/** @file ;****************************************************************************** ;* Copyright (c) 2019, Insyde Software Corp. All Rights Reserved. ;* ;* You may not reproduce, distribute, publish, display, perform, modify, adapt, ;* transmit, broadcast, present, recite, release, license or otherwise exploit ;* any part of this publication in any form, by any means, without the prior ;* written permission of Insyde Software Corporation. ;* ;****************************************************************************** **/ #ifndef _TCM_H_ #define _TCM_H_ #include /// /// The start of TCM return codes /// #define TCM_BASE 0 #define TCM_VID 0x1B4E // // All structures MUST be packed on a byte boundary. // #pragma pack (1) // // Part 2, section 2.2.3: Helper redefinitions // /// /// Indicates the conditions where it is required that authorization be presented /// typedef UINT8 TCM_AUTH_DATA_USAGE; /// /// The information as to what the payload is in an encrypted structure /// typedef UINT8 TCM_PAYLOAD_TYPE; /// /// The version info breakdown /// typedef UINT8 TCM_VERSION_BYTE; /// /// The state of the dictionary attack mitigation logic /// typedef UINT8 TCM_DA_STATE; /// /// The request or response authorization type /// typedef UINT16 TCM_TAG; /// /// The protocol in use /// typedef UINT16 TCM_PROTOCOL_ID; /// /// Indicates the start state /// typedef UINT16 TCM_STARTUP_TYPE; /// /// The definition of the encryption scheme /// typedef UINT16 TCM_ENC_SCHEME; /// /// The definition of the signature scheme /// typedef UINT16 TCM_SIG_SCHEME; /// /// The definition of the migration scheme /// typedef UINT16 TCM_MIGRATE_SCHEME; /// /// Sets the state of the physical presence mechanism /// typedef UINT16 TCM_PHYSICAL_PRESENCE; /// /// Indicates the types of entity that are supported by the TCM /// typedef UINT16 TCM_ENTITY_TYPE; /// /// Indicates the permitted usage of the key /// typedef UINT16 TCM_KEY_USAGE; /// /// The type of asymmetric encrypted structure in use by the endorsement key /// typedef UINT16 TCM_EK_TYPE; /// /// The tag for the structure /// typedef UINT16 TCM_STRUCTURE_TAG; /// /// The platform specific spec to which the information relates to /// typedef UINT16 TCM_PLATFORM_SPECIFIC; /// /// The command ordinal /// typedef UINT32 TCM_COMMAND_CODE; /// /// Identifies a TCM capability area /// typedef UINT32 TCM_CAPABILITY_AREA; /// /// Indicates information regarding a key /// typedef UINT32 TCM_KEY_FLAGS; /// /// Indicates the type of algorithm /// typedef UINT32 TCM_ALGORITHM_ID; /// /// The locality modifier /// typedef UINT32 TCM_MODIFIER_INDICATOR; /// /// The actual number of a counter /// typedef UINT32 TCM_ACTUAL_COUNT; /// /// Attributes that define what options are in use for a transport session /// typedef UINT32 TCM_TRANSPORT_ATTRIBUTES; /// /// Handle to an authorization session /// typedef UINT32 TCM_AUTHHANDLE; /// /// Index to a DIR register /// typedef UINT32 TCM_DIRINDEX; /// /// The area where a key is held assigned by the TCM /// typedef UINT32 TCM_KEY_HANDLE; /// /// Index to a PCR register /// typedef UINT32 TCM_PCRINDEX; /// /// The return code from a function /// typedef UINT32 TCM_RESULT; /// /// The types of resources that a TCM may have using internal resources /// typedef UINT32 TCM_RESOURCE_TYPE; /// /// Allows for controlling of the key when loaded and how to handle TCM_Startup issues /// typedef UINT32 TCM_KEY_CONTROL; /// /// The index into the NV storage area /// typedef UINT32 TCM_NV_INDEX; /// /// The family ID. Family IDs are automatically assigned a sequence number by the TCM. /// A trusted process can set the FamilyID value in an individual row to NULL, which /// invalidates that row. The family ID resets to NULL on each change of TCM Owner. /// typedef UINT32 TCM_FAMILY_ID; /// /// IA value used as a label for the most recent verification of this family. Set to zero when not in use. /// typedef UINT32 TCM_FAMILY_VERIFICATION; /// /// How the TCM handles var /// typedef UINT32 TCM_STARTUP_EFFECTS; /// /// The mode of a symmetric encryption /// typedef UINT32 TCM_SYM_MODE; /// /// The family flags /// typedef UINT32 TCM_FAMILY_FLAGS; /// /// The index value for the delegate NV table /// typedef UINT32 TCM_DELEGATE_INDEX; /// /// The restrictions placed on delegation of CMK commands /// typedef UINT32 TCM_CMK_DELEGATE; /// /// The ID value of a monotonic counter /// typedef UINT32 TCM_COUNT_ID; /// /// A command to execute /// typedef UINT32 TCM_REDIT_COMMAND; /// /// A transport session handle /// typedef UINT32 TCM_TRANSHANDLE; /// /// A generic handle could be key, transport etc /// typedef UINT32 TCM_HANDLE; /// /// What operation is happening /// typedef UINT32 TCM_FAMILY_OPERATION; // // Part 2, section 2.2.4: Vendor specific // The following defines allow for the quick specification of a // vendor specific item. // #define TCM_Vendor_Specific32 ((UINT32) 0x00000400) #define TCM_Vendor_Specific8 ((UINT8) 0x80) // // Part 2, section 3.1: TCM_STRUCTURE_TAG // #define TCM_TAG_CONTEXTBLOB ((TCM_STRUCTURE_TAG) 0x0001) #define TCM_TAG_CONTEXT_SENSITIVE ((TCM_STRUCTURE_TAG) 0x0002) #define TCM_TAG_CONTEXTPOINTER ((TCM_STRUCTURE_TAG) 0x0003) #define TCM_TAG_CONTEXTLIST ((TCM_STRUCTURE_TAG) 0x0004) #define TCM_TAG_SIGNINFO ((TCM_STRUCTURE_TAG) 0x0005) #define TCM_TAG_PCR_INFO_LONG ((TCM_STRUCTURE_TAG) 0x0006) #define TCM_TAG_PERSISTENT_FLAGS ((TCM_STRUCTURE_TAG) 0x0007) #define TCM_TAG_VOLATILE_FLAGS ((TCM_STRUCTURE_TAG) 0x0008) #define TCM_TAG_PERSISTENT_DATA ((TCM_STRUCTURE_TAG) 0x0009) #define TCM_TAG_VOLATILE_DATA ((TCM_STRUCTURE_TAG) 0x000A) #define TCM_TAG_SV_DATA ((TCM_STRUCTURE_TAG) 0x000B) #define TCM_TAG_EK_BLOB ((TCM_STRUCTURE_TAG) 0x000C) #define TCM_TAG_EK_BLOB_AUTH ((TCM_STRUCTURE_TAG) 0x000D) #define TCM_TAG_COUNTER_VALUE ((TCM_STRUCTURE_TAG) 0x000E) #define TCM_TAG_TRANSPORT_INTERNAL ((TCM_STRUCTURE_TAG) 0x000F) #define TCM_TAG_TRANSPORT_LOG_IN ((TCM_STRUCTURE_TAG) 0x0010) #define TCM_TAG_TRANSPORT_LOG_OUT ((TCM_STRUCTURE_TAG) 0x0011) #define TCM_TAG_AUDIT_EVENT_IN ((TCM_STRUCTURE_TAG) 0x0012) #define TCM_TAG_AUDIT_EVENT_OUT ((TCM_STRUCTURE_TAG) 0x0013) #define TCM_TAG_CURRENT_TICKS ((TCM_STRUCTURE_TAG) 0x0014) #define TCM_TAG_KEY ((TCM_STRUCTURE_TAG) 0x0015) #define TCM_TAG_STORED_DATA12 ((TCM_STRUCTURE_TAG) 0x0016) #define TCM_TAG_NV_ATTRIBUTES ((TCM_STRUCTURE_TAG) 0x0017) #define TCM_TAG_NV_DATA_PUBLIC ((TCM_STRUCTURE_TAG) 0x0018) #define TCM_TAG_NV_DATA_SENSITIVE ((TCM_STRUCTURE_TAG) 0x0019) #define TCM_TAG_DELEGATIONS ((TCM_STRUCTURE_TAG) 0x001A) #define TCM_TAG_DELEGATE_PUBLIC ((TCM_STRUCTURE_TAG) 0x001B) #define TCM_TAG_DELEGATE_TABLE_ROW ((TCM_STRUCTURE_TAG) 0x001C) #define TCM_TAG_TRANSPORT_AUTH ((TCM_STRUCTURE_TAG) 0x001D) #define TCM_TAG_TRANSPORT_PUBLIC ((TCM_STRUCTURE_TAG) 0x001E) #define TCM_TAG_PERMANENT_FLAGS ((TCM_STRUCTURE_TAG) 0x001F) #define TCM_TAG_STCLEAR_FLAGS ((TCM_STRUCTURE_TAG) 0x0020) #define TCM_TAG_STANY_FLAGS ((TCM_STRUCTURE_TAG) 0x0021) #define TCM_TAG_PERMANENT_DATA ((TCM_STRUCTURE_TAG) 0x0022) #define TCM_TAG_STCLEAR_DATA ((TCM_STRUCTURE_TAG) 0x0023) #define TCM_TAG_STANY_DATA ((TCM_STRUCTURE_TAG) 0x0024) #define TCM_TAG_FAMILY_TABLE_ENTRY ((TCM_STRUCTURE_TAG) 0x0025) #define TCM_TAG_DELEGATE_SENSITIVE ((TCM_STRUCTURE_TAG) 0x0026) #define TCM_TAG_DELG_KEY_BLOB ((TCM_STRUCTURE_TAG) 0x0027) #define TCM_TAG_KEY12 ((TCM_STRUCTURE_TAG) 0x0028) #define TCM_TAG_CERTIFY_INFO2 ((TCM_STRUCTURE_TAG) 0x0029) #define TCM_TAG_DELEGATE_OWNER_BLOB ((TCM_STRUCTURE_TAG) 0x002A) #define TCM_TAG_EK_BLOB_ACTIVATE ((TCM_STRUCTURE_TAG) 0x002B) #define TCM_TAG_DAA_BLOB ((TCM_STRUCTURE_TAG) 0x002C) #define TCM_TAG_DAA_CONTEXT ((TCM_STRUCTURE_TAG) 0x002D) #define TCM_TAG_DAA_ENFORCE ((TCM_STRUCTURE_TAG) 0x002E) #define TCM_TAG_DAA_ISSUER ((TCM_STRUCTURE_TAG) 0x002F) #define TCM_TAG_CAP_VERSION_INFO ((TCM_STRUCTURE_TAG) 0x0030) #define TCM_TAG_DAA_SENSITIVE ((TCM_STRUCTURE_TAG) 0x0031) #define TCM_TAG_DAA_TCM ((TCM_STRUCTURE_TAG) 0x0032) #define TCM_TAG_CMK_MIGAUTH ((TCM_STRUCTURE_TAG) 0x0033) #define TCM_TAG_CMK_SIGTICKET ((TCM_STRUCTURE_TAG) 0x0034) #define TCM_TAG_CMK_MA_APPROVAL ((TCM_STRUCTURE_TAG) 0x0035) #define TCM_TAG_QUOTE_INFO2 ((TCM_STRUCTURE_TAG) 0x0036) #define TCM_TAG_DA_INFO ((TCM_STRUCTURE_TAG) 0x0037) #define TCM_TAG_DA_LIMITED ((TCM_STRUCTURE_TAG) 0x0038) #define TCM_TAG_DA_ACTION_TYPE ((TCM_STRUCTURE_TAG) 0x0039) // // Part 2, section 4: TCM Types // // // Part 2, section 4.1: TCM_RESOURCE_TYPE // #define TCM_RT_KEY ((TCM_RESOURCE_TYPE) 0x00000001) ///< The handle is a key handle and is the result of a LoadKey type operation #define TCM_RT_AUTH ((TCM_RESOURCE_TYPE) 0x00000002) ///< The handle is an authorization handle. Auth handles come from TCM_OIAP, TCM_OSAP and TCM_DSAP #define TCM_RT_HASH ((TCM_RESOURCE_TYPE) 0x00000003) ///< Reserved for hashes #define TCM_RT_TRANS ((TCM_RESOURCE_TYPE) 0x00000004) ///< The handle is for a transport session. Transport handles come from TCM_EstablishTransport #define TCM_RT_CONTEXT ((TCM_RESOURCE_TYPE) 0x00000005) ///< Resource wrapped and held outside the TCM using the context save/restore commands #define TCM_RT_COUNTER ((TCM_RESOURCE_TYPE) 0x00000006) ///< Reserved for counters #define TCM_RT_DELEGATE ((TCM_RESOURCE_TYPE) 0x00000007) ///< The handle is for a delegate row. These are the internal rows held in NV storage by the TCM #define TCM_RT_DAA_TCM ((TCM_RESOURCE_TYPE) 0x00000008) ///< The value is a DAA TCM specific blob #define TCM_RT_DAA_V0 ((TCM_RESOURCE_TYPE) 0x00000009) ///< The value is a DAA V0 parameter #define TCM_RT_DAA_V1 ((TCM_RESOURCE_TYPE) 0x0000000A) ///< The value is a DAA V1 parameter // // Part 2, section 4.2: TCM_PAYLOAD_TYPE // #define TCM_PT_ASYM ((TCM_PAYLOAD_TYPE) 0x01) ///< The entity is an asymmetric key #define TCM_PT_BIND ((TCM_PAYLOAD_TYPE) 0x02) ///< The entity is bound data #define TCM_PT_MIGRATE ((TCM_PAYLOAD_TYPE) 0x03) ///< The entity is a migration blob #define TCM_PT_MAINT ((TCM_PAYLOAD_TYPE) 0x04) ///< The entity is a maintenance blob #define TCM_PT_SEAL ((TCM_PAYLOAD_TYPE) 0x05) ///< The entity is sealed data #define TCM_PT_MIGRATE_RESTRICTED ((TCM_PAYLOAD_TYPE) 0x06) ///< The entity is a restricted-migration asymmetric key #define TCM_PT_MIGRATE_EXTERNAL ((TCM_PAYLOAD_TYPE) 0x07) ///< The entity is a external migratable key #define TCM_PT_CMK_MIGRATE ((TCM_PAYLOAD_TYPE) 0x08) ///< The entity is a CMK migratable blob #define TCM_PT_VENDOR_SPECIFIC ((TCM_PAYLOAD_TYPE) 0x80) ///< 0x80 - 0xFF Vendor specific payloads // // Part 2, section 4.3: TCM_ENTITY_TYPE // #define TCM_ET_KEYHANDLE ((UINT16) 0x0001) ///< The entity is a keyHandle or key #define TCM_ET_OWNER ((UINT16) 0x0002) ///< The entity is the TCM Owner #define TCM_ET_DATA ((UINT16) 0x0003) ///< The entity is some data #define TCM_ET_SRK ((UINT16) 0x0004) ///< The entity is the SRK #define TCM_ET_KEY ((UINT16) 0x0005) ///< The entity is a key or keyHandle #define TCM_ET_REVOKE ((UINT16) 0x0006) ///< The entity is the RevokeTrust value #define TCM_ET_DEL_OWNER_BLOB ((UINT16) 0x0007) ///< The entity is a delegate owner blob #define TCM_ET_DEL_ROW ((UINT16) 0x0008) ///< The entity is a delegate row #define TCM_ET_DEL_KEY_BLOB ((UINT16) 0x0009) ///< The entity is a delegate key blob #define TCM_ET_COUNTER ((UINT16) 0x000A) ///< The entity is a counter #define TCM_ET_NV ((UINT16) 0x000B) ///< The entity is a NV index #define TCM_ET_OPERATOR ((UINT16) 0x000C) ///< The entity is the operator #define TCM_ET_RESERVED_HANDLE ((UINT16) 0x0040) ///< Reserved. This value avoids collisions with the handle MSB setting. // // TCM_ENTITY_TYPE MSB Values: The MSB is used to indicate the ADIP encryption sheme when applicable // #define TCM_ET_XOR ((UINT16) 0x0000) ///< ADIP encryption scheme: XOR #define TCM_ET_AES128 ((UINT16) 0x0006) ///< ADIP encryption scheme: AES 128 bits // // Part 2, section 4.4.1: Reserved Key Handles // #define TCM_KH_SRK ((TCM_KEY_HANDLE) 0x40000000) ///< The handle points to the SRK #define TCM_KH_OWNER ((TCM_KEY_HANDLE) 0x40000001) ///< The handle points to the TCM Owner #define TCM_KH_REVOKE ((TCM_KEY_HANDLE) 0x40000002) ///< The handle points to the RevokeTrust value #define TCM_KH_TRANSPORT ((TCM_KEY_HANDLE) 0x40000003) ///< The handle points to the EstablishTransport static authorization #define TCM_KH_OPERATOR ((TCM_KEY_HANDLE) 0x40000004) ///< The handle points to the Operator auth #define TCM_KH_ADMIN ((TCM_KEY_HANDLE) 0x40000005) ///< The handle points to the delegation administration auth #define TCM_KH_EK ((TCM_KEY_HANDLE) 0x40000006) ///< The handle points to the PUBEK, only usable with TCM_OwnerReadInternalPub // // Part 2, section 4.5: TCM_STARTUP_TYPE // #define TCM_ST_CLEAR ((TCM_STARTUP_TYPE) 0x0001) ///< The TCM is starting up from a clean state #define TCM_ST_STATE ((TCM_STARTUP_TYPE) 0x0002) ///< The TCM is starting up from a saved state #define TCM_ST_DEACTIVATED ((TCM_STARTUP_TYPE) 0x0003) ///< The TCM is to startup and set the deactivated flag to TRUE // // Part 2, section 4.6: TCM_STATUP_EFFECTS // The table makeup is still an open issue. // // // Part 2, section 4.7: TCM_PROTOCOL_ID // #define TCM_PID_OIAP ((TCM_PROTOCOL_ID) 0x0001) ///< The OIAP protocol. #define TCM_PID_OSAP ((TCM_PROTOCOL_ID) 0x0002) ///< The OSAP protocol. #define TCM_PID_ADIP ((TCM_PROTOCOL_ID) 0x0003) ///< The ADIP protocol. #define TCM_PID_ADCP ((TCM_PROTOCOL_ID) 0x0004) ///< The ADCP protocol. #define TCM_PID_OWNER ((TCM_PROTOCOL_ID) 0x0005) ///< The protocol for taking ownership of a TCM. #define TCM_PID_DSAP ((TCM_PROTOCOL_ID) 0x0006) ///< The DSAP protocol #define TCM_PID_TRANSPORT ((TCM_PROTOCOL_ID) 0x0007) ///< The transport protocol // // Part 2, section 4.8: TCM_ALGORITHM_ID // The TCM MUST support the algorithms TCM_ALG_RSA, TCM_ALG_SHA, TCM_ALG_HMAC, // TCM_ALG_MGF1 // #define TCM_ALG_RSA ((TCM_ALGORITHM_ID) 0x00000001) ///< The RSA algorithm. #define TCM_ALG_DES ((TCM_ALGORITHM_ID) 0x00000002) ///< The DES algorithm #define TCM_ALG_3DES ((TCM_ALGORITHM_ID) 0x00000003) ///< The 3DES algorithm in EDE mode #define TCM_ALG_SHA ((TCM_ALGORITHM_ID) 0x00000004) ///< The SHA1 algorithm #define TCM_ALG_HMAC ((TCM_ALGORITHM_ID) 0x00000005) ///< The RFC 2104 HMAC algorithm #define TCM_ALG_AES128 ((TCM_ALGORITHM_ID) 0x00000006) ///< The AES algorithm, key size 128 #define TCM_ALG_MGF1 ((TCM_ALGORITHM_ID) 0x00000007) ///< The XOR algorithm using MGF1 to create a string the size of the encrypted block #define TCM_ALG_AES192 ((TCM_ALGORITHM_ID) 0x00000008) ///< AES, key size 192 #define TCM_ALG_AES256 ((TCM_ALGORITHM_ID) 0x00000009) ///< AES, key size 256 #define TCM_ALG_XOR ((TCM_ALGORITHM_ID) 0x0000000A) ///< XOR using the rolling nonces #define TCM_ALG_SM3_256 ((TCM_ALGORITHM_ID) 0x00000012) ///< The SM3-256 algorithm // // Part 2, section 4.9: TCM_PHYSICAL_PRESENCE // #define TCM_PHYSICAL_PRESENCE_HW_DISABLE ((TCM_PHYSICAL_PRESENCE) 0x0200) ///< Sets the physicalPresenceHWEnable to FALSE #define TCM_PHYSICAL_PRESENCE_CMD_DISABLE ((TCM_PHYSICAL_PRESENCE) 0x0100) ///< Sets the physicalPresenceCMDEnable to FALSE #define TCM_PHYSICAL_PRESENCE_LIFETIME_LOCK ((TCM_PHYSICAL_PRESENCE) 0x0080) ///< Sets the physicalPresenceLifetimeLock to TRUE #define TCM_PHYSICAL_PRESENCE_HW_ENABLE ((TCM_PHYSICAL_PRESENCE) 0x0040) ///< Sets the physicalPresenceHWEnable to TRUE #define TCM_PHYSICAL_PRESENCE_CMD_ENABLE ((TCM_PHYSICAL_PRESENCE) 0x0020) ///< Sets the physicalPresenceCMDEnable to TRUE #define TCM_PHYSICAL_PRESENCE_NOTPRESENT ((TCM_PHYSICAL_PRESENCE) 0x0010) ///< Sets PhysicalPresence = FALSE #define TCM_PHYSICAL_PRESENCE_PRESENT ((TCM_PHYSICAL_PRESENCE) 0x0008) ///< Sets PhysicalPresence = TRUE #define TCM_PHYSICAL_PRESENCE_LOCK ((TCM_PHYSICAL_PRESENCE) 0x0004) ///< Sets PhysicalPresenceLock = TRUE // // Part 2, section 4.10: TCM_MIGRATE_SCHEME // #define TCM_MS_MIGRATE ((TCM_MIGRATE_SCHEME) 0x0001) ///< A public key that can be used with all TCM migration commands other than 'ReWrap' mode. #define TCM_MS_REWRAP ((TCM_MIGRATE_SCHEME) 0x0002) ///< A public key that can be used for the ReWrap mode of TCM_CreateMigrationBlob. #define TCM_MS_MAINT ((TCM_MIGRATE_SCHEME) 0x0003) ///< A public key that can be used for the Maintenance commands #define TCM_MS_RESTRICT_MIGRATE ((TCM_MIGRATE_SCHEME) 0x0004) ///< The key is to be migrated to a Migration Authority. #define TCM_MS_RESTRICT_APPROVE_DOUBLE ((TCM_MIGRATE_SCHEME) 0x0005) ///< The key is to be migrated to an entity approved by a Migration Authority using double wrapping // // Part 2, section 4.11: TCM_EK_TYPE // #define TCM_EK_TYPE_ACTIVATE ((TCM_EK_TYPE) 0x0001) ///< The blob MUST be TCM_EK_BLOB_ACTIVATE #define TCM_EK_TYPE_AUTH ((TCM_EK_TYPE) 0x0002) ///< The blob MUST be TCM_EK_BLOB_AUTH // // Part 2, section 4.12: TCM_PLATFORM_SPECIFIC // #define TCM_PS_PC_11 ((TCM_PLATFORM_SPECIFIC) 0x0001) ///< PC Specific version 1.1 #define TCM_PS_PC_12 ((TCM_PLATFORM_SPECIFIC) 0x0002) ///< PC Specific version 1.2 #define TCM_PS_PDA_12 ((TCM_PLATFORM_SPECIFIC) 0x0003) ///< PDA Specific version 1.2 #define TCM_PS_Server_12 ((TCM_PLATFORM_SPECIFIC) 0x0004) ///< Server Specific version 1.2 #define TCM_PS_Mobile_12 ((TCM_PLATFORM_SPECIFIC) 0x0005) ///< Mobil Specific version 1.2 // // Part 2, section 5: Basic Structures // /// /// Part 2, section 5.1: TCM_STRUCT_VER /// typedef struct tdTCM_STRUCT_VER { UINT8 major; UINT8 minor; UINT8 revMajor; UINT8 revMinor; } TCM_STRUCT_VER; /// /// Part 2, section 5.3: TCM_VERSION /// typedef struct tdTCM_VERSION { TCM_VERSION_BYTE major; TCM_VERSION_BYTE minor; UINT8 revMajor; UINT8 revMinor; } TCM_VERSION; #define TCM_SM3_256_HASH_LEN 0x20 #define TCM_SHA1BASED_NONCE_LEN TCM_SM3_256_HASH_LEN /// /// Part 2, section 5.4: TCM_DIGEST /// typedef struct tdTCM_DIGEST{ UINT8 digest[TCM_SM3_256_HASH_LEN]; } TCM_DIGEST; /// /// This SHALL be the digest of the chosen identityLabel and privacyCA for a new TCM identity /// typedef TCM_DIGEST TCM_CHOSENID_HASH; /// /// This SHALL be the hash of a list of PCR indexes and PCR values that a key or data is bound to /// typedef TCM_DIGEST TCM_COMPOSITE_HASH; /// /// This SHALL be the value of a DIR register /// typedef TCM_DIGEST TCM_DIRVALUE; typedef TCM_DIGEST TCM_HMAC; /// /// The value inside of the PCR /// typedef TCM_DIGEST TCM_PCRVALUE; /// /// This SHALL be the value of the current internal audit state /// typedef TCM_DIGEST TCM_AUDITDIGEST; /// /// Part 2, section 5.5: TCM_NONCE /// typedef struct tdTCM_NONCE{ UINT8 nonce[20]; } TCM_NONCE; /// /// This SHALL be a random value generated by a TCM immediately after the EK is installed /// in that TCM, whenever an EK is installed in that TCM /// typedef TCM_NONCE TCM_DAA_TCM_SEED; /// /// This SHALL be a random value /// typedef TCM_NONCE TCM_DAA_CONTEXT_SEED; // // Part 2, section 5.6: TCM_AUTHDATA // /// /// The AuthData data is the information that is saved or passed to provide proof of ownership /// 296 of an entity /// typedef UINT8 tdTCM_AUTHDATA[20]; typedef tdTCM_AUTHDATA TCM_AUTHDATA; /// /// A secret plaintext value used in the authorization process /// typedef TCM_AUTHDATA TCM_SECRET; /// /// A ciphertext (encrypted) version of AuthData data. The encryption mechanism depends on the context /// typedef TCM_AUTHDATA TCM_ENCAUTH; /// /// Part 2, section 5.7: TCM_KEY_HANDLE_LIST /// Size of handle is loaded * sizeof(TCM_KEY_HANDLE) /// typedef struct tdTCM_KEY_HANDLE_LIST { UINT16 loaded; TCM_KEY_HANDLE handle[1]; } TCM_KEY_HANDLE_LIST; // // Part 2, section 5.8: TCM_KEY_USAGE values // /// /// TCM_KEY_SIGNING SHALL indicate a signing key. The [private] key SHALL be /// used for signing operations, only. This means that it MUST be a leaf of the /// Protected Storage key hierarchy. /// #define TCM_KEY_SIGNING ((UINT16) 0x0010) /// /// TCM_KEY_STORAGE SHALL indicate a storage key. The key SHALL be used to wrap /// and unwrap other keys in the Protected Storage hierarchy /// #define TCM_KEY_STORAGE ((UINT16) 0x0011) /// /// TCM_KEY_IDENTITY SHALL indicate an identity key. The key SHALL be used for /// operations that require a TCM identity, only. /// #define TCM_KEY_IDENTITY ((UINT16) 0x0012) /// /// TCM_KEY_AUTHCHANGE SHALL indicate an ephemeral key that is in use during /// the ChangeAuthAsym process, only. /// #define TCM_KEY_AUTHCHANGE ((UINT16) 0x0013) /// /// TCM_KEY_BIND SHALL indicate a key that can be used for TCM_Bind and /// TCM_Unbind operations only. /// #define TCM_KEY_BIND ((UINT16) 0x0014) /// /// TCM_KEY_LEGACY SHALL indicate a key that can perform signing and binding /// operations. The key MAY be used for both signing and binding operations. /// The TCM_KEY_LEGACY key type is to allow for use by applications where both /// signing and encryption operations occur with the same key. The use of this /// key type is not recommended TCM_KEY_MIGRATE 0x0016 This SHALL indicate a /// key in use for TCM_MigrateKey /// #define TCM_KEY_LEGACY ((UINT16) 0x0015) /// /// TCM_KEY_MIGRAGE SHALL indicate a key in use for TCM_MigrateKey /// #define TCM_KEY_MIGRATE ((UINT16) 0x0016) // // Part 2, section 5.8.1: Mandatory Key Usage Schemes // #define TCM_ES_NONE ((TCM_ENC_SCHEME) 0x0001) #define TCM_ES_RSAESPKCSv15 ((TCM_ENC_SCHEME) 0x0002) #define TCM_ES_RSAESOAEP_SHA1_MGF1 ((TCM_ENC_SCHEME) 0x0003) #define TCM_ES_SYM_CNT ((TCM_ENC_SCHEME) 0x0004) ///< rev94 defined #define TCM_ES_SYM_CTR ((TCM_ENC_SCHEME) 0x0004) #define TCM_ES_SYM_OFB ((TCM_ENC_SCHEME) 0x0005) #define TCM_SS_NONE ((TCM_SIG_SCHEME) 0x0001) #define TCM_SS_RSASSAPKCS1v15_SHA1 ((TCM_SIG_SCHEME) 0x0002) #define TCM_SS_RSASSAPKCS1v15_DER ((TCM_SIG_SCHEME) 0x0003) #define TCM_SS_RSASSAPKCS1v15_INFO ((TCM_SIG_SCHEME) 0x0004) // // Part 2, section 5.9: TCM_AUTH_DATA_USAGE values // #define TCM_AUTH_NEVER ((TCM_AUTH_DATA_USAGE) 0x00) #define TCM_AUTH_ALWAYS ((TCM_AUTH_DATA_USAGE) 0x01) #define TCM_AUTH_PRIV_USE_ONLY ((TCM_AUTH_DATA_USAGE) 0x03) /// /// Part 2, section 5.10: TCM_KEY_FLAGS /// //typedef enum tdTCM_KEY_FLAGS { // redirection = 0x00000001, // migratable = 0x00000002, // isVolatile = 0x00000004, // pcrIgnoredOnRead = 0x00000008, // migrateAuthority = 0x00000010 //} TCM_KEY_FLAGS_BITS; /// /// Part 2, section 5.11: TCM_CHANGEAUTH_VALIDATE /// typedef struct tdTCM_CHANGEAUTH_VALIDATE { TCM_SECRET newAuthSecret; TCM_NONCE n1; } TCM_CHANGEAUTH_VALIDATE; /// /// Part 2, section 5.12: TCM_MIGRATIONKEYAUTH /// decalared after section 10 to catch declaration of TCM_PUBKEY /// /// Part 2 section 10.1: TCM_KEY_PARMS /// [size_is(parmSize)] BYTE* parms; /// typedef struct tdTCM_KEY_PARMS { TCM_ALGORITHM_ID algorithmID; TCM_ENC_SCHEME encScheme; TCM_SIG_SCHEME sigScheme; UINT32 parmSize; UINT8 *parms; } TCM_KEY_PARMS; /// /// Part 2, section 10.4: TCM_STORE_PUBKEY /// typedef struct tdTCM_STORE_PUBKEY { UINT32 keyLength; UINT8 key[1]; } TCM_STORE_PUBKEY; /// /// Part 2, section 10.5: TCM_PUBKEY /// typedef struct tdTCM_PUBKEY{ TCM_KEY_PARMS algorithmParms; TCM_STORE_PUBKEY pubKey; } TCM_PUBKEY; /// /// Part 2, section 5.12: TCM_MIGRATIONKEYAUTH /// typedef struct tdTCM_MIGRATIONKEYAUTH{ TCM_PUBKEY migrationKey; TCM_MIGRATE_SCHEME migrationScheme; TCM_DIGEST digest; } TCM_MIGRATIONKEYAUTH; /// /// Part 2, section 5.13: TCM_COUNTER_VALUE /// typedef struct tdTCM_COUNTER_VALUE{ TCM_STRUCTURE_TAG tag; UINT8 label[4]; TCM_ACTUAL_COUNT counter; } TCM_COUNTER_VALUE; /// /// Part 2, section 5.14: TCM_SIGN_INFO /// Size of data indicated by dataLen /// typedef struct tdTCM_SIGN_INFO { TCM_STRUCTURE_TAG tag; UINT8 fixed[4]; TCM_NONCE replay; UINT32 dataLen; UINT8 *data; } TCM_SIGN_INFO; /// /// Part 2, section 5.15: TCM_MSA_COMPOSITE /// Number of migAuthDigest indicated by MSAlist /// typedef struct tdTCM_MSA_COMPOSITE { UINT32 MSAlist; TCM_DIGEST migAuthDigest[1]; } TCM_MSA_COMPOSITE; /// /// Part 2, section 5.16: TCM_CMK_AUTH /// typedef struct tdTCM_CMK_AUTH{ TCM_DIGEST migrationAuthorityDigest; TCM_DIGEST destinationKeyDigest; TCM_DIGEST sourceKeyDigest; } TCM_CMK_AUTH; // // Part 2, section 5.17: TCM_CMK_DELEGATE // #define TCM_CMK_DELEGATE_SIGNING ((TCM_CMK_DELEGATE) BIT31) #define TCM_CMK_DELEGATE_STORAGE ((TCM_CMK_DELEGATE) BIT30) #define TCM_CMK_DELEGATE_BIND ((TCM_CMK_DELEGATE) BIT29) #define TCM_CMK_DELEGATE_LEGACY ((TCM_CMK_DELEGATE) BIT28) #define TCM_CMK_DELEGATE_MIGRATE ((TCM_CMK_DELEGATE) BIT27) /// /// Part 2, section 5.18: TCM_SELECT_SIZE /// typedef struct tdTCM_SELECT_SIZE { UINT8 major; UINT8 minor; UINT16 reqSize; } TCM_SELECT_SIZE; /// /// Part 2, section 5,19: TCM_CMK_MIGAUTH /// typedef struct tdTCM_CMK_MIGAUTH{ TCM_STRUCTURE_TAG tag; TCM_DIGEST msaDigest; TCM_DIGEST pubKeyDigest; } TCM_CMK_MIGAUTH; /// /// Part 2, section 5.20: TCM_CMK_SIGTICKET /// typedef struct tdTCM_CMK_SIGTICKET{ TCM_STRUCTURE_TAG tag; TCM_DIGEST verKeyDigest; TCM_DIGEST signedData; } TCM_CMK_SIGTICKET; /// /// Part 2, section 5.21: TCM_CMK_MA_APPROVAL /// typedef struct tdTCM_CMK_MA_APPROVAL{ TCM_STRUCTURE_TAG tag; TCM_DIGEST migrationAuthorityDigest; } TCM_CMK_MA_APPROVAL; // // Part 2, section 6: Command Tags // #define TCM_TAG_RQU_COMMAND ((TCM_STRUCTURE_TAG) 0x00C1) #define TCM_TAG_RQU_AUTH1_COMMAND ((TCM_STRUCTURE_TAG) 0x00C2) #define TCM_TAG_RQU_AUTH2_COMMAND ((TCM_STRUCTURE_TAG) 0x00C3) #define TCM_TAG_RSP_COMMAND ((TCM_STRUCTURE_TAG) 0x00C4) #define TCM_TAG_RSP_AUTH1_COMMAND ((TCM_STRUCTURE_TAG) 0x00C5) #define TCM_TAG_RSP_AUTH2_COMMAND ((TCM_STRUCTURE_TAG) 0x00C6) /// /// Part 2, section 7.1: TCM_PERMANENT_FLAGS /// typedef struct tdTCM_PERMANENT_FLAGS{ TCM_STRUCTURE_TAG tag; BOOLEAN disable; BOOLEAN ownership; BOOLEAN deactivated; BOOLEAN readPubek; BOOLEAN disableOwnerClear; BOOLEAN allowMaintenance; BOOLEAN physicalPresenceLifetimeLock; BOOLEAN physicalPresenceHWEnable; BOOLEAN physicalPresenceCMDEnable; BOOLEAN CEKPUsed; BOOLEAN TCMpost; BOOLEAN TCMpostLock; BOOLEAN FIPS; BOOLEAN operator; BOOLEAN enableRevokeEK; BOOLEAN nvLocked; BOOLEAN readSRKPub; BOOLEAN tcmEstablished; BOOLEAN maintenanceDone; BOOLEAN disableFullDALogicInfo; } TCM_PERMANENT_FLAGS; // // Part 2, section 7.1.1: Flag Restrictions (of TCM_PERMANENT_FLAGS) // #define TCM_PF_DISABLE ((TCM_CAPABILITY_AREA) 1) #define TCM_PF_OWNERSHIP ((TCM_CAPABILITY_AREA) 2) #define TCM_PF_DEACTIVATED ((TCM_CAPABILITY_AREA) 3) #define TCM_PF_READPUBEK ((TCM_CAPABILITY_AREA) 4) #define TCM_PF_DISABLEOWNERCLEAR ((TCM_CAPABILITY_AREA) 5) #define TCM_PF_ALLOWMAINTENANCE ((TCM_CAPABILITY_AREA) 6) #define TCM_PF_PHYSICALPRESENCELIFETIMELOCK ((TCM_CAPABILITY_AREA) 7) #define TCM_PF_PHYSICALPRESENCEHWENABLE ((TCM_CAPABILITY_AREA) 8) #define TCM_PF_PHYSICALPRESENCECMDENABLE ((TCM_CAPABILITY_AREA) 9) #define TCM_PF_CEKPUSED ((TCM_CAPABILITY_AREA) 10) #define TCM_PF_TCMPOST ((TCM_CAPABILITY_AREA) 11) #define TCM_PF_TCMPOSTLOCK ((TCM_CAPABILITY_AREA) 12) #define TCM_PF_FIPS ((TCM_CAPABILITY_AREA) 13) #define TCM_PF_OPERATOR ((TCM_CAPABILITY_AREA) 14) #define TCM_PF_ENABLEREVOKEEK ((TCM_CAPABILITY_AREA) 15) #define TCM_PF_NV_LOCKED ((TCM_CAPABILITY_AREA) 16) #define TCM_PF_READSRKPUB ((TCM_CAPABILITY_AREA) 17) #define TCM_PF_TCMESTABLISHED ((TCM_CAPABILITY_AREA) 18) #define TCM_PF_MAINTENANCEDONE ((TCM_CAPABILITY_AREA) 19) #define TCM_PF_DISABLEFULLDALOGICINFO ((TCM_CAPABILITY_AREA) 20) /// /// Part 2, section 7.2: TCM_STCLEAR_FLAGS /// typedef struct tdTCM_STCLEAR_FLAGS{ TCM_STRUCTURE_TAG tag; BOOLEAN deactivated; BOOLEAN disableForceClear; BOOLEAN physicalPresence; BOOLEAN physicalPresenceLock; BOOLEAN bGlobalLock; } TCM_STCLEAR_FLAGS; // // Part 2, section 7.2.1: Flag Restrictions (of TCM_STCLEAR_FLAGS) // #define TCM_SF_DEACTIVATED ((TCM_CAPABILITY_AREA) 1) #define TCM_SF_DISABLEFORCECLEAR ((TCM_CAPABILITY_AREA) 2) #define TCM_SF_PHYSICALPRESENCE ((TCM_CAPABILITY_AREA) 3) #define TCM_SF_PHYSICALPRESENCELOCK ((TCM_CAPABILITY_AREA) 4) #define TCM_SF_BGLOBALLOCK ((TCM_CAPABILITY_AREA) 5) /// /// Part 2, section 7.3: TCM_STANY_FLAGS /// typedef struct tdTCM_STANY_FLAGS{ TCM_STRUCTURE_TAG tag; BOOLEAN postInitialise; TCM_MODIFIER_INDICATOR localityModifier; BOOLEAN transportExclusive; BOOLEAN TOSPresent; } TCM_STANY_FLAGS; // // Part 2, section 7.3.1: Flag Restrictions (of TCM_STANY_FLAGS) // #define TCM_AF_POSTINITIALISE ((TCM_CAPABILITY_AREA) 1) #define TCM_AF_LOCALITYMODIFIER ((TCM_CAPABILITY_AREA) 2) #define TCM_AF_TRANSPORTEXCLUSIVE ((TCM_CAPABILITY_AREA) 3) #define TCM_AF_TOSPRESENT ((TCM_CAPABILITY_AREA) 4) // // All those structures defined in section 7.4, 7.5, 7.6 are not normative and // thus no definitions here // // Part 2, section 7.4: TCM_PERMANENT_DATA // #define TCM_MIN_COUNTERS 4 ///< the minimum number of counters is 4 #define TCM_DELEGATE_KEY TCM_KEY #define TCM_NUM_PCR 16 #define TCM_MAX_NV_WRITE_NOOWNER 64 // // Part 2, section 7.4.1: PERMANENT_DATA Subcap for SetCapability // #define TCM_PD_REVMAJOR ((TCM_CAPABILITY_AREA) 1) #define TCM_PD_REVMINOR ((TCM_CAPABILITY_AREA) 2) #define TCM_PD_TCMPROOF ((TCM_CAPABILITY_AREA) 3) #define TCM_PD_OWNERAUTH ((TCM_CAPABILITY_AREA) 4) #define TCM_PD_OPERATORAUTH ((TCM_CAPABILITY_AREA) 5) #define TCM_PD_MANUMAINTPUB ((TCM_CAPABILITY_AREA) 6) #define TCM_PD_ENDORSEMENTKEY ((TCM_CAPABILITY_AREA) 7) #define TCM_PD_SRK ((TCM_CAPABILITY_AREA) 8) #define TCM_PD_DELEGATEKEY ((TCM_CAPABILITY_AREA) 9) #define TCM_PD_CONTEXTKEY ((TCM_CAPABILITY_AREA) 10) #define TCM_PD_AUDITMONOTONICCOUNTER ((TCM_CAPABILITY_AREA) 11) #define TCM_PD_MONOTONICCOUNTER ((TCM_CAPABILITY_AREA) 12) #define TCM_PD_PCRATTRIB ((TCM_CAPABILITY_AREA) 13) #define TCM_PD_ORDINALAUDITSTATUS ((TCM_CAPABILITY_AREA) 14) #define TCM_PD_AUTHDIR ((TCM_CAPABILITY_AREA) 15) #define TCM_PD_RNGSTATE ((TCM_CAPABILITY_AREA) 16) #define TCM_PD_FAMILYTABLE ((TCM_CAPABILITY_AREA) 17) #define TCM_DELEGATETABLE ((TCM_CAPABILITY_AREA) 18) #define TCM_PD_EKRESET ((TCM_CAPABILITY_AREA) 19) #define TCM_PD_MAXNVBUFSIZE ((TCM_CAPABILITY_AREA) 20) #define TCM_PD_LASTFAMILYID ((TCM_CAPABILITY_AREA) 21) #define TCM_PD_NOOWNERNVWRITE ((TCM_CAPABILITY_AREA) 22) #define TCM_PD_RESTRICTDELEGATE ((TCM_CAPABILITY_AREA) 23) #define TCM_PD_TCMDAASEED ((TCM_CAPABILITY_AREA) 24) #define TCM_PD_DAAPROOF ((TCM_CAPABILITY_AREA) 25) /// /// Part 2, section 7.5: TCM_STCLEAR_DATA /// available inside TCM only /// typedef struct tdTCM_STCLEAR_DATA{ TCM_STRUCTURE_TAG tag; TCM_NONCE contextNonceKey; TCM_COUNT_ID countID; UINT32 ownerReference; BOOLEAN disableResetLock; TCM_PCRVALUE PCR[TCM_NUM_PCR]; UINT32 deferredPhysicalPresence; }TCM_STCLEAR_DATA; // // Part 2, section 7.5.1: STCLEAR_DATA Subcap for SetCapability // #define TCM_SD_CONTEXTNONCEKEY ((TCM_CAPABILITY_AREA)0x00000001) #define TCM_SD_COUNTID ((TCM_CAPABILITY_AREA)0x00000002) #define TCM_SD_OWNERREFERENCE ((TCM_CAPABILITY_AREA)0x00000003) #define TCM_SD_DISABLERESETLOCK ((TCM_CAPABILITY_AREA)0x00000004) #define TCM_SD_PCR ((TCM_CAPABILITY_AREA)0x00000005) #define TCM_SD_DEFERREDPHYSICALPRESENCE ((TCM_CAPABILITY_AREA)0x00000006) // // Part 2, section 7.6.1: STANY_DATA Subcap for SetCapability // #define TCM_AD_CONTEXTNONCESESSION ((TCM_CAPABILITY_AREA) 1) #define TCM_AD_AUDITDIGEST ((TCM_CAPABILITY_AREA) 2) #define TCM_AD_CURRENTTICKS ((TCM_CAPABILITY_AREA) 3) #define TCM_AD_CONTEXTCOUNT ((TCM_CAPABILITY_AREA) 4) #define TCM_AD_CONTEXTLIST ((TCM_CAPABILITY_AREA) 5) #define TCM_AD_SESSIONS ((TCM_CAPABILITY_AREA) 6) // // Part 2, section 8: PCR Structures // /// /// Part 2, section 8.1: TCM_PCR_SELECTION /// Size of pcrSelect[] indicated by sizeOfSelect /// typedef struct tdTCM_PCR_SELECTION { UINT16 sizeOfSelect; UINT8 pcrSelect[1]; } TCM_PCR_SELECTION; /// /// Part 2, section 8.2: TCM_PCR_COMPOSITE /// Size of pcrValue[] indicated by valueSize /// typedef struct tdTCM_PCR_COMPOSITE { TCM_PCR_SELECTION select; UINT32 valueSize; TCM_PCRVALUE pcrValue[1]; } TCM_PCR_COMPOSITE; /// /// Part 2, section 8.3: TCM_PCR_INFO /// typedef struct tdTCM_PCR_INFO { TCM_PCR_SELECTION pcrSelection; TCM_COMPOSITE_HASH digestAtRelease; TCM_COMPOSITE_HASH digestAtCreation; } TCM_PCR_INFO; /// /// Part 2, section 8.6: TCM_LOCALITY_SELECTION /// typedef UINT8 TCM_LOCALITY_SELECTION; #define TCM_LOC_FOUR ((UINT8) 0x10) #define TCM_LOC_THREE ((UINT8) 0x08) #define TCM_LOC_TWO ((UINT8) 0x04) #define TCM_LOC_ONE ((UINT8) 0x02) #define TCM_LOC_ZERO ((UINT8) 0x01) /// /// Part 2, section 8.4: TCM_PCR_INFO_LONG /// typedef struct tdTCM_PCR_INFO_LONG { TCM_STRUCTURE_TAG tag; TCM_LOCALITY_SELECTION localityAtCreation; TCM_LOCALITY_SELECTION localityAtRelease; TCM_PCR_SELECTION creationPCRSelection; TCM_PCR_SELECTION releasePCRSelection; TCM_COMPOSITE_HASH digestAtCreation; TCM_COMPOSITE_HASH digestAtRelease; } TCM_PCR_INFO_LONG; /// /// Part 2, section 8.5: TCM_PCR_INFO_SHORT /// typedef struct tdTCM_PCR_INFO_SHORT{ TCM_PCR_SELECTION pcrSelection; TCM_LOCALITY_SELECTION localityAtRelease; TCM_COMPOSITE_HASH digestAtRelease; } TCM_PCR_INFO_SHORT; /// /// Part 2, section 8.8: TCM_PCR_ATTRIBUTES /// typedef struct tdTCM_PCR_ATTRIBUTES{ BOOLEAN pcrReset; TCM_LOCALITY_SELECTION pcrExtendLocal; TCM_LOCALITY_SELECTION pcrResetLocal; } TCM_PCR_ATTRIBUTES; // // Part 2, section 9: Storage Structures // /// /// Part 2, section 9.1: TCM_STORED_DATA /// [size_is(sealInfoSize)] BYTE* sealInfo; /// [size_is(encDataSize)] BYTE* encData; /// typedef struct tdTCM_STORED_DATA { TCM_STRUCT_VER ver; UINT32 sealInfoSize; UINT8 *sealInfo; UINT32 encDataSize; UINT8 *encData; } TCM_STORED_DATA; /// /// Part 2, section 9.2: TCM_STORED_DATA12 /// [size_is(sealInfoSize)] BYTE* sealInfo; /// [size_is(encDataSize)] BYTE* encData; /// typedef struct tdTCM_STORED_DATA12 { TCM_STRUCTURE_TAG tag; TCM_ENTITY_TYPE et; UINT32 sealInfoSize; UINT8 *sealInfo; UINT32 encDataSize; UINT8 *encData; } TCM_STORED_DATA12; /// /// Part 2, section 9.3: TCM_SEALED_DATA /// [size_is(dataSize)] BYTE* data; /// typedef struct tdTCM_SEALED_DATA { TCM_PAYLOAD_TYPE payload; TCM_SECRET authData; TCM_NONCE tcmProof; TCM_DIGEST storedDigest; UINT32 dataSize; UINT8 *data; } TCM_SEALED_DATA; /// /// Part 2, section 9.4: TCM_SYMMETRIC_KEY /// [size_is(size)] BYTE* data; /// typedef struct tdTCM_SYMMETRIC_KEY { TCM_ALGORITHM_ID algId; TCM_ENC_SCHEME encScheme; UINT16 dataSize; UINT8 *data; } TCM_SYMMETRIC_KEY; /// /// Part 2, section 9.5: TCM_BOUND_DATA /// typedef struct tdTCM_BOUND_DATA { TCM_STRUCT_VER ver; TCM_PAYLOAD_TYPE payload; UINT8 payloadData[1]; } TCM_BOUND_DATA; // // Part 2 section 10: TCM_KEY complex // // // Section 10.1, 10.4, and 10.5 have been defined previously // /// /// Part 2, section 10.2: TCM_KEY /// [size_is(encDataSize)] BYTE* encData; /// typedef struct tdTCM_KEY{ TCM_STRUCT_VER ver; TCM_KEY_USAGE keyUsage; TCM_KEY_FLAGS keyFlags; TCM_AUTH_DATA_USAGE authDataUsage; TCM_KEY_PARMS algorithmParms; UINT32 PCRInfoSize; UINT8 *PCRInfo; TCM_STORE_PUBKEY pubKey; UINT32 encDataSize; UINT8 *encData; } TCM_KEY; /// /// Part 2, section 10.3: TCM_KEY12 /// [size_is(encDataSize)] BYTE* encData; /// typedef struct tdTCM_KEY12{ TCM_STRUCTURE_TAG tag; UINT16 fill; TCM_KEY_USAGE keyUsage; TCM_KEY_FLAGS keyFlags; TCM_AUTH_DATA_USAGE authDataUsage; TCM_KEY_PARMS algorithmParms; UINT32 PCRInfoSize; UINT8 *PCRInfo; TCM_STORE_PUBKEY pubKey; UINT32 encDataSize; UINT8 *encData; } TCM_KEY12; /// /// Part 2, section 10.7: TCM_STORE_PRIVKEY /// [size_is(keyLength)] BYTE* key; /// typedef struct tdTCM_STORE_PRIVKEY { UINT32 keyLength; UINT8 *key; } TCM_STORE_PRIVKEY; /// /// Part 2, section 10.6: TCM_STORE_ASYMKEY /// typedef struct tdTCM_STORE_ASYMKEY { // pos len total TCM_PAYLOAD_TYPE payload; // 0 1 1 TCM_SECRET usageAuth; // 1 20 21 TCM_SECRET migrationAuth; // 21 20 41 TCM_DIGEST pubDataDigest; // 41 20 61 TCM_STORE_PRIVKEY privKey; // 61 132-151 193-214 } TCM_STORE_ASYMKEY; /// /// Part 2, section 10.8: TCM_MIGRATE_ASYMKEY /// [size_is(partPrivKeyLen)] BYTE* partPrivKey; /// typedef struct tdTCM_MIGRATE_ASYMKEY { // pos len total TCM_PAYLOAD_TYPE payload; // 0 1 1 TCM_SECRET usageAuth; // 1 20 21 TCM_DIGEST pubDataDigest; // 21 20 41 UINT32 partPrivKeyLen; // 41 4 45 UINT8 *partPrivKey; // 45 112-127 157-172 } TCM_MIGRATE_ASYMKEY; /// /// Part 2, section 10.9: TCM_KEY_CONTROL /// #define TCM_KEY_CONTROL_OWNER_EVICT ((UINT32) 0x00000001) // // Part 2, section 11: Signed Structures // /// /// Part 2, section 11.1: TCM_CERTIFY_INFO Structure /// typedef struct tdTCM_CERTIFY_INFO { TCM_STRUCT_VER version; TCM_KEY_USAGE keyUsage; TCM_KEY_FLAGS keyFlags; TCM_AUTH_DATA_USAGE authDataUsage; TCM_KEY_PARMS algorithmParms; TCM_DIGEST pubkeyDigest; TCM_NONCE data; BOOLEAN parentPCRStatus; UINT32 PCRInfoSize; UINT8 *PCRInfo; } TCM_CERTIFY_INFO; /// /// Part 2, section 11.2: TCM_CERTIFY_INFO2 Structure /// typedef struct tdTCM_CERTIFY_INFO2 { TCM_STRUCTURE_TAG tag; UINT8 fill; TCM_PAYLOAD_TYPE payloadType; TCM_KEY_USAGE keyUsage; TCM_KEY_FLAGS keyFlags; TCM_AUTH_DATA_USAGE authDataUsage; TCM_KEY_PARMS algorithmParms; TCM_DIGEST pubkeyDigest; TCM_NONCE data; BOOLEAN parentPCRStatus; UINT32 PCRInfoSize; UINT8 *PCRInfo; UINT32 migrationAuthoritySize; UINT8 *migrationAuthority; } TCM_CERTIFY_INFO2; /// /// Part 2, section 11.3 TCM_QUOTE_INFO Structure /// typedef struct tdTCM_QUOTE_INFO { TCM_STRUCT_VER version; UINT8 fixed[4]; TCM_COMPOSITE_HASH digestValue; TCM_NONCE externalData; } TCM_QUOTE_INFO; /// /// Part 2, section 11.4 TCM_QUOTE_INFO2 Structure /// typedef struct tdTCM_QUOTE_INFO2 { TCM_STRUCTURE_TAG tag; UINT8 fixed[4]; TCM_NONCE externalData; TCM_PCR_INFO_SHORT infoShort; } TCM_QUOTE_INFO2; // // Part 2, section 12: Identity Structures // /// /// Part 2, section 12.1 TCM_EK_BLOB /// typedef struct tdTCM_EK_BLOB { TCM_STRUCTURE_TAG tag; TCM_EK_TYPE ekType; UINT32 blobSize; UINT8 *blob; } TCM_EK_BLOB; /// /// Part 2, section 12.2 TCM_EK_BLOB_ACTIVATE /// typedef struct tdTCM_EK_BLOB_ACTIVATE { TCM_STRUCTURE_TAG tag; TCM_SYMMETRIC_KEY sessionKey; TCM_DIGEST idDigest; TCM_PCR_INFO_SHORT pcrInfo; } TCM_EK_BLOB_ACTIVATE; /// /// Part 2, section 12.3 TCM_EK_BLOB_AUTH /// typedef struct tdTCM_EK_BLOB_AUTH { TCM_STRUCTURE_TAG tag; TCM_SECRET authValue; } TCM_EK_BLOB_AUTH; /// /// Part 2, section 12.5 TCM_IDENTITY_CONTENTS /// typedef struct tdTCM_IDENTITY_CONTENTS { TCM_STRUCT_VER ver; UINT32 ordinal; TCM_CHOSENID_HASH labelPrivCADigest; TCM_PUBKEY identityPubKey; } TCM_IDENTITY_CONTENTS; /// /// Part 2, section 12.6 TCM_IDENTITY_REQ /// typedef struct tdTCM_IDENTITY_REQ { UINT32 asymSize; UINT32 symSize; TCM_KEY_PARMS asymAlgorithm; TCM_KEY_PARMS symAlgorithm; UINT8 *asymBlob; UINT8 *symBlob; } TCM_IDENTITY_REQ; /// /// Part 2, section 12.7 TCM_IDENTITY_PROOF /// typedef struct tdTCM_IDENTITY_PROOF { TCM_STRUCT_VER ver; UINT32 labelSize; UINT32 identityBindingSize; UINT32 endorsementSize; UINT32 platformSize; UINT32 conformanceSize; TCM_PUBKEY identityKey; UINT8 *labelArea; UINT8 *identityBinding; UINT8 *endorsementCredential; UINT8 *platformCredential; UINT8 *conformanceCredential; } TCM_IDENTITY_PROOF; /// /// Part 2, section 12.8 TCM_ASYM_CA_CONTENTS /// typedef struct tdTCM_ASYM_CA_CONTENTS { TCM_SYMMETRIC_KEY sessionKey; TCM_DIGEST idDigest; } TCM_ASYM_CA_CONTENTS; /// /// Part 2, section 12.9 TCM_SYM_CA_ATTESTATION /// typedef struct tdTCM_SYM_CA_ATTESTATION { UINT32 credSize; TCM_KEY_PARMS algorithm; UINT8 *credential; } TCM_SYM_CA_ATTESTATION; /// /// Part 2, section 15: Tick Structures /// Placed here out of order because definitions are used in section 13. /// typedef struct tdTCM_CURRENT_TICKS { TCM_STRUCTURE_TAG tag; UINT64 currentTicks; UINT16 tickRate; TCM_NONCE tickNonce; } TCM_CURRENT_TICKS; /// /// Part 2, section 13: Transport structures /// /// /// Part 2, section 13.1: TCM _TRANSPORT_PUBLIC /// typedef struct tdTCM_TRANSPORT_PUBLIC { TCM_STRUCTURE_TAG tag; TCM_TRANSPORT_ATTRIBUTES transAttributes; TCM_ALGORITHM_ID algId; TCM_ENC_SCHEME encScheme; } TCM_TRANSPORT_PUBLIC; // // Part 2, section 13.1.1 TCM_TRANSPORT_ATTRIBUTES Definitions // #define TCM_TRANSPORT_ENCRYPT ((UINT32)BIT0) #define TCM_TRANSPORT_LOG ((UINT32)BIT1) #define TCM_TRANSPORT_EXCLUSIVE ((UINT32)BIT2) /// /// Part 2, section 13.2 TCM_TRANSPORT_INTERNAL /// typedef struct tdTCM_TRANSPORT_INTERNAL { TCM_STRUCTURE_TAG tag; TCM_AUTHDATA authData; TCM_TRANSPORT_PUBLIC transPublic; TCM_TRANSHANDLE transHandle; TCM_NONCE transNonceEven; TCM_DIGEST transDigest; } TCM_TRANSPORT_INTERNAL; /// /// Part 2, section 13.3 TCM_TRANSPORT_LOG_IN structure /// typedef struct tdTCM_TRANSPORT_LOG_IN { TCM_STRUCTURE_TAG tag; TCM_DIGEST parameters; TCM_DIGEST pubKeyHash; } TCM_TRANSPORT_LOG_IN; /// /// Part 2, section 13.4 TCM_TRANSPORT_LOG_OUT structure /// typedef struct tdTCM_TRANSPORT_LOG_OUT { TCM_STRUCTURE_TAG tag; TCM_CURRENT_TICKS currentTicks; TCM_DIGEST parameters; TCM_MODIFIER_INDICATOR locality; } TCM_TRANSPORT_LOG_OUT; /// /// Part 2, section 13.5 TCM_TRANSPORT_AUTH structure /// typedef struct tdTCM_TRANSPORT_AUTH { TCM_STRUCTURE_TAG tag; TCM_AUTHDATA authData; } TCM_TRANSPORT_AUTH; // // Part 2, section 14: Audit Structures // /// /// Part 2, section 14.1 TCM_AUDIT_EVENT_IN structure /// typedef struct tdTCM_AUDIT_EVENT_IN { TCM_STRUCTURE_TAG tag; TCM_DIGEST inputParms; TCM_COUNTER_VALUE auditCount; } TCM_AUDIT_EVENT_IN; /// /// Part 2, section 14.2 TCM_AUDIT_EVENT_OUT structure /// typedef struct tdTCM_AUDIT_EVENT_OUT { TCM_STRUCTURE_TAG tag; TCM_COMMAND_CODE ordinal; TCM_DIGEST outputParms; TCM_COUNTER_VALUE auditCount; TCM_RESULT returnCode; } TCM_AUDIT_EVENT_OUT; // // Part 2, section 16: Return Codes // #define TCM_VENDOR_ERROR TCM_Vendor_Specific32 #define TCM_NON_FATAL 0x00000800 #define TCM_SUCCESS ((TCM_RESULT) TCM_BASE) #define TCM_AUTHFAIL ((TCM_RESULT) (TCM_BASE + 1)) #define TCM_BADINDEX ((TCM_RESULT) (TCM_BASE + 2)) #define TCM_BAD_PARAMETER ((TCM_RESULT) (TCM_BASE + 3)) #define TCM_AUDITFAILURE ((TCM_RESULT) (TCM_BASE + 4)) #define TCM_CLEAR_DISABLED ((TCM_RESULT) (TCM_BASE + 5)) #define TCM_DEACTIVATED ((TCM_RESULT) (TCM_BASE + 6)) #define TCM_DISABLED ((TCM_RESULT) (TCM_BASE + 7)) #define TCM_DISABLED_CMD ((TCM_RESULT) (TCM_BASE + 8)) #define TCM_FAIL ((TCM_RESULT) (TCM_BASE + 9)) #define TCM_BAD_ORDINAL ((TCM_RESULT) (TCM_BASE + 10)) #define TCM_INSTALL_DISABLED ((TCM_RESULT) (TCM_BASE + 11)) #define TCM_INVALID_KEYHANDLE ((TCM_RESULT) (TCM_BASE + 12)) #define TCM_KEYNOTFOUND ((TCM_RESULT) (TCM_BASE + 13)) #define TCM_INAPPROPRIATE_ENC ((TCM_RESULT) (TCM_BASE + 14)) #define TCM_MIGRATEFAIL ((TCM_RESULT) (TCM_BASE + 15)) #define TCM_INVALID_PCR_INFO ((TCM_RESULT) (TCM_BASE + 16)) #define TCM_NOSPACE ((TCM_RESULT) (TCM_BASE + 17)) #define TCM_NOSRK ((TCM_RESULT) (TCM_BASE + 18)) #define TCM_NOTSEALED_BLOB ((TCM_RESULT) (TCM_BASE + 19)) #define TCM_OWNER_SET ((TCM_RESULT) (TCM_BASE + 20)) #define TCM_RESOURCES ((TCM_RESULT) (TCM_BASE + 21)) #define TCM_SHORTRANDOM ((TCM_RESULT) (TCM_BASE + 22)) #define TCM_SIZE ((TCM_RESULT) (TCM_BASE + 23)) #define TCM_WRONGPCRVAL ((TCM_RESULT) (TCM_BASE + 24)) #define TCM_BAD_PARAM_SIZE ((TCM_RESULT) (TCM_BASE + 25)) #define TCM_SHA_THREAD ((TCM_RESULT) (TCM_BASE + 26)) #define TCM_SHA_ERROR ((TCM_RESULT) (TCM_BASE + 27)) #define TCM_FAILEDSELFTEST ((TCM_RESULT) (TCM_BASE + 28)) #define TCM_AUTH2FAIL ((TCM_RESULT) (TCM_BASE + 29)) #define TCM_BADTAG ((TCM_RESULT) (TCM_BASE + 30)) #define TCM_IOERROR ((TCM_RESULT) (TCM_BASE + 31)) #define TCM_ENCRYPT_ERROR ((TCM_RESULT) (TCM_BASE + 32)) #define TCM_DECRYPT_ERROR ((TCM_RESULT) (TCM_BASE + 33)) #define TCM_INVALID_AUTHHANDLE ((TCM_RESULT) (TCM_BASE + 34)) #define TCM_NO_ENDORSEMENT ((TCM_RESULT) (TCM_BASE + 35)) #define TCM_INVALID_KEYUSAGE ((TCM_RESULT) (TCM_BASE + 36)) #define TCM_WRONG_ENTITYTYPE ((TCM_RESULT) (TCM_BASE + 37)) #define TCM_INVALID_POSTINIT ((TCM_RESULT) (TCM_BASE + 38)) #define TCM_INAPPROPRIATE_SIG ((TCM_RESULT) (TCM_BASE + 39)) #define TCM_BAD_KEY_PROPERTY ((TCM_RESULT) (TCM_BASE + 40)) #define TCM_BAD_MIGRATION ((TCM_RESULT) (TCM_BASE + 41)) #define TCM_BAD_SCHEME ((TCM_RESULT) (TCM_BASE + 42)) #define TCM_BAD_DATASIZE ((TCM_RESULT) (TCM_BASE + 43)) #define TCM_BAD_MODE ((TCM_RESULT) (TCM_BASE + 44)) #define TCM_BAD_PRESENCE ((TCM_RESULT) (TCM_BASE + 45)) #define TCM_BAD_VERSION ((TCM_RESULT) (TCM_BASE + 46)) #define TCM_NO_WRAP_TRANSPORT ((TCM_RESULT) (TCM_BASE + 47)) #define TCM_AUDITFAIL_UNSUCCESSFUL ((TCM_RESULT) (TCM_BASE + 48)) #define TCM_AUDITFAIL_SUCCESSFUL ((TCM_RESULT) (TCM_BASE + 49)) #define TCM_NOTRESETABLE ((TCM_RESULT) (TCM_BASE + 50)) #define TCM_NOTLOCAL ((TCM_RESULT) (TCM_BASE + 51)) #define TCM_BAD_TYPE ((TCM_RESULT) (TCM_BASE + 52)) #define TCM_INVALID_RESOURCE ((TCM_RESULT) (TCM_BASE + 53)) #define TCM_NOTFIPS ((TCM_RESULT) (TCM_BASE + 54)) #define TCM_INVALID_FAMILY ((TCM_RESULT) (TCM_BASE + 55)) #define TCM_NO_NV_PERMISSION ((TCM_RESULT) (TCM_BASE + 56)) #define TCM_REQUIRES_SIGN ((TCM_RESULT) (TCM_BASE + 57)) #define TCM_KEY_NOTSUPPORTED ((TCM_RESULT) (TCM_BASE + 58)) #define TCM_AUTH_CONFLICT ((TCM_RESULT) (TCM_BASE + 59)) #define TCM_AREA_LOCKED ((TCM_RESULT) (TCM_BASE + 60)) #define TCM_BAD_LOCALITY ((TCM_RESULT) (TCM_BASE + 61)) #define TCM_READ_ONLY ((TCM_RESULT) (TCM_BASE + 62)) #define TCM_PER_NOWRITE ((TCM_RESULT) (TCM_BASE + 63)) #define TCM_FAMILYCOUNT ((TCM_RESULT) (TCM_BASE + 64)) #define TCM_WRITE_LOCKED ((TCM_RESULT) (TCM_BASE + 65)) #define TCM_BAD_ATTRIBUTES ((TCM_RESULT) (TCM_BASE + 66)) #define TCM_INVALID_STRUCTURE ((TCM_RESULT) (TCM_BASE + 67)) #define TCM_KEY_OWNER_CONTROL ((TCM_RESULT) (TCM_BASE + 68)) #define TCM_BAD_COUNTER ((TCM_RESULT) (TCM_BASE + 69)) #define TCM_NOT_FULLWRITE ((TCM_RESULT) (TCM_BASE + 70)) #define TCM_CONTEXT_GAP ((TCM_RESULT) (TCM_BASE + 71)) #define TCM_MAXNVWRITES ((TCM_RESULT) (TCM_BASE + 72)) #define TCM_NOOPERATOR ((TCM_RESULT) (TCM_BASE + 73)) #define TCM_RESOURCEMISSING ((TCM_RESULT) (TCM_BASE + 74)) #define TCM_DELEGATE_LOCK ((TCM_RESULT) (TCM_BASE + 75)) #define TCM_DELEGATE_FAMILY ((TCM_RESULT) (TCM_BASE + 76)) #define TCM_DELEGATE_ADMIN ((TCM_RESULT) (TCM_BASE + 77)) #define TCM_TRANSPORT_NOTEXCLUSIVE ((TCM_RESULT) (TCM_BASE + 78)) #define TCM_OWNER_CONTROL ((TCM_RESULT) (TCM_BASE + 79)) #define TCM_DAA_RESOURCES ((TCM_RESULT) (TCM_BASE + 80)) #define TCM_DAA_INPUT_DATA0 ((TCM_RESULT) (TCM_BASE + 81)) #define TCM_DAA_INPUT_DATA1 ((TCM_RESULT) (TCM_BASE + 82)) #define TCM_DAA_ISSUER_SETTINGS ((TCM_RESULT) (TCM_BASE + 83)) #define TCM_DAA_TCM_SETTINGS ((TCM_RESULT) (TCM_BASE + 84)) #define TCM_DAA_STAGE ((TCM_RESULT) (TCM_BASE + 85)) #define TCM_DAA_ISSUER_VALIDITY ((TCM_RESULT) (TCM_BASE + 86)) #define TCM_DAA_WRONG_W ((TCM_RESULT) (TCM_BASE + 87)) #define TCM_BAD_HANDLE ((TCM_RESULT) (TCM_BASE + 88)) #define TCM_BAD_DELEGATE ((TCM_RESULT) (TCM_BASE + 89)) #define TCM_BADCONTEXT ((TCM_RESULT) (TCM_BASE + 90)) #define TCM_TOOMANYCONTEXTS ((TCM_RESULT) (TCM_BASE + 91)) #define TCM_MA_TICKET_SIGNATURE ((TCM_RESULT) (TCM_BASE + 92)) #define TCM_MA_DESTINATION ((TCM_RESULT) (TCM_BASE + 93)) #define TCM_MA_SOURCE ((TCM_RESULT) (TCM_BASE + 94)) #define TCM_MA_AUTHORITY ((TCM_RESULT) (TCM_BASE + 95)) #define TCM_PERMANENTEK ((TCM_RESULT) (TCM_BASE + 97)) #define TCM_BAD_SIGNATURE ((TCM_RESULT) (TCM_BASE + 98)) #define TCM_NOCONTEXTSPACE ((TCM_RESULT) (TCM_BASE + 99)) #define TCM_RETRY ((TCM_RESULT) (TCM_BASE + TCM_NON_FATAL)) #define TCM_NEEDS_SELFTEST ((TCM_RESULT) (TCM_BASE + TCM_NON_FATAL + 1)) #define TCM_DOING_SELFTEST ((TCM_RESULT) (TCM_BASE + TCM_NON_FATAL + 2)) #define TCM_DEFEND_LOCK_RUNNING ((TCM_RESULT) (TCM_BASE + TCM_NON_FATAL + 3)) //(TCM_COMMAND_CODE) // Part 2, section 17: Ordinals // // Ordinals are 32 bit values. The upper byte contains values that serve as // flag indicators, the next byte contains values indicating what committee // designated the ordinal, and the final two bytes contain the Command // Ordinal Index. // 3 2 1 // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // |P|C|V| Reserved| Purview | Command Ordinal Index | // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // // Where: // // * P is Protected/Unprotected command. When 0 the command is a Protected // command, when 1 the command is an Unprotected command. // // * C is Non-Connection/Connection related command. When 0 this command // passes through to either the protected (TCM) or unprotected (TSS) // components. // // * V is TCM/Vendor command. When 0 the command is TCM defined, when 1 the // command is vendor defined. // // * All reserved area bits are set to 0. // #define TCM_ORD_BASE 0x00008000 #define TCM_ORD_ActivateIdentity ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000007A) #define TCM_ORD_AuthorizeMigrationKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000002B) #define TCM_ORD_CertifyKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000032) #define TCM_ORD_CertifyKey2 ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000033) #define TCM_ORD_CertifySelfTest ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000052) #define TCM_ORD_ChangeAuth ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000000C) #define TCM_ORD_ChangeAuthAsymFinish ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000000F) #define TCM_ORD_ChangeAuthAsymStart ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000000E) #define TCM_ORD_ChangeAuthOwner ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000010) #define TCM_ORD_CMK_ApproveMA ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000001D) #define TCM_ORD_CMK_ConvertMigration ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000024) #define TCM_ORD_CMK_CreateBlob ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000001B) #define TCM_ORD_CMK_CreateKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000013) #define TCM_ORD_CMK_CreateTicket ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000012) #define TCM_ORD_CMK_SetRestrictions ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000001C) #define TCM_ORD_ContinueSelfTest ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000053) #define TCM_ORD_ConvertMigrationBlob ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000002A) #define TCM_ORD_CreateCounter ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000DC) #define TCM_ORD_CreateEndorsementKeyPair ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000078) #define TCM_ORD_CreateMaintenanceArchive ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000002C) #define TCM_ORD_CreateMigrationBlob ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000028) #define TCM_ORD_CreateRevocableEK ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000007F) #define TCM_ORD_CreateWrapKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000001F) #define TCM_ORD_DAA_JOIN ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000029) #define TCM_ORD_DAA_SIGN ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000031) #define TCM_ORD_Delegate_CreateKeyDelegation ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D4) #define TCM_ORD_Delegate_CreateOwnerDelegation ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D5) #define TCM_ORD_Delegate_LoadOwnerDelegation ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D8) #define TCM_ORD_Delegate_Manage ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D2) #define TCM_ORD_Delegate_ReadTable ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000DB) #define TCM_ORD_Delegate_UpdateVerification ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D1) #define TCM_ORD_Delegate_VerifyDelegation ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D6) #define TCM_ORD_DirRead ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000001A) #define TCM_ORD_DirWriteAuth ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000019) #define TCM_ORD_DisableForceClear ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000005E) #define TCM_ORD_DisableOwnerClear ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000005C) #define TCM_ORD_DisablePubekRead ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000007E) #define TCM_ORD_DSAP ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000011) #define TCM_ORD_EstablishTransport ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000E6) #define TCM_ORD_EvictKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000022) #define TCM_ORD_ExecuteTransport ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000E7) #define TCM_ORD_Extend ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000014) #define TCM_ORD_FieldUpgrade ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000AA) #define TCM_ORD_FlushSpecific ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000BA) #define TCM_ORD_ForceClear ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000005D) #define TCM_ORD_GetAuditDigest ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000085) #define TCM_ORD_GetAuditDigestSigned ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000086) #define TCM_ORD_GetAuditEvent ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000082) #define TCM_ORD_GetAuditEventSigned ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000083) #define TCM_ORD_GetCapability ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000065) #define TCM_ORD_GetCapabilityOwner ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000066) #define TCM_ORD_GetCapabilitySigned ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000064) #define TCM_ORD_GetOrdinalAuditStatus ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000008C) #define TCM_ORD_GetPubKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000021) #define TCM_ORD_GetRandom ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000046) #define TCM_ORD_GetTestResult ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000054) #define TCM_ORD_GetTicks ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000F1) #define TCM_ORD_IncrementCounter ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000DD) #define TCM_ORD_Init ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000097) #define TCM_ORD_KeyControlOwner ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000023) #define TCM_ORD_KillMaintenanceFeature ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000002E) #define TCM_ORD_LoadAuthContext ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000B7) #define TCM_ORD_LoadContext ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000B9) #define TCM_ORD_LoadKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000020) #define TCM_ORD_LoadKey2 ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000041) #define TCM_ORD_LoadKeyContext ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000B5) #define TCM_ORD_LoadMaintenanceArchive ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000002D) #define TCM_ORD_LoadManuMaintPub ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000002F) #define TCM_ORD_MakeIdentity ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000079) #define TCM_ORD_MigrateKey ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000025) #define TCM_ORD_NV_DefineSpace ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000CC) #define TCM_ORD_NV_ReadValue ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000CF) #define TCM_ORD_NV_ReadValueAuth ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000D0) #define TCM_ORD_NV_WriteValue ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000CD) #define TCM_ORD_NV_WriteValueAuth ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000CE) #define TCM_ORD_OIAP ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000000A) #define TCM_ORD_OSAP ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000000B) #define TCM_ORD_OwnerClear ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000005B) #define TCM_ORD_OwnerReadInternalPub ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000081) #define TCM_ORD_OwnerReadPubek ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000007D) #define TCM_ORD_OwnerSetDisable ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000006E) #define TCM_ORD_PCR_Reset ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000C8) #define TCM_ORD_PcrRead ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000015) #define TCM_ORD_PhysicalDisable ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000070) #define TCM_ORD_PhysicalEnable ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000006F) #define TCM_ORD_PhysicalSetDeactivated ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000072) #define TCM_ORD_Quote ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000016) #define TCM_ORD_Quote2 ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000003E) #define TCM_ORD_ReadCounter ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000DE) #define TCM_ORD_ReadManuMaintPub ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000030) #define TCM_ORD_ReadPubek ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000007C) #define TCM_ORD_ReleaseCounter ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000DF) #define TCM_ORD_ReleaseCounterOwner ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000E0) #define TCM_ORD_ReleaseTransportSigned ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000E8) #define TCM_ORD_Reset ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000005A) #define TCM_ORD_ResetLockValue ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000040) #define TCM_ORD_RevokeTrust ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000080) #define TCM_ORD_SaveAuthContext ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000B6) #define TCM_ORD_SaveContext ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000B8) #define TCM_ORD_SaveKeyContext ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000B4) #define TCM_ORD_SaveState ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000098) #define TCM_ORD_Seal ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000017) #define TCM_ORD_Sealx ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000003D) #define TCM_ORD_SelfTestFull ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000050) #define TCM_ORD_SetCapability ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000003F) #define TCM_ORD_SetOperatorAuth ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000074) #define TCM_ORD_SetOrdinalAuditStatus ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000008D) #define TCM_ORD_SetOwnerInstall ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000071) #define TCM_ORD_SetOwnerPointer ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000075) #define TCM_ORD_SetRedirection ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000009A) #define TCM_ORD_SetTempDeactivated ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000073) #define TCM_ORD_SHA1Complete ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000A2) #define TCM_ORD_SHA1CompleteExtend ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000A3) #define TCM_ORD_SHA1Start ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000A0) #define TCM_ORD_SHA1Update ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000A1) #define TCM_ORD_Sign ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000003C) #define TCM_ORD_Startup ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000099) #define TCM_ORD_StirRandom ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000047) #define TCM_ORD_TakeOwnership ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000000D) #define TCM_ORD_Terminate_Handle ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000096) #define TCM_ORD_TickStampBlob ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x000000F2) #define TCM_ORD_UnBind ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x0000001E) #define TCM_ORD_Unseal ((TCM_COMMAND_CODE)TCM_ORD_BASE + 0x00000018) // // Part 2, section 18: Context structures // /// /// Part 2, section 18.1: TCM_CONTEXT_BLOB /// typedef struct tdTCM_CONTEXT_BLOB { TCM_STRUCTURE_TAG tag; TCM_RESOURCE_TYPE resourceType; TCM_HANDLE handle; UINT8 label[16]; UINT32 contextCount; TCM_DIGEST integrityDigest; UINT32 additionalSize; UINT8 *additionalData; UINT32 sensitiveSize; UINT8 *sensitiveData; } TCM_CONTEXT_BLOB; /// /// Part 2, section 18.2 TCM_CONTEXT_SENSITIVE /// typedef struct tdTCM_CONTEXT_SENSITIVE { TCM_STRUCTURE_TAG tag; TCM_NONCE contextNonce; UINT32 internalSize; UINT8 *internalData; } TCM_CONTEXT_SENSITIVE; // // Part 2, section 19: NV Structures // // // Part 2, section 19.1.1: Required TCM_NV_INDEX values // #define TCM_NV_INDEX_LOCK ((UINT32)0xffffffff) #define TCM_NV_INDEX0 ((UINT32)0x00000000) #define TCM_NV_INDEX_DIR ((UINT32)0x10000001) #define TCM_NV_INDEX_EKCert ((UINT32)0x0000f000) #define TCM_NV_INDEX_TCM_CC ((UINT32)0x0000f001) #define TCM_NV_INDEX_PlatformCert ((UINT32)0x0000f002) #define TCM_NV_INDEX_Platform_CC ((UINT32)0x0000f003) // // Part 2, section 19.1.2: Reserved Index values // #define TCM_NV_INDEX_TSS_BASE ((UINT32)0x00011100) #define TCM_NV_INDEX_PC_BASE ((UINT32)0x00011200) #define TCM_NV_INDEX_SERVER_BASE ((UINT32)0x00011300) #define TCM_NV_INDEX_MOBILE_BASE ((UINT32)0x00011400) #define TCM_NV_INDEX_PERIPHERAL_BASE ((UINT32)0x00011500) #define TCM_NV_INDEX_GROUP_RESV_BASE ((UINT32)0x00010000) /// /// Part 2, section 19.2: TCM_NV_ATTRIBUTES /// typedef struct tdTCM_NV_ATTRIBUTES { TCM_STRUCTURE_TAG tag; UINT32 attributes; } TCM_NV_ATTRIBUTES; #define TCM_NV_PER_READ_STCLEAR (BIT31) #define TCM_NV_PER_AUTHREAD (BIT18) #define TCM_NV_PER_OWNERREAD (BIT17) #define TCM_NV_PER_PPREAD (BIT16) #define TCM_NV_PER_GLOBALLOCK (BIT15) #define TCM_NV_PER_WRITE_STCLEAR (BIT14) #define TCM_NV_PER_WRITEDEFINE (BIT13) #define TCM_NV_PER_WRITEALL (BIT12) #define TCM_NV_PER_AUTHWRITE (BIT2) #define TCM_NV_PER_OWNERWRITE (BIT1) #define TCM_NV_PER_PPWRITE (BIT0) /// /// Part 2, section 19.3: TCM_NV_DATA_PUBLIC /// typedef struct tdTCM_NV_DATA_PUBLIC { TCM_STRUCTURE_TAG tag; TCM_NV_INDEX nvIndex; TCM_PCR_INFO_SHORT pcrInfoRead; TCM_PCR_INFO_SHORT pcrInfoWrite; TCM_NV_ATTRIBUTES permission; BOOLEAN bReadSTClear; BOOLEAN bWriteSTClear; BOOLEAN bWriteDefine; UINT32 dataSize; } TCM_NV_DATA_PUBLIC; // // Part 2, section 20: Delegate Structures // #define TCM_DEL_OWNER_BITS ((UINT32)0x00000001) #define TCM_DEL_KEY_BITS ((UINT32)0x00000002) /// /// Part 2, section 20.2: Delegate Definitions /// typedef struct tdTCM_DELEGATIONS { TCM_STRUCTURE_TAG tag; UINT32 delegateType; UINT32 per1; UINT32 per2; } TCM_DELEGATIONS; // // Part 2, section 20.2.1: Owner Permission Settings // #define TCM_DELEGATE_SetOrdinalAuditStatus (BIT30) #define TCM_DELEGATE_DirWriteAuth (BIT29) #define TCM_DELEGATE_CMK_ApproveMA (BIT28) #define TCM_DELEGATE_NV_WriteValue (BIT27) #define TCM_DELEGATE_CMK_CreateTicket (BIT26) #define TCM_DELEGATE_NV_ReadValue (BIT25) #define TCM_DELEGATE_Delegate_LoadOwnerDelegation (BIT24) #define TCM_DELEGATE_DAA_Join (BIT23) #define TCM_DELEGATE_AuthorizeMigrationKey (BIT22) #define TCM_DELEGATE_CreateMaintenanceArchive (BIT21) #define TCM_DELEGATE_LoadMaintenanceArchive (BIT20) #define TCM_DELEGATE_KillMaintenanceFeature (BIT19) #define TCM_DELEGATE_OwnerReadInteralPub (BIT18) #define TCM_DELEGATE_ResetLockValue (BIT17) #define TCM_DELEGATE_OwnerClear (BIT16) #define TCM_DELEGATE_DisableOwnerClear (BIT15) #define TCM_DELEGATE_NV_DefineSpace (BIT14) #define TCM_DELEGATE_OwnerSetDisable (BIT13) #define TCM_DELEGATE_SetCapability (BIT12) #define TCM_DELEGATE_MakeIdentity (BIT11) #define TCM_DELEGATE_ActivateIdentity (BIT10) #define TCM_DELEGATE_OwnerReadPubek (BIT9) #define TCM_DELEGATE_DisablePubekRead (BIT8) #define TCM_DELEGATE_SetRedirection (BIT7) #define TCM_DELEGATE_FieldUpgrade (BIT6) #define TCM_DELEGATE_Delegate_UpdateVerification (BIT5) #define TCM_DELEGATE_CreateCounter (BIT4) #define TCM_DELEGATE_ReleaseCounterOwner (BIT3) #define TCM_DELEGATE_DelegateManage (BIT2) #define TCM_DELEGATE_Delegate_CreateOwnerDelegation (BIT1) #define TCM_DELEGATE_DAA_Sign (BIT0) // // Part 2, section 20.2.3: Key Permission settings // #define TCM_KEY_DELEGATE_CMK_ConvertMigration (BIT28) #define TCM_KEY_DELEGATE_TickStampBlob (BIT27) #define TCM_KEY_DELEGATE_ChangeAuthAsymStart (BIT26) #define TCM_KEY_DELEGATE_ChangeAuthAsymFinish (BIT25) #define TCM_KEY_DELEGATE_CMK_CreateKey (BIT24) #define TCM_KEY_DELEGATE_MigrateKey (BIT23) #define TCM_KEY_DELEGATE_LoadKey2 (BIT22) #define TCM_KEY_DELEGATE_EstablishTransport (BIT21) #define TCM_KEY_DELEGATE_ReleaseTransportSigned (BIT20) #define TCM_KEY_DELEGATE_Quote2 (BIT19) #define TCM_KEY_DELEGATE_Sealx (BIT18) #define TCM_KEY_DELEGATE_MakeIdentity (BIT17) #define TCM_KEY_DELEGATE_ActivateIdentity (BIT16) #define TCM_KEY_DELEGATE_GetAuditDigestSigned (BIT15) #define TCM_KEY_DELEGATE_Sign (BIT14) #define TCM_KEY_DELEGATE_CertifyKey2 (BIT13) #define TCM_KEY_DELEGATE_CertifyKey (BIT12) #define TCM_KEY_DELEGATE_CreateWrapKey (BIT11) #define TCM_KEY_DELEGATE_CMK_CreateBlob (BIT10) #define TCM_KEY_DELEGATE_CreateMigrationBlob (BIT9) #define TCM_KEY_DELEGATE_ConvertMigrationBlob (BIT8) #define TCM_KEY_DELEGATE_CreateKeyDelegation (BIT7) #define TCM_KEY_DELEGATE_ChangeAuth (BIT6) #define TCM_KEY_DELEGATE_GetPubKey (BIT5) #define TCM_KEY_DELEGATE_UnBind (BIT4) #define TCM_KEY_DELEGATE_Quote (BIT3) #define TCM_KEY_DELEGATE_Unseal (BIT2) #define TCM_KEY_DELEGATE_Seal (BIT1) #define TCM_KEY_DELEGATE_LoadKey (BIT0) // // Part 2, section 20.3: TCM_FAMILY_FLAGS // #define TCM_DELEGATE_ADMIN_LOCK (BIT1) #define TCM_FAMFLAG_ENABLE (BIT0) /// /// Part 2, section 20.4: TCM_FAMILY_LABEL /// typedef struct tdTCM_FAMILY_LABEL { UINT8 label; } TCM_FAMILY_LABEL; /// /// Part 2, section 20.5: TCM_FAMILY_TABLE_ENTRY /// typedef struct tdTCM_FAMILY_TABLE_ENTRY { TCM_STRUCTURE_TAG tag; TCM_FAMILY_LABEL label; TCM_FAMILY_ID familyID; TCM_FAMILY_VERIFICATION verificationCount; TCM_FAMILY_FLAGS flags; } TCM_FAMILY_TABLE_ENTRY; // // Part 2, section 20.6: TCM_FAMILY_TABLE // #define TCM_NUM_FAMILY_TABLE_ENTRY_MIN 8 typedef struct tdTCM_FAMILY_TABLE{ TCM_FAMILY_TABLE_ENTRY famTableRow[TCM_NUM_FAMILY_TABLE_ENTRY_MIN]; } TCM_FAMILY_TABLE; /// /// Part 2, section 20.7: TCM_DELEGATE_LABEL /// typedef struct tdTCM_DELEGATE_LABEL { UINT8 label; } TCM_DELEGATE_LABEL; /// /// Part 2, section 20.8: TCM_DELEGATE_PUBLIC /// typedef struct tdTCM_DELEGATE_PUBLIC { TCM_STRUCTURE_TAG tag; TCM_DELEGATE_LABEL label; TCM_PCR_INFO_SHORT pcrInfo; TCM_DELEGATIONS permissions; TCM_FAMILY_ID familyID; TCM_FAMILY_VERIFICATION verificationCount; } TCM_DELEGATE_PUBLIC; /// /// Part 2, section 20.9: TCM_DELEGATE_TABLE_ROW /// typedef struct tdTCM_DELEGATE_TABLE_ROW { TCM_STRUCTURE_TAG tag; TCM_DELEGATE_PUBLIC pub; TCM_SECRET authValue; } TCM_DELEGATE_TABLE_ROW; // // Part 2, section 20.10: TCM_DELEGATE_TABLE // #define TCM_NUM_DELEGATE_TABLE_ENTRY_MIN 2 typedef struct tdTCM_DELEGATE_TABLE{ TCM_DELEGATE_TABLE_ROW delRow[TCM_NUM_DELEGATE_TABLE_ENTRY_MIN]; } TCM_DELEGATE_TABLE; /// /// Part 2, section 20.11: TCM_DELEGATE_SENSITIVE /// typedef struct tdTCM_DELEGATE_SENSITIVE { TCM_STRUCTURE_TAG tag; TCM_SECRET authValue; } TCM_DELEGATE_SENSITIVE; /// /// Part 2, section 20.12: TCM_DELEGATE_OWNER_BLOB /// typedef struct tdTCM_DELEGATE_OWNER_BLOB { TCM_STRUCTURE_TAG tag; TCM_DELEGATE_PUBLIC pub; TCM_DIGEST integrityDigest; UINT32 additionalSize; UINT8 *additionalArea; UINT32 sensitiveSize; UINT8 *sensitiveArea; } TCM_DELEGATE_OWNER_BLOB; /// /// Part 2, section 20.13: TTCM_DELEGATE_KEY_BLOB /// typedef struct tdTCM_DELEGATE_KEY_BLOB { TCM_STRUCTURE_TAG tag; TCM_DELEGATE_PUBLIC pub; TCM_DIGEST integrityDigest; TCM_DIGEST pubKeyDigest; UINT32 additionalSize; UINT8 *additionalArea; UINT32 sensitiveSize; UINT8 *sensitiveArea; } TCM_DELEGATE_KEY_BLOB; // // Part 2, section 20.14: TCM_FAMILY_OPERATION Values // #define TCM_FAMILY_CREATE ((UINT32)0x00000001) #define TCM_FAMILY_ENABLE ((UINT32)0x00000002) #define TCM_FAMILY_ADMIN ((UINT32)0x00000003) #define TCM_FAMILY_INVALIDATE ((UINT32)0x00000004) // // Part 2, section 21.1: TCM_CAPABILITY_AREA for GetCapability // #define TCM_CAP_ORD ((TCM_CAPABILITY_AREA) 0x00000001) #define TCM_CAP_ALG ((TCM_CAPABILITY_AREA) 0x00000002) #define TCM_CAP_PID ((TCM_CAPABILITY_AREA) 0x00000003) #define TCM_CAP_FLAG ((TCM_CAPABILITY_AREA) 0x00000004) #define TCM_CAP_PROPERTY ((TCM_CAPABILITY_AREA) 0x00000005) #define TCM_CAP_VERSION ((TCM_CAPABILITY_AREA) 0x00000006) #define TCM_CAP_KEY_HANDLE ((TCM_CAPABILITY_AREA) 0x00000007) #define TCM_CAP_CHECK_LOADED ((TCM_CAPABILITY_AREA) 0x00000008) #define TCM_CAP_SYM_MODE ((TCM_CAPABILITY_AREA) 0x00000009) #define TCM_CAP_KEY_STATUS ((TCM_CAPABILITY_AREA) 0x0000000C) #define TCM_CAP_NV_LIST ((TCM_CAPABILITY_AREA) 0x0000000D) #define TCM_CAP_MFR ((TCM_CAPABILITY_AREA) 0x00000010) #define TCM_CAP_NV_INDEX ((TCM_CAPABILITY_AREA) 0x00000011) #define TCM_CAP_TRANS_ALG ((TCM_CAPABILITY_AREA) 0x00000012) #define TCM_CAP_HANDLE ((TCM_CAPABILITY_AREA) 0x00000014) #define TCM_CAP_TRANS_ES ((TCM_CAPABILITY_AREA) 0x00000015) #define TCM_CAP_AUTH_ENCRYPT ((TCM_CAPABILITY_AREA) 0x00000017) #define TCM_CAP_SELECT_SIZE ((TCM_CAPABILITY_AREA) 0x00000018) #define TCM_CAP_VERSION_VAL ((TCM_CAPABILITY_AREA) 0x0000001A) #define TCM_CAP_FLAG_PERMANENT ((TCM_CAPABILITY_AREA) 0x00000108) #define TCM_CAP_FLAG_VOLATILE ((TCM_CAPABILITY_AREA) 0x00000109) // // Part 2, section 21.2: CAP_PROPERTY Subcap values for GetCapability // #define TCM_CAP_PROP_PCR ((TCM_CAPABILITY_AREA) 0x00000101) #define TCM_CAP_PROP_DIR ((TCM_CAPABILITY_AREA) 0x00000102) #define TCM_CAP_PROP_MANUFACTURER ((TCM_CAPABILITY_AREA) 0x00000103) #define TCM_CAP_PROP_KEYS ((TCM_CAPABILITY_AREA) 0x00000104) #define TCM_CAP_PROP_MIN_COUNTER ((TCM_CAPABILITY_AREA) 0x00000107) #define TCM_CAP_PROP_AUTHSESS ((TCM_CAPABILITY_AREA) 0x0000010A) #define TCM_CAP_PROP_TRANSESS ((TCM_CAPABILITY_AREA) 0x0000010B) #define TCM_CAP_PROP_COUNTERS ((TCM_CAPABILITY_AREA) 0x0000010C) #define TCM_CAP_PROP_MAX_AUTHSESS ((TCM_CAPABILITY_AREA) 0x0000010D) #define TCM_CAP_PROP_MAX_TRANSESS ((TCM_CAPABILITY_AREA) 0x0000010E) #define TCM_CAP_PROP_MAX_COUNTERS ((TCM_CAPABILITY_AREA) 0x0000010F) #define TCM_CAP_PROP_MAX_KEYS ((TCM_CAPABILITY_AREA) 0x00000110) #define TCM_CAP_PROP_OWNER ((TCM_CAPABILITY_AREA) 0x00000111) #define TCM_CAP_PROP_CONTEXT ((TCM_CAPABILITY_AREA) 0x00000112) #define TCM_CAP_PROP_MAX_CONTEXT ((TCM_CAPABILITY_AREA) 0x00000113) #define TCM_CAP_PROP_FAMILYROWS ((TCM_CAPABILITY_AREA) 0x00000114) #define TCM_CAP_PROP_TIS_TIMEOUT ((TCM_CAPABILITY_AREA) 0x00000115) #define TCM_CAP_PROP_STARTUP_EFFECT ((TCM_CAPABILITY_AREA) 0x00000116) #define TCM_CAP_PROP_DELEGATE_ROW ((TCM_CAPABILITY_AREA) 0x00000117) #define TCM_CAP_PROP_DAA_MAX ((TCM_CAPABILITY_AREA) 0x00000119) #define TCM_CAP_PROP_SESSION_DAA ((TCM_CAPABILITY_AREA) 0x0000011A) #define TCM_CAP_PROP_CONTEXT_DIST ((TCM_CAPABILITY_AREA) 0x0000011B) #define TCM_CAP_PROP_DAA_INTERRUPT ((TCM_CAPABILITY_AREA) 0x0000011C) #define TCM_CAP_PROP_SESSIONS ((TCM_CAPABILITY_AREA) 0x0000011D) #define TCM_CAP_PROP_MAX_SESSIONS ((TCM_CAPABILITY_AREA) 0x0000011E) #define TCM_CAP_PROP_CMK_RESTRICTION ((TCM_CAPABILITY_AREA) 0x0000011F) #define TCM_CAP_PROP_DURATION ((TCM_CAPABILITY_AREA) 0x00000120) #define TCM_CAP_PROP_ACTIVE_COUNTER ((TCM_CAPABILITY_AREA) 0x00000122) #define TCM_CAP_PROP_MAX_NV_AVAILABLE ((TCM_CAPABILITY_AREA) 0x00000123) #define TCM_CAP_PROP_INPUT_BUFFER ((TCM_CAPABILITY_AREA) 0x00000124) // // Part 2, section 21.4: TCM_CAPABILITY_AREA for SetCapability // #define TCM_SET_PERM_FLAGS ((TCM_CAPABILITY_AREA) 0x00000001) #define TCM_SET_PERM_DATA ((TCM_CAPABILITY_AREA) 0x00000002) #define TCM_SET_STCLEAR_FLAGS ((TCM_CAPABILITY_AREA) 0x00000003) #define TCM_SET_STCLEAR_DATA ((TCM_CAPABILITY_AREA) 0x00000004) #define TCM_SET_STANY_FLAGS ((TCM_CAPABILITY_AREA) 0x00000005) #define TCM_SET_STANY_DATA ((TCM_CAPABILITY_AREA) 0x00000006) /// /// Part 2, section 21.6: TCM_CAP_VERSION_INFO /// [size_is(vendorSpecificSize)] BYTE* vendorSpecific; /// typedef struct tdTCM_CAP_VERSION_INFO { TCM_STRUCTURE_TAG tag; TCM_VERSION version; UINT16 specLevel; UINT8 errataRev; UINT8 tcmVendorID[4]; UINT16 vendorSpecificSize; UINT8 *vendorSpecific; } TCM_CAP_VERSION_INFO; /// /// Part 2, section 21.10: TCM_DA_ACTION_TYPE /// typedef struct tdTCM_DA_ACTION_TYPE { TCM_STRUCTURE_TAG tag; UINT32 actions; } TCM_DA_ACTION_TYPE; #define TCM_DA_ACTION_FAILURE_MODE (((UINT32)1)<<3) #define TCM_DA_ACTION_DEACTIVATE (((UINT32)1)<<2) #define TCM_DA_ACTION_DISABLE (((UINT32)1)<<1) #define TCM_DA_ACTION_TIMEOUT (((UINT32)1)<<0) /// /// Part 2, section 21.7: TCM_DA_INFO /// typedef struct tdTCM_DA_INFO { TCM_STRUCTURE_TAG tag; TCM_DA_STATE state; UINT16 currentCount; UINT16 thresholdCount; TCM_DA_ACTION_TYPE actionAtThreshold; UINT32 actionDependValue; UINT32 vendorDataSize; UINT8 *vendorData; } TCM_DA_INFO; /// /// Part 2, section 21.8: TCM_DA_INFO_LIMITED /// typedef struct tdTCM_DA_INFO_LIMITED { TCM_STRUCTURE_TAG tag; TCM_DA_STATE state; TCM_DA_ACTION_TYPE actionAtThreshold; UINT32 vendorDataSize; UINT8 *vendorData; } TCM_DA_INFO_LIMITED; // // Part 2, section 21.9: CAP_PROPERTY Subcap values for GetCapability // #define TCM_DA_STATE_INACTIVE ((UINT8)0x00) #define TCM_DA_STATE_ACTIVE ((UINT8)0x01) // // Part 2, section 22: DAA Structures // // // Part 2, section 22.1: Size definitions // #define TCM_DAA_SIZE_r0 (43) #define TCM_DAA_SIZE_r1 (43) #define TCM_DAA_SIZE_r2 (128) #define TCM_DAA_SIZE_r3 (168) #define TCM_DAA_SIZE_r4 (219) #define TCM_DAA_SIZE_NT (20) #define TCM_DAA_SIZE_v0 (128) #define TCM_DAA_SIZE_v1 (192) #define TCM_DAA_SIZE_NE (256) #define TCM_DAA_SIZE_w (256) #define TCM_DAA_SIZE_issuerModulus (256) // // Part 2, section 22.2: Constant definitions // #define TCM_DAA_power0 (104) #define TCM_DAA_power1 (1024) /// /// Part 2, section 22.3: TCM_DAA_ISSUER /// typedef struct tdTCM_DAA_ISSUER { TCM_STRUCTURE_TAG tag; TCM_DIGEST DAA_digest_R0; TCM_DIGEST DAA_digest_R1; TCM_DIGEST DAA_digest_S0; TCM_DIGEST DAA_digest_S1; TCM_DIGEST DAA_digest_n; TCM_DIGEST DAA_digest_gamma; UINT8 DAA_generic_q[26]; } TCM_DAA_ISSUER; /// /// Part 2, section 22.4: TCM_DAA_TCM /// typedef struct tdTCM_DAA_TCM { TCM_STRUCTURE_TAG tag; TCM_DIGEST DAA_digestIssuer; TCM_DIGEST DAA_digest_v0; TCM_DIGEST DAA_digest_v1; TCM_DIGEST DAA_rekey; UINT32 DAA_count; } TCM_DAA_TCM; /// /// Part 2, section 22.5: TCM_DAA_CONTEXT /// typedef struct tdTCM_DAA_CONTEXT { TCM_STRUCTURE_TAG tag; TCM_DIGEST DAA_digestContext; TCM_DIGEST DAA_digest; TCM_DAA_CONTEXT_SEED DAA_contextSeed; UINT8 DAA_scratch[256]; UINT8 DAA_stage; } TCM_DAA_CONTEXT; /// /// Part 2, section 22.6: TCM_DAA_JOINDATA /// typedef struct tdTCM_DAA_JOINDATA { UINT8 DAA_join_u0[128]; UINT8 DAA_join_u1[138]; TCM_DIGEST DAA_digest_n0; } TCM_DAA_JOINDATA; /// /// Part 2, section 22.8: TCM_DAA_BLOB /// typedef struct tdTCM_DAA_BLOB { TCM_STRUCTURE_TAG tag; TCM_RESOURCE_TYPE resourceType; UINT8 label[16]; TCM_DIGEST blobIntegrity; UINT32 additionalSize; UINT8 *additionalData; UINT32 sensitiveSize; UINT8 *sensitiveData; } TCM_DAA_BLOB; /// /// Part 2, section 22.9: TCM_DAA_SENSITIVE /// typedef struct tdTCM_DAA_SENSITIVE { TCM_STRUCTURE_TAG tag; UINT32 internalSize; UINT8 *internalData; } TCM_DAA_SENSITIVE; // // Part 2, section 23: Redirection // /// /// Part 2 section 23.1: TCM_REDIR_COMMAND /// This section defines exactly one value but does not /// give it a name. The definition of TCM_SetRedirection in Part3 /// refers to exactly one name but does not give its value. We join /// them here. /// #define TCM_REDIR_GPIO (0x00000001) /// /// TCM Command Headers defined in Part 3 /// typedef struct tdTCM_RQU_COMMAND_HDR { TCM_STRUCTURE_TAG tag; UINT32 paramSize; TCM_COMMAND_CODE ordinal; } TCM_RQU_COMMAND_HDR; /// /// TCM Response Headers defined in Part 3 /// typedef struct tdTCM_RSP_COMMAND_HDR { TCM_STRUCTURE_TAG tag; UINT32 paramSize; TCM_RESULT returnCode; } TCM_RSP_COMMAND_HDR; #pragma pack () // // UEFI TCG support // /// /// Event Log Entry Structure Definition with SM3-256 digest /// typedef struct tdTCM_PCR_EVENT { TCM_PCRINDEX PCRIndex; ///< PCRIndex event extended to TCG_EVENTTYPE EventType; ///< TCG EFI event type TCM_DIGEST Digest; ///< Value extended into PCRIndex UINT32 EventSize; ///< Size of the event data UINT8 Event[1]; ///< The event data } TCM_PCR_EVENT; // /// Event Log Entry Header Definition with SM3-256 digest // typedef struct tdTCM_PCR_EVENT_HDR { TCM_PCRINDEX PCRIndex; TCG_EVENTTYPE EventType; TCM_DIGEST Digest; // SM3-256 UINT32 EventSize; } TCM_PCR_EVENT_HDR; #endif