1 /********************************************************************************/ 2 /* */ 3 /* Headers from Part 2 */ 4 /* Written by Ken Goldman */ 5 /* IBM Thomas J. Watson Research Center */ 6 /* */ 7 /* Licenses and Notices */ 8 /* */ 9 /* 1. Copyright Licenses: */ 10 /* */ 11 /* - Trusted Computing Group (TCG) grants to the user of the source code in */ 12 /* this specification (the "Source Code") a worldwide, irrevocable, */ 13 /* nonexclusive, royalty free, copyright license to reproduce, create */ 14 /* derivative works, distribute, display and perform the Source Code and */ 15 /* derivative works thereof, and to grant others the rights granted herein. */ 16 /* */ 17 /* - The TCG grants to the user of the other parts of the specification */ 18 /* (other than the Source Code) the rights to reproduce, distribute, */ 19 /* display, and perform the specification solely for the purpose of */ 20 /* developing products based on such documents. */ 21 /* */ 22 /* 2. Source Code Distribution Conditions: */ 23 /* */ 24 /* - Redistributions of Source Code must retain the above copyright licenses, */ 25 /* this list of conditions and the following disclaimers. */ 26 /* */ 27 /* - Redistributions in binary form must reproduce the above copyright */ 28 /* licenses, this list of conditions and the following disclaimers in the */ 29 /* documentation and/or other materials provided with the distribution. */ 30 /* */ 31 /* 3. Disclaimers: */ 32 /* */ 33 /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ 34 /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ 35 /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ 36 /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ 37 /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ 38 /* information on specification licensing rights available through TCG */ 39 /* membership agreements. */ 40 /* */ 41 /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ 42 /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ 43 /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ 44 /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ 45 /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ 46 /* */ 47 /* - Without limitation, TCG and its members and licensors disclaim all */ 48 /* liability, including liability for infringement of any proprietary */ 49 /* rights, relating to use of information in this specification and to the */ 50 /* implementation of this specification, and TCG disclaims all liability for */ 51 /* cost of procurement of substitute goods or services, lost profits, loss */ 52 /* of use, loss of data or any incidental, consequential, direct, indirect, */ 53 /* or special damages, whether under contract, tort, warranty or otherwise, */ 54 /* arising in any way out of use or reliance upon this specification or any */ 55 /* information herein. */ 56 /* */ 57 /* (c) Copyright IBM Corp. and others, 2012 - 2019 */ 58 /* */ 59 /********************************************************************************/ 60 61 /* rev 124 */ 62 63 #ifndef _TPM_TYPES_H 64 #define _TPM_TYPES_H 65 66 #include <stdint.h> 67 68 #include <ibmtss/Implementation.h> 69 70 #ifdef __cplusplus 71 extern "C" { 72 #endif 73 74 /* 75 The C bit field is non-portable, but the TPM specification reference implementation uses them. 76 77 These two macros attempt to define the TPM specification bit fields for little and big endian 78 machines. There is no guarantee that either will work with a specific compiler or tool chain. If 79 not, the developer must create a custom structure. 80 81 TPM_BITFIELD_LE - little endian 82 TPM_BITFIELD_BE - big endian 83 84 To access the structures as uint's for marshaling and unmarshaling, each bit field is a union with 85 an integral field called 'val'. 86 87 Yes, I know that this uses anonymous structs, but the alternative yields another level of 88 deferencing, and will likely break more code. I hope your compiler supports this recent addition 89 to the standard. 90 91 For portable code: 92 93 If neither macro is defined, this header defines the structures as uint32_t. It defines constants 94 for the various bits, and can be used as: 95 96 variable & CONSTANT (test for set) 97 !(variable & CONSTANT) (test for clear) 98 variable &= CONSTANT (to set) 99 variable |= ~CONSTANT (to clear) 100 101 Although the portable structures are all uint32_t, some only use the least significant 8 bits and 102 are marshalled as a uint_8t. 103 */ 104 105 /* Table 3 - Definition of Base Types */ 106 /* In BaseTypes.h */ 107 108 /* Table 4 - Defines for Logic Values */ 109 // In Table 39 (Yes, NO) 110 /* In bool.h (TRUE, FALSE) */ 111 #define SET 1 112 #define CLEAR 0 113 114 /* Part 4 5.5 Capabilities.h */ 115 116 #define MAX_CAP_DATA (MAX_CAP_BUFFER-sizeof(TPM_CAP)-sizeof(UINT32)) 117 #define MAX_CAP_ALGS (MAX_CAP_DATA/sizeof(TPMS_ALG_PROPERTY)) 118 #define MAX_CAP_HANDLES (MAX_CAP_DATA/sizeof(TPM_HANDLE)) 119 #define MAX_CAP_CC (MAX_CAP_DATA/sizeof(TPM_CC)) 120 #define MAX_TPM_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY)) 121 #define MAX_PCR_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PCR_SELECT)) 122 #define MAX_ECC_CURVES (MAX_CAP_DATA/sizeof(TPM_ECC_CURVE)) 123 #define MAX_TAGGED_POLICIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_POLICY)) 124 125 /* Table 5 - Definition of Types for Documentation Clarity */ 126 127 typedef UINT32 TPM_ALGORITHM_ID; /* this is the 1.2 compatible form of the TPM_ALG_ID */ 128 typedef UINT32 TPM_MODIFIER_INDICATOR; 129 typedef UINT32 TPM_AUTHORIZATION_SIZE; /* the authorizationSize parameter in a command */ 130 typedef UINT32 TPM_PARAMETER_SIZE; /* the parameterSizeset parameter in a command */ 131 typedef UINT16 TPM_KEY_SIZE; /* a key size in octets */ 132 typedef UINT16 TPM_KEY_BITS; /* a key size in bits */ 133 134 /* Table 6 - Definition of (UINT32) TPM_SPEC Constants <> */ 135 136 typedef UINT32 TPM_SPEC; 137 138 #define TPM_SPEC_FAMILY 0x322E3000 /* ASCII "2.0" with null terminator */ 139 #define TPM_SPEC_LEVEL 00 /* the level number for the specification */ 140 #define TPM_SPEC_VERSION 124 /* the version number of the spec (01.21 * 100) */ 141 #define TPM_SPEC_YEAR 2015 /* the year of the version */ 142 #define TPM_SPEC_DAY_OF_YEAR 191 /* the day of the year */ 143 144 145 /* Table 7 - Definition of (UINT32) TPM_GENERATED Constants <O> */ 146 147 typedef UINT32 TPM_GENERATED; 148 149 #define TPM_GENERATED_VALUE 0xff544347 /* 0xFF 'TCG' (FF 54 43 47) */ 150 151 /* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> */ 152 153 typedef UINT16 TPM_ALG_ID; 154 155 /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> */ 156 157 typedef UINT16 TPM_ECC_CURVE; 158 159 /* Table 16 - Definition of (UINT32) TPM_RC Constants (Actions) <OUT> */ 160 161 typedef UINT32 TPM_RC; 162 163 #define TPM_RC_SUCCESS 0x000 164 #define TPM_RC_BAD_TAG 0x01E /* defined for compatibility with TPM 1.2 */ 165 166 #define RC_VER1 0x100 /* set for all format 0 response codes */ 167 168 #define TPM_RC_INITIALIZE (RC_VER1 + 0x000) /* TPM not initialized by TPM2_Startup or already initialized */ 169 #define TPM_RC_FAILURE (RC_VER1 + 0x001) /* commands not being accepted because of a TPM failure */ 170 #define TPM_RC_SEQUENCE (RC_VER1 + 0x003) /* improper use of a sequence handle */ 171 #define TPM_RC_PRIVATE (RC_VER1 + 0x00B) /* not currently used */ 172 #define TPM_RC_HMAC (RC_VER1 + 0x019) /* not currently used */ 173 #define TPM_RC_DISABLED (RC_VER1 + 0x020) /* the command is disabled */ 174 #define TPM_RC_EXCLUSIVE (RC_VER1 + 0x021) /* command failed because audit sequence required exclusivity */ 175 #define TPM_RC_AUTH_TYPE (RC_VER1 + 0x024) /* authorization handle is not correct for command */ 176 #define TPM_RC_AUTH_MISSING (RC_VER1 + 0x025) /* command requires an authorization session 177 for handle and it is not present. */ 178 #define TPM_RC_POLICY (RC_VER1 + 0x026) /* policy failure in math Operation or an invalid authPolicy value */ 179 #define TPM_RC_PCR (RC_VER1 + 0x027) /* PCR check fail */ 180 #define TPM_RC_PCR_CHANGED (RC_VER1 + 0x028) /* PCR have changed since checked. */ 181 #define TPM_RC_UPGRADE (RC_VER1 + 0x02D) /* for all commands other than 182 TPM2_FieldUpgradeData(), this code 183 indicates that the TPM is in field 184 upgrade mode */ 185 #define TPM_RC_TOO_MANY_CONTEXTS (RC_VER1 + 0x02E) /* context ID counter is at maximum. */ 186 #define TPM_RC_AUTH_UNAVAILABLE (RC_VER1 + 0x02F) /* authValue or authPolicy is not available for selected entity. */ 187 #define TPM_RC_REBOOT (RC_VER1 + 0x030) /* a _TPM_Init and Startup(CLEAR) is 188 required before the TPM can resume 189 operation. */ 190 #define TPM_RC_UNBALANCED (RC_VER1 + 0x031) /* the protection algorithms (hash and 191 symmetric) are not reasonably balanced */ 192 #define TPM_RC_COMMAND_SIZE (RC_VER1 + 0x042) /* command commandSize value is inconsistent 193 with contents of the command buffer */ 194 #define TPM_RC_COMMAND_CODE (RC_VER1 + 0x043) /* command code not supported */ 195 #define TPM_RC_AUTHSIZE (RC_VER1 + 0x044) /* the value of authorizationSize is out of range */ 196 #define TPM_RC_AUTH_CONTEXT (RC_VER1 + 0x045) /* use of an authorization session with a 197 context command or another command that 198 cannot have an authorization session.*/ 199 #define TPM_RC_NV_RANGE (RC_VER1 + 0x046) /* NV offset+size is out of range. */ 200 #define TPM_RC_NV_SIZE (RC_VER1 + 0x047) /* Requested allocation size is larger than allowed. */ 201 #define TPM_RC_NV_LOCKED (RC_VER1 + 0x048) /* NV access locked. */ 202 #define TPM_RC_NV_AUTHORIZATION (RC_VER1 + 0x049) /* NV access authorization fails in command 203 actions (this failure does not affect 204 lockout.action) */ 205 #define TPM_RC_NV_UNINITIALIZED (RC_VER1 + 0x04A) /* an NV Index is used before being 206 initialized or the state saved by 207 TPM2_Shutdown(STATE) could not be 208 restored */ 209 #define TPM_RC_NV_SPACE (RC_VER1 + 0x04B) /* insufficient space for NV allocation */ 210 #define TPM_RC_NV_DEFINED (RC_VER1 + 0x04C) /* NV Index or persistent object already defined */ 211 #define TPM_RC_BAD_CONTEXT (RC_VER1 + 0x050) /* context in TPM2_ContextLoad() is not valid */ 212 #define TPM_RC_CPHASH (RC_VER1 + 0x051) /* cpHash value already set or not correct for use */ 213 #define TPM_RC_PARENT (RC_VER1 + 0x052) /* handle for parent is not a valid parent */ 214 #define TPM_RC_NEEDS_TEST (RC_VER1 + 0x053) /* some function needs testing. */ 215 #define TPM_RC_NO_RESULT (RC_VER1 + 0x054) /* returned when an internal function cannot 216 process a request due to an unspecified 217 problem. */ 218 #define TPM_RC_SENSITIVE (RC_VER1 + 0x055) /* the sensitive area did not unmarshal correctly after decryption */ 219 #define RC_MAX_FM0 (RC_VER1 + 0x07F) /* largest version 1 code that is not a warning */ 220 221 /* The codes in this group may have a value added to them to indicate the handle, session, or 222 parameter to which they apply. */ 223 224 #define RC_FMT1 0x080 /* This bit is SET in all format 1 response codes */ 225 226 #define TPM_RC_ASYMMETRIC (RC_FMT1 + 0x001) /* asymmetric algorithm not supported or not correct */ 227 #define TPM_RC_ATTRIBUTES (RC_FMT1 + 0x002) /* inconsistent attributes */ 228 #define TPM_RC_HASH (RC_FMT1 + 0x003) /* hash algorithm not supported or not appropriate */ 229 #define TPM_RC_VALUE (RC_FMT1 + 0x004) /* value is out of range or is not correct for the context */ 230 #define TPM_RC_HIERARCHY (RC_FMT1 + 0x005) /* hierarchy is not enabled or is not correct for the use */ 231 #define TPM_RC_KEY_SIZE (RC_FMT1 + 0x007) /* key size is not supported */ 232 #define TPM_RC_MGF (RC_FMT1 + 0x008) /* mask generation function not supported */ 233 #define TPM_RC_MODE (RC_FMT1 + 0x009) /* mode of operation not supported */ 234 #define TPM_RC_TYPE (RC_FMT1 + 0x00A) /* the type of the value is not appropriate for the use */ 235 #define TPM_RC_HANDLE (RC_FMT1 + 0x00B) /* the handle is not correct for the use */ 236 #define TPM_RC_KDF (RC_FMT1 + 0x00C) /* unsupported key derivation function or 237 function not appropriate for use */ 238 #define TPM_RC_RANGE (RC_FMT1 + 0x00D) /* value was out of allowed range. */ 239 #define TPM_RC_AUTH_FAIL (RC_FMT1 + 0x00E) /* the authorization HMAC check failed and DA counter incremented */ 240 #define TPM_RC_NONCE (RC_FMT1 + 0x00F) /* invalid nonce size or nonce value mismatch */ 241 #define TPM_RC_PP (RC_FMT1 + 0x010) /* authorization requires assertion of PP */ 242 #define TPM_RC_SCHEME (RC_FMT1 + 0x012) /* unsupported or incompatible scheme */ 243 #define TPM_RC_SIZE (RC_FMT1 + 0x015) /* structure is the wrong size */ 244 #define TPM_RC_SYMMETRIC (RC_FMT1 + 0x016) /* unsupported symmetric algorithm or key 245 size, or not appropriate for instance */ 246 #define TPM_RC_TAG (RC_FMT1 + 0x017) /* incorrect structure tag */ 247 #define TPM_RC_SELECTOR (RC_FMT1 + 0x018) /* union selector is incorrect */ 248 #define TPM_RC_INSUFFICIENT (RC_FMT1 + 0x01A) /* the TPM was unable to unmarshal a value 249 because there were not enough octets in 250 the input buffer */ 251 #define TPM_RC_SIGNATURE (RC_FMT1 + 0x01B) /* the signature is not valid */ 252 #define TPM_RC_KEY (RC_FMT1 + 0x01C) /* key fields are not compatible with the selected use */ 253 #define TPM_RC_POLICY_FAIL (RC_FMT1 + 0x01D) /* a policy check failed */ 254 #define TPM_RC_INTEGRITY (RC_FMT1 + 0x01F) /* integrity check failed */ 255 #define TPM_RC_TICKET (RC_FMT1 + 0x020) /* invalid ticket */ 256 #define TPM_RC_RESERVED_BITS (RC_FMT1 + 0x021) /* reserved bits not set to zero as required */ 257 #define TPM_RC_BAD_AUTH (RC_FMT1 + 0x022) /* authorization failure without DA implications */ 258 #define TPM_RC_EXPIRED (RC_FMT1 + 0x023) /* the policy has expired */ 259 #define TPM_RC_POLICY_CC (RC_FMT1 + 0x024) /* the commandCode in the policy is not the 260 commandCode of the command */ 261 #define TPM_RC_BINDING (RC_FMT1 + 0x025) /* public and sensitive portions of an 262 object are not cryptographically bound */ 263 #define TPM_RC_CURVE (RC_FMT1 + 0x026) /* curve not supported */ 264 #define TPM_RC_ECC_POINT (RC_FMT1 + 0x027) /* point is not on the required curve. */ 265 266 /* aliases for FMT1 commands when parameter number can be added */ 267 268 #define TPM_RCS_VALUE TPM_RC_VALUE 269 #define TPM_RCS_TYPE TPM_RC_TYPE 270 #define TPM_RCS_HANDLE TPM_RC_HANDLE 271 #define TPM_RCS_SIZE TPM_RC_SIZE 272 #define TPM_RCS_ATTRIBUTES TPM_RC_ATTRIBUTES 273 #define TPM_RCS_NONCE TPM_RC_NONCE 274 #define TPM_RCS_SYMMETRIC TPM_RC_SYMMETRIC 275 #define TPM_RCS_MODE TPM_RC_MODE 276 #define TPM_RCS_SCHEME TPM_RC_SCHEME 277 #define TPM_RCS_KEY TPM_RC_KEY 278 #define TPM_RCS_ECC_POINT TPM_RC_ECC_POINT 279 #define TPM_RCS_HASH TPM_RC_HASH 280 #define TPM_RCS_HIERARCHY TPM_RC_HIERARCHY 281 #define TPM_RCS_TICKET TPM_RC_TICKET 282 #define TPM_RCS_RANGE TPM_RC_RANGE 283 #define TPM_RCS_INTEGRITY TPM_RC_INTEGRITY 284 #define TPM_RCS_POLICY_CC TPM_RC_POLICY_CC 285 #define TPM_RCS_EXPIRED TPM_RC_EXPIRED 286 287 #define RC_WARN 0x900 /* set for warning response codes */ 288 289 #define TPM_RC_CONTEXT_GAP (RC_WARN + 0x001) /* gap for context ID is too large */ 290 #define TPM_RC_OBJECT_MEMORY (RC_WARN + 0x002) /* out of memory for object contexts */ 291 #define TPM_RC_SESSION_MEMORY (RC_WARN + 0x003) /* out of memory for session contexts */ 292 #define TPM_RC_MEMORY (RC_WARN + 0x004) /* out of shared object/session memory or 293 need space for internal operations */ 294 #define TPM_RC_SESSION_HANDLES (RC_WARN + 0x005) /* out of session handles - a session must 295 be flushed before a new session may be 296 created */ 297 #define TPM_RC_OBJECT_HANDLES (RC_WARN + 0x006) /* out of object handles - the handle space 298 for objects is depleted and a reboot is 299 required */ 300 #define TPM_RC_LOCALITY (RC_WARN + 0x007) /* bad locality */ 301 #define TPM_RC_YIELDED (RC_WARN + 0x008) /* the TPM has suspended operation on the 302 command; forward progress was made and 303 the command may be retried. */ 304 #define TPM_RC_CANCELED (RC_WARN + 0x009) /* the command was canceled */ 305 #define TPM_RC_CANCELLED TPM_RC_CANCELED 306 #define TPM_RC_TESTING (RC_WARN + 0x00A) /* TPM is performing self-tests */ 307 #define TPM_RC_REFERENCE_H0 (RC_WARN + 0x010) /* the 1st handle in the handle area 308 references a transient object or session 309 that is not loaded */ 310 #define TPM_RC_REFERENCE_H1 (RC_WARN + 0x011) /* the 2nd handle in the handle area 311 references a transient object or session 312 that is not loaded */ 313 #define TPM_RC_REFERENCE_H2 (RC_WARN + 0x012) /* the 3rd handle in the handle area 314 references a transient object or session 315 that is not loaded */ 316 #define TPM_RC_REFERENCE_H3 (RC_WARN + 0x013) /* the 4th handle in the handle area 317 references a transient object or session 318 that is not loaded */ 319 #define TPM_RC_REFERENCE_H4 (RC_WARN + 0x014) /* the 5th handle in the handle area 320 references a transient object or session 321 that is not loaded */ 322 #define TPM_RC_REFERENCE_H5 (RC_WARN + 0x015) /* the 6th handle in the handle area 323 references a transient object or session 324 that is not loaded */ 325 #define TPM_RC_REFERENCE_H6 (RC_WARN + 0x016) /* the 7th handle in the handle area 326 references a transient object or session 327 that is not loaded */ 328 #define TPM_RC_REFERENCE_S0 (RC_WARN + 0x018) /* the 1st authorization session handle 329 references a session that is not 330 loaded */ 331 #define TPM_RC_REFERENCE_S1 (RC_WARN + 0x019) /* the 2nd authorization session handle 332 references a session that is not 333 loaded */ 334 #define TPM_RC_REFERENCE_S2 (RC_WARN + 0x01A) /* the 3rd authorization session handle 335 references a session that is not 336 loaded */ 337 #define TPM_RC_REFERENCE_S3 (RC_WARN + 0x01B) /* the 4th authorization session handle 338 references a session that is not 339 loaded */ 340 #define TPM_RC_REFERENCE_S4 (RC_WARN + 0x01C) /* the 5th session handle references a 341 session that is not loaded */ 342 #define TPM_RC_REFERENCE_S5 (RC_WARN + 0x01D) /* the 6th session handle references a session that is not loaded */ 343 #define TPM_RC_REFERENCE_S6 (RC_WARN + 0x01E) /* the 7th authorization session handle 344 references a session that is not 345 loaded */ 346 #define TPM_RC_NV_RATE (RC_WARN + 0x020) /* the TPM is rate-limiting accesses to prevent wearout of NV */ 347 #define TPM_RC_LOCKOUT (RC_WARN + 0x021) /* authorizations for objects subject to DA 348 protection are not allowed at this time 349 because the TPM is in DA lockout mode */ 350 #define TPM_RC_RETRY (RC_WARN + 0x022) /* the TPM was not able to start the command */ 351 #define TPM_RC_NV_UNAVAILABLE (RC_WARN + 0x023) /* the command may require writing of NV and 352 NV is not current accessible */ 353 #define TPM_RC_NOT_USED (RC_WARN + 0x07F) /* this value is reserved and shall not be returned by the TPM */ 354 355 #define TPM_RC_H 0x000 /* add to a handle-related error */ 356 #define TPM_RC_P 0x040 /* add to a parameter-related error */ 357 #define TPM_RC_S 0x800 /* add to a session-related error */ 358 #define TPM_RC_1 0x100 /* add to a parameter-, handle-, or session-related error */ 359 #define TPM_RC_2 0x200 /* add to a parameter-, handle-, or session-related error */ 360 #define TPM_RC_3 0x300 /* add to a parameter-, handle-, or session-related error */ 361 #define TPM_RC_4 0x400 /* add to a parameter-, handle-, or session-related error */ 362 #define TPM_RC_5 0x500 /* add to a parameter-, handle-, or session-related error */ 363 #define TPM_RC_6 0x600 /* add to a parameter-, handle-, or session-related error */ 364 #define TPM_RC_7 0x700 /* add to a parameter-, handle-, or session-related error */ 365 #define TPM_RC_8 0x800 /* add to a parameter-related error */ 366 #define TPM_RC_9 0x900 /* add to a parameter-related error */ 367 #define TPM_RC_A 0xA00 /* add to a parameter-related error */ 368 #define TPM_RC_B 0xB00 /* add to a parameter-related error */ 369 #define TPM_RC_C 0xC00 /* add to a parameter-related error */ 370 #define TPM_RC_D 0xD00 /* add to a parameter-related error */ 371 #define TPM_RC_E 0xE00 /* add to a parameter-related error */ 372 #define TPM_RC_F 0xF00 /* add to a parameter-related error */ 373 #define TPM_RC_N_MASK 0xF00 /* number mask */ 374 375 /* Table 17 - Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> */ 376 377 typedef INT8 TPM_CLOCK_ADJUST; 378 379 #define TPM_CLOCK_COARSE_SLOWER -3 /* Slow the Clock update rate by one coarse adjustment step. */ 380 #define TPM_CLOCK_MEDIUM_SLOWER -2 /* Slow the Clock update rate by one medium adjustment step. */ 381 #define TPM_CLOCK_FINE_SLOWER -1 /* Slow the Clock update rate by one fine adjustment step. */ 382 #define TPM_CLOCK_NO_CHANGE 0 /* No change to the Clock update rate. */ 383 #define TPM_CLOCK_FINE_FASTER 1 /* Speed the Clock update rate by one fine adjustment step. */ 384 #define TPM_CLOCK_MEDIUM_FASTER 2 /* Speed the Clock update rate by one medium adjustment step. */ 385 #define TPM_CLOCK_COARSE_FASTER 3 /* Speed the Clock update rate by one coarse adjustment step. */ 386 387 /* Table 18 - Definition of (UINT16) TPM_EO Constants <IN/OUT> */ 388 389 typedef UINT16 TPM_EO; 390 391 #define TPM_EO_EQ 0x0000 /* A = B */ 392 #define TPM_EO_NEQ 0x0001 /* A != B */ 393 #define TPM_EO_SIGNED_GT 0x0002 /* A > B signed */ 394 #define TPM_EO_UNSIGNED_GT 0x0003 /* A > B unsigned */ 395 #define TPM_EO_SIGNED_LT 0x0004 /* A < B signed */ 396 #define TPM_EO_UNSIGNED_LT 0x0005 /* A < B unsigned */ 397 #define TPM_EO_SIGNED_GE 0x0006 /* A = B signed */ 398 #define TPM_EO_UNSIGNED_GE 0x0007 /* A = B unsigned */ 399 #define TPM_EO_SIGNED_LE 0x0008 /* A = B signed */ 400 #define TPM_EO_UNSIGNED_LE 0x0009 /* A = B unsigned */ 401 #define TPM_EO_BITSET 0x000A /* All bits SET in B are SET in A. ((A&B)=B) */ 402 #define TPM_EO_BITCLEAR 0x000B /* All bits SET in B are CLEAR in A. ((A&B)=0) */ 403 404 /* Table 19 - Definition of (UINT16) TPM_ST Constants <IN/OUT, S> */ 405 406 typedef UINT16 TPM_ST; 407 408 #define TPM_ST_RSP_COMMAND 0x00C4 /* tag value for a response */ 409 #define TPM_ST_NULL 0X8000 /* no structure type specified */ 410 #define TPM_ST_NO_SESSIONS 0x8001 /* command/response has no attached sessions*/ 411 #define TPM_ST_SESSIONS 0x8002 /* command/response has one or more attached sessions*/ 412 #define TPM_ST_ATTEST_NV 0x8014 /* tag for an attestation structure */ 413 #define TPM_ST_ATTEST_COMMAND_AUDIT 0x8015 /* tag for an attestation structure */ 414 #define TPM_ST_ATTEST_SESSION_AUDIT 0x8016 /* tag for an attestation structure */ 415 #define TPM_ST_ATTEST_CERTIFY 0x8017 /* tag for an attestation structure */ 416 #define TPM_ST_ATTEST_QUOTE 0x8018 /* tag for an attestation structure */ 417 #define TPM_ST_ATTEST_TIME 0x8019 /* tag for an attestation structure */ 418 #define TPM_ST_ATTEST_CREATION 0x801A /* tag for an attestation structure */ 419 #define TPM_ST_ATTEST_NV_DIGEST 0x801C /* tag for an attestation structure */ 420 #define TPM_ST_CREATION 0x8021 /* tag for a ticket type */ 421 #define TPM_ST_VERIFIED 0x8022 /* tag for a ticket type */ 422 #define TPM_ST_AUTH_SECRET 0x8023 /* tag for a ticket type */ 423 #define TPM_ST_HASHCHECK 0x8024 /* tag for a ticket type */ 424 #define TPM_ST_AUTH_SIGNED 0x8025 /* tag for a ticket type */ 425 #define TPM_ST_FU_MANIFEST 0x8029 /* tag for a structure describing a Field Upgrade Policy */ 426 427 /* Table 20 - Definition of (UINT16) TPM_SU Constants <IN> */ 428 429 typedef UINT16 TPM_SU; 430 431 #define TPM_SU_CLEAR 0x0000 /* on TPM2_Startup(), indicates that the TPM should perform TPM Reset or TPM Restart */ 432 #define TPM_SU_STATE 0x0001 /* on TPM2_Startup(), indicates that the TPM should restore the 433 state saved by TPM2_Shutdown(TPM_SU_STATE) */ 434 /* Table 21 - Definition of (UINT8) TPM_SE Constants <IN> */ 435 436 typedef UINT8 TPM_SE; 437 438 #define TPM_SE_HMAC 0x00 439 #define TPM_SE_POLICY 0x01 440 #define TPM_SE_TRIAL 0x03 441 442 /* Table 22 - Definition of (UINT32) TPM_CAP Constants */ 443 444 typedef UINT32 TPM_CAP; 445 446 #define TPM_CAP_FIRST 0x00000000 /* */ 447 #define TPM_CAP_ALGS 0x00000000 /* TPM_ALG_ID(1) TPML_ALG_PROPERTY */ 448 #define TPM_CAP_HANDLES 0x00000001 /* TPM_HANDLE TPML_HANDLE */ 449 #define TPM_CAP_COMMANDS 0x00000002 /* TPM_CC TPML_CCA */ 450 #define TPM_CAP_PP_COMMANDS 0x00000003 /* TPM_CC TPML_CC */ 451 #define TPM_CAP_AUDIT_COMMANDS 0x00000004 /* TPM_CC TPML_CC */ 452 #define TPM_CAP_PCRS 0x00000005 /* reserved TPML_PCR_SELECTION */ 453 #define TPM_CAP_TPM_PROPERTIES 0x00000006 /* TPM_PT TPML_TAGGED_TPM_PROPERTY */ 454 #define TPM_CAP_PCR_PROPERTIES 0x00000007 /* TPM_PT_PCR TPML_TAGGED_PCR_PROPERTY */ 455 #define TPM_CAP_ECC_CURVES 0x00000008 /* TPM_ECC_CURVE(1) TPML_ECC_CURVE */ 456 #define TPM_CAP_AUTH_POLICIES 0x00000009 /* TPML_TAGGED_POLICY */ 457 #define TPM_CAP_LAST 0x00000009 /* */ 458 #define TPM_CAP_VENDOR_PROPERTY 0x00000100 /* manufacturer specific manufacturer-specific values */ 459 460 /* Table 23 - Definition of (UINT32) TPM_PT Constants <IN/OUT, S> */ 461 462 typedef UINT32 TPM_PT; 463 464 #define TPM_PT_NONE 0x00000000 /* indicates no property type */ 465 #define PT_GROUP 0x00000100 /* The number of properties in each group. */ 466 #define PT_FIXED (PT_GROUP * 1) /* the group of fixed properties returned as TPMS_TAGGED_PROPERTY */ 467 468 /* The values in this group are only changed due to a firmware change in the TPM. */ 469 470 #define TPM_PT_FAMILY_INDICATOR (PT_FIXED + 0) /* a 4-octet character string containing the 471 TPM Family value (TPM_SPEC_FAMILY) */ 472 #define TPM_PT_LEVEL (PT_FIXED + 1) /* the level of the specification */ 473 #define TPM_PT_REVISION (PT_FIXED + 2) /* the specification Revision times 100 */ 474 #define TPM_PT_DAY_OF_YEAR (PT_FIXED + 3) /* the specification day of year using TCG calendar */ 475 #define TPM_PT_YEAR (PT_FIXED + 4) /* the specification year using the CE */ 476 #define TPM_PT_MANUFACTURER (PT_FIXED + 5) /* the vendor ID unique to each TPM manufacturer */ 477 #define TPM_PT_VENDOR_STRING_1 (PT_FIXED + 6) /* the first four characters of the vendor ID string */ 478 #define TPM_PT_VENDOR_STRING_2 (PT_FIXED + 7) /* the second four characters of the vendor ID string */ 479 #define TPM_PT_VENDOR_STRING_3 (PT_FIXED + 8) /* the third four characters of the vendor ID string */ 480 #define TPM_PT_VENDOR_STRING_4 (PT_FIXED + 9) /* the fourth four characters of the vendor ID sting */ 481 #define TPM_PT_VENDOR_TPM_TYPE (PT_FIXED + 10) /* vendor-defined value indicating the TPM model */ 482 #define TPM_PT_FIRMWARE_VERSION_1 (PT_FIXED + 11) /* the most-significant 32 bits of a TPM 483 vendor-specific value indicating the 484 version number of the firmware */ 485 #define TPM_PT_FIRMWARE_VERSION_2 (PT_FIXED + 12) /* the least-significant 32 bits of a TPM 486 vendor-specific value indicating the 487 version number of the firmware */ 488 #define TPM_PT_INPUT_BUFFER (PT_FIXED + 13) /* the maximum size of a parameter 489 (typically, a TPM2B_MAX_BUFFER) */ 490 #define TPM_PT_HR_TRANSIENT_MIN (PT_FIXED + 14) /* the minimum number of transient objects 491 that can be held in TPM RAM */ 492 #define TPM_PT_HR_PERSISTENT_MIN (PT_FIXED + 15) /* the minimum number of persistent objects 493 that can be held in TPM NV memory */ 494 #define TPM_PT_HR_LOADED_MIN (PT_FIXED + 16) /* the minimum number of authorization 495 sessions that can be held in TPM RAM */ 496 #define TPM_PT_ACTIVE_SESSIONS_MAX (PT_FIXED + 17) /* the number of authorization sessions that 497 may be active at a time */ 498 #define TPM_PT_PCR_COUNT (PT_FIXED + 18) /* the number of PCR implemented */ 499 #define TPM_PT_PCR_SELECT_MIN (PT_FIXED + 19) /* the minimum number of octets in a 500 TPMS_PCR_SELECT.sizeOfSelect */ 501 #define TPM_PT_CONTEXT_GAP_MAX (PT_FIXED + 20) /* the maximum allowed difference (unsigned) 502 between the contextID values of two saved 503 session contexts */ 504 #define TPM_PT_NV_COUNTERS_MAX (PT_FIXED + 22) /* the maximum number of NV Indexes that are 505 allowed to have TPM_NV_COUNTER attribute SET */ 506 #define TPM_PT_NV_INDEX_MAX (PT_FIXED + 23) /* the maximum size of an NV Index data area */ 507 #define TPM_PT_MEMORY (PT_FIXED + 24) /* a TPMA_MEMORY indicating the memory 508 management method for the TPM */ 509 #define TPM_PT_CLOCK_UPDATE (PT_FIXED + 25) /* interval, in milliseconds, between 510 updates to the copy of 511 TPMS_CLOCK_INFO.clock in NV */ 512 #define TPM_PT_CONTEXT_HASH (PT_FIXED + 26) /* the algorithm used for the integrity HMAC 513 on saved contexts and for hashing the 514 fuData of TPM2_FirmwareRead() */ 515 #define TPM_PT_CONTEXT_SYM (PT_FIXED + 27) /* TPM_ALG_ID, the algorithm used for 516 encryption of saved contexts */ 517 #define TPM_PT_CONTEXT_SYM_SIZE (PT_FIXED + 28) /* TPM_KEY_BITS, the size of the key used 518 for encryption of saved contexts */ 519 #define TPM_PT_ORDERLY_COUNT (PT_FIXED + 29) /* the modulus - 1 of the count for NV 520 update of an orderly counter */ 521 #define TPM_PT_MAX_COMMAND_SIZE (PT_FIXED + 30) /* the maximum value for commandSize in a command */ 522 #define TPM_PT_MAX_RESPONSE_SIZE (PT_FIXED + 31) /* the maximum value for responseSize in a response */ 523 #define TPM_PT_MAX_DIGEST (PT_FIXED + 32) /* the maximum size of a digest that can be 524 produced by the TPM */ 525 #define TPM_PT_MAX_OBJECT_CONTEXT (PT_FIXED + 33) /* the maximum size of an object context 526 that will be returned by 527 TPM2_ContextSave */ 528 #define TPM_PT_MAX_SESSION_CONTEXT (PT_FIXED + 34) /* the maximum size of a session context 529 that will be returned by 530 TPM2_ContextSave */ 531 #define TPM_PT_PS_FAMILY_INDICATOR (PT_FIXED + 35) /* platform-specific family (a TPM_PS 532 value)(see Table 26) */ 533 #define TPM_PT_PS_LEVEL (PT_FIXED + 36) /* the level of the platform-specific specification */ 534 #define TPM_PT_PS_REVISION (PT_FIXED + 37) /* the specification Revision times 100 for 535 the platform-specific specification */ 536 #define TPM_PT_PS_DAY_OF_YEAR (PT_FIXED + 38) /* the platform-specific specification day 537 of year using TCG calendar */ 538 #define TPM_PT_PS_YEAR (PT_FIXED + 39) /* the platform-specific specification year 539 using the CE */ 540 #define TPM_PT_SPLIT_MAX (PT_FIXED + 40) /* the number of split signing operations 541 supported by the TPM */ 542 #define TPM_PT_TOTAL_COMMANDS (PT_FIXED + 41) /* total number of commands implemented in the TPM */ 543 #define TPM_PT_LIBRARY_COMMANDS (PT_FIXED + 42) /* number of commands from the TPM library 544 that are implemented */ 545 #define TPM_PT_VENDOR_COMMANDS (PT_FIXED + 43) /* number of vendor commands that are implemented */ 546 #define TPM_PT_NV_BUFFER_MAX (PT_FIXED + 44) /* the maximum data size in one NV write command */ 547 #define TPM_PT_MODES (PT_FIXED + 45) /* a TPMA_MODES value, indicating that the 548 TPM is designed for these modes. */ 549 #define TPM_PT_MAX_CAP_BUFFER (PT_FIXED + 46) /* the maximum size of a 550 TPMS_CAPABILITY_DATA structure returned 551 in TPM2_GetCapability(). */ 552 #define PT_VAR (PT_GROUP * 2) /* the group of variable properties returned 553 as TPMS_TAGGED_PROPERTY */ 554 555 /* The properties in this group change because of a Protected Capability other than a firmware 556 update. The values are not necessarily persistent across all power transitions. */ 557 558 #define TPM_PT_PERMANENT (PT_VAR + 0) /* TPMA_PERMANENT */ 559 #define TPM_PT_STARTUP_CLEAR (PT_VAR + 1) /* TPMA_STARTUP_CLEAR */ 560 #define TPM_PT_HR_NV_INDEX (PT_VAR + 2) /* the number of NV Indexes currently defined */ 561 #define TPM_PT_HR_LOADED (PT_VAR + 3) /* the number of authorization sessions 562 currently loaded into TPM RAM */ 563 #define TPM_PT_HR_LOADED_AVAIL (PT_VAR + 4) /* the number of additional authorization 564 sessions, of any type, that could be 565 loaded into TPM RAM */ 566 #define TPM_PT_HR_ACTIVE (PT_VAR + 5) /* the number of active authorization 567 sessions currently being tracked by the 568 TPM */ 569 #define TPM_PT_HR_ACTIVE_AVAIL (PT_VAR + 6) /* the number of additional authorization 570 sessions, of any type, that could be 571 created */ 572 #define TPM_PT_HR_TRANSIENT_AVAIL (PT_VAR + 7) /* estimate of the number of additional 573 transient objects that could be loaded 574 into TPM RAM */ 575 #define TPM_PT_HR_PERSISTENT (PT_VAR + 8) /* the number of persistent objects 576 currently loaded into TPM NV memory */ 577 #define TPM_PT_HR_PERSISTENT_AVAIL (PT_VAR + 9) /* the number of additional persistent 578 objects that could be loaded into NV 579 memory */ 580 #define TPM_PT_NV_COUNTERS (PT_VAR + 10) /* the number of defined NV Indexes that 581 have the NV TPM_NV_COUNTER attribute SET */ 582 #define TPM_PT_NV_COUNTERS_AVAIL (PT_VAR + 11) /* the number of additional NV Indexes that 583 can be defined with their TPM_NT of TPM_NV_COUNTER 584 and the TPM_NV_ORDERLY attribute SET */ 585 #define TPM_PT_ALGORITHM_SET (PT_VAR + 12) /* code that limits the algorithms that may 586 be used with the TPM */ 587 #define TPM_PT_LOADED_CURVES (PT_VAR + 13) /* the number of loaded ECC curves */ 588 #define TPM_PT_LOCKOUT_COUNTER (PT_VAR + 14) /* the current value of the lockout counter (failedTries) */ 589 #define TPM_PT_MAX_AUTH_FAIL (PT_VAR + 15) /* the number of authorization failures 590 before DA lockout is invoked */ 591 #define TPM_PT_LOCKOUT_INTERVAL (PT_VAR + 16) /* the number of seconds before the value 592 reported by TPM_PT_LOCKOUT_COUNTER is 593 decremented */ 594 #define TPM_PT_LOCKOUT_RECOVERY (PT_VAR + 17) /* the number of seconds after a lockoutAuth 595 failure before use of lockoutAuth may be 596 attempted again */ 597 #define TPM_PT_NV_WRITE_RECOVERY (PT_VAR + 18) /* number of milliseconds before the TPM 598 will accept another command that will 599 modify NV */ 600 #define TPM_PT_AUDIT_COUNTER_0 (PT_VAR + 19) /* the high-order 32 bits of the command audit counter */ 601 #define TPM_PT_AUDIT_COUNTER_1 (PT_VAR + 20) /* the low-order 32 bits of the command audit counter */ 602 603 /* Table 24 - Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> */ 604 605 typedef UINT32 TPM_PT_PCR; 606 607 #define TPM_PT_PCR_FIRST 0x00000000 /* bottom of the range of TPM_PT_PCR properties */ 608 #define TPM_PT_PCR_SAVE 0x00000000 /* a SET bit in the TPMS_PCR_SELECT indicates that 609 the PCR is saved and restored by TPM_SU_STATE */ 610 #define TPM_PT_PCR_EXTEND_L0 0x00000001 /* a SET bit in the TPMS_PCR_SELECT indicates that 611 the PCR may be extended from locality 0 */ 612 #define TPM_PT_PCR_RESET_L0 0x00000002 /* a SET bit in the TPMS_PCR_SELECT indicates that 613 the PCR may be reset by TPM2_PCR_Reset() from 614 locality 0 */ 615 #define TPM_PT_PCR_EXTEND_L1 0x00000003 /* a SET bit in the TPMS_PCR_SELECT indicates that 616 the PCR may be extended from locality 1 */ 617 #define TPM_PT_PCR_RESET_L1 0x00000004 /* a SET bit in the TPMS_PCR_SELECT indicates that 618 the PCR may be reset by TPM2_PCR_Reset() from 619 locality 1 */ 620 #define TPM_PT_PCR_EXTEND_L2 0x00000005 /* a SET bit in the TPMS_PCR_SELECT indicates that 621 the PCR may be extended from locality 2 */ 622 #define TPM_PT_PCR_RESET_L2 0x00000006 /* a SET bit in the TPMS_PCR_SELECT indicates that 623 the PCR may be reset by TPM2_PCR_Reset() from 624 locality 2 */ 625 #define TPM_PT_PCR_EXTEND_L3 0x00000007 /* a SET bit in the TPMS_PCR_SELECT indicates that 626 the PCR may be extended from locality 3 */ 627 #define TPM_PT_PCR_RESET_L3 0x00000008 /* a SET bit in the TPMS_PCR_SELECT indicates that 628 the PCR may be reset by TPM2_PCR_Reset() from 629 locality 3 */ 630 #define TPM_PT_PCR_EXTEND_L4 0x00000009 /* a SET bit in the TPMS_PCR_SELECT indicates that 631 the PCR may be extended from locality 4 */ 632 #define TPM_PT_PCR_RESET_L4 0x0000000A /* a SET bit in the TPMS_PCR_SELECT indicates that 633 the PCR may be reset by TPM2_PCR_Reset() from 634 locality 4 */ 635 #define TPM_PT_PCR_NO_INCREMENT 0x00000011 /* a SET bit in the TPMS_PCR_SELECT indicates that 636 modifications to this PCR (reset or Extend) will 637 not increment the pcrUpdateCounter */ 638 #define TPM_PT_PCR_RESET_L4 0x0000000A /* a SET bit in the TPMS_PCR_SELECT indicates that 639 the PCR may be reset by TPM2_PCR_Reset() from 640 locality 4 */ 641 #define TPM_PT_PCR_DRTM_RESET 0x00000012 /* a SET bit in the TPMS_PCR_SELECT indicates that 642 the PCR is reset by a DRTM event */ 643 #define TPM_PT_PCR_POLICY 0x00000013 /* a SET bit in the TPMS_PCR_SELECT indicates that 644 the PCR is controlled by policy */ 645 #define TPM_PT_PCR_AUTH 0x00000014 /* a SET bit in the TPMS_PCR_SELECT indicates that 646 the PCR is controlled by an authorization 647 value */ 648 #define TPM_PT_PCR_LAST 0x00000014 /* top of the range of TPM_PT_PCR properties of the 649 implementation */ 650 651 /* Table 25 - Definition of (UINT32) TPM_PS Constants <OUT> */ 652 653 typedef UINT32 TPM_PS; 654 655 #define TPM_PS_MAIN 0x00000000 /* not platform specific */ 656 #define TPM_PS_PC 0x00000001 /* PC Client */ 657 #define TPM_PS_PDA 0x00000002 /* PDA (includes all mobile devices that are not 658 specifically cell phones) */ 659 #define TPM_PS_CELL_PHONE 0x00000003 /* Cell Phone */ 660 #define TPM_PS_SERVER 0x00000004 /* Server WG */ 661 #define TPM_PS_PERIPHERAL 0x00000005 /* Peripheral WG */ 662 #define TPM_PS_TSS 0x00000006 /* TSS WG */ 663 #define TPM_PS_STORAGE 0x00000007 /* Storage WG */ 664 #define TPM_PS_AUTHENTICATION 0x00000008 /* Authentication WG */ 665 #define TPM_PS_EMBEDDED 0x00000009 /* Embedded WG */ 666 #define TPM_PS_HARDCOPY 0x0000000A /* Hardcopy WG */ 667 #define TPM_PS_INFRASTRUCTURE 0x0000000B /* Infrastructure WG */ 668 #define TPM_PS_VIRTUALIZATION 0x0000000C /* Virtualization WG */ 669 #define TPM_PS_TNC 0x0000000D /* Trusted Network Connect WG */ 670 #define TPM_PS_MULTI_TENANT 0x0000000E /* Multi-tenant WG */ 671 #define TPM_PS_TC 0x0000000F /* Technical Committee*/ 672 673 /* Table 26 - Definition of Types for Handles */ 674 675 typedef UINT32 TPM_HANDLE; /* Handles may refer to objects (keys or data blobs), authorization 676 sessions (HMAC and policy), NV Indexes, permanent TPM locations, 677 and PCR. */ 678 679 /* Table 27 - Definition of (UINT8) TPM_HT Constants <S> */ 680 681 typedef UINT8 TPM_HT; 682 683 #define TPM_HT_PCR 0x00 /* PCR - consecutive numbers, starting at 0, that reference the PCR registers */ 684 #define TPM_HT_NV_INDEX 0x01 /* NV Index - assigned by the caller */ 685 #define TPM_HT_HMAC_SESSION 0x02 /* HMAC Authorization Session - assigned by the TPM when the session is created */ 686 #define TPM_HT_LOADED_SESSION 0x02 /* Loaded Authorization Session - used only in the context of TPM2_GetCapability */ 687 #define TPM_HT_POLICY_SESSION 0x03 /* Policy Authorization Session - assigned by the TPM when the session is created */ 688 #define TPM_HT_SAVED_SESSION 0x03 /* Saved Authorization Session - used only in the context of TPM2_GetCapability */ 689 #define TPM_HT_PERMANENT 0x40 /* Permanent Values - assigned by this specification in Table 27 */ 690 #define TPM_HT_TRANSIENT 0x80 /* Transient Objects - assigned by the TPM when an object is 691 loaded into transient-object memory or when a persistent 692 object is converted to a transient object */ 693 #define TPM_HT_PERSISTENT 0x81 /* Persistent Objects - assigned by the TPM when a loaded 694 transient object is made persistent */ 695 696 /* Table 28 - Definition of (TPM_HANDLE) TPM_RH Constants <S> */ 697 698 typedef TPM_HANDLE TPM_RH; 699 700 #define TPM_RH_FIRST 0x40000000 /* R */ 701 #define TPM_RH_SRK 0x40000000 /* R not used1 */ 702 #define TPM_RH_OWNER 0x40000001 /* K, A, P handle references the Storage Primary 703 Seed (SPS), the ownerAuth, and the ownerPolicy */ 704 #define TPM_RH_REVOKE 0x40000002 /* R not used1 */ 705 #define TPM_RH_TRANSPORT 0x40000003 /* R not used1 */ 706 #define TPM_RH_OPERATOR 0x40000004 /* R not used1 */ 707 #define TPM_RH_ADMIN 0x40000005 /* R not used1 */ 708 #define TPM_RH_EK 0x40000006 /* R not used1 */ 709 #define TPM_RH_NULL 0x40000007 /* K, A, P a handle associated with the null 710 hierarchy, an EmptyAuth authValue, and an Empty 711 Policy authPolicy. */ 712 #define TPM_RH_UNASSIGNED 0x40000008 /* R value reserved to the TPM to indicate a handle 713 location that has not been initialized or 714 assigned */ 715 #define TPM_RS_PW 0x40000009 /* S authorization value used to indicate a password 716 authorization session */ 717 #define TPM_RH_LOCKOUT 0x4000000A /* A references the authorization associated with 718 the dictionary attack lockout reset */ 719 #define TPM_RH_ENDORSEMENT 0x4000000B /* K, A, P references the Endorsement Primary Seed 720 (EPS), endorsementAuth, and endorsementPolicy */ 721 #define TPM_RH_PLATFORM 0x4000000C /* K, A, P references the Platform Primary Seed 722 (PPS), platformAuth, and platformPolicy */ 723 #define TPM_RH_PLATFORM_NV 0x4000000D /* C for phEnableNV */ 724 #define TPM_RH_AUTH_00 0x40000010 /* A Start of a range of authorization values that 725 are vendor-specific. A TPM may support any of 726 the values in this range as are needed for 727 vendor-specific purposes. Disabled if ehEnable is CLEAR. */ 728 #define TPM_RH_AUTH_FF 0x4000010F /* A End of the range of vendor-specific 729 authorization values. */ 730 #define TPM_RH_LAST 0x4000010F /* R the top of the reserved handle area */ 731 732 /* Table 29 - Definition of (TPM_HANDLE) TPM_HC Constants <S> */ 733 734 typedef TPM_HANDLE TPM_HC; 735 #define HR_HANDLE_MASK 0x00FFFFFF /* to mask off the HR */ 736 #define HR_RANGE_MASK 0xFF000000 /* to mask off the variable part */ 737 #define HR_SHIFT 24 738 #define HR_PCR ((TPM_HT_PCR) << HR_SHIFT) 739 #define HR_HMAC_SESSION (TPM_HT_HMAC_SESSION << HR_SHIFT) 740 #define HR_POLICY_SESSION (TPM_HT_POLICY_SESSION << HR_SHIFT) 741 #define HR_TRANSIENT (TPM_HC)((((UINT32)TPM_HT_TRANSIENT) << HR_SHIFT)) 742 #define HR_PERSISTENT (TPM_HC)((((UINT32)TPM_HT_PERSISTENT) << HR_SHIFT)) 743 #define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT) 744 #define HR_PERMANENT (TPM_HT_PERMANENT << HR_SHIFT) 745 #define PCR_FIRST (HR_PCR + 0) /* first PCR */ 746 #define PCR_LAST (HR_PCR | HR_HANDLE_MASK) /* last PCR in range */ 747 #define HMAC_SESSION_FIRST (HR_HMAC_SESSION + 0) /* first HMAC session */ 748 #define HMAC_SESSION_LAST (HMAC_SESSION_FIRST | HR_HANDLE_MASK) /* last HMAC session */ 749 #define LOADED_SESSION_FIRST HMAC_SESSION_FIRST /* used in GetCapability */ 750 #define LOADED_SESSION_LAST HMAC_SESSION_LAST /* used in GetCapability */ 751 #define POLICY_SESSION_FIRST (HR_POLICY_SESSION + 0) /* first policy session */ 752 #define POLICY_SESSION_LAST (POLICY_SESSION_FIRST | HR_HANDLE_MASK) /* last policy session */ 753 #define TRANSIENT_FIRST ((UINT32)(HR_TRANSIENT + 0)) /* first transient object */ 754 #define ACTIVE_SESSION_FIRST POLICY_SESSION_FIRST /* used in GetCapability */ 755 #define ACTIVE_SESSION_LAST POLICY_SESSION_LAST /* used in GetCapability */ 756 #define TRANSIENT_LAST ((UINT32)(TRANSIENT_FIRST | HR_HANDLE_MASK)) /* last transient object */ 757 #define PERSISTENT_FIRST ((UINT32)(HR_PERSISTENT + 0)) /* first persistent object */ 758 #define PERSISTENT_LAST ((UINT32)(PERSISTENT_FIRST | HR_HANDLE_MASK)) /* last persistent object */ 759 #define PLATFORM_PERSISTENT (PERSISTENT_FIRST + 0x00800000) /* first platform persistent object */ 760 #define NV_INDEX_FIRST (HR_NV_INDEX + 0) /* first allowed NV Index */ 761 #define NV_INDEX_LAST (NV_INDEX_FIRST | HR_HANDLE_MASK) /* last allowed NV Index */ 762 #define PERMANENT_FIRST TPM_RH_FIRST 763 #define PERMANENT_LAST TPM_RH_LAST 764 765 /* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */ 766 767 #if defined TPM_BITFIELD_LE 768 769 typedef union { 770 struct { 771 unsigned int asymmetric : 1; /* 0 an asymmetric algorithm with public and private portions */ 772 unsigned int symmetric : 1; /* 1 a symmetric block cipher */ 773 unsigned int hash : 1; /* a hash algorithm */ 774 unsigned int object : 1; /* an algorithm that may be used as an object type */ 775 unsigned int Reserved1 : 4; /* 7:4 */ 776 unsigned int signing : 1; /* 8 a signing algorithm */ 777 unsigned int encrypting : 1; /* 9 an encryption/decryption algorithm */ 778 unsigned int method : 1; /* 10 a method such as a key derivative function (KDF) */ 779 unsigned int Reserved2 : 21; /* 31:11 */ 780 }; 781 UINT32 val; 782 } TPMA_ALGORITHM; 783 784 #elif defined TPM_BITFIELD_BE 785 786 typedef union { 787 struct { 788 unsigned int Reserved2 : 21; /* 31:11 */ 789 unsigned int method : 1; /* 10 a method such as a key derivative function (KDF) */ 790 unsigned int encrypting : 1; /* 9 an encryption/decryption algorithm */ 791 unsigned int signing : 1; /* 8 a signing algorithm */ 792 unsigned int Reserved1 : 4; /* 7:4 */ 793 unsigned int object : 1; /* an algorithm that may be used as an object type */ 794 unsigned int hash : 1; /* a hash algorithm */ 795 unsigned int symmetric : 1; /* 1 a symmetric block cipher */ 796 unsigned int asymmetric : 1; /* 0 an asymmetric algorithm with public and private portions */ 797 }; 798 UINT32 val; 799 } TPMA_ALGORITHM; 800 801 #else 802 803 typedef struct { 804 UINT32 val; 805 } TPMA_ALGORITHM; 806 807 #endif 808 809 #define TPMA_ALGORITHM_ASYMMETRIC 0x00000001 810 #define TPMA_ALGORITHM_SYMMETRIC 0x00000002 811 #define TPMA_ALGORITHM_HASH 0x00000004 812 #define TPMA_ALGORITHM_OBJECT 0x00000008 813 #define TPMA_ALGORITHM_RESERVED1 0x000000f0 814 #define TPMA_ALGORITHM_SIGNING 0x00000100 815 #define TPMA_ALGORITHM_ENCRYPTING 0x00000200 816 #define TPMA_ALGORITHM_METHOD 0x00000400 817 #define TPMA_ALGORITHM_RESERVED2 0xfffff800 818 819 #define TPMA_ALGORITHM_RESERVED ( \ 820 TPMA_ALGORITHM_RESERVED1 | \ 821 TPMA_ALGORITHM_RESERVED2 ) 822 823 /* Table 31 - Definition of (UINT32) TPMA_OBJECT Bits */ 824 825 #if defined TPM_BITFIELD_LE 826 827 typedef union { 828 struct { 829 unsigned int Reserved1 : 1; /* 0 shall be zero */ 830 unsigned int fixedTPM : 1; /* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */ 831 unsigned int stClear : 1; /* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */ 832 unsigned int Reserved2 : 1; /* 3 shall be zero */ 833 unsigned int fixedParent : 1; /* 4 The parent of the object may not change. */ 834 unsigned int sensitiveDataOrigin : 1; /* 5 the TPM generated all of the sensitive data other than the authValue. */ 835 unsigned int userWithAuth : 1; /* 6 HMAC session or with a password */ 836 unsigned int adminWithPolicy : 1; /* 7 policy session. */ 837 unsigned int Reserved3 : 2; /* 9:8 shall be zero */ 838 unsigned int noDA : 1; /* 10 The object is not subject to dictionary attack protections. */ 839 unsigned int encryptedDuplication : 1; /* 11 */ 840 unsigned int Reserved4 : 4; /* 15:12 shall be zero */ 841 unsigned int restricted : 1; /* 16 Key usage is restricted to manipulate structures of known format */ 842 unsigned int decrypt : 1; /* 17 The private portion of the key may be used to decrypt. */ 843 unsigned int sign : 1; /* 18 For a symmetric cipher object, the private 844 portion of the key may be used to encrypt. For 845 other objects, the private portion of the key may 846 be used to sign. */ 847 unsigned int Reserved5 : 13; /* 31:19 shall be zero */ 848 }; 849 UINT32 val; 850 } TPMA_OBJECT; 851 852 #elif defined TPM_BITFIELD_BE 853 854 typedef union { 855 struct { 856 unsigned int Reserved5 : 13; /* 31:19 shall be zero */ 857 unsigned int sign : 1; /* 18 For a symmetric cipher object, the private 858 portion of the key may be used to encrypt. For 859 other objects, the private portion of the key may 860 be used to sign. */ 861 unsigned int decrypt : 1; /* 17 The private portion of the key may be used to decrypt. */ 862 unsigned int restricted : 1; /* 16 Key usage is restricted to manipulate structures of known format */ 863 unsigned int Reserved4 : 4; /* 15:12 shall be zero */ 864 unsigned int encryptedDuplication : 1; /* 11 */ 865 unsigned int noDA : 1; /* 10 The object is not subject to dictionary attack protections. */ 866 unsigned int Reserved3 : 2; /* 9:8 shall be zero */ 867 unsigned int adminWithPolicy : 1; /* 7 policy session. */ 868 unsigned int userWithAuth : 1; /* 6 HMAC session or with a password */ 869 unsigned int sensitiveDataOrigin : 1; /* 5 the TPM generated all of the sensitive data other than the authValue. */ 870 unsigned int fixedParent : 1; /* 4 The parent of the object may not change. */ 871 unsigned int Reserved2 : 1; /* 3 shall be zero */ 872 unsigned int stClear : 1; /* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */ 873 unsigned int fixedTPM : 1; /* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */ 874 unsigned int Reserved1 : 1; /* 0 shall be zero */ 875 }; 876 UINT32 val; 877 } TPMA_OBJECT; 878 879 #else 880 881 typedef struct { 882 UINT32 val; 883 } TPMA_OBJECT; 884 885 #endif 886 887 #define TPMA_OBJECT_RESERVED1 0x00000001 888 #define TPMA_OBJECT_FIXEDTPM 0x00000002 889 #define TPMA_OBJECT_STCLEAR 0x00000004 890 #define TPMA_OBJECT_RESERVED2 0x00000008 891 #define TPMA_OBJECT_FIXEDPARENT 0x00000010 892 #define TPMA_OBJECT_SENSITIVEDATAORIGIN 0x00000020 893 #define TPMA_OBJECT_USERWITHAUTH 0x00000040 894 #define TPMA_OBJECT_ADMINWITHPOLICY 0x00000080 895 #define TPMA_OBJECT_RESERVED3 0x00000300 896 #define TPMA_OBJECT_NODA 0x00000400 897 #define TPMA_OBJECT_ENCRYPTEDDUPLICATION 0x00000800 898 #define TPMA_OBJECT_RESERVED4 0x0000f000 899 #define TPMA_OBJECT_RESTRICTED 0x00010000 900 #define TPMA_OBJECT_DECRYPT 0x00020000 901 #define TPMA_OBJECT_SIGN 0x00040000 902 #define TPMA_OBJECT_RESERVED5 0xfff80000 903 904 #define TPMA_OBJECT_RESERVED ( \ 905 TPMA_OBJECT_RESERVED1 | \ 906 TPMA_OBJECT_RESERVED2 | \ 907 TPMA_OBJECT_RESERVED3 | \ 908 TPMA_OBJECT_RESERVED4 | \ 909 TPMA_OBJECT_RESERVED5 ) 910 911 /* Table 32 - Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> */ 912 913 #if defined TPM_BITFIELD_LE 914 915 typedef union { 916 struct { 917 unsigned int continueSession : 1; /* 0 the session is to remain active after successful completion of the command */ 918 unsigned int auditExclusive : 1; /* 1 executed if the session is exclusive at the start of the command */ 919 unsigned int auditReset : 1; /* 2 audit digest of the session should be initialized */ 920 unsigned int Reserved : 2; /* 4:3 shall be CLEAR */ 921 unsigned int decrypt : 1; /* 5 first parameter in the command is symmetrically encrypted */ 922 unsigned int encrypt : 1; /* 6 TPM should use this session to encrypt the first parameter in the response */ 923 unsigned int audit : 1; /* 7 session is for audit */ 924 }; 925 UINT8 val; 926 } TPMA_SESSION; 927 928 #elif defined TPM_BITFIELD_BE 929 930 typedef union { 931 struct { 932 unsigned int audit : 1; /* 7 session is for audit */ 933 unsigned int encrypt : 1; /* 6 TPM should use this session to encrypt the first parameter in the response */ 934 unsigned int decrypt : 1; /* 5 first parameter in the command is symmetrically encrypted */ 935 unsigned int Reserved : 2; /* 4:3 shall be CLEAR */ 936 unsigned int auditReset : 1; /* 2 audit digest of the session should be initialized */ 937 unsigned int auditExclusive : 1; /* 1 executed if the session is exclusive at the start of the command */ 938 unsigned int continueSession : 1; /* 0 the session is to remain active after successful completion of the command */ 939 }; 940 UINT8 val; 941 } TPMA_SESSION; 942 943 #else 944 945 typedef struct { 946 UINT8 val; 947 } TPMA_SESSION; 948 949 #endif 950 951 #define TPMA_SESSION_CONTINUESESSION 0x01 952 #define TPMA_SESSION_AUDITEXCLUSIVE 0x02 953 #define TPMA_SESSION_AUDITRESET 0x04 954 #define TPMA_SESSION_DECRYPT 0x20 955 #define TPMA_SESSION_ENCRYPT 0x40 956 #define TPMA_SESSION_AUDIT 0x80 957 958 #define TPMA_SESSION_RESERVED 0x18 959 960 /* Table 33 - Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> */ 961 962 #if defined TPM_BITFIELD_LE 963 964 typedef union { 965 struct { 966 unsigned int TPM_LOC_ZERO : 1; /* 0 */ 967 unsigned int TPM_LOC_ONE : 1; /* 1 */ 968 unsigned int TPM_LOC_TWO : 1; /* 2 */ 969 unsigned int TPM_LOC_THREE : 1; /* 3 */ 970 unsigned int TPM_LOC_FOUR : 1; /* 4 */ 971 unsigned int Extended : 3; /* 7:5 */ 972 }; 973 UINT8 val; 974 } TPMA_LOCALITY; 975 976 #elif defined TPM_BITFIELD_BE 977 978 typedef union { 979 struct { 980 unsigned int Extended : 3; /* 7:5 */ 981 unsigned int TPM_LOC_FOUR : 1; /* 4 */ 982 unsigned int TPM_LOC_THREE : 1; /* 3 */ 983 unsigned int TPM_LOC_TWO : 1; /* 2 */ 984 unsigned int TPM_LOC_ONE : 1; /* 1 */ 985 unsigned int TPM_LOC_ZERO : 1; /* 0 */ 986 }; 987 UINT8 val; 988 } TPMA_LOCALITY; 989 990 #else 991 992 typedef struct { 993 UINT8 val; 994 } TPMA_LOCALITY; 995 996 #endif 997 998 #define TPMA_LOCALITY_ZERO 0x01 999 #define TPMA_LOCALITY_ONE 0x02 1000 #define TPMA_LOCALITY_TWO 0x04 1001 #define TPMA_LOCALITY_THREE 0x08 1002 #define TPMA_LOCALITY_FOUR 0x10 1003 #define TPMA_LOCALITY_EXTENDED 0xe0 1004 1005 /* Table 34 - Definition of (UINT32) TPMA_PERMANENT Bits <OUT> */ 1006 1007 #if defined TPM_BITFIELD_LE 1008 1009 typedef union { 1010 struct { 1011 unsigned int ownerAuthSet : 1; /* 0 TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */ 1012 unsigned int endorsementAuthSet : 1; /* 1 TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */ 1013 unsigned int lockoutAuthSet : 1; /* 2 TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */ 1014 unsigned int Reserved1 : 5; /* 7:3 */ 1015 unsigned int disableClear : 1; /* 8 TPM2_Clear() is disabled. */ 1016 unsigned int inLockout : 1; /* 9 The TPM is in lockout and commands that require authorization 1017 with other than Platform Authorization or Lockout Authorization will not succeed. */ 1018 unsigned int tpmGeneratedEPS : 1; /* 10 The EPS was created by the TPM. */ 1019 unsigned int Reserved2 : 21; /* 31:11 */ 1020 }; 1021 UINT32 val; 1022 } TPMA_PERMANENT; 1023 1024 #elif defined TPM_BITFIELD_BE 1025 1026 typedef union { 1027 struct { 1028 unsigned int Reserved2 : 21; /* 31:11 */ 1029 unsigned int tpmGeneratedEPS : 1; /* 10 The EPS was created by the TPM. */ 1030 unsigned int inLockout : 1; /* 9 The TPM is in lockout and commands that require authorization with other than Platform Authorization will not succeed. */ 1031 unsigned int disableClear : 1; /* 8 TPM2_Clear() is disabled. */ 1032 unsigned int Reserved1 : 5; /* 7:3 */ 1033 unsigned int lockoutAuthSet : 1; /* 2 TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */ 1034 unsigned int endorsementAuthSet : 1; /* 1 TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */ 1035 unsigned int ownerAuthSet : 1; /* 0 TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */ 1036 }; 1037 UINT32 val; 1038 } TPMA_PERMANENT; 1039 1040 #else 1041 1042 typedef struct { 1043 UINT32 val; 1044 } TPMA_PERMANENT; 1045 1046 #endif 1047 1048 #define TPMA_PERMANENT_OWNERAUTHSET 0x00000001 1049 #define TPMA_PERMANENT_ENDORSEMENTAUTHSET 0x00000002 1050 #define TPMA_PERMANENT_LOCKOUTAUTHSET 0x00000004 1051 #define TPMA_PERMANENT_RESERVED1 0x000000f8 1052 #define TPMA_PERMANENT_DISABLECLEAR 0x00000100 1053 #define TPMA_PERMANENT_INLOCKOUT 0x00000200 1054 #define TPMA_PERMANENT_TPMGENERATEDEPS 0x00000400 1055 #define TPMA_PERMANENT_RESERVED2 0xfffff800 1056 1057 /* Table 35 - Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT> */ 1058 1059 #if defined TPM_BITFIELD_LE 1060 1061 typedef union { 1062 struct { 1063 unsigned int phEnable : 1; /* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */ 1064 unsigned int shEnable : 1; /* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */ 1065 unsigned int ehEnable : 1; /* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */ 1066 unsigned int phEnableNV : 1; /* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. */ 1067 unsigned int Reserved : 27; /* 30:4 shall be zero */ 1068 unsigned int orderly : 1; /* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */ 1069 }; 1070 UINT32 val; 1071 } TPMA_STARTUP_CLEAR; 1072 1073 #elif defined TPM_BITFIELD_BE 1074 1075 typedef union { 1076 struct { 1077 unsigned int orderly : 1; /* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */ 1078 unsigned int Reserved : 27; /* 30:4 shall be zero */ 1079 unsigned int phEnableNV : 1; /* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. */ 1080 unsigned int ehEnable : 1; /* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */ 1081 unsigned int shEnable : 1; /* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */ 1082 unsigned int phEnable : 1; /* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */ 1083 }; 1084 UINT32 val; 1085 } TPMA_STARTUP_CLEAR; 1086 1087 #else 1088 1089 typedef struct { 1090 UINT32 val; 1091 } TPMA_STARTUP_CLEAR; 1092 1093 #endif 1094 1095 #define TPMA_STARTUP_CLEAR_PHENABLE 0x00000001 1096 #define TPMA_STARTUP_CLEAR_SHENABLE 0x00000002 1097 #define TPMA_STARTUP_CLEAR_EHENABLE 0x00000004 1098 #define TPMA_STARTUP_CLEAR_PHENABLENV 0x00000008 1099 #define TPMA_STARTUP_CLEAR_RESERVED 0x7ffffff0 1100 #define TPMA_STARTUP_CLEAR_ORDERLY 0x80000000 1101 1102 /* Table 36 - Definition of (UINT32) TPMA_MEMORY Bits <Out> */ 1103 1104 #if defined TPM_BITFIELD_LE 1105 1106 typedef union { 1107 struct { 1108 unsigned int sharedRAM : 1; /* 0 RAM memory used for authorization session contexts is shared with the memory used for transient objects */ 1109 unsigned int sharedNV : 1; /* 1 indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */ 1110 unsigned int objectCopiedToRam : 1; /* 2 indicates that the TPM copies persistent objects to a transient-object slot in RAM */ 1111 unsigned int Reserved : 29; /* 31:3 shall be zero */ 1112 }; 1113 UINT32 val; 1114 } TPMA_MEMORY; 1115 1116 #elif defined TPM_BITFIELD_BE 1117 1118 typedef union { 1119 struct { 1120 unsigned int Reserved : 29; /* 31:3 shall be zero */ 1121 unsigned int objectCopiedToRam : 1; /* 2 indicates that the TPM copies persistent objects to a transient-object slot in RAM */ 1122 unsigned int sharedNV : 1; /* 1 indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */ 1123 unsigned int sharedRAM : 1; /* 0 RAM memory used for authorization session contexts is shared with the memory used for transient objects */ 1124 }; 1125 UINT32 val; 1126 } TPMA_MEMORY; 1127 1128 #else 1129 1130 typedef struct { 1131 UINT32 val; 1132 } TPMA_MEMORY; 1133 1134 #endif 1135 1136 #define TPMA_MEMORY_SHAREDRAM 0x00000001 1137 #define TPMA_MEMORY_SHAREDNV 0x00000002 1138 #define TPMA_MEMORY_OBJECTCOPIEDTORAM 0x00000004 1139 #define TPMA_MEMORY_RESERVED 0xfffffff8 1140 1141 /* Table 37 - Definition of (TPM_CC) TPMA_CC Bits <OUT> */ 1142 1143 #if defined TPM_BITFIELD_LE 1144 1145 typedef union { 1146 struct { 1147 unsigned int commandIndex : 16; /* 15:0 indicates the command being selected */ 1148 unsigned int Reserved : 6; /* 21:16 shall be zero */ 1149 unsigned int nv : 1; /* 22 indicates that the command may write to NV */ 1150 unsigned int extensive : 1; /* 23 This command could flush any number of loaded contexts. */ 1151 unsigned int flushed : 1; /* 24 The context associated with any transient handle in the command will be flushed when this command completes. */ 1152 unsigned int cHandles : 3; /* 27:25 indicates the number of the handles in the handle area for this command */ 1153 unsigned int rHandle : 1; /* 28 indicates the presence of the handle area in the input */ 1154 unsigned int V : 1; /* 29 indicates that the command is vendor-specific */ 1155 unsigned int Res : 2; /* 31:30 allocated for software; shall be zero */ 1156 }; 1157 UINT32 val; 1158 } TPMA_CC; 1159 1160 #elif defined TPM_BITFIELD_BE 1161 1162 typedef union { 1163 struct { 1164 unsigned int Res : 2; /* 31:30 allocated for software; shall be zero */ 1165 unsigned int V : 1; /* 29 indicates that the command is vendor-specific */ 1166 unsigned int rHandle : 1; /* 28 indicates the presence of the handle area in the input */ 1167 unsigned int cHandles : 3; /* 27:25 indicates the number of the handles in the handle area for this command */ 1168 unsigned int flushed : 1; /* 24 The context associated with any transient handle in the command will be flushed when this command completes. */ 1169 unsigned int extensive : 1; /* 23 This command could flush any number of loaded contexts. */ 1170 unsigned int nv : 1; /* 22 indicates that the command may write to NV */ 1171 unsigned int Reserved : 6; /* 21:16 shall be zero */ 1172 unsigned int commandIndex : 16; /* 15:0 indicates the command being selected */ 1173 }; 1174 UINT32 val; 1175 } TPMA_CC; 1176 1177 #else 1178 1179 typedef union { 1180 struct { 1181 UINT32 val; 1182 }; 1183 } TPMA_CC; 1184 1185 #endif 1186 1187 #define TPMA_CC_COMMANDINDEX 0x0000ffff 1188 #define TPMA_CC_RESERVED1 0x003f0000 1189 #define TPMA_CC_NV 0x00400000 1190 #define TPMA_CC_EXTENSIVE 0x00800000 1191 #define TPMA_CC_FLUSHED 0x01000000 1192 #define TPMA_CC_CHANDLES 0x0e000000 1193 #define TPMA_CC_RHANDLE 0x10000000 1194 #define TPMA_CC_V 0x20000000 1195 #define TPMA_CC_RES 0xc0000000 1196 #define TPMA_CC_RESERVED (0x003f0000 | 0xc0000000) 1197 1198 /* Table 38 - Definition of (UINT32) TPMA_MODES Bits <Out> */ 1199 1200 #if defined TPM_BITFIELD_LE 1201 1202 typedef union { 1203 struct { 1204 unsigned int FIPS_140_2 : 1; /* 0 indicates that the TPM is designed to comply with all of the FIPS 140-2 requirements at Level 1 or higher */ 1205 unsigned int Reserved : 31; /* 31:1 shall be zero */ 1206 }; 1207 UINT32 val; 1208 } TPMA_MODES; 1209 1210 #elif defined TPM_BITFIELD_BE 1211 1212 typedef union { 1213 struct { 1214 unsigned int Reserved : 31; /* 31:1 shall be zero */ 1215 unsigned int FIPS_140_2 : 1; /* 0 indicates that the TPM is designed to comply with all of the FIPS 140-2 requirements at Level 1 or higher */ 1216 }; 1217 UINT32 val; 1218 } TPMA_MODES; 1219 1220 #else 1221 1222 typedef struct { 1223 UINT32 val; 1224 } TPMA_MODES; 1225 1226 #endif 1227 1228 #define TPMA_MODES_FIPS_140_2 0x00000001 1229 1230 /* Table 38 - Definition of (BYTE) TPMI_YES_NO Type */ 1231 1232 typedef BYTE TPMI_YES_NO; 1233 1234 #define NO 0 1235 #define YES 1 1236 1237 /* Table 39 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ 1238 1239 typedef TPM_HANDLE TPMI_DH_OBJECT; 1240 1241 /* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PARENT Type */ 1242 1243 typedef TPM_HANDLE TPMI_DH_PARENT; 1244 1245 /* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ 1246 1247 typedef TPM_HANDLE TPMI_DH_PERSISTENT; 1248 1249 /* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> */ 1250 1251 typedef TPM_HANDLE TPMI_DH_ENTITY; 1252 1253 /* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> */ 1254 1255 typedef TPM_HANDLE TPMI_DH_PCR; 1256 1257 /* Table 43 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> */ 1258 1259 typedef TPM_HANDLE TPMI_SH_AUTH_SESSION; 1260 1261 /* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> */ 1262 1263 typedef TPM_HANDLE TPMI_SH_HMAC; 1264 1265 /* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> */ 1266 1267 typedef TPM_HANDLE TPMI_SH_POLICY; 1268 1269 /* Table 46 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ 1270 1271 typedef TPM_HANDLE TPMI_DH_CONTEXT; 1272 1273 /* Table 49 - Definition of (TPM_HANDLE) TPMI_DH_SAVED Type */ 1274 1275 typedef TPM_HANDLE TPMI_DH_SAVED; 1276 1277 /* Table 47 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ 1278 1279 typedef TPM_HANDLE TPMI_RH_HIERARCHY; 1280 1281 /* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ 1282 1283 typedef TPM_HANDLE TPMI_RH_ENABLES; 1284 1285 /* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> */ 1286 1287 typedef TPM_HANDLE TPMI_RH_HIERARCHY_AUTH; 1288 1289 /* Table 2:55 - Definition of TPMI_RH_HIERARCHY_POLICY Type */ 1290 1291 typedef TPM_HANDLE TPMI_RH_HIERARCHY_POLICY; 1292 1293 /* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> */ 1294 1295 typedef TPM_HANDLE TPMI_RH_PLATFORM; 1296 1297 /* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN> */ 1298 1299 typedef TPM_HANDLE TPMI_RH_OWNER; 1300 1301 /* Table 52 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> */ 1302 1303 typedef TPM_HANDLE TPMI_RH_ENDORSEMENT; 1304 1305 /* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> */ 1306 1307 typedef TPM_HANDLE TPMI_RH_PROVISION; 1308 1309 /* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> */ 1310 1311 typedef TPM_HANDLE TPMI_RH_CLEAR; 1312 1313 /* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> */ 1314 1315 typedef TPM_HANDLE TPMI_RH_NV_AUTH; 1316 1317 /* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> */ 1318 1319 typedef TPM_HANDLE TPMI_RH_LOCKOUT; 1320 1321 /* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> */ 1322 1323 typedef TPM_HANDLE TPMI_RH_NV_INDEX; 1324 1325 /* Table 58 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ 1326 1327 typedef TPM_ALG_ID TPMI_ALG_HASH; 1328 1329 /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type */ 1330 1331 typedef TPM_ALG_ID TPMI_ALG_ASYM; 1332 1333 /* Table 60 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ 1334 1335 typedef TPM_ALG_ID TPMI_ALG_SYM; 1336 1337 /* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ 1338 1339 typedef TPM_ALG_ID TPMI_ALG_SYM_OBJECT; 1340 1341 /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ 1342 1343 typedef TPM_ALG_ID TPMI_ALG_SYM_MODE; 1344 1345 /* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ 1346 1347 typedef TPM_ALG_ID TPMI_ALG_KDF; 1348 1349 /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ 1350 1351 typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME; 1352 1353 /* Table 65 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ 1354 1355 typedef TPM_ALG_ID TPMI_ECC_KEY_EXCHANGE; 1356 1357 /* Table 66 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ 1358 1359 typedef TPM_ST TPMI_ST_COMMAND_TAG; 1360 1361 /* Table 71 - Definition of (TPM_ALG_ID) TPMI_ALG_MAC_SCHEME Type */ 1362 1363 typedef TPM_ALG_ID TPMI_ALG_MAC_SCHEME; 1364 1365 /* Table 72 - Definition of (TPM_ALG_ID) TPMI_ALG_CIPHER_MODE Type */ 1366 1367 typedef TPM_ALG_ID TPMI_ALG_CIPHER_MODE; 1368 1369 /* Table 67 - Definition of TPMS_EMPTY Structure <IN/OUT> */ 1370 1371 typedef struct { 1372 /* a structure with no member */ 1373 BYTE empty[0]; 1374 } TPMS_EMPTY; 1375 1376 /* Table 68 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> */ 1377 typedef struct { 1378 TPM_ALG_ID alg; /* an algorithm */ 1379 TPMA_ALGORITHM attributes; /* the attributes of the algorithm */ 1380 } TPMS_ALGORITHM_DESCRIPTION; 1381 1382 /* Table 69 - Definition of TPMU_HA Union <IN/OUT, S> */ 1383 1384 typedef union { 1385 BYTE sha1 [SHA1_DIGEST_SIZE]; /* TPM_ALG_SHA1 */ 1386 BYTE sha256 [SHA256_DIGEST_SIZE]; /* TPM_ALG_SHA256 */ 1387 BYTE sha384 [SHA384_DIGEST_SIZE]; /* TPM_ALG_SHA384 */ 1388 BYTE sha512 [SHA512_DIGEST_SIZE]; /* TPM_ALG_SHA512 */ 1389 BYTE sm3_256 [SM3_256_DIGEST_SIZE]; /* TPM_ALG_SM3_256 */ 1390 BYTE tssmax [128]; /* to make union size larger */ 1391 1392 } TPMU_HA; 1393 1394 /* legacy, better to use (sizeof(TPMU_HA) */ 1395 1396 #define MAX_DIGEST_SIZE (sizeof(TPMU_HA)) 1397 1398 /* Table 70 - Definition of TPMT_HA Structure <IN/OUT> */ 1399 1400 typedef struct { 1401 TPMI_ALG_HASH hashAlg; /* selector of the hash contained in the digest that implies the size of the digest */ 1402 TPMU_HA digest; /* the digest data */ 1403 } TPMT_HA; 1404 1405 /* Table 71 - Definition of TPM2B_DIGEST Structure */ 1406 1407 typedef struct { 1408 UINT16 size; 1409 BYTE buffer[sizeof(TPMU_HA)]; 1410 } DIGEST_2B; 1411 1412 typedef union { 1413 DIGEST_2B t; 1414 TPM2B b; 1415 } TPM2B_DIGEST; 1416 1417 /* Table 72 - Definition of TPM2B_DATA Structure */ 1418 1419 typedef struct { 1420 UINT16 size; /* size in octets of the buffer field; may be 0 */ 1421 BYTE buffer[sizeof(TPMT_HA)]; 1422 } DATA_2B; 1423 1424 typedef union { 1425 DATA_2B t; 1426 TPM2B b; 1427 } TPM2B_DATA; 1428 1429 /* Table 73 - Definition of Types for TPM2B_NONCE */ 1430 1431 typedef TPM2B_DIGEST TPM2B_NONCE; /* size limited to the same as the digest structure */ 1432 1433 /* Table 74 - Definition of Types for TPM2B_AUTH */ 1434 1435 typedef TPM2B_DIGEST TPM2B_AUTH; /* size limited to the same as the digest structure */ 1436 1437 /* This is not in Part 2, but the concatenation of two digests to create an HMAC key is used often 1438 enough that it's worth putting in a central location. 1439 1440 In Part 1 19.6.8 sessionKey Creation - authValue || salt. 1441 In Part 1 19.6.5 HMAC Computation - sessionKey || authValue 1442 1443 I think both could be TPMU_HA, but the TPM reference code seems to use TPMT_HA. 1444 */ 1445 1446 typedef struct { 1447 UINT16 size; 1448 BYTE buffer[sizeof(TPMU_HA) + /* TPM2B_AUTH authValue */ 1449 sizeof(TPMT_HA)]; /* salt */ 1450 } KEY_2B; 1451 1452 typedef union { 1453 KEY_2B t; 1454 TPM2B b; 1455 } TPM2B_KEY; 1456 1457 /* Table 75 - Definition of Types for TPM2B_OPERAND */ 1458 1459 typedef TPM2B_DIGEST TPM2B_OPERAND; /* size limited to the same as the digest structure */ 1460 1461 /* Table 76 - Definition of TPM2B_EVENT Structure */ 1462 1463 typedef struct { 1464 UINT16 size; /* size of the operand */ 1465 BYTE buffer [1024]; /* the operand */ 1466 } EVENT_2B; 1467 1468 typedef union { 1469 EVENT_2B t; 1470 TPM2B b; 1471 } TPM2B_EVENT; 1472 1473 /* Table 77 - Definition of TPM2B_MAX_BUFFER Structure */ 1474 1475 /* MAX_DIGEST_BUFFER is TPM-dependent but is required to be at least 1,024. */ 1476 1477 typedef struct { 1478 UINT16 size; /* size of the buffer */ 1479 BYTE buffer [MAX_DIGEST_BUFFER]; /* the operand */ 1480 } MAX_BUFFER_2B; 1481 1482 typedef union { 1483 MAX_BUFFER_2B t; 1484 TPM2B b; 1485 } TPM2B_MAX_BUFFER; 1486 1487 /* Table 78 - Definition of TPM2B_MAX_NV_BUFFER Structure */ 1488 1489 typedef struct { 1490 UINT16 size; /* size of the buffer */ 1491 BYTE buffer [MAX_NV_BUFFER_SIZE]; /* the operand */ 1492 } MAX_NV_BUFFER_2B; 1493 1494 typedef union { 1495 MAX_NV_BUFFER_2B t; 1496 TPM2B b; 1497 } TPM2B_MAX_NV_BUFFER; 1498 1499 /* Table 79 - Definition of TPM2B_TIMEOUT Structure <IN/OUT> */ 1500 1501 typedef TPM2B_DIGEST TPM2B_TIMEOUT; /* size limited to the same as the digest structure */ 1502 1503 /* Table 80 - Definition of TPM2B_IV Structure <IN/OUT> */ 1504 1505 typedef struct { 1506 UINT16 size; /* size of the IV value */ 1507 BYTE buffer [MAX_SYM_BLOCK_SIZE]; /* the IV value */ 1508 } IV_2B; 1509 1510 typedef union { 1511 IV_2B t; 1512 TPM2B b; 1513 } TPM2B_IV; 1514 1515 /* Table 81 - Definition of TPMU_NAME Union <> */ 1516 1517 typedef union { 1518 TPMT_HA digest; /* when the Name is a digest */ 1519 TPM_HANDLE handle; /* when the Name is a handle */ 1520 } TPMU_NAME; 1521 1522 /* Table 82 - Definition of TPM2B_NAME Structure */ 1523 1524 typedef struct { 1525 UINT16 size; /* size of the Name structure */ 1526 BYTE name[sizeof(TPMU_NAME)]; /* the Name structure */ 1527 } NAME_2B; 1528 1529 typedef union { 1530 NAME_2B t; 1531 TPM2B b; 1532 } TPM2B_NAME; 1533 1534 /* Table 83 - Definition of TPMS_PCR_SELECT Structure */ 1535 1536 typedef struct { 1537 UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ 1538 BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of selected PCR */ 1539 } TPMS_PCR_SELECT; 1540 1541 /* Table 84 - Definition of TPMS_PCR_SELECTION Structure */ 1542 1543 typedef struct { 1544 TPMI_ALG_HASH hash; /* the hash algorithm associated with the selection */ 1545 UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ 1546 BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of selected PCR */ 1547 } TPMS_PCR_SELECTION; 1548 1549 /* Table 87 - Definition of TPMT_TK_CREATION Structure */ 1550 1551 typedef struct { 1552 TPM_ST tag; /* ticket structure tag TPM_ST_CREATION */ 1553 TPMI_RH_HIERARCHY hierarchy; /* the hierarchy containing name */ 1554 TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ 1555 } TPMT_TK_CREATION; 1556 1557 /* Table 88 - Definition of TPMT_TK_VERIFIED Structure */ 1558 1559 typedef struct { 1560 TPM_ST tag; /* ticket structure tag TPM_ST_VERIFIED */ 1561 TPMI_RH_HIERARCHY hierarchy; /* the hierarchy containing keyName */ 1562 TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ 1563 } TPMT_TK_VERIFIED; 1564 1565 /* Table 89 - Definition of TPMT_TK_AUTH Structure */ 1566 1567 typedef struct { 1568 TPM_ST tag; /* ticket structure tag TPM_ST_AUTH_SIGNED, TPM_ST_AUTH_SECRET */ 1569 TPMI_RH_HIERARCHY hierarchy; /* the hierarchy of the object used to produce the ticket */ 1570 TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ 1571 } TPMT_TK_AUTH; 1572 1573 /* Table 90 - Definition of TPMT_TK_HASHCHECK Structure */ 1574 1575 typedef struct { 1576 TPM_ST tag; /* ticket structure tag TPM_ST_HASHCHECK */ 1577 TPMI_RH_HIERARCHY hierarchy; /* the hierarchy */ 1578 TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ 1579 } TPMT_TK_HASHCHECK; 1580 1581 /* Table 91 - Definition of TPMS_ALG_PROPERTY Structure <OUT> */ 1582 1583 typedef struct { 1584 TPM_ALG_ID alg; /* an algorithm identifier */ 1585 TPMA_ALGORITHM algProperties; /* the attributes of the algorithm */ 1586 } TPMS_ALG_PROPERTY; 1587 1588 /* Table 92 - Definition of TPMS_TAGGED_PROPERTY Structure <OUT> */ 1589 1590 typedef struct { 1591 TPM_PT property; /* a property identifier */ 1592 UINT32 value; /* the value of the property */ 1593 } TPMS_TAGGED_PROPERTY; 1594 1595 /* Table 93 - Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> */ 1596 1597 typedef struct { 1598 TPM_PT_PCR tag; /* the property identifier */ 1599 UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ 1600 BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of PCR with the identified property */ 1601 } TPMS_TAGGED_PCR_SELECT; 1602 1603 /* Table 96 - Definition of TPMS_TAGGED_POLICY Structure */ 1604 1605 typedef struct { 1606 TPM_HANDLE handle; 1607 TPMT_HA policyHash; 1608 } TPMS_TAGGED_POLICY; 1609 1610 /* Table 94 - Definition of TPML_CC Structure */ 1611 1612 typedef struct { 1613 UINT32 count; /* number of commands in the commandCode list; may be 0 */ 1614 TPM_CC commandCodes[MAX_CAP_CC]; /* a list of command codes */ 1615 } TPML_CC; 1616 1617 /* Table 95 - Definition of TPML_CCA Structure <OUT> */ 1618 1619 typedef struct { 1620 UINT32 count; /* number of values in the commandAttributes list; may be 0 */ 1621 TPMA_CC commandAttributes[MAX_CAP_CC]; /* a list of command codes attributes */ 1622 } TPML_CCA; 1623 1624 /* Table 96 - Definition of TPML_ALG Structure */ 1625 1626 typedef struct { 1627 UINT32 count; /* number of algorithms in the algorithms list; may be 0 */ 1628 TPM_ALG_ID algorithms[MAX_ALG_LIST_SIZE]; /* a list of algorithm IDs */ 1629 } TPML_ALG; 1630 1631 /* Table 97 - Definition of TPML_HANDLE Structure <OUT> */ 1632 1633 typedef struct { 1634 UINT32 count; /* the number of handles in the list may have a value of 0 */ 1635 TPM_HANDLE handle[MAX_CAP_HANDLES]; /* an array of handles */ 1636 } TPML_HANDLE; 1637 1638 /* Table 98 - Definition of TPML_DIGEST Structure */ 1639 1640 typedef struct { 1641 UINT32 count; /* number of digests in the list, minimum is two for TPM2_PolicyOR(). */ 1642 TPM2B_DIGEST digests[8]; /* a list of digests */ 1643 } TPML_DIGEST; 1644 1645 /* Table 99 - Definition of TPML_DIGEST_VALUES Structure */ 1646 1647 typedef struct { 1648 UINT32 count; /* number of digests in the list */ 1649 TPMT_HA digests[HASH_COUNT]; /* a list of tagged digests */ 1650 } TPML_DIGEST_VALUES; 1651 1652 /* Table 100 - Definition of TPM2B_DIGEST_VALUES Structure */ 1653 1654 typedef struct { 1655 UINT16 size; /* size of the operand buffer */ 1656 BYTE buffer [sizeof(TPML_DIGEST_VALUES)]; /* the operand */ 1657 } TPM2B_DIGEST_VALUES; 1658 1659 /* Table 101 - Definition of TPML_PCR_SELECTION Structure */ 1660 1661 typedef struct { 1662 UINT32 count; /* number of selection structures A value of zero is allowed. */ 1663 TPMS_PCR_SELECTION pcrSelections[HASH_COUNT]; /* list of selections */ 1664 } TPML_PCR_SELECTION; 1665 1666 /* Table 102 - Definition of TPML_ALG_PROPERTY Structure <OUT> */ 1667 1668 typedef struct { 1669 UINT32 count; /* number of algorithm properties structures A value of zero is allowed. */ 1670 TPMS_ALG_PROPERTY algProperties[MAX_CAP_ALGS]; /* list of properties */ 1671 } TPML_ALG_PROPERTY; 1672 1673 /* Table 103 - Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> */ 1674 1675 typedef struct { 1676 UINT32 count; /* number of properties A value of zero is allowed. */ 1677 TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; /* an array of tagged properties */ 1678 } TPML_TAGGED_TPM_PROPERTY; 1679 1680 /* Table 104 - Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> */ 1681 1682 typedef struct { 1683 UINT32 count; /* number of properties A value of zero is allowed. */ 1684 TPMS_TAGGED_PCR_SELECT pcrProperty[MAX_PCR_PROPERTIES]; /* a tagged PCR selection */ 1685 } TPML_TAGGED_PCR_PROPERTY; 1686 1687 /* Table 105 - Definition of {ECC} TPML_ECC_CURVE Structure <OUT> */ 1688 1689 typedef struct { 1690 UINT32 count; /* number of curves A value of zero is allowed. */ 1691 TPM_ECC_CURVE eccCurves[MAX_ECC_CURVES]; /* array of ECC curve identifiers */ 1692 } TPML_ECC_CURVE ; 1693 1694 /* Table 109 - Definition of TPML_TAGGED_POLICY Structure */ 1695 1696 typedef struct { 1697 UINT32 count; 1698 TPMS_TAGGED_POLICY policies[MAX_TAGGED_POLICIES]; 1699 } TPML_TAGGED_POLICY; 1700 1701 /* Table 106 - Definition of TPMU_CAPABILITIES Union <OUT> */ 1702 1703 typedef union { 1704 TPML_ALG_PROPERTY algorithms; /* TPM_CAP_ALGS */ 1705 TPML_HANDLE handles; /* TPM_CAP_HANDLES */ 1706 TPML_CCA command; /* TPM_CAP_COMMANDS */ 1707 TPML_CC ppCommands; /* TPM_CAP_PP_COMMANDS */ 1708 TPML_CC auditCommands; /* TPM_CAP_AUDIT_COMMANDS */ 1709 TPML_PCR_SELECTION assignedPCR; /* TPM_CAP_PCRS */ 1710 TPML_TAGGED_TPM_PROPERTY tpmProperties; /* TPM_CAP_TPM_PROPERTIES */ 1711 TPML_TAGGED_PCR_PROPERTY pcrProperties; /* TPM_CAP_PCR_PROPERTIES */ 1712 TPML_ECC_CURVE eccCurves; /* TPM_CAP_ECC_CURVES */ 1713 TPML_TAGGED_POLICY authPolicies; /* TPM_CAP_AUTH_POLICIES */ 1714 } TPMU_CAPABILITIES; 1715 1716 /* Table 107 - Definition of TPMS_CAPABILITY_DATA Structure <OUT> */ 1717 1718 typedef struct { 1719 TPM_CAP capability; /* the capability */ 1720 TPMU_CAPABILITIES data; /* the capability data */ 1721 } TPMS_CAPABILITY_DATA; 1722 1723 /* Table 108 - Definition of TPMS_CLOCK_INFO Structure */ 1724 1725 typedef struct { 1726 UINT64 clock; /* time in milliseconds during which the TPM has been powered */ 1727 UINT32 resetCount; /* number of occurrences of TPM Reset since the last TPM2_Clear() */ 1728 UINT32 restartCount; /* number of times that TPM2_Shutdown() or _TPM_Hash_Start have 1729 occurred since the last TPM Reset or TPM2_Clear(). */ 1730 TPMI_YES_NO safe; /* no value of Clock greater than the current value of Clock has 1731 been previously reported by the TPM */ 1732 } TPMS_CLOCK_INFO; 1733 1734 /* Table 109 - Definition of TPMS_TIME_INFO Structure */ 1735 1736 typedef struct { 1737 UINT64 time; /* time in milliseconds since the last _TPM_Init() or TPM2_Startup() */ 1738 TPMS_CLOCK_INFO clockInfo; /* a structure containing the clock information */ 1739 } TPMS_TIME_INFO; 1740 1741 /* Table 110 - Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> */ 1742 1743 typedef struct { 1744 TPMS_TIME_INFO time; /* the Time, clock, resetCount, restartCount, and 1745 Safe indicator */ 1746 UINT64 firmwareVersion; /* a TPM vendor-specific value indicating the 1747 version number of the firmware */ 1748 } TPMS_TIME_ATTEST_INFO; 1749 1750 /* Table 111 - Definition of TPMS_CERTIFY_INFO Structure <OUT> */ 1751 1752 typedef struct { 1753 TPM2B_NAME name; /* Name of the certified object */ 1754 TPM2B_NAME qualifiedName; /* Qualified Name of the certified object */ 1755 } TPMS_CERTIFY_INFO; 1756 1757 /* Table 112 - Definition of TPMS_QUOTE_INFO Structure <OUT> */ 1758 1759 typedef struct { 1760 TPML_PCR_SELECTION pcrSelect; /* information on algID, PCR selected and digest */ 1761 TPM2B_DIGEST pcrDigest; /* digest of the selected PCR using the hash of the signing key */ 1762 } TPMS_QUOTE_INFO; 1763 1764 /* Table 113 - Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> */ 1765 1766 typedef struct { 1767 UINT64 auditCounter; /* the monotonic audit counter */ 1768 TPM_ALG_ID digestAlg; /* hash algorithm used for the command audit */ 1769 TPM2B_DIGEST auditDigest; /* the current value of the audit digest */ 1770 TPM2B_DIGEST commandDigest; /* digest of the command codes being audited using digestAlg */ 1771 } TPMS_COMMAND_AUDIT_INFO; 1772 1773 /* Table 114 - Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> */ 1774 1775 typedef struct { 1776 TPMI_YES_NO exclusiveSession; /* current exclusive status of the session */ 1777 TPM2B_DIGEST sessionDigest; /* the current value of the session audit digest */ 1778 } TPMS_SESSION_AUDIT_INFO; 1779 1780 /* Table 115 - Definition of TPMS_CREATION_INFO Structure <OUT> */ 1781 1782 typedef struct { 1783 TPM2B_NAME objectName; /* Name of the object */ 1784 TPM2B_DIGEST creationHash; /* creationHash */ 1785 } TPMS_CREATION_INFO; 1786 1787 /* Table 116 - Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> */ 1788 1789 typedef struct { 1790 TPM2B_NAME indexName; /* Name of the NV Index */ 1791 UINT16 offset; /* the offset parameter of TPM2_NV_Certify() */ 1792 TPM2B_MAX_NV_BUFFER nvContents; /* contents of the NV Index */ 1793 } TPMS_NV_CERTIFY_INFO; 1794 1795 /* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure <OUT> */ 1796 typedef struct { 1797 TPM2B_NAME indexName; 1798 TPM2B_DIGEST nvDigest; 1799 } TPMS_NV_DIGEST_CERTIFY_INFO; 1800 1801 typedef TPM_ST TPMI_ST_ATTEST; 1802 1803 /* Table 118 - Definition of TPMU_ATTEST Union <OUT> */ 1804 1805 typedef union { 1806 TPMS_CERTIFY_INFO certify; /* TPM_ST_ATTEST_CERTIFY */ 1807 TPMS_CREATION_INFO creation; /* TPM_ST_ATTEST_CREATION */ 1808 TPMS_QUOTE_INFO quote; /* TPM_ST_ATTEST_QUOTE */ 1809 TPMS_COMMAND_AUDIT_INFO commandAudit; /* TPM_ST_ATTEST_COMMAND_AUDIT */ 1810 TPMS_SESSION_AUDIT_INFO sessionAudit; /* TPM_ST_ATTEST_SESSION_AUDIT */ 1811 TPMS_TIME_ATTEST_INFO time; /* TPM_ST_ATTEST_TIME */ 1812 TPMS_NV_CERTIFY_INFO nv; /* TPM_ST_ATTEST_NV */ 1813 TPMS_NV_DIGEST_CERTIFY_INFO nvDigest; /* TPM_ST_ATTEST_NV_DIGEST */ 1814 } TPMU_ATTEST; 1815 1816 /* Table 119 - Definition of TPMS_ATTEST Structure <OUT> */ 1817 1818 typedef struct { 1819 TPM_GENERATED magic; /* the indication that this structure was created by 1820 a TPM (always TPM_GENERATED_VALUE) */ 1821 TPMI_ST_ATTEST type; /* type of the attestation structure */ 1822 TPM2B_NAME qualifiedSigner; /* Qualified Name of the signing key */ 1823 TPM2B_DATA extraData; /* external information supplied by caller */ 1824 TPMS_CLOCK_INFO clockInfo; /* Clock, resetCount, restartCount, and Safe */ 1825 UINT64 firmwareVersion; /* TPM-vendor-specific value identifying the version 1826 number of the firmware */ 1827 TPMU_ATTEST attested; /* the type-specific attestation information */ 1828 } TPMS_ATTEST; 1829 1830 /* Table 120 - Definition of TPM2B_ATTEST Structure <OUT> */ 1831 1832 typedef struct { 1833 UINT16 size; /* size of the attestationData structure */ 1834 BYTE attestationData[sizeof(TPMS_ATTEST)]; /* the signed structure */ 1835 } ATTEST_2B; 1836 1837 typedef union { 1838 ATTEST_2B t; 1839 TPM2B b; 1840 } TPM2B_ATTEST; 1841 1842 /* Table 121 - Definition of TPMS_AUTH_COMMAND Structure <IN> */ 1843 1844 typedef struct { 1845 TPMI_SH_AUTH_SESSION sessionHandle; /* the session handle */ 1846 TPM2B_NONCE nonce; /* the session nonce, may be the Empty Buffer */ 1847 TPMA_SESSION sessionAttributes; /* the session attributes */ 1848 TPM2B_AUTH hmac; /* either an HMAC, a password, or an EmptyAuth */ 1849 } TPMS_AUTH_COMMAND; 1850 1851 /* Table 126 - Definition of TPMS_AUTH_RESPONSE Structure <OUT> */ 1852 1853 typedef struct { 1854 TPM2B_NONCE nonce; /* the session nonce, may be the Empty Buffer */ 1855 TPMA_SESSION sessionAttributes; /* the session attributes */ 1856 TPM2B_AUTH hmac; /* either an HMAC or an EmptyAuth */ 1857 } TPMS_AUTH_RESPONSE; 1858 1859 /* Table 127 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ 1860 1861 typedef TPM_KEY_BITS TPMI_TDES_KEY_BITS; 1862 typedef TPM_KEY_BITS TPMI_AES_KEY_BITS; 1863 typedef TPM_KEY_BITS TPMI_SM4_KEY_BITS; 1864 typedef TPM_KEY_BITS TPMI_CAMELLIA_KEY_BITS; 1865 1866 /* Table 128 - Definition of TPMU_SYM_KEY_BITS Union */ 1867 1868 typedef union { 1869 #ifdef TPM_ALG_TDES 1870 TPMI_TDES_KEY_BITS tdes; /* TPM_ALG_TDES */ 1871 #endif 1872 #ifdef TPM_ALG_AES 1873 TPMI_AES_KEY_BITS aes; /* TPM_ALG_AES */ 1874 #endif 1875 #ifdef TPM_ALG_SM4 1876 TPMI_SM4_KEY_BITS sm4; /* TPM_ALG_SM4 */ 1877 #endif 1878 #ifdef TPM_ALG_CAMELLIA 1879 TPMI_CAMELLIA_KEY_BITS camellia; /* TPM_ALG_CAMELLIA */ 1880 #endif 1881 #ifdef TPM_ALG_XOR 1882 TPMI_ALG_HASH xorr; /* TPM_ALG_XOR overload for using xor */ 1883 #endif 1884 TPM_KEY_BITS sym; /* when selector may be any of the symmetric block ciphers */ 1885 } TPMU_SYM_KEY_BITS; 1886 1887 /* Table 129 - Definition of TPMU_SYM_MODE Union */ 1888 1889 typedef union { 1890 #ifdef TPM_ALG_TDES 1891 TPMI_ALG_SYM_MODE tdes; /* TPM_ALG_TDES */ 1892 #endif 1893 #ifdef TPM_ALG_AES 1894 TPMI_ALG_SYM_MODE aes; /* TPM_ALG_AES */ 1895 #endif 1896 #ifdef TPM_ALG_SM4 1897 TPMI_ALG_SYM_MODE sm4; /* TPM_ALG_SM4 */ 1898 #endif 1899 #ifdef TPM_ALG_CAMELLIA 1900 TPMI_ALG_SYM_MODE camellia; /* TPM_ALG_CAMELLIA */ 1901 #endif 1902 TPMI_ALG_SYM_MODE sym; /* when selector may be any of the symmetric block ciphers */ 1903 } TPMU_SYM_MODE; 1904 1905 /* Table 126 - xDefinition of TPMU_SYM_DETAILS Union */ 1906 1907 /* Table 127 - Definition of TPMT_SYM_DEF Structure */ 1908 1909 typedef struct { 1910 TPMI_ALG_SYM algorithm; /* indicates a symmetric algorithm */ 1911 TPMU_SYM_KEY_BITS keyBits; /* a supported key size */ 1912 TPMU_SYM_MODE mode; /* the mode for the key */ 1913 } TPMT_SYM_DEF; 1914 1915 /* Table 128 - Definition of TPMT_SYM_DEF_OBJECT Structure */ 1916 1917 typedef struct { 1918 TPMI_ALG_SYM_OBJECT algorithm; /* selects a symmetric block cipher */ 1919 TPMU_SYM_KEY_BITS keyBits; /* the key size */ 1920 TPMU_SYM_MODE mode; /* default mode */ 1921 } TPMT_SYM_DEF_OBJECT; 1922 1923 /* Table 129 - Definition of TPM2B_SYM_KEY Structure */ 1924 1925 typedef struct { 1926 UINT16 size; /* size, in octets, of the buffer containing the key; may be zero */ 1927 BYTE buffer [MAX_SYM_KEY_BYTES]; /* the key */ 1928 } SYM_KEY_2B; 1929 1930 typedef union { 1931 SYM_KEY_2B t; 1932 TPM2B b; 1933 } TPM2B_SYM_KEY; 1934 1935 /* Table 130 - Definition of TPMS_SYMCIPHER_PARMS Structure */ 1936 1937 typedef struct { 1938 TPMT_SYM_DEF_OBJECT sym; /* a symmetric block cipher */ 1939 } TPMS_SYMCIPHER_PARMS; 1940 1941 /* Table 135 - Definition of TPM2B_LABEL Structure */ 1942 1943 typedef union { 1944 struct { 1945 UINT16 size; 1946 BYTE buffer[LABEL_MAX_BUFFER]; 1947 } t; 1948 TPM2B b; 1949 } TPM2B_LABEL; 1950 1951 /* Table 135 - Definition of TPMS_DERIVE Structure */ 1952 1953 typedef struct { 1954 TPM2B_LABEL label; 1955 TPM2B_LABEL context; 1956 } TPMS_DERIVE; 1957 1958 /* Table 131 - Definition of TPM2B_SENSITIVE_DATA Structure */ 1959 1960 typedef struct { 1961 UINT16 size; 1962 BYTE buffer[MAX_SYM_DATA]; /* the keyed hash private data structure */ 1963 } SENSITIVE_DATA_2B; 1964 1965 typedef union { 1966 SENSITIVE_DATA_2B t; 1967 TPM2B b; 1968 } TPM2B_SENSITIVE_DATA; 1969 1970 /* Table 132 - Definition of TPMS_SENSITIVE_CREATE Structure <IN> */ 1971 1972 typedef struct { 1973 TPM2B_AUTH userAuth; /* the USER auth secret value */ 1974 TPM2B_SENSITIVE_DATA data; /* data to be sealed */ 1975 } TPMS_SENSITIVE_CREATE; 1976 1977 /* Table 133 - Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> */ 1978 1979 typedef struct { 1980 UINT16 size; /* size of sensitive in octets (may not be zero) */ 1981 TPMS_SENSITIVE_CREATE sensitive; /* data to be sealed or a symmetric key value. */ 1982 } TPM2B_SENSITIVE_CREATE; 1983 1984 /* Table 134 - Definition of TPMS_SCHEME_HASH Structure */ 1985 1986 typedef struct { 1987 TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ 1988 } TPMS_SCHEME_HASH; 1989 1990 /* Table 135 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ 1991 1992 typedef struct { 1993 TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ 1994 UINT16 count; /* the counter value that is used between TPM2_Commit() and the sign operation */ 1995 } TPMS_SCHEME_ECDAA; 1996 1997 /* Table 136 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ 1998 1999 typedef TPM_ALG_ID TPMI_ALG_KEYEDHASH_SCHEME; 2000 2001 /* Table 137 - Definition of Types for HMAC_SIG_SCHEME */ 2002 2003 typedef TPMS_SCHEME_HASH TPMS_SCHEME_HMAC; 2004 2005 /* Table 138 - Definition of TPMS_SCHEME_XOR Structure */ 2006 2007 typedef struct { 2008 TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ 2009 TPMI_ALG_KDF kdf; /* the key derivation function */ 2010 } TPMS_SCHEME_XOR; 2011 2012 /* Table 139 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */ 2013 2014 typedef union { 2015 #ifdef TPM_ALG_HMAC 2016 TPMS_SCHEME_HMAC hmac; /* TPM_ALG_HMAC the "signing" scheme */ 2017 #endif 2018 #ifdef TPM_ALG_XOR 2019 TPMS_SCHEME_XOR xorr; /* TPM_ALG_XOR the "obfuscation" scheme */ 2020 #endif 2021 } TPMU_SCHEME_KEYEDHASH; 2022 2023 /* Table 140 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ 2024 2025 typedef struct { 2026 TPMI_ALG_KEYEDHASH_SCHEME scheme; /* selects the scheme */ 2027 TPMU_SCHEME_KEYEDHASH details; /* the scheme parameters */ 2028 } TPMT_KEYEDHASH_SCHEME; 2029 2030 /* Table 141 - Definition of {RSA} Types for RSA Signature Schemes */ 2031 2032 typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSASSA; 2033 typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSAPSS; 2034 2035 /* Table 142 - Definition of {ECC} Types for ECC Signature Schemes */ 2036 2037 typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECDSA; 2038 typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_SM2; 2039 typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECSCHNORR; 2040 2041 typedef TPMS_SCHEME_ECDAA TPMS_SIG_SCHEME_ECDAA; 2042 2043 /* Table 143 - Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> */ 2044 2045 typedef union { 2046 #ifdef TPM_ALG_RSASSA 2047 TPMS_SIG_SCHEME_RSASSA rsassa; /* TPM_ALG_RSASSA the RSASSA-PKCS1v1_5 scheme */ 2048 #endif 2049 #ifdef TPM_ALG_RSAPSS 2050 TPMS_SIG_SCHEME_RSAPSS rsapss; /* TPM_ALG_RSAPSS the RSASSA-PSS scheme */ 2051 #endif 2052 #ifdef TPM_ALG_ECDSA 2053 TPMS_SIG_SCHEME_ECDSA ecdsa; /* TPM_ALG_ECDSA the ECDSA scheme */ 2054 #endif 2055 #ifdef TPM_ALG_ECDAA 2056 TPMS_SIG_SCHEME_ECDAA ecdaa; /* TPM_ALG_ECDAA the ECDAA scheme */ 2057 #endif 2058 #ifdef TPM_ALG_SM2 2059 TPMS_SIG_SCHEME_SM2 sm2; /* TPM_ALG_SM2 ECDSA from SM2 */ 2060 #endif 2061 #ifdef TPM_ALG_ECSCHNORR 2062 TPMS_SIG_SCHEME_ECSCHNORR ecSchnorr; /* TPM_ALG_ECSCHNORR the EC Schnorr */ 2063 #endif 2064 #ifdef TPM_ALG_HMAC 2065 TPMS_SCHEME_HMAC hmac; /* TPM_ALG_HMAC the HMAC scheme */ 2066 #endif 2067 TPMS_SCHEME_HASH any; /* selector that allows access to digest for any signing scheme */ 2068 } TPMU_SIG_SCHEME; 2069 2070 /* Table 144 - Definition of TPMT_SIG_SCHEME Structure */ 2071 2072 typedef struct { 2073 TPMI_ALG_SIG_SCHEME scheme; /* scheme selector */ 2074 TPMU_SIG_SCHEME details; /* scheme parameters */ 2075 } TPMT_SIG_SCHEME; 2076 2077 /* Table 145 - Definition of Types for {RSA} Encryption Schemes */ 2078 2079 typedef TPMS_SCHEME_HASH TPMS_ENC_SCHEME_OAEP; /* schemes that only need a hash */ 2080 2081 typedef TPMS_EMPTY TPMS_ENC_SCHEME_RSAES; /* schemes that need nothing */ 2082 2083 /* Table 146 - Definition of Types for {ECC} ECC Key Exchange */ 2084 2085 typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECDH; /* schemes that only need a hash */ 2086 typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECMQV; /* schemes that only need a hash */ 2087 2088 /* Table 147 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ 2089 2090 typedef TPMS_SCHEME_HASH TPMS_SCHEME_MGF1; 2091 typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF1_SP800_56A; 2092 typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF2; 2093 typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF1_SP800_108; 2094 2095 /* Table 148 - Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> */ 2096 2097 typedef union { 2098 #ifdef TPM_ALG_MGF1 2099 TPMS_SCHEME_MGF1 mgf1; /* TPM_ALG_MGF1 */ 2100 #endif 2101 #ifdef TPM_ALG_KDF1_SP800_56A 2102 TPMS_SCHEME_KDF1_SP800_56A kdf1_SP800_56a; /* TPM_ALG_KDF1_SP800_56A */ 2103 #endif 2104 #ifdef TPM_ALG_KDF2 2105 TPMS_SCHEME_KDF2 kdf2; /* TPM_ALG_KDF2 */ 2106 #endif 2107 #ifdef TPM_ALG_KDF1_SP800_108 2108 TPMS_SCHEME_KDF1_SP800_108 kdf1_sp800_108; /* TPM_ALG_KDF1_SP800_108 */ 2109 #endif 2110 } TPMU_KDF_SCHEME; 2111 2112 /* Table 149 - Definition of TPMT_KDF_SCHEME Structure */ 2113 2114 typedef struct { 2115 TPMI_ALG_KDF scheme; /* scheme selector */ 2116 TPMU_KDF_SCHEME details; /* scheme parameters */ 2117 } TPMT_KDF_SCHEME; 2118 2119 /* Table 150 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */ 2120 2121 typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME; 2122 2123 /* Table 151 - Definition of TPMU_ASYM_SCHEME Union */ 2124 2125 typedef union { 2126 #ifdef TPM_ALG_ECDH 2127 TPMS_KEY_SCHEME_ECDH ecdh; /* TPM_ALG_ECDH */ 2128 #endif 2129 #ifdef TPM_ALG_ECMQV 2130 TPMS_KEY_SCHEME_ECMQV ecmqvh; /* TPM_ALG_ECMQV */ 2131 #endif 2132 #ifdef TPM_ALG_RSASSA 2133 TPMS_SIG_SCHEME_RSASSA rsassa; /* TPM_ALG_RSASSA */ 2134 #endif 2135 #ifdef TPM_ALG_RSAPSS 2136 TPMS_SIG_SCHEME_RSAPSS rsapss; /* TPM_ALG_RSAPSS */ 2137 #endif 2138 #ifdef TPM_ALG_ECDSA 2139 TPMS_SIG_SCHEME_ECDSA ecdsa; /* TPM_ALG_ECDSA */ 2140 #endif 2141 #ifdef TPM_ALG_ECDAA 2142 TPMS_SIG_SCHEME_ECDAA ecdaa; /* TPM_ALG_ECDAA */ 2143 #endif 2144 #ifdef TPM_ALG_SM2 2145 TPMS_SIG_SCHEME_SM2 sm2; /* TPM_ALG_SM2 */ 2146 #endif 2147 #ifdef TPM_ALG_ECSCHNORR 2148 TPMS_SIG_SCHEME_ECSCHNORR ecSchnorr; /* TPM_ALG_ECSCHNORR */ 2149 #endif 2150 #ifdef TPM_ALG_RSAES 2151 TPMS_ENC_SCHEME_RSAES rsaes; /* TPM_ALG_RSAES */ 2152 #endif 2153 #ifdef TPM_ALG_OAEP 2154 TPMS_ENC_SCHEME_OAEP oaep; /* TPM_ALG_OAEP */ 2155 #endif 2156 TPMS_SCHEME_HASH anySig; 2157 } TPMU_ASYM_SCHEME; 2158 2159 /* Table 152 - Definition of TPMT_ASYM_SCHEME Structure <> */ 2160 2161 typedef struct { 2162 TPMI_ALG_ASYM_SCHEME scheme; /* scheme selector */ 2163 TPMU_ASYM_SCHEME details; /* scheme parameters */ 2164 } TPMT_ASYM_SCHEME; 2165 2166 /* Table 153 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ 2167 2168 typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME; 2169 2170 /* Table 154 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ 2171 2172 typedef struct { 2173 TPMI_ALG_RSA_SCHEME scheme; /* scheme selector */ 2174 TPMU_ASYM_SCHEME details; /* scheme parameters */ 2175 } TPMT_RSA_SCHEME; 2176 2177 /* Table 155 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ 2178 2179 typedef TPM_ALG_ID TPMI_ALG_RSA_DECRYPT; 2180 2181 /* Table 156 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ 2182 2183 typedef struct { 2184 TPMI_ALG_RSA_DECRYPT scheme; /* scheme selector */ 2185 TPMU_ASYM_SCHEME details; /* scheme parameters */ 2186 } TPMT_RSA_DECRYPT; 2187 2188 /* Table 157 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ 2189 2190 typedef struct { 2191 UINT16 size; /* size of the buffer */ 2192 BYTE buffer[MAX_RSA_KEY_BYTES]; /* Value */ 2193 } PUBLIC_KEY_RSA_2B; 2194 2195 typedef union { 2196 PUBLIC_KEY_RSA_2B t; 2197 TPM2B b; 2198 } TPM2B_PUBLIC_KEY_RSA; 2199 2200 /* Table 158 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ 2201 2202 typedef TPM_KEY_BITS TPMI_RSA_KEY_BITS; 2203 2204 /* Table 159 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ 2205 2206 typedef struct { 2207 UINT16 size; 2208 BYTE buffer[MAX_RSA_KEY_BYTES/2]; 2209 } PRIVATE_KEY_RSA_2B; 2210 2211 typedef union { 2212 PRIVATE_KEY_RSA_2B t; 2213 TPM2B b; 2214 } TPM2B_PRIVATE_KEY_RSA; 2215 2216 /* Table 160 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ 2217 2218 typedef struct { 2219 UINT16 size; /* size of the buffer */ 2220 BYTE buffer[MAX_ECC_KEY_BYTES]; /* the parameter data */ 2221 } ECC_PARAMETER_2B; 2222 2223 typedef union { 2224 ECC_PARAMETER_2B t; 2225 TPM2B b; 2226 } TPM2B_ECC_PARAMETER; 2227 2228 /* Table 161 - Definition of {ECC} TPMS_ECC_POINT Structure */ 2229 2230 typedef struct { 2231 TPM2B_ECC_PARAMETER x; /* X coordinate */ 2232 TPM2B_ECC_PARAMETER y; /* Y coordinate */ 2233 } TPMS_ECC_POINT; 2234 2235 /* Table 162 - Definition of {ECC} TPM2B_ECC_POINT Structure */ 2236 2237 typedef struct { 2238 UINT16 size; /* size of the remainder of this structure */ 2239 TPMS_ECC_POINT point; /* coordinates */ 2240 } TPM2B_ECC_POINT; 2241 2242 /* Table 163 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ 2243 2244 typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME; 2245 2246 /* Table 164 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ 2247 2248 typedef TPM_ECC_CURVE TPMI_ECC_CURVE; 2249 2250 /* Table 165 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ 2251 2252 typedef struct { 2253 TPMI_ALG_ECC_SCHEME scheme; /* scheme selector */ 2254 TPMU_ASYM_SCHEME details; /* scheme parameters */ 2255 } TPMT_ECC_SCHEME; 2256 2257 /* Table 166 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> */ 2258 2259 typedef struct { 2260 TPM_ECC_CURVE curveID; /* identifier for the curve */ 2261 UINT16 keySize; /* Size in bits of the key */ 2262 TPMT_KDF_SCHEME kdf; /* If not TPM_ALG_NULL, the required KDF and hash algorithm 2263 used in secret sharing operations */ 2264 TPMT_ECC_SCHEME sign; /* If not TPM_ALG_NULL, this is the mandatory signature 2265 scheme that is required to be used with this curve. */ 2266 TPM2B_ECC_PARAMETER p; /* Fp (the modulus) */ 2267 TPM2B_ECC_PARAMETER a; /* coefficient of the linear term in the curve equation */ 2268 TPM2B_ECC_PARAMETER b; /* constant term for curve equation */ 2269 TPM2B_ECC_PARAMETER gX; /* x coordinate of base point G */ 2270 TPM2B_ECC_PARAMETER gY; /* y coordinate of base point G */ 2271 TPM2B_ECC_PARAMETER n; /* order of G */ 2272 TPM2B_ECC_PARAMETER h; /* cofactor (a size of zero indicates a cofactor of 1) */ 2273 } TPMS_ALGORITHM_DETAIL_ECC; 2274 2275 /* Table 167 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ 2276 2277 typedef struct { 2278 TPMI_ALG_HASH hash; /* the hash algorithm used to digest the message TPM_ALG_NULL is not allowed. */ 2279 TPM2B_PUBLIC_KEY_RSA sig; /* The signature is the size of a public key. */ 2280 } TPMS_SIGNATURE_RSA; 2281 2282 /* Table 168 - Definition of Types for {RSA} Signature */ 2283 2284 typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA; 2285 typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS; 2286 2287 /* Table 169 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ 2288 2289 typedef struct { 2290 TPMI_ALG_HASH hash; /* the hash algorithm used in the signature process TPM_ALG_NULL is not allowed. */ 2291 TPM2B_ECC_PARAMETER signatureR; 2292 TPM2B_ECC_PARAMETER signatureS; 2293 } TPMS_SIGNATURE_ECC; 2294 2295 /* Table 170 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ 2296 2297 typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA; 2298 typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA; 2299 typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2; 2300 typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR; 2301 2302 /* Table 171 - Definition of TPMU_SIGNATURE Union <IN/OUT, S> */ 2303 2304 typedef union { 2305 #ifdef TPM_ALG_RSASSA 2306 TPMS_SIGNATURE_RSASSA rsassa; /* TPM_ALG_RSASSA */ 2307 #endif 2308 #ifdef TPM_ALG_RSAPSS 2309 TPMS_SIGNATURE_RSAPSS rsapss; /* TPM_ALG_RSAPSS */ 2310 #endif 2311 #ifdef TPM_ALG_ECDSA 2312 TPMS_SIGNATURE_ECDSA ecdsa; /* TPM_ALG_ECDSA */ 2313 #endif 2314 #ifdef TPM_ALG_ECDAA 2315 TPMS_SIGNATURE_ECDSA ecdaa; /* TPM_ALG_ECDAA */ 2316 #endif 2317 #ifdef TPM_ALG_SM2 2318 TPMS_SIGNATURE_ECDSA sm2; /* TPM_ALG_SM2 */ 2319 #endif 2320 #ifdef TPM_ALG_ECSCHNORR 2321 TPMS_SIGNATURE_ECDSA ecschnorr; /* TPM_ALG_ECSCHNORR */ 2322 #endif 2323 #ifdef TPM_ALG_HMAC 2324 TPMT_HA hmac; /* TPM_ALG_HMAC */ 2325 #endif 2326 TPMS_SCHEME_HASH any; /* used to access the hash */ 2327 } TPMU_SIGNATURE; 2328 2329 /* Table 172 - Definition of TPMT_SIGNATURE Structure */ 2330 2331 typedef struct { 2332 TPMI_ALG_SIG_SCHEME sigAlg; /* selector of the algorithm used to construct the signature */ 2333 TPMU_SIGNATURE signature; /* This shall be the actual signature information. */ 2334 } TPMT_SIGNATURE; 2335 2336 /* Table 173 - Definition of TPMU_ENCRYPTED_SECRET Union <S> */ 2337 2338 typedef union { 2339 #ifdef TPM_ALG_ECC 2340 BYTE ecc[sizeof(TPMS_ECC_POINT)]; /* TPM_ALG_ECC */ 2341 #endif 2342 #ifdef TPM_ALG_RSA 2343 BYTE rsa[MAX_RSA_KEY_BYTES]; /* TPM_ALG_RSA */ 2344 #endif 2345 #ifdef TPM_ALG_SYMCIPHER 2346 BYTE symmetric[sizeof(TPM2B_DIGEST)]; /* TPM_ALG_SYMCIPHER */ 2347 #endif 2348 #ifdef TPM_ALG_KEYEDHASH 2349 BYTE keyedHash[sizeof(TPM2B_DIGEST)]; /* TPM_ALG_KEYEDHASH */ 2350 #endif 2351 } TPMU_ENCRYPTED_SECRET; 2352 2353 /* Table 174 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ 2354 2355 typedef struct { 2356 UINT16 size; /* size of the secret value */ 2357 BYTE secret[sizeof(TPMU_ENCRYPTED_SECRET)]; /* secret */ 2358 } ENCRYPTED_SECRET_2B; 2359 2360 typedef union { 2361 ENCRYPTED_SECRET_2B t; 2362 TPM2B b; 2363 } TPM2B_ENCRYPTED_SECRET; 2364 2365 /* Table 175 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ 2366 2367 typedef TPM_ALG_ID TPMI_ALG_PUBLIC; 2368 2369 /* Table 176 - Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> */ 2370 2371 typedef union { 2372 #ifdef TPM_ALG_KEYEDHASH 2373 TPM2B_DIGEST keyedHash; /* TPM_ALG_KEYEDHASH */ 2374 #endif 2375 #ifdef TPM_ALG_SYMCIPHER 2376 TPM2B_DIGEST sym; /* TPM_ALG_SYMCIPHER */ 2377 #endif 2378 #ifdef TPM_ALG_RSA 2379 TPM2B_PUBLIC_KEY_RSA rsa; /* TPM_ALG_RSA */ 2380 #endif 2381 #ifdef TPM_ALG_ECC 2382 TPMS_ECC_POINT ecc; /* TPM_ALG_ECC */ 2383 #endif 2384 TPMS_DERIVE derive; /* only allowed for TPM2_CreateLoaded when 2385 parentHandle is a Derivation Parent */ 2386 } TPMU_PUBLIC_ID; 2387 2388 /* Table 177 - Definition of TPMS_KEYEDHASH_PARMS Structure */ 2389 2390 typedef struct { 2391 TPMT_KEYEDHASH_SCHEME scheme; /* Indicates the signing method used for a keyedHash signing object */ 2392 } TPMS_KEYEDHASH_PARMS; 2393 2394 /* Table 178 - Definition of TPMS_ASYM_PARMS Structure <> */ 2395 2396 typedef struct { 2397 TPMT_SYM_DEF_OBJECT symmetric; /* the companion symmetric algorithm for a restricted decryption key */ 2398 TPMT_ASYM_SCHEME scheme; /* for a key with the sign attribute SET, a valid signing scheme for the key type */ 2399 } TPMS_ASYM_PARMS; 2400 2401 /* Table 179 - Definition of {RSA} TPMS_RSA_PARMS Structure */ 2402 2403 typedef struct { 2404 TPMT_SYM_DEF_OBJECT symmetric; /* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size, and mode. */ 2405 TPMT_RSA_SCHEME scheme; /* for an unrestricted signing key, shall be either TPM_ALG_RSAPSS TPM_ALG_RSASSA or TPM_ALG_NULL */ 2406 TPMI_RSA_KEY_BITS keyBits; /* number of bits in the public modulus */ 2407 UINT32 exponent; /* the public exponent */ 2408 } TPMS_RSA_PARMS; 2409 2410 /* Table 180 - Definition of {ECC} TPMS_ECC_PARMS Structure */ 2411 2412 typedef struct { 2413 TPMT_SYM_DEF_OBJECT symmetric; /* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size. and mode. */ 2414 TPMT_ECC_SCHEME scheme; /* If the sign attribute of the key is SET, then this shall be a valid signing scheme. */ 2415 TPMI_ECC_CURVE curveID; /* ECC curve ID */ 2416 TPMT_KDF_SCHEME kdf; /* an optional key derivation scheme for generating a symmetric key from a Z value */ 2417 } TPMS_ECC_PARMS; 2418 2419 /* Table 181 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */ 2420 2421 typedef union { 2422 #ifdef TPM_ALG_KEYEDHASH 2423 TPMS_KEYEDHASH_PARMS keyedHashDetail; /* TPM_ALG_KEYEDHASH */ 2424 #endif 2425 #ifdef TPM_ALG_SYMCIPHER 2426 TPMS_SYMCIPHER_PARMS symDetail; /* TPM_ALG_SYMCIPHER */ 2427 #endif 2428 #ifdef TPM_ALG_RSA 2429 TPMS_RSA_PARMS rsaDetail; /* TPM_ALG_RSA */ 2430 #endif 2431 #ifdef TPM_ALG_ECC 2432 TPMS_ECC_PARMS eccDetail; /* TPM_ALG_ECC */ 2433 #endif 2434 TPMS_ASYM_PARMS asymDetail; /* common scheme structure for RSA and ECC keys */ 2435 } TPMU_PUBLIC_PARMS; 2436 2437 /* Table 182 - Definition of TPMT_PUBLIC_PARMS Structure */ 2438 2439 typedef struct { 2440 TPMI_ALG_PUBLIC type; /* the algorithm to be tested */ 2441 TPMU_PUBLIC_PARMS parameters; /* the algorithm details */ 2442 } TPMT_PUBLIC_PARMS; 2443 2444 /* Table 183 - Definition of TPMT_PUBLIC Structure */ 2445 2446 typedef struct { 2447 TPMI_ALG_PUBLIC type; /* "algorithm" associated with this object */ 2448 TPMI_ALG_HASH nameAlg; /* algorithm used for computing the Name of the object */ 2449 TPMA_OBJECT objectAttributes; /* attributes that, along with type, determine the manipulations of this object */ 2450 TPM2B_DIGEST authPolicy; /* optional policy for using this key */ 2451 TPMU_PUBLIC_PARMS parameters; /* the algorithm or structure details */ 2452 TPMU_PUBLIC_ID unique; /* the unique identifier of the structure */ 2453 } TPMT_PUBLIC; 2454 2455 /* Table 184 - Definition of TPM2B_PUBLIC Structure */ 2456 2457 typedef struct { 2458 UINT16 size; /* size of publicArea */ 2459 TPMT_PUBLIC publicArea; /* the public area */ 2460 } TPM2B_PUBLIC; 2461 2462 /* Table 192 - Definition of TPM2B_TEMPLATE Structure */ 2463 2464 typedef union { 2465 struct { 2466 UINT16 size; /* size of publicArea */ 2467 BYTE buffer[sizeof(TPMT_PUBLIC)]; /* the public area */ 2468 } t; 2469 TPM2B b; 2470 } TPM2B_TEMPLATE; 2471 2472 /* Table 186 - Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> */ 2473 2474 typedef union { 2475 #ifdef TPM_ALG_RSA 2476 TPM2B_PRIVATE_KEY_RSA rsa; /* TPM_ALG_RSA a prime factor of the public key */ 2477 #endif 2478 #ifdef TPM_ALG_ECC 2479 TPM2B_ECC_PARAMETER ecc; /* TPM_ALG_ECC the integer private key */ 2480 #endif 2481 #ifdef TPM_ALG_KEYEDHASH 2482 TPM2B_SENSITIVE_DATA bits; /* TPM_ALG_KEYEDHASH the private data */ 2483 #endif 2484 #ifdef TPM_ALG_SYMCIPHER 2485 TPM2B_SYM_KEY sym; /* TPM_ALG_SYMCIPHER the symmetric key */ 2486 #endif 2487 } TPMU_SENSITIVE_COMPOSITE; 2488 2489 /* Table 187 - Definition of TPMT_SENSITIVE Structure */ 2490 2491 typedef struct { 2492 TPMI_ALG_PUBLIC sensitiveType; /* identifier for the sensitive area */ 2493 TPM2B_AUTH authValue; /* user authorization data */ 2494 TPM2B_DIGEST seedValue; /* for asymmetric key object, the optional protection seed; for other objects, the obfuscation value */ 2495 TPMU_SENSITIVE_COMPOSITE sensitive; /* the type-specific private data */ 2496 } TPMT_SENSITIVE; 2497 2498 /* Table 188 - Definition of TPM2B_SENSITIVE Structure <IN/OUT> */ 2499 2500 typedef struct { 2501 UINT16 size; /* size of the private structure */ 2502 TPMT_SENSITIVE sensitiveArea; /* an unencrypted sensitive area */ 2503 } SENSITIVE_2B; 2504 2505 typedef union { 2506 SENSITIVE_2B t; 2507 TPM2B b; 2508 } TPM2B_SENSITIVE; 2509 2510 /* Table 189 - Definition of _PRIVATE Structure <> */ 2511 2512 typedef struct { 2513 TPM2B_DIGEST integrityOuter; 2514 TPM2B_DIGEST integrityInner; /* could also be a TPM2B_IV */ 2515 TPM2B_SENSITIVE sensitive; /* the sensitive area */ 2516 } _PRIVATE; 2517 2518 /* Table 190 - Definition of TPM2B_PRIVATE Structure <IN/OUT, S> */ 2519 2520 typedef struct { 2521 UINT16 size; /* size of the private structure */ 2522 BYTE buffer[sizeof(_PRIVATE)]; /* an encrypted private area */ 2523 } PRIVATE_2B; 2524 2525 typedef union { 2526 PRIVATE_2B t; 2527 TPM2B b; 2528 } TPM2B_PRIVATE; 2529 2530 /* Table 191 - Definition of _ID_OBJECT Structure <> */ 2531 2532 typedef struct { 2533 TPM2B_DIGEST integrityHMAC; /* HMAC using the nameAlg of the storage key on the target TPM */ 2534 TPM2B_DIGEST encIdentity; /* credential protector information returned if name matches the referenced object */ 2535 } _ID_OBJECT; 2536 2537 /* Table 192 - Definition of TPM2B_ID_OBJECT Structure <IN/OUT> */ 2538 2539 typedef struct { 2540 UINT16 size; /* size of the credential structure */ 2541 BYTE credential[sizeof(_ID_OBJECT)]; /* an encrypted credential area */ 2542 } ID_OBJECT_2B; 2543 2544 typedef union { 2545 ID_OBJECT_2B t; 2546 TPM2B b; 2547 } TPM2B_ID_OBJECT; 2548 2549 /* Table 193 - Definition of (UINT32) TPM_NV_INDEX Bits <> */ 2550 2551 #if defined TPM_BITFIELD_LE 2552 2553 typedef union { 2554 struct { 2555 unsigned int index : 24; /* 23:0 The Index of the NV location */ 2556 unsigned int RH_NV : 8; /* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */ 2557 }; 2558 UINT32 val; 2559 } TPM_NV_INDEX; 2560 2561 #elif defined TPM_BITFIELD_BE 2562 2563 typedef union { 2564 struct { 2565 unsigned int RH_NV : 8; /* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */ 2566 unsigned int index : 24; /* 23:0 The Index of the NV location */ 2567 }; 2568 UINT32 val; 2569 } TPM_NV_INDEX; 2570 2571 #else 2572 2573 typedef struct { 2574 UINT32 val; 2575 } TPM_NV_INDEX; 2576 2577 #endif 2578 2579 #define TPM_NV_INDEX_INDEX 0x00ffffff 2580 #define TPM_NV_INDEX_RH_NV 0xff000000 2581 2582 /* Table 194 - Definition of TPM_NT Constants */ 2583 2584 #define TPM_NT_ORDINARY 0x0 /* Ordinary - contains data that is opaque to the TPM that can only be modified using TPM2_NV_Write(). */ 2585 #define TPM_NT_COUNTER 0x1 /* Counter - contains an 8-octet value that is to be used as a 2586 counter and can only be modified with TPM2_NV_Increment() */ 2587 #define TPM_NT_BITS 0x2 /* Bit Field - contains an 8-octet value to be used as a bit field 2588 and can only be modified with TPM2_NV_SetBits(). */ 2589 #define TPM_NT_EXTEND 0x4 /* Extend - contains a digest-sized value used like a PCR. The Index 2590 can only be modified using TPM2_NV_Extend(). The extend will use 2591 the nameAlg of the Index. */ 2592 #define TPM_NT_PIN_FAIL 0x8 /* PIN Fail - contains a PIN limit and a PIN count that increments on a PIN authorization failure */ 2593 #define TPM_NT_PIN_PASS 0x9 /* PIN Pass - contains a PIN limit and a PIN count that increments on a PIN authorization success */ 2594 2595 /* Table 204 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure */ 2596 2597 typedef struct { 2598 uint32_t pinCount; /* This counter shows the current number of successful authValue 2599 authorization attempts to access a TPM_NT_PIN_PASS index or the current 2600 number of unsuccessful authValue authorization attempts to access a 2601 TPM_NT_PIN_FAIL index. */ 2602 uint32_t pinLimit; /* This threshold is the value of pinCount at which the authValue 2603 authorization of the host TPM_NT_PIN_PASS or TPM_NT_PIN_FAIL index is 2604 locked out. */ 2605 } TPMS_NV_PIN_COUNTER_PARAMETERS; 2606 2607 /* Table 205 - Definition of (UINT32) TPMA_NV Bits */ 2608 2609 #if defined TPM_BITFIELD_LE 2610 2611 typedef union { 2612 struct { 2613 unsigned int TPMA_NV_PPWRITE : 1; /* 0 The Index data can be written if Platform Authorization is provided. */ 2614 unsigned int TPMA_NV_OWNERWRITE : 1; /* 1 The Index data can be written if Owner Authorization is provided. */ 2615 unsigned int TPMA_NV_AUTHWRITE : 1; /* 2 Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */ 2616 unsigned int TPMA_NV_POLICYWRITE : 1; /* 3 Authorizations to change the Index contents that require USER role may be provided with a policy session. */ 2617 unsigned int TPM_NT : 4; /* 7:4 The type of the index */ 2618 unsigned int Reserved1 : 2; /* 9:8 shall be zero reserved for future use */ 2619 unsigned int TPMA_NV_POLICY_DELETE : 1; /* 10 Index may not be deleted unless the authPolicy is satisfied. */ 2620 unsigned int TPMA_NV_WRITELOCKED : 1; /* 11 Index cannot be written. */ 2621 unsigned int TPMA_NV_WRITEALL : 1; /* 12 A partial write of the Index data is not allowed. The write size shall match the defined space size. */ 2622 unsigned int TPMA_NV_WRITEDEFINE : 1; /* 13 TPM2_NV_WriteLock() may be used to prevent further writes to this location. */ 2623 unsigned int TPMA_NV_WRITE_STCLEAR : 1; /* 14 TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */ 2624 unsigned int TPMA_NV_GLOBALLOCK : 1; /* 15 If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */ 2625 unsigned int TPMA_NV_PPREAD : 1; /* 16 The Index data can be read if Platform Authorization is provided. */ 2626 unsigned int TPMA_NV_OWNERREAD : 1; /* 17 The Index data can be read if Owner Authorization is provided. */ 2627 unsigned int TPMA_NV_AUTHREAD : 1; /* 18 The Index data may be read if the authValue is provided. */ 2628 unsigned int TPMA_NV_POLICYREAD : 1; /* 19 The Index data may be read if the authPolicy is satisfied. */ 2629 unsigned int Reserved2 : 5; /* 24:20 shall be zero reserved for future use */ 2630 unsigned int TPMA_NV_NO_DA : 1; /* 25 Authorization failures of the Index do not affect the DA logic */ 2631 unsigned int TPMA_NV_ORDERLY : 1; /* 26 NV Index state is only required to be saved when the TPM performs an orderly shutdown */ 2632 unsigned int TPMA_NV_CLEAR_STCLEAR : 1; /* 27 TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */ 2633 unsigned int TPMA_NV_READLOCKED : 1; /* 28 Reads of the Index are blocked until the next TPM Reset or TPM Restart. */ 2634 unsigned int TPMA_NV_WRITTEN : 1; /* 29 Index has been written. */ 2635 unsigned int TPMA_NV_PLATFORMCREATE : 1; /* 30 This Index may be undefined with Platform Authorization but not with Owner Authorization. */ 2636 unsigned int TPMA_NV_READ_STCLEAR : 1; /* 31 TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */ 2637 }; 2638 UINT32 val; 2639 } TPMA_NV; 2640 2641 #elif defined TPM_BITFIELD_BE 2642 2643 typedef union { 2644 struct { 2645 unsigned int TPMA_NV_READ_STCLEAR : 1; /* 31 TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */ 2646 unsigned int TPMA_NV_PLATFORMCREATE : 1; /* 30 This Index may be undefined with Platform Authorization but not with Owner Authorization. */ 2647 unsigned int TPMA_NV_WRITTEN : 1; /* 29 Index has been written. */ 2648 unsigned int TPMA_NV_READLOCKED : 1; /* 28 Reads of the Index are blocked until the next TPM Reset or TPM Restart. */ 2649 unsigned int TPMA_NV_CLEAR_STCLEAR : 1; /* 27 TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */ 2650 unsigned int TPMA_NV_ORDERLY : 1; /* 26 NV Index state is only required to be saved when the TPM performs an orderly shutdown */ 2651 unsigned int TPMA_NV_NO_DA : 1; /* 25 Authorization failures of the Index do not affect the DA logic */ 2652 unsigned int Reserved2 : 5; /* 24:20 shall be zero reserved for future use */ 2653 unsigned int TPMA_NV_POLICYREAD : 1; /* 19 The Index data may be read if the authPolicy is satisfied. */ 2654 unsigned int TPMA_NV_AUTHREAD : 1; /* 18 The Index data may be read if the authValue is provided. */ 2655 unsigned int TPMA_NV_OWNERREAD : 1; /* 17 The Index data can be read if Owner Authorization is provided. */ 2656 unsigned int TPMA_NV_PPREAD : 1; /* 16 The Index data can be read if Platform Authorization is provided. */ 2657 unsigned int TPMA_NV_GLOBALLOCK : 1; /* 15 If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */ 2658 unsigned int TPMA_NV_WRITE_STCLEAR : 1; /* 14 TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */ 2659 unsigned int TPMA_NV_WRITEDEFINE : 1; /* 13 TPM2_NV_WriteLock() may be used to prevent further writes to this location. */ 2660 unsigned int TPMA_NV_WRITEALL : 1; /* 12 A partial write of the Index data is not allowed. The write size shall match the defined space size. */ 2661 unsigned int TPMA_NV_WRITELOCKED : 1; /* 11 Index cannot be written. */ 2662 unsigned int TPMA_NV_POLICY_DELETE : 1; /* 10 Index may not be deleted unless the authPolicy is satisfied. */ 2663 unsigned int Reserved1 : 2; /* 9:8 shall be zero reserved for future use */ 2664 unsigned int TPM_NT : 4; /* 7:4 The type of the index */ 2665 unsigned int TPMA_NV_POLICYWRITE : 1; /* 3 Authorizations to change the Index contents that require USER role may be provided with a policy session. */ 2666 unsigned int TPMA_NV_AUTHWRITE : 1; /* 2 Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */ 2667 unsigned int TPMA_NV_OWNERWRITE : 1; /* 1 The Index data can be written if Owner Authorization is provided. */ 2668 unsigned int TPMA_NV_PPWRITE : 1; /* 0 The Index data can be written if Platform Authorization is provided. */ 2669 }; 2670 UINT32 val; 2671 } TPMA_NV; 2672 2673 #else 2674 2675 typedef struct { 2676 UINT32 val; 2677 } TPMA_NV; 2678 2679 #endif 2680 2681 #define TPMA_NVA_PPWRITE 0x00000001 2682 #define TPMA_NVA_OWNERWRITE 0x00000002 2683 #define TPMA_NVA_AUTHWRITE 0x00000004 2684 #define TPMA_NVA_POLICYWRITE 0x00000008 2685 #define TPMA_NVA_ORDINARY 0x00000000 2686 #define TPMA_NVA_COUNTER 0x00000010 2687 #define TPMA_NVA_BITS 0x00000020 2688 #define TPMA_NVA_EXTEND 0x00000040 2689 #define TPMA_NVA_PIN_FAIL 0x00000080 2690 #define TPMA_NVA_PIN_PASS 0x00000090 2691 #define TPMA_NVA_RESERVED1 0x00000300 2692 #define TPMA_NVA_POLICY_DELETE 0x00000400 2693 #define TPMA_NVA_WRITELOCKED 0x00000800 2694 #define TPMA_NVA_WRITEALL 0x00001000 2695 #define TPMA_NVA_WRITEDEFINE 0x00002000 2696 #define TPMA_NVA_WRITE_STCLEAR 0x00004000 2697 #define TPMA_NVA_GLOBALLOCK 0x00008000 2698 #define TPMA_NVA_PPREAD 0x00010000 2699 #define TPMA_NVA_OWNERREAD 0x00020000 2700 #define TPMA_NVA_AUTHREAD 0x00040000 2701 #define TPMA_NVA_POLICYREAD 0x00080000 2702 #define TPMA_NVA_RESERVED2 0x01f00000 2703 #define TPMA_NVA_NO_DA 0x02000000 2704 #define TPMA_NVA_ORDERLY 0x04000000 2705 #define TPMA_NVA_CLEAR_STCLEAR 0x08000000 2706 #define TPMA_NVA_READLOCKED 0x10000000 2707 #define TPMA_NVA_WRITTEN 0x20000000 2708 #define TPMA_NVA_PLATFORMCREATE 0x40000000 2709 #define TPMA_NVA_READ_STCLEAR 0x80000000 2710 2711 #define TPMA_NVA_TPM_NT_MASK 0x000000f0 2712 #define TPMA_NV_RESERVED (TPMA_NVA_RESERVED1 | TPMA_NVA_RESERVED2) 2713 2714 /* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ 2715 2716 typedef struct { 2717 TPMI_RH_NV_INDEX nvIndex; /* the handle of the data area */ 2718 TPMI_ALG_HASH nameAlg; /* hash algorithm used to compute the name of the Index and used for the authPolicy */ 2719 TPMA_NV attributes; /* the Index attributes */ 2720 TPM2B_DIGEST authPolicy; /* optional access policy for the Index */ 2721 UINT16 dataSize; /* the size of the data area */ 2722 } TPMS_NV_PUBLIC; 2723 2724 /* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ 2725 2726 typedef struct { 2727 UINT16 size; /* size of nvPublic */ 2728 TPMS_NV_PUBLIC nvPublic; /* the public area */ 2729 } TPM2B_NV_PUBLIC; 2730 2731 /* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> */ 2732 2733 typedef struct { 2734 UINT16 size; 2735 BYTE buffer[MAX_CONTEXT_SIZE]; /* the sensitive data */ 2736 } CONTEXT_SENSITIVE_2B; 2737 2738 typedef union { 2739 CONTEXT_SENSITIVE_2B t; 2740 TPM2B b; 2741 } TPM2B_CONTEXT_SENSITIVE; 2742 2743 /* Table 200 - Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> */ 2744 2745 typedef struct { 2746 TPM2B_DIGEST integrity; /* the integrity value */ 2747 TPM2B_CONTEXT_SENSITIVE encrypted; /* the sensitive area */ 2748 } TPMS_CONTEXT_DATA; 2749 2750 /* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> */ 2751 2752 typedef struct { 2753 UINT16 size; 2754 BYTE buffer[sizeof(TPMS_CONTEXT_DATA)]; 2755 } CONTEXT_DATA_2B; 2756 2757 typedef union { 2758 CONTEXT_DATA_2B t; 2759 TPM2B b; 2760 } TPM2B_CONTEXT_DATA; 2761 2762 /* Table 202 - Definition of TPMS_CONTEXT Structure */ 2763 2764 typedef struct { 2765 UINT64 sequence; /* the sequence number of the context */ 2766 TPMI_DH_SAVED savedHandle; /* a handle indicating if the context is a session, object or sequence object */ 2767 TPMI_RH_HIERARCHY hierarchy; /* the hierarchy of the context */ 2768 TPM2B_CONTEXT_DATA contextBlob; /* the context data and integrity HMAC */ 2769 } TPMS_CONTEXT; 2770 2771 /* Table 203 - Context Handle Values */ 2772 2773 #define TPM_CONTEXT_HANDLE_HMAC 0x02000000 /* an HMAC session context */ 2774 #define TPM_CONTEXT_HANDLE_POLICY_SESSION 0x03000000 /* a policy session context */ 2775 #define TPM_CONTEXT_HANDLE_TRANSIENT 0x80000000 /* an ordinary transient object */ 2776 #define TPM_CONTEXT_HANDLE_SEQUENCE 0x80000001 /* a sequence object */ 2777 #define TPM_CONTEXT_HANDLE_STCLEAR 0x80000002 /* a transient object with the stClear attribute SET */ 2778 2779 /* Table 204 - Definition of TPMS_CREATION_DATA Structure <OUT> */ 2780 2781 typedef struct { 2782 TPML_PCR_SELECTION pcrSelect; /* list indicating the PCR included in pcrDigest */ 2783 TPM2B_DIGEST pcrDigest; /* digest of the selected PCR using nameAlg of the object for which this structure is being created */ 2784 TPMA_LOCALITY locality; /* the locality at which the object was created */ 2785 TPM_ALG_ID parentNameAlg; /* nameAlg of the parent */ 2786 TPM2B_NAME parentName; /* Name of the parent at time of creation */ 2787 TPM2B_NAME parentQualifiedName; /* Qualified Name of the parent at the time of creation */ 2788 TPM2B_DATA outsideInfo; /* association with additional information added by the key creator */ 2789 } TPMS_CREATION_DATA; 2790 2791 /* Table 205 - Definition of TPM2B_CREATION_DATA Structure <OUT> */ 2792 2793 typedef struct { 2794 UINT16 size; /* size of the creation data */ 2795 TPMS_CREATION_DATA creationData; 2796 } TPM2B_CREATION_DATA; 2797 2798 typedef struct tdNTC2_CFG_STRUCT { 2799 uint8_t i2cLoc1_2; 2800 uint8_t i2cLoc3_4; 2801 uint8_t AltCfg; 2802 uint8_t Direction; 2803 uint8_t PullUp; 2804 uint8_t PushPull; 2805 uint8_t CFG_A; 2806 uint8_t CFG_B; 2807 uint8_t CFG_C; 2808 uint8_t CFG_D; 2809 uint8_t CFG_E; 2810 uint8_t CFG_F; 2811 uint8_t CFG_G; 2812 uint8_t CFG_H; 2813 uint8_t CFG_I; 2814 uint8_t CFG_J; 2815 uint8_t IsValid; /* Must be AAh */ 2816 uint8_t IsLocked; /* Ignored on NTC2_PreConfig, NTC2_GetConfig returns AAh once configuration 2817 is locked. */ 2818 } NTC2_CFG_STRUCT; 2819 2820 #ifdef __cplusplus 2821 } 2822 #endif 2823 2824 #endif 2825 2826