Tpm2Hierarchy.c File Reference

#include <IndustryStandard/UefiTcgPlatform.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/Tpm2DeviceLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>

Go to the source code of this file.

Data Structures
struct	TPM2_SET_PRIMARY_POLICY_COMMAND
struct	TPM2_SET_PRIMARY_POLICY_RESPONSE
struct	TPM2_CLEAR_COMMAND
struct	TPM2_CLEAR_RESPONSE
struct	TPM2_CLEAR_CONTROL_COMMAND
struct	TPM2_CLEAR_CONTROL_RESPONSE
struct	TPM2_HIERARCHY_CHANGE_AUTH_COMMAND
struct	TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE
struct	TPM2_CHANGE_EPS_COMMAND
struct	TPM2_CHANGE_EPS_RESPONSE
struct	TPM2_CHANGE_PPS_COMMAND
struct	TPM2_CHANGE_PPS_RESPONSE
struct	TPM2_HIERARCHY_CONTROL_COMMAND
struct	TPM2_HIERARCHY_CONTROL_RESPONSE

Functions
EFI_STATUS EFIAPI	Tpm2SetPrimaryPolicy (IN TPMI_RH_HIERARCHY_AUTH AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPM2B_DIGEST *AuthPolicy, IN TPMI_ALG_HASH HashAlg)
EFI_STATUS EFIAPI	Tpm2Clear (IN TPMI_RH_CLEAR AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL)
EFI_STATUS EFIAPI	Tpm2ClearControl (IN TPMI_RH_CLEAR AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, IN TPMI_YES_NO Disable)
EFI_STATUS EFIAPI	Tpm2HierarchyChangeAuth (IN TPMI_RH_HIERARCHY_AUTH AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPM2B_AUTH *NewAuth)
EFI_STATUS EFIAPI	Tpm2ChangeEPS (IN TPMI_RH_PLATFORM AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession)
EFI_STATUS EFIAPI	Tpm2ChangePPS (IN TPMI_RH_PLATFORM AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession)
EFI_STATUS EFIAPI	Tpm2HierarchyControl (IN TPMI_RH_HIERARCHY AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPMI_RH_HIERARCHY Hierarchy, IN TPMI_YES_NO State)

Detailed Description

Implement TPM2 Hierarchy related command.

Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file Tpm2Hierarchy.c.

Function Documentation

Tpm2ChangeEPS()

EFI_STATUS EFIAPI Tpm2ChangeEPS	(	IN TPMI_RH_PLATFORM	AuthHandle,
		IN TPMS_AUTH_COMMAND *	AuthSession
	)

This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to their default initialization values.

Parameters

[in]	AuthHandle	TPM_RH_PLATFORM+{PP}
[in]	AuthSession	Auth Session context

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 508 of file Tpm2Hierarchy.c.

Tpm2ChangePPS()

EFI_STATUS EFIAPI Tpm2ChangePPS	(	IN TPMI_RH_PLATFORM	AuthHandle,
		IN TPMS_AUTH_COMMAND *	AuthSession
	)

This replaces the current PPS with a value from the RNG and sets platformPolicy to the default initialization value (the Empty Buffer).

Parameters

[in]	AuthHandle	TPM_RH_PLATFORM+{PP}
[in]	AuthSession	Auth Session context

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 606 of file Tpm2Hierarchy.c.

Tpm2Clear()

EFI_STATUS EFIAPI Tpm2Clear	(	IN TPMI_RH_CLEAR	AuthHandle,
		IN TPMS_AUTH_COMMAND *AuthSession	OPTIONAL
	)

This command removes all TPM context associated with a specific Owner.

Parameters

[in]	AuthHandle	TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
[in]	AuthSession	Auth Session context

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 218 of file Tpm2Hierarchy.c.

Tpm2ClearControl()

EFI_STATUS EFIAPI Tpm2ClearControl	(	IN TPMI_RH_CLEAR	AuthHandle,
		IN TPMS_AUTH_COMMAND *AuthSession	OPTIONAL,
		IN TPMI_YES_NO	Disable
	)

Disables and enables the execution of TPM2_Clear().

Parameters

[in]	AuthHandle	TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
[in]	AuthSession	Auth Session context
[in]	Disable	YES if the disableOwnerClear flag is to be SET, NO if the flag is to be CLEAR.

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 307 of file Tpm2Hierarchy.c.

Tpm2HierarchyChangeAuth()

EFI_STATUS EFIAPI Tpm2HierarchyChangeAuth	(	IN TPMI_RH_HIERARCHY_AUTH	AuthHandle,
		IN TPMS_AUTH_COMMAND *	AuthSession,
		IN TPM2B_AUTH *	NewAuth
	)

This command allows the authorization secret for a hierarchy or lockout to be changed using the current authorization value as the command authorization.

Parameters

[in]	AuthHandle	TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
[in]	AuthSession	Auth Session context
[in]	NewAuth	New authorization secret

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 401 of file Tpm2Hierarchy.c.

Tpm2HierarchyControl()

EFI_STATUS EFIAPI Tpm2HierarchyControl	(	IN TPMI_RH_HIERARCHY	AuthHandle,
		IN TPMS_AUTH_COMMAND *	AuthSession,
		IN TPMI_RH_HIERARCHY	Hierarchy,
		IN TPMI_YES_NO	State
	)

This command enables and disables use of a hierarchy.

Parameters

[in]	AuthHandle	TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
[in]	AuthSession	Auth Session context
[in]	Hierarchy	Hierarchy of the enable being modified
[in]	State	YES if the enable should be SET, NO if the enable should be CLEAR

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 706 of file Tpm2Hierarchy.c.

Tpm2SetPrimaryPolicy()

EFI_STATUS EFIAPI Tpm2SetPrimaryPolicy	(	IN TPMI_RH_HIERARCHY_AUTH	AuthHandle,
		IN TPMS_AUTH_COMMAND *	AuthSession,
		IN TPM2B_DIGEST *	AuthPolicy,
		IN TPMI_ALG_HASH	HashAlg
	)

This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).

Parameters

[in]	AuthHandle	TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
[in]	AuthSession	Auth Session context
[in]	AuthPolicy	An authorization policy hash
[in]	HashAlg	The hash algorithm to use for the policy

Return values

EFI_SUCCESS	Operation completed successfully.
EFI_DEVICE_ERROR	Unexpected device behavior.

Definition at line 131 of file Tpm2Hierarchy.c.