1 /********************************************************************************/ 2 /* */ 3 /* TPM 1.2 Error Response */ 4 /* Written by Ken Goldman */ 5 /* IBM Thomas J. Watson Research Center */ 6 /* */ 7 /* (c) Copyright IBM Corporation 2006, 2010. */ 8 /* */ 9 /* All rights reserved. */ 10 /* */ 11 /* Redistribution and use in source and binary forms, with or without */ 12 /* modification, are permitted provided that the following conditions are */ 13 /* met: */ 14 /* */ 15 /* Redistributions of source code must retain the above copyright notice, */ 16 /* this list of conditions and the following disclaimer. */ 17 /* */ 18 /* Redistributions in binary form must reproduce the above copyright */ 19 /* notice, this list of conditions and the following disclaimer in the */ 20 /* documentation and/or other materials provided with the distribution. */ 21 /* */ 22 /* Neither the names of the IBM Corporation nor the names of its */ 23 /* contributors may be used to endorse or promote products derived from */ 24 /* this software without specific prior written permission. */ 25 /* */ 26 /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 27 /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 28 /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 29 /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 30 /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 31 /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 32 /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 33 /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 34 /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 35 /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 36 /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 37 /********************************************************************************/ 38 39 #ifndef TPM_ERROR_H 40 #define TPM_ERROR_H 41 42 /* 16. Return codes rev 99 43 44 The TPM has five types of return code. One indicates successful operation and four indicate 45 failure. TPM_SUCCESS (00000000) indicates successful execution. The failure reports are: 46 TPM defined fatal errors (00000001 to 000003FF), vendor defined fatal errors (00000400 to 47 000007FF), TPM defined non-fatal errors (00000800 to 00000BFF), and vendor defined 48 non-fatal errors (00000C00 to 00000FFF). 49 50 The range of vendor defined non-fatal errors was determined by the TSS-WG, which defined 51 XXXX YCCC with XXXX as OS specific and Y defining the TSS SW stack layer (0: TPM layer) 52 53 All failure cases return only a non-authenticated fixed set of information. This is because 54 the failure may have been due to authentication or other factors, and there is no possibility 55 of producing an authenticated response. 56 57 Fatal errors also terminate any authorization sessions. This is a result of returning only the 58 error code, as there is no way to return the nonces necessary to maintain an authorization 59 session. Non-fatal errors do not terminate authorization sessions. 60 61 The return code MUST use the following base. The return code MAY be TCG defined or vendor 62 defined. */ 63 64 #define TPM_BASE 0x0 /* The start of TPM return codes */ 65 #define TPM_SUCCESS TPM_BASE /* Successful completion of the operation */ 66 #define TPM_VENDOR_ERROR TPM_Vendor_Specific32 /* Mask to indicate that the error code is 67 vendor specific for vendor specific 68 commands. */ 69 #define TPM_NON_FATAL 0x00000800 /* Mask to indicate that the error code is a non-fatal 70 failure. */ 71 72 /* TPM-defined fatal error codes */ 73 74 #define TPM_AUTHFAIL TPM_BASE + 1 /* Authentication failed */ 75 #define TPM_BADINDEX TPM_BASE + 2 /* The index to a PCR, DIR or other register is 76 incorrect */ 77 #define TPM_BAD_PARAMETER TPM_BASE + 3 /* One or more parameter is bad */ 78 #define TPM_AUDITFAILURE TPM_BASE + 4 /* An operation completed successfully but the auditing 79 of that operation failed. */ 80 #define TPM_CLEAR_DISABLED TPM_BASE + 5 /* The clear disable flag is set and all clear 81 operations now require physical access */ 82 #define TPM_DEACTIVATED TPM_BASE + 6 /* The TPM is deactivated */ 83 #define TPM_DISABLED TPM_BASE + 7 /* The TPM is disabled */ 84 #define TPM_DISABLED_CMD TPM_BASE + 8 /* The target command has been disabled */ 85 #define TPM_FAIL TPM_BASE + 9 /* The operation failed */ 86 #define TPM_BAD_ORDINAL TPM_BASE + 10 /* The ordinal was unknown or inconsistent */ 87 #define TPM_INSTALL_DISABLED TPM_BASE + 11 /* The ability to install an owner is disabled */ 88 #define TPM_INVALID_KEYHANDLE TPM_BASE + 12 /* The key handle presented was invalid */ 89 #define TPM_KEYNOTFOUND TPM_BASE + 13 /* The target key was not found */ 90 #define TPM_INAPPROPRIATE_ENC TPM_BASE + 14 /* Unacceptable encryption scheme */ 91 #define TPM_MIGRATEFAIL TPM_BASE + 15 /* Migration authorization failed */ 92 #define TPM_INVALID_PCR_INFO TPM_BASE + 16 /* PCR information could not be interpreted */ 93 #define TPM_NOSPACE TPM_BASE + 17 /* No room to load key. */ 94 #define TPM_NOSRK TPM_BASE + 18 /* There is no SRK set */ 95 #define TPM_NOTSEALED_BLOB TPM_BASE + 19 /* An encrypted blob is invalid or was not created by 96 this TPM */ 97 #define TPM_OWNER_SET TPM_BASE + 20 /* There is already an Owner */ 98 #define TPM_RESOURCES TPM_BASE + 21 /* The TPM has insufficient internal resources to 99 perform the requested action. */ 100 #define TPM_SHORTRANDOM TPM_BASE + 22 /* A random string was too short */ 101 #define TPM_SIZE TPM_BASE + 23 /* The TPM does not have the space to perform the 102 operation. */ 103 #define TPM_WRONGPCRVAL TPM_BASE + 24 /* The named PCR value does not match the current PCR 104 value. */ 105 #define TPM_BAD_PARAM_SIZE TPM_BASE + 25 /* The paramSize argument to the command has the 106 incorrect value */ 107 #define TPM_SHA_THREAD TPM_BASE + 26 /* There is no existing SHA-1 thread. */ 108 #define TPM_SHA_ERROR TPM_BASE + 27 /* The calculation is unable to proceed because the 109 existing SHA-1 thread has already encountered an 110 error. */ 111 #define TPM_FAILEDSELFTEST TPM_BASE + 28 /* Self-test has failed and the TPM has shutdown. */ 112 #define TPM_AUTH2FAIL TPM_BASE + 29 /* The authorization for the second key in a 2 key 113 function failed authorization */ 114 #define TPM_BADTAG TPM_BASE + 30 /* The tag value sent to for a command is invalid */ 115 #define TPM_IOERROR TPM_BASE + 31 /* An IO error occurred transmitting information to 116 the TPM */ 117 #define TPM_ENCRYPT_ERROR TPM_BASE + 32 /* The encryption process had a problem. */ 118 #define TPM_DECRYPT_ERROR TPM_BASE + 33 /* The decryption process did not complete. */ 119 #define TPM_INVALID_AUTHHANDLE TPM_BASE + 34 /* An invalid handle was used. */ 120 #define TPM_NO_ENDORSEMENT TPM_BASE + 35 /* The TPM does not a EK installed */ 121 #define TPM_INVALID_KEYUSAGE TPM_BASE + 36 /* The usage of a key is not allowed */ 122 #define TPM_WRONG_ENTITYTYPE TPM_BASE + 37 /* The submitted entity type is not allowed */ 123 #define TPM_INVALID_POSTINIT TPM_BASE + 38 /* The command was received in the wrong sequence 124 relative to TPM_Init and a subsequent TPM_Startup 125 */ 126 #define TPM_INAPPROPRIATE_SIG TPM_BASE + 39 /* Signed data cannot include additional DER 127 information */ 128 #define TPM_BAD_KEY_PROPERTY TPM_BASE + 40 /* The key properties in TPM_KEY_PARMs are not 129 supported by this TPM */ 130 #define TPM_BAD_MIGRATION TPM_BASE + 41 /* The migration properties of this key are incorrect. 131 */ 132 #define TPM_BAD_SCHEME TPM_BASE + 42 /* The signature or encryption scheme for this key is 133 incorrect or not permitted in this situation. */ 134 #define TPM_BAD_DATASIZE TPM_BASE + 43 /* The size of the data (or blob) parameter is bad or 135 inconsistent with the referenced key */ 136 #define TPM_BAD_MODE TPM_BASE + 44 /* A mode parameter is bad, such as capArea or 137 subCapArea for TPM_GetCapability, physicalPresence 138 parameter for TPM_PhysicalPresence, or 139 migrationType for TPM_CreateMigrationBlob. */ 140 #define TPM_BAD_PRESENCE TPM_BASE + 45 /* Either the physicalPresence or physicalPresenceLock 141 bits have the wrong value */ 142 #define TPM_BAD_VERSION TPM_BASE + 46 /* The TPM cannot perform this version of the 143 capability */ 144 #define TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 /* The TPM does not allow for wrapped transport 145 sessions */ 146 #define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 /* TPM audit construction failed and the 147 underlying command was returning a failure 148 code also */ 149 #define TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 /* TPM audit construction failed and the underlying 150 command was returning success */ 151 #define TPM_NOTRESETABLE TPM_BASE + 50 /* Attempt to reset a PCR register that does not have 152 the resettable attribute */ 153 #define TPM_NOTLOCAL TPM_BASE + 51 /* Attempt to reset a PCR register that requires 154 locality and locality modifier not part of command 155 transport */ 156 #define TPM_BAD_TYPE TPM_BASE + 52 /* Make identity blob not properly typed */ 157 #define TPM_INVALID_RESOURCE TPM_BASE + 53 /* When saving context identified resource type does 158 not match actual resource */ 159 #define TPM_NOTFIPS TPM_BASE + 54 /* The TPM is attempting to execute a command only 160 available when in FIPS mode */ 161 #define TPM_INVALID_FAMILY TPM_BASE + 55 /* The command is attempting to use an invalid family 162 ID */ 163 #define TPM_NO_NV_PERMISSION TPM_BASE + 56 /* The permission to manipulate the NV storage is not 164 available */ 165 #define TPM_REQUIRES_SIGN TPM_BASE + 57 /* The operation requires a signed command */ 166 #define TPM_KEY_NOTSUPPORTED TPM_BASE + 58 /* Wrong operation to load an NV key */ 167 #define TPM_AUTH_CONFLICT TPM_BASE + 59 /* NV_LoadKey blob requires both owner and blob 168 authorization */ 169 #define TPM_AREA_LOCKED TPM_BASE + 60 /* The NV area is locked and not writable */ 170 #define TPM_BAD_LOCALITY TPM_BASE + 61 /* The locality is incorrect for the attempted 171 operation */ 172 #define TPM_READ_ONLY TPM_BASE + 62 /* The NV area is read only and can't be written to 173 */ 174 #define TPM_PER_NOWRITE TPM_BASE + 63 /* There is no protection on the write to the NV area 175 */ 176 #define TPM_FAMILYCOUNT TPM_BASE + 64 /* The family count value does not match */ 177 #define TPM_WRITE_LOCKED TPM_BASE + 65 /* The NV area has already been written to */ 178 #define TPM_BAD_ATTRIBUTES TPM_BASE + 66 /* The NV area attributes conflict */ 179 #define TPM_INVALID_STRUCTURE TPM_BASE + 67 /* The structure tag and version are invalid or 180 inconsistent */ 181 #define TPM_KEY_OWNER_CONTROL TPM_BASE + 68 /* The key is under control of the TPM Owner and can 182 only be evicted by the TPM Owner. */ 183 #define TPM_BAD_COUNTER TPM_BASE + 69 /* The counter handle is incorrect */ 184 #define TPM_NOT_FULLWRITE TPM_BASE + 70 /* The write is not a complete write of the area */ 185 #define TPM_CONTEXT_GAP TPM_BASE + 71 /* The gap between saved context counts is too large 186 */ 187 #define TPM_MAXNVWRITES TPM_BASE + 72 /* The maximum number of NV writes without an owner 188 has been exceeded */ 189 #define TPM_NOOPERATOR TPM_BASE + 73 /* No operator authorization value is set */ 190 #define TPM_RESOURCEMISSING TPM_BASE + 74 /* The resource pointed to by context is not loaded 191 */ 192 #define TPM_DELEGATE_LOCK TPM_BASE + 75 /* The delegate administration is locked */ 193 #define TPM_DELEGATE_FAMILY TPM_BASE + 76 /* Attempt to manage a family other then the delegated 194 family */ 195 #define TPM_DELEGATE_ADMIN TPM_BASE + 77 /* Delegation table management not enabled */ 196 #define TPM_TRANSPORT_NOTEXCLUSIVE TPM_BASE + 78 /* There was a command executed outside of an 197 exclusive transport session */ 198 #define TPM_OWNER_CONTROL TPM_BASE + 79 /* Attempt to context save a owner evict controlled 199 key */ 200 #define TPM_DAA_RESOURCES TPM_BASE + 80 /* The DAA command has no resources available to 201 execute the command */ 202 #define TPM_DAA_INPUT_DATA0 TPM_BASE + 81 /* The consistency check on DAA parameter inputData0 203 has failed. */ 204 #define TPM_DAA_INPUT_DATA1 TPM_BASE + 82 /* The consistency check on DAA parameter inputData1 205 has failed. */ 206 #define TPM_DAA_ISSUER_SETTINGS TPM_BASE + 83 /* The consistency check on DAA_issuerSettings has 207 failed. */ 208 #define TPM_DAA_TPM_SETTINGS TPM_BASE + 84 /* The consistency check on DAA_tpmSpecific has 209 failed. */ 210 #define TPM_DAA_STAGE TPM_BASE + 85 /* The atomic process indicated by the submitted DAA 211 command is not the expected process. */ 212 #define TPM_DAA_ISSUER_VALIDITY TPM_BASE + 86 /* The issuer's validity check has detected an 213 inconsistency */ 214 #define TPM_DAA_WRONG_W TPM_BASE + 87 /* The consistency check on w has failed. */ 215 #define TPM_BAD_HANDLE TPM_BASE + 88 /* The handle is incorrect */ 216 #define TPM_BAD_DELEGATE TPM_BASE + 89 /* Delegation is not correct */ 217 #define TPM_BADCONTEXT TPM_BASE + 90 /* The context blob is invalid */ 218 #define TPM_TOOMANYCONTEXTS TPM_BASE + 91 /* Too many contexts held by the TPM */ 219 #define TPM_MA_TICKET_SIGNATURE TPM_BASE + 92 /* Migration authority signature validation failure 220 */ 221 #define TPM_MA_DESTINATION TPM_BASE + 93 /* Migration destination not authenticated */ 222 #define TPM_MA_SOURCE TPM_BASE + 94 /* Migration source incorrect */ 223 #define TPM_MA_AUTHORITY TPM_BASE + 95 /* Incorrect migration authority */ 224 #define TPM_PERMANENTEK TPM_BASE + 97 /* Attempt to revoke the EK and the EK is not revocable */ 225 #define TPM_BAD_SIGNATURE TPM_BASE + 98 /* Bad signature of CMK ticket */ 226 #define TPM_NOCONTEXTSPACE TPM_BASE + 99 /* There is no room in the context list for additional 227 contexts */ 228 229 /* As error codes are added here, they should also be added to lib/miscfunc.c */ 230 231 /* TPM-defined non-fatal errors */ 232 233 #define TPM_RETRY TPM_BASE + TPM_NON_FATAL /* The TPM is too busy to respond to the 234 command immediately, but the command 235 could be submitted at a later time */ 236 #define TPM_NEEDS_SELFTEST TPM_BASE + TPM_NON_FATAL + 1 /* TPM_ContinueSelfTest has has not 237 been run*/ 238 #define TPM_DOING_SELFTEST TPM_BASE + TPM_NON_FATAL + 2 /* The TPM is currently executing the 239 actions of TPM_ContinueSelfTest 240 because the ordinal required 241 resources that have not been 242 tested. */ 243 #define TPM_DEFEND_LOCK_RUNNING TPM_BASE + TPM_NON_FATAL + 3 244 /* The TPM is defending against dictionary 245 attacks and is in some time-out 246 period. */ 247 248 #endif 249