1*d677bfe2SMiquel Raynal /* SPDX-License-Identifier: GPL-2.0+ */ 2*d677bfe2SMiquel Raynal /* 3*d677bfe2SMiquel Raynal * Copyright (c) 2013 The Chromium OS Authors. 4*d677bfe2SMiquel Raynal * Coypright (c) 2013 Guntermann & Drunck GmbH 5*d677bfe2SMiquel Raynal */ 6*d677bfe2SMiquel Raynal 7*d677bfe2SMiquel Raynal #ifndef __TPM_V1_H 8*d677bfe2SMiquel Raynal #define __TPM_V1_H 9*d677bfe2SMiquel Raynal 10*d677bfe2SMiquel Raynal #include <tpm-common.h> 11*d677bfe2SMiquel Raynal 12*d677bfe2SMiquel Raynal /* Useful constants */ 13*d677bfe2SMiquel Raynal enum { 14*d677bfe2SMiquel Raynal TPM_REQUEST_HEADER_LENGTH = 10, 15*d677bfe2SMiquel Raynal TPM_RESPONSE_HEADER_LENGTH = 10, 16*d677bfe2SMiquel Raynal PCR_DIGEST_LENGTH = 20, 17*d677bfe2SMiquel Raynal DIGEST_LENGTH = 20, 18*d677bfe2SMiquel Raynal TPM_REQUEST_AUTH_LENGTH = 45, 19*d677bfe2SMiquel Raynal TPM_RESPONSE_AUTH_LENGTH = 41, 20*d677bfe2SMiquel Raynal /* some max lengths, valid for RSA keys <= 2048 bits */ 21*d677bfe2SMiquel Raynal TPM_KEY12_MAX_LENGTH = 618, 22*d677bfe2SMiquel Raynal TPM_PUBKEY_MAX_LENGTH = 288, 23*d677bfe2SMiquel Raynal }; 24*d677bfe2SMiquel Raynal 25*d677bfe2SMiquel Raynal enum tpm_startup_type { 26*d677bfe2SMiquel Raynal TPM_ST_CLEAR = 0x0001, 27*d677bfe2SMiquel Raynal TPM_ST_STATE = 0x0002, 28*d677bfe2SMiquel Raynal TPM_ST_DEACTIVATED = 0x0003, 29*d677bfe2SMiquel Raynal }; 30*d677bfe2SMiquel Raynal 31*d677bfe2SMiquel Raynal enum tpm_physical_presence { 32*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_HW_DISABLE = 0x0200, 33*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_CMD_DISABLE = 0x0100, 34*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK = 0x0080, 35*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_HW_ENABLE = 0x0040, 36*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_CMD_ENABLE = 0x0020, 37*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_NOTPRESENT = 0x0010, 38*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_PRESENT = 0x0008, 39*d677bfe2SMiquel Raynal TPM_PHYSICAL_PRESENCE_LOCK = 0x0004, 40*d677bfe2SMiquel Raynal }; 41*d677bfe2SMiquel Raynal 42*d677bfe2SMiquel Raynal enum tpm_nv_index { 43*d677bfe2SMiquel Raynal TPM_NV_INDEX_LOCK = 0xffffffff, 44*d677bfe2SMiquel Raynal TPM_NV_INDEX_0 = 0x00000000, 45*d677bfe2SMiquel Raynal TPM_NV_INDEX_DIR = 0x10000001, 46*d677bfe2SMiquel Raynal }; 47*d677bfe2SMiquel Raynal 48*d677bfe2SMiquel Raynal enum tpm_resource_type { 49*d677bfe2SMiquel Raynal TPM_RT_KEY = 0x00000001, 50*d677bfe2SMiquel Raynal TPM_RT_AUTH = 0x00000002, 51*d677bfe2SMiquel Raynal TPM_RT_HASH = 0x00000003, 52*d677bfe2SMiquel Raynal TPM_RT_TRANS = 0x00000004, 53*d677bfe2SMiquel Raynal TPM_RT_CONTEXT = 0x00000005, 54*d677bfe2SMiquel Raynal TPM_RT_COUNTER = 0x00000006, 55*d677bfe2SMiquel Raynal TPM_RT_DELEGATE = 0x00000007, 56*d677bfe2SMiquel Raynal TPM_RT_DAA_TPM = 0x00000008, 57*d677bfe2SMiquel Raynal TPM_RT_DAA_V0 = 0x00000009, 58*d677bfe2SMiquel Raynal TPM_RT_DAA_V1 = 0x0000000A, 59*d677bfe2SMiquel Raynal }; 60*d677bfe2SMiquel Raynal 61*d677bfe2SMiquel Raynal enum tpm_capability_areas { 62*d677bfe2SMiquel Raynal TPM_CAP_ORD = 0x00000001, 63*d677bfe2SMiquel Raynal TPM_CAP_ALG = 0x00000002, 64*d677bfe2SMiquel Raynal TPM_CAP_PID = 0x00000003, 65*d677bfe2SMiquel Raynal TPM_CAP_FLAG = 0x00000004, 66*d677bfe2SMiquel Raynal TPM_CAP_PROPERTY = 0x00000005, 67*d677bfe2SMiquel Raynal TPM_CAP_VERSION = 0x00000006, 68*d677bfe2SMiquel Raynal TPM_CAP_KEY_HANDLE = 0x00000007, 69*d677bfe2SMiquel Raynal TPM_CAP_CHECK_LOADED = 0x00000008, 70*d677bfe2SMiquel Raynal TPM_CAP_SYM_MODE = 0x00000009, 71*d677bfe2SMiquel Raynal TPM_CAP_KEY_STATUS = 0x0000000C, 72*d677bfe2SMiquel Raynal TPM_CAP_NV_LIST = 0x0000000D, 73*d677bfe2SMiquel Raynal TPM_CAP_MFR = 0x00000010, 74*d677bfe2SMiquel Raynal TPM_CAP_NV_INDEX = 0x00000011, 75*d677bfe2SMiquel Raynal TPM_CAP_TRANS_ALG = 0x00000012, 76*d677bfe2SMiquel Raynal TPM_CAP_HANDLE = 0x00000014, 77*d677bfe2SMiquel Raynal TPM_CAP_TRANS_ES = 0x00000015, 78*d677bfe2SMiquel Raynal TPM_CAP_AUTH_ENCRYPT = 0x00000017, 79*d677bfe2SMiquel Raynal TPM_CAP_SELECT_SIZE = 0x00000018, 80*d677bfe2SMiquel Raynal TPM_CAP_DA_LOGIC = 0x00000019, 81*d677bfe2SMiquel Raynal TPM_CAP_VERSION_VAL = 0x0000001A, 82*d677bfe2SMiquel Raynal }; 83*d677bfe2SMiquel Raynal 84*d677bfe2SMiquel Raynal #define TPM_NV_PER_GLOBALLOCK BIT(15) 85*d677bfe2SMiquel Raynal #define TPM_NV_PER_PPREAD BIT(16) 86*d677bfe2SMiquel Raynal #define TPM_NV_PER_PPWRITE BIT(0) 87*d677bfe2SMiquel Raynal #define TPM_NV_PER_READ_STCLEAR BIT(31) 88*d677bfe2SMiquel Raynal #define TPM_NV_PER_WRITE_STCLEAR BIT(14) 89*d677bfe2SMiquel Raynal #define TPM_NV_PER_WRITEDEFINE BIT(13) 90*d677bfe2SMiquel Raynal #define TPM_NV_PER_WRITEALL BIT(12) 91*d677bfe2SMiquel Raynal 92*d677bfe2SMiquel Raynal enum { 93*d677bfe2SMiquel Raynal TPM_PUBEK_SIZE = 256, 94*d677bfe2SMiquel Raynal }; 95*d677bfe2SMiquel Raynal 96*d677bfe2SMiquel Raynal /** 97*d677bfe2SMiquel Raynal * TPM return codes as defined in the TCG Main specification 98*d677bfe2SMiquel Raynal * (TPM Main Part 2 Structures; Specification version 1.2) 99*d677bfe2SMiquel Raynal */ 100*d677bfe2SMiquel Raynal enum tpm_return_code { 101*d677bfe2SMiquel Raynal TPM_BASE = 0x00000000, 102*d677bfe2SMiquel Raynal TPM_NON_FATAL = 0x00000800, 103*d677bfe2SMiquel Raynal TPM_SUCCESS = TPM_BASE, 104*d677bfe2SMiquel Raynal /* TPM-defined fatal error codes */ 105*d677bfe2SMiquel Raynal TPM_AUTHFAIL = TPM_BASE + 1, 106*d677bfe2SMiquel Raynal TPM_BADINDEX = TPM_BASE + 2, 107*d677bfe2SMiquel Raynal TPM_BAD_PARAMETER = TPM_BASE + 3, 108*d677bfe2SMiquel Raynal TPM_AUDITFAILURE = TPM_BASE + 4, 109*d677bfe2SMiquel Raynal TPM_CLEAR_DISABLED = TPM_BASE + 5, 110*d677bfe2SMiquel Raynal TPM_DEACTIVATED = TPM_BASE + 6, 111*d677bfe2SMiquel Raynal TPM_DISABLED = TPM_BASE + 7, 112*d677bfe2SMiquel Raynal TPM_DISABLED_CMD = TPM_BASE + 8, 113*d677bfe2SMiquel Raynal TPM_FAIL = TPM_BASE + 9, 114*d677bfe2SMiquel Raynal TPM_BAD_ORDINAL = TPM_BASE + 10, 115*d677bfe2SMiquel Raynal TPM_INSTALL_DISABLED = TPM_BASE + 11, 116*d677bfe2SMiquel Raynal TPM_INVALID_KEYHANDLE = TPM_BASE + 12, 117*d677bfe2SMiquel Raynal TPM_KEYNOTFOUND = TPM_BASE + 13, 118*d677bfe2SMiquel Raynal TPM_INAPPROPRIATE_ENC = TPM_BASE + 14, 119*d677bfe2SMiquel Raynal TPM_MIGRATE_FAIL = TPM_BASE + 15, 120*d677bfe2SMiquel Raynal TPM_INVALID_PCR_INFO = TPM_BASE + 16, 121*d677bfe2SMiquel Raynal TPM_NOSPACE = TPM_BASE + 17, 122*d677bfe2SMiquel Raynal TPM_NOSRK = TPM_BASE + 18, 123*d677bfe2SMiquel Raynal TPM_NOTSEALED_BLOB = TPM_BASE + 19, 124*d677bfe2SMiquel Raynal TPM_OWNER_SET = TPM_BASE + 20, 125*d677bfe2SMiquel Raynal TPM_RESOURCES = TPM_BASE + 21, 126*d677bfe2SMiquel Raynal TPM_SHORTRANDOM = TPM_BASE + 22, 127*d677bfe2SMiquel Raynal TPM_SIZE = TPM_BASE + 23, 128*d677bfe2SMiquel Raynal TPM_WRONGPCRVAL = TPM_BASE + 24, 129*d677bfe2SMiquel Raynal TPM_BAD_PARAM_SIZE = TPM_BASE + 25, 130*d677bfe2SMiquel Raynal TPM_SHA_THREAD = TPM_BASE + 26, 131*d677bfe2SMiquel Raynal TPM_SHA_ERROR = TPM_BASE + 27, 132*d677bfe2SMiquel Raynal TPM_FAILEDSELFTEST = TPM_BASE + 28, 133*d677bfe2SMiquel Raynal TPM_AUTH2FAIL = TPM_BASE + 29, 134*d677bfe2SMiquel Raynal TPM_BADTAG = TPM_BASE + 30, 135*d677bfe2SMiquel Raynal TPM_IOERROR = TPM_BASE + 31, 136*d677bfe2SMiquel Raynal TPM_ENCRYPT_ERROR = TPM_BASE + 32, 137*d677bfe2SMiquel Raynal TPM_DECRYPT_ERROR = TPM_BASE + 33, 138*d677bfe2SMiquel Raynal TPM_INVALID_AUTHHANDLE = TPM_BASE + 34, 139*d677bfe2SMiquel Raynal TPM_NO_ENDORSEMENT = TPM_BASE + 35, 140*d677bfe2SMiquel Raynal TPM_INVALID_KEYUSAGE = TPM_BASE + 36, 141*d677bfe2SMiquel Raynal TPM_WRONG_ENTITYTYPE = TPM_BASE + 37, 142*d677bfe2SMiquel Raynal TPM_INVALID_POSTINIT = TPM_BASE + 38, 143*d677bfe2SMiquel Raynal TPM_INAPPROPRIATE_SIG = TPM_BASE + 39, 144*d677bfe2SMiquel Raynal TPM_BAD_KEY_PROPERTY = TPM_BASE + 40, 145*d677bfe2SMiquel Raynal TPM_BAD_MIGRATION = TPM_BASE + 41, 146*d677bfe2SMiquel Raynal TPM_BAD_SCHEME = TPM_BASE + 42, 147*d677bfe2SMiquel Raynal TPM_BAD_DATASIZE = TPM_BASE + 43, 148*d677bfe2SMiquel Raynal TPM_BAD_MODE = TPM_BASE + 44, 149*d677bfe2SMiquel Raynal TPM_BAD_PRESENCE = TPM_BASE + 45, 150*d677bfe2SMiquel Raynal TPM_BAD_VERSION = TPM_BASE + 46, 151*d677bfe2SMiquel Raynal TPM_NO_WRAP_TRANSPORT = TPM_BASE + 47, 152*d677bfe2SMiquel Raynal TPM_AUDITFAIL_UNSUCCESSFUL = TPM_BASE + 48, 153*d677bfe2SMiquel Raynal TPM_AUDITFAIL_SUCCESSFUL = TPM_BASE + 49, 154*d677bfe2SMiquel Raynal TPM_NOTRESETABLE = TPM_BASE + 50, 155*d677bfe2SMiquel Raynal TPM_NOTLOCAL = TPM_BASE + 51, 156*d677bfe2SMiquel Raynal TPM_BAD_TYPE = TPM_BASE + 52, 157*d677bfe2SMiquel Raynal TPM_INVALID_RESOURCE = TPM_BASE + 53, 158*d677bfe2SMiquel Raynal TPM_NOTFIPS = TPM_BASE + 54, 159*d677bfe2SMiquel Raynal TPM_INVALID_FAMILY = TPM_BASE + 55, 160*d677bfe2SMiquel Raynal TPM_NO_NV_PERMISSION = TPM_BASE + 56, 161*d677bfe2SMiquel Raynal TPM_REQUIRES_SIGN = TPM_BASE + 57, 162*d677bfe2SMiquel Raynal TPM_KEY_NOTSUPPORTED = TPM_BASE + 58, 163*d677bfe2SMiquel Raynal TPM_AUTH_CONFLICT = TPM_BASE + 59, 164*d677bfe2SMiquel Raynal TPM_AREA_LOCKED = TPM_BASE + 60, 165*d677bfe2SMiquel Raynal TPM_BAD_LOCALITY = TPM_BASE + 61, 166*d677bfe2SMiquel Raynal TPM_READ_ONLY = TPM_BASE + 62, 167*d677bfe2SMiquel Raynal TPM_PER_NOWRITE = TPM_BASE + 63, 168*d677bfe2SMiquel Raynal TPM_FAMILY_COUNT = TPM_BASE + 64, 169*d677bfe2SMiquel Raynal TPM_WRITE_LOCKED = TPM_BASE + 65, 170*d677bfe2SMiquel Raynal TPM_BAD_ATTRIBUTES = TPM_BASE + 66, 171*d677bfe2SMiquel Raynal TPM_INVALID_STRUCTURE = TPM_BASE + 67, 172*d677bfe2SMiquel Raynal TPM_KEY_OWNER_CONTROL = TPM_BASE + 68, 173*d677bfe2SMiquel Raynal TPM_BAD_COUNTER = TPM_BASE + 69, 174*d677bfe2SMiquel Raynal TPM_NOT_FULLWRITE = TPM_BASE + 70, 175*d677bfe2SMiquel Raynal TPM_CONTEXT_GAP = TPM_BASE + 71, 176*d677bfe2SMiquel Raynal TPM_MAXNVWRITES = TPM_BASE + 72, 177*d677bfe2SMiquel Raynal TPM_NOOPERATOR = TPM_BASE + 73, 178*d677bfe2SMiquel Raynal TPM_RESOURCEMISSING = TPM_BASE + 74, 179*d677bfe2SMiquel Raynal TPM_DELEGATE_LOCK = TPM_BASE + 75, 180*d677bfe2SMiquel Raynal TPM_DELEGATE_FAMILY = TPM_BASE + 76, 181*d677bfe2SMiquel Raynal TPM_DELEGATE_ADMIN = TPM_BASE + 77, 182*d677bfe2SMiquel Raynal TPM_TRANSPORT_NOTEXCLUSIVE = TPM_BASE + 78, 183*d677bfe2SMiquel Raynal TPM_OWNER_CONTROL = TPM_BASE + 79, 184*d677bfe2SMiquel Raynal TPM_DAA_RESOURCES = TPM_BASE + 80, 185*d677bfe2SMiquel Raynal TPM_DAA_INPUT_DATA0 = TPM_BASE + 81, 186*d677bfe2SMiquel Raynal TPM_DAA_INPUT_DATA1 = TPM_BASE + 82, 187*d677bfe2SMiquel Raynal TPM_DAA_ISSUER_SETTINGS = TPM_BASE + 83, 188*d677bfe2SMiquel Raynal TPM_DAA_TPM_SETTINGS = TPM_BASE + 84, 189*d677bfe2SMiquel Raynal TPM_DAA_STAGE = TPM_BASE + 85, 190*d677bfe2SMiquel Raynal TPM_DAA_ISSUER_VALIDITY = TPM_BASE + 86, 191*d677bfe2SMiquel Raynal TPM_DAA_WRONG_W = TPM_BASE + 87, 192*d677bfe2SMiquel Raynal TPM_BAD_HANDLE = TPM_BASE + 88, 193*d677bfe2SMiquel Raynal TPM_BAD_DELEGATE = TPM_BASE + 89, 194*d677bfe2SMiquel Raynal TPM_BADCONTEXT = TPM_BASE + 90, 195*d677bfe2SMiquel Raynal TPM_TOOMANYCONTEXTS = TPM_BASE + 91, 196*d677bfe2SMiquel Raynal TPM_MA_TICKET_SIGNATURE = TPM_BASE + 92, 197*d677bfe2SMiquel Raynal TPM_MA_DESTINATION = TPM_BASE + 93, 198*d677bfe2SMiquel Raynal TPM_MA_SOURCE = TPM_BASE + 94, 199*d677bfe2SMiquel Raynal TPM_MA_AUTHORITY = TPM_BASE + 95, 200*d677bfe2SMiquel Raynal TPM_PERMANENTEK = TPM_BASE + 97, 201*d677bfe2SMiquel Raynal TPM_BAD_SIGNATURE = TPM_BASE + 98, 202*d677bfe2SMiquel Raynal TPM_NOCONTEXTSPACE = TPM_BASE + 99, 203*d677bfe2SMiquel Raynal /* TPM-defined non-fatal errors */ 204*d677bfe2SMiquel Raynal TPM_RETRY = TPM_BASE + TPM_NON_FATAL, 205*d677bfe2SMiquel Raynal TPM_NEEDS_SELFTEST = TPM_BASE + TPM_NON_FATAL + 1, 206*d677bfe2SMiquel Raynal TPM_DOING_SELFTEST = TPM_BASE + TPM_NON_FATAL + 2, 207*d677bfe2SMiquel Raynal TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3, 208*d677bfe2SMiquel Raynal }; 209*d677bfe2SMiquel Raynal 210*d677bfe2SMiquel Raynal struct tpm_permanent_flags { 211*d677bfe2SMiquel Raynal __be16 tag; 212*d677bfe2SMiquel Raynal u8 disable; 213*d677bfe2SMiquel Raynal u8 ownership; 214*d677bfe2SMiquel Raynal u8 deactivated; 215*d677bfe2SMiquel Raynal u8 read_pubek; 216*d677bfe2SMiquel Raynal u8 disable_owner_clear; 217*d677bfe2SMiquel Raynal u8 allow_maintenance; 218*d677bfe2SMiquel Raynal u8 physical_presence_lifetime_lock; 219*d677bfe2SMiquel Raynal u8 physical_presence_hw_enable; 220*d677bfe2SMiquel Raynal u8 physical_presence_cmd_enable; 221*d677bfe2SMiquel Raynal u8 cekp_used; 222*d677bfe2SMiquel Raynal u8 tpm_post; 223*d677bfe2SMiquel Raynal u8 tpm_post_lock; 224*d677bfe2SMiquel Raynal u8 fips; 225*d677bfe2SMiquel Raynal u8 operator; 226*d677bfe2SMiquel Raynal u8 enable_revoke_ek; 227*d677bfe2SMiquel Raynal u8 nv_locked; 228*d677bfe2SMiquel Raynal u8 read_srk_pub; 229*d677bfe2SMiquel Raynal u8 tpm_established; 230*d677bfe2SMiquel Raynal u8 maintenance_done; 231*d677bfe2SMiquel Raynal u8 disable_full_da_logic_info; 232*d677bfe2SMiquel Raynal } __packed; 233*d677bfe2SMiquel Raynal 234*d677bfe2SMiquel Raynal /** 235*d677bfe2SMiquel Raynal * Issue a TPM_Startup command. 236*d677bfe2SMiquel Raynal * 237*d677bfe2SMiquel Raynal * @param mode TPM startup mode 238*d677bfe2SMiquel Raynal * @return return code of the operation 239*d677bfe2SMiquel Raynal */ 240*d677bfe2SMiquel Raynal u32 tpm_startup(enum tpm_startup_type mode); 241*d677bfe2SMiquel Raynal 242*d677bfe2SMiquel Raynal /** 243*d677bfe2SMiquel Raynal * Issue a TPM_SelfTestFull command. 244*d677bfe2SMiquel Raynal * 245*d677bfe2SMiquel Raynal * @return return code of the operation 246*d677bfe2SMiquel Raynal */ 247*d677bfe2SMiquel Raynal u32 tpm_self_test_full(void); 248*d677bfe2SMiquel Raynal 249*d677bfe2SMiquel Raynal /** 250*d677bfe2SMiquel Raynal * Issue a TPM_ContinueSelfTest command. 251*d677bfe2SMiquel Raynal * 252*d677bfe2SMiquel Raynal * @return return code of the operation 253*d677bfe2SMiquel Raynal */ 254*d677bfe2SMiquel Raynal u32 tpm_continue_self_test(void); 255*d677bfe2SMiquel Raynal 256*d677bfe2SMiquel Raynal /** 257*d677bfe2SMiquel Raynal * Issue a TPM_NV_DefineSpace command. The implementation is limited 258*d677bfe2SMiquel Raynal * to specify TPM_NV_ATTRIBUTES and size of the area. The area index 259*d677bfe2SMiquel Raynal * could be one of the special value listed in enum tpm_nv_index. 260*d677bfe2SMiquel Raynal * 261*d677bfe2SMiquel Raynal * @param index index of the area 262*d677bfe2SMiquel Raynal * @param perm TPM_NV_ATTRIBUTES of the area 263*d677bfe2SMiquel Raynal * @param size size of the area 264*d677bfe2SMiquel Raynal * @return return code of the operation 265*d677bfe2SMiquel Raynal */ 266*d677bfe2SMiquel Raynal u32 tpm_nv_define_space(u32 index, u32 perm, u32 size); 267*d677bfe2SMiquel Raynal 268*d677bfe2SMiquel Raynal /** 269*d677bfe2SMiquel Raynal * Issue a TPM_NV_ReadValue command. This implementation is limited 270*d677bfe2SMiquel Raynal * to read the area from offset 0. The area index could be one of 271*d677bfe2SMiquel Raynal * the special value listed in enum tpm_nv_index. 272*d677bfe2SMiquel Raynal * 273*d677bfe2SMiquel Raynal * @param index index of the area 274*d677bfe2SMiquel Raynal * @param data output buffer of the area contents 275*d677bfe2SMiquel Raynal * @param count size of output buffer 276*d677bfe2SMiquel Raynal * @return return code of the operation 277*d677bfe2SMiquel Raynal */ 278*d677bfe2SMiquel Raynal u32 tpm_nv_read_value(u32 index, void *data, u32 count); 279*d677bfe2SMiquel Raynal 280*d677bfe2SMiquel Raynal /** 281*d677bfe2SMiquel Raynal * Issue a TPM_NV_WriteValue command. This implementation is limited 282*d677bfe2SMiquel Raynal * to write the area from offset 0. The area index could be one of 283*d677bfe2SMiquel Raynal * the special value listed in enum tpm_nv_index. 284*d677bfe2SMiquel Raynal * 285*d677bfe2SMiquel Raynal * @param index index of the area 286*d677bfe2SMiquel Raynal * @param data input buffer to be wrote to the area 287*d677bfe2SMiquel Raynal * @param length length of data bytes of input buffer 288*d677bfe2SMiquel Raynal * @return return code of the operation 289*d677bfe2SMiquel Raynal */ 290*d677bfe2SMiquel Raynal u32 tpm_nv_write_value(u32 index, const void *data, u32 length); 291*d677bfe2SMiquel Raynal 292*d677bfe2SMiquel Raynal /** 293*d677bfe2SMiquel Raynal * Issue a TPM_Extend command. 294*d677bfe2SMiquel Raynal * 295*d677bfe2SMiquel Raynal * @param index index of the PCR 296*d677bfe2SMiquel Raynal * @param in_digest 160-bit value representing the event to be 297*d677bfe2SMiquel Raynal * recorded 298*d677bfe2SMiquel Raynal * @param out_digest 160-bit PCR value after execution of the 299*d677bfe2SMiquel Raynal * command 300*d677bfe2SMiquel Raynal * @return return code of the operation 301*d677bfe2SMiquel Raynal */ 302*d677bfe2SMiquel Raynal u32 tpm_extend(u32 index, const void *in_digest, void *out_digest); 303*d677bfe2SMiquel Raynal 304*d677bfe2SMiquel Raynal /** 305*d677bfe2SMiquel Raynal * Issue a TPM_PCRRead command. 306*d677bfe2SMiquel Raynal * 307*d677bfe2SMiquel Raynal * @param index index of the PCR 308*d677bfe2SMiquel Raynal * @param data output buffer for contents of the named PCR 309*d677bfe2SMiquel Raynal * @param count size of output buffer 310*d677bfe2SMiquel Raynal * @return return code of the operation 311*d677bfe2SMiquel Raynal */ 312*d677bfe2SMiquel Raynal u32 tpm_pcr_read(u32 index, void *data, size_t count); 313*d677bfe2SMiquel Raynal 314*d677bfe2SMiquel Raynal /** 315*d677bfe2SMiquel Raynal * Issue a TSC_PhysicalPresence command. TPM physical presence flag 316*d677bfe2SMiquel Raynal * is bit-wise OR'ed of flags listed in enum tpm_physical_presence. 317*d677bfe2SMiquel Raynal * 318*d677bfe2SMiquel Raynal * @param presence TPM physical presence flag 319*d677bfe2SMiquel Raynal * @return return code of the operation 320*d677bfe2SMiquel Raynal */ 321*d677bfe2SMiquel Raynal u32 tpm_tsc_physical_presence(u16 presence); 322*d677bfe2SMiquel Raynal 323*d677bfe2SMiquel Raynal /** 324*d677bfe2SMiquel Raynal * Issue a TPM_ReadPubek command. 325*d677bfe2SMiquel Raynal * 326*d677bfe2SMiquel Raynal * @param data output buffer for the public endorsement key 327*d677bfe2SMiquel Raynal * @param count size of output buffer 328*d677bfe2SMiquel Raynal * @return return code of the operation 329*d677bfe2SMiquel Raynal */ 330*d677bfe2SMiquel Raynal u32 tpm_read_pubek(void *data, size_t count); 331*d677bfe2SMiquel Raynal 332*d677bfe2SMiquel Raynal /** 333*d677bfe2SMiquel Raynal * Issue a TPM_ForceClear command. 334*d677bfe2SMiquel Raynal * 335*d677bfe2SMiquel Raynal * @return return code of the operation 336*d677bfe2SMiquel Raynal */ 337*d677bfe2SMiquel Raynal u32 tpm_force_clear(void); 338*d677bfe2SMiquel Raynal 339*d677bfe2SMiquel Raynal /** 340*d677bfe2SMiquel Raynal * Issue a TPM_PhysicalEnable command. 341*d677bfe2SMiquel Raynal * 342*d677bfe2SMiquel Raynal * @return return code of the operation 343*d677bfe2SMiquel Raynal */ 344*d677bfe2SMiquel Raynal u32 tpm_physical_enable(void); 345*d677bfe2SMiquel Raynal 346*d677bfe2SMiquel Raynal /** 347*d677bfe2SMiquel Raynal * Issue a TPM_PhysicalDisable command. 348*d677bfe2SMiquel Raynal * 349*d677bfe2SMiquel Raynal * @return return code of the operation 350*d677bfe2SMiquel Raynal */ 351*d677bfe2SMiquel Raynal u32 tpm_physical_disable(void); 352*d677bfe2SMiquel Raynal 353*d677bfe2SMiquel Raynal /** 354*d677bfe2SMiquel Raynal * Issue a TPM_PhysicalSetDeactivated command. 355*d677bfe2SMiquel Raynal * 356*d677bfe2SMiquel Raynal * @param state boolean state of the deactivated flag 357*d677bfe2SMiquel Raynal * @return return code of the operation 358*d677bfe2SMiquel Raynal */ 359*d677bfe2SMiquel Raynal u32 tpm_physical_set_deactivated(u8 state); 360*d677bfe2SMiquel Raynal 361*d677bfe2SMiquel Raynal /** 362*d677bfe2SMiquel Raynal * Issue a TPM_GetCapability command. This implementation is limited 363*d677bfe2SMiquel Raynal * to query sub_cap index that is 4-byte wide. 364*d677bfe2SMiquel Raynal * 365*d677bfe2SMiquel Raynal * @param cap_area partition of capabilities 366*d677bfe2SMiquel Raynal * @param sub_cap further definition of capability, which is 367*d677bfe2SMiquel Raynal * limited to be 4-byte wide 368*d677bfe2SMiquel Raynal * @param cap output buffer for capability information 369*d677bfe2SMiquel Raynal * @param count size of output buffer 370*d677bfe2SMiquel Raynal * @return return code of the operation 371*d677bfe2SMiquel Raynal */ 372*d677bfe2SMiquel Raynal u32 tpm_get_capability(u32 cap_area, u32 sub_cap, void *cap, size_t count); 373*d677bfe2SMiquel Raynal 374*d677bfe2SMiquel Raynal /** 375*d677bfe2SMiquel Raynal * Issue a TPM_FlushSpecific command for a AUTH resource. 376*d677bfe2SMiquel Raynal * 377*d677bfe2SMiquel Raynal * @param auth_handle handle of the auth session 378*d677bfe2SMiquel Raynal * @return return code of the operation 379*d677bfe2SMiquel Raynal */ 380*d677bfe2SMiquel Raynal u32 tpm_terminate_auth_session(u32 auth_handle); 381*d677bfe2SMiquel Raynal 382*d677bfe2SMiquel Raynal /** 383*d677bfe2SMiquel Raynal * Issue a TPM_OIAP command to setup an object independent authorization 384*d677bfe2SMiquel Raynal * session. 385*d677bfe2SMiquel Raynal * Information about the session is stored internally. 386*d677bfe2SMiquel Raynal * If there was already an OIAP session active it is terminated and a new 387*d677bfe2SMiquel Raynal * session is set up. 388*d677bfe2SMiquel Raynal * 389*d677bfe2SMiquel Raynal * @param auth_handle pointer to the (new) auth handle or NULL. 390*d677bfe2SMiquel Raynal * @return return code of the operation 391*d677bfe2SMiquel Raynal */ 392*d677bfe2SMiquel Raynal u32 tpm_oiap(u32 *auth_handle); 393*d677bfe2SMiquel Raynal 394*d677bfe2SMiquel Raynal /** 395*d677bfe2SMiquel Raynal * Ends an active OIAP session. 396*d677bfe2SMiquel Raynal * 397*d677bfe2SMiquel Raynal * @return return code of the operation 398*d677bfe2SMiquel Raynal */ 399*d677bfe2SMiquel Raynal u32 tpm_end_oiap(void); 400*d677bfe2SMiquel Raynal 401*d677bfe2SMiquel Raynal /** 402*d677bfe2SMiquel Raynal * Issue a TPM_LoadKey2 (Auth1) command using an OIAP session for authenticating 403*d677bfe2SMiquel Raynal * the usage of the parent key. 404*d677bfe2SMiquel Raynal * 405*d677bfe2SMiquel Raynal * @param parent_handle handle of the parent key. 406*d677bfe2SMiquel Raynal * @param key pointer to the key structure (TPM_KEY or TPM_KEY12). 407*d677bfe2SMiquel Raynal * @param key_length size of the key structure 408*d677bfe2SMiquel Raynal * @param parent_key_usage_auth usage auth for the parent key 409*d677bfe2SMiquel Raynal * @param key_handle pointer to the key handle 410*d677bfe2SMiquel Raynal * @return return code of the operation 411*d677bfe2SMiquel Raynal */ 412*d677bfe2SMiquel Raynal u32 tpm_load_key2_oiap(u32 parent_handle, const void *key, size_t key_length, 413*d677bfe2SMiquel Raynal const void *parent_key_usage_auth, u32 *key_handle); 414*d677bfe2SMiquel Raynal 415*d677bfe2SMiquel Raynal /** 416*d677bfe2SMiquel Raynal * Issue a TPM_GetPubKey (Auth1) command using an OIAP session for 417*d677bfe2SMiquel Raynal * authenticating the usage of the key. 418*d677bfe2SMiquel Raynal * 419*d677bfe2SMiquel Raynal * @param key_handle handle of the key 420*d677bfe2SMiquel Raynal * @param usage_auth usage auth for the key 421*d677bfe2SMiquel Raynal * @param pubkey pointer to the pub key buffer; may be NULL if the pubkey 422*d677bfe2SMiquel Raynal * should not be stored. 423*d677bfe2SMiquel Raynal * @param pubkey_len pointer to the pub key buffer len. On entry: the size of 424*d677bfe2SMiquel Raynal * the provided pubkey buffer. On successful exit: the size 425*d677bfe2SMiquel Raynal * of the stored TPM_PUBKEY structure (iff pubkey != NULL). 426*d677bfe2SMiquel Raynal * @return return code of the operation 427*d677bfe2SMiquel Raynal */ 428*d677bfe2SMiquel Raynal u32 tpm_get_pub_key_oiap(u32 key_handle, const void *usage_auth, void *pubkey, 429*d677bfe2SMiquel Raynal size_t *pubkey_len); 430*d677bfe2SMiquel Raynal 431*d677bfe2SMiquel Raynal /** 432*d677bfe2SMiquel Raynal * Get the TPM permanent flags value 433*d677bfe2SMiquel Raynal * 434*d677bfe2SMiquel Raynal * @param pflags Place to put permanent flags 435*d677bfe2SMiquel Raynal * @return return code of the operation 436*d677bfe2SMiquel Raynal */ 437*d677bfe2SMiquel Raynal u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags); 438*d677bfe2SMiquel Raynal 439*d677bfe2SMiquel Raynal /** 440*d677bfe2SMiquel Raynal * Get the TPM permissions 441*d677bfe2SMiquel Raynal * 442*d677bfe2SMiquel Raynal * @param perm Returns permissions value 443*d677bfe2SMiquel Raynal * @return return code of the operation 444*d677bfe2SMiquel Raynal */ 445*d677bfe2SMiquel Raynal u32 tpm_get_permissions(u32 index, u32 *perm); 446*d677bfe2SMiquel Raynal 447*d677bfe2SMiquel Raynal /** 448*d677bfe2SMiquel Raynal * Flush a resource with a given handle and type from the TPM 449*d677bfe2SMiquel Raynal * 450*d677bfe2SMiquel Raynal * @param key_handle handle of the resource 451*d677bfe2SMiquel Raynal * @param resource_type type of the resource 452*d677bfe2SMiquel Raynal * @return return code of the operation 453*d677bfe2SMiquel Raynal */ 454*d677bfe2SMiquel Raynal u32 tpm_flush_specific(u32 key_handle, u32 resource_type); 455*d677bfe2SMiquel Raynal 456*d677bfe2SMiquel Raynal #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 457*d677bfe2SMiquel Raynal /** 458*d677bfe2SMiquel Raynal * Search for a key by usage AuthData and the hash of the parent's pub key. 459*d677bfe2SMiquel Raynal * 460*d677bfe2SMiquel Raynal * @param auth Usage auth of the key to search for 461*d677bfe2SMiquel Raynal * @param pubkey_digest SHA1 hash of the pub key structure of the key 462*d677bfe2SMiquel Raynal * @param[out] handle The handle of the key (Non-null iff found) 463*d677bfe2SMiquel Raynal * @return 0 if key was found in TPM; != 0 if not. 464*d677bfe2SMiquel Raynal */ 465*d677bfe2SMiquel Raynal u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20], 466*d677bfe2SMiquel Raynal u32 *handle); 467*d677bfe2SMiquel Raynal #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ 468*d677bfe2SMiquel Raynal 469*d677bfe2SMiquel Raynal /** 470*d677bfe2SMiquel Raynal * Read random bytes from the TPM RNG. The implementation deals with the fact 471*d677bfe2SMiquel Raynal * that the TPM may legally return fewer bytes than requested by retrying 472*d677bfe2SMiquel Raynal * until @p count bytes have been received. 473*d677bfe2SMiquel Raynal * 474*d677bfe2SMiquel Raynal * @param data output buffer for the random bytes 475*d677bfe2SMiquel Raynal * @param count size of output buffer 476*d677bfe2SMiquel Raynal * @return return code of the operation 477*d677bfe2SMiquel Raynal */ 478*d677bfe2SMiquel Raynal u32 tpm_get_random(void *data, u32 count); 479*d677bfe2SMiquel Raynal 480*d677bfe2SMiquel Raynal #endif /* __TPM_V1_H */ 481