diff options
Diffstat (limited to 'SecurityPkg/Include/Library')
| -rw-r--r-- | SecurityPkg/Include/Library/HashLib.h | 169 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/OpalPasswordSupportLib.h | 289 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/PlatformSecureLib.h | 42 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 187 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/Tcg2PpVendorLib.h | 129 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h | 54 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TcgPpVendorLib.h | 159 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TcgStorageCoreLib.h | 1310 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TcgStorageOpalLib.h | 837 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/Tpm12CommandLib.h | 225 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/Tpm12DeviceLib.h | 54 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/Tpm2CommandLib.h | 1106 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/Tpm2DeviceLib.h | 109 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TpmCommLib.h | 287 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h | 57 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/TrEEPpVendorLib.h | 164 |
16 files changed, 0 insertions, 5178 deletions
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h deleted file mode 100644 index 8be8b9c59c..0000000000 --- a/SecurityPkg/Include/Library/HashLib.h +++ /dev/null @@ -1,169 +0,0 @@ -/** @file
- This library abstract TPM2 hash calculation.
- The platform can choose multiply hash, while caller just need invoke these API.
- Then all hash value will be returned and/or extended.
-
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _HASH_LIB_H_
-#define _HASH_LIB_H_
-
-#include <Uefi.h>
-#include <Protocol/Hash.h>
-
-typedef UINTN HASH_HANDLE;
-
-/**
- Start hash sequence.
-
- @param HashHandle Hash handle.
-
- @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
- @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
-**/
-EFI_STATUS
-EFIAPI
-HashStart (
- OUT HASH_HANDLE *HashHandle
- );
-
-/**
- Update hash sequence data.
-
- @param HashHandle Hash handle.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
-
- @retval EFI_SUCCESS Hash sequence updated.
-**/
-EFI_STATUS
-EFIAPI
-HashUpdate (
- IN HASH_HANDLE HashHandle,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen
- );
-
-/**
- Hash sequence complete and extend to PCR.
-
- @param HashHandle Hash handle.
- @param PcrIndex PCR to be extended.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
- @param DigestList Digest list.
-
- @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashCompleteAndExtend (
- IN HASH_HANDLE HashHandle,
- IN TPMI_DH_PCR PcrIndex,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen,
- OUT TPML_DIGEST_VALUES *DigestList
- );
-
-/**
- Hash data and extend to PCR.
-
- @param PcrIndex PCR to be extended.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
- @param DigestList Digest list.
-
- @retval EFI_SUCCESS Hash data and DigestList is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashAndExtend (
- IN TPMI_DH_PCR PcrIndex,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen,
- OUT TPML_DIGEST_VALUES *DigestList
- );
-
-/**
- Start hash sequence.
-
- @param HashHandle Hash handle.
-
- @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
- @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_INIT) (
- OUT HASH_HANDLE *HashHandle
- );
-
-/**
- Update hash sequence data.
-
- @param HashHandle Hash handle.
- @param DataToHash Data to be hashed.
- @param DataToHashLen Data size.
-
- @retval EFI_SUCCESS Hash sequence updated.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_UPDATE) (
- IN HASH_HANDLE HashHandle,
- IN VOID *DataToHash,
- IN UINTN DataToHashLen
- );
-
-/**
- Complete hash sequence complete.
-
- @param HashHandle Hash handle.
- @param DigestList Digest list.
-
- @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_FINAL) (
- IN HASH_HANDLE HashHandle,
- OUT TPML_DIGEST_VALUES *DigestList
- );
-
-#define HASH_ALGORITHM_SHA1_GUID EFI_HASH_ALGORITHM_SHA1_GUID
-#define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID
-#define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID
-#define HASH_ALGORITHM_SHA512_GUID EFI_HASH_ALGORITHM_SHA512_GUID
-
-typedef struct {
- EFI_GUID HashGuid;
- HASH_INIT HashInit;
- HASH_UPDATE HashUpdate;
- HASH_FINAL HashFinal;
-} HASH_INTERFACE;
-
-/**
- This service register Hash.
-
- @param HashInterface Hash interface
-
- @retval EFI_SUCCESS This hash interface is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this interface.
- @retval EFI_ALREADY_STARTED System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashInterfaceLib (
- IN HASH_INTERFACE *HashInterface
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/OpalPasswordSupportLib.h b/SecurityPkg/Include/Library/OpalPasswordSupportLib.h deleted file mode 100644 index e616c763f0..0000000000 --- a/SecurityPkg/Include/Library/OpalPasswordSupportLib.h +++ /dev/null @@ -1,289 +0,0 @@ -/** @file
- Header file of Opal password support library.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-
-#ifndef _OPAL_PASSWORD_SUPPORT_LIB_H_
-#define _OPAL_PASSWORD_SUPPORT_LIB_H_
-
-#include <Protocol/DevicePath.h>
-#include <Library/TcgStorageOpalLib.h>
-
-
-#pragma pack(1)
-
-//
-// Structure that is used to represent the available actions for an OpalDisk.
-// The data can then be utilized to expose/hide certain actions available to an end user
-// by the consumer of this library.
-//
-typedef struct {
- //
- // Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority
- //
- UINT16 PsidRevert : 1;
-
- //
- // Indicates if the disk can support Revert action
- //
- UINT16 Revert : 1;
-
- //
- // Indicates if the user must keep data for revert action. It is true if no media encryption is supported.
- //
- UINT16 RevertKeepDataForced : 1;
-
- //
- // Indicates if the disk can support set Admin password
- //
- UINT16 AdminPass : 1;
-
- //
- // Indicates if the disk can support set User password. This action requires that a user
- // password is first enabled.
- //
- UINT16 UserPass : 1;
-
- //
- // Indicates if unlock action is available. Requires disk to be currently locked.
- //
- UINT16 Unlock : 1;
-
- //
- // Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support.
- //
- UINT16 SecureErase : 1;
-
- //
- // Indicates if Disable User action is available. Action requires admin credentials.
- //
- UINT16 DisableUser : 1;
-} OPAL_DISK_ACTIONS;
-
-//
-// Structure that is used to represent the Opal device with password info.
-//
-typedef struct {
- LIST_ENTRY Link;
-
- UINT8 Password[32];
- UINT8 PasswordLength;
-
- EFI_DEVICE_PATH_PROTOCOL OpalDevicePath;
-} OPAL_DISK_AND_PASSWORD_INFO;
-
-#pragma pack()
-
-/**
-
- The function performs determines the available actions for the OPAL_DISK provided.
-
- @param[in] SupportedAttributes The support attribute for the device.
- @param[in] LockingFeature The locking status for the device.
- @param[in] OwnerShip The ownership for the device.
- @param[out] AvalDiskActions Pointer to fill-out with appropriate disk actions.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportGetAvailableActions(
- IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
- IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature,
- IN UINT16 OwnerShip,
- OUT OPAL_DISK_ACTIONS *AvalDiskActions
- );
-
-/**
- Enable Opal Feature for the input device.
-
- @param[in] Session The opal session for the opal device.
- @param[in] Msid Msid
- @param[in] MsidLength Msid Length
- @param[in] Password Admin password
- @param[in] PassLength Length of password in bytes
- @param[in] DevicePath The device path for the opal devcie.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportEnableOpalFeature(
- IN OPAL_SESSION *Session,
- IN VOID *Msid,
- IN UINT32 MsidLength,
- IN VOID *Password,
- IN UINT32 PassLength,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- );
-
-/**
- Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
-
- @param[in] Session The opal session for the opal device.
- @param[in] Psid PSID of device to revert.
- @param[in] PsidLength Length of PSID in bytes.
- @param[in] DevicePath The device path for the opal devcie.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportPsidRevert(
- IN OPAL_SESSION *Session,
- IN VOID *Psid,
- IN UINT32 PsidLength,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- );
-
-/**
- Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
-
- @param[in] Session The opal session for the opal device.
- @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it
- @param[in] Password Admin password
- @param[in] PasswordLength Length of password in bytes
- @param[in] Msid Msid
- @param[in] MsidLength Msid Length
- @param[out] PasswordFailed indicates if password failed (start session didn't work)
- @param[in] DevicePath The device path for the opal devcie.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportRevert(
- IN OPAL_SESSION *Session,
- IN BOOLEAN KeepUserData,
- IN VOID *Password,
- IN UINT32 PasswordLength,
- IN VOID *Msid,
- IN UINT32 MsidLength,
- OUT BOOLEAN *PasswordFailed,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- );
-
-/**
- Set new password.
-
- @param[in] Session The opal session for the opal device.
- @param[in] OldPassword Current admin password
- @param[in] OldPasswordLength Length of current admin password in bytes
- @param[in] NewPassword New admin password to set
- @param[in] NewPasswordLength Length of new password in bytes
- @param[in] DevicePath The device path for the opal devcie.
- @param[in] SetAdmin Whether set admin password or user password.
- TRUE for admin, FALSE for user.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportSetPassword(
- IN OPAL_SESSION *Session,
- IN VOID *OldPassword,
- IN UINT32 OldPasswordLength,
- IN VOID *NewPassword,
- IN UINT32 NewPasswordLength,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,
- IN BOOLEAN SetAdmin
- );
-
-/**
- Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
-
- @param[in] Session The opal session for the opal device.
- @param[in] Password Admin password
- @param[in] PasswordLength Length of password in bytes
- @param[out] PasswordFailed Indicates if password failed (start session didn't work)
- @param[in] DevicePath The device path for the opal devcie.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportDisableUser(
- IN OPAL_SESSION *Session,
- IN VOID *Password,
- IN UINT32 PasswordLength,
- OUT BOOLEAN *PasswordFailed,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- );
-
-/**
- Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
- and updates the global locking range ReadLocked and WriteLocked columns to FALSE.
-
- @param[in] Session The opal session for the opal device.
- @param[in] Password Admin or user password
- @param[in] PasswordLength Length of password in bytes
- @param[in] DevicePath The device path for the opal devcie.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportUnlock(
- IN OPAL_SESSION *Session,
- IN VOID *Password,
- IN UINT32 PasswordLength,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- );
-
-/**
- Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
- and updates the global locking range ReadLocked and WriteLocked columns to TRUE.
-
- @param[in] Session The opal session for the opal device.
- @param[in] Password Admin or user password
- @param[in] PasswordLength Length of password in bytes
- @param[in] DevicePath The device path for the opal devcie.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSupportLock(
- IN OPAL_SESSION *Session,
- IN VOID *Password,
- IN UINT32 PasswordLength,
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- );
-
-/**
- Check if the password is full zero.
-
- @param[in] Password Points to the Data Buffer
-
- @retval TRUE This password string is full zero.
- @retval FALSE This password string is not full zero.
-
-**/
-LIST_ENTRY *
-EFIAPI
-OpalSupportGetOpalDeviceList (
- VOID
- );
-
-/**
- Transfer the password to the smm driver.
-
- @param[in] DevicePath The device path for the opal devcie.
- @param PasswordLen The input password length.
- @param Password Input password buffer.
-
- @retval EFI_SUCCESS Do the required action success.
- @retval Others Error occured.
-
-**/
-EFI_STATUS
-EFIAPI
-OpalSupportSendPasword(
- EFI_DEVICE_PATH_PROTOCOL *DevicePath,
- UINTN PasswordLen,
- VOID *Password
- );
-
-#endif // _OPAL_CORE_H_
diff --git a/SecurityPkg/Include/Library/PlatformSecureLib.h b/SecurityPkg/Include/Library/PlatformSecureLib.h deleted file mode 100644 index 6a4cb147a6..0000000000 --- a/SecurityPkg/Include/Library/PlatformSecureLib.h +++ /dev/null @@ -1,42 +0,0 @@ -/** @file
- Provides a secure platform-specific method to detect physically present user.
-
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __PLATFORM_SECURE_LIB_H__
-#define __PLATFORM_SECURE_LIB_H__
-
-
-/**
-
- This function provides a platform-specific method to detect whether the platform
- is operating by a physically present user.
-
- Programmatic changing of platform security policy (such as disable Secure Boot,
- or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
- Boot Services or after exiting EFI Boot Services. Only a physically present user
- is allowed to perform these operations.
-
- NOTE THAT: This function cannot depend on any EFI Variable Service since they are
- not available when this function is called in AuthenticateVariable driver.
-
- @retval TRUE The platform is operated by a physically present user.
- @retval FALSE The platform is NOT operated by a physically present user.
-
-**/
-BOOLEAN
-EFIAPI
-UserPhysicalPresent (
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h deleted file mode 100644 index 3e446acab2..0000000000 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ /dev/null @@ -1,187 +0,0 @@ -/** @file
- This library is intended to be used by BDS modules.
- This library will execute TPM2 request.
-
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_
-#define _TCG2_PHYSICAL_PRESENCE_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-#include <IndustryStandard/TcgPhysicalPresence.h>
-#include <Protocol/Tcg2Protocol.h>
-
-//
-// UEFI TCG2 library definition bit of the BIOS TPM Management Flags
-//
-// BIT0 is reserved
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR BIT1
-// BIT2 is reserved
-#define TCG2_LIB_PP_FLAG_RESET_TRACK BIT3
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON BIT4
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF BIT5
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS BIT6
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS BIT7
-
-//
-// UEFI TCG2 library definition bit of the BIOS Information Flags
-//
-#define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_STORAGE_DISABLE BIT8
-#define TCG2_BIOS_INFORMATION_FLAG_HIERACHY_CONTROL_ENDORSEMENT_DISABLE BIT9
-
-//
-// UEFI TCG2 library definition bit of the BIOS Storage Management Flags
-//
-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT16
-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT17
-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT18
-
-//
-// Default value
-//
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \
- TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \
- TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \
- TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)
-
-//
-// Default value
-//
-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
- TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID)
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-Tcg2PhysicalPresenceLibProcessRequest (
- IN TPM2B_AUTH *PlatformAuth OPTIONAL
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-Tcg2PhysicalPresenceLibNeedUserConfirm (
- VOID
- );
-
-/**
- Return TPM2 ManagementFlags set by PP interface.
-
- @retval ManagementFlags TPM2 Management Flags.
-**/
-UINT32
-EFIAPI
-Tcg2PhysicalPresenceLibGetManagementFlags (
- VOID
- );
-
-/**
- The handler for TPM physical presence function:
- Return TPM Operation Response to OS Environment.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- @param[out] MostRecentRequest Most recent operation request.
- @param[out] Response Response to the most recent operation request.
-
- @return Return Code for Return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
- OUT UINT32 *MostRecentRequest,
- OUT UINT32 *Response
- );
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- @param[in, out] Pointer to OperationRequest TPM physical presence operation request.
- @param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
- **/
-UINT32
-Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
- IN OUT UINT32 *OperationRequest,
- IN OUT UINT32 *RequestParameter
- );
-
-/**
- The handler for TPM physical presence function:
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] RequestParameter TPM physical presence operation request parameter.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 RequestParameter
- );
-
-/**
- The handler for TPM physical presence function:
- Get User Confirmation Status for Operation.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- @param[in] OperationRequest TPM physical presence operation request.
-
- @return Return Code for Get User Confirmation Status for Operation.
-**/
-UINT32
-EFIAPI
-Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
- IN UINT32 OperationRequest
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h deleted file mode 100644 index 5ae7413273..0000000000 --- a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h +++ /dev/null @@ -1,129 +0,0 @@ -/** @file
- This library is to support TCG PC Client Platform Physical Presence Interface Specification
- Family "2.0" part, >= 128 Vendor Specific PPI Operation.
-
- The Vendor Specific PPI operation may change TPM state, BIOS TPM management
- flags, and may need additional boot cycle.
-
- Caution: This function may receive untrusted input.
-
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TCG2_PP_VENDOR_LIB_H_
-#define _TCG2_PP_VENDOR_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-#include <Protocol/Tcg2Protocol.h>
-#include <Library/Tcg2PhysicalPresenceLib.h>
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-Tcg2PpVendorLibExecutePendingRequest (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 OperationRequest,
- IN OUT UINT32 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- );
-
-/**
- Check if there is a valid physical presence command request.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm.
- False, it indicates the command need user confirm from UI.
-
- @retval TRUE Physical Presence operation command is valid.
- @retval FALSE Physical Presence operation command is invalid.
-**/
-BOOLEAN
-EFIAPI
-Tcg2PpVendorLibHasValidRequest (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags,
- OUT BOOLEAN *RequestConfirmed
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
- @param[in] RequestParameter Extra parameter from the passed package.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-Tcg2PpVendorLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags,
- IN UINT32 RequestParameter
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Get User Confirmation Status for Operation.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Get User Confirmation Status for Operation.
-**/
-UINT32
-EFIAPI
-Tcg2PpVendorLibGetUserConfirmationStatusFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h deleted file mode 100644 index b451823bdf..0000000000 --- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h +++ /dev/null @@ -1,54 +0,0 @@ -/** @file
- This library is intended to be used by BDS modules.
- This library will lock TPM after executing TPM request.
-
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_
-#define _TCG_PHYSICAL_PRESENCE_LIB_H_
-
-/**
- Check and execute the pending TPM request and Lock TPM.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect. At last, it will lock TPM to prevent TPM state change by malware.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request. This API should also
- be invoked as early as possible as TPM is locked in this function.
-
-**/
-VOID
-EFIAPI
-TcgPhysicalPresenceLibProcessRequest (
- VOID
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TcgPhysicalPresenceLibNeedUserConfirm(
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TcgPpVendorLib.h b/SecurityPkg/Include/Library/TcgPpVendorLib.h deleted file mode 100644 index 284aa9ed72..0000000000 --- a/SecurityPkg/Include/Library/TcgPpVendorLib.h +++ /dev/null @@ -1,159 +0,0 @@ -/** @file
- This library is to support TCG Physical Presence Interface (PPI) specification
- >= 128 Vendor Specific PPI Operation.
-
- The Vendor Specific PPI operation may change TPM state, BIOS TPM management
- flags, and may need additional boot cycle.
-
- Caution: This function may receive untrusted input.
-
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TCG_PP_VENDOR_LIB_H_
-#define _TCG_PP_VENDOR_LIB_H_
-
-//
-// The definition of physical presence operation actions
-//
-#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
-
-//
-// The definition bit of the BIOS TPM Management Flags
-//
-#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION BIT0
-#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR BIT1
-#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE BIT2
-#define TCG_VENDOR_LIB_FLAG_RESET_TRACK BIT3
-
-//
-// The definition for TPM Operation Response to OS Environment
-//
-#define TCG_PP_OPERATION_RESPONSE_SUCCESS 0x0
-#define TCG_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0
-#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1
-
-//
-// The return code for Submit TPM Request to Pre-OS Environment
-// and Submit TPM Request to Pre-OS Environment 2
-//
-#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0
-#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1
-#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2
-#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3
-
-//
-// The return code for Get User Confirmation Status for Operation
-//
-#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0
-#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1
-#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2
-#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3
-#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TcgPpVendorLibExecutePendingRequest (
- IN UINT32 OperationRequest,
- IN OUT UINT32 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- );
-
-/**
- Check if there is a valid physical presence command request.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm.
- False, it indicates the command need user confirm from UI.
-
- @retval TRUE Physical Presence operation command is valid.
- @retval FALSE Physical Presence operation command is invalid.
-**/
-BOOLEAN
-EFIAPI
-TcgPpVendorLibHasValidRequest (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags,
- OUT BOOLEAN *RequestConfirmed
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TcgPpVendorLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Get User Confirmation Status for Operation.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Get User Confirmation Status for Operation.
-**/
-UINT32
-EFIAPI
-TcgPpVendorLibGetUserConfirmationStatusFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TcgStorageCoreLib.h b/SecurityPkg/Include/Library/TcgStorageCoreLib.h deleted file mode 100644 index 67ccf22892..0000000000 --- a/SecurityPkg/Include/Library/TcgStorageCoreLib.h +++ /dev/null @@ -1,1310 +0,0 @@ -/** @file
- Public API for the Tcg Core library to perform the lowest level TCG Data encoding.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TCG_CORE_H_
-#define _TCG_CORE_H_
-
-#include <IndustryStandard/TcgStorageCore.h>
-
-#define ERROR_CHECK(arg) \
- { \
- TCG_RESULT ret = (arg); \
- if (ret != TcgResultSuccess) { \
- DEBUG ((DEBUG_INFO, "ERROR_CHECK failed at %s:%u\n", __FILE__, __LINE__)); \
- return ret; \
- } \
- }
-
-#define METHOD_STATUS_ERROR_CHECK(arg, failRet) \
- if ((arg) != TCG_METHOD_STATUS_CODE_SUCCESS) { \
- DEBUG ((DEBUG_INFO, "Method Status error: 0x%02X (%s)\n", arg, TcgMethodStatusString(arg))); \
- return (failRet); \
- }
-
-#define NULL_CHECK(arg) \
- do { \
- if ((arg) == NULL) { \
- DEBUG ((DEBUG_INFO, "NULL_CHECK(%s) failed at %s:%u\n", #arg, __FILE__, __LINE__)); \
- return TcgResultFailureNullPointer; \
- } \
- } while (0)
-
-#pragma pack(1)
-
-/**
-Tcg result codes.
-
-The result code indicates if the Tcg function call was successful or not
-**/
-typedef enum {
- //
- // This is the return result upon successful completion of a Tcg function call
- //
- TcgResultSuccess,
-
- //
- // This is the return "catchall" result for the failure of a Tcg function call
- //
- TcgResultFailure,
-
- //
- // This is the return result if a required parameter was Null for a Tcg function call
- //
- TcgResultFailureNullPointer,
-
- //
- // This is the return result if a required buffersize was 0 for a Tcg function call
- //
- TcgResultFailureZeroSize,
-
- //
- // This is the return result if a Tcg function call was executed out of order.
- // For instance, starting a Tcg subpacket before starting its Tcg packet.
- //
- TcgResultFailureInvalidAction,
-
- //
- // This is the return result if the buffersize provided is not big enough to add a requested Tcg encoded item.
- //
- TcgResultFailureBufferTooSmall,
-
- //
- // This is the return result for a Tcg parse function if the end of the parsed Buffer is reached, yet Data is still attempted to be retrieved.
- // For instance, attempting to retrieve another Tcg token from the Buffer after it has reached the end of the Tcg subpacket payload.
- //
- TcgResultFailureEndBuffer,
-
- //
- // This is the return result for a Tcg parse function if the Tcg Token item requested is not the expected type.
- // For instance, the caller requested to receive an integer and the Tcg token was a byte sequence.
- //
- TcgResultFailureInvalidType,
-} TCG_RESULT;
-
-//
-// Structure that is used to build the Tcg ComPacket. It contains the start Buffer pointer and the current position of the
-// Tcg ComPacket, current Tcg Packet and Tcg SubPacket. This structure must be initialized
-// by calling tcgInitTcgCreateStruct before it is used as parameter to any other Tcg function.
-// This structure should NOT be directly modified by the client of this library.
-//
-// NOTE: WE MAY MAKE THIS AN ABSTRACT STRUCTURE WITH A DEFINED SIZE AND KEEP THE VARIABLES
-// INTERNAL AND ONLY KNOWN TO THE TCG LIBRARY
-//
-// tcgInitTcgCreateStruct
-//
-typedef struct {
- //
- // Buffer allocated and freed by the client of the Tcg library.
- // This is the Buffer that shall contain the final Tcg encoded compacket.
- //
- VOID *Buffer;
-
- //
- // Size of the Buffer provided.
- //
- UINT32 BufferSize;
-
- //
- //Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer.
- //
- TCG_COM_PACKET *ComPacket;
-
- //
- // Current Tcg Packet that is being created. It should point to a location within Buffer.
- //
- TCG_PACKET *CurPacket;
-
- //
- // Current Tcg SubPacket that is being created. It should point to a location within Buffer.
- //
- TCG_SUB_PACKET *CurSubPacket;
-
- //
- // Flag used to indicate if the Buffer of the structure should be filled out.
- // This is intended to be used to support a use-case where the client of library
- // can perform all the desired tcg calls to determine what the actual Size of the final compacket will be.
- // Then the client can allocate the required Buffer Size and re-run the tcg calls.
- // THIS MAY NOT BE IMPLEMENTED... REQUIRES MORE THOUGHT BECAUSE YOU CANNOT SOLVE ISSUE FOR RECEIVE
- //
- BOOLEAN DryRun;
-} TCG_CREATE_STRUCT;
-
-//
-// Structure that is used to parse the Tcg response received. It contains the response Buffer pointer
-// and the current position of the Tcg ComPacket, current Tcg Packet and Tcg SubPacket being parsed.
-// This structure must be initialized by calling tcgInitTcgParseStruct before it is used as parameter to any other Tcg parse function.
-// This structure should NOT be directly modified by the client of this library.
-//
-// NOTE: WE MAY MAKE THIS AN ABSTRACT STRUCTURE WITH A DEFINED SIZE AND KEEP THE VARIABLES
-// INTERNAL AND ONLY KNOWN TO THE TCG LIBRARY
-//
-// @sa tcgInitTcgParseStruct
-//
-typedef struct {
- //
- // Buffer allocated and freed by the client of the Tcg library.
- // This is the Buffer that contains the Tcg response to decode/parse.
- //
- const VOID* Buffer;
-
- //
- //Size of the Buffer provided.
- //
- UINT32 BufferSize;
-
- //
- // Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer.
- //
- TCG_COM_PACKET *ComPacket;
-
- //
- // Current Tcg Packet that is being created. It should point to a location within Buffer.
- //
- TCG_PACKET *CurPacket;
-
- //
- // Current Tcg SubPacket that is being created. It should point to a location within Buffer.
- //
- TCG_SUB_PACKET *CurSubPacket;
-
- //
- // Current pointer within the current subpacket payload.
- //
- UINT8 *CurPtr;
-} TCG_PARSE_STRUCT ;
-
-
-//
-// Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions.
-//
-typedef struct {
- //
- // Describes the type of Tcg token the Hdr start points to.
- //
- TCG_TOKEN_TYPE Type;
-
- //
- // Pointer to the beginning of the Header of the Tcg token
- //
- UINT8 *HdrStart;
-} TCG_TOKEN ;
-
-/**
-
- Required to be called before calling any other Tcg functions with the TCG_CREATE_STRUCT.
- Initializes the packet variables to NULL. Additionally, the buffer will be memset.
-
- @param[in/out] CreateStruct Structure to initialize
- @param[in] Buffer Buffer allocated by client of library. It will contain the Tcg encoded packet. This cannot be null.
- @param[in] BufferSize Size of buffer provided. It cannot be 0.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgInitTcgCreateStruct(
- TCG_CREATE_STRUCT *CreateStruct,
- VOID *Buffer,
- UINT32 BufferSize
- );
-
-
-/**
-
- Encodes the ComPacket header to the data structure.
-
- @param[in/out] CreateStruct Structure to initialize
- @param[in] ComId ComID of the Tcg ComPacket.
- @param[in] ComIdExtension ComID Extension of the Tcg ComPacket.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgStartComPacket(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT16 ComId,
- UINT16 ComIdExtension
- );
-
-
-/**
-
- Starts a new ComPacket in the Data structure.
-
- @param[in/out] CreateStruct Structure used to add Tcg Packet
- @param[in] Tsn Packet Tper session number
- @param[in] Hsn Packet Host session number
- @param[in] SeqNumber Packet Sequence Number
- @param[in] AckType Packet Acknowledge Type
- @param[in] Ack Packet Acknowledge
-
-**/
-TCG_RESULT
-EFIAPI
-TcgStartPacket(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 Tsn,
- UINT32 Hsn,
- UINT32 SeqNumber,
- UINT16 AckType,
- UINT32 Ack
- );
-
-/**
-
- Starts a new SubPacket in the Data structure.
-
- @param[in/out] CreateStruct Structure used to start Tcg SubPacket
- @param[in] Kind SubPacket kind
-
-**/
-TCG_RESULT
-EFIAPI
-TcgStartSubPacket(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT16 Kind
- );
-
-
-/**
-
- Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding
- required for Subpackets.
-
- @param[in/out] CreateStruct Structure used to end the current Tcg SubPacket
-
-**/
-TCG_RESULT
-EFIAPI
-TcgEndSubPacket(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
-
- Ends the current Packet in the Data structure.
-
- @param[in/out] CreateStruct Structure used to end the current Tcg Packet
-
-**/
-TCG_RESULT
-EFIAPI
-TcgEndPacket(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
-
- Ends the ComPacket in the Data structure and ret
-
- @param[in/out] CreateStruct Structure used to end the Tcg ComPacket
- @param[in/out] Size Describes the Size of the entire ComPacket (Header and payload). Filled out by function.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgEndComPacket(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size
- );
-
-/**
- Adds a single raw token byte to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the byte
- @param [in] Byte Byte to add
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddRawByte(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT8 Byte
- );
-
-
-/**
-
- Adds the Data parameter as a byte sequence to the Data structure.
-
- @param [in/out] CreateStruct Structure used to add the byte sequence
- @param[in] Data Byte sequence that will be encoded and copied into Data structure
- @param[in] DataSize Length of Data provided
- @param[in] Continued TRUE if byte sequence is continued or
- FALSE if the Data contains the entire byte sequence to be encoded
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddByteSequence(
- TCG_CREATE_STRUCT *CreateStruct,
- const VOID *Data,
- UINT32 DataSize,
- BOOLEAN Continued
- );
-
-
-/**
-
- Adds an arbitrary-Length integer to the Data structure.
-
- The integer will be encoded using the shortest possible atom.
-
- @param[in/out] CreateStruct Structure used to add the integer
- @param[in] Data Integer in host byte order that will be encoded and copied into Data structure
- @param[in] DataSize Length in bytes of the Data provided
- @param[in] SignedInteger TRUE if the integer is signed or FALSE if the integer is unsigned
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddInteger(
- TCG_CREATE_STRUCT *CreateStruct,
- const VOID *Data,
- UINT32 DataSize,
- BOOLEAN SignedInteger
- );
-
-
-/**
- Adds an 8-bit unsigned integer to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the integer
- @param[in] Value Integer Value to add
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddUINT8(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT8 Value
- );
-
-/**
-
- Adds a 16-bit unsigned integer to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the integer
- @param[in] Value Integer Value to add
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddUINT16 (
- TCG_CREATE_STRUCT *CreateStruct,
- UINT16 Value
- );
-
-/**
-
- Adds a 32-bit unsigned integer to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the integer
- @param[in] Value Integer Value to add
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddUINT32(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 Value
- );
-
-
-/**
-
- Adds a 64-bit unsigned integer to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the integer
- @param[in] Value Integer Value to add
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddUINT64(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT64 Value
- );
-
-/**
- Adds a BOOLEAN to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the integer
- @param[in] Value BOOLEAN Value to add
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddBOOLEAN(
- TCG_CREATE_STRUCT *CreateStruct,
- BOOLEAN Value
- );
-
-/**
- Add tcg uid info.
-
- @param [in/out] CreateStruct Structure used to add the integer
- @param Uid Input uid info.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddTcgUid(
- TCG_CREATE_STRUCT *CreateStruct,
- TCG_UID Uid
- );
-
-/**
- Adds a Start List token to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddStartList(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
-
- Adds an End List token to the Data structure.
-
- @param [in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddEndList(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
- Adds a Start Name token to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddStartName(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
-
- Adds an End Name token to the Data structure.
-
- @param [in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddEndName(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
- Adds a Call token to the Data structure.
-
- @param [in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddCall(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
-
-Adds an End of Data token to the Data structure.
-
-@param[in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddEndOfData(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
-
-Adds an End of Session token to the Data structure.
-
-@param [in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddEndOfSession(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
- Adds a Start Transaction token to the Data structure.
-
- @param [in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddStartTransaction(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-
-/**
- Adds an End Transaction token to the Data structure.
-
- @param[in/out] CreateStruct Structure used to add the token
-
-**/
-TCG_RESULT
-EFIAPI
-TcgAddEndTransaction(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-/**
- Initial the tcg parse stucture.
-
- @param ParseStruct Input parse structure.
- @param Buffer Input buffer data.
- @param BufferSize Input buffer size.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgInitTcgParseStruct(
- TCG_PARSE_STRUCT *ParseStruct,
- const VOID *Buffer,
- UINT32 BufferSize
- );
-
-/**
- Get next token info.
-
- @param ParseStruct Input parse structure info.
- @param TcgToken return the tcg token info.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextToken(
- TCG_PARSE_STRUCT *ParseStruct,
- TCG_TOKEN *TcgToken
- );
-
-/**
- Get next token Type.
-
- @param ParseStruct Input parse structure.
- @param Type Input the type need to check.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextTokenType(
- TCG_PARSE_STRUCT *ParseStruct,
- TCG_TOKEN_TYPE Type
- );
-
-/**
- Get atom info.
-
- @param TcgToken Input token info.
- @param HeaderLength return the header length.
- @param DataLength return the data length.
- @param ByteOrInt return the atom Type.
- @param SignOrCont return the sign or count info.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetAtomInfo(
- const TCG_TOKEN *TcgToken,
- UINT32 *HeaderLength,
- UINT32 *DataLength,
- UINT8 *ByteOrInt,
- UINT8 *SignOrCont
- );
-
-/**
- Get token byte sequence.
-
- @param TcgToken Input token info.
- @param Length Input the length info.
-
- @retval Return the value data.
-
-**/
-UINT8*
-EFIAPI
-TcgGetTokenByteSequence(
- const TCG_TOKEN *TcgToken,
- UINT32 *Length
- );
-
-/**
- Get token specified value.
-
- @param TcgToken Input token info.
- @param Value return the value.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetTokenUINT64(
- const TCG_TOKEN *TcgToken,
- UINT64 *Value
- );
-
-
-/**
- Get next specify value.
-
- @param ParseStruct Input parse structure.
- @param Value Return vlaue.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextUINT8(
- TCG_PARSE_STRUCT *ParseStruct,
- UINT8 *Value
- );
-
-
-/**
- Get next specify value.
-
- @param ParseStruct Input parse structure.
- @param Value Return vlaue.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextUINT16(
- TCG_PARSE_STRUCT *ParseStruct,
- UINT16 *Value
- );
-
-/**
- Get next specify value.
-
- @param ParseStruct Input parse structure.
- @param Value Return vlaue.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextUINT32(
- TCG_PARSE_STRUCT *ParseStruct,
- UINT32 *Value
- );
-
-/**
- Get next specify value.
-
- @param ParseStruct Input parse structure.
- @param Value Return vlaue.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextUINT64(
- TCG_PARSE_STRUCT *ParseStruct,
- UINT64 *Value
- );
-
-/**
- Get next specify value.
-
- @param ParseStruct Input parse structure.
- @param Value Return vlaue.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextBOOLEAN(
- TCG_PARSE_STRUCT *ParseStruct,
- BOOLEAN *Value
- );
-
-/**
- Get next tcg uid info.
-
- @param ParseStruct Input parse structure.
- @param Uid Get the uid info.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextTcgUid(
- TCG_PARSE_STRUCT *ParseStruct,
- TCG_UID *Uid
- );
-
-/**
- Get next byte sequence.
-
- @param ParseStruct Input parse structure.
- @param Data return the data.
- @param Length return the length.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextByteSequence(
- TCG_PARSE_STRUCT *ParseStruct,
- const VOID **Data,
- UINT32 *Length
- );
-
-/**
- Get next start list.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextStartList(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next end list.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextEndList(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next start name.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextStartName(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next end name.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextEndName(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next call.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextCall(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next end data.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextEndOfData(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next end of session.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextEndOfSession(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next start transaction.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextStartTransaction(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-/**
- Get next end transaction.
-
- @param ParseStruct Input parse structure.
-
- @retval return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetNextEndTransaction(
- TCG_PARSE_STRUCT *ParseStruct
- );
-
-// end of parse functions
-
-
-typedef
-BOOLEAN
-(EFIAPI* TCG_LEVEL0_ENUM_CALLBACK) (
- const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
- TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature,
- UINTN FeatureSize, // includes header
- VOID *Context
-);
-
-/**
- Adds call token and method Header (invoking id, and method id).
-
- @param CreateStruct The input create structure.
- @param InvokingId Invoking id.
- @param MethodId Method id.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgStartMethodCall(
- TCG_CREATE_STRUCT *CreateStruct,
- TCG_UID InvokingId,
- TCG_UID MethodId
- );
-
-/**
- Adds START LIST token.
-
- @param CreateStruct The input create structure.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgStartParameters(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-/**
- Adds END LIST token.
-
- @param CreateStruct The input create structure.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgEndParameters(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-/**
- Adds END Data token and method list.
-
- @param CreateStruct The input create structure.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgEndMethodCall(
- TCG_CREATE_STRUCT *CreateStruct
- );
-
-/**
-
- Adds Start Session call to the data structure. This creates the entire ComPacket structure and
- returns the size of the entire compacket in the size parameter.
-
- @param [in/out] CreateStruct Structure used to add the start session call
- @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function.
- @param [in] ComId ComID for the ComPacket
- @param [in] ComIdExtension Extended ComID for the ComPacket
- @param [in] HostSessionId Host Session ID
- @param [in] SpId Security Provider to start session with
- @param [in] Write Write option for start session. TRUE = start session requests write access
- @param [in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL
- @param [in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge shall be sent.
- @param [in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority shall be sent.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgCreateStartSession(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size,
- UINT16 ComId,
- UINT16 ComIdExtension,
- UINT32 HostSessionId,
- TCG_UID SpId,
- BOOLEAN Write,
- UINT32 HostChallengeLength,
- const VOID *HostChallenge,
- TCG_UID HostSigningAuthority
- );
-
-/**
- Creates ComPacket with a Method call that sets the PIN column for the row specified.
- This assumes a start session has already been opened with the desired SP.
-
- @param [in/out] CreateStruct Structure used to add method call.
- @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function.
- @param [in] ComId ComID for the ComPacket
- @param [in] ComIdExtension Extended ComID for the ComPacket
- @param [in] TperSession Tper Session ID for the Packet
- @param [in] HostSession Host Session ID for the Packet
- @param [in] SidRow UID of row of current SP to set PIN column
- @param [in] Password value of PIN to set
- @param [in] PasswordSize Size of PIN
-
-**/
-TCG_RESULT
-EFIAPI
-TcgCreateSetCPin(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size,
- UINT16 ComId,
- UINT16 ComIdExtension,
- UINT32 TperSession,
- UINT32 HostSession,
- TCG_UID SidRow,
- const VOID *Password,
- UINT32 PasswordSize
- );
-
-/**
- Creates ComPacket with a Method call that sets the "Enabled" column for the row specified using the value specified.
- This assumes a start session has already been opened with the desired SP.
-
- @param [in/out] CreateStruct Structure used to add method call
- @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function.
- @param [in] ComId ComID for the ComPacket
- @param [in] ComIdExtension Extended ComID for the ComPacket
- @param [in] TperSession Tper Session ID for the Packet
- @param [in] HostSession Host Session ID for the Packet
- @param [in] AuthorityUid Authority UID to modify the "Enabled" column for
- @param [in] Enabled Value to set the "Enabled" column to
-
-**/
-TCG_RESULT
-EFIAPI
-TcgSetAuthorityEnabled(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size,
- UINT16 ComId,
- UINT16 ComIdExtension,
- UINT32 TperSession,
- UINT32 HostSession,
- TCG_UID AuthorityUid,
- BOOLEAN Enabled
- );
-
-/**
-
- Creates ComPacket with EndSession.
- This assumes a start session has already been opened.
-
- @param [in/out] CreateStruct Structure used to add Endsession
- @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function.
- @param [in] ComId ComID for the ComPacket
- @param [in] ComIdExtension Extended ComID for the ComPacket
- @param [in] HostSessionId Host Session ID for the Packet
- @param [in] TpSessionId Tper Session ID for the Packet
-
-**/
-TCG_RESULT
-EFIAPI
-TcgCreateEndSession(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size,
- UINT16 ComId,
- UINT16 ComIdExtension,
- UINT32 HostSessionId,
- UINT32 TpSessionId
- );
-
-
-/**
-
- Retrieves human-readable token type name.
-
- @param[in] Type Token type to retrieve
-
-**/
-CHAR8*
-EFIAPI
-TcgTokenTypeString(
- TCG_TOKEN_TYPE Type
- );
-
-/**
- Returns the method status of the current subpacket. Does not affect the current position
- in the ComPacket. In other words, it can be called whenever you have a valid SubPacket.
-
- @param [in/out] ParseStruct Structure used to parse received TCG response
- @param [in/out] MethodStatus Method status retrieved of the current SubPacket
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetMethodStatus(
- const TCG_PARSE_STRUCT *ParseStruct,
- UINT8 *MethodStatus
- );
-
-/**
- Returns a human-readable string representing a method status return code.
-
- @param[in] MethodStatus Method status to translate to a string
-
-
- @retval return the string info.
-**/
-CHAR8*
-EFIAPI
-TcgMethodStatusString(
- UINT8 MethodStatus
- );
-
-
-/**
- Retrieves the comID and Extended comID of the ComPacket in the Tcg response.
- It is intended to be used to confirm the received Tcg response is intended for user that received it.
-
- @param [in] ParseStruct Structure used to parse received TCG response.
- @param [in/out] ComId comID retrieved from received ComPacket.
- @param [in/out] ComIdExtension Extended comID retrieved from received ComPacket
-
-**/
-TCG_RESULT
-EFIAPI
-TcgGetComIds(
- const TCG_PARSE_STRUCT *ParseStruct,
- UINT16 *ComId,
- UINT16 *ComIdExtension
- );
-
-/**
- Checks if the ComIDs of the response match the expected values.
-
- @param[in] ParseStruct Structure used to parse received TCG response
- @param[in] ExpectedComId Expected comID
- @param[in] ExpectedComIdExtension Expected extended comID
-
-**/
-TCG_RESULT
-EFIAPI
-TcgCheckComIds(
- const TCG_PARSE_STRUCT *ParseStruct,
- UINT16 ExpectedComId,
- UINT16 ExpectedComIdExtension
- );
-
-/**
- Parses the Sync Session response contained in the parseStruct to retrieve Tper session ID. If the Sync Session response
- parameters do not match the comID, extended ComID and host session ID then a failure is returned.
-
- @param[in/out] ParseStruct Structure used to parse received TCG response, contains Sync Session response.
- @param[in] ComId Expected ComID that is compared to actual ComID of response
- @param[in] ComIdExtension Expected Extended ComID that is compared to actual Extended ComID of response
- @param[in] HostSessionId Expected Host Session ID that is compared to actual Host Session ID of response
- @param[in/out] TperSessionId Tper Session ID retrieved from the Sync Session response.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgParseSyncSession(
- const TCG_PARSE_STRUCT *ParseStruct,
- UINT16 ComId,
- UINT16 ComIdExtension,
- UINT32 HostSessionId,
- UINT32 *TperSessionId
- );
-
-/**
- Create set ace.
-
- @param CreateStruct Input create structure.
- @param Size size info.
- @param ComId ComId info.
- @param ComIdExtension ComId extension info.
- @param TperSession Tper session data.
- @param HostSession Host session data.
- @param AceRow Ace row info.
- @param Authority1 Authority 1 info.
- @param LogicalOperator Logiccal operator info.
- @param Authority2 Authority 2 info.
-
- @retval Return the action result.
-
-**/
-TCG_RESULT
-EFIAPI
-TcgCreateSetAce(
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size,
- UINT16 ComId,
- UINT16 ComIdExtension,
- UINT32 TperSession,
- UINT32 HostSession,
- TCG_UID AceRow,
- TCG_UID Authority1,
- BOOLEAN LogicalOperator,
- TCG_UID Authority2
- );
-
-/**
- Enum level 0 discovery.
-
- @param DiscoveryHeader Discovery header.
- @param Callback Callback function.
- @param Context The context for the function.
-
- @retval return true if the callback return TRUE, else return FALSE.
-
-**/
-BOOLEAN
-EFIAPI
-TcgEnumLevel0Discovery(
- const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
- TCG_LEVEL0_ENUM_CALLBACK Callback,
- VOID *Context
- );
-
-/**
- Get Feature code from the header.
-
- @param DiscoveryHeader The discovery header.
- @param FeatureCode reutrn the Feature code.
- @param FeatureSize return the Feature size.
-
- @retval return the Feature code data.
-**/
-TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*
-EFIAPI
-TcgGetFeature(
- const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader,
- UINT16 FeatureCode,
- UINTN *FeatureSize
- );
-
-/**
- Determines if the protocol provided is part of the provided supported protocol list.
-
- @param[in] ProtocolList Supported protocol list to investigate
- @param[in] Protocol Protocol value to determine if supported
-
- @return TRUE = protocol is supported, FALSE = protocol is not supported
-**/
-BOOLEAN
-EFIAPI
-TcgIsProtocolSupported(
- const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList,
- UINT16 Protocol
- );
-
-/**
- Determines if the Locking Feature "Locked" bit is set in the level 0 discovery response.
-
- @param[in] Discovery Level 0 discovery response
-
- @return TRUE = Locked is set, FALSE = Locked is false
-
-**/
-BOOLEAN
-EFIAPI
-TcgIsLocked(
- const TCG_LEVEL0_DISCOVERY_HEADER *Discovery
- );
-
-#pragma pack()
-
-
-#endif // _TCG_CORE_H_
diff --git a/SecurityPkg/Include/Library/TcgStorageOpalLib.h b/SecurityPkg/Include/Library/TcgStorageOpalLib.h deleted file mode 100644 index 9b64a8e5cd..0000000000 --- a/SecurityPkg/Include/Library/TcgStorageOpalLib.h +++ /dev/null @@ -1,837 +0,0 @@ -/** @file
- Public API for Opal Core library.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _OPAL_CORE_H_
-#define _OPAL_CORE_H_
-
-#include <IndustryStandard/TcgStorageOpal.h>
-
-#include <Library/TcgStorageCoreLib.h>
-#include <Protocol/StorageSecurityCommand.h>
-
-#pragma pack(1)
-
-typedef struct {
- //
- // Opal SSC 1 support (0 - not supported, 1 - supported)
- //
- UINT32 OpalSsc1 : 1;
-
- //
- // Opal SSC 2support (0 - not supported, 1 - supported)
- //
- UINT32 OpalSsc2 : 1;
-
- //
- // Opal SSC Lite support (0 - not supported, 1 - supported)
- //
- UINT32 OpalSscLite : 1;
-
- //
- // Pyrite SSC support (0 - not supported, 1 - supported)
- //
- UINT32 PyriteSsc : 1;
-
- //
- // Security protocol 1 support (0 - not supported, 1 - supported)
- //
- UINT32 Sp1 : 1;
-
- //
- // Security protocol 2 support (0 - not supported, 1 - supported)
- //
- UINT32 Sp2 : 1;
-
- //
- // Security protocol IEEE1667 support (0 - not supported, 1 - supported)
- //
- UINT32 SpIeee1667 : 1;
-
- //
- // Media encryption supported (0 - not supported, 1 - supported)
- //
- UINT32 MediaEncryption : 1;
-
- //
- // Initial C_PIN_SID PIN Indicator
- // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value
- // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value
- //
- UINT32 InitCpinIndicator : 1;
-
- //
- // Behavior of C_PIN_SID PIN upon TPer Revert
- // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value
- // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value
- //
- UINT32 CpinUponRevert : 1;
-
- //
- // Media encryption supported (0 - not supported, 1 - supported)
- //
- UINT32 BlockSid : 1;
-
-} OPAL_DISK_SUPPORT_ATTRIBUTE;
-
-//
-// Opal device ownership type
-// The type indicates who was the determined owner of the device.
-//
-typedef enum {
- //
- // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP
- //was unsuccessful with the provided PIN
- //
- OpalOwnershipUnknown,
-
- //
- // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN
- //
- OpalOwnershipNobody,
-} OPAL_OWNER_SHIP;
-
-//
-// Structure that is used to represent an Opal session.
-// The structure must be initialized by calling OpalStartSession before being used as a parameter
-// for any other Opal function.
-// This structure should NOT be directly modified by the client of this library.
-//
-//
-typedef struct {
- UINT32 HostSessionId;
- UINT32 TperSessionId;
- UINT16 ComIdExtension;
-
- UINT16 OpalBaseComId;
-
- EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;
- UINT32 MediaId;
-} OPAL_SESSION;
-#pragma pack()
-
-/**
-
- The function fills in the provided Buffer with the supported protocol list
- of the device specified.
-
- @param[in] Session OPAL_SESSION data.
- @param[in] BufferSize Size of Buffer provided (in bytes)
- @param[in] BuffAddress Buffer address to fill with security protocol list
-
-**/
-TCG_RESULT
-EFIAPI
-OpalRetrieveSupportedProtocolList(
- OPAL_SESSION *Session,
- UINTN BufferSize,
- VOID *BuffAddress
- );
-
-/**
-
- The function fills in the provided Buffer with the level 0 discovery Header
- of the device specified.
-
- @param[in] Session OPAL_SESSION data.
- @param[in] BufferSize Size of Buffer provided (in bytes)
- @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response
-
-**/
-TCG_RESULT
-EFIAPI
-OpalRetrieveLevel0DiscoveryHeader(
- OPAL_SESSION *Session,
- UINTN BufferSize,
- VOID *BuffAddress
- );
-
-/**
- Starts a session with a security provider (SP).
-
- If a session is started successfully, the caller must end the session with OpalEndSession when finished
- performing Opal actions.
-
- @param[in/out] Session OPAL_SESSION to initialize.
- @param[in] SpId Security provider ID to start the session with.
- @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).
- @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL
- @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.
- @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.
- @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.
-
- @return TcgResultSuccess indicates that the function completed without any internal errors.
- The caller must inspect the MethodStatus field to determine whether the method completed successfully.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalStartSession(
- OPAL_SESSION *Session,
- TCG_UID SpId,
- BOOLEAN Write,
- UINT32 HostChallengeLength,
- const VOID *HostChallenge,
- TCG_UID HostSigningAuthority,
- UINT8 *MethodStatus
- );
-
-/**
- Close a session opened with OpalStartSession.
-
- @param[in/out] Session OPAL_SESSION to end.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalEndSession(
- OPAL_SESSION *Session
- );
-
-/**
-
- Reverts device using Admin SP Revert method.
-
- @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalPsidRevert(
- OPAL_SESSION *AdminSpSession
- );
-
-
-/**
-
- The function retrieves the MSID from the device specified
-
- @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.
- @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller
- @param[in] Msid Variable length byte sequence representing MSID of device
- @param[in] MsidLength Actual length of MSID retrieved from device
-
-**/
-TCG_RESULT
-EFIAPI
-OpalGetMsid(
- OPAL_SESSION *AdminSpSession,
- UINT32 MsidBufferSize,
- UINT8 *Msid,
- UINT32 *MsidLength
- );
-
-/**
-
- The function activates the Locking SP.
- Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.
- If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.
-
- @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalActivateLockingSp(
- OPAL_SESSION *AdminSpSession,
- UINT8 *MethodStatus
- );
-
-
-/**
-
- The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.
-
- @param[in/out] Session OPAL_SESSION to set password
- @param[in] CpinRowUid UID of row (authority) to update PIN column
- @param[in] NewPin New Pin to set for cpinRowUid specified
- @param[in] NewPinLength Length in bytes of newPin
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSetPassword(
- OPAL_SESSION *Session,
- TCG_UID CpinRowUid,
- const VOID *NewPin,
- UINT32 NewPinLength,
- UINT8 *MethodStatus
- );
-
-/**
-
- The function retrieves the active key of the global locking range
- and calls the GenKey method on the active key retrieved.
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalGlobalLockingRangeGenKey(
- OPAL_SESSION *LockingSpSession,
- UINT8 *MethodStatus
- );
-
-
-/**
-
- The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.
- This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns
- (not ReadLockEnabled and WriteLockEnabled columns).
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key
- @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range
- @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUpdateGlobalLockingRange(
- OPAL_SESSION *LockingSpSession,
- BOOLEAN ReadLocked,
- BOOLEAN WriteLocked,
- UINT8 *MethodStatus
- );
-
-
-/**
-
- The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns
- of the specified Locking Range. This function requires admin authority of a locking SP session.
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key
- @param[in] LockingRangeUid Locking range UID to set values
- @param[in] RangeStart Value to set RangeStart column for Locking Range
- @param[in] RangeLength Value to set RangeLength column for Locking Range
- @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range
- @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range
- @param[in] ReadLocked Value to set ReadLocked column for Locking Range
- @param[in] WriteLocked Value to set WriteLocked column for Locking Range
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSetLockingRange(
- OPAL_SESSION *LockingSpSession,
- TCG_UID LockingRangeUid,
- UINT64 RangeStart,
- UINT64 RangeLength,
- BOOLEAN ReadLockEnabled,
- BOOLEAN WriteLockEnabled,
- BOOLEAN ReadLocked,
- BOOLEAN WriteLocked,
- UINT8 *MethodStatus
- );
-
-/**
-
- The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided
- using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update
- @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN
- @param[in] AuthorityUid UID of Locking SP authority to update Pin column with
- @param[in] NewPin New Password used to set Pin column
- @param[in] NewPinLength Length in bytes of new password
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalSetLockingSpAuthorityEnabledAndPin(
- OPAL_SESSION *LockingSpSession,
- TCG_UID CpinRowUid,
- TCG_UID AuthorityUid,
- const VOID *NewPin,
- UINT32 NewPinLength,
- UINT8 *MethodStatus
- );
-
-
-/**
-
- The function sets the Enabled column to FALSE for the USER1 authority.
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalDisableUser(
- OPAL_SESSION *LockingSpSession,
- UINT8 *MethodStatus
- );
-
-
-/**
-
- The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter
- to keep the user data is set to True, otherwise the optional parameter is not provided.
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP
- @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.
- @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalAdminRevert(
- OPAL_SESSION *LockingSpSession,
- BOOLEAN KeepUserData,
- UINT8 *MethodStatus
- );
-
-
-/**
-
- The function retrieves the TryLimit column for the specified rowUid (authority).
-
- @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit
- @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column
- @param[in/out] TryLimit Value from TryLimit column
-
-**/
-TCG_RESULT
-EFIAPI
-OpalGetTryLimit(
- OPAL_SESSION *LockingSpSession,
- TCG_UID RowUid,
- UINT32 *TryLimit
- );
-
-
-/**
-
- The function populates the CreateStruct with a payload that will retrieve the global locking range active key.
- It is intended to be called with a session that is already started with a valid credential.
- The function does not send the payload.
-
- @param[in] Session OPAL_SESSION to populate command for, needs comId
- @param[in/out] CreateStruct Structure to populate with encoded TCG command
- @param[in/out] Size Size in bytes of the command created.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalCreateRetrieveGlobalLockingRangeActiveKey(
- const OPAL_SESSION *Session,
- TCG_CREATE_STRUCT *CreateStruct,
- UINT32 *Size
- );
-
-
-/**
-
- The function acquires the activeKey specified for the Global Locking Range from the parseStruct.
-
- @param[in] ParseStruct Structure that contains the device's response with the activekey
- @param[in/out] ActiveKey The UID of the active key retrieved
-
-**/
-TCG_RESULT
-EFIAPI
-OpalParseRetrieveGlobalLockingRangeActiveKey(
- TCG_PARSE_STRUCT *ParseStruct,
- TCG_UID *ActiveKey
- );
-
-/**
-
- Get the support attribute info.
-
- @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.
- @param[in/out] LockingFeature Return the Locking info.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalGetLockingInfo(
- OPAL_SESSION *Session,
- TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
- );
-
-/**
-
- The function determines whether or not all of the requirements for the Opal Feature (not full specification)
- are met by the specified device.
-
- @param[in] SupportedAttributes Opal device attribute.
-
-**/
-BOOLEAN
-EFIAPI
-OpalFeatureSupported(
- OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes
- );
-
-/**
-
- The function returns whether or not the device is Opal Enabled.
- TRUE means that the device is partially or fully locked.
- This will perform a Level 0 Discovery and parse the locking feature descriptor
-
- @param[in] SupportedAttributes Opal device attribute.
- @param[in] LockingFeature Opal device locking status.
-
-
-**/
-BOOLEAN
-EFIAPI
-OpalFeatureEnabled(
- OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
- TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
- );
-
-/**
-
- The function returns whether or not the device is Opal Locked.
- TRUE means that the device is partially or fully locked.
- This will perform a Level 0 Discovery and parse the locking feature descriptor
-
- @param[in] SupportedAttributes Opal device attribute.
- @param[in] LockingFeature Opal device locking status.
-
-**/
-BOOLEAN
-OpalDeviceLocked(
- OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
- TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
- );
-
-/**
- Trig the block sid action.
-
- @param[in] Session OPAL_SESSION to populate command for, needs comId
- @param[in] HardwareReset Whether need to do hardware reset.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalBlockSid(
- OPAL_SESSION *Session,
- BOOLEAN HardwareReset
- );
-
-/**
-
- Get the support attribute info.
-
- @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.
- @param[in/out] SupportedAttributes Return the support attribute info.
- @param[out] OpalBaseComId Return the base com id info.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalGetSupportedAttributesInfo(
- OPAL_SESSION *Session,
- OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
- UINT16 *OpalBaseComId
- );
-
-/**
- Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
-
- @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] Psid PSID of device to revert.
- @param[in] PsidLength Length of PSID in bytes.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilPsidRevert(
- OPAL_SESSION *AdminSpSession,
- const VOID *Psid,
- UINT32 PsidLength
- );
-
-/**
- Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
- sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,
- and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.
-
- @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] GeneratedSid Generated SID of disk
- @param[in] SidLength Length of generatedSid in bytes
- @param[in] Password New admin password to set
- @param[in] PassLength Length of password in bytes
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilSetAdminPasswordAsSid(
- OPAL_SESSION *AdminSpSession,
- const VOID *GeneratedSid,
- UINT32 SidLength,
- const VOID *Password,
- UINT32 PassLength
- );
-
-/**
-
- Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
- and updates the specified locking range with the provided column values.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] Password New admin password to set
- @param[in] PassLength Length of password in bytes
- @param[in] LockingRangeUid Locking range UID to set values
- @param[in] RangeStart Value to set RangeStart column for Locking Range
- @param[in] RangeLength Value to set RangeLength column for Locking Range
- @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range
- @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range
- @param[in] ReadLocked Value to set ReadLocked column for Locking Range
- @param[in] WriteLocked Value to set WriteLocked column for Locking Range
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilSetOpalLockingRange(
- OPAL_SESSION *LockingSpSession,
- const VOID *Password,
- UINT32 PassLength,
- TCG_UID LockingRangeUid,
- UINT64 RangeStart,
- UINT64 RangeLength,
- BOOLEAN ReadLockEnabled,
- BOOLEAN WriteLockEnabled,
- BOOLEAN ReadLocked,
- BOOLEAN WriteLocked
- );
-
-/**
- Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
- sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,
- and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.
-
- @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] OldPassword Current admin password
- @param[in] OldPasswordLength Length of current admin password in bytes
- @param[in] NewPassword New admin password to set
- @param[in] NewPasswordLength Length of new password in bytes
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilSetAdminPassword(
- OPAL_SESSION *AdminSpSession,
- const VOID *OldPassword,
- UINT32 OldPasswordLength,
- const VOID *NewPassword,
- UINT32 NewPasswordLength
- );
-
-/**
- Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
- and sets the User1 SP authority to enabled and sets the User1 password.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] OldPassword Current admin password
- @param[in] OldPasswordLength Length of current admin password in bytes
- @param[in] NewPassword New admin password to set
- @param[in] NewPasswordLength Length of new password in bytes
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilSetUserPassword(
- OPAL_SESSION *LockingSpSession,
- const VOID *OldPassword,
- UINT32 OldPasswordLength,
- const VOID *NewPassword,
- UINT32 NewPasswordLength
- );
-
-/**
- Verify whether user input the correct password.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] Password Admin password
- @param[in] PasswordLength Length of password in bytes
- @param[in/out] HostSigningAuthority Use the Host signing authority type.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilVerifyPassword (
- OPAL_SESSION *LockingSpSession,
- const VOID *Password,
- UINT32 PasswordLength,
- TCG_UID HostSigningAuthority
- );
-
-/**
- Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
- and generates a new global locking range key to erase the Data.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] Password Admin or user password
- @param[in] PasswordLength Length of password in bytes
- @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilSecureErase(
- OPAL_SESSION *LockingSpSession,
- const VOID *Password,
- UINT32 PasswordLength,
- BOOLEAN *PasswordFailed
- );
-
-/**
- Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] Password Admin password
- @param[in] PasswordLength Length of password in bytes
- @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilDisableUser(
- OPAL_SESSION *LockingSpSession,
- const VOID *Password,
- UINT32 PasswordLength,
- BOOLEAN *PasswordFailed
- );
-
-/**
- Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it
- @param[in] Password Admin password
- @param[in] PasswordLength Length of password in bytes
- @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
- @param[in] Msid Input Msid info.
- @param[in] MsidLength Input Msid info length.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilRevert(
- OPAL_SESSION *LockingSpSession,
- BOOLEAN KeepUserData,
- const VOID *Password,
- UINT32 PasswordLength,
- BOOLEAN *PasswordFailed,
- UINT8 *Msid,
- UINT32 MsidLength
- );
-
-/**
- After revert success, set SID to MSID.
-
- @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
- @param Password, Input password info.
- @param PasswordLength, Input password length.
- @param[in] Msid Input Msid info.
- @param[in] MsidLength Input Msid info length.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilSetSIDtoMSID (
- OPAL_SESSION *AdminSpSession,
- const VOID *Password,
- UINT32 PasswordLength,
- UINT8 *Msid,
- UINT32 MsidLength
- );
-
-/**
- Update global locking range.
-
- @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
- @param Password, Input password info.
- @param PasswordLength, Input password length.
- @param ReadLocked, Read lock info.
- @param WriteLocked write lock info.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilUpdateGlobalLockingRange(
- OPAL_SESSION *LockingSpSession,
- const VOID *Password,
- UINT32 PasswordLength,
- BOOLEAN ReadLocked,
- BOOLEAN WriteLocked
- );
-
-/**
- Update global locking range.
-
- @param Session, The session info for one opal device.
- @param Msid, The data buffer to save Msid info.
- @param MsidBufferLength, The data buffer length for Msid.
- @param MsidLength, The actual data length for Msid.
-
-**/
-TCG_RESULT
-EFIAPI
-OpalUtilGetMsid(
- OPAL_SESSION *Session,
- UINT8 *Msid,
- UINT32 MsidBufferLength,
- UINT32 *MsidLength
- );
-
-/**
-
- The function determines who owns the device by attempting to start a session with different credentials.
- If the SID PIN matches the MSID PIN, the no one owns the device.
- If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.
-
-
- @param[in] Session The session info for one opal device.
- @param Msid, The Msid info.
- @param MsidLength, The data length for Msid.
-
-**/
-OPAL_OWNER_SHIP
-EFIAPI
-OpalUtilDetermineOwnership(
- OPAL_SESSION *Session,
- UINT8 *Msid,
- UINT32 MsidLength
- );
-
-/**
-
- The function returns if admin password exists.
-
- @param[in] OwnerShip The owner ship of the opal device.
- @param[in] LockingFeature The locking info of the opal device.
-
- @retval TRUE Admin password existed.
- @retval FALSE Admin password not existed.
-
-**/
-BOOLEAN
-EFIAPI
-OpalUtilAdminPasswordExists(
- IN UINT16 OwnerShip,
- IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
- );
-
-#endif // _OPAL_CORE_H_
diff --git a/SecurityPkg/Include/Library/Tpm12CommandLib.h b/SecurityPkg/Include/Library/Tpm12CommandLib.h deleted file mode 100644 index f7c098f283..0000000000 --- a/SecurityPkg/Include/Library/Tpm12CommandLib.h +++ /dev/null @@ -1,225 +0,0 @@ -/** @file
- This library is used by other modules to send TPM12 command.
-
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TPM12_COMMAND_LIB_H_
-#define _TPM12_COMMAND_LIB_H_
-
-#include <IndustryStandard/Tpm12.h>
-
-/**
- Send Startup command to TPM1.2.
-
- @param TpmSt Startup Type.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12Startup (
- IN TPM_STARTUP_TYPE TpmSt
- );
-
-/**
- Send SaveState command to TPM1.2.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12SaveState (
- VOID
- );
-
-/**
- Send ForceClear command to TPM1.2.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12ForceClear (
- VOID
- );
-
-#pragma pack(1)
-
-typedef struct {
- UINT16 sizeOfSelect;
- UINT8 pcrSelect[3];
-} TPM12_PCR_SELECTION;
-
-typedef struct {
- TPM12_PCR_SELECTION pcrSelection;
- TPM_LOCALITY_SELECTION localityAtRelease;
- TPM_COMPOSITE_HASH digestAtRelease;
-} TPM12_PCR_INFO_SHORT;
-
-typedef struct {
- TPM_STRUCTURE_TAG tag;
- TPM_NV_INDEX nvIndex;
- TPM12_PCR_INFO_SHORT pcrInfoRead;
- TPM12_PCR_INFO_SHORT pcrInfoWrite;
- TPM_NV_ATTRIBUTES permission;
- BOOLEAN bReadSTClear;
- BOOLEAN bWriteSTClear;
- BOOLEAN bWriteDefine;
- UINT32 dataSize;
-} TPM12_NV_DATA_PUBLIC;
-
-#pragma pack()
-
-/**
- Send NV DefineSpace command to TPM1.2.
-
- @param PubInfo The public parameters of the NV area.
- @param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12NvDefineSpace (
- IN TPM12_NV_DATA_PUBLIC *PubInfo,
- IN TPM_ENCAUTH *EncAuth
- );
-
-/**
- Send NV ReadValue command to TPM1.2.
-
- @param NvIndex The index of the area to set.
- @param Offset The offset into the area.
- @param DataSize The size of the data area.
- @param Data The data to set the area to.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12NvReadValue (
- IN TPM_NV_INDEX NvIndex,
- IN UINT32 Offset,
- IN OUT UINT32 *DataSize,
- OUT UINT8 *Data
- );
-
-/**
- Send NV WriteValue command to TPM1.2.
-
- @param NvIndex The index of the area to set.
- @param Offset The offset into the NV Area.
- @param DataSize The size of the data parameter.
- @param Data The data to set the area to.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12NvWriteValue (
- IN TPM_NV_INDEX NvIndex,
- IN UINT32 Offset,
- IN UINT32 DataSize,
- IN UINT8 *Data
- );
-
-/**
-Extend a TPM PCR.
-
-@param[in] DigestToExtend The 160 bit value representing the event to be recorded.
-@param[in] PcrIndex The PCR to be updated.
-@param[out] NewPcrValue New PCR value after extend.
-
-@retval EFI_SUCCESS Operation completed successfully.
-@retval EFI_TIMEOUT The register can't run into the expected status in time.
-@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
-@retval EFI_DEVICE_ERROR Unexpected device behavior.
-
-**/
-EFI_STATUS
-EFIAPI
-Tpm12Extend (
- IN TPM_DIGEST *DigestToExtend,
- IN TPM_PCRINDEX PcrIndex,
- OUT TPM_DIGEST *NewPcrValue
- );
-
-/**
-Send TSC_PhysicalPresence command to TPM.
-
-@param[in] PhysicalPresence The state to set the TPMs Physical Presence flags.
-
-@retval EFI_SUCCESS Operation completed successfully.
-@retval EFI_TIMEOUT The register can't run into the expected status in time.
-@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
-@retval EFI_DEVICE_ERROR Unexpected device behavior.
-
-**/
-EFI_STATUS
-EFIAPI
-Tpm12PhysicalPresence (
- IN TPM_PHYSICAL_PRESENCE PhysicalPresence
- );
-
-/**
-Send TPM_ContinueSelfTest command to TPM.
-
-@retval EFI_SUCCESS Operation completed successfully.
-@retval EFI_TIMEOUT The register can't run into the expected status in time.
-@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
-@retval EFI_DEVICE_ERROR Unexpected device behavior.
-
-**/
-EFI_STATUS
-EFIAPI
-Tpm12ContinueSelfTest (
- VOID
- );
-
-/**
-Get TPM capability permanent flags.
-
-@param[out] TpmPermanentFlags Pointer to the buffer for returned flag structure.
-
-@retval EFI_SUCCESS Operation completed successfully.
-@retval EFI_TIMEOUT The register can't run into the expected status in time.
-@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
-@retval EFI_DEVICE_ERROR Unexpected device behavior.
-
-**/
-EFI_STATUS
-EFIAPI
-Tpm12GetCapabilityFlagPermanent (
- OUT TPM_PERMANENT_FLAGS *TpmPermanentFlags
- );
-
-/**
-Get TPM capability volatile flags.
-
-@param[out] VolatileFlags Pointer to the buffer for returned flag structure.
-
-@retval EFI_SUCCESS Operation completed successfully.
-@retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-EFIAPI
-Tpm12GetCapabilityFlagVolatile (
- OUT TPM_STCLEAR_FLAGS *VolatileFlags
- );
-#endif
diff --git a/SecurityPkg/Include/Library/Tpm12DeviceLib.h b/SecurityPkg/Include/Library/Tpm12DeviceLib.h deleted file mode 100644 index ab1f522ad0..0000000000 --- a/SecurityPkg/Include/Library/Tpm12DeviceLib.h +++ /dev/null @@ -1,54 +0,0 @@ -/** @file
- This library abstract how to access TPM12 hardware device.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TPM12_DEVICE_LIB_H_
-#define _TPM12_DEVICE_LIB_H_
-
-#include <IndustryStandard/Tpm12.h>
-
-/**
- This service enables the sending of commands to the TPM12.
-
- @param[in] InputParameterBlockSize Size of the TPM12 input parameter block.
- @param[in] InputParameterBlock Pointer to the TPM12 input parameter block.
- @param[in,out] OutputParameterBlockSize Size of the TPM12 output parameter block.
- @param[in] OutputParameterBlock Pointer to the TPM12 output parameter block.
-
- @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
- @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
- @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12SubmitCommand (
- IN UINT32 InputParameterBlockSize,
- IN UINT8 *InputParameterBlock,
- IN OUT UINT32 *OutputParameterBlockSize,
- IN UINT8 *OutputParameterBlock
- );
-
-/**
- This service requests use TPM12.
-
- @retval EFI_SUCCESS Get the control of TPM12 chip.
- @retval EFI_NOT_FOUND TPM12 not found.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm12RequestUseTpm (
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h deleted file mode 100644 index 80ada7397b..0000000000 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ /dev/null @@ -1,1106 +0,0 @@ -/** @file
- This library is used by other modules to send TPM2 command.
-
-Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TPM2_COMMAND_LIB_H_
-#define _TPM2_COMMAND_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-
-/**
- This command starts a hash or an Event sequence.
- If hashAlg is an implemented hash, then a hash sequence is started.
- If hashAlg is TPM_ALG_NULL, then an Event sequence is started.
-
- @param[in] HashAlg The hash algorithm to use for the hash sequence
- An Event sequence starts if this is TPM_ALG_NULL.
- @param[out] SequenceHandle A handle to reference the sequence
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2HashSequenceStart (
- IN TPMI_ALG_HASH HashAlg,
- OUT TPMI_DH_OBJECT *SequenceHandle
- );
-
-/**
- This command is used to add data to a hash or HMAC sequence.
- The amount of data in buffer may be any size up to the limits of the TPM.
- NOTE: In all TPM, a buffer size of 1,024 octets is allowed.
-
- @param[in] SequenceHandle Handle for the sequence object
- @param[in] Buffer Data to be added to hash
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SequenceUpdate (
- IN TPMI_DH_OBJECT SequenceHandle,
- IN TPM2B_MAX_BUFFER *Buffer
- );
-
-/**
- This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list.
- If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in
- the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each
- bank extended with the associated digest value.
-
- @param[in] PcrHandle PCR to be extended with the Event data
- @param[in] SequenceHandle Authorization for the sequence
- @param[in] Buffer Data to be added to the Event
- @param[out] Results List of digests computed for the PCR
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2EventSequenceComplete (
- IN TPMI_DH_PCR PcrHandle,
- IN TPMI_DH_OBJECT SequenceHandle,
- IN TPM2B_MAX_BUFFER *Buffer,
- OUT TPML_DIGEST_VALUES *Results
- );
-
-/**
- This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.
-
- @param[in] SequenceHandle Authorization for the sequence
- @param[in] Buffer Data to be added to the hash/HMAC
- @param[out] Result The returned HMAC or digest in a sized buffer
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SequenceComplete (
- IN TPMI_DH_OBJECT SequenceHandle,
- IN TPM2B_MAX_BUFFER *Buffer,
- OUT TPM2B_DIGEST *Result
- );
-
-/**
- Send Startup command to TPM2.
-
- @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2Startup (
- IN TPM_SU StartupType
- );
-
-/**
- Send Shutdown command to TPM2.
-
- @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2Shutdown (
- IN TPM_SU ShutdownType
- );
-
-/**
- This command causes the TPM to perform a test of its capabilities.
- If the fullTest is YES, the TPM will test all functions.
- If fullTest = NO, the TPM will only test those functions that have not previously been tested.
-
- @param[in] FullTest YES if full test to be performed
- NO if only test of untested functions required
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SelfTest (
- IN TPMI_YES_NO FullTest
- );
-
-/**
- This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
- storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
-
- @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
- @param[in] AuthSession Auth Session context
- @param[in] AuthPolicy An authorization policy hash
- @param[in] HashAlg The hash algorithm to use for the policy
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SetPrimaryPolicy (
- IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession,
- IN TPM2B_DIGEST *AuthPolicy,
- IN TPMI_ALG_HASH HashAlg
- );
-
-/**
- This command removes all TPM context associated with a specific Owner.
-
- @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2Clear (
- IN TPMI_RH_CLEAR AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
- );
-
-/**
- Disables and enables the execution of TPM2_Clear().
-
- @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
- @param[in] Disable YES if the disableOwnerClear flag is to be SET,
- NO if the flag is to be CLEAR.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2ClearControl (
- IN TPMI_RH_CLEAR AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
- IN TPMI_YES_NO Disable
- );
-
-/**
- This command allows the authorization secret for a hierarchy or lockout to be changed using the current
- authorization value as the command authorization.
-
- @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
- @param[in] NewAuth New authorization secret
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2HierarchyChangeAuth (
- IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession,
- IN TPM2B_AUTH *NewAuth
- );
-
-/**
- This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to
- their default initialization values.
-
- @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2ChangeEPS (
- IN TPMI_RH_PLATFORM AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession
- );
-
-/**
- This replaces the current PPS with a value from the RNG and sets platformPolicy to the default
- initialization value (the Empty Buffer).
-
- @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2ChangePPS (
- IN TPMI_RH_PLATFORM AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession
- );
-
-/**
- This command enables and disables use of a hierarchy.
-
- @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
- @param[in] Hierarchy Hierarchy of the enable being modified
- @param[in] State YES if the enable should be SET,
- NO if the enable should be CLEAR
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2HierarchyControl (
- IN TPMI_RH_HIERARCHY AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession,
- IN TPMI_RH_HIERARCHY Hierarchy,
- IN TPMI_YES_NO State
- );
-
-/**
- This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
- If this command is properly authorized, the lockout counter is set to zero.
-
- @param[in] LockHandle LockHandle
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2DictionaryAttackLockReset (
- IN TPMI_RH_LOCKOUT LockHandle,
- IN TPMS_AUTH_COMMAND *AuthSession
- );
-
-/**
- This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
- If this command is properly authorized, the lockout counter is set to zero.
-
- @param[in] LockHandle LockHandle
- @param[in] AuthSession Auth Session context
- @param[in] NewMaxTries Count of authorization failures before the lockout is imposed
- @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented
- @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2DictionaryAttackParameters (
- IN TPMI_RH_LOCKOUT LockHandle,
- IN TPMS_AUTH_COMMAND *AuthSession,
- IN UINT32 NewMaxTries,
- IN UINT32 NewRecoveryTime,
- IN UINT32 LockoutRecovery
- );
-
-/**
- This command is used to read the public area and Name of an NV Index.
-
- @param[in] NvIndex The NV Index.
- @param[out] NvPublic The public area of the index.
- @param[out] NvName The Name of the nvIndex.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvReadPublic (
- IN TPMI_RH_NV_INDEX NvIndex,
- OUT TPM2B_NV_PUBLIC *NvPublic,
- OUT TPM2B_NAME *NvName
- );
-
-/**
- This command defines the attributes of an NV Index and causes the TPM to
- reserve space to hold the data associated with the index.
- If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED.
-
- @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
- @param[in] AuthSession Auth Session context
- @param[in] Auth The authorization data.
- @param[in] NvPublic The public area of the index.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvDefineSpace (
- IN TPMI_RH_PROVISION AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
- IN TPM2B_AUTH *Auth,
- IN TPM2B_NV_PUBLIC *NvPublic
- );
-
-/**
- This command removes an index from the TPM.
-
- @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
- @param[in] NvIndex The NV Index.
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvUndefineSpace (
- IN TPMI_RH_PROVISION AuthHandle,
- IN TPMI_RH_NV_INDEX NvIndex,
- IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
- );
-
-/**
- This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
-
- @param[in] AuthHandle the handle indicating the source of the authorization value.
- @param[in] NvIndex The index to be read.
- @param[in] AuthSession Auth Session context
- @param[in] Size Number of bytes to read.
- @param[in] Offset Byte offset into the area.
- @param[in,out] OutData The data read.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvRead (
- IN TPMI_RH_NV_AUTH AuthHandle,
- IN TPMI_RH_NV_INDEX NvIndex,
- IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
- IN UINT16 Size,
- IN UINT16 Offset,
- IN OUT TPM2B_MAX_BUFFER *OutData
- );
-
-/**
- This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
-
- @param[in] AuthHandle the handle indicating the source of the authorization value.
- @param[in] NvIndex The NV Index of the area to write.
- @param[in] AuthSession Auth Session context
- @param[in] InData The data to write.
- @param[in] Offset The offset into the NV Area.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvWrite (
- IN TPMI_RH_NV_AUTH AuthHandle,
- IN TPMI_RH_NV_INDEX NvIndex,
- IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
- IN TPM2B_MAX_BUFFER *InData,
- IN UINT16 Offset
- );
-
-/**
- This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR).
-
- @param[in] AuthHandle the handle indicating the source of the authorization value.
- @param[in] NvIndex The NV Index of the area to lock.
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvReadLock (
- IN TPMI_RH_NV_AUTH AuthHandle,
- IN TPMI_RH_NV_INDEX NvIndex,
- IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
- );
-
-/**
- This command may be used to inhibit further writes of the Index.
-
- @param[in] AuthHandle the handle indicating the source of the authorization value.
- @param[in] NvIndex The NV Index of the area to lock.
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvWriteLock (
- IN TPMI_RH_NV_AUTH AuthHandle,
- IN TPMI_RH_NV_INDEX NvIndex,
- IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
- );
-
-/**
- The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
-
- @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
- @param[in] AuthSession Auth Session context
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
- @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2NvGlobalWriteLock (
- IN TPMI_RH_PROVISION AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
- );
-
-/**
- This command is used to cause an update to the indicated PCR.
- The digests parameter contains one or more tagged digest value identified by an algorithm ID.
- For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg).
-
- @param[in] PcrHandle Handle of the PCR
- @param[in] Digests List of tagged digest values to be extended
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrExtend (
- IN TPMI_DH_PCR PcrHandle,
- IN TPML_DIGEST_VALUES *Digests
- );
-
-/**
- This command is used to cause an update to the indicated PCR.
- The data in eventData is hashed using the hash algorithm associated with each bank in which the
- indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle
- references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in
- TPM2_PCR_Extend().
- A TPM shall support an Event.size of zero through 1,024 inclusive.
-
- @param[in] PcrHandle Handle of the PCR
- @param[in] EventData Event data in sized buffer
- @param[out] Digests List of digest
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrEvent (
- IN TPMI_DH_PCR PcrHandle,
- IN TPM2B_EVENT *EventData,
- OUT TPML_DIGEST_VALUES *Digests
- );
-
-/**
- This command returns the values of all PCR specified in pcrSelect.
-
- @param[in] PcrSelectionIn The selection of PCR to read.
- @param[out] PcrUpdateCounter The current value of the PCR update counter.
- @param[out] PcrSelectionOut The PCR in the returned list.
- @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrRead (
- IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
- );
-
-/**
- This command is used to set the desired PCR allocation of PCR and algorithms.
-
- @param[in] AuthHandle TPM_RH_PLATFORM+{PP}
- @param[in] AuthSession Auth Session context
- @param[in] PcrAllocation The requested allocation
- @param[out] AllocationSuccess YES if the allocation succeeded
- @param[out] MaxPCR maximum number of PCR that may be in a bank
- @param[out] SizeNeeded number of octets required to satisfy the request
- @param[out] SizeAvailable Number of octets available. Computed before the allocation
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrAllocate (
- IN TPMI_RH_PLATFORM AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession,
- IN TPML_PCR_SELECTION *PcrAllocation,
- OUT TPMI_YES_NO *AllocationSuccess,
- OUT UINT32 *MaxPCR,
- OUT UINT32 *SizeNeeded,
- OUT UINT32 *SizeAvailable
- );
-
-/**
- Alloc PCR data.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] SupportedPCRBanks Supported PCR banks
- @param[in] PCRBanks PCR banks
-
- @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrAllocateBanks (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 SupportedPCRBanks,
- IN UINT32 PCRBanks
- );
-
-/**
- This command returns various information regarding the TPM and its current state.
-
- The capability parameter determines the category of data returned. The property parameter
- selects the first value of the selected category to be returned. If there is no property
- that corresponds to the value of property, the next higher value is returned, if it exists.
- The moreData parameter will have a value of YES if there are more values of the requested
- type that were not returned.
- If no next capability exists, the TPM will return a zero-length list and moreData will have
- a value of NO.
-
- NOTE:
- To simplify this function, leave returned CapabilityData for caller to unpack since there are
- many capability categories and only few categories will be used in firmware. It means the caller
- need swap the byte order for the feilds in CapabilityData.
-
- @param[in] Capability Group selection; determines the format of the response.
- @param[in] Property Further definition of information.
- @param[in] PropertyCount Number of properties of the indicated type to return.
- @param[out] MoreData Flag to indicate if there are more values of this type.
- @param[out] CapabilityData The capability data.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapability (
- IN TPM_CAP Capability,
- IN UINT32 Property,
- IN UINT32 PropertyCount,
- OUT TPMI_YES_NO *MoreData,
- OUT TPMS_CAPABILITY_DATA *CapabilityData
- );
-
-/**
- This command returns the information of TPM Family.
-
- This function parse the value got from TPM2_GetCapability and return the Family.
-
- @param[out] Family The Family of TPM. (a 4-octet character string)
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityFamily (
- OUT CHAR8 *Family
- );
-
-/**
- This command returns the information of TPM manufacture ID.
-
- This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.
-
- @param[out] ManufactureId The manufacture ID of TPM.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityManufactureID (
- OUT UINT32 *ManufactureId
- );
-
-/**
- This command returns the information of TPM FirmwareVersion.
-
- This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion.
-
- @param[out] FirmwareVersion1 The FirmwareVersion1.
- @param[out] FirmwareVersion2 The FirmwareVersion2.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityFirmwareVersion (
- OUT UINT32 *FirmwareVersion1,
- OUT UINT32 *FirmwareVersion2
- );
-
-/**
- This command returns the information of the maximum value for commandSize and responseSize in a command.
-
- This function parse the value got from TPM2_GetCapability and return the max command size and response size
-
- @param[out] MaxCommandSize The maximum value for commandSize in a command.
- @param[out] MaxResponseSize The maximum value for responseSize in a command.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityMaxCommandResponseSize (
- OUT UINT32 *MaxCommandSize,
- OUT UINT32 *MaxResponseSize
- );
-
-/**
- This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an
- algorithm ID and a set of properties of the algorithm.
-
- This function parse the value got from TPM2_GetCapability and return the list.
-
- @param[out] AlgList List of algorithm.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilitySupportedAlg (
- OUT TPML_ALG_PROPERTY *AlgList
- );
-
-/**
- This command returns the information of TPM LockoutCounter.
-
- This function parse the value got from TPM2_GetCapability and return the LockoutCounter.
-
- @param[out] LockoutCounter The LockoutCounter of TPM.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityLockoutCounter (
- OUT UINT32 *LockoutCounter
- );
-
-/**
- This command returns the information of TPM LockoutInterval.
-
- This function parse the value got from TPM2_GetCapability and return the LockoutInterval.
-
- @param[out] LockoutInterval The LockoutInterval of TPM.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityLockoutInterval (
- OUT UINT32 *LockoutInterval
- );
-
-/**
- This command returns the information of TPM InputBufferSize.
-
- This function parse the value got from TPM2_GetCapability and return the InputBufferSize.
-
- @param[out] InputBufferSize The InputBufferSize of TPM.
- the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityInputBufferSize (
- OUT UINT32 *InputBufferSize
- );
-
-/**
- This command returns the information of TPM PCRs.
-
- This function parse the value got from TPM2_GetCapability and return the PcrSelection.
-
- @param[out] Pcrs The Pcr Selection
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityPcrs (
- OUT TPML_PCR_SELECTION *Pcrs
- );
-
-/**
- This function will query the TPM to determine which hashing algorithms
- are supported and which PCR banks are currently active.
-
- @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
- @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
-
- @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
- @retval Others An error occurred, likely in communication with the TPM.
-
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilitySupportedAndActivePcrs(
- OUT UINT32 *TpmHashAlgorithmBitmap,
- OUT UINT32 *ActivePcrBanks
- );
-
-/**
- This command returns the information of TPM AlgorithmSet.
-
- This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
-
- @param[out] AlgorithmSet The AlgorithmSet of TPM.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2GetCapabilityAlgorithmSet (
- OUT UINT32 *AlgorithmSet
- );
-
-/**
- This command is used to check to see if specific combinations of algorithm parameters are supported.
-
- @param[in] Parameters Algorithm parameters to be validated
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2TestParms (
- IN TPMT_PUBLIC_PARMS *Parameters
- );
-
-/**
- This command allows the platform to change the set of algorithms that are used by the TPM.
- The algorithmSet setting is a vendor-dependent value.
-
- @param[in] AuthHandle TPM_RH_PLATFORM
- @param[in] AuthSession Auth Session context
- @param[in] AlgorithmSet A TPM vendor-dependent value indicating the
- algorithm set selection
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SetAlgorithmSet (
- IN TPMI_RH_PLATFORM AuthHandle,
- IN TPMS_AUTH_COMMAND *AuthSession,
- IN UINT32 AlgorithmSet
- );
-
-/**
- This command is used to start an authorization session using alternative methods of
- establishing the session key (sessionKey) that is used for authorization and encrypting value.
-
- @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.
- @param[in] Bind Entity providing the authValue.
- @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.
- @param[in] Salt Value encrypted according to the type of tpmKey.
- @param[in] SessionType Indicates the type of the session.
- @param[in] Symmetric The algorithm and key size for parameter encryption.
- @param[in] AuthHash Hash algorithm to use for the session.
- @param[out] SessionHandle Handle for the newly created session.
- @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2StartAuthSession (
- IN TPMI_DH_OBJECT TpmKey,
- IN TPMI_DH_ENTITY Bind,
- IN TPM2B_NONCE *NonceCaller,
- IN TPM2B_ENCRYPTED_SECRET *Salt,
- IN TPM_SE SessionType,
- IN TPMT_SYM_DEF *Symmetric,
- IN TPMI_ALG_HASH AuthHash,
- OUT TPMI_SH_AUTH_SESSION *SessionHandle,
- OUT TPM2B_NONCE *NonceTPM
- );
-
-/**
- This command causes all context associated with a loaded object or session to be removed from TPM memory.
-
- @param[in] FlushHandle The handle of the item to flush.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2FlushContext (
- IN TPMI_DH_CONTEXT FlushHandle
- );
-
-/**
- This command includes a secret-based authorization to a policy.
- The caller proves knowledge of the secret value using an authorization
- session using the authValue associated with authHandle.
-
- @param[in] AuthHandle Handle for an entity providing the authorization
- @param[in] PolicySession Handle for the policy session being extended.
- @param[in] AuthSession Auth Session context
- @param[in] NonceTPM The policy nonce for the session.
- @param[in] CpHashA Digest of the command parameters to which this authorization is limited.
- @param[in] PolicyRef A reference to a policy relating to the authorization.
- @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
- @param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
- @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PolicySecret (
- IN TPMI_DH_ENTITY AuthHandle,
- IN TPMI_SH_POLICY PolicySession,
- IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
- IN TPM2B_NONCE *NonceTPM,
- IN TPM2B_DIGEST *CpHashA,
- IN TPM2B_NONCE *PolicyRef,
- IN INT32 Expiration,
- OUT TPM2B_TIMEOUT *Timeout,
- OUT TPMT_TK_AUTH *PolicyTicket
- );
-
-/**
- This command allows options in authorizations without requiring that the TPM evaluate all of the options.
- If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that
- satisfies the policy. This command will indicate that one of the required sets of conditions has been
- satisfied.
-
- @param[in] PolicySession Handle for the policy session being extended.
- @param[in] HashList the list of hashes to check for a match.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PolicyOR (
- IN TPMI_SH_POLICY PolicySession,
- IN TPML_DIGEST *HashList
- );
-
-/**
- This command indicates that the authorization will be limited to a specific command code.
-
- @param[in] PolicySession Handle for the policy session being extended.
- @param[in] Code The allowed commandCode.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PolicyCommandCode (
- IN TPMI_SH_POLICY PolicySession,
- IN TPM_CC Code
- );
-
-/**
- This command returns the current policyDigest of the session. This command allows the TPM
- to be used to perform the actions required to precompute the authPolicy for an object.
-
- @param[in] PolicySession Handle for the policy session.
- @param[out] PolicyHash the current value of the policyHash of policySession.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PolicyGetDigest (
- IN TPMI_SH_POLICY PolicySession,
- OUT TPM2B_DIGEST *PolicyHash
- );
-
-/**
- This command allows access to the public area of a loaded object.
-
- @param[in] ObjectHandle TPM handle of an object
- @param[out] OutPublic Structure containing the public area of an object
- @param[out] Name Name of the object
- @param[out] QualifiedName The Qualified Name of the object
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2ReadPublic (
- IN TPMI_DH_OBJECT ObjectHandle,
- OUT TPM2B_PUBLIC *OutPublic,
- OUT TPM2B_NAME *Name,
- OUT TPM2B_NAME *QualifiedName
- );
-
-//
-// Help function
-//
-
-/**
- Copy AuthSessionIn to TPM2 command buffer.
-
- @param [in] AuthSessionIn Input AuthSession data
- @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer
-
- @return AuthSession size
-**/
-UINT32
-EFIAPI
-CopyAuthSessionCommand (
- IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL
- OUT UINT8 *AuthSessionOut
- );
-
-/**
- Copy AuthSessionIn from TPM2 response buffer.
-
- @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer
- @param [out] AuthSessionOut Output AuthSession data
-
- @return AuthSession size
-**/
-UINT32
-EFIAPI
-CopyAuthSessionResponse (
- IN UINT8 *AuthSessionIn,
- OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL
- );
-
-/**
- Return size of digest.
-
- @param[in] HashAlgo Hash algorithm
-
- @return size of digest
-**/
-UINT16
-EFIAPI
-GetHashSizeFromAlgo (
- IN TPMI_ALG_HASH HashAlgo
- );
-
-/**
- Get hash mask from algorithm.
-
- @param[in] HashAlgo Hash algorithm
-
- @return Hash mask
-**/
-UINT32
-EFIAPI
-GetHashMaskFromAlgo (
- IN TPMI_ALG_HASH HashAlgo
- );
-
-/**
- Return if hash alg is supported in HashAlgorithmMask.
-
- @param HashAlg Hash algorithm to be checked.
- @param HashAlgorithmMask Bitfield of allowed hash algorithms.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-EFIAPI
-IsHashAlgSupportedInHashAlgorithmMask(
- IN TPMI_ALG_HASH HashAlg,
- IN UINT32 HashAlgorithmMask
- );
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
- @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-EFIAPI
-CopyDigestListToBuffer(
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList,
- IN UINT32 HashAlgorithmMask
- );
-
-/**
- Get TPML_DIGEST_VALUES data size.
-
- @param[in] DigestList TPML_DIGEST_VALUES data.
-
- @return TPML_DIGEST_VALUES data size.
-**/
-UINT32
-EFIAPI
-GetDigestListSize(
- IN TPML_DIGEST_VALUES *DigestList
- );
-
-/**
- This function get digest from digest list.
-
- @param[in] HashAlg Digest algorithm
- @param[in] DigestList Digest list
- @param[out] Digest Digest
-
- @retval EFI_SUCCESS Digest is found and returned.
- @retval EFI_NOT_FOUND Digest is not found.
-**/
-EFI_STATUS
-EFIAPI
-GetDigestFromDigestList(
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- OUT VOID *Digest
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/Tpm2DeviceLib.h b/SecurityPkg/Include/Library/Tpm2DeviceLib.h deleted file mode 100644 index 67f158ef03..0000000000 --- a/SecurityPkg/Include/Library/Tpm2DeviceLib.h +++ /dev/null @@ -1,109 +0,0 @@ -/** @file
- This library abstract how to access TPM2 hardware device.
-
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TPM2_DEVICE_LIB_H_
-#define _TPM2_DEVICE_LIB_H_
-
-#include <Uefi.h>
-
-/**
- This service enables the sending of commands to the TPM2.
-
- @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
- @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
- @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block.
- @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
-
- @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
- @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
- @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2SubmitCommand (
- IN UINT32 InputParameterBlockSize,
- IN UINT8 *InputParameterBlock,
- IN OUT UINT32 *OutputParameterBlockSize,
- IN UINT8 *OutputParameterBlock
- );
-
-/**
- This service requests use TPM2.
-
- @retval EFI_SUCCESS Get the control of TPM2 chip.
- @retval EFI_NOT_FOUND TPM2 not found.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2RequestUseTpm (
- VOID
- );
-
-/**
- This service enables the sending of commands to the TPM2.
-
- @param[in] InputParameterBlockSize Size of the TPM2 input parameter block.
- @param[in] InputParameterBlock Pointer to the TPM2 input parameter block.
- @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block.
- @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block.
-
- @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
- @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
- @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *TPM2_SUBMIT_COMMAND) (
- IN UINT32 InputParameterBlockSize,
- IN UINT8 *InputParameterBlock,
- IN OUT UINT32 *OutputParameterBlockSize,
- IN UINT8 *OutputParameterBlock
- );
-
-/**
- This service requests use TPM2.
-
- @retval EFI_SUCCESS Get the control of TPM2 chip.
- @retval EFI_NOT_FOUND TPM2 not found.
- @retval EFI_DEVICE_ERROR Unexpected device behavior.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *TPM2_REQUEST_USE_TPM) (
- VOID
- );
-
-typedef struct {
- EFI_GUID ProviderGuid;
- TPM2_SUBMIT_COMMAND Tpm2SubmitCommand;
- TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm;
-} TPM2_DEVICE_INTERFACE;
-
-/**
- This service register TPM2 device.
-
- @param Tpm2Device TPM2 device
-
- @retval EFI_SUCCESS This TPM2 device is registered successfully.
- @retval EFI_UNSUPPORTED System does not support register this TPM2 device.
- @retval EFI_ALREADY_STARTED System already register this TPM2 device.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2RegisterTpm2DeviceLib (
- IN TPM2_DEVICE_INTERFACE *Tpm2Device
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TpmCommLib.h b/SecurityPkg/Include/Library/TpmCommLib.h deleted file mode 100644 index 6c97569c67..0000000000 --- a/SecurityPkg/Include/Library/TpmCommLib.h +++ /dev/null @@ -1,287 +0,0 @@ -/** @file
- This library is only intended to be used by TPM modules.
- It provides basic TPM Interface Specification (TIS) and Command functions.
-
-Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TPM_COMM_LIB_H_
-#define _TPM_COMM_LIB_H_
-
-#include <IndustryStandard/Tpm12.h>
-
-typedef EFI_HANDLE TIS_TPM_HANDLE;
-
-///
-/// TPM register base address.
-///
-#define TPM_BASE_ADDRESS 0xfed40000
-
-//
-// Set structure alignment to 1-byte
-//
-#pragma pack (1)
-
-//
-// Register set map as specified in TIS specification Chapter 10
-//
-typedef struct {
- ///
- /// Used to gain ownership for this particular port.
- ///
- UINT8 Access; // 0
- UINT8 Reserved1[7]; // 1
- ///
- /// Controls interrupts.
- ///
- UINT32 IntEnable; // 8
- ///
- /// SIRQ vector to be used by the TPM.
- ///
- UINT8 IntVector; // 0ch
- UINT8 Reserved2[3]; // 0dh
- ///
- /// What caused interrupt.
- ///
- UINT32 IntSts; // 10h
- ///
- /// Shows which interrupts are supported by that particular TPM.
- ///
- UINT32 IntfCapability; // 14h
- ///
- /// Status Register. Provides status of the TPM.
- ///
- UINT8 Status; // 18h
- ///
- /// Number of consecutive writes that can be done to the TPM.
- ///
- UINT16 BurstCount; // 19h
- UINT8 Reserved3[9];
- ///
- /// Read or write FIFO, depending on transaction.
- ///
- UINT32 DataFifo; // 24
- UINT8 Reserved4[0xed8]; // 28h
- ///
- /// Vendor ID
- ///
- UINT16 Vid; // 0f00h
- ///
- /// Device ID
- ///
- UINT16 Did; // 0f02h
- ///
- /// Revision ID
- ///
- UINT8 Rid; // 0f04h
- ///
- /// TCG defined configuration registers.
- ///
- UINT8 TcgDefined[0x7b]; // 0f05h
- ///
- /// Alias to I/O legacy space.
- ///
- UINT32 LegacyAddress1; // 0f80h
- ///
- /// Additional 8 bits for I/O legacy space extension.
- ///
- UINT32 LegacyAddress1Ex; // 0f84h
- ///
- /// Alias to second I/O legacy space.
- ///
- UINT32 LegacyAddress2; // 0f88h
- ///
- /// Additional 8 bits for second I/O legacy space extension.
- ///
- UINT32 LegacyAddress2Ex; // 0f8ch
- ///
- /// Vendor-defined configuration registers.
- ///
- UINT8 VendorDefined[0x70];// 0f90h
-} TIS_PC_REGISTERS;
-
-//
-// Restore original structure alignment
-//
-#pragma pack ()
-
-//
-// Define pointer types used to access TIS registers on PC
-//
-typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR;
-
-//
-// TCG Platform Type based on TCG ACPI Specification Version 1.00
-//
-#define TCG_PLATFORM_TYPE_CLIENT 0
-#define TCG_PLATFORM_TYPE_SERVER 1
-
-//
-// Define bits of ACCESS and STATUS registers
-//
-
-///
-/// This bit is a 1 to indicate that the other bits in this register are valid.
-///
-#define TIS_PC_VALID BIT7
-///
-/// Indicate that this locality is active.
-///
-#define TIS_PC_ACC_ACTIVE BIT5
-///
-/// Set to 1 to indicate that this locality had the TPM taken away while
-/// this locality had the TIS_PC_ACC_ACTIVE bit set.
-///
-#define TIS_PC_ACC_SEIZED BIT4
-///
-/// Set to 1 to indicate that TPM MUST reset the
-/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the
-/// locality that is writing this bit.
-///
-#define TIS_PC_ACC_SEIZE BIT3
-///
-/// When this bit is 1, another locality is requesting usage of the TPM.
-///
-#define TIS_PC_ACC_PENDIND BIT2
-///
-/// Set to 1 to indicate that this locality is requesting to use TPM.
-///
-#define TIS_PC_ACC_RQUUSE BIT1
-///
-/// A value of 1 indicates that a T/OS has not been established on the platform
-///
-#define TIS_PC_ACC_ESTABLISH BIT0
-
-///
-/// When this bit is 1, TPM is in the Ready state,
-/// indicating it is ready to receive a new command.
-///
-#define TIS_PC_STS_READY BIT6
-///
-/// Write a 1 to this bit to cause the TPM to execute that command.
-///
-#define TIS_PC_STS_GO BIT5
-///
-/// This bit indicates that the TPM has data available as a response.
-///
-#define TIS_PC_STS_DATA BIT4
-///
-/// The TPM sets this bit to a value of 1 when it expects another byte of data for a command.
-///
-#define TIS_PC_STS_EXPECT BIT3
-///
-/// Writes a 1 to this bit to force the TPM to re-send the response.
-///
-#define TIS_PC_STS_RETRY BIT1
-
-//
-// Default TimeOut value
-//
-#define TIS_TIMEOUT_A 750 * 1000 // 750ms
-#define TIS_TIMEOUT_B 2000 * 1000 // 2s
-#define TIS_TIMEOUT_C 750 * 1000 // 750ms
-#define TIS_TIMEOUT_D 750 * 1000 // 750ms
-
-//
-// Max TPM command/reponse length
-//
-#define TPMCMDBUFLENGTH 1024
-
-/**
- Check whether the value of a TPM chip register satisfies the input BIT setting.
-
- @param[in] Register Address port of register to be checked.
- @param[in] BitSet Check these data bits are set.
- @param[in] BitClear Check these data bits are clear.
- @param[in] TimeOut The max wait time (unit MicroSecond) when checking register.
-
- @retval EFI_SUCCESS The register satisfies the check bit.
- @retval EFI_TIMEOUT The register can't run into the expected status in time.
-**/
-EFI_STATUS
-EFIAPI
-TisPcWaitRegisterBits (
- IN UINT8 *Register,
- IN UINT8 BitSet,
- IN UINT8 BitClear,
- IN UINT32 TimeOut
- );
-
-/**
- Get BurstCount by reading the burstCount field of a TIS regiger
- in the time of default TIS_TIMEOUT_D.
-
- @param[in] TisReg Pointer to TIS register.
- @param[out] BurstCount Pointer to a buffer to store the got BurstConut.
-
- @retval EFI_SUCCESS Get BurstCount.
- @retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL.
- @retval EFI_TIMEOUT BurstCount can't be got in time.
-**/
-EFI_STATUS
-EFIAPI
-TisPcReadBurstCount (
- IN TIS_PC_REGISTERS_PTR TisReg,
- OUT UINT16 *BurstCount
- );
-
-/**
- Set TPM chip to ready state by sending ready command TIS_PC_STS_READY
- to Status Register in time.
-
- @param[in] TisReg Pointer to TIS register.
-
- @retval EFI_SUCCESS TPM chip enters into ready state.
- @retval EFI_INVALID_PARAMETER TisReg is NULL.
- @retval EFI_TIMEOUT TPM chip can't be set to ready state in time.
-**/
-EFI_STATUS
-EFIAPI
-TisPcPrepareCommand (
- IN TIS_PC_REGISTERS_PTR TisReg
- );
-
-/**
- Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
- to ACCESS Register in the time of default TIS_TIMEOUT_D.
-
- @param[in] TisReg Pointer to TIS register.
-
- @retval EFI_SUCCESS Get the control of TPM chip.
- @retval EFI_INVALID_PARAMETER TisReg is NULL.
- @retval EFI_NOT_FOUND TPM chip doesn't exit.
- @retval EFI_TIMEOUT Can't get the TPM control in time.
-**/
-EFI_STATUS
-EFIAPI
-TisPcRequestUseTpm (
- IN TIS_PC_REGISTERS_PTR TisReg
- );
-
-/**
- Single function calculates SHA1 digest value for all raw data. It
- combines Sha1Init(), Sha1Update() and Sha1Final().
-
- @param[in] Data Raw data to be digested.
- @param[in] DataLen Size of the raw data.
- @param[out] Digest Pointer to a buffer that stores the final digest.
-
- @retval EFI_SUCCESS Always successfully calculate the final digest.
-**/
-EFI_STATUS
-EFIAPI
-TpmCommHashAll (
- IN CONST UINT8 *Data,
- IN UINTN DataLen,
- OUT TPM_DIGEST *Digest
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h deleted file mode 100644 index ba809b9cf9..0000000000 --- a/SecurityPkg/Include/Library/TrEEPhysicalPresenceLib.h +++ /dev/null @@ -1,57 +0,0 @@ -/** @file
- This library is intended to be used by BDS modules.
- This library will execute TPM2 request.
-
-Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TREE_PHYSICAL_PRESENCE_LIB_H_
-#define _TREE_PHYSICAL_PRESENCE_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-#include <Protocol/TrEEProtocol.h>
-
-/**
- Check and execute the pending TPM request.
-
- The TPM request may come from OS or BIOS. This API will display request information and wait
- for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
- the TPM request is confirmed, and one or more reset may be required to make TPM request to
- take effect.
-
- This API should be invoked after console in and console out are all ready as they are required
- to display request information and get user input to confirm the request.
-
- @param PlatformAuth platform auth value. NULL means no platform auth change.
-**/
-VOID
-EFIAPI
-TrEEPhysicalPresenceLibProcessRequest (
- IN TPM2B_AUTH *PlatformAuth OPTIONAL
- );
-
-/**
- Check if the pending TPM request needs user input to confirm.
-
- The TPM request may come from OS. This API will check if TPM request exists and need user
- input to confirmation.
-
- @retval TRUE TPM needs input to confirm user physical presence.
- @retval FALSE TPM doesn't need input to confirm user physical presence.
-
-**/
-BOOLEAN
-EFIAPI
-TrEEPhysicalPresenceLibNeedUserConfirm(
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Include/Library/TrEEPpVendorLib.h b/SecurityPkg/Include/Library/TrEEPpVendorLib.h deleted file mode 100644 index f0dcfd9967..0000000000 --- a/SecurityPkg/Include/Library/TrEEPpVendorLib.h +++ /dev/null @@ -1,164 +0,0 @@ -/** @file
- This library is to support Trusted Execution Environment (TrEE) ACPI Profile
- >= 128 Vendor Specific PPI Operation.
-
- The Vendor Specific PPI operation may change TPM state, BIOS TPM management
- flags, and may need additional boot cycle.
-
- Caution: This function may receive untrusted input.
-
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TREE_PP_VENDOR_LIB_H_
-#define _TREE_PP_VENDOR_LIB_H_
-
-#include <IndustryStandard/Tpm20.h>
-#include <Protocol/TrEEProtocol.h>
-
-//
-// The definition of physical presence operation actions
-//
-#define TREE_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
-
-//
-// The definition bit of the BIOS TPM Management Flags
-//
-// BIT0 is reserved
-#define TREE_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR BIT1
-// BIT2 is reserved
-#define TREE_VENDOR_LIB_FLAG_RESET_TRACK BIT3
-
-//
-// The definition for TPM Operation Response to OS Environment
-//
-#define TREE_PP_OPERATION_RESPONSE_SUCCESS 0x0
-#define TREE_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0
-#define TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1
-
-//
-// The return code for Submit TPM Request to Pre-OS Environment
-// and Submit TPM Request to Pre-OS Environment 2
-//
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2
-#define TREE_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3
-
-//
-// The return code for Get User Confirmation Status for Operation
-//
-#define TREE_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0
-#define TREE_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1
-#define TREE_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2
-#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3
-#define TREE_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4
-
-/**
- Check and execute the requested physical presence command.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in, out] ManagementFlags BIOS TPM Management Flags.
- @param[out] ResetRequired If reset is required to vendor settings in effect.
- True, it indicates the reset is required.
- False, it indicates the reset is not required.
-
- @return TPM Operation Response to OS Environment.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibExecutePendingRequest (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 OperationRequest,
- IN OUT UINT32 *ManagementFlags,
- OUT BOOLEAN *ResetRequired
- );
-
-/**
- Check if there is a valid physical presence command request.
-
- This API should be invoked in BIOS boot phase to process pending request.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
- @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
- True, it indicates the command doesn't require user confirm.
- False, it indicates the command need user confirm from UI.
-
- @retval TRUE Physical Presence operation command is valid.
- @retval FALSE Physical Presence operation command is invalid.
-**/
-BOOLEAN
-EFIAPI
-TrEEPpVendorLibHasValidRequest (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags,
- OUT BOOLEAN *RequestConfirmed
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Submit TPM Operation Request to Pre-OS Environment and
- Submit TPM Operation Request to Pre-OS Environment 2.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibSubmitRequestToPreOSFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-/**
- The callback for TPM vendor specific physical presence which is called for
- Get User Confirmation Status for Operation.
-
- This API should be invoked in OS runtime phase to interface with ACPI method.
-
- Caution: This function may receive untrusted input.
-
- If OperationRequest < 128, then ASSERT().
-
- @param[in] OperationRequest TPM physical presence operation request.
- @param[in] ManagementFlags BIOS TPM Management Flags.
-
- @return Return Code for Get User Confirmation Status for Operation.
-**/
-UINT32
-EFIAPI
-TrEEPpVendorLibGetUserConfirmationStatusFunction (
- IN UINT32 OperationRequest,
- IN UINT32 ManagementFlags
- );
-
-#endif
|