From: "Hamit Can Karaca" <hckaraca99@gmail.com>
To: Laszlo Ersek <lersek@redhat.com>,devel@edk2.groups.io
Subject: Re: [edk2-devel] TPM2 NVM WRITE IN EDK2
Date: Wed, 15 Nov 2023 04:03:05 -0800 [thread overview]
Message-ID: <2967.1700049785284722966@groups.io> (raw)
In-Reply-To: <2c9a73ee-34e7-3dd8-3ff9-fef6df0336e6@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 4920 bytes --]
Thanks for your Laszlo,
I am using the functions that are available in EDK2 TpmCommandLib. I am not sure where I fail because all the structs that I use are those which are given in EDK2. I will add my code below. It would be very nice If you could check my code. If you have examples where you use Tpm2DefineSpace and Tpm2NvWrite functions, can you please share with me?
EFI_STATUS
EFIAPI
DefineSpaceTPM2 (
)
{
EFI_STATUS Status;
UINT32 authSize;
ORIG_AUTH_AREA authArea;
TPM2_NV_DEFINE_SPACE_COMMAND CmdBuffer;
UINT32 CmdBufferSize;
TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;
UINT32 RecvBufferSize;
ORIG_NV_PUBLIC publicInfo;
// Auth Area
authArea.sessionHandle = SwapBytes32(TPM_RS_PW);
authArea.nonceSizeZero = SwapBytes16( 0 );
authArea.sessionAttributes.continueSession = 0 ;
authArea.sessionAttributes.auditExclusive = 0 ;
authArea.sessionAttributes.auditReset = 0 ;
authArea.sessionAttributes.reserved3_4 = 0 ;
authArea.sessionAttributes.decrypt = 0 ;
authArea.sessionAttributes.encrypt = 0 ;
authArea.sessionAttributes.audit = 0 ;
authArea.hmacSizeZero = SwapBytes16( 0 );
authSize = sizeof (authArea);
// publicInfo area
publicInfo.nvIndex = SwapBytes32(NV_INDEX_FIRST + 0x10 );
publicInfo.nameAlg = SwapBytes16(TPM_ALG_SHA256);
publicInfo.attributes = SwapBytes32( 0x20f500f );
publicInfo.authPolicySizeZero = SwapBytes16( 0 );
publicInfo.dataSize = SwapBytes16( 16 );
publicInfo.size = SwapBytes16( sizeof (publicInfo) - sizeof (publicInfo.size));
// set parameters
CmdBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
CmdBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);
CmdBuffer.authHandle = SwapBytes32(TPM_RH_OWNER);
CmdBuffer.authSize = SwapBytes32(authSize);
CmdBuffer.authArea = authArea;
CmdBuffer.authSizeZero = SwapBytes16( 0 );
CmdBuffer.publicInfo = publicInfo;
CmdBufferSize = sizeof (CmdBuffer.Header) + sizeof (CmdBuffer.authHandle) + sizeof (CmdBuffer.authSize) +
sizeof (CmdBuffer.authArea) + sizeof (CmdBuffer.authSizeZero) + sizeof (CmdBuffer.publicInfo);
CmdBuffer.Header.paramSize = SwapBytes32(CmdBufferSize);
// send TPM command
DEBUG((DEBUG_INFO, "DefineSpaceTPM2 Sending..\n" ));
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (CmdBufferSize, (UINT8*)&CmdBuffer, &RecvBufferSize, (UINT8*)&RecvBuffer);
if (Status != EFI_SUCCESS) {
DEBUG((DEBUG_INFO, "Code couldn't be submitted\n" ));
return Status;
}
UINT32 res = SwapBytes32(RecvBuffer.Header.responseCode);
if (res != TPM_RC_SUCCESS) {
DEBUG ((EFI_D_ERROR, "DefineSpaceTPM2 - responseCode - %x\n" , res));
}
return Status;
}
EFI_STATUS
EFIAPI
WriteToDefinedSpace (
)
{
EFI_STATUS Status;
TPMI_RH_NV_AUTH AuthHandle;
TPMS_AUTH_COMMAND *AuthSession;
TPM2B_MAX_BUFFER *InData,
UINT16 Offset
AuthSession = (TPMS_AUTH_COMMAND*) AllocateZeroPool ( sizeof (TPMS_AUTH_COMMAND));
OutData = (TPM2B_MAX_BUFFER *) AllocateZeroPool ( sizeof (TPM2B_MAX_BUFFER));
InData = (TPM2B_MAX_BUFFER *) AllocateZeroPool ( sizeof (TPM2B_MAX_BUFFER));
//MAX_DIGEST_BUFFER is default and the value is 1024
OutData->size = MAX_DIGEST_BUFFER * sizeof (BYTE);
InData->size = MAX_DIGEST_BUFFER * sizeof (BYTE);
Size = 0x2 ;
Offset = 0x0 ;
InData->buffer[ 0 ] = 0xC ;
InData->buffer[ 1 ] = 0xC ;
AuthSession->sessionHandle = TPM_RS_PW;
AuthSession->nonce.size = 0 ;
CopyMem (AuthSession->nonce.buffer, NULL , 64 * sizeof (BYTE));
AuthSession->sessionAttributes.continueSession = 0 ;
AuthSession->sessionAttributes.auditExclusive = 0 ;
AuthSession->sessionAttributes.auditReset = 0 ;
AuthSession->sessionAttributes.reserved3_4 = 0 ;
AuthSession->sessionAttributes.decrypt = 0 ;
AuthSession->sessionAttributes.encrypt = 0 ;
AuthSession->sessionAttributes.audit = 0 ;
AuthSession->hmac.size = 0 ;
CopyMem (AuthSession->hmac.buffer, NULL , 64 * sizeof (BYTE));
AuthHandle = TPM_RH_OWNER;
Status = Tpm2NvWrite (AuthHandle, NV_INDEX_FIRST + 0x10 , AuthSession, InData, Offset);
if (Status != EFI_SUCCESS){
DEBUG((DEBUG_INFO, "Tpm2NvWrite Status at WriteToDefinedSpace Tpm: %r\n" , Status));
}
return Status;
}
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111268): https://edk2.groups.io/g/devel/message/111268
Mute This Topic: https://groups.io/mt/102510897/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 371813 bytes --]
next prev parent reply other threads:[~2023-11-15 12:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 10:39 [edk2-devel] TPM2 NVM WRITE IN EDK2 Hamit Can Karaca
2023-11-13 12:57 ` Laszlo Ersek
2023-11-15 12:03 ` Hamit Can Karaca [this message]
2023-11-15 13:15 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2967.1700049785284722966@groups.io \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox