SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c File Reference


Functions

EFI_STATUS EFIAPI Tpm2PolicySecret (IN TPMI_DH_ENTITY AuthHandle, IN TPMI_SH_POLICY PolicySession, IN TPMS_AUTH_COMMAND *AuthSession, IN TPM2B_NONCE *NonceTPM, IN TPM2B_DIGEST *CpHashA, IN TPM2B_NONCE *PolicyRef, IN INT32 Expiration, OUT TPM2B_TIMEOUT *Timeout, OUT TPMT_TK_AUTH *PolicyTicket)
EFI_STATUS EFIAPI Tpm2PolicyOR (IN TPMI_SH_POLICY PolicySession, IN TPML_DIGEST *HashList)
EFI_STATUS EFIAPI Tpm2PolicyCommandCode (IN TPMI_SH_POLICY PolicySession, IN TPM_CC Code)
EFI_STATUS EFIAPI Tpm2PolicyGetDigest (IN TPMI_SH_POLICY PolicySession, OUT TPM2B_DIGEST *PolicyHash)

Detailed Description

Implement TPM2 EnhancedAuthorization related command.

Copyright (c) 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

EFI_STATUS EFIAPI Tpm2PolicyCommandCode ( IN TPMI_SH_POLICY  PolicySession,
IN TPM_CC  Code 
)

This command indicates that the authorization will be limited to a specific command code.

Parameters:
[in] PolicySession Handle for the policy session being extended.
[in] Code The allowed commandCode.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The command was unsuccessful.

References EFI_STATUS(), and Tpm2SubmitCommand().

EFI_STATUS EFIAPI Tpm2PolicyGetDigest ( IN TPMI_SH_POLICY  PolicySession,
OUT TPM2B_DIGEST *  PolicyHash 
)

This command returns the current policyDigest of the session. This command allows the TPM to be used to perform the actions required to precompute the authPolicy for an object.

Parameters:
[in] PolicySession Handle for the policy session.
[out] PolicyHash the current value of the policyHash of policySession.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The command was unsuccessful.

References EFI_STATUS(), and Tpm2SubmitCommand().

EFI_STATUS EFIAPI Tpm2PolicyOR ( IN TPMI_SH_POLICY  PolicySession,
IN TPML_DIGEST *  HashList 
)

This command allows options in authorizations without requiring that the TPM evaluate all of the options. If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that satisfies the policy. This command will indicate that one of the required sets of conditions has been satisfied.

Parameters:
[in] PolicySession Handle for the policy session being extended.
[in] HashList the list of hashes to check for a match.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The command was unsuccessful.

References EFI_STATUS(), Tpm2SubmitCommand(), and UINTN().

EFI_STATUS EFIAPI Tpm2PolicySecret ( IN TPMI_DH_ENTITY  AuthHandle,
IN TPMI_SH_POLICY  PolicySession,
IN TPMS_AUTH_COMMAND *  AuthSession,
IN TPM2B_NONCE *  NonceTPM,
IN TPM2B_DIGEST *  CpHashA,
IN TPM2B_NONCE *  PolicyRef,
IN INT32  Expiration,
OUT TPM2B_TIMEOUT *  Timeout,
OUT TPMT_TK_AUTH *  PolicyTicket 
)

This command includes a secret-based authorization to a policy. The caller proves knowledge of the secret value using an authorization session using the authValue associated with authHandle.

Parameters:
[in] AuthHandle Handle for an entity providing the authorization
[in] PolicySession Handle for the policy session being extended.
[in] AuthSession Auth Session context
[in] NonceTPM The policy nonce for the session.
[in] CpHashA Digest of the command parameters to which this authorization is limited.
[in] PolicyRef A reference to a policy relating to the authorization.
[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
[out] Timeout Time value used to indicate to the TPM when the ticket expires.
[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The command was unsuccessful.

References CopyAuthSessionCommand(), EFI_STATUS(), Tpm2SubmitCommand(), and UINTN().


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1