blob: 7b1ab7b68479bff52ca93e6cd085cbff8c8d321e [file] [log] [blame]
Vadim Bendeburyb8e88012016-06-28 09:43:37 -07001/*
2 * Copyright 2016 The Chromium OS Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
5 *
6 * Some TPM constants and type definitions for standalone compilation for use
7 * in the firmware
8 */
9
10#ifndef __VBOOT_REFERENCE_FIRMWARE_INCLUDE_TPM2_TSS_CONSTANTS_H
11#define __VBOOT_REFERENCE_FIRMWARE_INCLUDE_TPM2_TSS_CONSTANTS_H
12
13#define TPM_BUFFER_SIZE 256
14
15/* Tpm2 command tags. */
16#define TPM_ST_NO_SESSIONS 0x8001
17#define TPM_ST_SESSIONS 0x8002
18
19/* TPM2 command codes. */
Vadim Bendeburyae703f62016-07-06 09:07:54 -070020#define TPM2_Hierarchy_Control ((TPM_CC)0x00000121)
Andrey Pronin16cacfa2016-07-25 18:00:47 -070021#define TPM2_Clear ((TPM_CC)0x00000126)
Vadim Bendeburyae703f62016-07-06 09:07:54 -070022#define TPM2_NV_Write ((TPM_CC)0x00000137)
23#define TPM2_NV_WriteLock ((TPM_CC)0x00000138)
Andrey Pronin16cacfa2016-07-25 18:00:47 -070024#define TPM2_SelfTest ((TPM_CC)0x00000143)
25#define TPM2_Startup ((TPM_CC)0x00000144)
26#define TPM2_Shutdown ((TPM_CC)0x00000145)
Vadim Bendeburyae703f62016-07-06 09:07:54 -070027#define TPM2_NV_Read ((TPM_CC)0x0000014E)
Stephen Barber5d996692016-08-04 16:05:01 -070028#define TPM2_NV_ReadLock ((TPM_CC)0x0000014F)
Andrey Pronin09606822016-07-22 18:45:07 -070029#define TPM2_GetCapability ((TPM_CC)0x0000017A)
Vadim Bendeburyb8e88012016-06-28 09:43:37 -070030
Andrey Pronin1becb0d2016-07-06 19:10:46 -070031/* TCG Spec defined, verify for TPM2.
32 * TODO(apronin): find TPM2 RC substitutes for TPM1.2 error codes.
33 */
Vadim Bendeburyb8e88012016-06-28 09:43:37 -070034#define TPM_E_BADINDEX ((uint32_t) 0x00000002)
35#define TPM_E_INVALID_POSTINIT ((uint32_t) 0x00000026)
Andrey Pronin1becb0d2016-07-06 19:10:46 -070036#define TPM_E_BADTAG ((uint32_t) 0x0000001E)
37#define TPM_E_IOERROR ((uint32_t) 0x0000001F)
Vadim Bendeburyb8e88012016-06-28 09:43:37 -070038#define TPM_E_MAXNVWRITES ((uint32_t) 0x00000048)
39
40#define HR_SHIFT 24
41#define TPM_HT_NV_INDEX 0x01
42#define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT)
43#define TPM_RH_PLATFORM 0x4000000C
44#define TPM_RS_PW 0x40000009
45
Andrey Pronin09606822016-07-22 18:45:07 -070046/* TPM2 capabilities. */
47#define TPM_CAP_FIRST ((TPM_CAP)0x00000000)
48#define TPM_CAP_TPM_PROPERTIES ((TPM_CAP)0x00000006)
49
50/* TPM properties */
51#define TPM_PT_NONE ((TPM_PT)0x00000000)
52#define PT_GROUP ((TPM_PT)0x00000100)
53#define PT_FIXED PT_GROUP
54#define PT_VAR (PT_GROUP * 2)
55#define TPM_PT_PERMANENT (PT_VAR + 0)
56#define TPM_PT_STARTUP_CLEAR (PT_VAR + 1)
Vadim Bendeburyb8e88012016-06-28 09:43:37 -070057
Andrey Pronin16cacfa2016-07-25 18:00:47 -070058/* TPM startup types. */
59#define TPM_SU_CLEAR ((TPM_SU)0x0000)
60#define TPM_SU_STATE ((TPM_SU)0x0001)
61
Vadim Bendeburyae703f62016-07-06 09:07:54 -070062typedef uint8_t TPMI_YES_NO;
Vadim Bendeburyb8e88012016-06-28 09:43:37 -070063typedef uint32_t TPM_CC;
64typedef uint32_t TPM_HANDLE;
65typedef TPM_HANDLE TPMI_RH_NV_INDEX;
Vadim Bendeburyae703f62016-07-06 09:07:54 -070066typedef TPM_HANDLE TPMI_RH_ENABLES;
Andrey Pronin09606822016-07-22 18:45:07 -070067typedef uint32_t TPM_CAP;
68typedef uint32_t TPM_PT;
Andrey Pronin16cacfa2016-07-25 18:00:47 -070069typedef uint16_t TPM_SU;
Vadim Bendeburyb8e88012016-06-28 09:43:37 -070070
71typedef struct {
72 uint16_t size;
73 uint8_t *buffer;
74} TPM2B;
75
76typedef union {
77 struct {
78 uint16_t size;
79 const uint8_t *buffer;
80 } t;
81 TPM2B b;
82} TPM2B_MAX_NV_BUFFER;
83
Andrey Pronin09606822016-07-22 18:45:07 -070084typedef struct {
85 TPM_PT property;
86 uint32_t value;
87} TPMS_TAGGED_PROPERTY;
88
89typedef struct {
90 uint32_t count;
91 TPMS_TAGGED_PROPERTY tpm_property[1];
92} TPML_TAGGED_TPM_PROPERTY;
93
94typedef union {
95 TPML_TAGGED_TPM_PROPERTY tpm_properties;
96} TPMU_CAPABILITIES;
97
98typedef struct {
99 TPM_CAP capability;
100 TPMU_CAPABILITIES data;
101} TPMS_CAPABILITY_DATA;
102
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700103struct tpm2_nv_read_cmd {
104 TPMI_RH_NV_INDEX nvIndex;
105 uint16_t size;
106 uint16_t offset;
107};
108
109struct tpm2_nv_write_cmd {
110 TPMI_RH_NV_INDEX nvIndex;
111 TPM2B_MAX_NV_BUFFER data;
112 uint16_t offset;
113};
114
Stephen Barber5d996692016-08-04 16:05:01 -0700115struct tpm2_nv_read_lock_cmd {
116 TPMI_RH_NV_INDEX nvIndex;
117};
118
Vadim Bendeburyae703f62016-07-06 09:07:54 -0700119struct tpm2_nv_write_lock_cmd {
120 TPMI_RH_NV_INDEX nvIndex;
121};
122
123struct tpm2_hierarchy_control_cmd {
124 TPMI_RH_ENABLES enable;
125 TPMI_YES_NO state;
126};
127
Andrey Pronin09606822016-07-22 18:45:07 -0700128struct tpm2_get_capability_cmd {
129 TPM_CAP capability;
130 uint32_t property;
131 uint32_t property_count;
132};
133
Andrey Pronin16cacfa2016-07-25 18:00:47 -0700134struct tpm2_self_test_cmd {
135 TPMI_YES_NO full_test;
136};
137
138struct tpm2_startup_cmd {
139 TPM_SU startup_type;
140};
141
142struct tpm2_shutdown_cmd {
143 TPM_SU shutdown_type;
144};
145
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700146/* Common command/response header. */
147struct tpm_header {
148 uint16_t tpm_tag;
149 uint32_t tpm_size;
150 TPM_CC tpm_code;
151} __attribute__((packed));
152
153struct nv_read_response {
154 uint32_t params_size;
155 TPM2B_MAX_NV_BUFFER buffer;
156};
157
158struct tpm2_session_attrs {
159 uint8_t continueSession : 1;
160 uint8_t auditExclusive : 1;
161 uint8_t auditReset : 1;
162 uint8_t reserved3_4 : 2;
163 uint8_t decrypt : 1;
164 uint8_t encrypt : 1;
165 uint8_t audit : 1;
166};
167
168struct tpm2_session_header {
169 uint32_t session_handle;
170 uint16_t nonce_size;
171 uint8_t *nonce;
172 union {
173 struct tpm2_session_attrs session_attr_bits;
174 uint8_t session_attrs;
175 } __attribute__((packed));
176 uint16_t auth_size;
177 uint8_t *auth;
178};
179
Andrey Pronin09606822016-07-22 18:45:07 -0700180struct get_capability_response {
181 TPMI_YES_NO more_data;
182 TPMS_CAPABILITY_DATA capability_data;
183} __attribute__((packed));
184
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700185struct tpm2_response {
186 struct tpm_header hdr;
187 union {
188 struct nv_read_response nvr;
189 struct tpm2_session_header def_space;
Andrey Pronin09606822016-07-22 18:45:07 -0700190 struct get_capability_response cap;
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700191 };
192};
193
Andrey Pronin09606822016-07-22 18:45:07 -0700194typedef struct {
195 uint32_t ownerAuthSet : 1;
196 uint32_t endorsementAuthSet : 1;
197 uint32_t lockoutAuthSet : 1;
198 uint32_t reserved3_7 : 5;
199 uint32_t disableClear : 1;
200 uint32_t inLockout : 1;
201 uint32_t tpmGeneratedEPS : 1;
202 uint32_t reserved11_31 : 21;
203} TPM_PERMANENT_FLAGS;
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700204
Andrey Pronin09606822016-07-22 18:45:07 -0700205typedef struct {
206 uint32_t phEnable : 1;
207 uint32_t shEnable : 1;
208 uint32_t ehEnable : 1;
209 uint32_t phEnableNV : 1;
210 uint32_t reserved4_30 : 27;
211 uint32_t orderly : 1;
212} TPM_STCLEAR_FLAGS;
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700213
Andrey Pronin1becb0d2016-07-06 19:10:46 -0700214/* TODO(apronin): For TPM2 certain properties must be received using
215 * TPM2_GetCapability instead of being hardcoded as they are now:
216 * TPM_MAX_COMMAND_SIZE -> use TPM_PT_MAX_COMMAND_SIZE for TPM2.
217 * TPM_PCR_DIGEST -> use TPM_PT_MAX_DIGEST for TPM2.
218 */
219#define TPM_MAX_COMMAND_SIZE 4096
220#define TPM_PCR_DIGEST 32
221
Vadim Bendeburyb8e88012016-06-28 09:43:37 -0700222#endif /* ! __VBOOT_REFERENCE_FIRMWARE_INCLUDE_TPM2_TSS_CONSTANTS_H */