1 /* Copyright 2016 The ChromiumOS Authors 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Some TPM constants and type definitions for standalone compilation for use 6 * in the firmware 7 */ 8 9 #ifndef VBOOT_REFERENCE_TPM2_TSS_CONSTANTS_H_ 10 #define VBOOT_REFERENCE_TPM2_TSS_CONSTANTS_H_ 11 12 #ifdef __cplusplus 13 extern "C" { 14 #endif /* __cplusplus */ 15 16 #define TPM_BUFFER_SIZE 512 17 18 /* Tpm2 command tags. */ 19 #define TPM_ST_NO_SESSIONS 0x8001 20 #define TPM_ST_SESSIONS 0x8002 21 22 /* TPM2 command codes. */ 23 #define TPM2_EvictControl ((TPM_CC)0x00000120) 24 #define TPM2_Hierarchy_Control ((TPM_CC)0x00000121) 25 #define TPM2_NV_UndefineSpace ((TPM_CC)0x00000122) 26 #define TPM2_Clear ((TPM_CC)0x00000126) 27 #define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A) 28 #define TPM2_CreatePrimary ((TPM_CC)0x00000131) 29 #define TPM2_NV_Write ((TPM_CC)0x00000137) 30 #define TPM2_NV_WriteLock ((TPM_CC)0x00000138) 31 #define TPM2_SelfTest ((TPM_CC)0x00000143) 32 #define TPM2_Startup ((TPM_CC)0x00000144) 33 #define TPM2_Shutdown ((TPM_CC)0x00000145) 34 #define TPM2_NV_Read ((TPM_CC)0x0000014E) 35 #define TPM2_NV_ReadLock ((TPM_CC)0x0000014F) 36 #define TPM2_NV_ReadPublic ((TPM_CC)0x00000169) 37 #define TPM2_ReadPublic ((TPM_CC)0x00000173) 38 #define TPM2_GetCapability ((TPM_CC)0x0000017A) 39 #define TPM2_GetRandom ((TPM_CC)0x0000017B) 40 #define TPM2_PCR_Extend ((TPM_CC)0x00000182) 41 42 #define TPM_HT_PCR 0x00 43 #define TPM_HT_NV_INDEX 0x01 44 45 #define HR_SHIFT 24 46 #define HR_PCR (TPM_HT_PCR << HR_SHIFT) 47 #define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT) 48 #define TPM_RH_OWNER 0x40000001 49 #define TPM_RH_NULL 0x40000007 50 #define TPM_RH_ENDORSEMENT 0x4000000B 51 #define TPM_RH_PLATFORM 0x4000000C 52 #define TPM_RS_PW 0x40000009 53 54 /* TPM2 capabilities. */ 55 #define TPM_CAP_FIRST ((TPM_CAP)0x00000000) 56 #define TPM_CAP_TPM_PROPERTIES ((TPM_CAP)0x00000006) 57 58 /* TPM properties */ 59 #define TPM_PT_NONE ((TPM_PT)0x00000000) 60 #define PT_GROUP ((TPM_PT)0x00000100) 61 #define PT_FIXED PT_GROUP 62 #define TPM_PT_MANUFACTURER (PT_FIXED + 5) 63 #define TPM_PT_VENDOR_STRING_1 (PT_FIXED + 6) 64 #define TPM_PT_VENDOR_STRING_4 (PT_FIXED + 9) 65 #define TPM_PT_FIRMWARE_VERSION_1 (PT_FIXED + 11) 66 #define TPM_PT_FIRMWARE_VERSION_2 (PT_FIXED + 12) 67 #define PT_VAR (PT_GROUP * 2) 68 #define TPM_PT_PERMANENT (PT_VAR + 0) 69 #define TPM_PT_STARTUP_CLEAR (PT_VAR + 1) 70 71 /* TPM startup types. */ 72 #define TPM_SU_CLEAR ((TPM_SU)0x0000) 73 #define TPM_SU_STATE ((TPM_SU)0x0001) 74 75 /* TPM algorithm IDs. */ 76 #define TPM_ALG_SHA1 ((TPM_ALG_ID)0x0004) 77 #define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000B) 78 #define TPM_ALG_NULL ((TPM_ALG_ID)0x0010) 79 80 /* NV index attributes. */ 81 #define TPMA_NV_PPWRITE ((TPMA_NV)(1UL << 0)) 82 #define TPMA_NV_OWNERWRITE ((TPMA_NV)(1UL << 1)) 83 #define TPMA_NV_AUTHWRITE ((TPMA_NV)(1UL << 2)) 84 #define TPMA_NV_POLICYWRITE ((TPMA_NV)(1UL << 3)) 85 #define TPMA_NV_COUNTER ((TPMA_NV)(1UL << 4)) 86 #define TPMA_NV_BITS ((TPMA_NV)(1UL << 5)) 87 #define TPMA_NV_EXTEND ((TPMA_NV)(1UL << 6)) 88 #define TPMA_NV_POLICY_DELETE ((TPMA_NV)(1UL << 10)) 89 #define TPMA_NV_WRITELOCKED ((TPMA_NV)(1UL << 11)) 90 #define TPMA_NV_WRITEALL ((TPMA_NV)(1UL << 12)) 91 #define TPMA_NV_WRITEDEFINE ((TPMA_NV)(1UL << 13)) 92 #define TPMA_NV_WRITE_STCLEAR ((TPMA_NV)(1UL << 14)) 93 #define TPMA_NV_GLOBALLOCK ((TPMA_NV)(1UL << 15)) 94 #define TPMA_NV_PPREAD ((TPMA_NV)(1UL << 16)) 95 #define TPMA_NV_OWNERREAD ((TPMA_NV)(1UL << 17)) 96 #define TPMA_NV_AUTHREAD ((TPMA_NV)(1UL << 18)) 97 #define TPMA_NV_POLICYREAD ((TPMA_NV)(1UL << 19)) 98 #define TPMA_NV_NO_DA ((TPMA_NV)(1UL << 25)) 99 #define TPMA_NV_ORDERLY ((TPMA_NV)(1UL << 26)) 100 #define TPMA_NV_CLEAR_STCLEAR ((TPMA_NV)(1UL << 27)) 101 #define TPMA_NV_READLOCKED ((TPMA_NV)(1UL << 28)) 102 #define TPMA_NV_WRITTEN ((TPMA_NV)(1UL << 29)) 103 #define TPMA_NV_PLATFORMCREATE ((TPMA_NV)(1UL << 30)) 104 #define TPMA_NV_READ_STCLEAR ((TPMA_NV)(1UL << 31)) 105 106 #define TPMA_NV_MASK_READ (TPMA_NV_PPREAD | TPMA_NV_OWNERREAD |\ 107 TPMA_NV_AUTHREAD | TPMA_NV_POLICYREAD) 108 #define TPMA_NV_MASK_WRITE (TPMA_NV_PPWRITE | TPMA_NV_OWNERWRITE |\ 109 TPMA_NV_AUTHWRITE |\ 110 TPMA_NV_POLICYWRITE) 111 112 /* Starting indexes of NV index ranges, as defined in "Registry of reserved 113 * TPM 2.0 handles and localities". 114 */ 115 #define TPMI_RH_NV_INDEX_TPM_START ((TPMI_RH_NV_INDEX)0x01000000) 116 #define TPMI_RH_NV_INDEX_PLATFORM_START ((TPMI_RH_NV_INDEX)0x01400000) 117 #define TPMI_RH_NV_INDEX_OWNER_START ((TPMI_RH_NV_INDEX)0x01800000) 118 #define TPMI_RH_NV_INDEX_TCG_OEM_START ((TPMI_RH_NV_INDEX)0x01C00000) 119 #define TPMI_RH_NV_INDEX_TCG_WG_START ((TPMI_RH_NV_INDEX)0x01C40000) 120 #define TPMI_RH_NV_INDEX_RESERVED_START ((TPMI_RH_NV_INDEX)0x01C90000) 121 122 #define HASH_COUNT 1 /* Only SHA-256 is supported */ 123 124 /* Table 206 - Defines for SHA256 Hash Values */ 125 #define SHA256_DIGEST_SIZE 32 126 127 typedef uint8_t TPMI_YES_NO; 128 typedef uint32_t TPM_CC; 129 typedef uint32_t TPM_HANDLE; 130 typedef TPM_HANDLE TPMI_DH_OBJECT; 131 typedef TPM_HANDLE TPMI_DH_PCR; 132 typedef TPM_HANDLE TPMI_DH_PERSISTENT; 133 typedef TPM_HANDLE TPMI_RH_ENABLES; 134 typedef TPM_HANDLE TPMI_RH_HIERARCHY; 135 typedef TPM_HANDLE TPMI_RH_NV_INDEX; 136 typedef TPM_HANDLE TPMI_RH_PROVISION; 137 typedef uint32_t TPM_CAP; 138 typedef uint32_t TPM_PT; 139 typedef uint16_t TPM_SU; 140 typedef uint16_t TPM_ALG_ID; 141 typedef TPM_ALG_ID TPMI_ALG_HASH; 142 typedef uint32_t TPMA_NV; 143 144 typedef struct { 145 uint16_t size; 146 const uint8_t *buffer; 147 } TPM2B, TPM2B_DIGEST, TPM2B_AUTH, TPM2B_NAME; 148 149 typedef struct { 150 TPM_PT property; 151 uint32_t value; 152 } TPMS_TAGGED_PROPERTY; 153 154 typedef struct { 155 uint32_t count; 156 TPMS_TAGGED_PROPERTY tpm_property[1]; 157 } TPML_TAGGED_TPM_PROPERTY; 158 159 typedef union { 160 uint8_t sha256[SHA256_DIGEST_SIZE]; 161 } TPMU_HA; 162 163 typedef struct { 164 TPMI_ALG_HASH hashAlg; 165 TPMU_HA digest; 166 } TPMT_HA; 167 168 typedef struct { 169 uint32_t count; 170 TPMT_HA digests[HASH_COUNT]; 171 } TPML_DIGEST_VALUES; 172 173 typedef union { 174 TPML_TAGGED_TPM_PROPERTY tpm_properties; 175 } TPMU_CAPABILITIES; 176 177 typedef struct { 178 TPM_CAP capability; 179 TPMU_CAPABILITIES data; 180 } TPMS_CAPABILITY_DATA; 181 182 typedef struct { 183 TPMI_RH_NV_INDEX nvIndex; 184 TPMI_ALG_HASH nameAlg; 185 TPMA_NV attributes; 186 TPM2B authPolicy; 187 uint16_t dataSize; 188 } TPMS_NV_PUBLIC; 189 190 struct tpm2_nv_define_space_cmd { 191 TPM2B auth; 192 TPMS_NV_PUBLIC publicInfo; 193 }; 194 195 struct tpm2_nv_undefine_space_cmd { 196 TPMI_RH_NV_INDEX nvIndex; 197 uint8_t use_platform_auth; 198 }; 199 200 struct tpm2_nv_read_cmd { 201 TPMI_RH_NV_INDEX nvIndex; 202 uint16_t size; 203 uint16_t offset; 204 }; 205 206 struct tpm2_nv_write_cmd { 207 TPMI_RH_NV_INDEX nvIndex; 208 TPM2B data; 209 uint16_t offset; 210 }; 211 212 struct tpm2_nv_read_lock_cmd { 213 TPMI_RH_NV_INDEX nvIndex; 214 }; 215 216 struct tpm2_nv_write_lock_cmd { 217 TPMI_RH_NV_INDEX nvIndex; 218 }; 219 220 struct tpm2_nv_read_public_cmd { 221 TPMI_RH_NV_INDEX nvIndex; 222 }; 223 224 struct tpm2_hierarchy_control_cmd { 225 TPMI_RH_ENABLES enable; 226 TPMI_YES_NO state; 227 }; 228 229 struct tpm2_get_capability_cmd { 230 TPM_CAP capability; 231 uint32_t property; 232 uint32_t property_count; 233 }; 234 235 struct tpm2_get_random_cmd { 236 uint16_t bytes_requested; 237 }; 238 239 struct tpm2_self_test_cmd { 240 TPMI_YES_NO full_test; 241 }; 242 243 struct tpm2_startup_cmd { 244 TPM_SU startup_type; 245 }; 246 247 struct tpm2_shutdown_cmd { 248 TPM_SU shutdown_type; 249 }; 250 251 struct tpm2_pcr_extend_cmd { 252 TPMI_DH_PCR pcrHandle; 253 TPML_DIGEST_VALUES digests; 254 }; 255 256 struct tpm2_read_public_cmd { 257 TPMI_DH_OBJECT object_handle; 258 }; 259 260 struct tpm2_evict_control_cmd { 261 TPMI_RH_PROVISION auth; 262 TPMI_DH_OBJECT object_handle; 263 TPMI_DH_PERSISTENT persistent_handle; 264 }; 265 266 struct tpm2_create_primary_cmd { 267 TPMI_RH_HIERARCHY primary_handle; 268 TPM2B in_sensitive; 269 TPM2B in_public; 270 }; 271 272 /* Common command/response header. */ 273 struct tpm_header { 274 uint16_t tpm_tag; 275 uint32_t tpm_size; 276 uint32_t tpm_code; 277 } __attribute__((packed)); 278 279 struct nv_read_response { 280 uint32_t params_size; 281 TPM2B buffer; 282 }; 283 284 struct read_public_response { 285 TPM2B buffer; 286 }; 287 288 struct tpm2_session_attrs { 289 uint8_t continueSession : 1; 290 uint8_t auditExclusive : 1; 291 uint8_t auditReset : 1; 292 uint8_t reserved3_4 : 2; 293 uint8_t decrypt : 1; 294 uint8_t encrypt : 1; 295 uint8_t audit : 1; 296 }; 297 298 struct tpm2_session_header { 299 uint32_t session_handle; 300 uint16_t nonce_size; 301 uint8_t *nonce; 302 union { 303 struct tpm2_session_attrs session_attr_bits; 304 uint8_t session_attrs; 305 } __attribute__((packed)); 306 uint16_t auth_size; 307 uint8_t *auth; 308 }; 309 310 struct get_capability_response { 311 TPMI_YES_NO more_data; 312 TPMS_CAPABILITY_DATA capability_data; 313 } __attribute__((packed)); 314 315 struct get_random_response { 316 TPM2B_DIGEST random_bytes; 317 } __attribute__((packed)); 318 319 struct nv_read_public_response { 320 TPMS_NV_PUBLIC nvPublic; 321 TPM2B_NAME nvName; 322 } __attribute__((packed)); 323 324 struct create_primary_response { 325 TPM_HANDLE object_handle; 326 } __attribute__((packed)); 327 328 struct tpm2_response { 329 struct tpm_header hdr; 330 union { 331 struct nv_read_response nvr; 332 struct tpm2_session_header def_space; 333 struct get_capability_response cap; 334 struct get_random_response random; 335 struct nv_read_public_response nv_read_public; 336 struct read_public_response read_pub; 337 struct create_primary_response create_primary; 338 }; 339 }; 340 341 typedef struct { 342 uint32_t ownerAuthSet : 1; 343 uint32_t endorsementAuthSet : 1; 344 uint32_t lockoutAuthSet : 1; 345 uint32_t reserved3_7 : 5; 346 uint32_t disableClear : 1; 347 uint32_t inLockout : 1; 348 uint32_t tpmGeneratedEPS : 1; 349 uint32_t reserved11_31 : 21; 350 } TPM_PERMANENT_FLAGS; 351 352 typedef struct { 353 uint32_t phEnable : 1; 354 uint32_t shEnable : 1; 355 uint32_t ehEnable : 1; 356 uint32_t phEnableNV : 1; 357 uint32_t reserved4_30 : 27; 358 uint32_t orderly : 1; 359 } TPM_STCLEAR_FLAGS; 360 361 typedef struct tdTPM_IFX_FIELDUPGRADEINFO 362 { 363 } TPM_IFX_FIELDUPGRADEINFO; 364 365 /* TODO(apronin): For TPM2 certain properties must be received using 366 * TPM2_GetCapability instead of being hardcoded as they are now: 367 * TPM_MAX_COMMAND_SIZE -> use TPM_PT_MAX_COMMAND_SIZE for TPM2. 368 * TPM_PCR_DIGEST -> use TPM_PT_MAX_DIGEST for TPM2. 369 */ 370 #define TPM_MAX_COMMAND_SIZE 4096 371 #define TPM_PCR_DIGEST 32 372 373 #ifdef __cplusplus 374 } 375 #endif /* __cplusplus */ 376 377 #endif /* VBOOT_REFERENCE_TPM2_TSS_CONSTANTS_H_ */ 378