1
2
3
4
5
6
7#ifndef __TPM_V1_H
8#define __TPM_V1_H
9
10#include <tpm-common.h>
11#include <linux/bitops.h>
12
13struct udevice;
14
15
16enum {
17 TPM_REQUEST_HEADER_LENGTH = 10,
18 TPM_RESPONSE_HEADER_LENGTH = 10,
19 PCR_DIGEST_LENGTH = 20,
20 DIGEST_LENGTH = 20,
21 TPM_REQUEST_AUTH_LENGTH = 45,
22 TPM_RESPONSE_AUTH_LENGTH = 41,
23
24 TPM_KEY12_MAX_LENGTH = 618,
25 TPM_PUBKEY_MAX_LENGTH = 288,
26};
27
28enum tpm_startup_type {
29 TPM_ST_CLEAR = 0x0001,
30 TPM_ST_STATE = 0x0002,
31 TPM_ST_DEACTIVATED = 0x0003,
32};
33
34enum tpm_physical_presence {
35 TPM_PHYSICAL_PRESENCE_HW_DISABLE = 0x0200,
36 TPM_PHYSICAL_PRESENCE_CMD_DISABLE = 0x0100,
37 TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK = 0x0080,
38 TPM_PHYSICAL_PRESENCE_HW_ENABLE = 0x0040,
39 TPM_PHYSICAL_PRESENCE_CMD_ENABLE = 0x0020,
40 TPM_PHYSICAL_PRESENCE_NOTPRESENT = 0x0010,
41 TPM_PHYSICAL_PRESENCE_PRESENT = 0x0008,
42 TPM_PHYSICAL_PRESENCE_LOCK = 0x0004,
43};
44
45enum tpm_nv_index {
46 TPM_NV_INDEX_LOCK = 0xffffffff,
47 TPM_NV_INDEX_0 = 0x00000000,
48 TPM_NV_INDEX_DIR = 0x10000001,
49};
50
51enum tpm_resource_type {
52 TPM_RT_KEY = 0x00000001,
53 TPM_RT_AUTH = 0x00000002,
54 TPM_RT_HASH = 0x00000003,
55 TPM_RT_TRANS = 0x00000004,
56 TPM_RT_CONTEXT = 0x00000005,
57 TPM_RT_COUNTER = 0x00000006,
58 TPM_RT_DELEGATE = 0x00000007,
59 TPM_RT_DAA_TPM = 0x00000008,
60 TPM_RT_DAA_V0 = 0x00000009,
61 TPM_RT_DAA_V1 = 0x0000000A,
62};
63
64enum tpm_capability_areas {
65 TPM_CAP_ORD = 0x00000001,
66 TPM_CAP_ALG = 0x00000002,
67 TPM_CAP_PID = 0x00000003,
68 TPM_CAP_FLAG = 0x00000004,
69 TPM_CAP_PROPERTY = 0x00000005,
70 TPM_CAP_VERSION = 0x00000006,
71 TPM_CAP_KEY_HANDLE = 0x00000007,
72 TPM_CAP_CHECK_LOADED = 0x00000008,
73 TPM_CAP_SYM_MODE = 0x00000009,
74 TPM_CAP_KEY_STATUS = 0x0000000C,
75 TPM_CAP_NV_LIST = 0x0000000D,
76 TPM_CAP_MFR = 0x00000010,
77 TPM_CAP_NV_INDEX = 0x00000011,
78 TPM_CAP_TRANS_ALG = 0x00000012,
79 TPM_CAP_HANDLE = 0x00000014,
80 TPM_CAP_TRANS_ES = 0x00000015,
81 TPM_CAP_AUTH_ENCRYPT = 0x00000017,
82 TPM_CAP_SELECT_SIZE = 0x00000018,
83 TPM_CAP_DA_LOGIC = 0x00000019,
84 TPM_CAP_VERSION_VAL = 0x0000001A,
85};
86
87enum tmp_cap_flag {
88 TPM_CAP_FLAG_PERMANENT = 0x108,
89};
90
91#define TPM_TAG_PERMANENT_FLAGS 0x001f
92
93#define TPM_NV_PER_GLOBALLOCK BIT(15)
94#define TPM_NV_PER_PPREAD BIT(16)
95#define TPM_NV_PER_PPWRITE BIT(0)
96#define TPM_NV_PER_READ_STCLEAR BIT(31)
97#define TPM_NV_PER_WRITE_STCLEAR BIT(14)
98#define TPM_NV_PER_WRITEDEFINE BIT(13)
99#define TPM_NV_PER_WRITEALL BIT(12)
100
101enum {
102 TPM_PUBEK_SIZE = 256,
103};
104
105enum {
106 TPM_CMD_EXTEND = 0x14,
107 TPM_CMD_GET_CAPABILITY = 0x65,
108 TPM_CMD_NV_DEFINE_SPACE = 0xcc,
109 TPM_CMD_NV_WRITE_VALUE = 0xcd,
110 TPM_CMD_NV_READ_VALUE = 0xcf,
111};
112
113
114
115
116
117enum tpm_return_code {
118 TPM_BASE = 0x00000000,
119 TPM_NON_FATAL = 0x00000800,
120 TPM_SUCCESS = TPM_BASE,
121
122 TPM_AUTHFAIL = TPM_BASE + 1,
123 TPM_BADINDEX = TPM_BASE + 2,
124 TPM_BAD_PARAMETER = TPM_BASE + 3,
125 TPM_AUDITFAILURE = TPM_BASE + 4,
126 TPM_CLEAR_DISABLED = TPM_BASE + 5,
127 TPM_DEACTIVATED = TPM_BASE + 6,
128 TPM_DISABLED = TPM_BASE + 7,
129 TPM_DISABLED_CMD = TPM_BASE + 8,
130 TPM_FAIL = TPM_BASE + 9,
131 TPM_BAD_ORDINAL = TPM_BASE + 10,
132 TPM_INSTALL_DISABLED = TPM_BASE + 11,
133 TPM_INVALID_KEYHANDLE = TPM_BASE + 12,
134 TPM_KEYNOTFOUND = TPM_BASE + 13,
135 TPM_INAPPROPRIATE_ENC = TPM_BASE + 14,
136 TPM_MIGRATE_FAIL = TPM_BASE + 15,
137 TPM_INVALID_PCR_INFO = TPM_BASE + 16,
138 TPM_NOSPACE = TPM_BASE + 17,
139 TPM_NOSRK = TPM_BASE + 18,
140 TPM_NOTSEALED_BLOB = TPM_BASE + 19,
141 TPM_OWNER_SET = TPM_BASE + 20,
142 TPM_RESOURCES = TPM_BASE + 21,
143 TPM_SHORTRANDOM = TPM_BASE + 22,
144 TPM_SIZE = TPM_BASE + 23,
145 TPM_WRONGPCRVAL = TPM_BASE + 24,
146 TPM_BAD_PARAM_SIZE = TPM_BASE + 25,
147 TPM_SHA_THREAD = TPM_BASE + 26,
148 TPM_SHA_ERROR = TPM_BASE + 27,
149 TPM_FAILEDSELFTEST = TPM_BASE + 28,
150 TPM_AUTH2FAIL = TPM_BASE + 29,
151 TPM_BADTAG = TPM_BASE + 30,
152 TPM_IOERROR = TPM_BASE + 31,
153 TPM_ENCRYPT_ERROR = TPM_BASE + 32,
154 TPM_DECRYPT_ERROR = TPM_BASE + 33,
155 TPM_INVALID_AUTHHANDLE = TPM_BASE + 34,
156 TPM_NO_ENDORSEMENT = TPM_BASE + 35,
157 TPM_INVALID_KEYUSAGE = TPM_BASE + 36,
158 TPM_WRONG_ENTITYTYPE = TPM_BASE + 37,
159 TPM_INVALID_POSTINIT = TPM_BASE + 38,
160 TPM_INAPPROPRIATE_SIG = TPM_BASE + 39,
161 TPM_BAD_KEY_PROPERTY = TPM_BASE + 40,
162 TPM_BAD_MIGRATION = TPM_BASE + 41,
163 TPM_BAD_SCHEME = TPM_BASE + 42,
164 TPM_BAD_DATASIZE = TPM_BASE + 43,
165 TPM_BAD_MODE = TPM_BASE + 44,
166 TPM_BAD_PRESENCE = TPM_BASE + 45,
167 TPM_BAD_VERSION = TPM_BASE + 46,
168 TPM_NO_WRAP_TRANSPORT = TPM_BASE + 47,
169 TPM_AUDITFAIL_UNSUCCESSFUL = TPM_BASE + 48,
170 TPM_AUDITFAIL_SUCCESSFUL = TPM_BASE + 49,
171 TPM_NOTRESETABLE = TPM_BASE + 50,
172 TPM_NOTLOCAL = TPM_BASE + 51,
173 TPM_BAD_TYPE = TPM_BASE + 52,
174 TPM_INVALID_RESOURCE = TPM_BASE + 53,
175 TPM_NOTFIPS = TPM_BASE + 54,
176 TPM_INVALID_FAMILY = TPM_BASE + 55,
177 TPM_NO_NV_PERMISSION = TPM_BASE + 56,
178 TPM_REQUIRES_SIGN = TPM_BASE + 57,
179 TPM_KEY_NOTSUPPORTED = TPM_BASE + 58,
180 TPM_AUTH_CONFLICT = TPM_BASE + 59,
181 TPM_AREA_LOCKED = TPM_BASE + 60,
182 TPM_BAD_LOCALITY = TPM_BASE + 61,
183 TPM_READ_ONLY = TPM_BASE + 62,
184 TPM_PER_NOWRITE = TPM_BASE + 63,
185 TPM_FAMILY_COUNT = TPM_BASE + 64,
186 TPM_WRITE_LOCKED = TPM_BASE + 65,
187 TPM_BAD_ATTRIBUTES = TPM_BASE + 66,
188 TPM_INVALID_STRUCTURE = TPM_BASE + 67,
189 TPM_KEY_OWNER_CONTROL = TPM_BASE + 68,
190 TPM_BAD_COUNTER = TPM_BASE + 69,
191 TPM_NOT_FULLWRITE = TPM_BASE + 70,
192 TPM_CONTEXT_GAP = TPM_BASE + 71,
193 TPM_MAXNVWRITES = TPM_BASE + 72,
194 TPM_NOOPERATOR = TPM_BASE + 73,
195 TPM_RESOURCEMISSING = TPM_BASE + 74,
196 TPM_DELEGATE_LOCK = TPM_BASE + 75,
197 TPM_DELEGATE_FAMILY = TPM_BASE + 76,
198 TPM_DELEGATE_ADMIN = TPM_BASE + 77,
199 TPM_TRANSPORT_NOTEXCLUSIVE = TPM_BASE + 78,
200 TPM_OWNER_CONTROL = TPM_BASE + 79,
201 TPM_DAA_RESOURCES = TPM_BASE + 80,
202 TPM_DAA_INPUT_DATA0 = TPM_BASE + 81,
203 TPM_DAA_INPUT_DATA1 = TPM_BASE + 82,
204 TPM_DAA_ISSUER_SETTINGS = TPM_BASE + 83,
205 TPM_DAA_TPM_SETTINGS = TPM_BASE + 84,
206 TPM_DAA_STAGE = TPM_BASE + 85,
207 TPM_DAA_ISSUER_VALIDITY = TPM_BASE + 86,
208 TPM_DAA_WRONG_W = TPM_BASE + 87,
209 TPM_BAD_HANDLE = TPM_BASE + 88,
210 TPM_BAD_DELEGATE = TPM_BASE + 89,
211 TPM_BADCONTEXT = TPM_BASE + 90,
212 TPM_TOOMANYCONTEXTS = TPM_BASE + 91,
213 TPM_MA_TICKET_SIGNATURE = TPM_BASE + 92,
214 TPM_MA_DESTINATION = TPM_BASE + 93,
215 TPM_MA_SOURCE = TPM_BASE + 94,
216 TPM_MA_AUTHORITY = TPM_BASE + 95,
217 TPM_PERMANENTEK = TPM_BASE + 97,
218 TPM_BAD_SIGNATURE = TPM_BASE + 98,
219 TPM_NOCONTEXTSPACE = TPM_BASE + 99,
220
221 TPM_RETRY = TPM_BASE + TPM_NON_FATAL,
222 TPM_NEEDS_SELFTEST = TPM_BASE + TPM_NON_FATAL + 1,
223 TPM_DOING_SELFTEST = TPM_BASE + TPM_NON_FATAL + 2,
224 TPM_DEFEND_LOCK_RUNNING = TPM_BASE + TPM_NON_FATAL + 3,
225};
226
227struct tpm_permanent_flags {
228 __be16 tag;
229 u8 disable;
230 u8 ownership;
231 u8 deactivated;
232 u8 read_pubek;
233 u8 disable_owner_clear;
234 u8 allow_maintenance;
235 u8 physical_presence_lifetime_lock;
236 u8 physical_presence_hw_enable;
237 u8 physical_presence_cmd_enable;
238 u8 cekp_used;
239 u8 tpm_post;
240 u8 tpm_post_lock;
241 u8 fips;
242 u8 operator;
243 u8 enable_revoke_ek;
244 u8 nv_locked;
245 u8 read_srk_pub;
246 u8 tpm_established;
247 u8 maintenance_done;
248 u8 disable_full_da_logic_info;
249} __packed;
250
251#define TPM_SHA1_160_HASH_LEN 0x14
252
253struct __packed tpm_composite_hash {
254 u8 digest[TPM_SHA1_160_HASH_LEN];
255};
256
257struct __packed tpm_pcr_selection {
258 __be16 size_of_select;
259 u8 pcr_select[3];
260};
261
262struct __packed tpm_pcr_info_short {
263 struct tpm_pcr_selection pcr_selection;
264 u8 locality_at_release;
265 struct tpm_composite_hash digest_at_release;
266};
267
268struct __packed tpm_nv_attributes {
269 __be16 tag;
270 __be32 attributes;
271};
272
273struct __packed tpm_nv_data_public {
274 __be16 tag;
275 __be32 nv_index;
276 struct tpm_pcr_info_short pcr_info_read;
277 struct tpm_pcr_info_short pcr_info_write;
278 struct tpm_nv_attributes permission;
279 u8 read_st_clear;
280 u8 write_st_clear;
281 u8 write_define;
282 __be32 data_size;
283};
284
285
286
287
288
289
290
291
292u32 tpm1_startup(struct udevice *dev, enum tpm_startup_type mode);
293
294
295
296
297
298
299
300u32 tpm1_self_test_full(struct udevice *dev);
301
302
303
304
305
306
307
308u32 tpm1_continue_self_test(struct udevice *dev);
309
310
311
312
313
314
315
316
317
318
319
320
321u32 tpm1_nv_define_space(struct udevice *dev, u32 index, u32 perm, u32 size);
322
323
324
325
326
327
328
329
330
331
332
333
334u32 tpm1_nv_read_value(struct udevice *dev, u32 index, void *data, u32 count);
335
336
337
338
339
340
341
342
343
344
345
346
347u32 tpm1_nv_write_value(struct udevice *dev, u32 index, const void *data,
348 u32 length);
349
350
351
352
353
354
355
356
357
358
359
360
361u32 tpm1_extend(struct udevice *dev, u32 index, const void *in_digest,
362 void *out_digest);
363
364
365
366
367
368
369
370
371
372
373u32 tpm1_pcr_read(struct udevice *dev, u32 index, void *data, size_t count);
374
375
376
377
378
379
380
381
382
383u32 tpm1_tsc_physical_presence(struct udevice *dev, u16 presence);
384
385
386
387
388
389
390
391
392
393u32 tpm1_read_pubek(struct udevice *dev, void *data, size_t count);
394
395
396
397
398
399
400
401u32 tpm1_force_clear(struct udevice *dev);
402
403
404
405
406
407
408
409u32 tpm1_physical_enable(struct udevice *dev);
410
411
412
413
414
415
416
417u32 tpm1_physical_disable(struct udevice *dev);
418
419
420
421
422
423
424
425
426u32 tpm1_physical_set_deactivated(struct udevice *dev, u8 state);
427
428
429
430
431
432
433
434
435
436
437
438
439
440u32 tpm1_get_capability(struct udevice *dev, u32 cap_area, u32 sub_cap,
441 void *cap, size_t count);
442
443
444
445
446
447
448
449
450u32 tpm1_terminate_auth_session(struct udevice *dev, u32 auth_handle);
451
452
453
454
455
456
457
458
459
460
461
462
463u32 tpm1_oiap(struct udevice *dev, u32 *auth_handle);
464
465
466
467
468
469
470
471u32 tpm1_end_oiap(struct udevice *dev);
472
473
474
475
476
477
478
479
480
481
482
483
484
485u32 tpm1_load_key2_oiap(struct udevice *dev, u32 parent_handle, const void *key,
486 size_t key_length, const void *parent_key_usage_auth,
487 u32 *key_handle);
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503u32 tpm1_get_pub_key_oiap(struct udevice *dev, u32 key_handle,
504 const void *usage_auth, void *pubkey,
505 size_t *pubkey_len);
506
507
508
509
510
511
512
513
514u32 tpm1_get_permanent_flags(struct udevice *dev,
515 struct tpm_permanent_flags *pflags);
516
517
518
519
520
521
522
523
524u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm);
525
526
527
528
529
530
531
532
533
534u32 tpm1_flush_specific(struct udevice *dev, u32 key_handle, u32 resource_type);
535
536#ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1
537
538
539
540
541
542
543
544
545
546u32 tpm1_find_key_sha1(struct udevice *dev, const u8 auth[20],
547 const u8 pubkey_digest[20], u32 *handle);
548#endif
549
550
551
552
553
554
555
556
557
558
559
560u32 tpm1_get_random(struct udevice *dev, void *data, u32 count);
561
562
563
564
565
566
567
568u32 tpm1_finalise_physical_presence(struct udevice *dev);
569
570
571
572
573
574
575
576u32 tpm1_nv_set_locked(struct udevice *dev);
577
578
579
580
581
582
583
584u32 tpm_set_global_lock(struct udevice *dev);
585
586
587
588
589
590
591
592u32 tpm1_resume(struct udevice *dev);
593
594#endif
595