* [edk2-devel] TPM2 NVM WRITE IN EDK2 @ 2023-11-09 10:39 Hamit Can Karaca 2023-11-13 12:57 ` Laszlo Ersek 0 siblings, 1 reply; 4+ messages in thread From: Hamit Can Karaca @ 2023-11-09 10:39 UTC (permalink / raw) To: devel [-- Attachment #1: Type: text/plain, Size: 851 bytes --] Hello, I am a young UEFI developer and I am trying to use the functions in Tpm2CommandLib to write data to TPM2. I have defined the index that, I am going to write data to, using the DefineSpace function. But whenever I am trying to use the Tpm2NvWrite function, I keep getting EFI_DEVICE_ERROR with a response code 0x1D5. Is there anything to do before Tpm2NvWrite that I don't know or do I use the wrong parameters? If anyone has used these functions please let me know, thanks! -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111050): https://edk2.groups.io/g/devel/message/111050 Mute This Topic: https://groups.io/mt/102510897/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- [-- Attachment #2: Type: text/html, Size: 1799 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] TPM2 NVM WRITE IN EDK2 2023-11-09 10:39 [edk2-devel] TPM2 NVM WRITE IN EDK2 Hamit Can Karaca @ 2023-11-13 12:57 ` Laszlo Ersek 2023-11-15 12:03 ` Hamit Can Karaca 0 siblings, 1 reply; 4+ messages in thread From: Laszlo Ersek @ 2023-11-13 12:57 UTC (permalink / raw) To: devel, hckaraca99 On 11/9/23 11:39, Hamit Can Karaca wrote: > Hello, > I am a young UEFI developer and I am trying to use the functions in > Tpm2CommandLib to write data to TPM2. I have defined the index that, I > am going to write data to, using the DefineSpace function. But whenever > I am trying to use the Tpm2NvWrite function, I keep getting > EFI_DEVICE_ERROR with a response code 0x1D5. Is there anything to do > before Tpm2NvWrite that I don't know or do I use the wrong parameters? > If anyone has used these functions please let me know, thanks! I think this should be possible to explain from the TPM2 spec, part 2, "structures". Response code 0x1D5 is binary 111010101. Bit 7 is set, therefore we have to look at the format-1 RC structure: 0001 1 1 010101 ---- - - ------ N F P E N=1 (1-based parameter that the error refers to) F=1 (format-1 response) P=1 (error is associated with a parameter) E=0x15 (error number) In Table 16, RC_FMT1 (value 0x80 -- F bit, or bit 7) says "This bit is SET in all format 1 response codes. The codes in this group may have a value added to them to indicate the handle, session, or parameter to which they apply". Indeed, we have P=1 (error is associated with parameter) and N=1 (1-based parameter number related to the error is 1). Thus, we have TPM_RC_SIZE (= RC_FMT1 + 0x015, 0x95, to which we add P=1 (0x40) and N=1 (0x100) for getting 0x1D5): TPM_RC_SIZE: structure is the wrong size In other words, whatever command you are sending, the TPM seems to reply with "parameter 1 of your command is incorrectly sized". Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111151): https://edk2.groups.io/g/devel/message/111151 Mute This Topic: https://groups.io/mt/102510897/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] TPM2 NVM WRITE IN EDK2 2023-11-13 12:57 ` Laszlo Ersek @ 2023-11-15 12:03 ` Hamit Can Karaca 2023-11-15 13:15 ` Laszlo Ersek 0 siblings, 1 reply; 4+ messages in thread From: Hamit Can Karaca @ 2023-11-15 12:03 UTC (permalink / raw) To: Laszlo Ersek, devel [-- Attachment #1: Type: text/plain, Size: 4920 bytes --] Thanks for your Laszlo, I am using the functions that are available in EDK2 TpmCommandLib. I am not sure where I fail because all the structs that I use are those which are given in EDK2. I will add my code below. It would be very nice If you could check my code. If you have examples where you use Tpm2DefineSpace and Tpm2NvWrite functions, can you please share with me? EFI_STATUS EFIAPI DefineSpaceTPM2 ( ) { EFI_STATUS Status; UINT32 authSize; ORIG_AUTH_AREA authArea; TPM2_NV_DEFINE_SPACE_COMMAND CmdBuffer; UINT32 CmdBufferSize; TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer; UINT32 RecvBufferSize; ORIG_NV_PUBLIC publicInfo; // Auth Area authArea.sessionHandle = SwapBytes32(TPM_RS_PW); authArea.nonceSizeZero = SwapBytes16( 0 ); authArea.sessionAttributes.continueSession = 0 ; authArea.sessionAttributes.auditExclusive = 0 ; authArea.sessionAttributes.auditReset = 0 ; authArea.sessionAttributes.reserved3_4 = 0 ; authArea.sessionAttributes.decrypt = 0 ; authArea.sessionAttributes.encrypt = 0 ; authArea.sessionAttributes.audit = 0 ; authArea.hmacSizeZero = SwapBytes16( 0 ); authSize = sizeof (authArea); // publicInfo area publicInfo.nvIndex = SwapBytes32(NV_INDEX_FIRST + 0x10 ); publicInfo.nameAlg = SwapBytes16(TPM_ALG_SHA256); publicInfo.attributes = SwapBytes32( 0x20f500f ); publicInfo.authPolicySizeZero = SwapBytes16( 0 ); publicInfo.dataSize = SwapBytes16( 16 ); publicInfo.size = SwapBytes16( sizeof (publicInfo) - sizeof (publicInfo.size)); // set parameters CmdBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); CmdBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace); CmdBuffer.authHandle = SwapBytes32(TPM_RH_OWNER); CmdBuffer.authSize = SwapBytes32(authSize); CmdBuffer.authArea = authArea; CmdBuffer.authSizeZero = SwapBytes16( 0 ); CmdBuffer.publicInfo = publicInfo; CmdBufferSize = sizeof (CmdBuffer.Header) + sizeof (CmdBuffer.authHandle) + sizeof (CmdBuffer.authSize) + sizeof (CmdBuffer.authArea) + sizeof (CmdBuffer.authSizeZero) + sizeof (CmdBuffer.publicInfo); CmdBuffer.Header.paramSize = SwapBytes32(CmdBufferSize); // send TPM command DEBUG((DEBUG_INFO, "DefineSpaceTPM2 Sending..\n" )); RecvBufferSize = sizeof (RecvBuffer); Status = Tpm2SubmitCommand (CmdBufferSize, (UINT8*)&CmdBuffer, &RecvBufferSize, (UINT8*)&RecvBuffer); if (Status != EFI_SUCCESS) { DEBUG((DEBUG_INFO, "Code couldn't be submitted\n" )); return Status; } UINT32 res = SwapBytes32(RecvBuffer.Header.responseCode); if (res != TPM_RC_SUCCESS) { DEBUG ((EFI_D_ERROR, "DefineSpaceTPM2 - responseCode - %x\n" , res)); } return Status; } EFI_STATUS EFIAPI WriteToDefinedSpace ( ) { EFI_STATUS Status; TPMI_RH_NV_AUTH AuthHandle; TPMS_AUTH_COMMAND *AuthSession; TPM2B_MAX_BUFFER *InData, UINT16 Offset AuthSession = (TPMS_AUTH_COMMAND*) AllocateZeroPool ( sizeof (TPMS_AUTH_COMMAND)); OutData = (TPM2B_MAX_BUFFER *) AllocateZeroPool ( sizeof (TPM2B_MAX_BUFFER)); InData = (TPM2B_MAX_BUFFER *) AllocateZeroPool ( sizeof (TPM2B_MAX_BUFFER)); //MAX_DIGEST_BUFFER is default and the value is 1024 OutData->size = MAX_DIGEST_BUFFER * sizeof (BYTE); InData->size = MAX_DIGEST_BUFFER * sizeof (BYTE); Size = 0x2 ; Offset = 0x0 ; InData->buffer[ 0 ] = 0xC ; InData->buffer[ 1 ] = 0xC ; AuthSession->sessionHandle = TPM_RS_PW; AuthSession->nonce.size = 0 ; CopyMem (AuthSession->nonce.buffer, NULL , 64 * sizeof (BYTE)); AuthSession->sessionAttributes.continueSession = 0 ; AuthSession->sessionAttributes.auditExclusive = 0 ; AuthSession->sessionAttributes.auditReset = 0 ; AuthSession->sessionAttributes.reserved3_4 = 0 ; AuthSession->sessionAttributes.decrypt = 0 ; AuthSession->sessionAttributes.encrypt = 0 ; AuthSession->sessionAttributes.audit = 0 ; AuthSession->hmac.size = 0 ; CopyMem (AuthSession->hmac.buffer, NULL , 64 * sizeof (BYTE)); AuthHandle = TPM_RH_OWNER; Status = Tpm2NvWrite (AuthHandle, NV_INDEX_FIRST + 0x10 , AuthSession, InData, Offset); if (Status != EFI_SUCCESS){ DEBUG((DEBUG_INFO, "Tpm2NvWrite Status at WriteToDefinedSpace Tpm: %r\n" , Status)); } return Status; } -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111268): https://edk2.groups.io/g/devel/message/111268 Mute This Topic: https://groups.io/mt/102510897/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- [-- Attachment #2: Type: text/html, Size: 371813 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] TPM2 NVM WRITE IN EDK2 2023-11-15 12:03 ` Hamit Can Karaca @ 2023-11-15 13:15 ` Laszlo Ersek 0 siblings, 0 replies; 4+ messages in thread From: Laszlo Ersek @ 2023-11-15 13:15 UTC (permalink / raw) To: Hamit Can Karaca, devel On 11/15/23 13:03, Hamit Can Karaca wrote: > Thanks for your Laszlo, > > I am using the functions that are available in EDK2 TpmCommandLib. I am > not sure where I fail because all the structs that I use are those which > are given in EDK2. I will add my code below. It would be very nice If > you could check my code. If you have examples where you use > Tpm2DefineSpace and Tpm2NvWrite functions, can you please share with me? Sorry, I have zero TPM programming experience; I've only checked the TCG specs for responding earlier... I suggest adding DEBUG macro invocations all around the problematic code path, and narrowing down the issue as much as possible. You might want to test on a different TPM chip as well (different physical board, or maybe try swtpm with QEMU / OVMF). Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111275): https://edk2.groups.io/g/devel/message/111275 Mute This Topic: https://groups.io/mt/102510897/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-15 13:15 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-11-09 10:39 [edk2-devel] TPM2 NVM WRITE IN EDK2 Hamit Can Karaca 2023-11-13 12:57 ` Laszlo Ersek 2023-11-15 12:03 ` Hamit Can Karaca 2023-11-15 13:15 ` Laszlo Ersek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox