Gitiles
Code Review Sign In
review.coreboot.org / coreboot / c0257dd7ae9c8899b49c05ef74d9c5a91ee71d4f / . / src / security / tpm / tss.h
blob: 8f3f1cbff52c18f897ff4104d44d16cf931ac5f9 [file] [log] [blame]
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]1/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
6/*
7 * TPM Lightweight Command Library.
8 *
9 * A low-level library for interfacing to TPM hardware or an emulator.
10 */
11
Philipp Deppenwiesed88fb362017-10-18 20:26:18 +0200[diff] [blame]12#ifndef TSS_H_
13#define TSS_H_
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]14#include <stdint.h>
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]15#include <types.h>
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]16
17#include "tss_constants.h"
18
19/*****************************************************************************/
20/* Functions implemented in tlcl.c */
21
22/**
23 * Call this first. Returns 0 if success, nonzero if error.
24 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]25uint32_t tlcl_lib_init(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]26
27/**
28 * Perform a raw TPM request/response transaction.
29 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]30uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
Lee Leahy708fc272017-03-07 12:18:53 -0800[diff] [blame]31 int max_length);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]32
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]33/* Commands */
34
35/**
36 * Send a TPM_Startup(ST_CLEAR). The TPM error code is returned (0 for
37 * success).
38 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]39uint32_t tlcl_startup(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]40
41/**
42 * Resume by sending a TPM_Startup(ST_STATE). The TPM error code is returned
43 * (0 for success).
44 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]45uint32_t tlcl_resume(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]46
47/**
48 * Run the self test.
49 *
50 * Note---this is synchronous. To run this in parallel with other firmware,
51 * use ContinueSelfTest(). The TPM error code is returned.
52 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]53uint32_t tlcl_self_test_full(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]54
55/**
56 * Run the self test in the background.
57 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]58uint32_t tlcl_continue_self_test(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]59
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]60#if IS_ENABLED(CONFIG_TPM)
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]61/**
62 * Define a space with permission [perm]. [index] is the index for the space,
63 * [size] the usable data size. The TPM error code is returned.
64 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]65uint32_t tlcl_define_space(uint32_t index, uint32_t perm, uint32_t size);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]66
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]67#elif IS_ENABLED(CONFIG_TPM2)
68
69/*
Vadim Bendebury7ee057c2016-07-03 15:24:23 -0700[diff] [blame]70 * Define a TPM space. The define space command TPM command used by the tlcl
71 * layer is enforcing the policy which would not allow to delete the created
72 * space after any PCR0 change from its initial value.
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]73 */
Vadim Bendebury7ee057c2016-07-03 15:24:23 -0700[diff] [blame]74uint32_t tlcl_define_space(uint32_t space_index, size_t space_size);
Vadim Bendebury245d4572016-04-05 16:01:57 -0700[diff] [blame]75#endif
76
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]77/**
78 * Write [length] bytes of [data] to space at [index]. The TPM error code is
79 * returned.
80 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]81uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]82
83/**
84 * Read [length] bytes from space at [index] into [data]. The TPM error code
85 * is returned.
86 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]87uint32_t tlcl_read(uint32_t index, void *data, uint32_t length);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]88
89/**
90 * Assert physical presence in software. The TPM error code is returned.
91 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]92uint32_t tlcl_assert_physical_presence(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]93
94/**
95 * Enable the physical presence command. The TPM error code is returned.
96 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]97uint32_t tlcl_physical_presence_cmd_enable(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]98
99/**
100 * Finalize the physical presence settings: sofware PP is enabled, hardware PP
101 * is disabled, and the lifetime lock is set. The TPM error code is returned.
102 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]103uint32_t tlcl_finalize_physical_presence(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]104
105/**
106 * Set the nvLocked bit. The TPM error code is returned.
107 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]108uint32_t tlcl_set_nv_locked(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]109
110/**
111 * Issue a ForceClear. The TPM error code is returned.
112 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]113uint32_t tlcl_force_clear(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]114
115/**
116 * Issue a PhysicalEnable. The TPM error code is returned.
117 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]118uint32_t tlcl_set_enable(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]119
120/**
121 * Issue a SetDeactivated. Pass 0 to activate. Returns result code.
122 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]123uint32_t tlcl_set_deactivated(uint8_t flag);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]124
125/**
126 * Get flags of interest. Pointers for flags you aren't interested in may
127 * be NULL. The TPM error code is returned.
128 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]129uint32_t tlcl_get_flags(uint8_t *disable, uint8_t *deactivated,
Lee Leahy708fc272017-03-07 12:18:53 -0800[diff] [blame]130 uint8_t *nvlocked);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]131
132/**
133 * Set the bGlobalLock flag, which only a reboot can clear. The TPM error
134 * code is returned.
135 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]136uint32_t tlcl_set_global_lock(void);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]137
138/**
Vadim Bendebury4c0851c2016-07-03 17:08:10 -0700[diff] [blame]139 * Make an NV Ram location read_only. The TPM error code is returned.
140 */
141uint32_t tlcl_lock_nv_write(uint32_t index);
142
143/**
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]144 * Perform a TPM_Extend.
145 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]146uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
Lee Leahy708fc272017-03-07 12:18:53 -0800[diff] [blame]147 uint8_t *out_digest);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]148
149/**
150 * Get the entire set of permanent flags.
151 */
Daisuke Nojiri57990972014-07-15 19:47:32 -0700[diff] [blame]152uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);
Daisuke Nojiriefb5cde2014-07-02 08:37:23 -0700[diff] [blame]153
Aaron Durbinf56c7782017-01-10 17:44:42 -0600[diff] [blame]154/**
155 * Disable platform hierarchy. Specific to TPM2. The TPM error code is returned.
156 */
157uint32_t tlcl_disable_platform_hierarchy(void);
158
Aaron Durbineeb77372017-03-08 11:23:11 -0600[diff] [blame]159/**
160 * CR50 specific tpm command to enable nvmem commits before internal timeout
161 * expires.
162 */
163uint32_t tlcl_cr50_enable_nvcommits(void);
164
Vadim Bendebury021ec282017-03-22 16:01:53 -0700[diff] [blame]165/**
166 * CR50 specific tpm command to restore header(s) of the dormant RO/RW
167 * image(s) and in case there indeed was a dormant image, trigger reboot after
168 * the timeout milliseconds. Note that timeout of zero means "NO REBOOT", not
169 * "IMMEDIATE REBOOT".
170 *
171 * Return value indicates success or failure of accessing the TPM; in case of
172 * success the number of restored headers is saved in num_restored_headers.
173 */
174uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
175 uint8_t *num_restored_headers);
176
Philipp Deppenwiesed88fb362017-10-18 20:26:18 +0200[diff] [blame]177#endif /* TSS_H_ */