* [edk2-devel] TPM2 NVM WRITE IN EDK2
@ 2023-11-09 10:39 Hamit Can Karaca
2023-11-13 12:57 ` Laszlo Ersek
0 siblings, 1 reply; 4+ messages in thread
From: Hamit Can Karaca @ 2023-11-09 10:39 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 851 bytes --]
Hello,
I am a young UEFI developer and I am trying to use the functions in Tpm2CommandLib to write data to TPM2. I have defined the index that, I am going to write data to, using the DefineSpace function. But whenever I am trying to use the Tpm2NvWrite function, I keep getting EFI_DEVICE_ERROR with a response code 0x1D5. Is there anything to do before Tpm2NvWrite that I don't know or do I use the wrong parameters?
If anyone has used these functions please let me know, thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111050): https://edk2.groups.io/g/devel/message/111050
Mute This Topic: https://groups.io/mt/102510897/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 1799 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] TPM2 NVM WRITE IN EDK2
2023-11-09 10:39 [edk2-devel] TPM2 NVM WRITE IN EDK2 Hamit Can Karaca
@ 2023-11-13 12:57 ` Laszlo Ersek
2023-11-15 12:03 ` Hamit Can Karaca
0 siblings, 1 reply; 4+ messages in thread
From: Laszlo Ersek @ 2023-11-13 12:57 UTC (permalink / raw)
To: devel, hckaraca99
On 11/9/23 11:39, Hamit Can Karaca wrote:
> Hello,
> I am a young UEFI developer and I am trying to use the functions in
> Tpm2CommandLib to write data to TPM2. I have defined the index that, I
> am going to write data to, using the DefineSpace function. But whenever
> I am trying to use the Tpm2NvWrite function, I keep getting
> EFI_DEVICE_ERROR with a response code 0x1D5. Is there anything to do
> before Tpm2NvWrite that I don't know or do I use the wrong parameters?
> If anyone has used these functions please let me know, thanks!
I think this should be possible to explain from the TPM2 spec, part 2,
"structures".
Response code 0x1D5 is binary 111010101. Bit 7 is set, therefore we have
to look at the format-1 RC structure:
0001 1 1 010101
---- - - ------
N F P E
N=1 (1-based parameter that the error refers to)
F=1 (format-1 response)
P=1 (error is associated with a parameter)
E=0x15 (error number)
In Table 16, RC_FMT1 (value 0x80 -- F bit, or bit 7) says "This bit is
SET in all format 1 response codes. The codes in this group may have a
value added to them to indicate the handle, session, or parameter
to which they apply". Indeed, we have P=1 (error is associated with
parameter) and N=1 (1-based parameter number related to the error is 1).
Thus, we have TPM_RC_SIZE (= RC_FMT1 + 0x015, 0x95, to which we add P=1
(0x40) and N=1 (0x100) for getting 0x1D5):
TPM_RC_SIZE: structure is the wrong size
In other words, whatever command you are sending, the TPM seems to reply
with "parameter 1 of your command is incorrectly sized".
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111151): https://edk2.groups.io/g/devel/message/111151
Mute This Topic: https://groups.io/mt/102510897/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] TPM2 NVM WRITE IN EDK2
2023-11-13 12:57 ` Laszlo Ersek
@ 2023-11-15 12:03 ` Hamit Can Karaca
2023-11-15 13:15 ` Laszlo Ersek
0 siblings, 1 reply; 4+ messages in thread
From: Hamit Can Karaca @ 2023-11-15 12:03 UTC (permalink / raw)
To: Laszlo Ersek, devel
[-- Attachment #1: Type: text/plain, Size: 4920 bytes --]
Thanks for your Laszlo,
I am using the functions that are available in EDK2 TpmCommandLib. I am not sure where I fail because all the structs that I use are those which are given in EDK2. I will add my code below. It would be very nice If you could check my code. If you have examples where you use Tpm2DefineSpace and Tpm2NvWrite functions, can you please share with me?
EFI_STATUS
EFIAPI
DefineSpaceTPM2 (
)
{
EFI_STATUS Status;
UINT32 authSize;
ORIG_AUTH_AREA authArea;
TPM2_NV_DEFINE_SPACE_COMMAND CmdBuffer;
UINT32 CmdBufferSize;
TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer;
UINT32 RecvBufferSize;
ORIG_NV_PUBLIC publicInfo;
// Auth Area
authArea.sessionHandle = SwapBytes32(TPM_RS_PW);
authArea.nonceSizeZero = SwapBytes16( 0 );
authArea.sessionAttributes.continueSession = 0 ;
authArea.sessionAttributes.auditExclusive = 0 ;
authArea.sessionAttributes.auditReset = 0 ;
authArea.sessionAttributes.reserved3_4 = 0 ;
authArea.sessionAttributes.decrypt = 0 ;
authArea.sessionAttributes.encrypt = 0 ;
authArea.sessionAttributes.audit = 0 ;
authArea.hmacSizeZero = SwapBytes16( 0 );
authSize = sizeof (authArea);
// publicInfo area
publicInfo.nvIndex = SwapBytes32(NV_INDEX_FIRST + 0x10 );
publicInfo.nameAlg = SwapBytes16(TPM_ALG_SHA256);
publicInfo.attributes = SwapBytes32( 0x20f500f );
publicInfo.authPolicySizeZero = SwapBytes16( 0 );
publicInfo.dataSize = SwapBytes16( 16 );
publicInfo.size = SwapBytes16( sizeof (publicInfo) - sizeof (publicInfo.size));
// set parameters
CmdBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
CmdBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace);
CmdBuffer.authHandle = SwapBytes32(TPM_RH_OWNER);
CmdBuffer.authSize = SwapBytes32(authSize);
CmdBuffer.authArea = authArea;
CmdBuffer.authSizeZero = SwapBytes16( 0 );
CmdBuffer.publicInfo = publicInfo;
CmdBufferSize = sizeof (CmdBuffer.Header) + sizeof (CmdBuffer.authHandle) + sizeof (CmdBuffer.authSize) +
sizeof (CmdBuffer.authArea) + sizeof (CmdBuffer.authSizeZero) + sizeof (CmdBuffer.publicInfo);
CmdBuffer.Header.paramSize = SwapBytes32(CmdBufferSize);
// send TPM command
DEBUG((DEBUG_INFO, "DefineSpaceTPM2 Sending..\n" ));
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (CmdBufferSize, (UINT8*)&CmdBuffer, &RecvBufferSize, (UINT8*)&RecvBuffer);
if (Status != EFI_SUCCESS) {
DEBUG((DEBUG_INFO, "Code couldn't be submitted\n" ));
return Status;
}
UINT32 res = SwapBytes32(RecvBuffer.Header.responseCode);
if (res != TPM_RC_SUCCESS) {
DEBUG ((EFI_D_ERROR, "DefineSpaceTPM2 - responseCode - %x\n" , res));
}
return Status;
}
EFI_STATUS
EFIAPI
WriteToDefinedSpace (
)
{
EFI_STATUS Status;
TPMI_RH_NV_AUTH AuthHandle;
TPMS_AUTH_COMMAND *AuthSession;
TPM2B_MAX_BUFFER *InData,
UINT16 Offset
AuthSession = (TPMS_AUTH_COMMAND*) AllocateZeroPool ( sizeof (TPMS_AUTH_COMMAND));
OutData = (TPM2B_MAX_BUFFER *) AllocateZeroPool ( sizeof (TPM2B_MAX_BUFFER));
InData = (TPM2B_MAX_BUFFER *) AllocateZeroPool ( sizeof (TPM2B_MAX_BUFFER));
//MAX_DIGEST_BUFFER is default and the value is 1024
OutData->size = MAX_DIGEST_BUFFER * sizeof (BYTE);
InData->size = MAX_DIGEST_BUFFER * sizeof (BYTE);
Size = 0x2 ;
Offset = 0x0 ;
InData->buffer[ 0 ] = 0xC ;
InData->buffer[ 1 ] = 0xC ;
AuthSession->sessionHandle = TPM_RS_PW;
AuthSession->nonce.size = 0 ;
CopyMem (AuthSession->nonce.buffer, NULL , 64 * sizeof (BYTE));
AuthSession->sessionAttributes.continueSession = 0 ;
AuthSession->sessionAttributes.auditExclusive = 0 ;
AuthSession->sessionAttributes.auditReset = 0 ;
AuthSession->sessionAttributes.reserved3_4 = 0 ;
AuthSession->sessionAttributes.decrypt = 0 ;
AuthSession->sessionAttributes.encrypt = 0 ;
AuthSession->sessionAttributes.audit = 0 ;
AuthSession->hmac.size = 0 ;
CopyMem (AuthSession->hmac.buffer, NULL , 64 * sizeof (BYTE));
AuthHandle = TPM_RH_OWNER;
Status = Tpm2NvWrite (AuthHandle, NV_INDEX_FIRST + 0x10 , AuthSession, InData, Offset);
if (Status != EFI_SUCCESS){
DEBUG((DEBUG_INFO, "Tpm2NvWrite Status at WriteToDefinedSpace Tpm: %r\n" , Status));
}
return Status;
}
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111268): https://edk2.groups.io/g/devel/message/111268
Mute This Topic: https://groups.io/mt/102510897/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 371813 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] TPM2 NVM WRITE IN EDK2
2023-11-15 12:03 ` Hamit Can Karaca
@ 2023-11-15 13:15 ` Laszlo Ersek
0 siblings, 0 replies; 4+ messages in thread
From: Laszlo Ersek @ 2023-11-15 13:15 UTC (permalink / raw)
To: Hamit Can Karaca, devel
On 11/15/23 13:03, Hamit Can Karaca wrote:
> Thanks for your Laszlo,
>
> I am using the functions that are available in EDK2 TpmCommandLib. I am
> not sure where I fail because all the structs that I use are those which
> are given in EDK2. I will add my code below. It would be very nice If
> you could check my code. If you have examples where you use
> Tpm2DefineSpace and Tpm2NvWrite functions, can you please share with me?
Sorry, I have zero TPM programming experience; I've only checked the TCG
specs for responding earlier...
I suggest adding DEBUG macro invocations all around the problematic code
path, and narrowing down the issue as much as possible. You might want
to test on a different TPM chip as well (different physical board, or
maybe try swtpm with QEMU / OVMF).
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111275): https://edk2.groups.io/g/devel/message/111275
Mute This Topic: https://groups.io/mt/102510897/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-15 13:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-09 10:39 [edk2-devel] TPM2 NVM WRITE IN EDK2 Hamit Can Karaca
2023-11-13 12:57 ` Laszlo Ersek
2023-11-15 12:03 ` Hamit Can Karaca
2023-11-15 13:15 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox