SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c File Reference


Functions

EFI_STATUS EFIAPI Tpm2SetPrimaryPolicy (IN TPMI_RH_HIERARCHY_AUTH AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPM2B_DIGEST *AuthPolicy, IN TPMI_ALG_HASH HashAlg)
EFI_STATUS EFIAPI Tpm2Clear (IN TPMI_RH_CLEAR AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession)
EFI_STATUS EFIAPI Tpm2ClearControl (IN TPMI_RH_CLEAR AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPMI_YES_NO Disable)
EFI_STATUS EFIAPI Tpm2HierarchyChangeAuth (IN TPMI_RH_HIERARCHY_AUTH AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPM2B_AUTH *NewAuth)
EFI_STATUS EFIAPI Tpm2ChangeEPS (IN TPMI_RH_PLATFORM AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession)
EFI_STATUS EFIAPI Tpm2ChangePPS (IN TPMI_RH_PLATFORM AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession)
EFI_STATUS EFIAPI Tpm2HierarchyControl (IN TPMI_RH_HIERARCHY AuthHandle, IN TPMS_AUTH_COMMAND *AuthSession, IN TPMI_RH_HIERARCHY Hierarchy, IN TPMI_YES_NO State)

Detailed Description

Implement TPM2 Hierarchy related command.

Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

EFI_STATUS EFIAPI Tpm2ChangeEPS ( IN TPMI_RH_PLATFORM  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession 
)

This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to their default initialization values.

Parameters:
[in] AuthHandle TPM_RH_PLATFORM+{PP}
[in] AuthSession Auth Session context
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), and Tpm2SubmitCommand().

Referenced by Tpm2CommandChangeEps().

EFI_STATUS EFIAPI Tpm2ChangePPS ( IN TPMI_RH_PLATFORM  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession 
)

This replaces the current PPS with a value from the RNG and sets platformPolicy to the default initialization value (the Empty Buffer).

Parameters:
[in] AuthHandle TPM_RH_PLATFORM+{PP}
[in] AuthSession Auth Session context
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), and Tpm2SubmitCommand().

EFI_STATUS EFIAPI Tpm2Clear ( IN TPMI_RH_CLEAR  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession 
)

This command removes all TPM context associated with a specific Owner.

Parameters:
[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
[in] AuthSession Auth Session context
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), and Tpm2SubmitCommand().

Referenced by Tpm2CommandClear(), and TpmCommandClear().

EFI_STATUS EFIAPI Tpm2ClearControl ( IN TPMI_RH_CLEAR  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession,
IN TPMI_YES_NO  Disable 
)

Disables and enables the execution of TPM2_Clear().

Parameters:
[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
[in] AuthSession Auth Session context
[in] Disable YES if the disableOwnerClear flag is to be SET, NO if the flag is to be CLEAR.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), and Tpm2SubmitCommand().

Referenced by Tpm2CommandClear(), and TpmCommandClear().

EFI_STATUS EFIAPI Tpm2HierarchyChangeAuth ( IN TPMI_RH_HIERARCHY_AUTH  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession,
IN TPM2B_AUTH *  NewAuth 
)

This command allows the authorization secret for a hierarchy or lockout to be changed using the current authorization value as the command authorization.

Parameters:
[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
[in] AuthSession Auth Session context
[in] NewAuth New authorization secret
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), and Tpm2SubmitCommand().

EFI_STATUS EFIAPI Tpm2HierarchyControl ( IN TPMI_RH_HIERARCHY  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession,
IN TPMI_RH_HIERARCHY  Hierarchy,
IN TPMI_YES_NO  State 
)

This command enables and disables use of a hierarchy.

Parameters:
[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
[in] AuthSession Auth Session context
[in] Hierarchy Hierarchy of the enable being modified
[in] State YES if the enable should be SET, NO if the enable should be CLEAR
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), and Tpm2SubmitCommand().

EFI_STATUS EFIAPI Tpm2SetPrimaryPolicy ( IN TPMI_RH_HIERARCHY_AUTH  AuthHandle,
IN TPMS_AUTH_COMMAND *  AuthSession,
IN TPM2B_DIGEST *  AuthPolicy,
IN TPMI_ALG_HASH  HashAlg 
)

This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).

Parameters:
[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
[in] AuthSession Auth Session context
[in] AuthPolicy An authorization policy hash
[in] HashAlg The hash algorithm to use for the policy
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR Unexpected device behavior.

References CopyAuthSessionCommand(), EFI_STATUS(), Tpm2SubmitCommand(), and UINTN().


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1