI_DH_OBJECT+ 1082_NAME signHandle 1083_COMMENT handle of the signing key Auth Index: 2 Auth Role: USER 1084_TYPE TPMI_SH_HMAC 1085_NAME sessionHandle 1086_COMMENT handle of the audit session Auth Index: None 1087_TYPE TPM2B_DATA 1088_NAME qualifyingData 1089_COMMENT user-provided qualifying data – may be zero-length 1090_TYPE TPMT_SIG_SCHEME+ 1091_NAME inScheme 1092_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 1093_OUTPUT_START TPM2_GetSessionAuditDigest 1094_TYPE TPM_ST 1095_NAME tag 1096_COMMENT see clause 8 1097_TYPE UINT32 1098_NAME responseSize 1099_TYPE TPM_RC 1100_NAME responseCode 1101_TYPE TPM2B_ATTEST 1102_NAME auditInfo 1103_COMMENT the audit information that was signed 1104_TYPE TPMT_SIGNATURE 1105_NAME signature 1106_COMMENT the signature over auditInfo 1107_INPUT_START TPM2_GetCommandAuditDigest 1108_TYPE TPMI_ST_COMMAND_TAG 1109_NAME tag 1110_TYPE UINT32 1111_NAME commandSize 1112_TYPE TPM_CC 1113_NAME commandCode 1114_COMMENT TPM_CC_GetCommandAuditDigest {NV} 1115_TYPE TPMI_RH_ENDORSEMENT 1116_NAME privacyHandle 1117_COMMENT handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER 1118_TYPE TPMI_DH_OBJECT+ 1119_NAME signHandle 1120_COMMENT the handle of the signing key Auth Index: 2 Auth Role: USER 1121_TYPE TPM2B_DATA 1122_NAME qualifyingData 1123_COMMENT other data to associate with this audit digest 1124_TYPE TPMT_SIG_SCHEME+ 1125_NAME inScheme 1126_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 1127_OUTPUT_START TPM2_GetCommandAuditDigest 1128_TYPE TPM_ST 1129_NAME tag 1130_COMMENT see clause 8 1131_TYPE UINT32 1132_NAME responseSize 1133_TYPE TPM_RC 1134_NAME responseCode 1135_TYPE TPM2B_ATTEST 1136_NAME auditInfo 1137_COMMENT the auditInfo that was signed 1138_TYPE TPMT_SIGNATURE 1139_NAME signature 1140_COMMENT the signature over auditInfo 1141_INPUT_START TPM2_GetTime 1142_TYPE TPMI_ST_COMMAND_TAG 1143_NAME tag 1144_TYPE UINT32 1145_NAME commandSize 1146_TYPE TPM_CC 1147_NAME commandCode 1148_COMMENT TPM_CC_GetTime 1149_TYPE TPMI_RH_ENDORSEMENT 1150_NAME privacyAdminHandle 1151_COMMENT handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER 1152_TYPE TPMI_DH_OBJECT+ 1153_NAME signHandle 1154_COMMENT the keyHandle identifier of a loaded key that can perform digital signatures Auth Index: 2 Auth Role: USER 1155_TYPE TPM2B_DATA 1156_NAME qualifyingData 1157_COMMENT data to tick stamp 1158_TYPE TPMT_SIG_SCHEME+ 1159_NAME inScheme 1160_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 1161_OUTPUT_START TPM2_GetTime 1162_TYPE TPM_ST 1163_NAME tag 1164_COMMENT see clause 8 1165_TYPE UINT32 1166_NAME responseSize 1167_TYPE TPM_RC 1168_NAME responseCode 1169_COMMENT . 1170_TYPE TPM2B_ATTEST 1171_NAME timeInfo 1172_COMMENT standard TPM-generated attestation block 1173_TYPE TPMT_SIGNATURE 1174_NAME signature 1175_COMMENT the signature over timeInfo 1176_INPUT_START TPM2_Commit 1177_TYPE TPMI_ST_COMMAND_TAG 1178_NAME tag 1179_TYPE UINT32 1180_NAME paramSize 1181_TYPE TPM_CC 1182_NAME commandCode 1183_COMMENT TPM_CC_Commit handle of the key that will be used in the signing operation 1184_TYPE TPMI_DH_OBJECT 1185_NAME signHandle 1186_COMMENT Auth Index: 1 Auth Role: USER 1187_TYPE TPM2B_ECC_POINT 1188_NAME P1 1189_COMMENT a point (M) on the curve used by signHandle 1190_TYPE TPM2B_SENSITIVE_DATA 1191_NAME s2 1192_COMMENT octet array used to derive x-coordinate of a base point 1193_TYPE TPM2B_ECC_PARAMETER 1194_NAME y2 1195_COMMENT y coordinate of the point associated with s2 1196_OUTPUT_START TPM2_Commit 1197_TYPE TPM_ST 1198_NAME tag 1199_COMMENT see 8 1200_TYPE UINT32 1201_NAME paramSize 1202_TYPE TPM_RC 1203_NAME responseCode 1204_TYPE TPM2B_ECC_POINT 1205_NAME K 1206_COMMENT ECC point K ≔ [ds](x2, y2) 1207_TYPE TPM2B_ECC_POINT 1208_NAME L 1209_COMMENT ECC point L ≔ [r](x2, y2) 1210_TYPE TPM2B_ECC_POINT 1211_NAME E 1212_COMMENT ECC point E ≔ [r]P1 1213_TYPE UINT16 1214_NAME counter 1215_COMMENT least-significant 16 bits of commitCount 1216_INPUT_START TPM2_EC_Ephemeral 1217_TYPE TPMI_ST_COMMAND_TAG 1218_NAME tag 1219_TYPE UINT32 1220_NAME paramSize 1221_TYPE TPM_CC 1222_NAME commandCode 1223_COMMENT TPM_CC_EC_Ephemeral 1224_TYPE TPMI_ECC_CURVE 1225_NAME curveID 1226_COMMENT The curve for the computed ephemeral point 1227_OUTPUT_START TPM2_EC_Ephemeral 1228_TYPE TPM_ST 1229_NAME tag 1230_COMMENT see 8 1231_TYPE UINT32 1232_NAME paramSize 1233_TYPE TPM_RC 1234_NAME responseCode 1235_TYPE TPM2B_ECC_POINT 1236_NAME Q 1237_COMMENT ephemeral public key Q ≔ [r]G 1238_TYPE UINT16 1239_NAME counter 1240_COMMENT least-significant 16 bits of commitCount 1241_INPUT_START TPM2_VerifySignature 1242_TYPE TPMI_ST_COMMAND_TAG 1243_NAME tag 1244_TYPE UINT32 1245_NAME commandSize 1246_TYPE TPM_CC 1247_NAME commandCode 1248_COMMENT TPM_CC_VerifySignature 1249_TYPE TPMI_DH_OBJECT 1250_NAME keyHandle 1251_COMMENT handle of public key that will be used in the validation Auth Index: None 1252_TYPE TPM2B_DIGEST 1253_NAME digest 1254_COMMENT digest of the signed message 1255_TYPE TPMT_SIGNATURE 1256_NAME signature 1257_COMMENT signature to be tested 1258_OUTPUT_START TPM2_VerifySignature 1259_TYPE TPM_ST 1260_NAME tag 1261_COMMENT see clause 8 1262_TYPE UINT32 1263_NAME responseSize 1264_TYPE TPM_RC 1265_NAME responseCode 1266_TYPE TPMT_TK_VERIFIED 1267_NAME validation 1268_INPUT_START TPM2_Sign 1269_TYPE TPMI_ST_COMMAND_TAG 1270_NAME tag 1271_TYPE UINT32 1272_NAME commandSize 1273_TYPE TPM_CC 1274_NAME commandCode 1275_COMMENT TPM_CC_Sign 1276_TYPE TPMI_DH_OBJECT 1277_NAME keyHandle 1278_COMMENT Handle of key that will perform signing Auth Index: 1 Auth Role: USER 1279_TYPE TPM2B_DIGEST 1280_NAME digest 1281_COMMENT digest to be signed 1282_TYPE TPMT_SIG_SCHEME+ 1283_NAME inScheme 1284_COMMENT signing scheme to use if the scheme for keyHandle is TPM_ALG_NULL 1285_TYPE TPMT_TK_HASHCHECK 1286_NAME validation 1287_COMMENT proof that digest was created by the TPM If keyHandle is not a restricted signing key, then this may be a NULL Ticket with tag = TPM_ST_CHECKHASH. 1288_OUTPUT_START TPM2_Sign 1289_TYPE TPM_ST 1290_NAME tag 1291_COMMENT see clause 8 1292_TYPE UINT32 1293_NAME responseSize 1294_TYPE TPM_RC 1295_NAME responseCode 1296_TYPE TPMT_SIGNATURE 1297_NAME signature 1298_COMMENT the signature 1299_INPUT_START TPM2_SetCommandCodeAuditStatus 1300_TYPE TPMI_ST_COMMAND_TAG 1301_NAME tag 1302_TYPE UINT32 1303_NAME commandSize 1304_TYPE TPM_CC 1305_NAME commandCode 1306_COMMENT TPM_CC_SetCommandCodeAuditStatus {NV} 1307_TYPE TPMI_RH_PROVISION 1308_NAME auth 1309_COMMENT TPM_RH_ENDORSEMENT or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 1310_TYPE TPMI_ALG_HASH+ 1311_NAME auditAlg 1312_COMMENT hash algorithm for the audit digest; if TPM_ALG_NULL, then the hash is not changed 1313_TYPE TPML_CC 1314_NAME setList 1315_COMMENT list of commands that will be added to those that will be audited 1316_TYPE TPML_CC 1317_NAME clearList 1318_COMMENT list of commands that will no longer be audited 1319_OUTPUT_START TPM2_SetCommandCodeAuditStatus 1320_TYPE TPM_ST 1321_NAME tag 1322_COMMENT see clause 8 1323_TYPE UINT32 1324_NAME responseSize 1325_TYPE TPM_RC 1326_NAME responseCode 1327_INPUT_START TPM2_PCR_Extend 1328_TYPE TPMI_ST_COMMAND_TAG 1329_NAME tag 1330_TYPE UINT32 1331_NAME commandSize 1332_TYPE TPM_CC 1333_NAME commandCode 1334_COMMENT TPM_CC_PCR_Extend {NV} 1335_TYPE TPMI_DH_PCR+ 1336_NAME pcrHandle 1337_COMMENT handle of the PCR Auth Handle: 1 Auth Role: USER 1338_TYPE TPML_DIGEST_VALUES 1339_NAME digests 1340_COMMENT list of tagged digest values to be extended 1341_OUTPUT_START TPM2_PCR_Extend 1342_TYPE TPM_ST 1343_NAME tag 1344_COMMENT see clause 8 1345_TYPE UINT32 1346_NAME responseSize 1347_TYPE TPM_RC 1348_NAME responseCode 1349_COMMENT . 1350_INPUT_START TPM2_PCR_Event 1351_TYPE TPMI_ST_COMMAND_TAG 1352_NAME tag 1353_TYPE UINT32 1354_NAME commandSize 1355_TYPE TPM_CC 1356_NAME commandCode 1357_COMMENT TPM_CC_PCR_Event {NV} 1358_TYPE TPMI_DH_PCR+ 1359_NAME pcrHandle 1360_COMMENT Handle of the PCR Auth Handle: 1 Auth Role: USER 1361_TYPE TPM2B_EVENT 1362_NAME eventData 1363_COMMENT Event data in sized buffer 1364_OUTPUT_START TPM2_PCR_Event 1365_TYPE TPM_ST 1366_NAME tag 1367_COMMENT see clause 8 1368_TYPE UINT32 1369_NAME responseSize 1370_TYPE TPM_RC 1371_NAME responseCode 1372_TYPE TPML_DIGEST_VALUES 1373_NAME digests 1374_COMMENT . 1375_INPUT_START TPM2_PCR_Read 1376_TYPE TPMI_ST_COMMAND_TAG 1377_NAME tag 1378_TYPE UINT32 1379_NAME commandSize 1380_TYPE TPM_CC 1381_NAME commandCode 1382_COMMENT TPM_CC_PCR_Read 1383_TYPE TPML_PCR_SELECTION 1384_NAME pcrSelectionIn 1385_COMMENT The selection of PCR to read 1386_OUTPUT_START TPM2_PCR_Read 1387_TYPE TPM_ST 1388_NAME tag 1389_COMMENT see clause 8 1390_TYPE UINT32 1391_NAME responseSize 1392_TYPE TPM_RC 1393_NAME responseCode 1394_TYPE UINT32 1395_NAME pcrUpdateCounter 1396_COMMENT the current value of the PCR update counter 1397_TYPE TPML_PCR_SELECTION 1398_NAME pcrSelectionOut 1399_COMMENT the PCR in the returned list 1400_TYPE TPML_DIGEST 1401_NAME pcrValues 1402_COMMENT the contents of the PCR indicated in pcrSelect as tagged digests 1403_INPUT_START TPM2_PCR_Allocate 1404_TYPE TPMI_ST_COMMAND_TAG 1405_NAME tag 1406_TYPE UINT32 1407_NAME commandSize 1408_TYPE TPM_CC 1409_NAME commandCode 1410_COMMENT TPM_CC_PCR_Allocate {NV} 1411_TYPE TPMI_RH_PLATFORM 1412_NAME authHandle 1413_COMMENT TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 1414_TYPE TPML_PCR_SELECTION 1415_NAME pcrAllocation 1416_COMMENT the requested allocation 1417_OUTPUT_START TPM2_PCR_Allocate 1418_TYPE TPM_ST 1419_NAME tag 1420_COMMENT see clause 8 1421_TYPE UINT32 1422_NAME responseSize 1423_TYPE TPM_RC 1424_NAME responseCode 1425_TYPE TPMI_YES_NO 1426_NAME allocationSuccess 1427_COMMENT YES if the allocation succeeded 1428_TYPE UINT32 1429_NAME maxPCR 1430_COMMENT maximum number of PCR that may be in a bank 1431_TYPE UINT32 1432_NAME sizeNeeded 1433_COMMENT number of octets required to satisfy the request 1434_TYPE UINT32 1435_NAME sizeAvailable 1436_COMMENT Number of octets available. Computed before the allocation. 1437_INPUT_START TPM2_PCR_SetAuthPolicy 1438_TYPE TPMI_ST_COMMAND_TAG 1439_NAME tag 1440_TYPE UINT32 1441_NAME commandSize 1442_TYPE TPM_CC 1443_NAME commandCode 1444_COMMENT TPM_CC_PCR_SetAuthPolicy {NV} 1445_TYPE TPMI_RH_PLATFORM 1446_NAME authHandle 1447_COMMENT TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 1448_TYPE TPM2B_DIGEST 1449_NAME authPolicy 1450_COMMENT the desired authPolicy 1451_TYPE TPMI_ALG_HASH+ 1452_NAME hashAlg 1453_COMMENT the hash algorithm of the policy 1454_TYPE TPMI_DH_PCR 1455_NAME pcrNum 1456_COMMENT the PCR for which the policy is to be set 1457_OUTPUT_START TPM2_PCR_SetAuthPolicy 1458_TYPE TPM_ST 1459_NAME tag 1460_COMMENT see clause 8 1461_TYPE UINT32 1462_NAME responseSize 1463_TYPE TPM_RC 1464_NAME responseCode 1465_INPUT_START TPM2_PCR_SetAuthValue 1466_TYPE TPMI_ST_COMMAND_TAG 1467_NAME tag 1468_TYPE UINT32 1469_NAME commandSize 1470_TYPE TPM_CC 1471_NAME commandCode 1472_COMMENT TPM_CC_PCR_SetAuthValue 1473_TYPE TPMI_DH_PCR 1474_NAME pcrHandle 1475_COMMENT handle for a PCR that may have an authorization value set Auth Index: 1 Auth Role: USER 1476_TYPE TPM2B_DIGEST 1477_NAME auth 1478_COMMENT the desired authorization value 1479_OUTPUT_START TPM2_PCR_SetAuthValue 1480_TYPE TPM_ST 1481_NAME tag 1482_COMMENT see clause 8 1483_TYPE UINT32 1484_NAME responseSize 1485_TYPE TPM_RC 1486_NAME responseCode 1487_INPUT_START TPM2_PCR_Reset 1488_TYPE TPMI_ST_COMMAND_TAG 1489_NAME tag 1490_TYPE UINT32 1491_NAME commandSize 1492_TYPE TPM_CC 1493_NAME commandCode 1494_COMMENT TPM_CC_PCR_Reset {NV} 1495_TYPE TPMI_DH_PCR 1496_NAME pcrHandle 1497_COMMENT the PCR to reset Auth Index: 1 Auth Role: USER 1498_OUTPUT_START TPM2_PCR_Reset 1499_TYPE TPM_ST 1500_NAME tag 1501_COMMENT see clause 8 1502_TYPE UINT32 1503_NAME responseSize 1504_TYPE TPM_RC 1505_NAME responseCode 1506_INPUT_START TPM2_PolicySigned 1507_TYPE TPMI_ST_COMMAND_TAG 1508_NAME tag 1509_TYPE UINT32 1510_NAME commandSize 1511_TYPE TPM_CC 1512_NAME commandCode 1513_COMMENT TPM_CC_PolicySigned 1514_TYPE TPMI_DH_OBJECT 1515_NAME authObject 1516_COMMENT handle for a public key that will validate the signature Auth Index: None 1517_TYPE TPMI_SH_POLICY 1518_NAME policySession 1519_COMMENT handle for the policy session being extended Auth Index: None 1520_TYPE TPM2B_NONCE 1521_NAME nonceTPM 1522_COMMENT the policy nonce for the session If the nonce is not included in the authorization qualification, this field is the Empty Buffer. 1523_TYPE TPM2B_DIGEST 1524_NAME cpHashA 1525_COMMENT digest of the command parameters to which this authorization is limited This is not the cpHash for this command but the cpHash for the command to which this policy session will be applied. If it is not limited, the parameter will be the Empty Buffer. 1526_TYPE TPM2B_NONCE 1527_NAME policyRef 1528_COMMENT a reference to a policy relating to the authorization – may be the Empty Buffer Size is limited to be no larger than the nonce size supported on the TPM. 1529_TYPE INT32 1530_NAME expiration 1531_COMMENT time when authorization will expire, measured in seconds from the time that nonceTPM was generated If expiration is zero, a NULL Ticket is returned. 1532_TYPE TPMT_SIGNATURE 1533_NAME auth 1534_COMMENT signed authorization (not optional) 1535_OUTPUT_START TPM2_PolicySigned 1536_TYPE TPM_ST 1537_NAME tag 1538_COMMENT see clause 8 1539_TYPE UINT32 1540_NAME responseSize 1541_TYPE TPM_RC 1542_NAME responseCode 1543_TYPE TPM2B_TIMEOUT 1544_NAME timeout 1545_TYPE TPMT_TK_AUTH 1546_NAME policyTicket 1547_COMMENT implementation-specific time value, used to indicate to the TPM when the ticket expires NOTE If policyTicket is a NULL Ticket, then this shall be the Empty Buffer. produced if the command succeeds and expiration in the command was non-zero; this ticket will use the TPMT_ST_AUTH_SIGNED structure tag 1548_INPUT_START TPM2_PolicySecret 1549_TYPE TPMI_ST_COMMAND_TAG 1550_NAME tag 1551_COMMENT see clause 8 1552_TYPE UINT32 1553_NAME commandSize 1554_TYPE TPM_CC 1555_NAME commandCode 1556_COMMENT TPM_CC_PolicySecret 1557_TYPE TPMI_DH_ENTITY 1558_NAME authHandle 1559_COMMENT handle for an entity providing the authorization Auth Index: 1 Auth Role: USER 1560_TYPE TPMI_SH_POLICY 1561_NAME policySession 1562_COMMENT handle for the policy session being extended Auth Index: None 1563_TYPE TPM2B_NONCE 1564_NAME nonceTPM 1565_COMMENT the policy nonce for the session If the nonce is not included in the authorization qualification, this field is the Empty Buffer. 1566_TYPE TPM2B_DIGEST 1567_NAME cpHashA 1568_COMMENT digest of the command parameters to which this authorization is limited This not the cpHash for this command but the cpHash for the command to which this policy session will be applied. If it is not limited, the parameter will be the Empty Buffer. 1569_TYPE TPM2B_NONCE 1570_NAME policyRef 1571_COMMENT a reference to a policy relating to the authorization – may be the Empty Buffer Size is limited to be no larger than the nonce size supported on the TPM. 1572_TYPE INT32 1573_NAME expiration 1574_COMMENT time when authorization will expire, measured in seconds from the time that nonceTPM was generated If expiration is zero, a NULL Ticket is returned. 1575_OUTPUT_START TPM2_PolicySecret 1576_TYPE TPM_ST 1577_NAME tag 1578_COMMENT see clause 8 1579_TYPE UINT32 1580_NAME responseSize 1581_TYPE TPM_RC 1582_NAME responseCode 1583_TYPE TPM2B_TIMEOUT 1584_NAME timeout 1585_COMMENT implementation-specific time value used to indicate to the TPM when the ticket expires; this ticket will use the TPMT_ST_AUTH_SECRET structure tag 1586_TYPE TPMT_TK_AUTH 1587_NAME policyTicket 1588_COMMENT produced if the command succeeds and expiration in the command was non-zero 1589_INPUT_START TPM2_PolicyTicket 1590_TYPE TPMI_ST_COMMAND_TAG 1591_NAME tag 1592_COMMENT see clause 8 1593_TYPE UINT32 1594_NAME commandSize 1595_TYPE TPM_CC 1596_NAME commandCode 1597_COMMENT TPM_CC_PolicyTicket 1598_TYPE TPMI_SH_POLICY 1599_NAME policySession 1600_COMMENT handle for the policy session being extended Auth Index: None 1601_TYPE TPM2B_TIMEOUT 1602_NAME timeout 1603_COMMENT time when authorization will expire The contents are TPM specific. This shall be the value returned when ticket was produced. 1604_TYPE TPM2B_DIGEST 1605_NAME cpHashA 1606_COMMENT digest of the command parameters to which this authorization is limited If it is not limited, the parameter will be the Empty Buffer. 1607_TYPE TPM2B_NONCE 1608_NAME policyRef 1609_COMMENT reference to a qualifier for the policy – may be the Empty Buffer 1610_TYPE TPM2B_NAME 1611_NAME authName 1612_COMMENT name of the object that provided the authorization 1613_TYPE TPMT_TK_AUTH 1614_NAME ticket 1615_COMMENT an authorization ticket returned by the TPM in response to a TPM2_PolicySigned() or TPM2_PolicySecret() 1616_OUTPUT_START TPM2_PolicyTicket 1617_TYPE TPM_ST 1618_NAME tag 1619_COMMENT see clause 8 1620_TYPE UINT32 1621_NAME responseSize 1622_TYPE TPM_RC 1623_NAME responseCode 1624_INPUT_START TPM2_PolicyOR 1625_TYPE TPMI_ST_COMMAND_TAG 1626_NAME tag 1627_TYPE UINT32 1628_NAME commandSize 1629_TYPE TPM_CC 1630_NAME commandCode 1631_COMMENT TPM_CC_PolicyOR. 1632_TYPE TPMI_SH_POLICY 1633_NAME policySession 1634_COMMENT handle for the policy session being extended Auth Index: None 1635_TYPE TPML_DIGEST 1636_NAME pHashList 1637_COMMENT the list of hashes to check for a match 1638_OUTPUT_START TPM2_PolicyOR 1639_TYPE TPM_ST 1640_NAME tag 1641_COMMENT see clause 8 1642_TYPE UINT32 1643_NAME responseSize 1644_TYPE TPM_RC 1645_NAME responseCode 1646_INPUT_START TPM2_PolicyPCR 1647_TYPE TPMI_ST_COMMAND_TAG 1648_NAME tag 1649_TYPE UINT32 1650_NAME commandSize 1651_TYPE TPM_CC 1652_NAME commandCode 1653_COMMENT TPM_CC_PolicyPCR 1654_TYPE TPMI_SH_POLICY 1655_NAME policySession 1656_COMMENT handle for the policy session being extended Auth Index: None 1657_TYPE TPM2B_DIGEST 1658_NAME pcrDigest 1659_COMMENT expected digest value of the selected PCR using the hash algorithm of the session; may be zero length 1660_TYPE TPML_PCR_SELECTION 1661_NAME pcrs 1662_COMMENT the PCR to include in the check digest 1663_OUTPUT_START TPM2_PolicyPCR 1664_TYPE TPM_ST 1665_NAME tag 1666_COMMENT see clause 8 1667_TYPE UINT32 1668_NAME responseSize 1669_TYPE TPM_RC 1670_NAME responseCode 1671_INPUT_START TPM2_PolicyLocality 1672_TYPE TPMI_ST_COMMAND_TAG 1673_NAME tag 1674_TYPE UINT32 1675_NAME commandSize 1676_TYPE TPM_CC 1677_NAME commandCode 1678_COMMENT TPM_CC_PolicyLocality 1679_TYPE TPMI_SH_POLICY 1680_NAME policySession 1681_COMMENT handle for the policy session being extended Auth Index: None 1682_TYPE TPMA_LOCALITY 1683_NAME locality 1684_COMMENT the allowed localities for the policy 1685_OUTPUT_START TPM2_PolicyLocality 1686_TYPE TPM_ST 1687_NAME tag 1688_COMMENT see clause 8 1689_TYPE UINT32 1690_NAME responseSize 1691_TYPE TPM_RC 1692_NAME responseCode 1693_INPUT_START TPM2_PolicyNV 1694_TYPE TPMI_ST_COMMAND_TAG 1695_NAME tag 1696_TYPE UINT32 1697_NAME commandSize 1698_TYPE TPM_CC 1699_NAME commandCode 1700_COMMENT TPM_CC_PolicyNV 1701_TYPE TPMI_RH_NV_AUTH 1702_NAME authHandle 1703_COMMENT handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 1704_TYPE TPMI_RH_NV_INDEX 1705_NAME nvIndex 1706_COMMENT the NV Index of the area to read Auth Index: None 1707_TYPE TPMI_SH_POLICY 1708_NAME policySession 1709_COMMENT handle for the policy session being extended Auth Index: None 1710_TYPE TPM2B_OPERAND 1711_NAME operandB 1712_COMMENT the second operand 1713_TYPE UINT16 1714_NAME offset 1715_COMMENT the offset in the NV Index for the start of operand A 1716_TYPE TPM_EO 1717_NAME operation 1718_COMMENT the comparison to make 1719_OUTPUT_START TPM2_PolicyNV 1720_TYPE TPM_ST 1721_NAME tag 1722_COMMENT see clause 8 1723_TYPE UINT32 1724_NAME responseSize 1725_TYPE TPM_RC 1726_NAME responseCode 1727_INPUT_START TPM2_PolicyCounterTimer 1728_TYPE TPMI_ST_COMMAND_TAG 1729_NAME tag 1730_TYPE UINT32 1731_NAME commandSize 1732_TYPE TPM_CC 1733_NAME commandCode 1734_COMMENT TPM_CC_PolicyCounterTimer 1735_TYPE TPMI_SH_POLICY 1736_NAME policySession 1737_COMMENT handle for the policy session being extended Auth Index: None 1738_TYPE TPM2B_OPERAND 1739_NAME operandB 1740_COMMENT the second operand 1741_TYPE UINT16 1742_NAME offset 1743_COMMENT the offset in TPMS_TIME_INFO structure for the start of operand A 1744_TYPE TPM_EO 1745_NAME operation 1746_COMMENT the comparison to make 1747_OUTPUT_START TPM2_PolicyCounterTimer 1748_TYPE TPM_ST 1749_NAME tag 1750_COMMENT see clause 8 1751_TYPE UINT32 1752_NAME responseSize 1753_TYPE TPM_RC 1754_NAME responseCode 1755_COMMENT 25.10.3 1 2 3 1756_INPUT_START TPM2_PolicyCommandCode 1757_TYPE TPMI_ST_COMMAND_TAG 1758_NAME tag 1759_TYPE UINT32 1760_NAME commandSize 1761_TYPE TPM_CC 1762_NAME commandCode 1763_COMMENT TPM_CC_PolicyCommandCode 1764_TYPE TPMI_SH_POLICY 1765_NAME policySession 1766_COMMENT handle for the policy session being extended Auth Index: None 1767_TYPE TPM_CC 1768_NAME code 1769_COMMENT the allowed commandCode 1770_OUTPUT_START TPM2_PolicyCommandCode 1771_TYPE TPM_ST 1772_NAME tag 1773_COMMENT see clause 8 1774_TYPE UINT32 1775_NAME responseSize 1776_TYPE TPM_RC 1777_NAME responseCode 1778_COMMENT 25.11.3 1 2 1779_INPUT_START TPM2_PolicyPhysicalPresence 1780_TYPE TPMI_ST_COMMAND_TAG 1781_NAME tag 1782_TYPE UINT32 1783_NAME commandSize 1784_TYPE TPM_CC 1785_NAME commandCode 1786_COMMENT TPM_CC_PolicyPhysicalPresence 1787_TYPE TPMI_SH_POLICY 1788_NAME policySession 1789_COMMENT handle for the policy session being extended Auth Index: None 1790_OUTPUT_START TPM2_PolicyPhysicalPresence 1791_TYPE TPM_ST 1792_NAME tag 1793_COMMENT see clause 8 1794_TYPE UINT32 1795_NAME responseSize 1796_TYPE TPM_RC 1797_NAME responseCode 1798_COMMENT 25.12.3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 1799_INPUT_START TPM2_PolicyCpHash 1800_TYPE TPMI_ST_COMMAND_TAG 1801_NAME tag 1802_TYPE UINT32 1803_NAME commandSize 1804_TYPE TPM_CC 1805_NAME commandCode 1806_COMMENT TPM_CC_PolicyCpHash 1807_TYPE TPMI_SH_POLICY 1808_NAME policySession 1809_COMMENT handle for the policy session being extended Auth Index: None 1810_TYPE TPM2B_DIGEST 1811_NAME cpHashA 1812_COMMENT the cpHash added to the policy 1813_OUTPUT_START TPM2_PolicyCpHash 1814_TYPE TPM_ST 1815_NAME tag 1816_COMMENT see clause 8 1817_TYPE UINT32 1818_NAME responseSize 1819_TYPE TPM_RC 1820_NAME responseCode 1821_COMMENT 25.13.3 1 2 1822_INPUT_START TPM2_PolicyNameHash 1823_TYPE TPMI_ST_COMMAND_TAG 1824_NAME tag 1825_TYPE UINT32 1826_NAME commandSize 1827_TYPE TPM_CC 1828_NAME commandCode 1829_COMMENT TPM_CC_PolicyNameHash 1830_TYPE TPMI_SH_POLICY 1831_NAME policySession 1832_COMMENT handle for the policy session being extended Auth Index: None 1833_TYPE TPM2B_DIGEST 1834_NAME nameHash 1835_COMMENT the digest to be added to the policy 1836_OUTPUT_START TPM2_PolicyNameHash 1837_TYPE TPM_ST 1838_NAME tag 1839_COMMENT see clause 8 1840_TYPE UINT32 1841_NAME responseSize 1842_TYPE TPM_RC 1843_NAME responseCode 1844_COMMENT 25.14.3 1 2 1845_INPUT_START TPM2_PolicyDuplicationSelect 1846_TYPE TPMI_ST_COMMAND_TAG 1847_NAME tag 1848_TYPE UINT32 1849_NAME commandSize 1850_TYPE TPM_CC 1851_NAME commandCode 1852_COMMENT TPM_CC_PolicyDuplicationSelect 1853_TYPE TPMI_SH_POLICY 1854_NAME policySession 1855_COMMENT handle for the policy session being extended Auth Index: None 1856_TYPE TPM2B_NAME 1857_NAME objectName 1858_COMMENT the Name of the object to be duplicated 1859_TYPE TPM2B_NAME 1860_NAME newParentName 1861_COMMENT the Name of the new parent 1862_TYPE TPMI_YES_NO 1863_NAME includeObject 1864_COMMENT if YES, the objectName will be included in the value in policySession→policyDigest 1865_OUTPUT_START TPM2_PolicyDuplicationSelect 1866_TYPE TPM_ST 1867_NAME tag 1868_COMMENT see clause 8 1869_TYPE UINT32 1870_NAME responseSize 1871_TYPE TPM_RC 1872_NAME responseCode 1873_COMMENT 25.15.3 1 2 1874_INPUT_START TPM2_PolicyAuthorize 1875_TYPE TPMI_ST_COMMAND_TAG 1876_NAME tag 1877_TYPE UINT32 1878_NAME commandSize 1879_TYPE TPM_CC 1880_NAME commandCode 1881_COMMENT TPM_CC_PolicyAuthorize 1882_TYPE TPMI_SH_POLICY 1883_NAME policySession 1884_COMMENT handle for the policy session being extended Auth Index: None 1885_TYPE TPM2B_DIGEST 1886_NAME approvedPolicy 1887_COMMENT digest of the policy being approved 1888_TYPE TPM2B_NONCE 1889_NAME policyRef 1890_COMMENT a policy qualifier 1891_TYPE TPM2B_NAME 1892_NAME keySign 1893_COMMENT Name of a key that can sign a policy addition 1894_TYPE TPMT_TK_VERIFIED 1895_NAME checkTicket 1896_COMMENT ticket validating that approvedPolicy and policyRef were signed by keySign 1897_OUTPUT_START TPM2_PolicyAuthorize 1898_TYPE TPM_ST 1899_NAME tag 1900_COMMENT see clause 8 1901_TYPE UINT32 1902_NAME responseSize 1903_TYPE TPM_RC 1904_NAME responseCode 1905_COMMENT 25.16.3 1 2 3 1906_INPUT_START TPM2_PolicyAuthValue 1907_TYPE TPMI_ST_COMMAND_TAG 1908_NAME tag 1909_TYPE UINT32 1910_NAME commandSize 1911_TYPE TPM_CC 1912_NAME commandCode 1913_COMMENT TPM_CC_PolicyAuthValue 1914_TYPE TPMI_SH_POLICY 1915_NAME policySession 1916_COMMENT handle for the policy session being extended Auth Index: None 1917_OUTPUT_START TPM2_PolicyAuthValue 1918_TYPE TPM_ST 1919_NAME tag 1920_COMMENT see clause 8 1921_TYPE UINT32 1922_NAME responseSize 1923_TYPE TPM_RC 1924_NAME responseCode 1925_COMMENT 25.17.3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 1926_INPUT_START TPM2_PolicyPassword 1927_TYPE TPMI_ST_COMMAND_TAG 1928_NAME tag 1929_TYPE UINT32 1930_NAME commandSize 1931_TYPE TPM_CC 1932_NAME commandCode 1933_COMMENT TPM_CC_PolicyPassword 1934_TYPE TPMI_SH_POLICY 1935_NAME policySession 1936_COMMENT handle for the policy session being extended Auth Index: None 1937_OUTPUT_START TPM2_PolicyPassword 1938_TYPE TPM_ST 1939_NAME tag 1940_COMMENT see clause 8 1941_TYPE UINT32 1942_NAME responseSize 1943_TYPE TPM_RC 1944_NAME responseCode 1945_COMMENT 25.18.3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 1946_INPUT_START TPM2_PolicyGetDigest 1947_TYPE TPMI_ST_COMMAND_TAG 1948_NAME tag 1949_TYPE UINT32 1950_NAME commandSize 1951_TYPE TPM_CC 1952_NAME commandCode 1953_COMMENT TPM_CC_PolicyGetDigest 1954_TYPE TPMI_SH_POLICY 1955_NAME policySession 1956_COMMENT handle for the policy session Auth Index: None 1957_OUTPUT_START TPM2_PolicyGetDigest 1958_TYPE TPM_ST 1959_NAME tag 1960_COMMENT see clause 8 1961_TYPE UINT32 1962_NAME responseSize 1963_TYPE TPM_RC 1964_NAME responseCode 1965_TYPE TPM2B_DIGEST 1966_NAME policyDigest 1967_COMMENT the current value of the policySession→policyDigest 25.19.3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 1968_INPUT_START TPM2_PolicyNvWritten 1969_TYPE TPMI_ST_COMMAND_TAG 1970_NAME Tag 1971_TYPE UINT32 1972_NAME commandSize 1973_TYPE TPM_CC 1974_NAME commandCode 1975_COMMENT TPM_CC_PolicyNvWritten 1976_TYPE TPMI_SH_POLICY 1977_NAME policySession 1978_COMMENT handle for the policy session being extended Auth Index: None 1979_TYPE TPMI_YES_NO 1980_NAME writtenSet 1981_COMMENT YES if NV Index is required to have been written NO if NV Index is required not to have been written 1982_OUTPUT_START TPM2_PolicyNvWritten 1983_TYPE TPM_ST 1984_NAME Tag 1985_COMMENT see clause 8 1986_TYPE UINT32 1987_NAME responseSize 1988_TYPE TPM_RC 1989_NAME responseCode 1990_COMMENT 25.20.3 1 2 1991_INPUT_START TPM2_CreatePrimary 1992_TYPE TPMI_ST_COMMAND_TAG 1993_NAME tag 1994_TYPE UINT32 1995_NAME commandSize 1996_TYPE TPM_CC 1997_NAME commandCode 1998_COMMENT TPM_CC_CreatePrimary 1999_TYPE TPMI_RH_HIERARCHY+ 2000_NAME primaryHandle 2001_COMMENT TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, or TPM_RH_NULL Auth Index: 1 Auth Role: USER 2002_TYPE TPM2B_SENSITIVE_CREATE 2003_NAME inSensitive 2004_COMMENT the sensitive data, see Part 1 Sensitive Values 2005_TYPE TPM2B_PUBLIC 2006_NAME inPublic 2007_COMMENT the public template 2008_TYPE TPM2B_DATA 2009_NAME outsideInfo 2010_COMMENT data that will be included in the creation data for this object to provide permanent, verifiable linkage between this object and some object owner data 2011_TYPE TPML_PCR_SELECTION 2012_NAME creationPCR 2013_COMMENT PCR that will be used in creation data 2014_OUTPUT_START TPM2_CreatePrimary 2015_TYPE TPM_ST 2016_NAME tag 2017_COMMENT see clause 8 2018_TYPE UINT32 2019_NAME responseSize 2020_TYPE TPM_RC 2021_NAME responseCode 2022_TYPE TPM_HANDLE 2023_NAME objectHandle 2024_COMMENT Handle for created Primary Object 2025_TYPE TPM2B_PUBLIC 2026_NAME outPublic 2027_COMMENT the public portion of the created object 2028_TYPE TPM2B_CREATION_DATA 2029_NAME creationData 2030_COMMENT contains a TPMT_CREATION_DATA 2031_TYPE TPM2B_DIGEST 2032_NAME creationHash 2033_COMMENT digest of creationData using nameAlg of outPublic 2034_TYPE TPMT_TK_CREATION 2035_NAME creationTicket 2036_COMMENT ticket used by TPM2_CertifyCreation() to validate that the creation data was produced by the TPM 2037_TYPE TPM2B_NAME 2038_NAME name 2039_COMMENT the name of the created object 2040_INPUT_START TPM2_HierarchyControl 2041_TYPE TPMI_ST_COMMAND_TAG 2042_NAME tag 2043_TYPE UINT32 2044_NAME commandSize 2045_TYPE TPM_CC 2046_NAME commandCode 2047_COMMENT TPM_CC_HierarchyControl {NV E} 2048_TYPE TPMI_RH_HIERARCHY 2049_NAME authHandle 2050_COMMENT TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2051_TYPE TPMI_RH_ENABLES 2052_NAME enable 2053_COMMENT the enable being modified TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM, or TPM_RH_PLATFORM_NV 2054_TYPE TPMI_YES_NO 2055_NAME state 2056_COMMENT YES if the enable should be SET, NO if the enable should be CLEAR 2057_OUTPUT_START TPM2_HierarchyControl 2058_TYPE TPM_ST 2059_NAME tag 2060_COMMENT see clause 8 2061_TYPE UINT32 2062_NAME responseSize 2063_TYPE TPM_RC 2064_NAME responseCode 2065_INPUT_START TPM2_SetPrimaryPolicy 2066_TYPE TPMI_ST_COMMAND_TAG 2067_NAME tag 2068_TYPE UINT32 2069_NAME commandSize 2070_TYPE TPM_CC 2071_NAME commandCode 2072_COMMENT TPM_CC_SetPrimaryPolicy {NV} 2073_TYPE TPMI_RH_HIERARCHY 2074_NAME authHandle 2075_COMMENT TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2076_TYPE TPM2B_DIGEST 2077_NAME authPolicy 2078_COMMENT an authorization policy digest; may be the Empty Buffer If hashAlg is TPM_ALG_NULL, then this shall be an Empty Buffer. 2079_TYPE TPMI_ALG_HASH+ 2080_NAME hashAlg 2081_COMMENT the hash algorithm to use for the policy If the authPolicy is an Empty Buffer, then this field shall be TPM_ALG_NULL. 2082_OUTPUT_START TPM2_SetPrimaryPolicy 2083_TYPE TPM_ST 2084_NAME tag 2085_COMMENT see clause 8 2086_TYPE UINT32 2087_NAME responseSize 2088_TYPE TPM_RC 2089_NAME responseCode 2090_INPUT_START TPM2_ChangePPS 2091_TYPE TPMI_ST_COMMAND_TAG 2092_NAME tag 2093_TYPE UINT32 2094_NAME commandSize 2095_TYPE TPM_CC 2096_NAME commandCode 2097_COMMENT TPM_CC_ChangePPS {NV E} 2098_TYPE TPMI_RH_PLATFORM 2099_NAME authHandle 2100_COMMENT TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2101_OUTPUT_START TPM2_ChangePPS 2102_TYPE TPM_ST 2103_NAME tag 2104_COMMENT see clause 8 2105_TYPE UINT32 2106_NAME responseSize 2107_TYPE TPM_RC 2108_NAME responseCode 2109_INPUT_START TPM2_ChangeEPS 2110_TYPE TPMI_ST_COMMAND_TAG 2111_NAME tag 2112_TYPE UINT32 2113_NAME commandSize 2114_TYPE TPM_CC 2115_NAME commandCode 2116_COMMENT TPM_CC_ChangeEPS {NV E} 2117_TYPE TPMI_RH_PLATFORM 2118_NAME authHandle 2119_COMMENT TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER 2120_OUTPUT_START TPM2_ChangeEPS 2121_TYPE TPM_ST 2122_NAME tag 2123_COMMENT see clause 8 2124_TYPE UINT32 2125_NAME responseSize 2126_TYPE TPM_RC 2127_NAME responseCode 2128_INPUT_START TPM2_Clear 2129_TYPE TPMI_ST_COMMAND_TAG 2130_NAME tag 2131_TYPE UINT32 2132_NAME commandSize 2133_TYPE TPM_CC 2134_NAME commandCode 2135_COMMENT TPM_CC_Clear {NV E} 2136_TYPE TPMI_RH_CLEAR 2137_NAME authHandle 2138_COMMENT TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER 2139_OUTPUT_START TPM2_Clear 2140_TYPE TPM_ST 2141_NAME tag 2142_COMMENT see clause 8 2143_TYPE UINT32 2144_NAME responseSize 2145_TYPE TPM_RC 2146_NAME responseCode 2147_INPUT_START TPM2_ClearControl 2148_TYPE TPMI_ST_COMMAND_TAG 2149_NAME tag 2150_TYPE UINT32 2151_NAME commandSize 2152_TYPE TPM_CC 2153_NAME commandCode 2154_COMMENT TPM_CC_ClearControl {NV} 2155_TYPE TPMI_RH_CLEAR 2156_NAME auth 2157_COMMENT TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER 2158_TYPE TPMI_YES_NO 2159_NAME disable 2160_COMMENT YES if the disableOwnerClear flag is to be SET, NO if the flag is to be CLEAR. 2161_OUTPUT_START TPM2_ClearControl 2162_TYPE TPM_ST 2163_NAME tag 2164_COMMENT see clause 8 2165_TYPE UINT32 2166_NAME responseSize 2167_TYPE TPM_RC 2168_NAME responseCode 2169_INPUT_START TPM2_HierarchyChangeAuth 2170_TYPE TPMI_ST_COMMAND_TAG 2171_NAME tag 2172_TYPE UINT32 2173_NAME commandSize 2174_TYPE TPM_CC 2175_NAME commandCode 2176_COMMENT TPM_CC_HierarchyChangeAuth {NV} 2177_TYPE TPMI_RH_HIERARCHY_AUTH 2178_NAME authHandle 2179_COMMENT TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2180_TYPE TPM2B_AUTH 2181_NAME newAuth 2182_COMMENT new authorization value 2183_OUTPUT_START TPM2_HierarchyChangeAuth 2184_TYPE TPM_ST 2185_NAME tag 2186_COMMENT see clause 8 2187_TYPE UINT32 2188_NAME responseSize 2189_TYPE TPM_RC 2190_NAME responseCode 2191_INPUT_START TPM2_DictionaryAttackLockReset 2192_TYPE TPMI_ST_COMMAND_TAG 2193_NAME tag 2194_TYPE UINT32 2195_NAME commandSize 2196_TYPE TPM_CC 2197_NAME commandCode 2198_COMMENT TPM_CC_DictionaryAttackLockReset {NV} 2199_TYPE TPMI_RH_LOCKOUT 2200_NAME lockHandle 2201_COMMENT TPM_RH_LOCKOUT Auth Index: 1 Auth Role: USER 2202_OUTPUT_START TPM2_DictionaryAttackLockReset 2203_TYPE TPM_ST 2204_NAME tag 2205_COMMENT see clause 8 2206_TYPE UINT32 2207_NAME responseSize 2208_TYPE TPM_RC 2209_NAME responseCode 2210_INPUT_START TPM2_DictionaryAttackParameters 2211_TYPE TPMI_ST_COMMAND_TAG 2212_NAME tag 2213_TYPE UINT32 2214_NAME commandSize 2215_TYPE TPM_CC 2216_NAME commandCode 2217_COMMENT TPM_CC_DictionaryAttackParameters {NV} 2218_TYPE TPMI_RH_LOCKOUT 2219_NAME lockHandle 2220_COMMENT TPM_RH_LOCKOUT Auth Index: 1 Auth Role: USER 2221_TYPE UINT32 2222_NAME newMaxTries 2223_COMMENT count of authorization failures before the lockout is imposed 2224_TYPE UINT32 2225_NAME newRecoveryTime 2226_COMMENT time in seconds before the authorization failure count is automatically decremented A value of zero indicates that DA protection is disabled. 2227_TYPE UINT32 2228_NAME lockoutRecovery 2229_COMMENT time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed A value of zero indicates that a reboot is required. 2230_OUTPUT_START TPM2_DictionaryAttackParameters 2231_TYPE TPM_ST 2232_NAME tag 2233_COMMENT see clause 8 2234_TYPE UINT32 2235_NAME responseSize 2236_TYPE TPM_RC 2237_NAME responseCode 2238_INPUT_START TPM2_PP_Commands 2239_TYPE TPMI_ST_COMMAND_TAG 2240_NAME tag 2241_TYPE UINT32 2242_NAME commandSize 2243_TYPE TPM_CC 2244_NAME commandCode 2245_COMMENT TPM_CC_PP_Commands {NV} 2246_TYPE TPMI_RH_PLATFORM 2247_NAME auth 2248_COMMENT TPM_RH_PLATFORM+PP Auth Index: 1 Auth Role: USER + Physical Presence 2249_TYPE TPML_CC 2250_NAME setList 2251_COMMENT list of commands to be added to those that will require that Physical Presence be asserted 2252_TYPE TPML_CC 2253_NAME clearList 2254_COMMENT list of commands that will no longer require that Physical Presence be asserted 2255_OUTPUT_START TPM2_PP_Commands 2256_TYPE TPM_ST 2257_NAME tag 2258_COMMENT see clause 8 2259_TYPE UINT32 2260_NAME responseSize 2261_TYPE TPM_RC 2262_NAME responseCode 2263_INPUT_START TPM2_SetAlgorithmSet 2264_TYPE TPMI_ST_COMMAND_TAG 2265_NAME tag 2266_TYPE UINT32 2267_NAME commandSize 2268_TYPE TPM_CC 2269_NAME commandCode 2270_COMMENT TPM_CC_SetAlgorithmSet {NV} 2271_TYPE TPMI_RH_PLATFORM 2272_NAME authHandle 2273_COMMENT TPM_RH_PLATFORM Auth Index: 1 Auth Role: USER 2274_TYPE UINT32 2275_NAME algorithmSet 2276_COMMENT a TPM vendor-dependent value indicating the algorithm set selection 2277_OUTPUT_START TPM2_SetAlgorithmSet 2278_TYPE TPM_ST 2279_NAME tag 2280_COMMENT see clause 8 2281_TYPE UINT32 2282_NAME responseSize 2283_TYPE TPM_RC 2284_NAME responseCode 2285_INPUT_START TPM2_FieldUpgradeStart 2286_TYPE TPMI_ST_COMMAND_TAG 2287_NAME tag 2288_TYPE UINT32 2289_NAME commandSize 2290_TYPE TPM_CC 2291_NAME commandCode 2292_COMMENT TPM_CC_FieldUpgradeStart 2293_TYPE TPMI_RH_PLATFORM 2294_NAME authorization 2295_COMMENT TPM_RH_PLATFORM+{PP} Auth Index:1 Auth Role: ADMIN 2296_TYPE TPMI_DH_OBJECT 2297_NAME keyHandle 2298_COMMENT handle of a public area that contains the TPM Vendor Authorization Key that will be used to validate manifestSignature Auth Index: None 2299_TYPE TPM2B_DIGEST 2300_NAME fuDigest 2301_COMMENT digest of the first block in the field upgrade sequence 2302_TYPE TPMT_SIGNATURE 2303_NAME manifestSignature 2304_COMMENT signature over fuDigest using the key associated with keyHandle (not optional) 2305_OUTPUT_START TPM2_FieldUpgradeStart 2306_TYPE TPM_ST 2307_NAME tag 2308_COMMENT see clause 8 2309_TYPE UINT32 2310_NAME responseSize 2311_TYPE TPM_RC 2312_NAME responseCode 2313_INPUT_START TPM2_FieldUpgradeData 2314_TYPE TPMI_ST_COMMAND_TAG 2315_NAME tag 2316_TYPE UINT32 2317_NAME commandSize 2318_TYPE TPM_CC 2319_NAME commandCode 2320_COMMENT TPM_CC_FieldUpgradeData {NV} 2321_TYPE TPM2B_MAX_BUFFER 2322_NAME fuData 2323_COMMENT field upgrade image data 2324_OUTPUT_START TPM2_FieldUpgradeData 2325_TYPE TPM_ST 2326_NAME tag 2327_COMMENT see clause 8 2328_TYPE UINT32 2329_NAME responseSize 2330_TYPE TPM_RC 2331_NAME responseCode 2332_TYPE TPMT_HA+ 2333_NAME nextDigest 2334_COMMENT tagged digest of the next block TPM_ALG_NULL if field update is complete 2335_TYPE TPMT_HA 2336_NAME firstDigest 2337_COMMENT tagged digest of the first block of the sequence 2338_INPUT_START TPM2_FirmwareRead 2339_TYPE TPMI_ST_COMMAND_TAG 2340_NAME tag 2341_TYPE UINT32 2342_NAME commandSize 2343_TYPE TPM_CC 2344_NAME commandCode 2345_COMMENT TPM_CC_FirmwareRead 2346_TYPE UINT32 2347_NAME sequenceNumber 2348_COMMENT the number of previous calls to this command in this sequence set to 0 on the first call 2349_OUTPUT_START TPM2_FirmwareRead 2350_TYPE TPM_ST 2351_NAME tag 2352_COMMENT see clause 8 2353_TYPE UINT32 2354_NAME responseSize 2355_TYPE TPM_RC 2356_NAME responseCode 2357_TYPE TPM2B_MAX_BUFFER 2358_NAME fuData 2359_COMMENT field upgrade image data 2360_INPUT_START TPM2_ContextSave 2361_TYPE TPMI_ST_COMMAND_TAG 2362_NAME tag 2363_COMMENT TPM_ST_NO_SESSIONS 2364_TYPE UINT32 2365_NAME commandSize 2366_TYPE TPM_CC 2367_NAME commandCode 2368_COMMENT TPM_CC_ContextSave 2369_TYPE TPMI_DH_CONTEXT 2370_NAME saveHandle 2371_COMMENT handle of the resource to save Auth Index: None 2372_OUTPUT_START TPM2_ContextSave 2373_TYPE TPM_ST 2374_NAME tag 2375_COMMENT see clause 8 2376_TYPE UINT32 2377_NAME responseSize 2378_TYPE TPM_RC 2379_NAME responseCode 2380_TYPE TPMS_CONTEXT 2381_NAME context 2382_INPUT_START TPM2_ContextLoad 2383_TYPE TPMI_ST_COMMAND_TAG 2384_NAME tag 2385_COMMENT TPM_ST_NO_SESSIONS 2386_TYPE UINT32 2387_NAME commandSize 2388_TYPE TPM_CC 2389_NAME commandCode 2390_COMMENT TPM_CC_ContextLoad 2391_TYPE TPMS_CONTEXT 2392_NAME context 2393_COMMENT the context blob 2394_OUTPUT_START TPM2_ContextLoad 2395_TYPE TPM_ST 2396_NAME tag 2397_COMMENT see clause 8 2398_TYPE UINT32 2399_NAME responseSize 2400_TYPE TPM_RC 2401_NAME responseCode 2402_TYPE TPMI_DH_CONTEXT 2403_NAME loadedHandle 2404_COMMENT the handle assigned to the resource after it has been successfully loaded 2405_INPUT_START TPM2_FlushContext 2406_TYPE TPMI_ST_COMMAND_TAG 2407_NAME tag 2408_COMMENT TPM_ST_NO_SESSIONS 2409_TYPE UINT32 2410_NAME commandSize 2411_TYPE TPM_CC 2412_NAME commandCode 2413_TYPE TPMI_DH_CONTEXT 2414_NAME flushHandle 2415_COMMENT TPM_CC_FlushContext the handle of the item to flush NOTE This is a use of a handle as a parameter. 2416_OUTPUT_START TPM2_FlushContext 2417_TYPE TPM_ST 2418_NAME tag 2419_COMMENT see clause 8 2420_TYPE UINT32 2421_NAME responseSize 2422_TYPE TPM_RC 2423_NAME responseCode 2424_INPUT_START TPM2_EvictControl 2425_TYPE TPMI_ST_COMMAND_TAG 2426_NAME tag 2427_TYPE UINT32 2428_NAME commandSize 2429_TYPE TPM_CC 2430_NAME commandCode 2431_COMMENT TPM_CC_EvictControl {NV} 2432_TYPE TPMI_RH_PROVISION 2433_NAME auth 2434_COMMENT TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER 2435_TYPE TPMI_DH_OBJECT 2436_NAME objectHandle 2437_COMMENT the handle of a loaded object Auth Index: None 2438_TYPE TPMI_DH_PERSISTENT 2439_NAME persistentHandle 2440_COMMENT if objectHandle is a transient object handle, then this is the persistent handle for the object if objectHandle is a persistent object handle, then this shall be the same value as persistentHandle 2441_OUTPUT_START TPM2_EvictControl 2442_TYPE TPM_ST 2443_NAME tag 2444_COMMENT see clause 8 2445_TYPE UINT32 2446_NAME responseSize 2447_TYPE TPM_RC 2448_NAME responseCode 2449_INPUT_START TPM2_ReadClock 2450_TYPE TPMI_ST_COMMAND_TAG 2451_NAME tag 2452_COMMENT TPM_ST_NO_SESSIONS 2453_TYPE UINT32 2454_NAME commandSize 2455_TYPE TPM_CC 2456_NAME commandCode 2457_COMMENT TPM_CC_ReadClock 2458_OUTPUT_START TPM2_ReadClock 2459_TYPE TPM_ST 2460_NAME tag 2461_COMMENT see clause 8 2462_TYPE UINT32 2463_NAME responseSize 2464_TYPE TPM_RC 2465_NAME responseCode 2466_TYPE TPMS_TIME_INFO 2467_NAME currentTime 2468_INPUT_START TPM2_ClockSet 2469_TYPE TPMI_ST_COMMAND_TAG 2470_NAME tag 2471_TYPE UINT32 2472_NAME commandSize 2473_TYPE TPM_CC 2474_NAME commandCode 2475_COMMENT TPM_CC_ClockSet {NV} 2476_TYPE TPMI_RH_PROVISION 2477_NAME auth 2478_COMMENT TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER 2479_TYPE UINT64 2480_NAME newTime 2481_COMMENT new Clock setting in milliseconds 2482_OUTPUT_START TPM2_ClockSet 2483_TYPE TPM_ST 2484_NAME tag 2485_COMMENT see clause 8 2486_TYPE UINT32 2487_NAME responseSize 2488_TYPE TPM_RC 2489_NAME responseCode 2490_INPUT_START TPM2_ClockRateAdjust 2491_TYPE TPMI_ST_COMMAND_TAG 2492_NAME tag 2493_TYPE UINT32 2494_NAME commandSize 2495_TYPE TPM_CC 2496_NAME commandCode 2497_COMMENT TPM_CC_ClockRateAdjust 2498_TYPE TPMI_RH_PROVISION 2499_NAME auth 2500_COMMENT TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER 2501_TYPE TPM_CLOCK_ADJUST 2502_NAME rateAdjust 2503_COMMENT Adjustment to current Clock update rate 2504_OUTPUT_START TPM2_ClockRateAdjust 2505_TYPE TPM_ST 2506_NAME tag 2507_COMMENT see clause 8 2508_TYPE UINT32 2509_NAME responseSize 2510_TYPE TPM_RC 2511_NAME responseCode 2512_INPUT_START TPM2_GetCapability 2513_TYPE TPMI_ST_COMMAND_TAG 2514_NAME tag 2515_TYPE UINT32 2516_NAME commandSize 2517_TYPE TPM_CC 2518_NAME commandCode 2519_COMMENT TPM_CC_GetCapability 2520_TYPE TPM_CAP 2521_NAME capability 2522_COMMENT group selection; determines the format of the response 2523_TYPE UINT32 2524_NAME property 2525_COMMENT further definition of information 2526_TYPE UINT32 2527_NAME propertyCount 2528_COMMENT number of properties of the indicated type to return 2529_OUTPUT_START TPM2_GetCapability 2530_TYPE TPM_ST 2531_NAME tag 2532_COMMENT see clause 8 2533_TYPE UINT32 2534_NAME responseSize 2535_TYPE TPM_RC 2536_NAME responseCode 2537_TYPE TPMI_YES_NO 2538_NAME moreData 2539_COMMENT flag to indicate if there are more values of this type 2540_TYPE TPMS_CAPABILITY_DATA 2541_NAME capabilityData 2542_COMMENT the capability data 2543_INPUT_START TPM2_TestParms 2544_TYPE TPMI_ST_COMMAND_TAG 2545_NAME tag 2546_TYPE UINT32 2547_NAME commandSize 2548_TYPE TPM_CC 2549_NAME commandCode 2550_COMMENT TPM_CC_TestParms 2551_TYPE TPMT_PUBLIC_PARMS 2552_NAME parameters 2553_COMMENT algorithm parameters to be validated 2554_OUTPUT_START TPM2_TestParms 2555_TYPE TPM_ST 2556_NAME tag 2557_COMMENT see clause 8 2558_TYPE UINT32 2559_NAME responseSize 2560_TYPE TPM_RC 2561_NAME responseCode 2562_INPUT_START TPM2_NV_DefineSpace 2563_TYPE TPMI_ST_COMMAND_TAG 2564_NAME tag 2565_TYPE UINT32 2566_NAME commandSize 2567_TYPE TPM_CC 2568_NAME commandCode 2569_COMMENT TPM_CC_NV_DefineSpace {NV} 2570_TYPE TPMI_RH_PROVISION 2571_NAME authHandle 2572_COMMENT TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2573_TYPE TPM2B_AUTH 2574_NAME auth 2575_COMMENT the authorization value 2576_TYPE TPM2B_NV_PUBLIC 2577_NAME publicInfo 2578_COMMENT the public parameters of the NV area 2579_OUTPUT_START TPM2_NV_DefineSpace 2580_TYPE TPM_ST 2581_NAME tag 2582_COMMENT see clause 8 2583_TYPE UINT32 2584_NAME responseSize 2585_TYPE TPM_RC 2586_NAME responseCode 2587_INPUT_START TPM2_NV_UndefineSpace 2588_TYPE TPMI_ST_COMMAND_TAG 2589_NAME tag 2590_TYPE UINT32 2591_NAME commandSize 2592_TYPE TPM_CC 2593_NAME commandCode 2594_COMMENT TPM_CC_NV_UndefineSpace {NV} 2595_TYPE TPMI_RH_PROVISION 2596_NAME authHandle 2597_COMMENT TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2598_TYPE TPMI_RH_NV_INDEX 2599_NAME nvIndex 2600_COMMENT the NV Index to remove from NV space Auth Index: None 2601_OUTPUT_START TPM2_NV_UndefineSpace 2602_TYPE TPM_ST 2603_NAME tag 2604_COMMENT see clause 8 2605_TYPE UINT32 2606_NAME responseSize 2607_TYPE TPM_RC 2608_NAME responseCode 2609_INPUT_START TPM2_NV_UndefineSpaceSpecial 2610_TYPE TPMI_ST_COMMAND_TAG 2611_NAME tag 2612_TYPE UINT32 2613_NAME commandSize 2614_TYPE TPM_CC 2615_NAME commandCode 2616_COMMENT TPM_CC_NV_UndefineSpaceSpecial {NV} 2617_TYPE TPMI_RH_NV_INDEX 2618_NAME nvIndex 2619_COMMENT Index to be deleted Auth Index: 1 Auth Role: ADMIN 2620_TYPE TPMI_RH_PLATFORM 2621_NAME platform 2622_COMMENT TPM_RH_PLATFORM + {PP} Auth Index: 2 Auth Role: USER 2623_OUTPUT_START TPM2_NV_UndefineSpaceSpecial 2624_TYPE TPM_ST 2625_NAME tag 2626_COMMENT see clause 8 2627_TYPE UINT32 2628_NAME responseSize 2629_TYPE TPM_RC 2630_NAME responseCode 2631_INPUT_START TPM2_NV_ReadPublic 2632_TYPE TPMI_ST_COMMAND_TAG 2633_NAME tag 2634_TYPE UINT32 2635_NAME commandSize 2636_TYPE TPM_CC 2637_NAME commandCode 2638_COMMENT TPM_CC_NV_ReadPublic 2639_TYPE TPMI_RH_NV_INDEX 2640_NAME nvIndex 2641_COMMENT the NV Index Auth Index: None 2642_OUTPUT_START TPM2_NV_ReadPublic 2643_TYPE TPM_ST 2644_NAME tag 2645_COMMENT see clause 8 2646_TYPE UINT32 2647_NAME responseSize 2648_TYPE TPM_RC 2649_NAME responseCode 2650_TYPE TPM2B_NV_PUBLIC 2651_NAME nvPublic 2652_COMMENT the public area of the NV Index 2653_TYPE TPM2B_NAME 2654_NAME nvName 2655_COMMENT the Name of the nvIndex 2656_INPUT_START TPM2_NV_Write 2657_TYPE TPMI_ST_COMMAND_TAG 2658_NAME tag 2659_TYPE UINT32 2660_NAME commandSize 2661_TYPE TPM_CC 2662_NAME commandCode 2663_COMMENT TPM_CC_NV_Write {NV} 2664_TYPE TPMI_RH_NV_AUTH 2665_NAME authHandle 2666_COMMENT handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2667_TYPE TPMI_RH_NV_INDEX 2668_NAME nvIndex 2669_COMMENT the NV Index of the area to write Auth Index: None 2670_TYPE TPM2B_MAX_NV_BUFFER 2671_NAME data 2672_COMMENT the data to write 2673_TYPE UINT16 2674_NAME offset 2675_COMMENT the offset into the NV Area 2676_OUTPUT_START TPM2_NV_Write 2677_TYPE TPM_ST 2678_NAME tag 2679_COMMENT see clause 8 2680_TYPE UINT32 2681_NAME responseSize 2682_TYPE TPM_RC 2683_NAME responseCode 2684_INPUT_START TPM2_NV_Increment 2685_TYPE TPMI_ST_COMMAND_TAG 2686_NAME tag 2687_TYPE UINT32 2688_NAME commandSize 2689_TYPE TPM_CC 2690_NAME commandCode 2691_COMMENT TPM_CC_NV_Increment {NV} 2692_TYPE TPMI_RH_NV_AUTH 2693_NAME authHandle 2694_COMMENT handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2695_TYPE TPMI_RH_NV_INDEX 2696_NAME nvIndex 2697_COMMENT the NV Index to increment Auth Index: None 2698_OUTPUT_START TPM2_NV_Increment 2699_TYPE TPM_ST 2700_NAME tag 2701_COMMENT see clause 8 2702_TYPE UINT32 2703_NAME responseSize 2704_TYPE TPM_RC 2705_NAME responseCode 2706_INPUT_START TPM2_NV_Extend 2707_TYPE TPMI_ST_COMMAND_TAG 2708_NAME tag 2709_TYPE UINT32 2710_NAME commandSize 2711_TYPE TPM_CC 2712_NAME commandCode 2713_COMMENT TPM_CC_NV_Extend {NV} 2714_TYPE TPMI_RH_NV_AUTH 2715_NAME authHandle 2716_COMMENT handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2717_TYPE TPMI_RH_NV_INDEX 2718_NAME nvIndex 2719_COMMENT the NV Index to extend Auth Index: None 2720_TYPE TPM2B_MAX_NV_BUFFER 2721_NAME data 2722_COMMENT the data to extend 2723_OUTPUT_START TPM2_NV_Extend 2724_TYPE TPM_ST 2725_NAME tag 2726_COMMENT see clause 8 2727_TYPE UINT32 2728_NAME responseSize 2729_TYPE TPM_RC 2730_NAME responseCode 2731_INPUT_START TPM2_NV_SetBits 2732_TYPE TPMI_ST_COMMAND_TAG 2733_NAME tag 2734_TYPE UINT32 2735_NAME commandSize 2736_TYPE TPM_CC 2737_NAME commandCode 2738_COMMENT TPM_CC_NV_SetBits {NV} 2739_TYPE TPMI_RH_NV_AUTH 2740_NAME authHandle 2741_COMMENT handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2742_TYPE TPMI_RH_NV_INDEX 2743_NAME nvIndex 2744_COMMENT NV Index of the area in which the bit is to be set Auth Index: None 2745_TYPE UINT64 2746_NAME bits 2747_COMMENT the data to OR with the current contents 2748_OUTPUT_START TPM2_NV_SetBits 2749_TYPE TPM_ST 2750_NAME tag 2751_COMMENT see clause 8 2752_TYPE UINT32 2753_NAME responseSize 2754_TYPE TPM_RC 2755_NAME responseCode 2756_COMMENT 33.10.3 1 2 3 2757_INPUT_START TPM2_NV_WriteLock 2758_TYPE TPMI_ST_COMMAND_TAG 2759_NAME tag 2760_TYPE UINT32 2761_NAME commandSize 2762_TYPE TPM_CC 2763_NAME commandCode 2764_COMMENT TPM_CC_NV_WriteLock {NV} 2765_TYPE TPMI_RH_NV_AUTH 2766_NAME authHandle 2767_COMMENT handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2768_TYPE TPMI_RH_NV_INDEX 2769_NAME nvIndex 2770_COMMENT the NV Index of the area to lock Auth Index: None 2771_OUTPUT_START TPM2_NV_WriteLock 2772_TYPE TPM_ST 2773_NAME tag 2774_COMMENT see clause 8 2775_TYPE UINT32 2776_NAME responseSize 2777_TYPE TPM_RC 2778_NAME responseCode 2779_COMMENT 33.11.3 1 2 3 2780_INPUT_START TPM2_NV_GlobalWriteLock 2781_TYPE TPMI_ST_COMMAND_TAG 2782_NAME tag 2783_TYPE UINT32 2784_NAME commandSize 2785_TYPE TPM_CC 2786_NAME commandCode 2787_COMMENT TPM_CC_NV_GlobalWriteLock 2788_TYPE TPMI_RH_PROVISION 2789_NAME authHandle 2790_COMMENT TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER 2791_OUTPUT_START TPM2_NV_GlobalWriteLock 2792_TYPE TPM_ST 2793_NAME tag 2794_COMMENT see clause 8 2795_TYPE UINT32 2796_NAME responseSize 2797_TYPE TPM_RC 2798_NAME responseCode 2799_COMMENT 33.12.3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 2800_INPUT_START TPM2_NV_Read 2801_TYPE TPMI_ST_COMMAND_TAG 2802_NAME tag 2803_TYPE UINT32 2804_NAME commandSize 2805_TYPE TPM_CC 2806_NAME commandCode 2807_COMMENT TPM_CC_NV_Read 2808_TYPE TPMI_RH_NV_AUTH 2809_NAME authHandle 2810_COMMENT the handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2811_TYPE TPMI_RH_NV_INDEX 2812_NAME nvIndex 2813_COMMENT the NV Index to be read Auth Index: None 2814_TYPE UINT16 2815_NAME size 2816_COMMENT number of octets to read 2817_TYPE UINT16 2818_NAME offset 2819_COMMENT octet offset into the area This value shall be less than or equal to the size of the nvIndex data. 2820_OUTPUT_START TPM2_NV_Read 2821_TYPE TPM_ST 2822_NAME tag 2823_COMMENT see clause 8 2824_TYPE UINT32 2825_NAME responseSize 2826_TYPE TPM_RC 2827_NAME responseCode 2828_TYPE TPM2B_MAX_NV_BUFFER 2829_NAME data 2830_COMMENT the data read 33.13.3 1 2 3 2831_INPUT_START TPM2_NV_ReadLock 2832_TYPE TPMI_ST_COMMAND_TAG 2833_NAME tag 2834_TYPE UINT32 2835_NAME commandSize 2836_TYPE TPM_CC 2837_NAME commandCode 2838_COMMENT TPM_CC_NV_ReadLock 2839_TYPE TPMI_RH_NV_AUTH 2840_NAME authHandle 2841_COMMENT the handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER 2842_TYPE TPMI_RH_NV_INDEX 2843_NAME nvIndex 2844_COMMENT the NV Index to be locked Auth Index: None 2845_OUTPUT_START TPM2_NV_ReadLock 2846_TYPE TPM_ST 2847_NAME tag 2848_COMMENT see clause 8 2849_TYPE UINT32 2850_NAME responseSize 2851_TYPE TPM_RC 2852_NAME responseCode 2853_COMMENT 33.14.3 1 2 3 2854_INPUT_START TPM2_NV_ChangeAuth 2855_TYPE TPMI_ST_COMMAND_TAG 2856_NAME tag 2857_TYPE UINT32 2858_NAME commandSize 2859_TYPE TPM_CC 2860_NAME commandCode 2861_COMMENT TPM_CC_NV_ChangeAuth {NV} 2862_TYPE TPMI_RH_NV_INDEX 2863_NAME nvIndex 2864_COMMENT handle of the object Auth Index: 1 Auth Role: ADMIN 2865_TYPE TPM2B_AUTH 2866_NAME newAuth 2867_COMMENT new authorization value 2868_OUTPUT_START TPM2_NV_ChangeAuth 2869_TYPE TPM_ST 2870_NAME tag 2871_COMMENT see clause 8 2872_TYPE UINT32 2873_NAME responseSize 2874_TYPE TPM_RC 2875_NAME responseCode 2876_COMMENT 33.15.3 1 2 2877_INPUT_START TPM2_NV_Certify 2878_TYPE TPMI_ST_COMMAND_TAG 2879_NAME tag 2880_TYPE UINT32 2881_NAME commandSize 2882_TYPE TPM_CC 2883_NAME commandCode 2884_COMMENT TPM_CC_NV_Certify 2885_TYPE TPMI_DH_OBJECT+ 2886_NAME signHandle 2887_COMMENT handle of the key used to sign the attestation structure Auth Index: 1 Auth Role: USER 2888_TYPE TPMI_RH_NV_AUTH 2889_NAME authHandle 2890_COMMENT handle indicating the source of the authorization value for the NV Index Auth Index: 2 Auth Role: USER 2891_TYPE TPMI_RH_NV_INDEX 2892_NAME nvIndex 2893_COMMENT Index for the area to be certified Auth Index: None 2894_TYPE TPM2B_DATA 2895_NAME qualifyingData 2896_COMMENT user-provided qualifying data 2897_TYPE TPMT_SIG_SCHEME+ 2898_NAME inScheme 2899_COMMENT signing scheme to use if the scheme for signHandle is TPM_ALG_NULL 2900_TYPE UINT16 2901_NAME size 2902_COMMENT number of octets to certify 2903_TYPE UINT16 2904_NAME offset 2905_COMMENT octet offset into the area This value shall be less than or equal to the size of the nvIndex data. 2906_OUTPUT_START TPM2_NV_Certify 2907_TYPE TPM_ST 2908_NAME tag 2909_COMMENT see clause 8 2910_TYPE UINT32 2911_NAME responseSize 2912_TYPE TPM_RC 2913_NAME responseCode 2914_COMMENT . 2915_TYPE TPM2B_ATTEST 2916_NAME certifyInfo 2917_COMMENT the structure that was signed 2918_TYPE TPMT_SIGNATURE 2919_NAME signature 2920_COMMENT the asymmetric signature over certifyInfo using the key referenced by signHandle 33.16.3 1 2 3 4 2921_END 2922