1 /** @file 2 This library is used by other modules to send TPM2 command. 3 4 Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 http://opensource.org/licenses/bsd-license.php 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13 **/ 14 15 #ifndef _TPM2_COMMAND_LIB_H_ 16 #define _TPM2_COMMAND_LIB_H_ 17 18 #include <IndustryStandard/Tpm20.h> 19 20 /** 21 This command starts a hash or an Event sequence. 22 If hashAlg is an implemented hash, then a hash sequence is started. 23 If hashAlg is TPM_ALG_NULL, then an Event sequence is started. 24 25 @param[in] HashAlg The hash algorithm to use for the hash sequence 26 An Event sequence starts if this is TPM_ALG_NULL. 27 @param[out] SequenceHandle A handle to reference the sequence 28 29 @retval EFI_SUCCESS Operation completed successfully. 30 @retval EFI_DEVICE_ERROR Unexpected device behavior. 31 **/ 32 EFI_STATUS 33 EFIAPI 34 Tpm2HashSequenceStart ( 35 IN TPMI_ALG_HASH HashAlg, 36 OUT TPMI_DH_OBJECT *SequenceHandle 37 ); 38 39 /** 40 This command is used to add data to a hash or HMAC sequence. 41 The amount of data in buffer may be any size up to the limits of the TPM. 42 NOTE: In all TPM, a buffer size of 1,024 octets is allowed. 43 44 @param[in] SequenceHandle Handle for the sequence object 45 @param[in] Buffer Data to be added to hash 46 47 @retval EFI_SUCCESS Operation completed successfully. 48 @retval EFI_DEVICE_ERROR Unexpected device behavior. 49 **/ 50 EFI_STATUS 51 EFIAPI 52 Tpm2SequenceUpdate ( 53 IN TPMI_DH_OBJECT SequenceHandle, 54 IN TPM2B_MAX_BUFFER *Buffer 55 ); 56 57 /** 58 This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list. 59 If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in 60 the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each 61 bank extended with the associated digest value. 62 63 @param[in] PcrHandle PCR to be extended with the Event data 64 @param[in] SequenceHandle Authorization for the sequence 65 @param[in] Buffer Data to be added to the Event 66 @param[out] Results List of digests computed for the PCR 67 68 @retval EFI_SUCCESS Operation completed successfully. 69 @retval EFI_DEVICE_ERROR Unexpected device behavior. 70 **/ 71 EFI_STATUS 72 EFIAPI 73 Tpm2EventSequenceComplete ( 74 IN TPMI_DH_PCR PcrHandle, 75 IN TPMI_DH_OBJECT SequenceHandle, 76 IN TPM2B_MAX_BUFFER *Buffer, 77 OUT TPML_DIGEST_VALUES *Results 78 ); 79 80 /** 81 This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result. 82 83 @param[in] SequenceHandle Authorization for the sequence 84 @param[in] Buffer Data to be added to the hash/HMAC 85 @param[out] Result The returned HMAC or digest in a sized buffer 86 87 @retval EFI_SUCCESS Operation completed successfully. 88 @retval EFI_DEVICE_ERROR Unexpected device behavior. 89 **/ 90 EFI_STATUS 91 EFIAPI 92 Tpm2SequenceComplete ( 93 IN TPMI_DH_OBJECT SequenceHandle, 94 IN TPM2B_MAX_BUFFER *Buffer, 95 OUT TPM2B_DIGEST *Result 96 ); 97 98 /** 99 Send Startup command to TPM2. 100 101 @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE 102 103 @retval EFI_SUCCESS Operation completed successfully. 104 @retval EFI_DEVICE_ERROR Unexpected device behavior. 105 **/ 106 EFI_STATUS 107 EFIAPI 108 Tpm2Startup ( 109 IN TPM_SU StartupType 110 ); 111 112 /** 113 Send Shutdown command to TPM2. 114 115 @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE. 116 117 @retval EFI_SUCCESS Operation completed successfully. 118 @retval EFI_DEVICE_ERROR Unexpected device behavior. 119 **/ 120 EFI_STATUS 121 EFIAPI 122 Tpm2Shutdown ( 123 IN TPM_SU ShutdownType 124 ); 125 126 /** 127 This command causes the TPM to perform a test of its capabilities. 128 If the fullTest is YES, the TPM will test all functions. 129 If fullTest = NO, the TPM will only test those functions that have not previously been tested. 130 131 @param[in] FullTest YES if full test to be performed 132 NO if only test of untested functions required 133 134 @retval EFI_SUCCESS Operation completed successfully. 135 @retval EFI_DEVICE_ERROR Unexpected device behavior. 136 **/ 137 EFI_STATUS 138 EFIAPI 139 Tpm2SelfTest ( 140 IN TPMI_YES_NO FullTest 141 ); 142 143 /** 144 This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the 145 storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy). 146 147 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated 148 @param[in] AuthSession Auth Session context 149 @param[in] AuthPolicy An authorization policy hash 150 @param[in] HashAlg The hash algorithm to use for the policy 151 152 @retval EFI_SUCCESS Operation completed successfully. 153 @retval EFI_DEVICE_ERROR Unexpected device behavior. 154 **/ 155 EFI_STATUS 156 EFIAPI 157 Tpm2SetPrimaryPolicy ( 158 IN TPMI_RH_HIERARCHY_AUTH AuthHandle, 159 IN TPMS_AUTH_COMMAND *AuthSession, 160 IN TPM2B_DIGEST *AuthPolicy, 161 IN TPMI_ALG_HASH HashAlg 162 ); 163 164 /** 165 This command removes all TPM context associated with a specific Owner. 166 167 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} 168 @param[in] AuthSession Auth Session context 169 170 @retval EFI_SUCCESS Operation completed successfully. 171 @retval EFI_DEVICE_ERROR Unexpected device behavior. 172 **/ 173 EFI_STATUS 174 EFIAPI 175 Tpm2Clear ( 176 IN TPMI_RH_CLEAR AuthHandle, 177 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL 178 ); 179 180 /** 181 Disables and enables the execution of TPM2_Clear(). 182 183 @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} 184 @param[in] AuthSession Auth Session context 185 @param[in] Disable YES if the disableOwnerClear flag is to be SET, 186 NO if the flag is to be CLEAR. 187 188 @retval EFI_SUCCESS Operation completed successfully. 189 @retval EFI_DEVICE_ERROR Unexpected device behavior. 190 **/ 191 EFI_STATUS 192 EFIAPI 193 Tpm2ClearControl ( 194 IN TPMI_RH_CLEAR AuthHandle, 195 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL 196 IN TPMI_YES_NO Disable 197 ); 198 199 /** 200 This command allows the authorization secret for a hierarchy or lockout to be changed using the current 201 authorization value as the command authorization. 202 203 @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} 204 @param[in] AuthSession Auth Session context 205 @param[in] NewAuth New authorization secret 206 207 @retval EFI_SUCCESS Operation completed successfully. 208 @retval EFI_DEVICE_ERROR Unexpected device behavior. 209 **/ 210 EFI_STATUS 211 EFIAPI 212 Tpm2HierarchyChangeAuth ( 213 IN TPMI_RH_HIERARCHY_AUTH AuthHandle, 214 IN TPMS_AUTH_COMMAND *AuthSession, 215 IN TPM2B_AUTH *NewAuth 216 ); 217 218 /** 219 This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to 220 their default initialization values. 221 222 @param[in] AuthHandle TPM_RH_PLATFORM+{PP} 223 @param[in] AuthSession Auth Session context 224 225 @retval EFI_SUCCESS Operation completed successfully. 226 @retval EFI_DEVICE_ERROR Unexpected device behavior. 227 **/ 228 EFI_STATUS 229 EFIAPI 230 Tpm2ChangeEPS ( 231 IN TPMI_RH_PLATFORM AuthHandle, 232 IN TPMS_AUTH_COMMAND *AuthSession 233 ); 234 235 /** 236 This replaces the current PPS with a value from the RNG and sets platformPolicy to the default 237 initialization value (the Empty Buffer). 238 239 @param[in] AuthHandle TPM_RH_PLATFORM+{PP} 240 @param[in] AuthSession Auth Session context 241 242 @retval EFI_SUCCESS Operation completed successfully. 243 @retval EFI_DEVICE_ERROR Unexpected device behavior. 244 **/ 245 EFI_STATUS 246 EFIAPI 247 Tpm2ChangePPS ( 248 IN TPMI_RH_PLATFORM AuthHandle, 249 IN TPMS_AUTH_COMMAND *AuthSession 250 ); 251 252 /** 253 This command enables and disables use of a hierarchy. 254 255 @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} 256 @param[in] AuthSession Auth Session context 257 @param[in] Hierarchy Hierarchy of the enable being modified 258 @param[in] State YES if the enable should be SET, 259 NO if the enable should be CLEAR 260 261 @retval EFI_SUCCESS Operation completed successfully. 262 @retval EFI_DEVICE_ERROR Unexpected device behavior. 263 **/ 264 EFI_STATUS 265 EFIAPI 266 Tpm2HierarchyControl ( 267 IN TPMI_RH_HIERARCHY AuthHandle, 268 IN TPMS_AUTH_COMMAND *AuthSession, 269 IN TPMI_RH_HIERARCHY Hierarchy, 270 IN TPMI_YES_NO State 271 ); 272 273 /** 274 This command cancels the effect of a TPM lockout due to a number of successive authorization failures. 275 If this command is properly authorized, the lockout counter is set to zero. 276 277 @param[in] LockHandle LockHandle 278 @param[in] AuthSession Auth Session context 279 280 @retval EFI_SUCCESS Operation completed successfully. 281 @retval EFI_DEVICE_ERROR Unexpected device behavior. 282 **/ 283 EFI_STATUS 284 EFIAPI 285 Tpm2DictionaryAttackLockReset ( 286 IN TPMI_RH_LOCKOUT LockHandle, 287 IN TPMS_AUTH_COMMAND *AuthSession 288 ); 289 290 /** 291 This command cancels the effect of a TPM lockout due to a number of successive authorization failures. 292 If this command is properly authorized, the lockout counter is set to zero. 293 294 @param[in] LockHandle LockHandle 295 @param[in] AuthSession Auth Session context 296 @param[in] NewMaxTries Count of authorization failures before the lockout is imposed 297 @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented 298 @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed 299 300 @retval EFI_SUCCESS Operation completed successfully. 301 @retval EFI_DEVICE_ERROR Unexpected device behavior. 302 **/ 303 EFI_STATUS 304 EFIAPI 305 Tpm2DictionaryAttackParameters ( 306 IN TPMI_RH_LOCKOUT LockHandle, 307 IN TPMS_AUTH_COMMAND *AuthSession, 308 IN UINT32 NewMaxTries, 309 IN UINT32 NewRecoveryTime, 310 IN UINT32 LockoutRecovery 311 ); 312 313 /** 314 This command is used to read the public area and Name of an NV Index. 315 316 @param[in] NvIndex The NV Index. 317 @param[out] NvPublic The public area of the index. 318 @param[out] NvName The Name of the nvIndex. 319 320 @retval EFI_SUCCESS Operation completed successfully. 321 @retval EFI_DEVICE_ERROR The command was unsuccessful. 322 **/ 323 EFI_STATUS 324 EFIAPI 325 Tpm2NvReadPublic ( 326 IN TPMI_RH_NV_INDEX NvIndex, 327 OUT TPM2B_NV_PUBLIC *NvPublic, 328 OUT TPM2B_NAME *NvName 329 ); 330 331 /** 332 This command defines the attributes of an NV Index and causes the TPM to 333 reserve space to hold the data associated with the index. 334 If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED. 335 336 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. 337 @param[in] AuthSession Auth Session context 338 @param[in] Auth The authorization data. 339 @param[in] NvPublic The public area of the index. 340 341 @retval EFI_SUCCESS Operation completed successfully. 342 @retval EFI_DEVICE_ERROR The command was unsuccessful. 343 @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined. 344 **/ 345 EFI_STATUS 346 EFIAPI 347 Tpm2NvDefineSpace ( 348 IN TPMI_RH_PROVISION AuthHandle, 349 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL 350 IN TPM2B_AUTH *Auth, 351 IN TPM2B_NV_PUBLIC *NvPublic 352 ); 353 354 /** 355 This command removes an index from the TPM. 356 357 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. 358 @param[in] NvIndex The NV Index. 359 @param[in] AuthSession Auth Session context 360 361 @retval EFI_SUCCESS Operation completed successfully. 362 @retval EFI_DEVICE_ERROR The command was unsuccessful. 363 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. 364 **/ 365 EFI_STATUS 366 EFIAPI 367 Tpm2NvUndefineSpace ( 368 IN TPMI_RH_PROVISION AuthHandle, 369 IN TPMI_RH_NV_INDEX NvIndex, 370 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL 371 ); 372 373 /** 374 This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace(). 375 376 @param[in] AuthHandle the handle indicating the source of the authorization value. 377 @param[in] NvIndex The index to be read. 378 @param[in] AuthSession Auth Session context 379 @param[in] Size Number of bytes to read. 380 @param[in] Offset Byte offset into the area. 381 @param[in,out] OutData The data read. 382 383 @retval EFI_SUCCESS Operation completed successfully. 384 @retval EFI_DEVICE_ERROR The command was unsuccessful. 385 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. 386 **/ 387 EFI_STATUS 388 EFIAPI 389 Tpm2NvRead ( 390 IN TPMI_RH_NV_AUTH AuthHandle, 391 IN TPMI_RH_NV_INDEX NvIndex, 392 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL 393 IN UINT16 Size, 394 IN UINT16 Offset, 395 IN OUT TPM2B_MAX_BUFFER *OutData 396 ); 397 398 /** 399 This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace(). 400 401 @param[in] AuthHandle the handle indicating the source of the authorization value. 402 @param[in] NvIndex The NV Index of the area to write. 403 @param[in] AuthSession Auth Session context 404 @param[in] InData The data to write. 405 @param[in] Offset The offset into the NV Area. 406 407 @retval EFI_SUCCESS Operation completed successfully. 408 @retval EFI_DEVICE_ERROR The command was unsuccessful. 409 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. 410 **/ 411 EFI_STATUS 412 EFIAPI 413 Tpm2NvWrite ( 414 IN TPMI_RH_NV_AUTH AuthHandle, 415 IN TPMI_RH_NV_INDEX NvIndex, 416 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL 417 IN TPM2B_MAX_BUFFER *InData, 418 IN UINT16 Offset 419 ); 420 421 /** 422 This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR). 423 424 @param[in] AuthHandle the handle indicating the source of the authorization value. 425 @param[in] NvIndex The NV Index of the area to lock. 426 @param[in] AuthSession Auth Session context 427 428 @retval EFI_SUCCESS Operation completed successfully. 429 @retval EFI_DEVICE_ERROR The command was unsuccessful. 430 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. 431 **/ 432 EFI_STATUS 433 EFIAPI 434 Tpm2NvReadLock ( 435 IN TPMI_RH_NV_AUTH AuthHandle, 436 IN TPMI_RH_NV_INDEX NvIndex, 437 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL 438 ); 439 440 /** 441 This command may be used to inhibit further writes of the Index. 442 443 @param[in] AuthHandle the handle indicating the source of the authorization value. 444 @param[in] NvIndex The NV Index of the area to lock. 445 @param[in] AuthSession Auth Session context 446 447 @retval EFI_SUCCESS Operation completed successfully. 448 @retval EFI_DEVICE_ERROR The command was unsuccessful. 449 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. 450 **/ 451 EFI_STATUS 452 EFIAPI 453 Tpm2NvWriteLock ( 454 IN TPMI_RH_NV_AUTH AuthHandle, 455 IN TPMI_RH_NV_INDEX NvIndex, 456 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL 457 ); 458 459 /** 460 The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET. 461 462 @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. 463 @param[in] AuthSession Auth Session context 464 465 @retval EFI_SUCCESS Operation completed successfully. 466 @retval EFI_DEVICE_ERROR The command was unsuccessful. 467 @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. 468 **/ 469 EFI_STATUS 470 EFIAPI 471 Tpm2NvGlobalWriteLock ( 472 IN TPMI_RH_PROVISION AuthHandle, 473 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL 474 ); 475 476 /** 477 This command is used to cause an update to the indicated PCR. 478 The digests parameter contains one or more tagged digest value identified by an algorithm ID. 479 For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg). 480 481 @param[in] PcrHandle Handle of the PCR 482 @param[in] Digests List of tagged digest values to be extended 483 484 @retval EFI_SUCCESS Operation completed successfully. 485 @retval EFI_DEVICE_ERROR Unexpected device behavior. 486 **/ 487 EFI_STATUS 488 EFIAPI 489 Tpm2PcrExtend ( 490 IN TPMI_DH_PCR PcrHandle, 491 IN TPML_DIGEST_VALUES *Digests 492 ); 493 494 /** 495 This command is used to cause an update to the indicated PCR. 496 The data in eventData is hashed using the hash algorithm associated with each bank in which the 497 indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle 498 references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in 499 TPM2_PCR_Extend(). 500 A TPM shall support an Event.size of zero through 1,024 inclusive. 501 502 @param[in] PcrHandle Handle of the PCR 503 @param[in] EventData Event data in sized buffer 504 @param[out] Digests List of digest 505 506 @retval EFI_SUCCESS Operation completed successfully. 507 @retval EFI_DEVICE_ERROR Unexpected device behavior. 508 **/ 509 EFI_STATUS 510 EFIAPI 511 Tpm2PcrEvent ( 512 IN TPMI_DH_PCR PcrHandle, 513 IN TPM2B_EVENT *EventData, 514 OUT TPML_DIGEST_VALUES *Digests 515 ); 516 517 /** 518 This command returns the values of all PCR specified in pcrSelect. 519 520 @param[in] PcrSelectionIn The selection of PCR to read. 521 @param[out] PcrUpdateCounter The current value of the PCR update counter. 522 @param[out] PcrSelectionOut The PCR in the returned list. 523 @param[out] PcrValues The contents of the PCR indicated in pcrSelect. 524 525 @retval EFI_SUCCESS Operation completed successfully. 526 @retval EFI_DEVICE_ERROR The command was unsuccessful. 527 **/ 528 EFI_STATUS 529 EFIAPI 530 Tpm2PcrRead ( 531 IN TPML_PCR_SELECTION *PcrSelectionIn, 532 OUT UINT32 *PcrUpdateCounter, 533 OUT TPML_PCR_SELECTION *PcrSelectionOut, 534 OUT TPML_DIGEST *PcrValues 535 ); 536 537 /** 538 This command is used to set the desired PCR allocation of PCR and algorithms. 539 540 @param[in] AuthHandle TPM_RH_PLATFORM+{PP} 541 @param[in] AuthSession Auth Session context 542 @param[in] PcrAllocation The requested allocation 543 @param[out] AllocationSuccess YES if the allocation succeeded 544 @param[out] MaxPCR maximum number of PCR that may be in a bank 545 @param[out] SizeNeeded number of octets required to satisfy the request 546 @param[out] SizeAvailable Number of octets available. Computed before the allocation 547 548 @retval EFI_SUCCESS Operation completed successfully. 549 @retval EFI_DEVICE_ERROR The command was unsuccessful. 550 **/ 551 EFI_STATUS 552 EFIAPI 553 Tpm2PcrAllocate ( 554 IN TPMI_RH_PLATFORM AuthHandle, 555 IN TPMS_AUTH_COMMAND *AuthSession, 556 IN TPML_PCR_SELECTION *PcrAllocation, 557 OUT TPMI_YES_NO *AllocationSuccess, 558 OUT UINT32 *MaxPCR, 559 OUT UINT32 *SizeNeeded, 560 OUT UINT32 *SizeAvailable 561 ); 562 563 /** 564 This command returns various information regarding the TPM and its current state. 565 566 The capability parameter determines the category of data returned. The property parameter 567 selects the first value of the selected category to be returned. If there is no property 568 that corresponds to the value of property, the next higher value is returned, if it exists. 569 The moreData parameter will have a value of YES if there are more values of the requested 570 type that were not returned. 571 If no next capability exists, the TPM will return a zero-length list and moreData will have 572 a value of NO. 573 574 NOTE: 575 To simplify this function, leave returned CapabilityData for caller to unpack since there are 576 many capability categories and only few categories will be used in firmware. It means the caller 577 need swap the byte order for the feilds in CapabilityData. 578 579 @param[in] Capability Group selection; determines the format of the response. 580 @param[in] Property Further definition of information. 581 @param[in] PropertyCount Number of properties of the indicated type to return. 582 @param[out] MoreData Flag to indicate if there are more values of this type. 583 @param[out] CapabilityData The capability data. 584 585 @retval EFI_SUCCESS Operation completed successfully. 586 @retval EFI_DEVICE_ERROR The command was unsuccessful. 587 **/ 588 EFI_STATUS 589 EFIAPI 590 Tpm2GetCapability ( 591 IN TPM_CAP Capability, 592 IN UINT32 Property, 593 IN UINT32 PropertyCount, 594 OUT TPMI_YES_NO *MoreData, 595 OUT TPMS_CAPABILITY_DATA *CapabilityData 596 ); 597 598 /** 599 This command returns the information of TPM Family. 600 601 This function parse the value got from TPM2_GetCapability and return the Family. 602 603 @param[out] Family The Family of TPM. (a 4-octet character string) 604 605 @retval EFI_SUCCESS Operation completed successfully. 606 @retval EFI_DEVICE_ERROR The command was unsuccessful. 607 **/ 608 EFI_STATUS 609 EFIAPI 610 Tpm2GetCapabilityFamily ( 611 OUT CHAR8 *Family 612 ); 613 614 /** 615 This command returns the information of TPM manufacture ID. 616 617 This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID. 618 619 @param[out] ManufactureId The manufacture ID of TPM. 620 621 @retval EFI_SUCCESS Operation completed successfully. 622 @retval EFI_DEVICE_ERROR The command was unsuccessful. 623 **/ 624 EFI_STATUS 625 EFIAPI 626 Tpm2GetCapabilityManufactureID ( 627 OUT UINT32 *ManufactureId 628 ); 629 630 /** 631 This command returns the information of TPM FirmwareVersion. 632 633 This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion. 634 635 @param[out] FirmwareVersion1 The FirmwareVersion1. 636 @param[out] FirmwareVersion2 The FirmwareVersion2. 637 638 @retval EFI_SUCCESS Operation completed successfully. 639 @retval EFI_DEVICE_ERROR The command was unsuccessful. 640 **/ 641 EFI_STATUS 642 EFIAPI 643 Tpm2GetCapabilityFirmwareVersion ( 644 OUT UINT32 *FirmwareVersion1, 645 OUT UINT32 *FirmwareVersion2 646 ); 647 648 /** 649 This command returns the information of the maximum value for commandSize and responseSize in a command. 650 651 This function parse the value got from TPM2_GetCapability and return the max command size and response size 652 653 @param[out] MaxCommandSize The maximum value for commandSize in a command. 654 @param[out] MaxResponseSize The maximum value for responseSize in a command. 655 656 @retval EFI_SUCCESS Operation completed successfully. 657 @retval EFI_DEVICE_ERROR The command was unsuccessful. 658 **/ 659 EFI_STATUS 660 EFIAPI 661 Tpm2GetCapabilityMaxCommandResponseSize ( 662 OUT UINT32 *MaxCommandSize, 663 OUT UINT32 *MaxResponseSize 664 ); 665 666 /** 667 This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an 668 algorithm ID and a set of properties of the algorithm. 669 670 This function parse the value got from TPM2_GetCapability and return the list. 671 672 @param[out] AlgList List of algorithm. 673 674 @retval EFI_SUCCESS Operation completed successfully. 675 @retval EFI_DEVICE_ERROR The command was unsuccessful. 676 **/ 677 EFI_STATUS 678 EFIAPI 679 Tpm2GetCapabilitySupportedAlg ( 680 OUT TPML_ALG_PROPERTY *AlgList 681 ); 682 683 /** 684 This command returns the information of TPM LockoutCounter. 685 686 This function parse the value got from TPM2_GetCapability and return the LockoutCounter. 687 688 @param[out] LockoutCounter The LockoutCounter of TPM. 689 690 @retval EFI_SUCCESS Operation completed successfully. 691 @retval EFI_DEVICE_ERROR The command was unsuccessful. 692 **/ 693 EFI_STATUS 694 EFIAPI 695 Tpm2GetCapabilityLockoutCounter ( 696 OUT UINT32 *LockoutCounter 697 ); 698 699 /** 700 This command returns the information of TPM LockoutInterval. 701 702 This function parse the value got from TPM2_GetCapability and return the LockoutInterval. 703 704 @param[out] LockoutInterval The LockoutInterval of TPM. 705 706 @retval EFI_SUCCESS Operation completed successfully. 707 @retval EFI_DEVICE_ERROR The command was unsuccessful. 708 **/ 709 EFI_STATUS 710 EFIAPI 711 Tpm2GetCapabilityLockoutInterval ( 712 OUT UINT32 *LockoutInterval 713 ); 714 715 /** 716 This command returns the information of TPM InputBufferSize. 717 718 This function parse the value got from TPM2_GetCapability and return the InputBufferSize. 719 720 @param[out] InputBufferSize The InputBufferSize of TPM. 721 the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) 722 723 @retval EFI_SUCCESS Operation completed successfully. 724 @retval EFI_DEVICE_ERROR The command was unsuccessful. 725 **/ 726 EFI_STATUS 727 EFIAPI 728 Tpm2GetCapabilityInputBufferSize ( 729 OUT UINT32 *InputBufferSize 730 ); 731 732 /** 733 This command returns the information of TPM PCRs. 734 735 This function parse the value got from TPM2_GetCapability and return the PcrSelection. 736 737 @param[out] Pcrs The Pcr Selection 738 739 @retval EFI_SUCCESS Operation completed successfully. 740 @retval EFI_DEVICE_ERROR The command was unsuccessful. 741 **/ 742 EFI_STATUS 743 EFIAPI 744 Tpm2GetCapabilityPcrs ( 745 OUT TPML_PCR_SELECTION *Pcrs 746 ); 747 748 /** 749 This command returns the information of TPM AlgorithmSet. 750 751 This function parse the value got from TPM2_GetCapability and return the AlgorithmSet. 752 753 @param[out] AlgorithmSet The AlgorithmSet of TPM. 754 755 @retval EFI_SUCCESS Operation completed successfully. 756 @retval EFI_DEVICE_ERROR The command was unsuccessful. 757 **/ 758 EFI_STATUS 759 EFIAPI 760 Tpm2GetCapabilityAlgorithmSet ( 761 OUT UINT32 *AlgorithmSet 762 ); 763 764 /** 765 This command is used to check to see if specific combinations of algorithm parameters are supported. 766 767 @param[in] Parameters Algorithm parameters to be validated 768 769 @retval EFI_SUCCESS Operation completed successfully. 770 @retval EFI_DEVICE_ERROR Unexpected device behavior. 771 **/ 772 EFI_STATUS 773 EFIAPI 774 Tpm2TestParms ( 775 IN TPMT_PUBLIC_PARMS *Parameters 776 ); 777 778 /** 779 This command allows the platform to change the set of algorithms that are used by the TPM. 780 The algorithmSet setting is a vendor-dependent value. 781 782 @param[in] AuthHandle TPM_RH_PLATFORM 783 @param[in] AuthSession Auth Session context 784 @param[in] AlgorithmSet A TPM vendor-dependent value indicating the 785 algorithm set selection 786 787 @retval EFI_SUCCESS Operation completed successfully. 788 @retval EFI_DEVICE_ERROR Unexpected device behavior. 789 **/ 790 EFI_STATUS 791 EFIAPI 792 Tpm2SetAlgorithmSet ( 793 IN TPMI_RH_PLATFORM AuthHandle, 794 IN TPMS_AUTH_COMMAND *AuthSession, 795 IN UINT32 AlgorithmSet 796 ); 797 798 /** 799 This command is used to start an authorization session using alternative methods of 800 establishing the session key (sessionKey) that is used for authorization and encrypting value. 801 802 @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt. 803 @param[in] Bind Entity providing the authValue. 804 @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session. 805 @param[in] Salt Value encrypted according to the type of tpmKey. 806 @param[in] SessionType Indicates the type of the session. 807 @param[in] Symmetric The algorithm and key size for parameter encryption. 808 @param[in] AuthHash Hash algorithm to use for the session. 809 @param[out] SessionHandle Handle for the newly created session. 810 @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey. 811 812 @retval EFI_SUCCESS Operation completed successfully. 813 @retval EFI_DEVICE_ERROR The command was unsuccessful. 814 **/ 815 EFI_STATUS 816 EFIAPI 817 Tpm2StartAuthSession ( 818 IN TPMI_DH_OBJECT TpmKey, 819 IN TPMI_DH_ENTITY Bind, 820 IN TPM2B_NONCE *NonceCaller, 821 IN TPM2B_ENCRYPTED_SECRET *Salt, 822 IN TPM_SE SessionType, 823 IN TPMT_SYM_DEF *Symmetric, 824 IN TPMI_ALG_HASH AuthHash, 825 OUT TPMI_SH_AUTH_SESSION *SessionHandle, 826 OUT TPM2B_NONCE *NonceTPM 827 ); 828 829 /** 830 This command causes all context associated with a loaded object or session to be removed from TPM memory. 831 832 @param[in] FlushHandle The handle of the item to flush. 833 834 @retval EFI_SUCCESS Operation completed successfully. 835 @retval EFI_DEVICE_ERROR The command was unsuccessful. 836 **/ 837 EFI_STATUS 838 EFIAPI 839 Tpm2FlushContext ( 840 IN TPMI_DH_CONTEXT FlushHandle 841 ); 842 843 /** 844 This command includes a secret-based authorization to a policy. 845 The caller proves knowledge of the secret value using an authorization 846 session using the authValue associated with authHandle. 847 848 @param[in] AuthHandle Handle for an entity providing the authorization 849 @param[in] PolicySession Handle for the policy session being extended. 850 @param[in] AuthSession Auth Session context 851 @param[in] NonceTPM The policy nonce for the session. 852 @param[in] CpHashA Digest of the command parameters to which this authorization is limited. 853 @param[in] PolicyRef A reference to a policy relating to the authorization. 854 @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. 855 @param[out] Timeout Time value used to indicate to the TPM when the ticket expires. 856 @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires. 857 858 @retval EFI_SUCCESS Operation completed successfully. 859 @retval EFI_DEVICE_ERROR The command was unsuccessful. 860 **/ 861 EFI_STATUS 862 EFIAPI 863 Tpm2PolicySecret ( 864 IN TPMI_DH_ENTITY AuthHandle, 865 IN TPMI_SH_POLICY PolicySession, 866 IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL 867 IN TPM2B_NONCE *NonceTPM, 868 IN TPM2B_DIGEST *CpHashA, 869 IN TPM2B_NONCE *PolicyRef, 870 IN INT32 Expiration, 871 OUT TPM2B_TIMEOUT *Timeout, 872 OUT TPMT_TK_AUTH *PolicyTicket 873 ); 874 875 /** 876 This command allows options in authorizations without requiring that the TPM evaluate all of the options. 877 If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that 878 satisfies the policy. This command will indicate that one of the required sets of conditions has been 879 satisfied. 880 881 @param[in] PolicySession Handle for the policy session being extended. 882 @param[in] HashList the list of hashes to check for a match. 883 884 @retval EFI_SUCCESS Operation completed successfully. 885 @retval EFI_DEVICE_ERROR The command was unsuccessful. 886 **/ 887 EFI_STATUS 888 EFIAPI 889 Tpm2PolicyOR ( 890 IN TPMI_SH_POLICY PolicySession, 891 IN TPML_DIGEST *HashList 892 ); 893 894 /** 895 This command indicates that the authorization will be limited to a specific command code. 896 897 @param[in] PolicySession Handle for the policy session being extended. 898 @param[in] Code The allowed commandCode. 899 900 @retval EFI_SUCCESS Operation completed successfully. 901 @retval EFI_DEVICE_ERROR The command was unsuccessful. 902 **/ 903 EFI_STATUS 904 EFIAPI 905 Tpm2PolicyCommandCode ( 906 IN TPMI_SH_POLICY PolicySession, 907 IN TPM_CC Code 908 ); 909 910 /** 911 This command returns the current policyDigest of the session. This command allows the TPM 912 to be used to perform the actions required to precompute the authPolicy for an object. 913 914 @param[in] PolicySession Handle for the policy session. 915 @param[out] PolicyHash the current value of the policyHash of policySession. 916 917 @retval EFI_SUCCESS Operation completed successfully. 918 @retval EFI_DEVICE_ERROR The command was unsuccessful. 919 **/ 920 EFI_STATUS 921 EFIAPI 922 Tpm2PolicyGetDigest ( 923 IN TPMI_SH_POLICY PolicySession, 924 OUT TPM2B_DIGEST *PolicyHash 925 ); 926 927 // 928 // Help function 929 // 930 931 /** 932 Copy AuthSessionIn to TPM2 command buffer. 933 934 @param [in] AuthSessionIn Input AuthSession data 935 @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer 936 937 @return AuthSession size 938 **/ 939 UINT32 940 EFIAPI 941 CopyAuthSessionCommand ( 942 IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL 943 OUT UINT8 *AuthSessionOut 944 ); 945 946 /** 947 Copy AuthSessionIn from TPM2 response buffer. 948 949 @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer 950 @param [out] AuthSessionOut Output AuthSession data 951 952 @return AuthSession size 953 **/ 954 UINT32 955 EFIAPI 956 CopyAuthSessionResponse ( 957 IN UINT8 *AuthSessionIn, 958 OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL 959 ); 960 961 /** 962 Return size of digest. 963 964 @param[in] HashAlgo Hash algorithm 965 966 @return size of digest 967 **/ 968 UINT16 969 EFIAPI 970 GetHashSizeFromAlgo ( 971 IN TPMI_ALG_HASH HashAlgo 972 ); 973 974 #endif 975