1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
/* TPM Lightweight Command Library.
*
* A low-level library for interfacing to TPM hardware or an emulator.
*/
/* FIXME(gauravsh):
* NOTE: This file is copied over from
* src/platform/tpm_lite/src/tlcl/tlcl.h
* Ideally, we want to directly include it without having two maintain
* duplicate copies in sync. But in the current model, this is hard
* to do without breaking standalone compilation.
* Eventually tpm_lite should be moved into vboot_reference.
*
* FURTHER NOTE: The subset of TPM error codes relevant to verified boot
* (TPM_SUCCESS, etc.) are in tss_constants.h. A full list of TPM error codes
* are in /usr/include/tss/tpm_error.h, from the trousers package.
*/
#ifndef TPM_LITE_TLCL_H_
#define TPM_LITE_TLCL_H_
#include "sysincludes.h"
/* Call this first.
*/
void TlclLibInit(void);
/* Sends a TPM_Startup(ST_CLEAR). Note that this is a no-op for the emulator,
* because it runs this command during initialization. The TPM error code is
* returned (0 for success).
*/
uint32_t TlclStartup(void);
/* Run the self test. Note---this is synchronous. To run this in parallel
* with other firmware, use ContinueSelfTest. The TPM error code is returned.
*/
uint32_t TlclSelftestfull(void);
/* Runs the self test in the background. The TPM error code is returned.
*/
uint32_t TlclContinueSelfTest(void);
/* Defines a space with permission [perm]. [index] is the index for the space,
* [size] the usable data size. The TPM error code is returned.
*/
uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size);
/* Writes [length] bytes of [data] to space at [index]. The TPM error code is
* returned.
*/
uint32_t TlclWrite(uint32_t index, uint8_t *data, uint32_t length);
/* Reads [length] bytes from space at [index] into [data]. The TPM error code
* is returned.
*/
uint32_t TlclRead(uint32_t index, uint8_t *data, uint32_t length);
/* Write-locks space at [index]. The TPM error code is returned.
*/
uint32_t TlclWriteLock(uint32_t index);
/* Read-locks space at [index]. The TPM error code is returned.
*/
uint32_t TlclReadLock(uint32_t index);
/* Asserts physical presence in software. The TPM error code is returned.
*/
uint32_t TlclAssertPhysicalPresence(void);
/* Turns off physical presence and locks it off until next reboot. The TPM
* error code is returned.
*/
uint32_t TlclLockPhysicalPresence(void);
/* Sets the nvLocked bit. The TPM error code is returned.
*/
uint32_t TlclSetNvLocked(void);
/* Returns 1 if the TPM is owned, 0 otherwise.
*/
int TlclIsOwned(void);
/* Issues a ForceClear. The TPM error code is returned.
*/
uint32_t TlclForceClear(void);
/* Issues a SetEnable. The TPM error code is returned.
*/
uint32_t TlclSetEnable(void);
/* Issues a SetDeactivated. Pass 0 to activate. Returns result code.
*/
uint32_t TlclSetDeactivated(uint8_t flag);
/* Gets flags of interest. (Add more here as needed.) The TPM error code is
* returned.
*/
uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated);
/* Sets the bGlobalLock flag, which only a reboot can clear. The TPM error
* code is returned.
*/
uint32_t TlclSetGlobalLock(void);
/* Gets the permission bits for the NVRAM space with |index|.
*/
uint32_t TlclGetPermissions(uint32_t index, uint32_t* permissions);
#endif /* TPM_LITE_TLCL_H_ */
|
