aboutsummaryrefslogtreecommitdiff
path: root/src/security/tpm/tcg-2.0
diff options
context:
space:
mode:
authorPhilipp Deppenwiese <zaolin@das-labor.org>2017-10-18 21:54:24 +0200
committerStefan Reinauer <stefan.reinauer@coreboot.org>2018-01-18 02:17:34 +0000
commit86391f16054ff1aa8af75b552204d24f3c00d50e (patch)
tree4e27b7d9cbb74227080572d01a449d7b961e2130 /src/security/tpm/tcg-2.0
parentd88fb36e61beac7b52b6183385de4434895a4995 (diff)
security/tpm: Move TSS stacks into sub-directory
Change-Id: I5e20d98665c17d39f3f69772093a062bb905f6f9 Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org> Reviewed-on: https://review.coreboot.org/22105 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Diffstat (limited to 'src/security/tpm/tcg-2.0')
-rw-r--r--src/security/tpm/tcg-2.0/tss.c438
-rw-r--r--src/security/tpm/tcg-2.0/tss_marshaling.c559
-rw-r--r--src/security/tpm/tcg-2.0/tss_marshaling.h46
-rw-r--r--src/security/tpm/tcg-2.0/tss_structures.h373
4 files changed, 0 insertions, 1416 deletions
diff --git a/src/security/tpm/tcg-2.0/tss.c b/src/security/tpm/tcg-2.0/tss.c
deleted file mode 100644
index ae8625c0b2..0000000000
--- a/src/security/tpm/tcg-2.0/tss.c
+++ /dev/null
@@ -1,438 +0,0 @@
-/*
- * Copyright 2016 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#include <arch/early_variables.h>
-#include <console/console.h>
-#include <endian.h>
-#include <string.h>
-#include <vb2_api.h>
-
-#include "tss_structures.h"
-#include "tss_marshaling.h"
-#include "../tis.h"
-#include "../antirollback.h"
-
-/*
- * This file provides interface between firmware and TPM2 device. The TPM1.2
- * API was copied as is and relevant functions modified to comply with the
- * TPM2 specification.
- */
-
-static void *tpm_process_command(TPM_CC command, void *command_body)
-{
- struct obuf ob;
- struct ibuf ib;
- size_t out_size;
- size_t in_size;
- const uint8_t *sendb;
- /* Command/response buffer. */
- static uint8_t cr_buffer[TPM_BUFFER_SIZE] CAR_GLOBAL;
-
- uint8_t *cr_buffer_ptr = car_get_var_ptr(cr_buffer);
-
- obuf_init(&ob, cr_buffer_ptr, sizeof(cr_buffer));
-
- if (tpm_marshal_command(command, command_body, &ob) < 0) {
- printk(BIOS_ERR, "command %#x\n", command);
- return NULL;
- }
-
- sendb = obuf_contents(&ob, &out_size);
-
- in_size = sizeof(cr_buffer);
- if (tis_sendrecv(sendb, out_size, cr_buffer_ptr, &in_size)) {
- printk(BIOS_ERR, "tpm transaction failed\n");
- return NULL;
- }
-
- ibuf_init(&ib, cr_buffer_ptr, in_size);
-
- return tpm_unmarshal_response(command, &ib);
-}
-
-
-uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
-{
- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
- return TPM_SUCCESS;
-}
-
-static uint32_t tlcl_send_startup(TPM_SU type)
-{
- struct tpm2_startup startup;
- struct tpm2_response *response;
-
- startup.startup_type = type;
- response = tpm_process_command(TPM2_Startup, &startup);
-
- if (response && response->hdr.tpm_code &&
- (response->hdr.tpm_code != TPM_RC_INITIALIZE)) {
- printk(BIOS_INFO, "%s: Startup return code is %x\n",
- __func__, response->hdr.tpm_code);
- return TPM_E_IOERROR;
- }
- return TPM_SUCCESS;
-
-}
-
-uint32_t tlcl_resume(void)
-{
- return tlcl_send_startup(TPM_SU_STATE);
-}
-
-uint32_t tlcl_assert_physical_presence(void)
-{
- /*
- * Nothing to do on TPM2 for this, use platform hierarchy availability
- * instead.
- */
- return TPM_SUCCESS;
-}
-
-/*
- * The caller will provide the digest in a 32 byte buffer, let's consider it a
- * sha256 digest.
- */
-uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
- uint8_t *out_digest)
-{
- struct tpm2_pcr_extend_cmd pcr_ext_cmd;
- struct tpm2_response *response;
-
- pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
- pcr_ext_cmd.digests.count = 1;
- pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256;
- memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest,
- sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256));
-
- response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
-
- printk(BIOS_INFO, "%s: response is %x\n",
- __func__, response ? response->hdr.tpm_code : -1);
- if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
-
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_finalize_physical_presence(void)
-{
- /* Nothing needs to be done with tpm2. */
- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_force_clear(void)
-{
- struct tpm2_response *response;
-
- response = tpm_process_command(TPM2_Clear, NULL);
- printk(BIOS_INFO, "%s: response is %x\n",
- __func__, response ? response->hdr.tpm_code : -1);
-
- if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
-
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
- uint8_t *nvlocked)
-{
- /*
- * TPM2 does not map directly into these flags TPM1.2 based firmware
- * expects to be able to retrieve.
- *
- * In any case, if any of these conditions are present, the following
- * firmware flow would be interrupted and will have a chance to report
- * an error. Let's just hardcode an "All OK" response for now.
- */
-
- if (disable)
- *disable = 0;
-
- if (nvlocked)
- *nvlocked = 1;
-
- if (deactivated)
- *deactivated = 0;
-
- return TPM_SUCCESS;
-}
-
-static uint8_t tlcl_init_done CAR_GLOBAL;
-
-/* This function is called directly by vboot, uses vboot return types. */
-uint32_t tlcl_lib_init(void)
-{
- uint8_t done = car_get_var(tlcl_init_done);
- if (done)
- return VB2_SUCCESS;
-
- if (tis_init())
- return VB2_ERROR_UNKNOWN;
- if (tis_open())
- return VB2_ERROR_UNKNOWN;
-
- car_set_var(tlcl_init_done, 1);
-
- return VB2_SUCCESS;
-}
-
-uint32_t tlcl_physical_presence_cmd_enable(void)
-{
- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
-{
- struct tpm2_nv_read_cmd nv_readc;
- struct tpm2_response *response;
-
- memset(&nv_readc, 0, sizeof(nv_readc));
-
- nv_readc.nvIndex = HR_NV_INDEX + index;
- nv_readc.size = length;
-
- response = tpm_process_command(TPM2_NV_Read, &nv_readc);
-
- /* Need to map tpm error codes into internal values. */
- if (!response)
- return TPM_E_READ_FAILURE;
-
- printk(BIOS_INFO, "%s:%d index %#x return code %x\n",
- __FILE__, __LINE__, index, response->hdr.tpm_code);
- switch (response->hdr.tpm_code) {
- case 0:
- break;
-
- /* Uninitialized, returned if the space hasn't been written. */
- case TPM_RC_NV_UNINITIALIZED:
- /*
- * Bad index, cr50 specific value, returned if the space
- * hasn't been defined.
- */
- case TPM_RC_CR50_NV_UNDEFINED:
- return TPM_E_BADINDEX;
-
- default:
- return TPM_E_READ_FAILURE;
- }
-
- if (length > response->nvr.buffer.t.size)
- return TPM_E_RESPONSE_TOO_LARGE;
-
- if (length < response->nvr.buffer.t.size)
- return TPM_E_READ_EMPTY;
-
- memcpy(data, response->nvr.buffer.t.buffer, length);
-
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_self_test_full(void)
-{
- struct tpm2_self_test st;
- struct tpm2_response *response;
-
- st.yes_no = 1;
-
- response = tpm_process_command(TPM2_SelfTest, &st);
- printk(BIOS_INFO, "%s: response is %x\n",
- __func__, response ? response->hdr.tpm_code : -1);
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_set_deactivated(uint8_t flag)
-{
- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_set_enable(void)
-{
- printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_lock_nv_write(uint32_t index)
-{
- struct tpm2_response *response;
- /* TPM Wll reject attempts to write at non-defined index. */
- struct tpm2_nv_write_lock_cmd nv_wl = {
- .nvIndex = HR_NV_INDEX + index,
- };
-
- response = tpm_process_command(TPM2_NV_WriteLock, &nv_wl);
-
- printk(BIOS_INFO, "%s: response is %x\n",
- __func__, response ? response->hdr.tpm_code : -1);
-
- if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
-
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_startup(void)
-{
- return tlcl_send_startup(TPM_SU_CLEAR);
-}
-
-uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
-{
- struct tpm2_nv_write_cmd nv_writec;
- struct tpm2_response *response;
-
- memset(&nv_writec, 0, sizeof(nv_writec));
-
- nv_writec.nvIndex = HR_NV_INDEX + index;
- nv_writec.data.t.size = length;
- nv_writec.data.t.buffer = data;
-
- response = tpm_process_command(TPM2_NV_Write, &nv_writec);
-
- printk(BIOS_INFO, "%s: response is %x\n",
- __func__, response ? response->hdr.tpm_code : -1);
-
- /* Need to map tpm error codes into internal values. */
- if (!response || response->hdr.tpm_code)
- return TPM_E_WRITE_FAILURE;
-
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_define_space(uint32_t space_index, size_t space_size)
-{
- struct tpm2_nv_define_space_cmd nvds_cmd;
- struct tpm2_response *response;
- /*
- * Different sets of NVRAM space attributes apply to the "ro" spaces,
- * i.e. those which should not be possible to delete or modify once
- * the RO exits, and the rest of the NVRAM spaces.
- */
- const TPMA_NV ro_space_attributes = {
- .TPMA_NV_PPWRITE = 1,
- .TPMA_NV_AUTHREAD = 1,
- .TPMA_NV_PPREAD = 1,
- .TPMA_NV_PLATFORMCREATE = 1,
- .TPMA_NV_WRITE_STCLEAR = 1,
- .TPMA_NV_POLICY_DELETE = 1,
- };
- const TPMA_NV default_space_attributes = {
- .TPMA_NV_PPWRITE = 1,
- .TPMA_NV_AUTHREAD = 1,
- .TPMA_NV_PPREAD = 1,
- .TPMA_NV_PLATFORMCREATE = 1,
- };
-
- /* Prepare the define space command structure. */
- memset(&nvds_cmd, 0, sizeof(nvds_cmd));
-
- nvds_cmd.publicInfo.dataSize = space_size;
- nvds_cmd.publicInfo.nvIndex = HR_NV_INDEX + space_index;
- nvds_cmd.publicInfo.nameAlg = TPM_ALG_SHA256;
-
- /* RO only NV spaces should be impossible to destroy. */
- if ((space_index == FIRMWARE_NV_INDEX) ||
- (space_index == REC_HASH_NV_INDEX)) {
- /*
- * This policy digest was obtained using TPM2_PolicyPCR
- * selecting only PCR_0 with a value of all zeros.
- */
- const uint8_t pcr0_unchanged_policy[] = {
- 0x09, 0x93, 0x3C, 0xCE, 0xEB, 0xB4, 0x41, 0x11,
- 0x18, 0x81, 0x1D, 0xD4, 0x47, 0x78, 0x80, 0x08,
- 0x88, 0x86, 0x62, 0x2D, 0xD7, 0x79, 0x94, 0x46,
- 0x62, 0x26, 0x68, 0x8E, 0xEE, 0xE6, 0x6A, 0xA1
- };
-
- nvds_cmd.publicInfo.attributes = ro_space_attributes;
- /*
- * Use policy digest based on default pcr0 value. This makes
- * sure that the space can not be deleted as soon as PCR0
- * value has been extended from default.
- */
- nvds_cmd.publicInfo.authPolicy.t.buffer = pcr0_unchanged_policy;
- nvds_cmd.publicInfo.authPolicy.t.size =
- sizeof(pcr0_unchanged_policy);
- } else {
- nvds_cmd.publicInfo.attributes = default_space_attributes;
- }
-
- response = tpm_process_command(TPM2_NV_DefineSpace, &nvds_cmd);
- printk(BIOS_INFO, "%s: response is %x\n",
- __func__, response ? response->hdr.tpm_code : -1);
-
- if (!response)
- return TPM_E_NO_DEVICE;
-
- /* Map TPM2 retrun codes into common vboot represenation. */
- switch (response->hdr.tpm_code) {
- case TPM2_RC_SUCCESS:
- return TPM_SUCCESS;
- case TPM2_RC_NV_DEFINED:
- return TPM_E_NV_DEFINED;
- default:
- return TPM_E_INTERNAL_INCONSISTENCY;
- }
-}
-
-uint32_t tlcl_disable_platform_hierarchy(void)
-{
- struct tpm2_response *response;
- struct tpm2_hierarchy_control_cmd hc = {
- .enable = TPM_RH_PLATFORM,
- .state = 0,
- };
-
- response = tpm_process_command(TPM2_Hierarchy_Control, &hc);
-
- if (!response || response->hdr.tpm_code)
- return TPM_E_INTERNAL_INCONSISTENCY;
-
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_cr50_enable_nvcommits(void)
-{
- uint16_t sub_command = TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS;
- struct tpm2_response *response;
-
- printk(BIOS_INFO, "Enabling cr50 nvmem commmits\n");
-
- response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);
-
- if (response == NULL || (response && response->hdr.tpm_code)) {
- if (response)
- printk(BIOS_INFO, "%s: failed %x\n", __func__,
- response->hdr.tpm_code);
- else
- printk(BIOS_INFO, "%s: failed\n", __func__);
- return TPM_E_IOERROR;
- }
- return TPM_SUCCESS;
-}
-
-uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
- uint8_t *num_restored_headers)
-{
- struct tpm2_response *response;
- uint16_t command_body[] = {
- TPM2_CR50_SUB_CMD_TURN_UPDATE_ON, timeout_ms
- };
-
- printk(BIOS_INFO, "Checking cr50 for pending updates\n");
-
- response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);
-
- if (!response || response->hdr.tpm_code)
- return TPM_E_INTERNAL_INCONSISTENCY;
-
- *num_restored_headers = response->vcr.num_restored_headers;
- return TPM_SUCCESS;
-}
diff --git a/src/security/tpm/tcg-2.0/tss_marshaling.c b/src/security/tpm/tcg-2.0/tss_marshaling.c
deleted file mode 100644
index b1d666362b..0000000000
--- a/src/security/tpm/tcg-2.0/tss_marshaling.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/*
- * Copyright 2016 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#include <arch/early_variables.h>
-#include <commonlib/iobuf.h>
-#include <console/console.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "tss_marshaling.h"
-
-static uint16_t tpm_tag CAR_GLOBAL; /* Depends on the command type. */
-
-#define unmarshal_TPM_CAP(a, b) ibuf_read_be32(a, b)
-#define unmarshal_TPM_CC(a, b) ibuf_read_be32(a, b)
-#define unmarshal_TPM_PT(a, b) ibuf_read_be32(a, b)
-#define unmarshal_TPM_HANDLE(a, b) ibuf_read_be32(a, b)
-
-#define marshal_TPM_HANDLE(a, b) obuf_write_be32(a, b)
-#define marshal_TPMI_ALG_HASH(a, b) obuf_write_be16(a, b)
-
-static int marshal_startup(struct obuf *ob, struct tpm2_startup *cmd_body)
-{
- return obuf_write_be16(ob, cmd_body->startup_type);
-}
-
-static int marshal_get_capability(struct obuf *ob,
- struct tpm2_get_capability *cmd_body)
-{
- int rc = 0;
-
- rc |= obuf_write_be32(ob, cmd_body->capability);
- rc |= obuf_write_be32(ob, cmd_body->property);
- rc |= obuf_write_be32(ob, cmd_body->propertyCount);
-
- return rc;
-}
-
-static int marshal_TPM2B(struct obuf *ob, TPM2B *data)
-{
- int rc = 0;
-
- rc |= obuf_write_be16(ob, data->size);
- rc |= obuf_write(ob, data->buffer, data->size);
-
- return rc;
-}
-
-static int marshal_TPMA_NV(struct obuf *ob, TPMA_NV *nv)
-{
- uint32_t v;
-
- memcpy(&v, nv, sizeof(v));
- return obuf_write_be32(ob, v);
-}
-
-static int marshal_TPMS_NV_PUBLIC(struct obuf *ob, TPMS_NV_PUBLIC *nvpub)
-{
- int rc = 0;
-
- rc |= marshal_TPM_HANDLE(ob, nvpub->nvIndex);
- rc |= marshal_TPMI_ALG_HASH(ob, nvpub->nameAlg);
- rc |= marshal_TPMA_NV(ob, &nvpub->attributes);
- rc |= marshal_TPM2B(ob, &nvpub->authPolicy.b);
- rc |= obuf_write_be16(ob, nvpub->dataSize);
-
- return rc;
-}
-
-static int marshal_TPMT_HA(struct obuf *ob, TPMT_HA *tpmtha)
-{
- int rc = 0;
-
- rc |= marshal_TPMI_ALG_HASH(ob, tpmtha->hashAlg);
- rc |= obuf_write(ob, tpmtha->digest.sha256,
- sizeof(tpmtha->digest.sha256));
-
- return rc;
-}
-
-static int marshal_TPML_DIGEST_VALUES(struct obuf *ob,
- TPML_DIGEST_VALUES *dvalues)
-{
- int i;
- int rc = 0;
-
- rc |= obuf_write_be32(ob, dvalues->count);
- for (i = 0; i < dvalues->count; i++)
- rc |= marshal_TPMT_HA(ob, &dvalues->digests[i]);
-
- return rc;
-}
-
-static int marshal_session_header(struct obuf *ob,
- struct tpm2_session_header *session_header)
-{
- int rc = 0;
- struct obuf ob_sz;
- size_t prev_written;
-
- /* Snapshot current location to place size of header. */
- if (obuf_splice_current(ob, &ob_sz, sizeof(uint32_t)) < 0)
- return -1;
-
- /* Write a size placeholder. */
- rc |= obuf_write_be32(ob, 0);
-
- /* Keep track of session header data size by tracking num written. */
- prev_written = obuf_nr_written(ob);
-
- rc |= obuf_write_be32(ob, session_header->session_handle);
- rc |= obuf_write_be16(ob, session_header->nonce_size);
- rc |= obuf_write(ob, session_header->nonce, session_header->nonce_size);
- rc |= obuf_write_be8(ob, session_header->session_attrs);
- rc |= obuf_write_be16(ob, session_header->auth_size);
- rc |= obuf_write(ob, session_header->auth, session_header->auth_size);
-
- /* Fill back in proper size of session header. */
- rc |= obuf_write_be32(&ob_sz, obuf_nr_written(ob) - prev_written);
-
- return rc;
-}
-
-/*
- * Common session header can include one or two handles and an empty
- * session_header structure.
- */
-static int marshal_common_session_header(struct obuf *ob,
- const uint32_t *handles,
- size_t handle_count)
-{
- size_t i;
- struct tpm2_session_header session_header;
- int rc = 0;
-
- car_set_var(tpm_tag, TPM_ST_SESSIONS);
-
- for (i = 0; i < handle_count; i++)
- rc |= marshal_TPM_HANDLE(ob, handles[i]);
-
- memset(&session_header, 0, sizeof(session_header));
- session_header.session_handle = TPM_RS_PW;
- rc |= marshal_session_header(ob, &session_header);
-
- return rc;
-}
-
-static int marshal_nv_define_space(struct obuf *ob,
- struct tpm2_nv_define_space_cmd *nvd_in)
-{
- const uint32_t handle[] = { TPM_RH_PLATFORM };
- struct obuf ob_sz;
- size_t prev_written;
- int rc = 0;
-
- rc |= marshal_common_session_header(ob, handle, ARRAY_SIZE(handle));
- rc |= marshal_TPM2B(ob, &nvd_in->auth.b);
-
- /* Snapshot current location to place size field. */
- if (obuf_splice_current(ob, &ob_sz, sizeof(uint16_t)) < 0)
- return -1;
-
- /* Put placeholder for size */
- rc |= obuf_write_be16(ob, 0);
-
- /* Keep track of nv define space data size by tracking num written. */
- prev_written = obuf_nr_written(ob);
-
- rc |= marshal_TPMS_NV_PUBLIC(ob, &nvd_in->publicInfo);
- rc |= obuf_write_be16(&ob_sz, obuf_nr_written(ob) - prev_written);
-
- return rc;
-}
-
-static int marshal_nv_write(struct obuf *ob,
- struct tpm2_nv_write_cmd *command_body)
-{
- int rc = 0;
- uint32_t handles[] = { TPM_RH_PLATFORM, command_body->nvIndex };
-
- rc |= marshal_common_session_header(ob, handles, ARRAY_SIZE(handles));
- rc |= marshal_TPM2B(ob, &command_body->data.b);
- rc |= obuf_write_be16(ob, command_body->offset);
-
- return rc;
-}
-
-static int marshal_nv_write_lock(struct obuf *ob,
- struct tpm2_nv_write_lock_cmd *command_body)
-{
- uint32_t handles[] = { TPM_RH_PLATFORM, command_body->nvIndex };
-
- return marshal_common_session_header(ob, handles, ARRAY_SIZE(handles));
-}
-
-static int marshal_pcr_extend(struct obuf *ob,
- struct tpm2_pcr_extend_cmd *command_body)
-{
- int rc = 0;
- uint32_t handles[] = { command_body->pcrHandle };
-
- rc |= marshal_common_session_header(ob, handles, ARRAY_SIZE(handles));
- rc |= marshal_TPML_DIGEST_VALUES(ob, &command_body->digests);
-
- return rc;
-}
-
-static int marshal_nv_read(struct obuf *ob,
- struct tpm2_nv_read_cmd *command_body)
-{
- int rc = 0;
- uint32_t handles[] = { TPM_RH_PLATFORM, command_body->nvIndex };
-
- rc |= marshal_common_session_header(ob, handles, ARRAY_SIZE(handles));
- rc |= obuf_write_be16(ob, command_body->size);
- rc |= obuf_write_be16(ob, command_body->offset);
-
- return rc;
-}
-
-/* TPM2_Clear command does not require paramaters. */
-static int marshal_clear(struct obuf *ob)
-{
- const uint32_t handle[] = { TPM_RH_PLATFORM };
-
- return marshal_common_session_header(ob, handle, ARRAY_SIZE(handle));
-}
-
-static int marshal_selftest(struct obuf *ob,
- struct tpm2_self_test *command_body)
-{
- return obuf_write_be8(ob, command_body->yes_no);
-}
-
-static int marshal_hierarchy_control(struct obuf *ob,
- struct tpm2_hierarchy_control_cmd *command_body)
-{
- int rc = 0;
- struct tpm2_session_header session_header;
-
- car_set_var(tpm_tag, TPM_ST_SESSIONS);
-
- rc |= marshal_TPM_HANDLE(ob, TPM_RH_PLATFORM);
- memset(&session_header, 0, sizeof(session_header));
- session_header.session_handle = TPM_RS_PW;
- rc |= marshal_session_header(ob, &session_header);
-
- rc |= marshal_TPM_HANDLE(ob, command_body->enable);
- rc |= obuf_write_be8(ob, command_body->state);
-
- return rc;
-}
-
-static int marshal_cr50_vendor_command(struct obuf *ob, void *command_body)
-{
- int rc = 0;
- uint16_t *sub_command = command_body;
-
- switch (*sub_command) {
- case TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS:
- rc |= obuf_write_be16(ob, *sub_command);
- break;
- case TPM2_CR50_SUB_CMD_TURN_UPDATE_ON:
- rc |= obuf_write_be16(ob, sub_command[0]);
- rc |= obuf_write_be16(ob, sub_command[1]);
- break;
- default:
- /* Unsupported subcommand. */
- printk(BIOS_WARNING, "Unsupported cr50 subcommand: 0x%04x\n",
- *sub_command);
- rc = -1;
- break;
- }
- return rc;
-}
-
-int tpm_marshal_command(TPM_CC command, void *tpm_command_body, struct obuf *ob)
-{
- struct obuf ob_hdr;
- const size_t hdr_sz = sizeof(uint16_t) + 2 * sizeof(uint32_t);
- int rc = 0;
-
- car_set_var(tpm_tag, TPM_ST_NO_SESSIONS);
-
- if (obuf_splice_current(ob, &ob_hdr, hdr_sz) < 0)
- return -1;
-
- /* Write TPM command header with placeholder field values. */
- rc |= obuf_write_be16(ob, 0);
- rc |= obuf_write_be32(ob, 0);
- rc |= obuf_write_be32(ob, command);
-
- if (rc != 0)
- return rc;
-
- switch (command) {
- case TPM2_Startup:
- rc |= marshal_startup(ob, tpm_command_body);
- break;
-
- case TPM2_GetCapability:
- rc |= marshal_get_capability(ob, tpm_command_body);
- break;
-
- case TPM2_NV_Read:
- rc |= marshal_nv_read(ob, tpm_command_body);
- break;
-
- case TPM2_NV_DefineSpace:
- rc |= marshal_nv_define_space(ob, tpm_command_body);
- break;
-
- case TPM2_NV_Write:
- rc |= marshal_nv_write(ob, tpm_command_body);
- break;
-
- case TPM2_NV_WriteLock:
- rc |= marshal_nv_write_lock(ob, tpm_command_body);
- break;
-
- case TPM2_SelfTest:
- rc |= marshal_selftest(ob, tpm_command_body);
- break;
-
- case TPM2_Hierarchy_Control:
- rc |= marshal_hierarchy_control(ob, tpm_command_body);
- break;
-
- case TPM2_Clear:
- rc |= marshal_clear(ob);
- break;
-
- case TPM2_PCR_Extend:
- rc |= marshal_pcr_extend(ob, tpm_command_body);
- break;
-
- case TPM2_CR50_VENDOR_COMMAND:
- rc |= marshal_cr50_vendor_command(ob, tpm_command_body);
- break;
-
- default:
- printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n",
- __FILE__, __LINE__, command);
- rc = -1;
- }
-
- if (rc != 0)
- return rc;
-
- /* Fix up the command header with known values. */
- rc |= obuf_write_be16(&ob_hdr, car_get_var(tpm_tag));
- rc |= obuf_write_be32(&ob_hdr, obuf_nr_written(ob));
-
- return rc;
-}
-
-static int unmarshal_get_capability(struct ibuf *ib,
- struct get_cap_response *gcr)
-{
- int i;
- int rc = 0;
-
- rc |= ibuf_read_be8(ib, &gcr->more_data);
- rc |= unmarshal_TPM_CAP(ib, &gcr->cd.capability);
-
- if (rc != 0)
- return rc;
-
- switch (gcr->cd.capability) {
- case TPM_CAP_TPM_PROPERTIES:
- if (ibuf_read_be32(ib, &gcr->cd.data.tpmProperties.count))
- return -1;
- if (gcr->cd.data.tpmProperties.count > ARRAY_SIZE
- (gcr->cd.data.tpmProperties.tpmProperty)) {
- printk(BIOS_INFO, "%s:%s:%d - %d - too many properties\n",
- __FILE__, __func__, __LINE__,
- gcr->cd.data.tpmProperties.count);
- return -1;
- }
- for (i = 0; i < gcr->cd.data.tpmProperties.count; i++) {
- TPMS_TAGGED_PROPERTY *pp;
-
- pp = gcr->cd.data.tpmProperties.tpmProperty + i;
- rc |= unmarshal_TPM_PT(ib, &pp->property);
- rc |= ibuf_read_be32(ib, &pp->value);
- }
- break;
- default:
- printk(BIOS_ERR,
- "%s:%d - unable to unmarshal capability response",
- __func__, __LINE__);
- printk(BIOS_ERR, " for %d\n", gcr->cd.capability);
- rc = -1;
- break;
- }
-
- return rc;
-}
-
-static int unmarshal_TPM2B_MAX_NV_BUFFER(struct ibuf *ib,
- TPM2B_MAX_NV_BUFFER *nv_buffer)
-{
- if (ibuf_read_be16(ib, &nv_buffer->t.size))
- return -1;
-
- nv_buffer->t.buffer = ibuf_oob_drain(ib, nv_buffer->t.size);
-
- if (nv_buffer->t.buffer == NULL) {
- printk(BIOS_ERR, "%s:%d - "
- "size mismatch: expected %d, remaining %zd\n",
- __func__, __LINE__, nv_buffer->t.size,
- ibuf_remaining(ib));
- return -1;
- }
-
- return 0;
-}
-
-static int unmarshal_nv_read(struct ibuf *ib, struct nv_read_response *nvr)
-{
- /* Total size of the parameter field. */
- if (ibuf_read_be32(ib, &nvr->params_size))
- return -1;
-
- if (unmarshal_TPM2B_MAX_NV_BUFFER(ib, &nvr->buffer))
- return -1;
-
- if (nvr->params_size !=
- (nvr->buffer.t.size + sizeof(nvr->buffer.t.size))) {
- printk(BIOS_ERR,
- "%s:%d - parameter/buffer %d/%d size mismatch",
- __func__, __LINE__, nvr->params_size,
- nvr->buffer.t.size);
- return -1;
- }
-
- /*
- * Let's ignore the authorisation section. It should be 5 bytes total,
- * just confirm that this is the case and report any discrepancy.
- */
- if (ibuf_remaining(ib) != 5)
- printk(BIOS_ERR,
- "%s:%d - unexpected authorisation seciton size %zd\n",
- __func__, __LINE__, ibuf_remaining(ib));
-
- ibuf_oob_drain(ib, ibuf_remaining(ib));
-
- return 0;
-}
-
-static int unmarshal_vendor_command(struct ibuf *ib,
- struct vendor_command_response *vcr)
-{
- if (ibuf_read_be16(ib, &vcr->vc_subcommand))
- return -1;
-
- switch (vcr->vc_subcommand) {
- case TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS:
- break;
- case TPM2_CR50_SUB_CMD_TURN_UPDATE_ON:
- return ibuf_read_be8(ib, &vcr->num_restored_headers);
- break;
- default:
- printk(BIOS_ERR,
- "%s:%d - unsupported vendor command %#04x!\n",
- __func__, __LINE__, vcr->vc_subcommand);
- return -1;
- }
-
- return 0;
-}
-
-struct tpm2_response *tpm_unmarshal_response(TPM_CC command, struct ibuf *ib)
-{
- static struct tpm2_response tpm2_static_resp CAR_GLOBAL;
- struct tpm2_response *tpm2_resp = car_get_var_ptr(&tpm2_static_resp);
- int rc = 0;
-
- rc |= ibuf_read_be16(ib, &tpm2_resp->hdr.tpm_tag);
- rc |= ibuf_read_be32(ib, &tpm2_resp->hdr.tpm_size);
- rc |= unmarshal_TPM_CC(ib, &tpm2_resp->hdr.tpm_code);
-
- if (rc != 0)
- return NULL;
-
- if (ibuf_remaining(ib) == 0) {
- if (tpm2_resp->hdr.tpm_size != ibuf_nr_read(ib))
- printk(BIOS_ERR,
- "%s: size mismatch in response to command %#x\n",
- __func__, command);
- return tpm2_resp;
- }
-
- switch (command) {
- case TPM2_Startup:
- break;
-
- case TPM2_GetCapability:
- rc |= unmarshal_get_capability(ib, &tpm2_resp->gc);
- break;
-
- case TPM2_NV_Read:
- rc |= unmarshal_nv_read(ib, &tpm2_resp->nvr);
- break;
-
- case TPM2_Hierarchy_Control:
- case TPM2_Clear:
- case TPM2_NV_DefineSpace:
- case TPM2_NV_Write:
- case TPM2_NV_WriteLock:
- case TPM2_PCR_Extend:
- /* Session data included in response can be safely ignored. */
- ibuf_oob_drain(ib, ibuf_remaining(ib));
- break;
-
- case TPM2_CR50_VENDOR_COMMAND:
- rc |= unmarshal_vendor_command(ib, &tpm2_resp->vcr);
- break;
-
- default:
- {
- size_t i;
- size_t sz_left;
- const uint8_t *data;
-
- printk(BIOS_INFO, "%s:%d:"
- "Request to unmarshal unexpected command %#x,"
- " code %#x",
- __func__, __LINE__, command,
- tpm2_resp->hdr.tpm_code);
-
- sz_left = ibuf_remaining(ib);
- data = ibuf_oob_drain(ib, sz_left);
-
- for (i = 0; i < sz_left; i++) {
- if (!(i % 16))
- printk(BIOS_INFO, "\n");
- printk(BIOS_INFO, "%2.2x ", data[i]);
- }
- }
- printk(BIOS_INFO, "\n");
- return NULL;
- }
-
- if (ibuf_remaining(ib)) {
- printk(BIOS_INFO,
- "%s:%d got %d bytes back in response to %#x,"
- " failed to parse (%zd)\n",
- __func__, __LINE__, tpm2_resp->hdr.tpm_size,
- command, ibuf_remaining(ib));
- return NULL;
- }
-
- /* The entire message have been parsed. */
- return tpm2_resp;
-}
diff --git a/src/security/tpm/tcg-2.0/tss_marshaling.h b/src/security/tpm/tcg-2.0/tss_marshaling.h
deleted file mode 100644
index d34756d566..0000000000
--- a/src/security/tpm/tcg-2.0/tss_marshaling.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2016 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-#ifndef TCG2_TSS_MARSHALING_H_
-#define TCG2_TSS_MARSHALING_H_
-
-#include <commonlib/iobuf.h>
-#include "tss_structures.h"
-
-/* The below functions are used to serialize/deserialize TPM2 commands. */
-
-/**
- * tpm_marshal_command
- *
- * Given a structure containing a TPM2 command, serialize the structure for
- * sending it to the TPM.
- *
- * @command: code of the TPM2 command to marshal
- * @tpm_command_body: a pointer to the command specific structure
- * @ob: output buffer where command is marshaled to
- *
- * Returns 0 on success or -1 on error.
- *
- */
-int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
- struct obuf *ob);
-
-/**
- * tpm_unmarshal_response
- *
- * Given a buffer received from the TPM in response to a certain command,
- * deserialize the buffer into the expeced response structure.
- *
- * struct tpm2_response is a union of all possible responses.
- *
- * @command: code of the TPM2 command for which a response is unmarshaled
- * @ib: input buffer containing the serialized response.
- *
- * Returns a pointer to the deserialized response or NULL in case of
- * unmarshaling problems.
- */
-struct tpm2_response *tpm_unmarshal_response(TPM_CC command, struct ibuf *ib);
-
-#endif // TCG2_TSS_MARSHALING_H_
diff --git a/src/security/tpm/tcg-2.0/tss_structures.h b/src/security/tpm/tcg-2.0/tss_structures.h
deleted file mode 100644
index 389f15df4b..0000000000
--- a/src/security/tpm/tcg-2.0/tss_structures.h
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- * Copyright 2016 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-#ifndef TCG2_TSS_STRUCTURES_H_
-#define TCG2_TSS_STRUCTURES_H_
-
-/*
- * This file includes a subset of definitions of TPM protocol version 2.x
- * constants and structures needed for functions used in coreboot.
- */
-#include <stdint.h>
-#include <compiler.h>
-#include <types.h>
-
-#include "../tss.h"
-
-/* This should be plenty for what firmware needs. */
-#define TPM_BUFFER_SIZE 256
-
-/* Basic TPM2 types. */
-typedef uint16_t TPM_SU;
-typedef uint16_t TPM_ALG_ID;
-typedef uint32_t TPM_CC;
-typedef uint32_t TPM_HANDLE;
-typedef uint32_t TPM_RC;
-typedef uint8_t TPMI_YES_NO;
-typedef TPM_ALG_ID TPMI_ALG_HASH;
-typedef TPM_HANDLE TPMI_DH_PCR;
-typedef TPM_HANDLE TPMI_RH_NV_INDEX;
-typedef TPM_HANDLE TPMI_RH_ENABLES;
-typedef TPM_HANDLE TPMI_SH_AUTH_SESSION;
-typedef TPM_HANDLE TPM_RH;
-
-/* Some hardcoded algorithm values. */
-#define TPM_ALG_HMAC ((TPM_ALG_ID)0x0005)
-#define TPM_ALG_NULL ((TPM_ALG_ID)0x0010)
-#define TPM_ALG_SHA1 ((TPM_ALG_ID)0x0004)
-#define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b)
-
-#define SHA256_DIGEST_SIZE 32
-
-/* Some hardcoded hierarchies. */
-#define TPM_RH_NULL 0x40000007
-#define TPM_RS_PW 0x40000009
-#define TPM_RH_PLATFORM 0x4000000C
-
-typedef struct {
- uint16_t size;
- uint8_t *buffer;
-} TPM2B;
-
-/* Relevant TPM Command's structures. */
-/* Common command/response header. */
-struct tpm_header {
- uint16_t tpm_tag;
- uint32_t tpm_size;
- TPM_CC tpm_code;
-} __packed;
-
-/* TPM command codes. */
-#define TPM2_Hierarchy_Control ((TPM_CC)0x00000121)
-#define TPM2_Clear ((TPM_CC)0x00000126)
-#define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A)
-#define TPM2_NV_Write ((TPM_CC)0x00000137)
-#define TPM2_NV_WriteLock ((TPM_CC)0x00000138)
-#define TPM2_SelfTest ((TPM_CC)0x00000143)
-#define TPM2_Startup ((TPM_CC)0x00000144)
-#define TPM2_NV_Read ((TPM_CC)0x0000014E)
-#define TPM2_GetCapability ((TPM_CC)0x0000017A)
-#define TPM2_PCR_Extend ((TPM_CC)0x00000182)
-/* TPM2 specifies vendor commands need to have this bit set. Vendor command
- space is defined by the lower 16 bits. */
-#define TPM_CC_VENDOR_BIT_MASK 0x20000000
-/* FIXME: below is not enough to differentiate between vendors commands
- of numerous devices. However, the current tpm2 APIs aren't very amenable
- to extending generically because the marshaling code is assuming all
- knowledge of all commands. */
-#define TPM2_CR50_VENDOR_COMMAND ((TPM_CC)(TPM_CC_VENDOR_BIT_MASK | 0))
-#define TPM2_CR50_SUB_CMD_NVMEM_ENABLE_COMMITS (21)
-#define TPM2_CR50_SUB_CMD_TURN_UPDATE_ON (24)
-
-/* Startup values. */
-#define TPM_SU_CLEAR 0
-#define TPM_SU_STATE 1
-
-#define TPM_HT_PCR 0x00
-#define TPM_HT_NV_INDEX 0x01
-#define TPM_HT_HMAC_SESSION 0x02
-#define TPM_HT_POLICY_SESSION 0x03
-
-#define HR_SHIFT 24
-#define HR_PCR (TPM_HT_PCR << HR_SHIFT)
-#define HR_HMAC_SESSION (TPM_HT_HMAC_SESSION << HR_SHIFT)
-#define HR_POLICY_SESSION (TPM_HT_POLICY_SESSION << HR_SHIFT)
-#define HR_TRANSIENT (TPM_HT_TRANSIENT << HR_SHIFT)
-#define HR_PERSISTENT (TPM_HT_PERSISTENT << HR_SHIFT)
-#define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT)
-#define HR_PERMANENT (TPM_HT_PERMANENT << HR_SHIFT)
-#define PCR_FIRST (HR_PCR + 0)
-#define PCR_LAST (PCR_FIRST + IMPLEMENTATION_PCR-1)
-#define HMAC_SESSION_FIRST (HR_HMAC_SESSION + 0)
-#define HMAC_SESSION_LAST (HMAC_SESSION_FIRST+MAX_ACTIVE_SESSIONS-1)
-#define LOADED_SESSION_FIRST HMAC_SESSION_FIRST
-#define LOADED_SESSION_LAST HMAC_SESSION_LAST
-#define POLICY_SESSION_FIRST (HR_POLICY_SESSION + 0)
-#define POLICY_SESSION_LAST (POLICY_SESSION_FIRST + MAX_ACTIVE_SESSIONS-1)
-#define TRANSIENT_FIRST (HR_TRANSIENT + 0)
-#define ACTIVE_SESSION_FIRST POLICY_SESSION_FIRST
-#define ACTIVE_SESSION_LAST POLICY_SESSION_LAST
-#define TRANSIENT_LAST (TRANSIENT_FIRST+MAX_LOADED_OBJECTS-1)
-#define PERSISTENT_FIRST (HR_PERSISTENT + 0)
-#define PERSISTENT_LAST (PERSISTENT_FIRST + 0x00FFFFFF)
-#define PLATFORM_PERSISTENT (PERSISTENT_FIRST + 0x00800000)
-#define NV_INDEX_FIRST (HR_NV_INDEX + 0)
-#define NV_INDEX_LAST (NV_INDEX_FIRST + 0x00FFFFFF)
-#define PERMANENT_FIRST TPM_RH_FIRST
-#define PERMANENT_LAST TPM_RH_LAST
-
-/* Tpm2 command tags. */
-#define TPM_ST_NO_SESSIONS 0x8001
-#define TPM_ST_SESSIONS 0x8002
-
-/* Values copied from tpm2/tpm_types.h */
-#define RC_VER1 0x100
-#define TPM_RC_INITIALIZE ((TPM_RC)(RC_VER1 + 0x000))
-#define TPM_RC_NV_UNINITIALIZED ((TPM_RC)(RC_VER1 + 0x04A))
-
-/*
- * Cr50 returns this code when an attempt is made to read an NV location which
- * has not yet been defined. This is an aggregation of various return code
- * extensions which may or may not match if a different TPM2 device is
- * used.
- */
-#define TPM_RC_CR50_NV_UNDEFINED 0x28b
-
-/* TPM command structures. */
-
-struct tpm2_startup {
- TPM_SU startup_type;
-};
-
-/* Various TPM capability types to use when querying the device. */
-typedef uint32_t TPM_CAP;
-#define TPM_CAP_TPM_PROPERTIES ((TPM_CAP)0x00000006)
-
-typedef TPM_HANDLE TPMI_RH_NV_AUTH;
-typedef TPM_HANDLE TPMI_RH_NV_INDEX;
-
-/* TPM Property capability constants. */
-typedef uint32_t TPM_PT;
-#define PT_GROUP 0x00000100
-#define PT_VAR (PT_GROUP * 2)
-#define TPM_PT_PERMANENT ((TPM_PT)(PT_VAR + 0))
-
-/* Structures of payloads of various TPM2 commands. */
-struct tpm2_get_capability {
- TPM_CAP capability;
- uint32_t property;
- uint32_t propertyCount;
-};
-
-/* get_capability response when PT_PERMANENT is requested. */
-typedef struct {
- uint32_t ownerAuthSet : 1;
- uint32_t endorsementAuthSet : 1;
- uint32_t lockoutAuthSet : 1;
- uint32_t reserved3_7 : 5;
- uint32_t disableClear : 1;
- uint32_t inLockout : 1;
- uint32_t tpmGeneratedEPS : 1;
- uint32_t reserved11_31 : 21;
-} TPMA_PERMANENT;
-
-typedef struct {
- uint32_t TPMA_NV_PPWRITE : 1;
- uint32_t TPMA_NV_OWNERWRITE : 1;
- uint32_t TPMA_NV_AUTHWRITE : 1;
- uint32_t TPMA_NV_POLICYWRITE : 1;
- uint32_t TPMA_NV_COUNTER : 1;
- uint32_t TPMA_NV_BITS : 1;
- uint32_t TPMA_NV_EXTEND : 1;
- uint32_t reserved7_9 : 3;
- uint32_t TPMA_NV_POLICY_DELETE : 1;
- uint32_t TPMA_NV_WRITELOCKED : 1;
- uint32_t TPMA_NV_WRITEALL : 1;
- uint32_t TPMA_NV_WRITEDEFINE : 1;
- uint32_t TPMA_NV_WRITE_STCLEAR : 1;
- uint32_t TPMA_NV_GLOBALLOCK : 1;
- uint32_t TPMA_NV_PPREAD : 1;
- uint32_t TPMA_NV_OWNERREAD : 1;
- uint32_t TPMA_NV_AUTHREAD : 1;
- uint32_t TPMA_NV_POLICYREAD : 1;
- uint32_t reserved20_24 : 5;
- uint32_t TPMA_NV_NO_DA : 1;
- uint32_t TPMA_NV_ORDERLY : 1;
- uint32_t TPMA_NV_CLEAR_STCLEAR : 1;
- uint32_t TPMA_NV_READLOCKED : 1;
- uint32_t TPMA_NV_WRITTEN : 1;
- uint32_t TPMA_NV_PLATFORMCREATE : 1;
- uint32_t TPMA_NV_READ_STCLEAR : 1;
-} TPMA_NV;
-
-typedef union {
- struct {
- uint16_t size;
- const uint8_t *buffer;
- } t;
- TPM2B b;
-} TPM2B_DIGEST;
-
-typedef TPM2B_DIGEST TPM2B_AUTH;
-typedef TPM2B_DIGEST TPM2B_NONCE;
-
-typedef struct {
- TPM_PT property;
- uint32_t value;
-} TPMS_TAGGED_PROPERTY;
-
-#define MAX_CAP_DATA (TPM_BUFFER_SIZE - sizeof(struct tpm_header) - \
- sizeof(TPMI_YES_NO) - sizeof(TPM_CAP) - sizeof(uint32_t))
-#define MAX_TPM_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY))
-
-/* Somewhat arbitrary, leave enough room for command wrappers. */
-#define MAX_NV_BUFFER_SIZE (TPM_BUFFER_SIZE - sizeof(struct tpm_header) - 50)
-
-typedef struct {
- uint32_t count;
- TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES];
-} TPML_TAGGED_TPM_PROPERTY;
-
-typedef union {
- TPML_TAGGED_TPM_PROPERTY tpmProperties;
-} TPMU_CAPABILITIES;
-
-typedef struct {
- TPM_CAP capability;
- TPMU_CAPABILITIES data;
-} TPMS_CAPABILITY_DATA;
-
-struct get_cap_response {
- TPMI_YES_NO more_data;
- TPMS_CAPABILITY_DATA cd;
-};
-
-typedef struct {
- TPMI_RH_NV_INDEX nvIndex;
- TPMI_ALG_HASH nameAlg;
- TPMA_NV attributes;
- TPM2B_DIGEST authPolicy;
- uint16_t dataSize;
-} TPMS_NV_PUBLIC;
-
-typedef union {
- struct {
- uint16_t size;
- TPMS_NV_PUBLIC nvPublic;
- } t;
- TPM2B b;
-} TPM2B_NV_PUBLIC;
-
-typedef union {
- struct {
- uint16_t size;
- const uint8_t *buffer;
- } t;
- TPM2B b;
-} TPM2B_MAX_NV_BUFFER;
-
-/*
- * This is a union, but as of now we support just one digest - sha256, so
- * there is just one element.
- */
-typedef union {
- uint8_t sha256[SHA256_DIGEST_SIZE];
-} TPMU_HA;
-
-typedef struct {
- TPMI_ALG_HASH hashAlg;
- TPMU_HA digest;
-} TPMT_HA;
-
-typedef struct {
- uint32_t count;
- TPMT_HA digests[1]; /* Limit max number of hashes to 1. */
-} TPML_DIGEST_VALUES;
-
-struct nv_read_response {
- uint32_t params_size;
- TPM2B_MAX_NV_BUFFER buffer;
-};
-
-struct vendor_command_response {
- uint16_t vc_subcommand;
- union {
- uint8_t num_restored_headers;
- };
-};
-
-struct tpm2_session_attrs {
- uint8_t continueSession : 1;
- uint8_t auditExclusive : 1;
- uint8_t auditReset : 1;
- uint8_t reserved3_4 : 2;
- uint8_t decrypt : 1;
- uint8_t encrypt : 1;
- uint8_t audit : 1;
-};
-
-/*
- * TPM session header for commands requiring session information. Also
- * included in the responses to those commands.
- */
-struct tpm2_session_header {
- uint32_t session_handle;
- uint16_t nonce_size;
- uint8_t *nonce;
- union {
- struct tpm2_session_attrs session_attr_bits;
- uint8_t session_attrs;
- } __packed;
- uint16_t auth_size;
- uint8_t *auth;
-};
-
-struct tpm2_response {
- struct tpm_header hdr;
- union {
- struct get_cap_response gc;
- struct nv_read_response nvr;
- struct tpm2_session_header def_space;
- struct vendor_command_response vcr;
- };
-};
-
-struct tpm2_nv_define_space_cmd {
- TPM2B_AUTH auth;
- TPMS_NV_PUBLIC publicInfo;
-};
-
-struct tpm2_nv_write_cmd {
- TPMI_RH_NV_INDEX nvIndex;
- TPM2B_MAX_NV_BUFFER data;
- uint16_t offset;
-};
-
-struct tpm2_self_test {
- TPMI_YES_NO yes_no;
-};
-
-struct tpm2_nv_read_cmd {
- TPMI_RH_NV_INDEX nvIndex;
- uint16_t size;
- uint16_t offset;
-};
-
-struct tpm2_nv_write_lock_cmd {
- TPMI_RH_NV_INDEX nvIndex;
-};
-
-struct tpm2_pcr_extend_cmd {
- TPMI_DH_PCR pcrHandle;
- TPML_DIGEST_VALUES digests;
-};
-
-struct tpm2_hierarchy_control_cmd {
- TPMI_RH_ENABLES enable;
- TPMI_YES_NO state;
-};
-
-#endif // TCG2_TSS_STRUCTURES_H_