1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2013 The ChromiumOS Authors 2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file. 4*8617a60dSAndroid Build Coastguard Worker * 5*8617a60dSAndroid Build Coastguard Worker * TPM Lightweight Command Library. 6*8617a60dSAndroid Build Coastguard Worker * 7*8617a60dSAndroid Build Coastguard Worker * A low-level library for interfacing to TPM hardware or an emulator. 8*8617a60dSAndroid Build Coastguard Worker */ 9*8617a60dSAndroid Build Coastguard Worker 10*8617a60dSAndroid Build Coastguard Worker #ifndef VBOOT_REFERENCE_TLCL_H_ 11*8617a60dSAndroid Build Coastguard Worker #define VBOOT_REFERENCE_TLCL_H_ 12*8617a60dSAndroid Build Coastguard Worker 13*8617a60dSAndroid Build Coastguard Worker #include <stddef.h> 14*8617a60dSAndroid Build Coastguard Worker #include <stdint.h> 15*8617a60dSAndroid Build Coastguard Worker 16*8617a60dSAndroid Build Coastguard Worker #include "tss_constants.h" 17*8617a60dSAndroid Build Coastguard Worker 18*8617a60dSAndroid Build Coastguard Worker #ifdef __cplusplus 19*8617a60dSAndroid Build Coastguard Worker extern "C" { 20*8617a60dSAndroid Build Coastguard Worker #endif 21*8617a60dSAndroid Build Coastguard Worker 22*8617a60dSAndroid Build Coastguard Worker /*****************************************************************************/ 23*8617a60dSAndroid Build Coastguard Worker /* Functions implemented in tlcl.c */ 24*8617a60dSAndroid Build Coastguard Worker 25*8617a60dSAndroid Build Coastguard Worker /** 26*8617a60dSAndroid Build Coastguard Worker * Call this first. Returns 0 if success, nonzero if error. 27*8617a60dSAndroid Build Coastguard Worker */ 28*8617a60dSAndroid Build Coastguard Worker uint32_t TlclLibInit(void); 29*8617a60dSAndroid Build Coastguard Worker 30*8617a60dSAndroid Build Coastguard Worker /** 31*8617a60dSAndroid Build Coastguard Worker * Call this on shutdown. Returns 0 if success, nonzero if error. 32*8617a60dSAndroid Build Coastguard Worker */ 33*8617a60dSAndroid Build Coastguard Worker uint32_t TlclLibClose(void); 34*8617a60dSAndroid Build Coastguard Worker 35*8617a60dSAndroid Build Coastguard Worker /* Low-level operations */ 36*8617a60dSAndroid Build Coastguard Worker 37*8617a60dSAndroid Build Coastguard Worker /** 38*8617a60dSAndroid Build Coastguard Worker * Perform a raw TPM request/response transaction. 39*8617a60dSAndroid Build Coastguard Worker */ 40*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response, 41*8617a60dSAndroid Build Coastguard Worker int max_length); 42*8617a60dSAndroid Build Coastguard Worker 43*8617a60dSAndroid Build Coastguard Worker /** 44*8617a60dSAndroid Build Coastguard Worker * Return the size of a TPM request or response packet. 45*8617a60dSAndroid Build Coastguard Worker */ 46*8617a60dSAndroid Build Coastguard Worker int TlclPacketSize(const uint8_t *packet); 47*8617a60dSAndroid Build Coastguard Worker 48*8617a60dSAndroid Build Coastguard Worker /* Commands */ 49*8617a60dSAndroid Build Coastguard Worker 50*8617a60dSAndroid Build Coastguard Worker /** 51*8617a60dSAndroid Build Coastguard Worker * Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for 52*8617a60dSAndroid Build Coastguard Worker * success). 53*8617a60dSAndroid Build Coastguard Worker */ 54*8617a60dSAndroid Build Coastguard Worker uint32_t TlclStartup(void); 55*8617a60dSAndroid Build Coastguard Worker 56*8617a60dSAndroid Build Coastguard Worker /** 57*8617a60dSAndroid Build Coastguard Worker * Save the TPM state. Normally done by the kernel before a suspend, included 58*8617a60dSAndroid Build Coastguard Worker * here for tests. The TPM error code is returned (0 for success). 59*8617a60dSAndroid Build Coastguard Worker */ 60*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSaveState(void); 61*8617a60dSAndroid Build Coastguard Worker 62*8617a60dSAndroid Build Coastguard Worker /** 63*8617a60dSAndroid Build Coastguard Worker * Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned 64*8617a60dSAndroid Build Coastguard Worker * (0 for success). 65*8617a60dSAndroid Build Coastguard Worker */ 66*8617a60dSAndroid Build Coastguard Worker uint32_t TlclResume(void); 67*8617a60dSAndroid Build Coastguard Worker 68*8617a60dSAndroid Build Coastguard Worker /** 69*8617a60dSAndroid Build Coastguard Worker * Run the self test. 70*8617a60dSAndroid Build Coastguard Worker * 71*8617a60dSAndroid Build Coastguard Worker * Note---this is synchronous. To run this in parallel with other firmware, 72*8617a60dSAndroid Build Coastguard Worker * use ContinueSelfTest(). The TPM error code is returned. 73*8617a60dSAndroid Build Coastguard Worker */ 74*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSelfTestFull(void); 75*8617a60dSAndroid Build Coastguard Worker 76*8617a60dSAndroid Build Coastguard Worker /** 77*8617a60dSAndroid Build Coastguard Worker * Run the self test in the background. 78*8617a60dSAndroid Build Coastguard Worker */ 79*8617a60dSAndroid Build Coastguard Worker uint32_t TlclContinueSelfTest(void); 80*8617a60dSAndroid Build Coastguard Worker 81*8617a60dSAndroid Build Coastguard Worker /** 82*8617a60dSAndroid Build Coastguard Worker * Define a space with permission [perm]. [index] is the index for the space, 83*8617a60dSAndroid Build Coastguard Worker * [size] the usable data size. The TPM error code is returned. 84*8617a60dSAndroid Build Coastguard Worker */ 85*8617a60dSAndroid Build Coastguard Worker uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size); 86*8617a60dSAndroid Build Coastguard Worker 87*8617a60dSAndroid Build Coastguard Worker /** 88*8617a60dSAndroid Build Coastguard Worker * Define a space using owner authorization secret [owner_auth]. The space is 89*8617a60dSAndroid Build Coastguard Worker * set up to have permission [perm]. [index] is the index for the space, [size] 90*8617a60dSAndroid Build Coastguard Worker * the usable data size. Optional auth policy (such as PCR selections) can be 91*8617a60dSAndroid Build Coastguard Worker * passed via [auth_policy]. The TPM error code is returned. 92*8617a60dSAndroid Build Coastguard Worker */ 93*8617a60dSAndroid Build Coastguard Worker uint32_t TlclDefineSpaceEx(const uint8_t* owner_auth, uint32_t owner_auth_size, 94*8617a60dSAndroid Build Coastguard Worker uint32_t index, uint32_t perm, uint32_t size, 95*8617a60dSAndroid Build Coastguard Worker const void* auth_policy, uint32_t auth_policy_size); 96*8617a60dSAndroid Build Coastguard Worker 97*8617a60dSAndroid Build Coastguard Worker /** 98*8617a60dSAndroid Build Coastguard Worker * Initializes [auth_policy] to require PCR binding of the given 99*8617a60dSAndroid Build Coastguard Worker * [pcr_selection_bitmap]. The PCR values are passed in the [pcr_values] 100*8617a60dSAndroid Build Coastguard Worker * parameter with each entry corresponding to the sequence of indexes that 101*8617a60dSAndroid Build Coastguard Worker * corresponds to the bits that are set in [pcr_selection_bitmap]. Returns 102*8617a60dSAndroid Build Coastguard Worker * TPM_SUCCESS if successful, TPM_E_BUFFER_SIZE if the provided buffer is too 103*8617a60dSAndroid Build Coastguard Worker * short. The actual size of the policy will be set in [auth_policy_size] upon 104*8617a60dSAndroid Build Coastguard Worker * return, also for the case of insufficient buffer size. 105*8617a60dSAndroid Build Coastguard Worker */ 106*8617a60dSAndroid Build Coastguard Worker uint32_t TlclInitNvAuthPolicy(uint32_t pcr_selection_bitmap, 107*8617a60dSAndroid Build Coastguard Worker const uint8_t pcr_values[][TPM_PCR_DIGEST], 108*8617a60dSAndroid Build Coastguard Worker void* auth_policy, uint32_t* auth_policy_size); 109*8617a60dSAndroid Build Coastguard Worker 110*8617a60dSAndroid Build Coastguard Worker /** 111*8617a60dSAndroid Build Coastguard Worker * Write [length] bytes of [data] to space at [index]. The TPM error code is 112*8617a60dSAndroid Build Coastguard Worker * returned. 113*8617a60dSAndroid Build Coastguard Worker */ 114*8617a60dSAndroid Build Coastguard Worker uint32_t TlclWrite(uint32_t index, const void *data, uint32_t length); 115*8617a60dSAndroid Build Coastguard Worker 116*8617a60dSAndroid Build Coastguard Worker /** 117*8617a60dSAndroid Build Coastguard Worker * Read [length] bytes from space at [index] into [data]. The TPM error code 118*8617a60dSAndroid Build Coastguard Worker * is returned. 119*8617a60dSAndroid Build Coastguard Worker */ 120*8617a60dSAndroid Build Coastguard Worker uint32_t TlclRead(uint32_t index, void *data, uint32_t length); 121*8617a60dSAndroid Build Coastguard Worker 122*8617a60dSAndroid Build Coastguard Worker /** 123*8617a60dSAndroid Build Coastguard Worker * Read PCR at [index] into [data]. [length] must be TPM_PCR_DIGEST or 124*8617a60dSAndroid Build Coastguard Worker * larger. The TPM error code is returned. 125*8617a60dSAndroid Build Coastguard Worker */ 126*8617a60dSAndroid Build Coastguard Worker uint32_t TlclPCRRead(uint32_t index, void *data, uint32_t length); 127*8617a60dSAndroid Build Coastguard Worker 128*8617a60dSAndroid Build Coastguard Worker /** 129*8617a60dSAndroid Build Coastguard Worker * Write-lock space at [index]. The TPM error code is returned. 130*8617a60dSAndroid Build Coastguard Worker */ 131*8617a60dSAndroid Build Coastguard Worker uint32_t TlclWriteLock(uint32_t index); 132*8617a60dSAndroid Build Coastguard Worker 133*8617a60dSAndroid Build Coastguard Worker /** 134*8617a60dSAndroid Build Coastguard Worker * Read-lock space at [index]. The TPM error code is returned. 135*8617a60dSAndroid Build Coastguard Worker */ 136*8617a60dSAndroid Build Coastguard Worker uint32_t TlclReadLock(uint32_t index); 137*8617a60dSAndroid Build Coastguard Worker 138*8617a60dSAndroid Build Coastguard Worker /** 139*8617a60dSAndroid Build Coastguard Worker * Assert physical presence in software. The TPM error code is returned. 140*8617a60dSAndroid Build Coastguard Worker */ 141*8617a60dSAndroid Build Coastguard Worker uint32_t TlclAssertPhysicalPresence(void); 142*8617a60dSAndroid Build Coastguard Worker 143*8617a60dSAndroid Build Coastguard Worker /** 144*8617a60dSAndroid Build Coastguard Worker * Enable the physical presence command. The TPM error code is returned. 145*8617a60dSAndroid Build Coastguard Worker */ 146*8617a60dSAndroid Build Coastguard Worker uint32_t TlclPhysicalPresenceCMDEnable(void); 147*8617a60dSAndroid Build Coastguard Worker 148*8617a60dSAndroid Build Coastguard Worker /** 149*8617a60dSAndroid Build Coastguard Worker * Finalize the physical presence settings: sofware PP is enabled, hardware PP 150*8617a60dSAndroid Build Coastguard Worker * is disabled, and the lifetime lock is set. The TPM error code is returned. 151*8617a60dSAndroid Build Coastguard Worker */ 152*8617a60dSAndroid Build Coastguard Worker uint32_t TlclFinalizePhysicalPresence(void); 153*8617a60dSAndroid Build Coastguard Worker 154*8617a60dSAndroid Build Coastguard Worker uint32_t TlclAssertPhysicalPresenceResult(void); 155*8617a60dSAndroid Build Coastguard Worker 156*8617a60dSAndroid Build Coastguard Worker /** 157*8617a60dSAndroid Build Coastguard Worker * Turn off physical presence and locks it off until next reboot. The TPM 158*8617a60dSAndroid Build Coastguard Worker * error code is returned. 159*8617a60dSAndroid Build Coastguard Worker */ 160*8617a60dSAndroid Build Coastguard Worker uint32_t TlclLockPhysicalPresence(void); 161*8617a60dSAndroid Build Coastguard Worker 162*8617a60dSAndroid Build Coastguard Worker /** 163*8617a60dSAndroid Build Coastguard Worker * Set the nvLocked bit. The TPM error code is returned. 164*8617a60dSAndroid Build Coastguard Worker */ 165*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSetNvLocked(void); 166*8617a60dSAndroid Build Coastguard Worker 167*8617a60dSAndroid Build Coastguard Worker /** 168*8617a60dSAndroid Build Coastguard Worker * Return 1 if the TPM is owned, 0 otherwise. 169*8617a60dSAndroid Build Coastguard Worker */ 170*8617a60dSAndroid Build Coastguard Worker int TlclIsOwned(void); 171*8617a60dSAndroid Build Coastguard Worker 172*8617a60dSAndroid Build Coastguard Worker /** 173*8617a60dSAndroid Build Coastguard Worker * Issue a ForceClear. The TPM error code is returned. 174*8617a60dSAndroid Build Coastguard Worker */ 175*8617a60dSAndroid Build Coastguard Worker uint32_t TlclForceClear(void); 176*8617a60dSAndroid Build Coastguard Worker 177*8617a60dSAndroid Build Coastguard Worker /** 178*8617a60dSAndroid Build Coastguard Worker * Issue a PhysicalEnable. The TPM error code is returned. 179*8617a60dSAndroid Build Coastguard Worker */ 180*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSetEnable(void); 181*8617a60dSAndroid Build Coastguard Worker 182*8617a60dSAndroid Build Coastguard Worker /** 183*8617a60dSAndroid Build Coastguard Worker * Issue a PhysicalDisable. The TPM error code is returned. 184*8617a60dSAndroid Build Coastguard Worker */ 185*8617a60dSAndroid Build Coastguard Worker uint32_t TlclClearEnable(void); 186*8617a60dSAndroid Build Coastguard Worker 187*8617a60dSAndroid Build Coastguard Worker /** 188*8617a60dSAndroid Build Coastguard Worker * Issue a SetDeactivated. Pass 0 to activate. Returns result code. 189*8617a60dSAndroid Build Coastguard Worker */ 190*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSetDeactivated(uint8_t flag); 191*8617a60dSAndroid Build Coastguard Worker 192*8617a60dSAndroid Build Coastguard Worker /** 193*8617a60dSAndroid Build Coastguard Worker * Get flags of interest. Pointers for flags you aren't interested in may 194*8617a60dSAndroid Build Coastguard Worker * be NULL. The TPM error code is returned. 195*8617a60dSAndroid Build Coastguard Worker */ 196*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetFlags(uint8_t *disable, uint8_t *deactivated, 197*8617a60dSAndroid Build Coastguard Worker uint8_t *nvlocked); 198*8617a60dSAndroid Build Coastguard Worker 199*8617a60dSAndroid Build Coastguard Worker /** 200*8617a60dSAndroid Build Coastguard Worker * Set the bGlobalLock flag, which only a reboot can clear. The TPM error 201*8617a60dSAndroid Build Coastguard Worker * code is returned. 202*8617a60dSAndroid Build Coastguard Worker */ 203*8617a60dSAndroid Build Coastguard Worker uint32_t TlclSetGlobalLock(void); 204*8617a60dSAndroid Build Coastguard Worker 205*8617a60dSAndroid Build Coastguard Worker /** 206*8617a60dSAndroid Build Coastguard Worker * Perform a TPM_Extend. 207*8617a60dSAndroid Build Coastguard Worker */ 208*8617a60dSAndroid Build Coastguard Worker uint32_t TlclExtend(int pcr_num, const uint8_t *in_digest, uint8_t *out_digest); 209*8617a60dSAndroid Build Coastguard Worker 210*8617a60dSAndroid Build Coastguard Worker /** 211*8617a60dSAndroid Build Coastguard Worker * Get the permission bits for the NVRAM space with |index|. 212*8617a60dSAndroid Build Coastguard Worker */ 213*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetPermissions(uint32_t index, uint32_t *permissions); 214*8617a60dSAndroid Build Coastguard Worker 215*8617a60dSAndroid Build Coastguard Worker /** 216*8617a60dSAndroid Build Coastguard Worker * Get the public information about the NVRAM space identified by |index|. All 217*8617a60dSAndroid Build Coastguard Worker * other parameters are filled in with the respective information. 218*8617a60dSAndroid Build Coastguard Worker * |auth_policy_size| is both an input an output parameter. It should contain 219*8617a60dSAndroid Build Coastguard Worker * the available buffer size in |auth_policy| and will be updated to indicate 220*8617a60dSAndroid Build Coastguard Worker * the size of the filled in auth policy upon return. If the buffer size is not 221*8617a60dSAndroid Build Coastguard Worker * sufficient, the return value will be TPM_E_BUFFER_SIZE. 222*8617a60dSAndroid Build Coastguard Worker */ 223*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetSpaceInfo(uint32_t index, uint32_t *attributes, uint32_t *size, 224*8617a60dSAndroid Build Coastguard Worker void* auth_policy, uint32_t* auth_policy_size); 225*8617a60dSAndroid Build Coastguard Worker 226*8617a60dSAndroid Build Coastguard Worker /** 227*8617a60dSAndroid Build Coastguard Worker * Get the entire set of permanent flags. 228*8617a60dSAndroid Build Coastguard Worker */ 229*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetPermanentFlags(TPM_PERMANENT_FLAGS *pflags); 230*8617a60dSAndroid Build Coastguard Worker 231*8617a60dSAndroid Build Coastguard Worker /** 232*8617a60dSAndroid Build Coastguard Worker * Get the entire set of volatile (ST_CLEAR) flags. 233*8617a60dSAndroid Build Coastguard Worker */ 234*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetSTClearFlags(TPM_STCLEAR_FLAGS *pflags); 235*8617a60dSAndroid Build Coastguard Worker 236*8617a60dSAndroid Build Coastguard Worker /** 237*8617a60dSAndroid Build Coastguard Worker * Get the ownership flag. The TPM error code is returned. 238*8617a60dSAndroid Build Coastguard Worker */ 239*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetOwnership(uint8_t *owned); 240*8617a60dSAndroid Build Coastguard Worker 241*8617a60dSAndroid Build Coastguard Worker /** 242*8617a60dSAndroid Build Coastguard Worker * Request [length] bytes from TPM RNG to be stored in [data]. Actual number of 243*8617a60dSAndroid Build Coastguard Worker * bytes read is stored in [size]. The TPM error code is returned. 244*8617a60dSAndroid Build Coastguard Worker */ 245*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetRandom(uint8_t *data, uint32_t length, uint32_t *size); 246*8617a60dSAndroid Build Coastguard Worker 247*8617a60dSAndroid Build Coastguard Worker /** 248*8617a60dSAndroid Build Coastguard Worker * Requests version information from the TPM. 249*8617a60dSAndroid Build Coastguard Worker * If vendor_specific_buf_size != NULL, requests also the vendor-specific 250*8617a60dSAndroid Build Coastguard Worker * variable-length part of the version: 251*8617a60dSAndroid Build Coastguard Worker * if vendor_specific_buf == NULL, determines its size and returns in 252*8617a60dSAndroid Build Coastguard Worker * *vendor_specific_buf_size; 253*8617a60dSAndroid Build Coastguard Worker * if vendor_specific_buf != NULL, fills the buffer until either the 254*8617a60dSAndroid Build Coastguard Worker * end of the vendor specific data or the end of the buffer, sets 255*8617a60dSAndroid Build Coastguard Worker * *vendor_specific_buf_size to the length of the filled data. 256*8617a60dSAndroid Build Coastguard Worker */ 257*8617a60dSAndroid Build Coastguard Worker uint32_t TlclGetVersion(uint32_t* vendor, uint64_t* firmware_version, 258*8617a60dSAndroid Build Coastguard Worker uint8_t* vendor_specific_buf, 259*8617a60dSAndroid Build Coastguard Worker size_t* vendor_specific_buf_size); 260*8617a60dSAndroid Build Coastguard Worker 261*8617a60dSAndroid Build Coastguard Worker /** 262*8617a60dSAndroid Build Coastguard Worker * Issues the IFX specific FieldUpgradeInfoRequest2 TPM_FieldUpgrade subcommand 263*8617a60dSAndroid Build Coastguard Worker * and fills in [info] with results. 264*8617a60dSAndroid Build Coastguard Worker */ 265*8617a60dSAndroid Build Coastguard Worker uint32_t TlclIFXFieldUpgradeInfo(TPM_IFX_FIELDUPGRADEINFO *info); 266*8617a60dSAndroid Build Coastguard Worker 267*8617a60dSAndroid Build Coastguard Worker /** 268*8617a60dSAndroid Build Coastguard Worker * Read the public area of object. Put at most [length] bytes public area 269*8617a60dSAndroid Build Coastguard Worker * into [data], and the format of [data] is TPMT_PUBLIC. The TPM error code 270*8617a60dSAndroid Build Coastguard Worker * is returned. 271*8617a60dSAndroid Build Coastguard Worker */ 272*8617a60dSAndroid Build Coastguard Worker uint32_t TlclReadPublic(uint32_t handle, uint8_t *data, uint32_t *length); 273*8617a60dSAndroid Build Coastguard Worker 274*8617a60dSAndroid Build Coastguard Worker /** 275*8617a60dSAndroid Build Coastguard Worker * Allow certain Transient Objects to be made persistent or a persistent object 276*8617a60dSAndroid Build Coastguard Worker * to be evicted. If [object_handle] is a transient object handle, then 277*8617a60dSAndroid Build Coastguard Worker * [persistent_handle] is the persistent handle for the object. If 278*8617a60dSAndroid Build Coastguard Worker * [object_handle] is a persistent object handle, then it shall be the same 279*8617a60dSAndroid Build Coastguard Worker * value as [persistent_handle]. 280*8617a60dSAndroid Build Coastguard Worker */ 281*8617a60dSAndroid Build Coastguard Worker uint32_t TlclEvictControl(uint32_t auth_handle, uint32_t object_handle, 282*8617a60dSAndroid Build Coastguard Worker uint32_t persistent_handle); 283*8617a60dSAndroid Build Coastguard Worker 284*8617a60dSAndroid Build Coastguard Worker /** 285*8617a60dSAndroid Build Coastguard Worker * Create a primary object under one of the primary seeds or a temporary object 286*8617a60dSAndroid Build Coastguard Worker * under TPM_RH_NULL. The command uses a TPMT_PUBLIC as a template[tmpl]] for 287*8617a60dSAndroid Build Coastguard Worker * the object to be created, and fills the result handle in [object_handle]. The 288*8617a60dSAndroid Build Coastguard Worker * TPM error code is returned. 289*8617a60dSAndroid Build Coastguard Worker */ 290*8617a60dSAndroid Build Coastguard Worker uint32_t TlclCreatePrimary(uint32_t primary_handle, const void *tmpl, 291*8617a60dSAndroid Build Coastguard Worker uint32_t tmpl_length, uint32_t *object_handle); 292*8617a60dSAndroid Build Coastguard Worker 293*8617a60dSAndroid Build Coastguard Worker #ifdef CHROMEOS_ENVIRONMENT 294*8617a60dSAndroid Build Coastguard Worker 295*8617a60dSAndroid Build Coastguard Worker /** 296*8617a60dSAndroid Build Coastguard Worker * Undefine the space. [index] is the index for the space. The TPM error code 297*8617a60dSAndroid Build Coastguard Worker * is returned. 298*8617a60dSAndroid Build Coastguard Worker */ 299*8617a60dSAndroid Build Coastguard Worker uint32_t TlclUndefineSpace(uint32_t index); 300*8617a60dSAndroid Build Coastguard Worker 301*8617a60dSAndroid Build Coastguard Worker /** 302*8617a60dSAndroid Build Coastguard Worker * Undefine a space. For TPM 2.0, it will use platform authrorization when the 303*8617a60dSAndroid Build Coastguard Worker * space is created by TPMA_NV_PLATFORMCREATE flag, or use owner authorization 304*8617a60dSAndroid Build Coastguard Worker * secret [owner_auth] otherwise. For TPM 1.2, only avaible when physical 305*8617a60dSAndroid Build Coastguard Worker * presence is set or TPM_PERMANENT_FLAGS->nvLocked is not set. 306*8617a60dSAndroid Build Coastguard Worker * [index] is the index for the space 307*8617a60dSAndroid Build Coastguard Worker * The TPM error code is returned. 308*8617a60dSAndroid Build Coastguard Worker */ 309*8617a60dSAndroid Build Coastguard Worker uint32_t TlclUndefineSpaceEx(const uint8_t* owner_auth, 310*8617a60dSAndroid Build Coastguard Worker uint32_t owner_auth_size, 311*8617a60dSAndroid Build Coastguard Worker uint32_t index); 312*8617a60dSAndroid Build Coastguard Worker 313*8617a60dSAndroid Build Coastguard Worker #ifndef TPM2_MODE 314*8617a60dSAndroid Build Coastguard Worker 315*8617a60dSAndroid Build Coastguard Worker /** 316*8617a60dSAndroid Build Coastguard Worker * Read the public half of the EK. 317*8617a60dSAndroid Build Coastguard Worker */ 318*8617a60dSAndroid Build Coastguard Worker uint32_t TlclReadPubek(uint32_t* public_exponent, 319*8617a60dSAndroid Build Coastguard Worker uint8_t* modulus, 320*8617a60dSAndroid Build Coastguard Worker uint32_t* modulus_size); 321*8617a60dSAndroid Build Coastguard Worker 322*8617a60dSAndroid Build Coastguard Worker /** 323*8617a60dSAndroid Build Coastguard Worker * Takes ownership of the TPM. [enc_owner_auth] and [enc_srk_auth] are the owner 324*8617a60dSAndroid Build Coastguard Worker * and SRK authorization secrets encrypted under the endorsement key. The clear 325*8617a60dSAndroid Build Coastguard Worker * text [owner_auth] needs to be passed as well for command auth. 326*8617a60dSAndroid Build Coastguard Worker */ 327*8617a60dSAndroid Build Coastguard Worker uint32_t TlclTakeOwnership(const uint8_t enc_owner_auth[TPM_RSA_2048_LEN], 328*8617a60dSAndroid Build Coastguard Worker const uint8_t enc_srk_auth[TPM_RSA_2048_LEN], 329*8617a60dSAndroid Build Coastguard Worker const uint8_t owner_auth[TPM_AUTH_DATA_LEN]); 330*8617a60dSAndroid Build Coastguard Worker 331*8617a60dSAndroid Build Coastguard Worker /** 332*8617a60dSAndroid Build Coastguard Worker * Create a delegation family with the specified [family_label]. 333*8617a60dSAndroid Build Coastguard Worker */ 334*8617a60dSAndroid Build Coastguard Worker uint32_t TlclCreateDelegationFamily(uint8_t family_label); 335*8617a60dSAndroid Build Coastguard Worker 336*8617a60dSAndroid Build Coastguard Worker /** 337*8617a60dSAndroid Build Coastguard Worker * Read the delegation family table. Entries are stored in [table]. The size of 338*8617a60dSAndroid Build Coastguard Worker * the family table array must be specified in [table_size]. [table_size] gets 339*8617a60dSAndroid Build Coastguard Worker * updated to indicate actual number of table entries available. 340*8617a60dSAndroid Build Coastguard Worker */ 341*8617a60dSAndroid Build Coastguard Worker uint32_t TlclReadDelegationFamilyTable(TPM_FAMILY_TABLE_ENTRY *table, 342*8617a60dSAndroid Build Coastguard Worker uint32_t* table_size); 343*8617a60dSAndroid Build Coastguard Worker 344*8617a60dSAndroid Build Coastguard Worker #endif /* TPM2_MODE */ 345*8617a60dSAndroid Build Coastguard Worker #endif /* CHROMEOS_ENVIRONMENT */ 346*8617a60dSAndroid Build Coastguard Worker 347*8617a60dSAndroid Build Coastguard Worker #ifdef __cplusplus 348*8617a60dSAndroid Build Coastguard Worker } 349*8617a60dSAndroid Build Coastguard Worker #endif 350*8617a60dSAndroid Build Coastguard Worker 351*8617a60dSAndroid Build Coastguard Worker #endif /* VBOOT_REFERENCE_TLCL_H_ */ 352