Gitiles
Code Review Sign In
review.coreboot.org / coreboot / 1a98050f1a09a3d95f71f2851a15c0a6d2c4a62f / . / src / lib / tpm2_tlcl_structures.h
blob: 1bf3abc09e153d84025b838d216087992ee8db92 [file] [log] [blame]
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]1/*
2 * Copyright 2016 The Chromium OS Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
5 */
6
7#ifndef __SRC_LIB_TPM2_TLCL_STRUCTURES_H
8#define __SRC_LIB_TPM2_TLCL_STRUCTURES_H
9
10/*
11 * This file includes a subset of definitions of TPM protocol version 2.x
12 * constants and structures needed for functions used in coreboot.
13 */
14#include <stdint.h>
15#include <tpm_lite/tlcl.h>
16#include <types.h>
17
18/* This should be plenty for what firmware needs. */
19#define TPM_BUFFER_SIZE 256
20
21/* Basic TPM2 types. */
22typedef uint16_t TPM_SU;
23typedef uint16_t TPM_ALG_ID;
24typedef uint32_t TPM_CC;
25typedef uint32_t TPM_HANDLE;
26typedef uint32_t TPM_RC;
27typedef uint8_t TPMI_YES_NO;
28typedef TPM_HANDLE TPMI_RH_NV_INDEX;
29typedef TPM_HANDLE TPMI_RH_PROVISION;
30typedef TPM_HANDLE TPMI_SH_AUTH_SESSION;
31typedef TPM_HANDLE TPM_RH;
32typedef TPM_ALG_ID TPMI_ALG_HASH;
33
34/* Some hardcoded algorithm values. */
35#define TPM_ALG_HMAC ((TPM_ALG_ID)0x0005)
36#define TPM_ALG_NULL ((TPM_ALG_ID)0x0010)
37#define TPM_ALG_SHA1 ((TPM_ALG_ID)0x0004)
38#define TPM_ALG_SHA256 ((TPM_ALG_ID)0x000b)
39
40/* Some hardcoded hierarchies. */
41#define TPM_RH_NULL 0x40000007
42#define TPM_RS_PW 0x40000009
43#define TPM_RH_PLATFORM 0x4000000C
44
45typedef struct {
46 uint16_t size;
47 uint8_t *buffer;
48} TPM2B;
49
50typedef union {
51 uint8_t body[512];
52} TPMU_HA;
53
54typedef struct {
55 TPMI_ALG_HASH hashAlg;
56 TPMU_HA digest;
57} TPMT_HA;
58
59typedef union {
60 TPMT_HA digest;
61 TPM_HANDLE handle;
62} TPMU_NAME;
63
64typedef union {
65 struct {
66 uint16_t size;
67 uint8_t name[sizeof(TPMU_NAME)];
68 } t;
69 TPM2B b;
70} TPM2B_NAME;
71
72/* Relevant TPM Command's structures. */
73/* Common command/response header. */
74struct tpm_header {
75 uint16_t tpm_tag;
76 uint32_t tpm_size;
77 TPM_CC tpm_code;
78} __attribute__((packed));
79
80/* TPM command codes. */
81#define TPM2_NV_DefineSpace ((TPM_CC)0x0000012A)
82#define TPM2_NV_Write ((TPM_CC)0x00000137)
83#define TPM2_SelfTest ((TPM_CC)0x00000143)
84#define TPM2_Startup ((TPM_CC)0x00000144)
85#define TPM2_NV_Read ((TPM_CC)0x0000014E)
86#define TPM2_GetCapability ((TPM_CC)0x0000017A)
87
88/* Startup values. */
89#define TPM_SU_CLEAR 0
90#define TPM_SU_STATE 1
91
92#define TPM_HT_NV_INDEX 0x01
93#define TPM_HT_HMAC_SESSION 0x02
94#define TPM_HT_POLICY_SESSION 0x03
95
96#define HR_SHIFT 24
97#define HR_PCR (TPM_HT_PCR << HR_SHIFT)
98#define HR_HMAC_SESSION (TPM_HT_HMAC_SESSION << HR_SHIFT)
99#define HR_POLICY_SESSION (TPM_HT_POLICY_SESSION << HR_SHIFT)
100#define HR_TRANSIENT (TPM_HT_TRANSIENT << HR_SHIFT)
101#define HR_PERSISTENT (TPM_HT_PERSISTENT << HR_SHIFT)
102#define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT)
103#define HR_PERMANENT (TPM_HT_PERMANENT << HR_SHIFT)
104#define PCR_FIRST (HR_PCR + 0)
105#define PCR_LAST (PCR_FIRST + IMPLEMENTATION_PCR-1)
106#define HMAC_SESSION_FIRST (HR_HMAC_SESSION + 0)
107#define HMAC_SESSION_LAST (HMAC_SESSION_FIRST+MAX_ACTIVE_SESSIONS-1)
108#define LOADED_SESSION_FIRST HMAC_SESSION_FIRST
109#define LOADED_SESSION_LAST HMAC_SESSION_LAST
110#define POLICY_SESSION_FIRST (HR_POLICY_SESSION + 0)
111#define POLICY_SESSION_LAST (POLICY_SESSION_FIRST + MAX_ACTIVE_SESSIONS-1)
112#define TRANSIENT_FIRST (HR_TRANSIENT + 0)
113#define ACTIVE_SESSION_FIRST POLICY_SESSION_FIRST
114#define ACTIVE_SESSION_LAST POLICY_SESSION_LAST
115#define TRANSIENT_LAST (TRANSIENT_FIRST+MAX_LOADED_OBJECTS-1)
116#define PERSISTENT_FIRST (HR_PERSISTENT + 0)
117#define PERSISTENT_LAST (PERSISTENT_FIRST + 0x00FFFFFF)
118#define PLATFORM_PERSISTENT (PERSISTENT_FIRST + 0x00800000)
119#define NV_INDEX_FIRST (HR_NV_INDEX + 0)
120#define NV_INDEX_LAST (NV_INDEX_FIRST + 0x00FFFFFF)
121#define PERMANENT_FIRST TPM_RH_FIRST
122#define PERMANENT_LAST TPM_RH_LAST
123
124/* Tpm2 command tags. */
125#define TPM_ST_NO_SESSIONS 0x8001
126#define TPM_ST_SESSIONS 0x8002
127
128#define RC_VER1 0x100
129#define TPM_RC_INITIALIZE ((TPM_RC)(RC_VER1 + 0x000))
130
131/* TPM command structures. */
132
133struct tpm2_startup {
134 TPM_SU startup_type;
135};
136
137/* Various TPM capability types to use when querying the device. */
138typedef uint32_t TPM_CAP;
139#define TPM_CAP_TPM_PROPERTIES ((TPM_CAP)0x00000006)
140
141typedef TPM_HANDLE TPMI_RH_NV_AUTH;
142typedef TPM_HANDLE TPMI_RH_NV_INDEX;
143
144/* TPM Property capability constants. */
145typedef uint32_t TPM_PT;
146#define PT_GROUP 0x00000100
147#define PT_VAR (PT_GROUP * 2)
148#define TPM_PT_PERMANENT ((TPM_PT)(PT_VAR + 0))
149
150/* Structures of payloads of various TPM2 commands. */
151struct tpm2_get_capability {
152 TPM_CAP capability;
153 uint32_t property;
154 uint32_t propertyCount;
155};
156
157/* get_capability response when PT_PERMANENT is requested. */
158typedef struct {
159 uint32_t ownerAuthSet : 1;
160 uint32_t endorsementAuthSet : 1;
161 uint32_t lockoutAuthSet : 1;
162 uint32_t reserved3_7 : 5;
163 uint32_t disableClear : 1;
164 uint32_t inLockout : 1;
165 uint32_t tpmGeneratedEPS : 1;
166 uint32_t reserved11_31 : 21;
167} TPMA_PERMANENT;
168
169typedef struct {
170 uint32_t TPMA_NV_PPWRITE : 1;
171 uint32_t TPMA_NV_OWNERWRITE : 1;
172 uint32_t TPMA_NV_AUTHWRITE : 1;
173 uint32_t TPMA_NV_POLICYWRITE : 1;
174 uint32_t TPMA_NV_COUNTER : 1;
175 uint32_t TPMA_NV_BITS : 1;
176 uint32_t TPMA_NV_EXTEND : 1;
177 uint32_t reserved7_9 : 3;
178 uint32_t TPMA_NV_POLICY_DELETE : 1;
179 uint32_t TPMA_NV_WRITELOCKED : 1;
180 uint32_t TPMA_NV_WRITEALL : 1;
181 uint32_t TPMA_NV_WRITEDEFINE : 1;
182 uint32_t TPMA_NV_WRITE_STCLEAR : 1;
183 uint32_t TPMA_NV_GLOBALLOCK : 1;
184 uint32_t TPMA_NV_PPREAD : 1;
185 uint32_t TPMA_NV_OWNERREAD : 1;
186 uint32_t TPMA_NV_AUTHREAD : 1;
187 uint32_t TPMA_NV_POLICYREAD : 1;
188 uint32_t reserved20_24 : 5;
189 uint32_t TPMA_NV_NO_DA : 1;
190 uint32_t TPMA_NV_ORDERLY : 1;
191 uint32_t TPMA_NV_CLEAR_STCLEAR : 1;
192 uint32_t TPMA_NV_READLOCKED : 1;
193 uint32_t TPMA_NV_WRITTEN : 1;
194 uint32_t TPMA_NV_PLATFORMCREATE : 1;
195 uint32_t TPMA_NV_READ_STCLEAR : 1;
196} TPMA_NV;
197
198typedef union {
199 struct {
200 uint16_t size;
Vadim Bendebury1a980502016-07-07 11:15:47 -0700[diff] [blame^]201 const uint8_t *buffer;
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]202 } t;
203 TPM2B b;
204} TPM2B_DIGEST;
205
206typedef TPM2B_DIGEST TPM2B_AUTH;
207typedef TPM2B_DIGEST TPM2B_NONCE;
208
209typedef struct {
210 TPM_PT property;
211 uint32_t value;
212} TPMS_TAGGED_PROPERTY;
213
214#define MAX_CAP_DATA (TPM_BUFFER_SIZE - sizeof(struct tpm_header) - \
215 sizeof(TPMI_YES_NO) - sizeof(TPM_CAP) - sizeof(uint32_t))
216#define MAX_TPM_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY))
217
218/* Somewhat arbitrary, leave enough room for command wrappers. */
219#define MAX_NV_BUFFER_SIZE (TPM_BUFFER_SIZE - sizeof(struct tpm_header) - 50)
220
221typedef struct {
222 uint32_t count;
223 TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES];
224} TPML_TAGGED_TPM_PROPERTY;
225
226typedef union {
227 TPML_TAGGED_TPM_PROPERTY tpmProperties;
228} TPMU_CAPABILITIES;
229
230typedef struct {
231 TPM_CAP capability;
232 TPMU_CAPABILITIES data;
233} TPMS_CAPABILITY_DATA;
234
235struct get_cap_response {
236 TPMI_YES_NO more_data;
237 TPMS_CAPABILITY_DATA cd;
238};
239
240typedef struct {
241 TPMI_RH_NV_INDEX nvIndex;
242 TPMI_ALG_HASH nameAlg;
243 TPMA_NV attributes;
244 TPM2B_DIGEST authPolicy;
245 uint16_t dataSize;
246} TPMS_NV_PUBLIC;
247
248typedef union {
249 struct {
250 uint16_t size;
251 TPMS_NV_PUBLIC nvPublic;
252 } t;
253 TPM2B b;
254} TPM2B_NV_PUBLIC;
255
256typedef union {
257 struct {
258 uint16_t size;
259 const uint8_t *buffer;
260 } t;
261 TPM2B b;
262} TPM2B_MAX_NV_BUFFER;
263
264struct nv_read_response {
265 uint32_t params_size;
266 TPM2B_MAX_NV_BUFFER buffer;
267};
268
269struct tpm2_session_attrs {
270 uint8_t continueSession : 1;
271 uint8_t auditExclusive : 1;
272 uint8_t auditReset : 1;
273 uint8_t reserved3_4 : 2;
274 uint8_t decrypt : 1;
275 uint8_t encrypt : 1;
276 uint8_t audit : 1;
277};
278
279/*
280 * TPM session header for commands requiring session information. Also
281 * included in the responses to those commands.
282 */
283struct tpm2_session_header {
284 uint32_t session_handle;
285 uint16_t nonce_size;
286 uint8_t *nonce;
287 union {
288 struct tpm2_session_attrs session_attr_bits;
289 uint8_t session_attrs;
290 } __attribute__((packed));
291 uint16_t auth_size;
292 uint8_t *auth;
293};
294
295struct tpm2_response {
296 struct tpm_header hdr;
297 union {
298 struct get_cap_response gc;
299 struct nv_read_response nvr;
300 struct tpm2_session_header def_space;
301 };
302};
303
304struct tpm2_nv_define_space_cmd {
305 TPM2B_AUTH auth;
306 TPMS_NV_PUBLIC publicInfo;
307};
308
309struct tpm2_nv_write_cmd {
310 TPMI_RH_NV_INDEX nvIndex;
311 TPM2B_MAX_NV_BUFFER data;
312 uint16_t offset;
313};
314
315struct tpm2_self_test {
316 TPMI_YES_NO yes_no;
317};
318
319struct tpm2_nv_read_cmd {
320 TPMI_RH_NV_INDEX nvIndex;
321 uint16_t size;
322 uint16_t offset;
323};
324
325#endif // __SRC_LIB_TPM2_TLCL_STRUCTURES_H