Blame view
include/tpm-v2.h
8.93 KB
ff32245bb tpm: prepare supp... |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
/* SPDX-License-Identifier: GPL-2.0+ */ /* * Copyright (c) 2018 Bootlin * Author: Miquel Raynal <miquel.raynal@bootlin.com> */ #ifndef __TPM_V2_H #define __TPM_V2_H #include <tpm-common.h> #define TPM2_DIGEST_LEN 32 /** * TPM2 Structure Tags for command/response buffers. * * @TPM2_ST_NO_SESSIONS: the command does not need an authentication. * @TPM2_ST_SESSIONS: the command needs an authentication. */ enum tpm2_structures { TPM2_ST_NO_SESSIONS = 0x8001, TPM2_ST_SESSIONS = 0x8002, }; /** * TPM2 type of boolean. */ enum tpm2_yes_no { TPMI_YES = 1, TPMI_NO = 0, }; /** * TPM2 startup values. * * @TPM2_SU_CLEAR: reset the internal state. * @TPM2_SU_STATE: restore saved state (if any). */ enum tpm2_startup_types { TPM2_SU_CLEAR = 0x0000, TPM2_SU_STATE = 0x0001, }; /** * TPM2 permanent handles. * * @TPM2_RH_OWNER: refers to the 'owner' hierarchy. * @TPM2_RS_PW: indicates a password. * @TPM2_RH_LOCKOUT: refers to the 'lockout' hierarchy. * @TPM2_RH_ENDORSEMENT: refers to the 'endorsement' hierarchy. * @TPM2_RH_PLATFORM: refers to the 'platform' hierarchy. */ enum tpm2_handles { TPM2_RH_OWNER = 0x40000001, TPM2_RS_PW = 0x40000009, TPM2_RH_LOCKOUT = 0x4000000A, TPM2_RH_ENDORSEMENT = 0x4000000B, TPM2_RH_PLATFORM = 0x4000000C, }; /** * TPM2 command codes used at the beginning of a buffer, gives the command. * * @TPM2_CC_STARTUP: TPM2_Startup(). * @TPM2_CC_SELF_TEST: TPM2_SelfTest(). * @TPM2_CC_CLEAR: TPM2_Clear(). * @TPM2_CC_CLEARCONTROL: TPM2_ClearControl(). * @TPM2_CC_HIERCHANGEAUTH: TPM2_HierarchyChangeAuth(). * @TPM2_CC_PCR_SETAUTHPOL: TPM2_PCR_SetAuthPolicy(). * @TPM2_CC_DAM_RESET: TPM2_DictionaryAttackLockReset(). * @TPM2_CC_DAM_PARAMETERS: TPM2_DictionaryAttackParameters(). * @TPM2_CC_GET_CAPABILITY: TPM2_GetCapibility(). * @TPM2_CC_PCR_READ: TPM2_PCR_Read(). * @TPM2_CC_PCR_EXTEND: TPM2_PCR_Extend(). * @TPM2_CC_PCR_SETAUTHVAL: TPM2_PCR_SetAuthValue(). */ enum tpm2_command_codes { TPM2_CC_STARTUP = 0x0144, TPM2_CC_SELF_TEST = 0x0143, TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, TPM2_CC_HIERCHANGEAUTH = 0x0129, |
b9dd4fabb tpm: add PCR auth... |
83 |
TPM2_CC_PCR_SETAUTHPOL = 0x012C, |
ff32245bb tpm: prepare supp... |
84 85 |
TPM2_CC_DAM_RESET = 0x0139, TPM2_CC_DAM_PARAMETERS = 0x013A, |
998af3190 sandbox: tpm: Tid... |
86 |
TPM2_CC_NV_READ = 0x014E, |
ff32245bb tpm: prepare supp... |
87 88 89 |
TPM2_CC_GET_CAPABILITY = 0x017A, TPM2_CC_PCR_READ = 0x017E, TPM2_CC_PCR_EXTEND = 0x0182, |
b9dd4fabb tpm: add PCR auth... |
90 |
TPM2_CC_PCR_SETAUTHVAL = 0x0183, |
ff32245bb tpm: prepare supp... |
91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
}; /** * TPM2 return codes. */ enum tpm2_return_codes { TPM2_RC_SUCCESS = 0x0000, TPM2_RC_BAD_TAG = 0x001E, TPM2_RC_FMT1 = 0x0080, TPM2_RC_HASH = TPM2_RC_FMT1 + 0x0003, TPM2_RC_VALUE = TPM2_RC_FMT1 + 0x0004, TPM2_RC_SIZE = TPM2_RC_FMT1 + 0x0015, TPM2_RC_BAD_AUTH = TPM2_RC_FMT1 + 0x0022, TPM2_RC_HANDLE = TPM2_RC_FMT1 + 0x000B, TPM2_RC_VER1 = 0x0100, TPM2_RC_INITIALIZE = TPM2_RC_VER1 + 0x0000, TPM2_RC_FAILURE = TPM2_RC_VER1 + 0x0001, TPM2_RC_DISABLED = TPM2_RC_VER1 + 0x0020, TPM2_RC_AUTH_MISSING = TPM2_RC_VER1 + 0x0025, TPM2_RC_COMMAND_CODE = TPM2_RC_VER1 + 0x0043, TPM2_RC_AUTHSIZE = TPM2_RC_VER1 + 0x0044, TPM2_RC_AUTH_CONTEXT = TPM2_RC_VER1 + 0x0045, TPM2_RC_NEEDS_TEST = TPM2_RC_VER1 + 0x0053, TPM2_RC_WARN = 0x0900, TPM2_RC_TESTING = TPM2_RC_WARN + 0x000A, TPM2_RC_REFERENCE_H0 = TPM2_RC_WARN + 0x0010, TPM2_RC_LOCKOUT = TPM2_RC_WARN + 0x0021, }; /** * TPM2 algorithms. */ enum tpm2_algorithms { TPM2_ALG_XOR = 0x0A, TPM2_ALG_SHA256 = 0x0B, TPM2_ALG_SHA384 = 0x0C, TPM2_ALG_SHA512 = 0x0D, TPM2_ALG_NULL = 0x10, }; |
be8a025ed tpm: Add non-vola... |
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
/* NV index attributes */ enum tpm_index_attrs { TPMA_NV_PPWRITE = 1UL << 0, TPMA_NV_OWNERWRITE = 1UL << 1, TPMA_NV_AUTHWRITE = 1UL << 2, TPMA_NV_POLICYWRITE = 1UL << 3, TPMA_NV_COUNTER = 1UL << 4, TPMA_NV_BITS = 1UL << 5, TPMA_NV_EXTEND = 1UL << 6, TPMA_NV_POLICY_DELETE = 1UL << 10, TPMA_NV_WRITELOCKED = 1UL << 11, TPMA_NV_WRITEALL = 1UL << 12, TPMA_NV_WRITEDEFINE = 1UL << 13, TPMA_NV_WRITE_STCLEAR = 1UL << 14, TPMA_NV_GLOBALLOCK = 1UL << 15, TPMA_NV_PPREAD = 1UL << 16, TPMA_NV_OWNERREAD = 1UL << 17, TPMA_NV_AUTHREAD = 1UL << 18, TPMA_NV_POLICYREAD = 1UL << 19, TPMA_NV_NO_DA = 1UL << 25, TPMA_NV_ORDERLY = 1UL << 26, TPMA_NV_CLEAR_STCLEAR = 1UL << 27, TPMA_NV_READLOCKED = 1UL << 28, TPMA_NV_WRITTEN = 1UL << 29, TPMA_NV_PLATFORMCREATE = 1UL << 30, TPMA_NV_READ_STCLEAR = 1UL << 31, TPMA_NV_MASK_READ = TPMA_NV_PPREAD | TPMA_NV_OWNERREAD | TPMA_NV_AUTHREAD | TPMA_NV_POLICYREAD, TPMA_NV_MASK_WRITE = TPMA_NV_PPWRITE | TPMA_NV_OWNERWRITE | TPMA_NV_AUTHWRITE | TPMA_NV_POLICYWRITE, }; |
1400a7f3d tpm: Add more TPM... |
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
enum { TPM_ACCESS_VALID = 1 << 7, TPM_ACCESS_ACTIVE_LOCALITY = 1 << 5, TPM_ACCESS_REQUEST_PENDING = 1 << 2, TPM_ACCESS_REQUEST_USE = 1 << 1, TPM_ACCESS_ESTABLISHMENT = 1 << 0, }; enum { TPM_STS_FAMILY_SHIFT = 26, TPM_STS_FAMILY_MASK = 0x3 << TPM_STS_FAMILY_SHIFT, TPM_STS_FAMILY_TPM2 = 1 << TPM_STS_FAMILY_SHIFT, TPM_STS_RESE_TESTABLISMENT_BIT = 1 << 25, TPM_STS_COMMAND_CANCEL = 1 << 24, TPM_STS_BURST_COUNT_SHIFT = 8, TPM_STS_BURST_COUNT_MASK = 0xffff << TPM_STS_BURST_COUNT_SHIFT, TPM_STS_VALID = 1 << 7, TPM_STS_COMMAND_READY = 1 << 6, TPM_STS_GO = 1 << 5, TPM_STS_DATA_AVAIL = 1 << 4, TPM_STS_DATA_EXPECT = 1 << 3, TPM_STS_SELF_TEST_DONE = 1 << 2, TPM_STS_RESPONSE_RETRY = 1 << 1, }; enum { TPM_CMD_COUNT_OFFSET = 2, TPM_CMD_ORDINAL_OFFSET = 6, TPM_MAX_BUF_SIZE = 1260, }; |
1922df201 tpm: add TPM2_Sta... |
192 193 194 |
/** * Issue a TPM2_Startup command. * |
abdc7b8a2 tpm: Convert to u... |
195 |
* @dev TPM device |
1922df201 tpm: add TPM2_Sta... |
196 197 198 199 |
* @mode TPM startup mode * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
200 |
u32 tpm2_startup(struct udevice *dev, enum tpm2_startup_types mode); |
1922df201 tpm: add TPM2_Sta... |
201 |
|
2dc6d97e1 tpm: add TPM2_Sel... |
202 203 204 |
/** * Issue a TPM2_SelfTest command. * |
abdc7b8a2 tpm: Convert to u... |
205 |
* @dev TPM device |
2dc6d97e1 tpm: add TPM2_Sel... |
206 207 208 209 |
* @full_test Asking to perform all tests or only the untested ones * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
210 |
u32 tpm2_self_test(struct udevice *dev, enum tpm2_yes_no full_test); |
2dc6d97e1 tpm: add TPM2_Sel... |
211 |
|
bad8ff569 tpm: add TPM2_Cle... |
212 213 214 |
/** * Issue a TPM2_Clear command. * |
abdc7b8a2 tpm: Convert to u... |
215 |
* @dev TPM device |
bad8ff569 tpm: add TPM2_Cle... |
216 217 218 219 220 221 |
* @handle Handle * @pw Password * @pw_sz Length of the password * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
222 223 |
u32 tpm2_clear(struct udevice *dev, u32 handle, const char *pw, const ssize_t pw_sz); |
bad8ff569 tpm: add TPM2_Cle... |
224 |
|
6284be5a9 tpm: add TPM2_PCR... |
225 226 227 |
/** * Issue a TPM2_PCR_Extend command. * |
abdc7b8a2 tpm: Convert to u... |
228 |
* @dev TPM device |
6284be5a9 tpm: add TPM2_PCR... |
229 230 231 232 233 |
* @index Index of the PCR * @digest Value representing the event to be recorded * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
234 |
u32 tpm2_pcr_extend(struct udevice *dev, u32 index, const uint8_t *digest); |
6284be5a9 tpm: add TPM2_PCR... |
235 |
|
1c4ea8f49 tpm: add TPM2_PCR... |
236 237 238 |
/** * Issue a TPM2_PCR_Read command. * |
abdc7b8a2 tpm: Convert to u... |
239 |
* @dev TPM device |
1c4ea8f49 tpm: add TPM2_PCR... |
240 241 242 243 244 245 246 |
* @idx Index of the PCR * @idx_min_sz Minimum size in bytes of the pcrSelect array * @data Output buffer for contents of the named PCR * @updates Optional out parameter: number of updates for this PCR * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
247 248 |
u32 tpm2_pcr_read(struct udevice *dev, u32 idx, unsigned int idx_min_sz, void *data, unsigned int *updates); |
1c4ea8f49 tpm: add TPM2_PCR... |
249 |
|
69cd8f068 tpm: add TPM2_Get... |
250 251 252 253 |
/** * Issue a TPM2_GetCapability command. This implementation is limited * to query property index that is 4-byte wide. * |
abdc7b8a2 tpm: Convert to u... |
254 |
* @dev TPM device |
69cd8f068 tpm: add TPM2_Get... |
255 256 257 258 259 260 261 |
* @capability Partition of capabilities * @property Further definition of capability, limited to be 4 bytes wide * @buf Output buffer for capability information * @prop_count Size of output buffer * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
262 263 |
u32 tpm2_get_capability(struct udevice *dev, u32 capability, u32 property, void *buf, size_t prop_count); |
69cd8f068 tpm: add TPM2_Get... |
264 |
|
da9c3392e tpm: add dictiona... |
265 266 267 |
/** * Issue a TPM2_DictionaryAttackLockReset command. * |
abdc7b8a2 tpm: Convert to u... |
268 |
* @dev TPM device |
da9c3392e tpm: add dictiona... |
269 270 271 272 273 |
* @pw Password * @pw_sz Length of the password * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
274 |
u32 tpm2_dam_reset(struct udevice *dev, const char *pw, const ssize_t pw_sz); |
da9c3392e tpm: add dictiona... |
275 276 277 278 |
/** * Issue a TPM2_DictionaryAttackParameters command. * |
abdc7b8a2 tpm: Convert to u... |
279 |
* @dev TPM device |
da9c3392e tpm: add dictiona... |
280 281 282 283 284 285 286 287 |
* @pw Password * @pw_sz Length of the password * @max_tries Count of authorizations before lockout * @recovery_time Time before decrementation of the failure count * @lockout_recovery Time to wait after a lockout * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
288 289 290 |
u32 tpm2_dam_parameters(struct udevice *dev, const char *pw, const ssize_t pw_sz, unsigned int max_tries, unsigned int recovery_time, |
da9c3392e tpm: add dictiona... |
291 |
unsigned int lockout_recovery); |
dc26e913a tpm: add TPM2_Hie... |
292 293 294 |
/** * Issue a TPM2_HierarchyChangeAuth command. * |
abdc7b8a2 tpm: Convert to u... |
295 |
* @dev TPM device |
dc26e913a tpm: add TPM2_Hie... |
296 297 298 299 300 301 302 303 |
* @handle Handle * @newpw New password * @newpw_sz Length of the new password * @oldpw Old password * @oldpw_sz Length of the old password * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
304 305 306 |
int tpm2_change_auth(struct udevice *dev, u32 handle, const char *newpw, const ssize_t newpw_sz, const char *oldpw, const ssize_t oldpw_sz); |
dc26e913a tpm: add TPM2_Hie... |
307 |
|
b9dd4fabb tpm: add PCR auth... |
308 309 310 |
/** * Issue a TPM_PCR_SetAuthPolicy command. * |
abdc7b8a2 tpm: Convert to u... |
311 |
* @dev TPM device |
b9dd4fabb tpm: add PCR auth... |
312 313 314 315 316 317 318 |
* @pw Platform password * @pw_sz Length of the password * @index Index of the PCR * @digest New key to access the PCR * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
319 320 |
u32 tpm2_pcr_setauthpolicy(struct udevice *dev, const char *pw, const ssize_t pw_sz, u32 index, const char *key); |
b9dd4fabb tpm: add PCR auth... |
321 322 323 324 |
/** * Issue a TPM_PCR_SetAuthValue command. * |
abdc7b8a2 tpm: Convert to u... |
325 |
* @dev TPM device |
b9dd4fabb tpm: add PCR auth... |
326 327 328 329 330 331 332 333 |
* @pw Platform password * @pw_sz Length of the password * @index Index of the PCR * @digest New key to access the PCR * @key_sz Length of the new key * * @return code of the operation */ |
abdc7b8a2 tpm: Convert to u... |
334 335 336 |
u32 tpm2_pcr_setauthvalue(struct udevice *dev, const char *pw, const ssize_t pw_sz, u32 index, const char *key, const ssize_t key_sz); |
b9dd4fabb tpm: add PCR auth... |
337 |
|
ff32245bb tpm: prepare supp... |
338 |
#endif /* __TPM_V2_H */ |