Add TPM2 commands which might be used in field upgrade.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
Reviewed-by: "Long, Qin" <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16505 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Yao, Jiewen
2014-12-12 04:34:19 +00:00
committed by jyao1
parent 9f2c0260b1
commit 967eaccaaa
6 changed files with 785 additions and 1 deletions

View File

@@ -21,6 +21,21 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_HIERARCHY AuthHandle;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2B_DIGEST AuthPolicy;
TPMI_ALG_HASH HashAlg;
} TPM2_SET_PRIMARY_POLICY_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_SET_PRIMARY_POLICY_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_RH_CLEAR AuthHandle;
@@ -105,6 +120,87 @@ typedef struct {
#pragma pack()
/**
This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
@param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
@param[in] AuthSession Auth Session context
@param[in] AuthPolicy An authorization policy hash
@param[in] HashAlg The hash algorithm to use for the policy
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
EFI_STATUS
EFIAPI
Tpm2SetPrimaryPolicy (
IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
IN TPMS_AUTH_COMMAND *AuthSession,
IN TPM2B_DIGEST *AuthPolicy,
IN TPMI_ALG_HASH HashAlg
)
{
EFI_STATUS Status;
TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;
TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
//
// Add in Auth session
//
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
//
// Real data
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));
Buffer += sizeof(UINT16);
CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);
Buffer += AuthPolicy->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
Buffer += sizeof(UINT16);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
/**
This command removes all TPM context associated with a specific Owner.