1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
|
/********************************************************************************/
/* */
/* TPM 1.2 Constants */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* */
/* (c) Copyright IBM Corporation 2006, 2010. */
/* */
/* All rights reserved. */
/* */
/* Redistribution and use in source and binary forms, with or without */
/* modification, are permitted provided that the following conditions are */
/* met: */
/* */
/* Redistributions of source code must retain the above copyright notice, */
/* this list of conditions and the following disclaimer. */
/* */
/* Redistributions in binary form must reproduce the above copyright */
/* notice, this list of conditions and the following disclaimer in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* Neither the names of the IBM Corporation nor the names of its */
/* contributors may be used to endorse or promote products derived from */
/* this software without specific prior written permission. */
/* */
/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
/********************************************************************************/
#ifndef TPMCONSTANTS12_H
#define TPMCONSTANTS12_H
#include <stdint.h>
/*
NOTE implementation Specific
*/
/*
version, revision, specLevel, errataRev
*/
/* current for released specification revision 103 */
#define TPM_REVISION_MAX 9999
#ifndef TPM_REVISION
#define TPM_REVISION TPM_REVISION_MAX
#endif
// #if (TPM_REVISION >= 116)
// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */
// #define TPM_ERRATA_REV 0x03 /* specification errata level */
// #elif (TPM_REVISION >= 103)
// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */
// #define TPM_ERRATA_REV 0x02 /* specification errata level */
// #elif (TPM_REVISION >= 94)
// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */
// #define TPM_ERRATA_REV 0x01 /* specification errata level */
// #elif (TPM_REVISION >= 85)
// #define TPM_SPEC_LEVEL 0x0002 /* uint16_t The level of ordinals supported */
// #define TPM_ERRATA_REV 0x00 /* specification errata level */
// #else
// #define TPM_SPEC_LEVEL 0x0001 /* uint16_t The level of ordinals supported */
// #define TPM_ERRATA_REV 0x00 /* specification errata level */
// #endif
/* IBM specific */
#if 0 /* at one time vendorID was the PCI vendor ID, this is the IBM code */
#define TPM_VENDOR_ID "\x00\x00\x10\x14" /* BYTE[4], the vendor ID, obtained from the TCG,
typically PCI vendor ID */
#endif
#ifdef TPM_VENDOR
#define TPM_VENDOR_ID "WEC" /* 4 bytes, as of rev 99 vendorID and TPM_CAP_PROP_MANUFACTURER
return the same value */
#define TPM_MANUFACTURER "WEC" /* 4 characters, assigned by TCG, typically stock ticker symbol */
#else
#define TPM_VENDOR_ID "IBM" /* 4 bytes, as of rev 99 vendorID and TPM_CAP_PROP_MANUFACTURER
return the same value */
#define TPM_MANUFACTURER "IBM" /* 4 characters, assigned by TCG, typically stock ticker symbol */
#endif
/* Timeouts in microseconds. These are for the platform specific interface (e.g. the LPC bus
registers in the PC Client TPM). They are most likely not applicable to a software TPM. */
#define TPM_TIMEOUT_A 1000000
#define TPM_TIMEOUT_B 1000000
#define TPM_TIMEOUT_C 1000000
#define TPM_TIMEOUT_D 1000000
/* dictionary attack mitigation */
#define TPM_LOCKOUT_THRESHOLD 5 /* successive failures to trigger lockout, must be greater
than 0 */
/* Denotes the duration value in microseconds of the duration of the three classes of commands:
Small, Medium and Long. The command types are in the Part 2 Ordinal Table. Essentially:
Long - creating an RSA key pair
Medium - using an RSA key
Short - anything else
*/
#ifndef TPM_SMALL_DURATION
#define TPM_SMALL_DURATION 2000000
#endif
#ifndef TPM_MEDIUM_DURATION
#define TPM_MEDIUM_DURATION 5000000
#endif
#ifndef TPM_LONG_DURATION
#define TPM_LONG_DURATION 60000000
#endif
/* startup effects */
#define TPM_STARTUP_EFFECTS_VALUE \
(TPM_STARTUP_EFFECTS_ST_ANY_RT_KEY | /* key resources init by TPM_Startup(ST_ANY) */ \
TPM_STARTUP_EFFECTS_ST_STATE_RT_HASH | /* hash resources are init by TPM_Startup(ST_STATE) */ \
TPM_STARTUP_EFFECTS_ST_CLEAR_AUDITDIGEST) /* auditDigest nulled on TPM_Startup(ST_CLEAR) */
/*
TPM buffer limits
*/
/* This value is used to limit memory allocation to prevent resource overload. */
#ifndef TPM_ALLOC_MAX
#define TPM_ALLOC_MAX 0x10000 /* 64k bytes */
#endif
/* This is the increment by which the TPM_STORE_BUFFER grows. A larger number saves realloc's. A
smaller number saves memory.
TPM_ALLOC_MAX must be a multiple of this value.
*/
#define TPM_STORE_BUFFER_INCREMENT (TPM_ALLOC_MAX / 64)
/* This is the maximum value of the TPM input and output packet buffer. It should be large enough
to accommodate the largest TPM command or response, currently about 1200 bytes. It should be
small enough to accommodate whatever software is driving the TPM.
NOTE: Some commands are somewhat open ended, and related to this parmater. E.g., The input size
for the TPM_SHA1Init. The output size for TPM_GetRandom.
It is returned by TPM_GetCapability -> TPM_CAP_PROP_INPUT_BUFFER
*/
#ifndef TPM_BUFFER_MAX
#define TPM_BUFFER_MAX 0x1000 /* 4k bytes */
#endif
/* Random number generator */
/* maximum bytes in one TPM_GetRandom() call
Use maximum input buffer size minus tag, paramSize, returnCode, randomBytesSize.
*/
#define TPM_RANDOM_MAX (TPM_BUFFER_MAX \
- sizeof(TPM_TAG) - sizeof(uint32_t) \
- sizeof(TPM_RESULT) - sizeof(uint32_t))
/* Maximum number of bytes that can be sent to TPM_SHA1Update. Must be a multiple of 64 bytes.
Use maximum input buffer size minus tag, paramSize, ordinal, numBytes.
*/
#define TPM_SHA1_MAXNUMBYTES (TPM_BUFFER_MAX - 64)
/* extra audit status bits for TSC commands outside the normal ordinal range */
#define TSC_PHYS_PRES_AUDIT 0x01
#define TSC_RESET_ESTAB_AUDIT 0x02
#ifdef TPM_VTPM
/* ordinals for virtual TPM instance handling */
/* NOTE must be contiguous, see TPM_PERMANENT_DATA -> instanceOrdinalAuditStatus */
#define TPM_InstanceOrdinals_Start1 0x20000000
#define TPM_InstanceOrdinals_End1 0x20000020
#define TPM_InstanceOrdinals_Start2 0x20000020
#define TPM_InstanceOrdinals_End2 0x20000040
#define TPM_ORD_CreateInstance 0x20000001
#define TPM_ORD_DeleteInstance 0x20000002
#define TPM_ORD_LockInstance 0x20000003
#define TPM_ORD_GetInstanceData 0x20000004
#define TPM_ORD_SetInstanceData 0x20000005
#define TPM_ORD_GetInstanceKey 0x20000009
#define TPM_ORD_SetInstanceKey 0x2000000a
#define TPM_ORD_TransportInstance 0x2000000b
#define TPM_ORD_SetupInstance 0x2000000c
#define TPM_ORD_UnlockInstance 0x2000000e
#define TPM_ORD_ReportEnvironment 0x2000000f
#define TPM_ORD_QuotePubEK 0x20000010
/* actionMask for TPM_SetupInstance (bit mask) */
#define TPM_INSTANCE_ACTIVATE 0x00000001
#define TPM_INSTANCE_ENABLE 0x00000002
#define TPM_INSTANCE_STARTUP 0x00000004
#define TPM_INSTANCE_INIT 0x00000008
#define TPM_INSTANCE_ACTION_MASK 0xfffffff0 /* ~ OR of all above bits */
/* creationMask for TPM_CreateInstance (bit mask) */
#define TPM_INSTANCE_PRIVILEGED 0x00000001
#define TPM_INSTANCE_NO_MIGRATE 0x00000002
#define TPM_INSTANCE_CREATION_MASK 0xfffffffc /* ~ OR of all above bits */
/* TPM_CAP_MFR capabilities */
#define TPM_CAP_PROP_MAX_INSTANCES 0x00000001
#define TPM_CAP_INSTANCE_HANDLE 0x00000002
#define TPM_CAP_INSTANCE_PARENT 0x00000003
#define TPM_CAP_INSTANCE_CHILDREN 0x00000004
#define TPM_CAP_CREATION_MASK 0x00000005
#define TPM_CAP_SETUP_PCRLIST 0x00000006
#define TPM_CAP_NUMBER_PCR_MEAS 0x00000008
#define TPM_CAP_PCR_MEASUREMENTS 0x00000009
#define TPM_CAP_PCR_SELECTIONS 0x0000000a
/* TPM_SET_VENDOR Subcap */
#define TPM_SETCAP_LOG_PCR_SELECTION 0x00000001
#define TPM_SETCAP_SUBSCRIBE_PCR_SELECTION 0x00000002
#define TPM_SETCAP_LOG_LOG_LENGTH_MAX 0x00000003
/* VTPM Structure Tags */
#define TPM_TAG_LOG_ENTRIES 0x8003
#endif /* TPM_VTPM */
/* TPM_CAP_MFR capabilities */
#define TPM_CAP_PROCESS_ID 0x00000020
#ifdef TPM_VENDOR
#define WEC_ORD_PreConfig 0x2000000e
#define WEC_ORD_LockPreConfig 0x2000000f
#define WEC_ORD_GetTPMStatus 0x20000021
#endif /* TPM_VENDOR */
/* define a value for an illegal instance handle */
#define TPM_ILLEGAL_INSTANCE_HANDLE 0xffffffff
/*
NOTE End Implementation Specific
*/
/* 3. Structure Tags rev 105
There have been some indications that knowing what structure is in use would be valuable
information in each structure. This new tag will be in each new structure that the TPM defines.
The upper nibble of the value designates the purview of the structure tag. 0 is used for TPM
structures, 1 for platforms, and 2-F are reserved.
*/
/* 3.1 TPM_STRUCTURE_TAG */
/* Structure */
#define TPM_TAG_CONTEXTBLOB 0x0001 /* TPM_CONTEXT_BLOB */
#define TPM_TAG_CONTEXT_SENSITIVE 0x0002 /* TPM_CONTEXT_SENSITIVE */
#define TPM_TAG_CONTEXTPOINTER 0x0003 /* TPM_CONTEXT_POINTER */
#define TPM_TAG_CONTEXTLIST 0x0004 /* TPM_CONTEXT_LIST */
#define TPM_TAG_SIGNINFO 0x0005 /* TPM_SIGN_INFO */
#define TPM_TAG_PCR_INFO_LONG 0x0006 /* TPM_PCR_INFO_LONG */
#define TPM_TAG_PERSISTENT_FLAGS 0x0007 /* TPM_PERSISTENT_FLAGS (deprecated 1.1 struct) */
#define TPM_TAG_VOLATILE_FLAGS 0x0008 /* TPM_VOLATILE_FLAGS (deprecated 1.1 struct) */
#define TPM_TAG_PERSISTENT_DATA 0x0009 /* TPM_PERSISTENT_DATA (deprecated 1.1 struct) */
#define TPM_TAG_VOLATILE_DATA 0x000A /* TPM_VOLATILE_DATA (deprecated 1.1 struct) */
#define TPM_TAG_SV_DATA 0x000B /* TPM_SV_DATA */
#define TPM_TAG_EK_BLOB 0x000C /* TPM_EK_BLOB */
#define TPM_TAG_EK_BLOB_AUTH 0x000D /* TPM_EK_BLOB_AUTH */
#define TPM_TAG_COUNTER_VALUE 0x000E /* TPM_COUNTER_VALUE */
#define TPM_TAG_TRANSPORT_INTERNAL 0x000F /* TPM_TRANSPORT_INTERNAL */
#define TPM_TAG_TRANSPORT_LOG_IN 0x0010 /* TPM_TRANSPORT_LOG_IN */
#define TPM_TAG_TRANSPORT_LOG_OUT 0x0011 /* TPM_TRANSPORT_LOG_OUT */
#define TPM_TAG_AUDIT_EVENT_IN 0x0012 /* TPM_AUDIT_EVENT_IN */
#define TPM_TAG_AUDIT_EVENT_OUT 0X0013 /* TPM_AUDIT_EVENT_OUT */
#define TPM_TAG_CURRENT_TICKS 0x0014 /* TPM_CURRENT_TICKS */
#define TPM_TAG_KEY 0x0015 /* TPM_KEY */
#define TPM_TAG_STORED_DATA12 0x0016 /* TPM_STORED_DATA12 */
#define TPM_TAG_NV_ATTRIBUTES 0x0017 /* TPM_NV_ATTRIBUTES */
#define TPM_TAG_NV_DATA_PUBLIC 0x0018 /* TPM_NV_DATA_PUBLIC */
#define TPM_TAG_NV_DATA_SENSITIVE 0x0019 /* TPM_NV_DATA_SENSITIVE */
#define TPM_TAG_DELEGATIONS 0x001A /* TPM DELEGATIONS */
#define TPM_TAG_DELEGATE_PUBLIC 0x001B /* TPM_DELEGATE_PUBLIC */
#define TPM_TAG_DELEGATE_TABLE_ROW 0x001C /* TPM_DELEGATE_TABLE_ROW */
#define TPM_TAG_TRANSPORT_AUTH 0x001D /* TPM_TRANSPORT_AUTH */
#define TPM_TAG_TRANSPORT_PUBLIC 0X001E /* TPM_TRANSPORT_PUBLIC */
#define TPM_TAG_PERMANENT_FLAGS 0X001F /* TPM_PERMANENT_FLAGS */
#define TPM_TAG_STCLEAR_FLAGS 0X0020 /* TPM_STCLEAR_FLAGS */
#define TPM_TAG_STANY_FLAGS 0X0021 /* TPM_STANY_FLAGS */
#define TPM_TAG_PERMANENT_DATA 0X0022 /* TPM_PERMANENT_DATA */
#define TPM_TAG_STCLEAR_DATA 0X0023 /* TPM_STCLEAR_DATA */
#define TPM_TAG_STANY_DATA 0X0024 /* TPM_STANY_DATA */
#define TPM_TAG_FAMILY_TABLE_ENTRY 0X0025 /* TPM_FAMILY_TABLE_ENTRY */
#define TPM_TAG_DELEGATE_SENSITIVE 0X0026 /* TPM_DELEGATE_SENSITIVE */
#define TPM_TAG_DELG_KEY_BLOB 0X0027 /* TPM_DELG_KEY_BLOB */
#define TPM_TAG_KEY12 0x0028 /* TPM_KEY12 */
#define TPM_TAG_CERTIFY_INFO2 0X0029 /* TPM_CERTIFY_INFO2 */
#define TPM_TAG_DELEGATE_OWNER_BLOB 0X002A /* TPM_DELEGATE_OWNER_BLOB */
#define TPM_TAG_EK_BLOB_ACTIVATE 0X002B /* TPM_EK_BLOB_ACTIVATE */
#define TPM_TAG_DAA_BLOB 0X002C /* TPM_DAA_BLOB */
#define TPM_TAG_DAA_CONTEXT 0X002D /* TPM_DAA_CONTEXT */
#define TPM_TAG_DAA_ENFORCE 0X002E /* TPM_DAA_ENFORCE */
#define TPM_TAG_DAA_ISSUER 0X002F /* TPM_DAA_ISSUER */
#define TPM_TAG_CAP_VERSION_INFO 0X0030 /* TPM_CAP_VERSION_INFO */
#define TPM_TAG_DAA_SENSITIVE 0X0031 /* TPM_DAA_SENSITIVE */
#define TPM_TAG_DAA_TPM 0X0032 /* TPM_DAA_TPM */
#define TPM_TAG_CMK_MIGAUTH 0X0033 /* TPM_CMK_MIGAUTH */
#define TPM_TAG_CMK_SIGTICKET 0X0034 /* TPM_CMK_SIGTICKET */
#define TPM_TAG_CMK_MA_APPROVAL 0X0035 /* TPM_CMK_MA_APPROVAL */
#define TPM_TAG_QUOTE_INFO2 0X0036 /* TPM_QUOTE_INFO2 */
#define TPM_TAG_DA_INFO 0x0037 /* TPM_DA_INFO */
#define TPM_TAG_DA_INFO_LIMITED 0x0038 /* TPM_DA_INFO_LIMITED */
#define TPM_TAG_DA_ACTION_TYPE 0x0039 /* TPM_DA_ACTION_TYPE */
/*
SW TPM Tags
*/
/*
These tags are used to describe the format of serialized TPM non-volatile state
*/
/* These describe the overall format */
/* V1 state is the sequence permanent data, permanent flags, owner evict keys, NV defined space */
#define TPM_TAG_NVSTATE_V1 0x0001 /* svn revision 4078 */
/* These tags describe the TPM_PERMANENT_DATA format */
/* For the first release, use the standard TPM_TAG_PERMANENT_DATA tag. Since this tag is never
visible outside the TPM, the tag value can be changed if the format changes.
*/
/* These tags describe the TPM_PERMANENT_FLAGS format */
/* The TPM_PERMANENT_FLAGS structure changed from rev 94 to 103. Unfortunately, the standard TPM
tag did not change. Define distinguishing values here.
*/
#define TPM_TAG_NVSTATE_PF94 0x0001
#define TPM_TAG_NVSTATE_PF103 0x0002
/* This tag describes the owner evict key format */
#define TPM_TAG_NVSTATE_OE_V1 0x0001
/* This tag describes the NV defined space format */
#define TPM_TAG_NVSTATE_NV_V1 0x0001
/* V2 added the NV public optimization */
#define TPM_TAG_NVSTATE_NV_V2 0x0002
/*
These tags are used to describe the format of serialized TPM volatile state
*/
/* These describe the overall format */
/* V1 state is the sequence TPM Parameters, TPM_STCLEAR_FLAGS, TPM_STANY_FLAGS, TPM_STCLEAR_DATA,
TPM_STANY_DATA, TPM_KEY_HANDLE_ENTRY, SHA1 context(s), TPM_TRANSHANDLE, testState, NV volatile
flags */
#define TPM_TAG_VSTATE_V1 0x0001
/* This tag defines the TPM Parameters format */
#define TPM_TAG_TPM_PARAMETERS_V1 0x0001
/* This tag defines the TPM_STCLEAR_FLAGS format */
/* V1 is the TCG standard returned by the getcap. It's unlikely that this will change */
#define TPM_TAG_STCLEAR_FLAGS_V1 0x0001
/* These tags describe the TPM_STANY_FLAGS format */
/* For the first release, use the standard TPM_TAG_STANY_FLAGS tag. Since this tag is never visible
outside the TPM, the tag value can be changed if the format changes.
*/
/* This tag defines the TPM_STCLEAR_DATA format */
/* V2 deleted the ordinalResponse, responseCount */
#define TPM_TAG_STCLEAR_DATA_V2 0X0024
/* These tags describe the TPM_STANY_DATA format */
/* For the first release, use the standard TPM_TAG_STANY_DATA tag. Since this tag is never visible
outside the TPM, the tag value can be changed if the format changes.
*/
/* This tag defines the key handle entries format */
#define TPM_TAG_KEY_HANDLE_ENTRIES_V1 0x0001
/* This tag defines the SHA-1 context format */
#define TPM_TAG_SHA1CONTEXT_OSSL_V1 0x0001 /* for openssl */
#define TPM_TAG_SHA1CONTEXT_FREEBL_V1 0x0101 /* for freebl */
/* This tag defines the NV index entries volatile format */
#define TPM_TAG_NV_INDEX_ENTRIES_VOLATILE_V1 0x0001
/* 4. Types
*/
/* 4.1 TPM_RESOURCE_TYPE rev 87 */
#define TPM_RT_KEY 0x00000001 /* The handle is a key handle and is the result of a LoadKey
type operation */
#define TPM_RT_AUTH 0x00000002 /* The handle is an authorization handle. Auth handles come from
TPM_OIAP, TPM_OSAP and TPM_DSAP */
#define TPM_RT_HASH 0X00000003 /* Reserved for hashes */
#define TPM_RT_TRANS 0x00000004 /* The handle is for a transport session. Transport handles come
from TPM_EstablishTransport */
#define TPM_RT_CONTEXT 0x00000005 /* Resource wrapped and held outside the TPM using the context
save/restore commands */
#define TPM_RT_COUNTER 0x00000006 /* Reserved for counters */
#define TPM_RT_DELEGATE 0x00000007 /* The handle is for a delegate row. These are the internal rows
held in NV storage by the TPM */
#define TPM_RT_DAA_TPM 0x00000008 /* The value is a DAA TPM specific blob */
#define TPM_RT_DAA_V0 0x00000009 /* The value is a DAA V0 parameter */
#define TPM_RT_DAA_V1 0x0000000A /* The value is a DAA V1 parameter */
/* 4.2 TPM_PAYLOAD_TYPE rev 87
This structure specifies the type of payload in various messages.
*/
#define TPM_PT_ASYM 0x01 /* The entity is an asymmetric key */
#define TPM_PT_BIND 0x02 /* The entity is bound data */
#define TPM_PT_MIGRATE 0x03 /* The entity is a migration blob */
#define TPM_PT_MAINT 0x04 /* The entity is a maintenance blob */
#define TPM_PT_SEAL 0x05 /* The entity is sealed data */
#define TPM_PT_MIGRATE_RESTRICTED 0x06 /* The entity is a restricted-migration asymmetric key */
#define TPM_PT_MIGRATE_EXTERNAL 0x07 /* The entity is a external migratable key */
#define TPM_PT_CMK_MIGRATE 0x08 /* The entity is a CMK migratable blob */
/* 0x09 - 0x7F Reserved for future use by TPM */
/* 0x80 - 0xFF Vendor specific payloads */
/* 4.3 TPM_ENTITY_TYPE rev 100
This specifies the types of entity that are supported by the TPM.
The LSB is used to indicate the entity type. The MSB is used to indicate the ADIP
encryption scheme when applicable.
For compatibility with TPM 1.1, this mapping is maintained:
0x0001 specifies a keyHandle entity with XOR encryption
0x0002 specifies an owner entity with XOR encryption
0x0003 specifies some data entity with XOR encryption
0x0004 specifies the SRK entity with XOR encryption
0x0005 specifies a key entity with XOR encryption
When the entity is not being used for ADIP encryption, the MSB MUST be 0x00.
*/
/* TPM_ENTITY_TYPE LSB Values (entity type) */
#define TPM_ET_KEYHANDLE 0x01 /* The entity is a keyHandle or key */
#define TPM_ET_OWNER 0x02 /*0x40000001 The entity is the TPM Owner */
#define TPM_ET_DATA 0x03 /* The entity is some data */
#define TPM_ET_SRK 0x04 /*0x40000000 The entity is the SRK */
#define TPM_ET_KEY 0x05 /* The entity is a key or keyHandle */
#define TPM_ET_REVOKE 0x06 /*0x40000002 The entity is the RevokeTrust value */
#define TPM_ET_DEL_OWNER_BLOB 0x07 /* The entity is a delegate owner blob */
#define TPM_ET_DEL_ROW 0x08 /* The entity is a delegate row */
#define TPM_ET_DEL_KEY_BLOB 0x09 /* The entity is a delegate key blob */
#define TPM_ET_COUNTER 0x0A /* The entity is a counter */
#define TPM_ET_NV 0x0B /* The entity is a NV index */
#define TPM_ET_OPERATOR 0x0C /* The entity is the operator */
#define TPM_ET_RESERVED_HANDLE 0x40 /* Reserved. This value avoids collisions with the handle
MSB setting.*/
/* TPM_ENTITY_TYPE MSB Values (ADIP encryption scheme) */
#define TPM_ET_XOR 0x00 /* XOR */
#define TPM_ET_AES128_CTR 0x06 /* AES 128 bits in CTR mode */
/* 4.4 Handles rev 88
Handles provides pointers to TPM internal resources. Handles should provide the ability to locate
a value without collision.
1. The TPM MAY order and set a handle to any value the TPM determines is appropriate
2. The handle value SHALL provide assurance that collisions SHOULD not occur in 2^24 handles
4.4.1 Reserved Key Handles
The reserved key handles. These values specify specific keys or specific actions for the TPM.
*/
/* 4.4.1 Reserved Key Handles rev 87
The reserved key handles. These values specify specific keys or specific actions for the TPM.
TPM_KH_TRANSPORT indicates to TPM_EstablishTransport that there is no encryption key, and that
the "secret" wrapped parameters are actually passed unencrypted.
*/
#define TPM_KH_SRK 0x40000000 /* The handle points to the SRK */
#define TPM_KH_OWNER 0x40000001 /* The handle points to the TPM Owner */
#define TPM_KH_REVOKE 0x40000002 /* The handle points to the RevokeTrust value */
#define TPM_KH_TRANSPORT 0x40000003 /* The handle points to the TPM_EstablishTransport static
authorization */
#define TPM_KH_OPERATOR 0x40000004 /* The handle points to the Operator auth */
#define TPM_KH_ADMIN 0x40000005 /* The handle points to the delegation administration
auth */
#define TPM_KH_EK 0x40000006 /* The handle points to the PUBEK, only usable with
TPM_OwnerReadInternalPub */
/* 4.5 TPM_STARTUP_TYPE rev 87
To specify what type of startup is occurring.
*/
#define TPM_ST_CLEAR 0x0001 /* The TPM is starting up from a clean state */
#define TPM_ST_STATE 0x0002 /* The TPM is starting up from a saved state */
#define TPM_ST_DEACTIVATED 0x0003 /* The TPM is to startup and set the deactivated flag to
TRUE */
/* 4.6 TPM_STARTUP_EFFECTS rev 101
This structure lists for the various resources and sessions on a TPM the affect that TPM_Startup
has on the values.
There are three ST_STATE options for keys (restore all, restore non-volatile, or restore none)
and two ST_CLEAR options (restore non-volatile or restore none). As bit 4 was insufficient to
describe the possibilities, it is deprecated. Software should use TPM_CAP_KEY_HANDLE to
determine which keys are loaded after TPM_Startup.
31-9 No information and MUST be FALSE
8 TPM_RT_DAA_TPM resources are initialized by TPM_Startup(ST_STATE)
7 TPM_Startup has no effect on auditDigest
6 auditDigest is set to all zeros on TPM_Startup(ST_CLEAR) but not on other types of TPM_Startup
5 auditDigest is set to all zeros on TPM_Startup(any)
4 TPM_RT_KEY Deprecated, as the meaning was subject to interpretation. (Was:TPM_RT_KEY resources
are initialized by TPM_Startup(ST_ANY))
3 TPM_RT_AUTH resources are initialized by TPM_Startup(ST_STATE)
2 TPM_RT_HASH resources are initialized by TPM_Startup(ST_STATE)
1 TPM_RT_TRANS resources are initialized by TPM_Startup(ST_STATE)
0 TPM_RT_CONTEXT session (but not key) resources are initialized by TPM_Startup(ST_STATE)
*/
#define TPM_STARTUP_EFFECTS_ST_STATE_RT_DAA 0x00000100 /* bit 8 */
#define TPM_STARTUP_EFFECTS_STARTUP_NO_AUDITDIGEST 0x00000080 /* bit 7 */
#define TPM_STARTUP_EFFECTS_ST_CLEAR_AUDITDIGEST 0x00000040 /* bit 6 */
#define TPM_STARTUP_EFFECTS_STARTUP_AUDITDIGEST 0x00000020 /* bit 5 */
#define TPM_STARTUP_EFFECTS_ST_ANY_RT_KEY 0x00000010 /* bit 4 */
#define TPM_STARTUP_EFFECTS_ST_STATE_RT_AUTH 0x00000008 /* bit 3 */
#define TPM_STARTUP_EFFECTS_ST_STATE_RT_HASH 0x00000004 /* bit 2 */
#define TPM_STARTUP_EFFECTS_ST_STATE_RT_TRANS 0x00000002 /* bit 1 */
#define TPM_STARTUP_EFFECTS_ST_STATE_RT_CONTEXT 0x00000001 /* bit 0 */
/* 4.7 TPM_PROTOCOL_ID rev 87
This value identifies the protocol in use.
*/
#define TPM_PID_NONE 0x0000 /* kgold - added */
#define TPM_PID_OIAP 0x0001 /* The OIAP protocol. */
#define TPM_PID_OSAP 0x0002 /* The OSAP protocol. */
#define TPM_PID_ADIP 0x0003 /* The ADIP protocol. */
#define TPM_PID_ADCP 0X0004 /* The ADCP protocol. */
#define TPM_PID_OWNER 0X0005 /* The protocol for taking ownership of a TPM. */
#define TPM_PID_DSAP 0x0006 /* The DSAP protocol */
#define TPM_PID_TRANSPORT 0x0007 /*The transport protocol */
/* 4.8 TPM_ALGORITHM_ID rev 99
This table defines the types of algorithms that may be supported by the TPM.
The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC, and TPM_ALG_MGF1
*/
//#define TPM_ALG_RSA 0x00000001 /* The RSA algorithm. */
/* #define TPM_ALG_DES 0x00000002 (was the DES algorithm) */
/* #define TPM_ALG_3DES 0X00000003 (was the 3DES algorithm in EDE mode) */
#define TPM_ALG_SHA 0x00000004 /* The SHA1 algorithm */
//#define TPM_ALG_HMAC 0x00000005 /* The RFC 2104 HMAC algorithm */
#define TPM_ALG_AES128 0x00000006 /* The AES algorithm, key size 128 */
//#define TPM_ALG_MGF1 0x00000007 /* The XOR algorithm using MGF1 to create a string the size
//of the encrypted block */
#define TPM_ALG_AES192 0x00000008 /* AES, key size 192 */
#define TPM_ALG_AES256 0x00000009 /* AES, key size 256 */
//#define TPM_ALG_XOR 0x0000000A /* XOR using the rolling nonces */
/* 4.9 TPM_PHYSICAL_PRESENCE rev 87
*/
#define TPM_PHYSICAL_PRESENCE_HW_DISABLE 0x0200 /* Sets the physicalPresenceHWEnable to FALSE
*/
#define TPM_PHYSICAL_PRESENCE_CMD_DISABLE 0x0100 /* Sets the physicalPresenceCMDEnable to
FALSE */
#define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK 0x0080 /* Sets the physicalPresenceLifetimeLock to
TRUE */
#define TPM_PHYSICAL_PRESENCE_HW_ENABLE 0x0040 /* Sets the physicalPresenceHWEnable to TRUE
*/
#define TPM_PHYSICAL_PRESENCE_CMD_ENABLE 0x0020 /* Sets the physicalPresenceCMDEnable to TRUE
*/
#define TPM_PHYSICAL_PRESENCE_NOTPRESENT 0x0010 /* Sets PhysicalPresence = FALSE */
#define TPM_PHYSICAL_PRESENCE_PRESENT 0x0008 /* Sets PhysicalPresence = TRUE */
#define TPM_PHYSICAL_PRESENCE_LOCK 0x0004 /* Sets PhysicalPresenceLock = TRUE */
#define TPM_PHYSICAL_PRESENCE_MASK 0xfc03 /* ~ OR of all above bits */
/* 4.10 TPM_MIGRATE_SCHEME rev 103
The scheme indicates how the StartMigrate command should handle the migration of the encrypted
blob.
*/
#define TPM_MS_MIGRATE 0x0001 /* A public key that can be used with all TPM
migration commands other than 'ReWrap' mode. */
#define TPM_MS_REWRAP 0x0002 /* A public key that can be used for the ReWrap mode
of TPM_CreateMigrationBlob. */
#define TPM_MS_MAINT 0x0003 /* A public key that can be used for the Maintenance
commands */
#define TPM_MS_RESTRICT_MIGRATE 0x0004 /* The key is to be migrated to a Migration
Authority. */
#define TPM_MS_RESTRICT_APPROVE 0x0005 /* The key is to be migrated to an entity approved by
a Migration Authority using double wrapping */
/* 4.11 TPM_EK_TYPE rev 87
This structure indicates what type of information that the EK is dealing with.
*/
#define TPM_EK_TYPE_ACTIVATE 0x0001 /* The blob MUST be TPM_EK_BLOB_ACTIVATE */
#define TPM_EK_TYPE_AUTH 0x0002 /* The blob MUST be TPM_EK_BLOB_AUTH */
/* 4.12 TPM_PLATFORM_SPECIFIC rev 87
This enumerated type indicates the platform specific spec that the information relates to.
*/
#define TPM_PS_PC_11 0x0001 /* PC Specific version 1.1 */
#define TPM_PS_PC_12 0x0002 /* PC Specific version 1.2 */
#define TPM_PS_PDA_12 0x0003 /* PDA Specific version 1.2 */
#define TPM_PS_Server_12 0x0004 /* Server Specific version 1.2 */
#define TPM_PS_Mobile_12 0x0005 /* Mobil Specific version 1.2 */
/* 5.8 TPM_KEY_USAGE rev 101
This table defines the types of keys that are possible. Each value defines for what operation
the key can be used. Most key usages can be CMKs. See 4.2, TPM_PAYLOAD_TYPE.
Each key has a setting defining the encryption and signature scheme to use. The selection of a
key usage value limits the choices of encryption and signature schemes.
*/
#define TPM_KEY_UNINITIALIZED 0x0000 /* NOTE: Added. This seems like a good place to indicate
that a TPM_KEY structure has not been initialized */
#define TPM_KEY_SIGNING 0x0010 /* This SHALL indicate a signing key. The [private] key
SHALL be used for signing operations, only. This means
that it MUST be a leaf of the Protected Storage key
hierarchy. */
#define TPM_KEY_STORAGE 0x0011 /* This SHALL indicate a storage key. The key SHALL be used
to wrap and unwrap other keys in the Protected Storage
hierarchy */
#define TPM_KEY_IDENTITY 0x0012 /* This SHALL indicate an identity key. The key SHALL be
used for operations that require a TPM identity, only. */
#define TPM_KEY_AUTHCHANGE 0X0013 /* This SHALL indicate an ephemeral key that is in use
during the ChangeAuthAsym process, only. */
#define TPM_KEY_BIND 0x0014 /* This SHALL indicate a key that can be used for TPM_Bind
and TPM_Unbind operations only. */
#define TPM_KEY_LEGACY 0x0015 /* This SHALL indicate a key that can perform signing and
binding operations. The key MAY be used for both signing
and binding operations. The TPM_KEY_LEGACY key type is to
allow for use by applications where both signing and
encryption operations occur with the same key. */
#define TPM_KEY_MIGRATE 0x0016 /* This SHALL indicate a key in use for TPM_MigrateKey */
/* 5.8.1 TPM_ENC_SCHEME Mandatory Key Usage Schemes rev 99
The TPM MUST check that the encryption scheme defined for use with the key is a valid scheme for
the key type, as follows:
*/
#define TPM_ES_NONE 0x0001
#define TPM_ES_RSAESPKCSv15 0x0002
#define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003
#define TPM_ES_SYM_CTR 0x0004
#define TPM_ES_SYM_OFB 0x0005
/* 5.8.1 TPM_SIG_SCHEME Mandatory Key Usage Schemes rev 99
The TPM MUST check that the signature scheme defined for use with the key is a valid scheme for
the key type, as follows:
*/
#define TPM_SS_NONE 0x0001
#define TPM_SS_RSASSAPKCS1v15_SHA1 0x0002
#define TPM_SS_RSASSAPKCS1v15_DER 0x0003
#define TPM_SS_RSASSAPKCS1v15_INFO 0x0004
/* 5.9 TPM_AUTH_DATA_USAGE rev 110
The indication to the TPM when authorization sessions for an entity are required. Future
versions may allow for more complex decisions regarding AuthData checking.
*/
#define TPM_AUTH_NEVER 0x00 /* This SHALL indicate that usage of the key without
authorization is permitted. */
#define TPM_AUTH_ALWAYS 0x01 /* This SHALL indicate that on each usage of the key the
authorization MUST be performed. */
#define TPM_NO_READ_PUBKEY_AUTH 0x03 /* This SHALL indicate that on commands that require the TPM to
use the the key, the authorization MUST be performed. For
commands that cause the TPM to read the public portion of the
key, but not to use the key (e.g. TPM_GetPubKey), the
authorization may be omitted. */
/* 5.10 TPM_KEY_FLAGS rev 110
This table defines the meanings of the bits in a TPM_KEY_FLAGS structure, used in
TPM_STORE_ASYMKEY and TPM_CERTIFY_INFO.
The value of TPM_KEY_FLAGS MUST be decomposed into individual mask values. The presence of a mask
value SHALL have the effect described in the above table
On input, all undefined bits MUST be zero. The TPM MUST return an error if any undefined bit is
set. On output, the TPM MUST set all undefined bits to zero.
*/
#define TPM_KEY_FLAGS_MASK 0x0000001f
#define TPM_REDIRECTION 0x00000001 /* This mask value SHALL indicate the use of redirected
output. */
#define TPM_MIGRATABLE 0x00000002 /* This mask value SHALL indicate that the key is
migratable. */
#define TPM_ISVOLATILE 0x00000004 /* This mask value SHALL indicate that the key MUST be
unloaded upon execution of the
TPM_Startup(ST_Clear). This does not indicate that a
non-volatile key will remain loaded across
TPM_Startup(ST_Clear) events. */
#define TPM_PCRIGNOREDONREAD 0x00000008 /* When TRUE the TPM MUST NOT check digestAtRelease or
localityAtRelease for commands that read the public
portion of the key (e.g., TPM_GetPubKey) and MAY NOT
check digestAtRelease or localityAtRelease for
commands that use the public portion of the key
(e.g. TPM_Seal)
When FALSE the TPM MUST check digestAtRelease and
localityAtRelease for commands that read or use the
public portion of the key */
#define TPM_MIGRATEAUTHORITY 0x00000010 /* When set indicates that the key is under control of a
migration authority. The TPM MUST only allow the
creation of a key with this flag in
TPM_MA_CreateKey */
/* 5.17 TPM_CMK_DELEGATE values rev 89
The bits of TPM_CMK_DELEGATE are flags that determine how the TPM responds to delegated requests
to manipulate a certified-migration-key, a loaded key with payload type TPM_PT_MIGRATE_RESTRICTED
or TPM_PT_MIGRATE_EXTERNAL..
26:0 reserved MUST be 0
The default value of TPM_CMK_Delegate is zero (0)
*/
#define TPM_CMK_DELEGATE_SIGNING 0x80000000 /* When set to 1, this bit SHALL indicate that a
delegated command may manipulate a CMK of
TPM_KEY_USAGE == TPM_KEY_SIGNING */
#define TPM_CMK_DELEGATE_STORAGE 0x40000000 /* When set to 1, this bit SHALL indicate that a
delegated command may manipulate a CMK of
TPM_KEY_USAGE == TPM_KEY_STORAGE */
#define TPM_CMK_DELEGATE_BIND 0x20000000 /* When set to 1, this bit SHALL indicate that a
delegated command may manipulate a CMK of
TPM_KEY_USAGE == TPM_KEY_BIND */
#define TPM_CMK_DELEGATE_LEGACY 0x10000000 /* When set to 1, this bit SHALL indicate that a
delegated command may manipulate a CMK of
TPM_KEY_USAGE == TPM_KEY_LEGACY */
#define TPM_CMK_DELEGATE_MIGRATE 0x08000000 /* When set to 1, this bit SHALL indicate that a
delegated command may manipulate a CMK of
TPM_KEY_USAGE == TPM_KEY_MIGRATE */
/* 6. TPM_TAG (Command and Response Tags) rev 100
These tags indicate to the TPM the construction of the command either as input or as output. The
AUTH indicates that there are one or more AuthData values that follow the command
parameters.
*/
#define TPM_TAG_RQU_COMMAND 0x00C1 /* A command with no authentication. */
#define TPM_TAG_RQU_AUTH1_COMMAND 0x00C2 /* An authenticated command with one authentication
handle */
#define TPM_TAG_RQU_AUTH2_COMMAND 0x00C3 /* An authenticated command with two authentication
handles */
#define TPM_TAG_RSP_COMMAND 0x00C4 /* A response from a command with no authentication
*/
#define TPM_TAG_RSP_AUTH1_COMMAND 0x00C5 /* An authenticated response with one authentication
handle */
#define TPM_TAG_RSP_AUTH2_COMMAND 0x00C6 /* An authenticated response with two authentication
handles */
/* TIS 7.2 PCR Attributes
*/
#define TPM_DEBUG_PCR 16
#define TPM_LOCALITY_4_PCR 17
#define TPM_LOCALITY_3_PCR 18
#define TPM_LOCALITY_2_PCR 19
#define TPM_LOCALITY_1_PCR 20
/* 10.9 TPM_KEY_CONTROL rev 87
Attributes that can control various aspects of key usage and manipulation.
Allows for controlling of the key when loaded and how to handle TPM_Startup issues.
*/
#define TPM_KEY_CONTROL_OWNER_EVICT 0x00000001 /* Owner controls when the key is evicted
from the TPM. When set the TPM MUST
preserve key the key across all TPM_Init
invocations. */
/* 13.1.1 TPM_TRANSPORT_ATTRIBUTES Definitions */
#define TPM_TRANSPORT_ENCRYPT 0x00000001 /* The session will provide encryption using
the internal encryption algorithm */
#define TPM_TRANSPORT_LOG 0x00000002 /* The session will provide a log of all
operations that occur in the session */
#define TPM_TRANSPORT_EXCLUSIVE 0X00000004 /* The transport session is exclusive and
any command executed outside the
transport session causes the invalidation
of the session */
/* 21.1 TPM_CAPABILITY_AREA rev 115
To identify a capability to be queried.
*/
#define TPM_CAP_ORD 0x00000001 /* Boolean value. TRUE indicates that the TPM supports
the ordinal. FALSE indicates that the TPM does not
support the ordinal. Unimplemented optional ordinals
and unused (unassigned) ordinals return FALSE. */
#define TPM_CAP_ALG 0x00000002 /* Boolean value. TRUE means that the TPM supports the
asymmetric algorithm for TPM_Sign, TPM_Seal,
TPM_UnSeal and TPM_UnBind and related commands. FALSE
indicates that the asymmetric algorithm is not
supported for these types of commands. The TPM MAY
return TRUE or FALSE for other than asymmetric
algoroithms that it supports. Unassigned and
unsupported algorithm IDs return FALSE.*/
#define TPM_CAP_PID 0x00000003 /* Boolean value. TRUE indicates that the TPM supports
the protocol, FALSE indicates that the TPM does not
support the protocol. */
#define TPM_CAP_FLAG 0x00000004 /* Return the TPM_PERMANENT_FLAGS structure or Return the
TPM_STCLEAR_FLAGS structure */
#define TPM_CAP_PROPERTY 0x00000005 /* See following table for the subcaps */
#define TPM_CAP_VERSION 0x00000006 /* TPM_STRUCT_VER structure. The Major and Minor must
indicate 1.1. The firmware revision MUST indicate
0.0 */
#define TPM_CAP_KEY_HANDLE 0x00000007 /* A TPM_KEY_HANDLE_LIST structure that enumerates all
key handles loaded on the TPM. */
#define TPM_CAP_CHECK_LOADED 0x00000008 /* A Boolean value. TRUE indicates that the TPM has
enough memory available to load a key of the type
specified by TPM_KEY_PARMS. FALSE indicates that the
TPM does not have enough memory. */
#define TPM_CAP_SYM_MODE 0x00000009 /* Subcap TPM_SYM_MODE
A Boolean value. TRUE indicates that the TPM supports
the TPM_SYM_MODE, FALSE indicates the TPM does not
support the mode. */
#define TPM_CAP_KEY_STATUS 0x0000000C /* Boolean value of ownerEvict. The handle MUST point to
a valid key handle.*/
#define TPM_CAP_NV_LIST 0x0000000D /* A list of TPM_NV_INDEX values that are currently
allocated NV storage through TPM_NV_DefineSpace. */
#define TPM_CAP_MFR 0x00000010 /* Manufacturer specific. The manufacturer may provide
any additional information regarding the TPM and the
TPM state but MUST not expose any sensitive
information. */
#define TPM_CAP_NV_INDEX 0x00000011 /* A TPM_NV_DATA_PUBLIC structure that indicates the
values for the TPM_NV_INDEX. Returns TPM_BADINDEX if
the index is not in the TPM_CAP_NV_LIST list. */
#define TPM_CAP_TRANS_ALG 0x00000012 /* Boolean value. TRUE means that the TPM supports the
algorithm for TPM_EstablishTransport,
TPM_ExecuteTransport and
TPM_ReleaseTransportSigned. FALSE indicates that for
these three commands the algorithm is not supported."
*/
#define TPM_CAP_HANDLE 0x00000014 /* A TPM_KEY_HANDLE_LIST structure that enumerates all
handles currently loaded in the TPM for the given
resource type. */
#define TPM_CAP_TRANS_ES 0x00000015 /* Boolean value. TRUE means the TPM supports the
encryption scheme in a transport session for at least
one algorithm.. */
#define TPM_CAP_AUTH_ENCRYPT 0x00000017 /* Boolean value. TRUE indicates that the TPM supports
the encryption algorithm in OSAP encryption of
AuthData values */
#define TPM_CAP_SELECT_SIZE 0x00000018 /* Boolean value. TRUE indicates that the TPM supports
the size for the given version. For instance a request
could ask for version 1.1 size 2 and the TPM would
indicate TRUE. For 1.1 size 3 the TPM would indicate
FALSE. For 1.2 size 3 the TPM would indicate TRUE. */
#define TPM_CAP_DA_LOGIC 0x00000019 /* (OPTIONAL)
A TPM_DA_INFO or TPM_DA_INFO_LIMITED structure that
returns data according to the selected entity type
(e.g., TPM_ET_KEYHANDLE, TPM_ET_OWNER, TPM_ET_SRK,
TPM_ET_COUNTER, TPM_ET_OPERATOR, etc.). If the
implemented dictionary attack logic does not support
different secret types, the entity type can be
ignored. */
#define TPM_CAP_VERSION_VAL 0x0000001A /* TPM_CAP_VERSION_INFO structure. The TPM fills in the
structure and returns the information indicating what
the TPM currently supports. */
#define TPM_CAP_FLAG_PERMANENT 0x00000108 /* Return the TPM_PERMANENT_FLAGS structure */
#define TPM_CAP_FLAG_VOLATILE 0x00000109 /* Return the TPM_STCLEAR_FLAGS structure */
/* 21.2 CAP_PROPERTY Subcap values for CAP_PROPERTY rev 105
The TPM_CAP_PROPERTY capability has numerous subcap values. The definition for all subcap values
occurs in this table.
TPM_CAP_PROP_MANUFACTURER returns a vendor ID unique to each manufacturer. The same value is
returned as the TPM_CAP_VERSION_INFO -> tpmVendorID. A company abbreviation such as a null
terminated stock ticker is a typical choice. However, there is no requirement that the value
contain printable characters. The document "TCG Vendor Naming" lists the vendor ID values.
TPM_CAP_PROP_MAX_xxxSESS is a constant. At TPM_Startup(ST_CLEAR) TPM_CAP_PROP_xxxSESS ==
TPM_CAP_PROP_MAX_xxxSESS. As sessions are created on the TPM, TPM_CAP_PROP_xxxSESS decreases
toward zero. As sessions are terminated, TPM_CAP_PROP_xxxSESS increases toward
TPM_CAP_PROP_MAX_xxxSESS.
There is a similar relationship between the constants TPM_CAP_PROP_MAX_COUNTERS and
TPM_CAP_PROP_MAX_CONTEXT and the varying TPM_CAP_PROP_COUNTERS and TPM_CAP_PROP_CONTEXT.
In one typical implementation where authorization and transport sessions reside in separate
pools, TPM_CAP_PROP_SESSIONS will be the sum of TPM_CAP_PROP_AUTHSESS and TPM_CAP_PROP_TRANSESS.
In another typical implementation where authorization and transport sessions share the same pool,
TPM_CAP_PROP_SESSIONS, TPM_CAP_PROP_AUTHSESS, and TPM_CAP_PROP_TRANSESS will all be equal.
*/
#define TPM_CAP_PROP_PCR 0x00000101 /* uint32_t value. Returns the number of PCR
registers supported by the TPM */
#define TPM_CAP_PROP_DIR 0x00000102 /* uint32_t. Deprecated. Returns the number of
DIR, which is now fixed at 1 */
#define TPM_CAP_PROP_MANUFACTURER 0x00000103 /* uint32_t value. Returns the vendor ID
unique to each TPM manufacturer. */
#define TPM_CAP_PROP_KEYS 0x00000104 /* uint32_t value. Returns the number of 2048-
bit RSA keys that can be loaded. This may
vary with time and circumstances. */
#define TPM_CAP_PROP_MIN_COUNTER 0x00000107 /* uint32_t. The minimum amount of time in
10ths of a second that must pass between
invocations of incrementing the monotonic
counter. */
#define TPM_CAP_PROP_AUTHSESS 0x0000010A /* uint32_t. The number of available
authorization sessions. This may vary with
time and circumstances. */
#define TPM_CAP_PROP_TRANSESS 0x0000010B /* uint32_t. The number of available transport
sessions. This may vary with time and
circumstances. */
#define TPM_CAP_PROP_COUNTERS 0x0000010C /* uint32_t. The number of available monotonic
counters. This may vary with time and
circumstances. */
#define TPM_CAP_PROP_MAX_AUTHSESS 0x0000010D /* uint32_t. The maximum number of loaded
authorization sessions the TPM supports */
#define TPM_CAP_PROP_MAX_TRANSESS 0x0000010E /* uint32_t. The maximum number of loaded
transport sessions the TPM supports. */
#define TPM_CAP_PROP_MAX_COUNTERS 0x0000010F /* uint32_t. The maximum number of monotonic
counters under control of TPM_CreateCounter
*/
#define TPM_CAP_PROP_MAX_KEYS 0x00000110 /* uint32_t. The maximum number of 2048 RSA
keys that the TPM can support. The number
does not include the EK or SRK. */
#define TPM_CAP_PROP_OWNER 0x00000111 /* BOOL. A value of TRUE indicates that the
TPM has successfully installed an owner. */
#define TPM_CAP_PROP_CONTEXT 0x00000112 /* uint32_t. The number of available saved
session slots. This may vary with time and
circumstances. */
#define TPM_CAP_PROP_MAX_CONTEXT 0x00000113 /* uint32_t. The maximum number of saved
session slots. */
#define TPM_CAP_PROP_FAMILYROWS 0x00000114 /* uint32_t. The maximum number of rows in the
family table */
#define TPM_CAP_PROP_TIS_TIMEOUT 0x00000115 /* A 4 element array of uint32_t values each
denoting the timeout value in microseconds
for the following in this order:
TIMEOUT_A, TIMEOUT_B, TIMEOUT_C, TIMEOUT_D
Where these timeouts are to be used is
determined by the platform specific TPM
Interface Specification. */
#define TPM_CAP_PROP_STARTUP_EFFECT 0x00000116 /* The TPM_STARTUP_EFFECTS structure */
#define TPM_CAP_PROP_DELEGATE_ROW 0x00000117 /* uint32_t. The maximum size of the delegate
table in rows. */
#define TPM_CAP_PROP_MAX_DAASESS 0x00000119 /* uint32_t. The maximum number of loaded DAA
sessions (join or sign) that the TPM
supports */
#define TPM_CAP_PROP_DAASESS 0x0000011A /* uint32_t. The number of available DAA
sessions. This may vary with time and
circumstances */
#define TPM_CAP_PROP_CONTEXT_DIST 0x0000011B /* uint32_t. The maximum distance between
context count values. This MUST be at least
2^16-1. */
#define TPM_CAP_PROP_DAA_INTERRUPT 0x0000011C /* BOOL. A value of TRUE indicates that the
TPM will accept ANY command while executing
a DAA Join or Sign.
A value of FALSE indicates that the TPM
will invalidate the DAA Join or Sign upon
the receipt of any command other than the
next join/sign in the session or a
TPM_SaveContext */
#define TPM_CAP_PROP_SESSIONS 0X0000011D /* uint32_t. The number of available sessions
from the pool. This MAY vary with time and
circumstances. Pool sessions include
authorization and transport sessions. */
#define TPM_CAP_PROP_MAX_SESSIONS 0x0000011E /* uint32_t. The maximum number of sessions
the TPM supports. */
#define TPM_CAP_PROP_CMK_RESTRICTION 0x0000011F /* uint32_t TPM_Permanent_Data ->
restrictDelegate
*/
#define TPM_CAP_PROP_DURATION 0x00000120 /* A 3 element array of uint32_t values each
denoting the duration value in microseconds
of the duration of the three classes of
commands: Small, Medium and Long in the
following in this order: SMALL_DURATION,
MEDIUM_DURATION, LONG_DURATION */
#define TPM_CAP_PROP_ACTIVE_COUNTER 0x00000122 /* TPM_COUNT_ID. The id of the current
counter. 0xff..ff if no counter is active
*/
#define TPM_CAP_PROP_MAX_NV_AVAILABLE 0x00000123 /*uint32_t. Deprecated. The maximum number
of NV space that can be allocated, MAY
vary with time and circumstances. This
capability was not implemented
consistently, and is replaced by
TPM_NV_INDEX_TRIAL. */
#define TPM_CAP_PROP_INPUT_BUFFER 0x00000124 /* uint32_t. The maximum size of the TPM
input buffer or output buffer in
bytes. */
/* 21.4 Set_Capability Values rev 107
*/
#define TPM_SET_PERM_FLAGS 0x00000001 /* The ability to set a value is field specific and
a review of the structure will disclose the
ability and requirements to set a value */
#define TPM_SET_PERM_DATA 0x00000002 /* The ability to set a value is field specific and
a review of the structure will disclose the
ability and requirements to set a value */
#define TPM_SET_STCLEAR_FLAGS 0x00000003 /* The ability to set a value is field specific and
a review of the structure will disclose the
ability and requirements to set a value */
#define TPM_SET_STCLEAR_DATA 0x00000004 /* The ability to set a value is field specific and
a review of the structure will disclose the
ability and requirements to set a value */
#define TPM_SET_STANY_FLAGS 0x00000005 /* The ability to set a value is field specific and
a review of the structure will disclose the
ability and requirements to set a value */
#define TPM_SET_STANY_DATA 0x00000006 /* The ability to set a value is field specific and
a review of the structure will disclose the
ability and requirements to set a value */
#define TPM_SET_VENDOR 0x00000007 /* This area allows the vendor to set specific areas
in the TPM according to the normal shielded
location requirements */
/* Set Capability sub caps */
/* TPM_PERMANENT_FLAGS */
#define TPM_PF_DISABLE 1
#define TPM_PF_OWNERSHIP 2
#define TPM_PF_DEACTIVATED 3
#define TPM_PF_READPUBEK 4
#define TPM_PF_DISABLEOWNERCLEAR 5
#define TPM_PF_ALLOWMAINTENANCE 6
#define TPM_PF_PHYSICALPRESENCELIFETIMELOCK 7
#define TPM_PF_PHYSICALPRESENCEHWENABLE 8
#define TPM_PF_PHYSICALPRESENCECMDENABLE 9
#define TPM_PF_CEKPUSED 10
#define TPM_PF_TPMPOST 11
#define TPM_PF_TPMPOSTLOCK 12
#define TPM_PF_FIPS 13
#define TPM_PF_OPERATOR 14
#define TPM_PF_ENABLEREVOKEEK 15
#define TPM_PF_NV_LOCKED 16
#define TPM_PF_READSRKPUB 17
#define TPM_PF_TPMESTABLISHED 18
#define TPM_PF_MAINTENANCEDONE 19
#define TPM_PF_DISABLEFULLDALOGICINFO 20
/* TPM_STCLEAR_FLAGS */
#define TPM_SF_DEACTIVATED 1
#define TPM_SF_DISABLEFORCECLEAR 2
#define TPM_SF_PHYSICALPRESENCE 3
#define TPM_SF_PHYSICALPRESENCELOCK 4
#define TPM_SF_BGLOBALLOCK 5
/* TPM_STANY_FLAGS */
#define TPM_AF_POSTINITIALISE 1
#define TPM_AF_LOCALITYMODIFIER 2
#define TPM_AF_TRANSPORTEXCLUSIVE 3
#define TPM_AF_TOSPRESENT 4
/* TPM_PERMANENT_DATA */
#define TPM_PD_REVMAJOR 1
#define TPM_PD_REVMINOR 2
#define TPM_PD_TPMPROOF 3
#define TPM_PD_OWNERAUTH 4
#define TPM_PD_OPERATORAUTH 5
#define TPM_PD_MANUMAINTPUB 6
#define TPM_PD_ENDORSEMENTKEY 7
#define TPM_PD_SRK 8
#define TPM_PD_DELEGATEKEY 9
#define TPM_PD_CONTEXTKEY 10
#define TPM_PD_AUDITMONOTONICCOUNTER 11
#define TPM_PD_MONOTONICCOUNTER 12
#define TPM_PD_PCRATTRIB 13
#define TPM_PD_ORDINALAUDITSTATUS 14
#define TPM_PD_AUTHDIR 15
#define TPM_PD_RNGSTATE 16
#define TPM_PD_FAMILYTABLE 17
#define TPM_DELEGATETABLE 18
#define TPM_PD_EKRESET 19
#define TPM_PD_LASTFAMILYID 21
#define TPM_PD_NOOWNERNVWRITE 22
#define TPM_PD_RESTRICTDELEGATE 23
#define TPM_PD_TPMDAASEED 24
#define TPM_PD_DAAPROOF 25
/* TPM_STCLEAR_DATA */
#define TPM_SD_CONTEXTNONCEKEY 1
#define TPM_SD_COUNTID 2
#define TPM_SD_OWNERREFERENCE 3
#define TPM_SD_DISABLERESETLOCK 4
#define TPM_SD_PCR 5
#define TPM_SD_DEFERREDPHYSICALPRESENCE 6
/* TPM_STCLEAR_DATA -> deferredPhysicalPresence bits */
#define TPM_DPP_UNOWNED_FIELD_UPGRADE 0x00000001 /* bit 0 TPM_FieldUpgrade */
/* TPM_STANY_DATA */
#define TPM_AD_CONTEXTNONCESESSION 1
#define TPM_AD_AUDITDIGEST 2
#define TPM_AD_CURRENTTICKS 3
#define TPM_AD_CONTEXTCOUNT 4
#define TPM_AD_CONTEXTLIST 5
#define TPM_AD_SESSIONS 6
/* 17. Ordinals rev 110
Ordinals are 32 bit values of type TPM_COMMAND_CODE. The upper byte contains values that serve
as flag indicators, the next byte contains values indicating what committee designated the
ordinal, and the final two bytes contain the Command Ordinal Index.
3 2 1
1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|P|C|V| Reserved| Purview | Command Ordinal Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Where:
P is Protected/Unprotected command. When 0 the command is a Protected command, when 1 the
command is an Unprotected command.
C is Non-Connection/Connection related command. When 0 this command passes through to either the
protected (TPM) or unprotected (TSS) components.
V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the command is vendor
defined.
All reserved area bits are set to 0.
*/
/* The following masks are created to allow for the quick definition of the commands */
#define TPM_PROTECTED_COMMAND 0x00000000 /* TPM protected command, specified in main specification
*/
#define TPM_UNPROTECTED_COMMAND 0x80000000 /* TSS command, specified in the TSS specification */
#define TPM_CONNECTION_COMMAND 0x40000000 /* TSC command, protected connection commands are
specified in the main specification Unprotected
connection commands are specified in the TSS */
#define TPM_VENDOR_COMMAND 0x20000000 /* Command that is vendor specific for a given TPM or
TSS. */
/* The following Purviews have been defined: */
#define TPM_MAIN 0x00 /* Command is from the main specification */
#define TPM_PC 0x01 /* Command is specific to the PC */
#define TPM_PDA 0x02 /* Command is specific to a PDA */
#define TPM_CELL_PHONE 0x03 /* Command is specific to a cell phone */
#define TPM_SERVER 0x04 /* Command is specific to servers */
#define TPM_PERIPHERAL 0x05 /* Command is specific to peripherals */
//#define TPM_TSS 0x06 /* Command is specific to TSS */
/* Combinations for the main specification would be: */
#define TPM_PROTECTED_ORDINAL (TPM_PROTECTED_COMMAND | TPM_MAIN)
#define TPM_UNPROTECTED_ORDINAL (TPM_UNPROTECTED_COMMAND | TPM_MAIN)
#define TPM_CONNECTION_ORDINAL (TPM_CONNECTION_COMMAND | TPM_MAIN)
/* Command ordinals */
#define TPM_ORD_ActivateIdentity 0x0000007A
#define TPM_ORD_AuthorizeMigrationKey 0x0000002B
#define TPM_ORD_CertifyKey 0x00000032
#define TPM_ORD_CertifyKey2 0x00000033
#define TPM_ORD_CertifySelfTest 0x00000052
#define TPM_ORD_ChangeAuth 0x0000000C
#define TPM_ORD_ChangeAuthAsymFinish 0x0000000F
#define TPM_ORD_ChangeAuthAsymStart 0x0000000E
#define TPM_ORD_ChangeAuthOwner 0x00000010
#define TPM_ORD_CMK_ApproveMA 0x0000001D
#define TPM_ORD_CMK_ConvertMigration 0x00000024
#define TPM_ORD_CMK_CreateBlob 0x0000001B
#define TPM_ORD_CMK_CreateKey 0x00000013
#define TPM_ORD_CMK_CreateTicket 0x00000012
#define TPM_ORD_CMK_SetRestrictions 0x0000001C
#define TPM_ORD_ContinueSelfTest 0x00000053
#define TPM_ORD_ConvertMigrationBlob 0x0000002A
#define TPM_ORD_CreateCounter 0x000000DC
#define TPM_ORD_CreateEndorsementKeyPair 0x00000078
#define TPM_ORD_CreateMaintenanceArchive 0x0000002C
#define TPM_ORD_CreateMigrationBlob 0x00000028
#define TPM_ORD_CreateRevocableEK 0x0000007F
#define TPM_ORD_CreateWrapKey 0x0000001F
#define TPM_ORD_DAA_Join 0x00000029
#define TPM_ORD_DAA_Sign 0x00000031
#define TPM_ORD_Delegate_CreateKeyDelegation 0x000000D4
#define TPM_ORD_Delegate_CreateOwnerDelegation 0x000000D5
#define TPM_ORD_Delegate_LoadOwnerDelegation 0x000000D8
#define TPM_ORD_Delegate_Manage 0x000000D2
#define TPM_ORD_Delegate_ReadTable 0x000000DB
#define TPM_ORD_Delegate_UpdateVerification 0x000000D1
#define TPM_ORD_Delegate_VerifyDelegation 0x000000D6
#define TPM_ORD_DirRead 0x0000001A
#define TPM_ORD_DirWriteAuth 0x00000019
#define TPM_ORD_DisableForceClear 0x0000005E
#define TPM_ORD_DisableOwnerClear 0x0000005C
#define TPM_ORD_DisablePubekRead 0x0000007E
#define TPM_ORD_DSAP 0x00000011
#define TPM_ORD_EstablishTransport 0x000000E6
#define TPM_ORD_EvictKey 0x00000022
#define TPM_ORD_ExecuteTransport 0x000000E7
#define TPM_ORD_Extend 0x00000014
#define TPM_ORD_FieldUpgrade 0x000000AA
#define TPM_ORD_FlushSpecific 0x000000BA
#define TPM_ORD_ForceClear 0x0000005D
#define TPM_ORD_GetAuditDigest 0x00000085
#define TPM_ORD_GetAuditDigestSigned 0x00000086
#define TPM_ORD_GetAuditEvent 0x00000082
#define TPM_ORD_GetAuditEventSigned 0x00000083
#define TPM_ORD_GetCapability 0x00000065
#define TPM_ORD_GetCapabilityOwner 0x00000066
#define TPM_ORD_GetCapabilitySigned 0x00000064
#define TPM_ORD_GetOrdinalAuditStatus 0x0000008C
#define TPM_ORD_GetPubKey 0x00000021
#define TPM_ORD_GetRandom 0x00000046
#define TPM_ORD_GetTestResult 0x00000054
#define TPM_ORD_GetTicks 0x000000F1
#define TPM_ORD_IncrementCounter 0x000000DD
#define TPM_ORD_Init 0x00000097
#define TPM_ORD_KeyControlOwner 0x00000023
#define TPM_ORD_KillMaintenanceFeature 0x0000002E
#define TPM_ORD_LoadAuthContext 0x000000B7
#define TPM_ORD_LoadContext 0x000000B9
#define TPM_ORD_LoadKey 0x00000020
#define TPM_ORD_LoadKey2 0x00000041
#define TPM_ORD_LoadKeyContext 0x000000B5
#define TPM_ORD_LoadMaintenanceArchive 0x0000002D
#define TPM_ORD_LoadManuMaintPub 0x0000002F
#define TPM_ORD_MakeIdentity 0x00000079
#define TPM_ORD_MigrateKey 0x00000025
#define TPM_ORD_NV_DefineSpace 0x000000CC
#define TPM_ORD_NV_ReadValue 0x000000CF
#define TPM_ORD_NV_ReadValueAuth 0x000000D0
#define TPM_ORD_NV_WriteValue 0x000000CD
#define TPM_ORD_NV_WriteValueAuth 0x000000CE
#define TPM_ORD_OIAP 0x0000000A
#define TPM_ORD_OSAP 0x0000000B
#define TPM_ORD_OwnerClear 0x0000005B
#define TPM_ORD_OwnerReadInternalPub 0x00000081
#define TPM_ORD_OwnerReadPubek 0x0000007D
#define TPM_ORD_OwnerSetDisable 0x0000006E
#define TPM_ORD_PCR_Reset 0x000000C8
#define TPM_ORD_PcrRead 0x00000015
#define TPM_ORD_PhysicalDisable 0x00000070
#define TPM_ORD_PhysicalEnable 0x0000006F
#define TPM_ORD_PhysicalSetDeactivated 0x00000072
#define TPM_ORD_Quote 0x00000016
#define TPM_ORD_Quote2 0x0000003E
#define TPM_ORD_ReadCounter 0x000000DE
#define TPM_ORD_ReadManuMaintPub 0x00000030
#define TPM_ORD_ReadPubek 0x0000007C
#define TPM_ORD_ReleaseCounter 0x000000DF
#define TPM_ORD_ReleaseCounterOwner 0x000000E0
#define TPM_ORD_ReleaseTransportSigned 0x000000E8
#define TPM_ORD_Reset 0x0000005A
#define TPM_ORD_ResetLockValue 0x00000040
#define TPM_ORD_RevokeTrust 0x00000080
#define TPM_ORD_SaveAuthContext 0x000000B6
#define TPM_ORD_SaveContext 0x000000B8
#define TPM_ORD_SaveKeyContext 0x000000B4
#define TPM_ORD_SaveState 0x00000098
#define TPM_ORD_Seal 0x00000017
#define TPM_ORD_Sealx 0x0000003D
#define TPM_ORD_SelfTestFull 0x00000050
#define TPM_ORD_SetCapability 0x0000003F
#define TPM_ORD_SetOperatorAuth 0x00000074
#define TPM_ORD_SetOrdinalAuditStatus 0x0000008D
#define TPM_ORD_SetOwnerInstall 0x00000071
#define TPM_ORD_SetOwnerPointer 0x00000075
#define TPM_ORD_SetRedirection 0x0000009A
#define TPM_ORD_SetTempDeactivated 0x00000073
#define TPM_ORD_SHA1Complete 0x000000A2
#define TPM_ORD_SHA1CompleteExtend 0x000000A3
#define TPM_ORD_SHA1Start 0x000000A0
#define TPM_ORD_SHA1Update 0x000000A1
#define TPM_ORD_Sign 0x0000003C
#define TPM_ORD_Startup 0x00000099
#define TPM_ORD_StirRandom 0x00000047
#define TPM_ORD_TakeOwnership 0x0000000D
#define TPM_ORD_Terminate_Handle 0x00000096
#define TPM_ORD_TickStampBlob 0x000000F2
#define TPM_ORD_UnBind 0x0000001E
#define TPM_ORD_Unseal 0x00000018
#define TSC_ORD_PhysicalPresence 0x4000000A
#define TSC_ORD_ResetEstablishmentBit 0x4000000B
/* 19. NV storage structures */
/* 19.1 TPM_NV_INDEX rev 110
The index provides the handle to identify the area of storage. The reserved bits allow for a
segregation of the index name space to avoid name collisions.
The TPM may check the resvd bits for zero. Thus, applications should set the bits to zero.
The TCG defines the space where the high order bits (T, P, U) are 0. The other spaces are
controlled by the indicated entity.
T is the TPM manufacturer reserved bit. 0 indicates a TCG defined value. 1 indicates a TPM
manufacturer specific value.
P is the platform manufacturer reserved bit. 0 indicates a TCG defined value. 1 indicates that
the index is controlled by the platform manufacturer.
U is for the platform user. 0 indicates a TCG defined value. 1 indicates that the index is
controlled by the platform user.
The TPM_NV_INDEX is a 32-bit value.
3 2 1
1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|T|P|U|D| resvd | Purview | Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Where:
1. The TPM MAY return an error if the reserved area bits are not set to 0.
2. The TPM MUST accept all values for T, P, and U
3. D indicates defined. 1 indicates that the index is permanently defined and that any
TPM_NV_DefineSpace operation will fail after nvLocked is set TRUE.
a. TCG reserved areas MAY have D set to 0 or 1
4. Purview is the value used to indicate the platform specific area. This value is the
same as used for command ordinals.
a. The TPM MUST reject purview values that the TPM cannot support. This means that an
index value for a PDA MUST be rejected by a TPM designed to work only on the PC Client.
*/
#define TPM_NV_INDEX_T_BIT 0x80000000
#define TPM_NV_INDEX_P_BIT 0x40000000
#define TPM_NV_INDEX_U_BIT 0x20000000
#define TPM_NV_INDEX_D_BIT 0x10000000
/* added kgold */
#define TPM_NV_INDEX_RESVD 0x0f000000
#define TPM_NV_INDEX_PURVIEW_BIT 16
#define TPM_NV_INDEX_PURVIEW_MASK 0x00ff0000
/* 19.1.1 Required TPM_NV_INDEX values rev 97
The required index values must be found on each TPM regardless of platform. These areas are
always present and do not require a TPM_DefineSpace command to allocate.
A platform specific specification may add additional required index values for the platform.
The TPM MUST reserve the space as indicated for the required index values
*/
#define TPM_NV_INDEX_LOCK 0xFFFFFFFF /* This value turns on the NV authorization
protections. Once executed all NV areas use the
protections as defined. This value never resets.
Attempting to execute TPM_NV_DefineSpace on this value
with non-zero size MAY result in a TPM_BADINDEX
response.
*/
#define TPM_NV_INDEX0 0x00000000 /* This value allows for the setting of the bGlobalLock
flag, which is only reset on TPM_Startup(ST_Clear)
Attempting to execute TPM_NV_WriteValue with a size other
than zero MAY result in the TPM_BADINDEX error code.
*/
#define TPM_NV_INDEX_DIR 0x10000001 /* Size MUST be 20. This index points to the deprecated DIR
command area from 1.1. The TPM MUST map this reserved
space to be the area operated on by the 1.1 DIR commands.
*/
/* 19.1.2 Reserved Index values rev 116
The reserved values are defined to avoid index collisions. These values are not in each and every
TPM.
1. The reserved index values are to avoid index value collisions.
2. These index values require a TPM_DefineSpace to have the area for the index allocated
3. A platform specific specification MAY indicate that reserved values are required.
4. The reserved index values MAY have their D bit set by the TPM vendor to permanently
*/
#define TPM_NV_INDEX_TPM 0x0000Fxxx /* Reserved for TPM use */
#define TPM_NV_INDEX_EKCert 0x1000F000 /* The Endorsement credential */
#define TPM_NV_INDEX_TPM_CC 0x0000F001 /* The TPM Conformance credential */
#define TPM_NV_INDEX_PlatformCert 0x0000F002 /* The platform credential */
#define TPM_NV_INDEX_Platform_CC 0x0000F003 /* The Platform conformance credential */
#define TPM_NV_INDEX_TRIAL 0x0000F004 /* To try TPM_NV_DefineSpace without
actually allocating NV space */
#if 0
#define TPM_NV_INDEX_PC 0x0001xxxx /* Reserved for PC Client use */
#define TPM_NV_INDEX_GPIO_xx 0x000116xx /* Reserved for GPIO pins */
#define TPM_NV_INDEX_PDA 0x0002xxxx /* Reserved for PDA use */
#define TPM_NV_INDEX_MOBILE 0x0003xxxx /* Reserved for mobile use */
#define TPM_NV_INDEX_SERVER 0x0004xxxx /* Reserved for Server use */
#define TPM_NV_INDEX_PERIPHERAL 0x0005xxxx /* Reserved for peripheral use */
#define TPM_NV_INDEX_TSS 0x0006xxxx /* Reserved for TSS use */
#define TPM_NV_INDEX_GROUP_RESV 0x00xxxxxx /* Reserved for TCG WG use */
#endif
#define TPM_NV_INDEX_GPIO_00 0x00011600 /* GPIO-Express-00 */
#define TPM_NV_INDEX_GPIO_START 0x00011600 /* Reserved for GPIO pins */
#define TPM_NV_INDEX_GPIO_END 0x000116ff /* Reserved for GPIO pins */
/* 19.2 TPM_NV_ATTRIBUTES rev 99
The attributes TPM_NV_PER_AUTHREAD and TPM_NV_PER_OWNERREAD cannot both be set to TRUE.
Similarly, the attributes TPM_NV_PER_AUTHWRITE and TPM_NV_PER_OWNERWRITE cannot both be set to
TRUE.
*/
#define TPM_NV_PER_READ_STCLEAR 0x80000000 /* 31: The value can be read until locked by a
read with a data size of 0. It can only be
unlocked by TPM_Startup(ST_Clear) or a
successful write. Lock held for each area in
bReadSTClear. */
/* #define 30:19 Reserved */
#define TPM_NV_PER_AUTHREAD 0x00040000 /* 18: The value requires authorization to read
*/
#define TPM_NV_PER_OWNERREAD 0x00020000 /* 17: The value requires TPM Owner authorization
to read. */
#define TPM_NV_PER_PPREAD 0x00010000 /* 16: The value requires physical presence to
read */
#define TPM_NV_PER_GLOBALLOCK 0x00008000 /* 15: The value is writable until a write to
index 0 is successful. The lock of this
attribute is reset by
TPM_Startup(ST_CLEAR). Lock held by SF ->
bGlobalLock */
#define TPM_NV_PER_WRITE_STCLEAR 0x00004000 /* 14: The value is writable until a write to
the specified index with a datasize of 0 is
successful. The lock of this attribute is
reset by TPM_Startup(ST_CLEAR). Lock held for
each area in bWriteSTClear. */
#define TPM_NV_PER_WRITEDEFINE 0x00002000 /* 13: Lock set by writing to the index with a
datasize of 0. Lock held for each area in
bWriteDefine. This is a persistent lock. */
#define TPM_NV_PER_WRITEALL 0x00001000 /* 12: The value must be written in a single
operation */
/* #define 11:3 Reserved for write additions */
#define TPM_NV_PER_AUTHWRITE 0x00000004 /* 2: The value requires authorization to write
*/
#define TPM_NV_PER_OWNERWRITE 0x00000002 /* 1: The value requires TPM Owner authorization
to write */
#define TPM_NV_PER_PPWRITE 0x00000001 /* 0: The value requires physical presence to
write */
/* 20.2.1 Owner Permission Settings rev 87 */
/* Per1 bits */
#define TPM_DELEGATE_PER1_MASK 0xffffffff /* mask of legal bits */
#define TPM_DELEGATE_KeyControlOwner 31
#define TPM_DELEGATE_SetOrdinalAuditStatus 30
#define TPM_DELEGATE_DirWriteAuth 29
#define TPM_DELEGATE_CMK_ApproveMA 28
#define TPM_DELEGATE_NV_WriteValue 27
#define TPM_DELEGATE_CMK_CreateTicket 26
#define TPM_DELEGATE_NV_ReadValue 25
#define TPM_DELEGATE_Delegate_LoadOwnerDelegation 24
#define TPM_DELEGATE_DAA_Join 23
#define TPM_DELEGATE_AuthorizeMigrationKey 22
#define TPM_DELEGATE_CreateMaintenanceArchive 21
#define TPM_DELEGATE_LoadMaintenanceArchive 20
#define TPM_DELEGATE_KillMaintenanceFeature 19
#define TPM_DELEGATE_OwnerReadInternalPub 18
#define TPM_DELEGATE_ResetLockValue 17
#define TPM_DELEGATE_OwnerClear 16
#define TPM_DELEGATE_DisableOwnerClear 15
#define TPM_DELEGATE_NV_DefineSpace 14
#define TPM_DELEGATE_OwnerSetDisable 13
#define TPM_DELEGATE_SetCapability 12
#define TPM_DELEGATE_MakeIdentity 11
#define TPM_DELEGATE_ActivateIdentity 10
#define TPM_DELEGATE_OwnerReadPubek 9
#define TPM_DELEGATE_DisablePubekRead 8
#define TPM_DELEGATE_SetRedirection 7
#define TPM_DELEGATE_FieldUpgrade 6
#define TPM_DELEGATE_Delegate_UpdateVerification 5
#define TPM_DELEGATE_CreateCounter 4
#define TPM_DELEGATE_ReleaseCounterOwner 3
#define TPM_DELEGATE_Delegate_Manage 2
#define TPM_DELEGATE_Delegate_CreateOwnerDelegation 1
#define TPM_DELEGATE_DAA_Sign 0
/* Per2 bits */
#define TPM_DELEGATE_PER2_MASK 0x00000000 /* mask of legal bits */
/* All reserved */
/* 20.2.3 Key Permission settings rev 85 */
/* Per1 bits */
#define TPM_KEY_DELEGATE_PER1_MASK 0x1fffffff /* mask of legal bits */
#define TPM_KEY_DELEGATE_CMK_ConvertMigration 28
#define TPM_KEY_DELEGATE_TickStampBlob 27
#define TPM_KEY_DELEGATE_ChangeAuthAsymStart 26
#define TPM_KEY_DELEGATE_ChangeAuthAsymFinish 25
#define TPM_KEY_DELEGATE_CMK_CreateKey 24
#define TPM_KEY_DELEGATE_MigrateKey 23
#define TPM_KEY_DELEGATE_LoadKey2 22
#define TPM_KEY_DELEGATE_EstablishTransport 21
#define TPM_KEY_DELEGATE_ReleaseTransportSigned 20
#define TPM_KEY_DELEGATE_Quote2 19
#define TPM_KEY_DELEGATE_Sealx 18
#define TPM_KEY_DELEGATE_MakeIdentity 17
#define TPM_KEY_DELEGATE_ActivateIdentity 16
#define TPM_KEY_DELEGATE_GetAuditDigestSigned 15
#define TPM_KEY_DELEGATE_Sign 14
#define TPM_KEY_DELEGATE_CertifyKey2 13
#define TPM_KEY_DELEGATE_CertifyKey 12
#define TPM_KEY_DELEGATE_CreateWrapKey 11
#define TPM_KEY_DELEGATE_CMK_CreateBlob 10
#define TPM_KEY_DELEGATE_CreateMigrationBlob 9
#define TPM_KEY_DELEGATE_ConvertMigrationBlob 8
#define TPM_KEY_DELEGATE_Delegate_CreateKeyDelegation 7
#define TPM_KEY_DELEGATE_ChangeAuth 6
#define TPM_KEY_DELEGATE_GetPubKey 5
#define TPM_KEY_DELEGATE_UnBind 4
#define TPM_KEY_DELEGATE_Quote 3
#define TPM_KEY_DELEGATE_Unseal 2
#define TPM_KEY_DELEGATE_Seal 1
#define TPM_KEY_DELEGATE_LoadKey 0
/* Per2 bits */
#define TPM_KEY_DELEGATE_PER2_MASK 0x00000000 /* mask of legal bits */
/* All reserved */
/* 20.3 TPM_FAMILY_FLAGS rev 87
These flags indicate the operational state of the delegation and family table. These flags
are additions to TPM_PERMANENT_FLAGS and are not stand alone values.
*/
#define TPM_DELEGATE_ADMIN_LOCK 0x00000002 /* TRUE: Some TPM_Delegate_XXX commands are locked and
return TPM_DELEGATE_LOCK
FALSE: TPM_Delegate_XXX commands are available
Default is FALSE */
#define TPM_FAMFLAG_ENABLED 0x00000001 /* When TRUE the table is enabled. The default value is
FALSE. */
/* 20.14 TPM_FAMILY_OPERATION Values rev 87
These are the opFlag values used by TPM_Delegate_Manage.
*/
#define TPM_FAMILY_CREATE 0x00000001 /* Create a new family */
#define TPM_FAMILY_ENABLE 0x00000002 /* Set or reset the enable flag for this family. */
#define TPM_FAMILY_ADMIN 0x00000003 /* Prevent administration of this family. */
#define TPM_FAMILY_INVALIDATE 0x00000004 /* Invalidate a specific family row. */
/* 21.9 TPM_DA_STATE rev 100
TPM_DA_STATE enumerates the possible states of the dictionary attack mitigation logic.
*/
#define TPM_DA_STATE_INACTIVE 0x00 /* The dictionary attack mitigation logic is currently
inactive */
#define TPM_DA_STATE_ACTIVE 0x01 /* The dictionary attack mitigation logic is
active. TPM_DA_ACTION_TYPE (21.10) is in progress. */
/* 21.10 TPM_DA_ACTION_TYPE rev 100
*/
/* 31-4 Reserved No information and MUST be FALSE */
#define TPM_DA_ACTION_FAILURE_MODE 0x00000008 /* bit 3: The TPM is in failure mode. */
#define TPM_DA_ACTION_DEACTIVATE 0x00000004 /* bit 2: The TPM is in the deactivated state. */
#define TPM_DA_ACTION_DISABLE 0x00000002 /* bit 1: The TPM is in the disabled state. */
#define TPM_DA_ACTION_TIMEOUT 0x00000001 /* bit 0: The TPM will be in a locked state for
TPM_DA_INFO -> actionDependValue seconds. This
value is dynamic, depending on the time the
lock has been active. */
/* 22. DAA Structures rev 91
All byte and bit areas are byte arrays treated as large integers
*/
#define DAA_SIZE_r0 43
#define DAA_SIZE_r1 43
#define DAA_SIZE_r2 128
#define DAA_SIZE_r3 168
#define DAA_SIZE_r4 219
#define DAA_SIZE_NT 20
#define DAA_SIZE_v0 128
#define DAA_SIZE_v1 192
#define DAA_SIZE_NE 256
#define DAA_SIZE_w 256
#define DAA_SIZE_issuerModulus 256
/* check that DAA_SIZE_issuerModulus will fit in DAA_scratch */
#if (DAA_SIZE_issuerModulus != 256)
#error "DAA_SIZE_issuerModulus must be 256"
#endif
/* 22.2 Constant definitions rev 91 */
#define DAA_power0 104
#define DAA_power1 1024
#endif
|
