diff options
-rw-r--r-- | MdePkg/Include/IndustryStandard/Tpm12.h | 162 |
1 files changed, 150 insertions, 12 deletions
diff --git a/MdePkg/Include/IndustryStandard/Tpm12.h b/MdePkg/Include/IndustryStandard/Tpm12.h index f0e307ba4d..bca2ae4f47 100644 --- a/MdePkg/Include/IndustryStandard/Tpm12.h +++ b/MdePkg/Include/IndustryStandard/Tpm12.h @@ -1,8 +1,8 @@ /** @file
- TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 94)
+ TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 103)
See http://trustedcomputinggroup.org for latest specification updates
- Copyright (c) 2006 - 2008, Intel Corporation
+ Copyright (c) 2006 - 2009, Intel Corporation
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -43,6 +43,10 @@ typedef UINT8 TPM_PAYLOAD_TYPE; ///
typedef UINT8 TPM_VERSION_BYTE;
///
+/// The state of the dictionary attack mitigation logic
+///
+typedef UINT8 TPM_DA_STATE;
+///
/// The request or response authorization type
///
typedef UINT16 TPM_TAG;
@@ -266,6 +270,9 @@ typedef UINT32 TPM_FAMILY_OPERATION; #define TPM_TAG_CMK_SIGTICKET ((TPM_STRUCTURE_TAG) 0x0034)
#define TPM_TAG_CMK_MA_APPROVAL ((TPM_STRUCTURE_TAG) 0x0035)
#define TPM_TAG_QUOTE_INFO2 ((TPM_STRUCTURE_TAG) 0x0036)
+#define TPM_TAG_DA_INFO ((TPM_STRUCTURE_TAG) 0x0037)
+#define TPM_TAG_DA_LIMITED ((TPM_STRUCTURE_TAG) 0x0038)
+#define TPM_TAG_DA_ACTION_TYPE ((TPM_STRUCTURE_TAG) 0x0039)
//
// Part 2, section 4: TPM Types
@@ -312,6 +319,7 @@ typedef UINT32 TPM_FAMILY_OPERATION; #define TPM_ET_DEL_KEY_BLOB ((UINT16) 0x0009) ///< The entity is a delegate key blob
#define TPM_ET_COUNTER ((UINT16) 0x000A) ///< The entity is a counter
#define TPM_ET_NV ((UINT16) 0x000B) ///< The entity is a NV index
+#define TPM_ET_OPERATOR ((UINT16) 0x000C) ///< The entity is the operator
#define TPM_ET_RESERVED_HANDLE ((UINT16) 0x0040) ///< Reserved. This value avoids collisions with the handle MSB setting.
//
// TPM_ENTITY_TYPE MSB Values: The MSB is used to indicate the ADIP encryption sheme when applicable
@@ -462,15 +470,6 @@ typedef TPM_DIGEST TPM_PCRVALUE; /// This SHALL be the value of the current internal audit state
///
typedef TPM_DIGEST TPM_AUDITDIGEST;
-///
-/// This SHALL be a random value generated by a TPM immediately after the EK is installed
-/// in that TPM, whenever an EK is installed in that TPM
-///
-typedef TPM_DIGEST TPM_DAA_TPM_SEED;
-///
-/// This SHALL be a random value
-///
-typedef TPM_DIGEST TPM_DAA_CONTEXT_SEED;
///
/// Part 2, section 5.5: TPM_NONCE
@@ -479,6 +478,16 @@ typedef struct tdTPM_NONCE{ UINT8 nonce[20];
} TPM_NONCE;
+///
+/// This SHALL be a random value generated by a TPM immediately after the EK is installed
+/// in that TPM, whenever an EK is installed in that TPM
+///
+typedef TPM_NONCE TPM_DAA_TPM_SEED;
+///
+/// This SHALL be a random value
+///
+typedef TPM_NONCE TPM_DAA_CONTEXT_SEED;
+
//
// Part 2, section 5.6: TPM_AUTHDATA
//
@@ -557,7 +566,8 @@ typedef struct tdTPM_KEY_HANDLE_LIST { #define TPM_ES_NONE ((TPM_ENC_SCHEME) 0x0001)
#define TPM_ES_RSAESPKCSv15 ((TPM_ENC_SCHEME) 0x0002)
#define TPM_ES_RSAESOAEP_SHA1_MGF1 ((TPM_ENC_SCHEME) 0x0003)
-#define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004)
+#define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004) ///< rev94 defined
+#define TPM_ES_SYM_CTR ((TPM_ENC_SCHEME) 0x0004)
#define TPM_ES_SYM_OFB ((TPM_ENC_SCHEME) 0x0005)
#define TPM_SS_NONE ((TPM_SIG_SCHEME) 0x0001)
@@ -748,6 +758,7 @@ typedef struct tdTPM_PERMANENT_FLAGS{ BOOLEAN readSRKPub;
BOOLEAN tpmEstablished;
BOOLEAN maintenanceDone;
+ BOOLEAN disableFullDALogicInfo;
} TPM_PERMANENT_FLAGS;
//
@@ -772,6 +783,7 @@ typedef struct tdTPM_PERMANENT_FLAGS{ #define TPM_PF_READSRKPUB ((TPM_CAPABILITY_AREA) 17)
#define TPM_PF_TPMESTABLISHED ((TPM_CAPABILITY_AREA) 18)
#define TPM_PF_MAINTENANCEDONE ((TPM_CAPABILITY_AREA) 19)
+#define TPM_PF_DISABLEFULLDALOGICINFO ((TPM_CAPABILITY_AREA) 20)
///
/// Part 2, section 7.2: TPM_STCLEAR_FLAGS
@@ -817,6 +829,75 @@ typedef struct tdTPM_STANY_FLAGS{ // All those structures defined in section 7.4, 7.5, 7.6 are not normative and
// thus no definitions here
//
+// Part 2, section 7.4: TPM_PERMANENT_DATA
+//
+#define TPM_MIN_COUNTERS 4 ///< the minimum number of counters is 4
+#define TPM_DELEGATE_KEY TPM_KEY
+#define TPM_NUM_PCR 16
+#define TPM_MAX_NV_WRITE_NOOWNER 64
+
+//
+// Part 2, section 7.4.1: PERMANENT_DATA Subcap for SetCapability
+//
+#define TPM_PD_REVMAJOR ((TPM_CAPABILITY_AREA) 1)
+#define TPM_PD_REVMINOR ((TPM_CAPABILITY_AREA) 2)
+#define TPM_PD_TPMPROOF ((TPM_CAPABILITY_AREA) 3)
+#define TPM_PD_OWNERAUTH ((TPM_CAPABILITY_AREA) 4)
+#define TPM_PD_OPERATORAUTH ((TPM_CAPABILITY_AREA) 5)
+#define TPM_PD_MANUMAINTPUB ((TPM_CAPABILITY_AREA) 6)
+#define TPM_PD_ENDORSEMENTKEY ((TPM_CAPABILITY_AREA) 7)
+#define TPM_PD_SRK ((TPM_CAPABILITY_AREA) 8)
+#define TPM_PD_DELEGATEKEY ((TPM_CAPABILITY_AREA) 9)
+#define TPM_PD_CONTEXTKEY ((TPM_CAPABILITY_AREA) 10)
+#define TPM_PD_AUDITMONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 11)
+#define TPM_PD_MONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 12)
+#define TPM_PD_PCRATTRIB ((TPM_CAPABILITY_AREA) 13)
+#define TPM_PD_ORDINALAUDITSTATUS ((TPM_CAPABILITY_AREA) 14)
+#define TPM_PD_AUTHDIR ((TPM_CAPABILITY_AREA) 15)
+#define TPM_PD_RNGSTATE ((TPM_CAPABILITY_AREA) 16)
+#define TPM_PD_FAMILYTABLE ((TPM_CAPABILITY_AREA) 17)
+#define TPM_DELEGATETABLE ((TPM_CAPABILITY_AREA) 18)
+#define TPM_PD_EKRESET ((TPM_CAPABILITY_AREA) 19)
+#define TPM_PD_MAXNVBUFSIZE ((TPM_CAPABILITY_AREA) 20)
+#define TPM_PD_LASTFAMILYID ((TPM_CAPABILITY_AREA) 21)
+#define TPM_PD_NOOWNERNVWRITE ((TPM_CAPABILITY_AREA) 22)
+#define TPM_PD_RESTRICTDELEGATE ((TPM_CAPABILITY_AREA) 23)
+#define TPM_PD_TPMDAASEED ((TPM_CAPABILITY_AREA) 24)
+#define TPM_PD_DAAPROOF ((TPM_CAPABILITY_AREA) 25)
+
+///
+/// Part 2, section 7.5: TPM_STCLEAR_DATA
+/// available inside TPM only
+///
+ typedef struct tdTPM_STCLEAR_DATA{
+ TPM_STRUCTURE_TAG tag;
+ TPM_NONCE contextNonceKey;
+ TPM_COUNT_ID countID;
+ UINT32 ownerReference;
+ BOOLEAN disableResetLock;
+ TPM_PCRVALUE PCR[TPM_NUM_PCR];
+ UINT32 deferredPhysicalPresence;
+ }TPM_STCLEAR_DATA;
+
+//
+// Part 2, section 7.5.1: STCLEAR_DATA Subcap for SetCapability
+//
+#define TPM_SD_CONTEXTNONCEKEY ((TPM_CAPABILITY_AREA)0x00000001)
+#define TPM_SD_COUNTID ((TPM_CAPABILITY_AREA)0x00000002)
+#define TPM_SD_OWNERREFERENCE ((TPM_CAPABILITY_AREA)0x00000003)
+#define TPM_SD_DISABLERESETLOCK ((TPM_CAPABILITY_AREA)0x00000004)
+#define TPM_SD_PCR ((TPM_CAPABILITY_AREA)0x00000005)
+#define TPM_SD_DEFERREDPHYSICALPRESENCE ((TPM_CAPABILITY_AREA)0x00000006)
+
+//
+// Part 2, section 7.6.1: STANY_DATA Subcap for SetCapability
+//
+#define TPM_AD_CONTEXTNONCESESSION ((TPM_CAPABILITY_AREA) 1)
+#define TPM_AD_AUDITDIGEST ((TPM_CAPABILITY_AREA) 2)
+#define TPM_AD_CURRENTTICKS ((TPM_CAPABILITY_AREA) 3)
+#define TPM_AD_CONTEXTCOUNT ((TPM_CAPABILITY_AREA) 4)
+#define TPM_AD_CONTEXTLIST ((TPM_CAPABILITY_AREA) 5)
+#define TPM_AD_SESSIONS ((TPM_CAPABILITY_AREA) 6)
//
// Part 2, section 8: PCR Structures
@@ -1658,7 +1739,9 @@ typedef struct tdTPM_DELEGATIONS { #define TPM_DELEGATE_SetOrdinalAuditStatus (BIT30)
#define TPM_DELEGATE_DirWriteAuth (BIT29)
#define TPM_DELEGATE_CMK_ApproveMA (BIT28)
+#define TPM_DELEGATE_NV_WriteValue (BIT27)
#define TPM_DELEGATE_CMK_CreateTicket (BIT26)
+#define TPM_DELEGATE_NV_ReadValue (BIT25)
#define TPM_DELEGATE_Delegate_LoadOwnerDelegation (BIT24)
#define TPM_DELEGATE_DAA_Join (BIT23)
#define TPM_DELEGATE_AuthorizeMigrationKey (BIT22)
@@ -1669,6 +1752,7 @@ typedef struct tdTPM_DELEGATIONS { #define TPM_DELEGATE_ResetLockValue (BIT17)
#define TPM_DELEGATE_OwnerClear (BIT16)
#define TPM_DELEGATE_DisableOwnerClear (BIT15)
+#define TPM_DELEGATE_NV_DefineSpace (BIT14)
#define TPM_DELEGATE_OwnerSetDisable (BIT13)
#define TPM_DELEGATE_SetCapability (BIT12)
#define TPM_DELEGATE_MakeIdentity (BIT11)
@@ -1890,6 +1974,16 @@ typedef struct tdTPM_DELEGATE_KEY_BLOB { #define TPM_CAP_PROP_MAX_NV_AVAILABLE ((TPM_CAPABILITY_AREA) 0x00000123)
#define TPM_CAP_PROP_INPUT_BUFFER ((TPM_CAPABILITY_AREA) 0x00000124)
+//
+// Part 2, section 21.4: TPM_CAPABILITY_AREA for SetCapability
+//
+#define TPM_SET_PERM_FLAGS ((TPM_CAPABILITY_AREA) 0x00000001)
+#define TPM_SET_PERM_DATA ((TPM_CAPABILITY_AREA) 0x00000002)
+#define TPM_SET_STCLEAR_FLAGS ((TPM_CAPABILITY_AREA) 0x00000003)
+#define TPM_SET_STCLEAR_DATA ((TPM_CAPABILITY_AREA) 0x00000004)
+#define TPM_SET_STANY_FLAGS ((TPM_CAPABILITY_AREA) 0x00000005)
+#define TPM_SET_STANY_DATA ((TPM_CAPABILITY_AREA) 0x00000006)
+
///
/// Part 2, section 21.6: TPM_CAP_VERSION_INFO
/// [size_is(vendorSpecificSize)] BYTE* vendorSpecific;
@@ -1904,6 +1998,50 @@ typedef struct tdTPM_CAP_VERSION_INFO { UINT8 *vendorSpecific;
} TPM_CAP_VERSION_INFO;
+///
+/// Part 2, section 21.10: TPM_DA_ACTION_TYPE
+///
+typedef struct tdTPM_DA_ACTION_TYPE {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 actions;
+} TPM_DA_ACTION_TYPE;
+
+#define TPM_DA_ACTION_FAILURE_MODE (((UINT32)1)<<3)
+#define TPM_DA_ACTION_DEACTIVATE (((UINT32)1)<<2)
+#define TPM_DA_ACTION_DISABLE (((UINT32)1)<<1)
+#define TPM_DA_ACTION_TIMEOUT (((UINT32)1)<<0)
+
+///
+/// Part 2, section 21.7: TPM_DA_INFO
+///
+typedef struct tdTPM_DA_INFO {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DA_STATE state;
+ UINT16 currentCount;
+ UINT16 thresholdCount;
+ TPM_DA_ACTION_TYPE actionAtThreshold;
+ UINT32 actionDependValue;
+ UINT32 vendorDataSize;
+ UINT8 *vendorData;
+} TPM_DA_INFO;
+
+///
+/// Part 2, section 21.8: TPM_DA_INFO_LIMITED
+///
+typedef struct tdTPM_DA_INFO_LIMITED {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DA_STATE state;
+ TPM_DA_ACTION_TYPE actionAtThreshold;
+ UINT32 vendorDataSize;
+ UINT8 *vendorData;
+} TPM_DA_INFO_LIMITED;
+
+//
+// Part 2, section 21.9: CAP_PROPERTY Subcap values for GetCapability
+//
+#define TPM_DA_STATE_INACTIVE ((UINT8)0x00)
+#define TPM_DA_STATE_ACTIVE ((UINT8)0x01)
+
//
// Part 2, section 22: DAA Structures
//
|