Functions | |
EFI_STATUS EFIAPI | Tpm2PolicySecret (IN TPMI_DH_ENTITY AuthHandle, IN TPMI_SH_POLICY PolicySession, IN TPMS_AUTH_COMMAND *AuthSession, IN TPM2B_NONCE *NonceTPM, IN TPM2B_DIGEST *CpHashA, IN TPM2B_NONCE *PolicyRef, IN INT32 Expiration, OUT TPM2B_TIMEOUT *Timeout, OUT TPMT_TK_AUTH *PolicyTicket) |
EFI_STATUS EFIAPI | Tpm2PolicyOR (IN TPMI_SH_POLICY PolicySession, IN TPML_DIGEST *HashList) |
EFI_STATUS EFIAPI | Tpm2PolicyCommandCode (IN TPMI_SH_POLICY PolicySession, IN TPM_CC Code) |
EFI_STATUS EFIAPI | Tpm2PolicyGetDigest (IN TPMI_SH_POLICY PolicySession, OUT TPM2B_DIGEST *PolicyHash) |
Copyright (c) 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
EFI_STATUS EFIAPI Tpm2PolicyCommandCode | ( | IN TPMI_SH_POLICY | PolicySession, | |
IN TPM_CC | Code | |||
) |
This command indicates that the authorization will be limited to a specific command code.
[in] | PolicySession | Handle for the policy session being extended. |
[in] | Code | The allowed commandCode. |
EFI_SUCCESS | Operation completed successfully. | |
EFI_DEVICE_ERROR | The command was unsuccessful. |
References EFI_STATUS(), and Tpm2SubmitCommand().
EFI_STATUS EFIAPI Tpm2PolicyGetDigest | ( | IN TPMI_SH_POLICY | PolicySession, | |
OUT TPM2B_DIGEST * | PolicyHash | |||
) |
This command returns the current policyDigest of the session. This command allows the TPM to be used to perform the actions required to precompute the authPolicy for an object.
[in] | PolicySession | Handle for the policy session. |
[out] | PolicyHash | the current value of the policyHash of policySession. |
EFI_SUCCESS | Operation completed successfully. | |
EFI_DEVICE_ERROR | The command was unsuccessful. |
References EFI_STATUS(), and Tpm2SubmitCommand().
EFI_STATUS EFIAPI Tpm2PolicyOR | ( | IN TPMI_SH_POLICY | PolicySession, | |
IN TPML_DIGEST * | HashList | |||
) |
This command allows options in authorizations without requiring that the TPM evaluate all of the options. If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that satisfies the policy. This command will indicate that one of the required sets of conditions has been satisfied.
[in] | PolicySession | Handle for the policy session being extended. |
[in] | HashList | the list of hashes to check for a match. |
EFI_SUCCESS | Operation completed successfully. | |
EFI_DEVICE_ERROR | The command was unsuccessful. |
References EFI_STATUS(), Tpm2SubmitCommand(), and UINTN().
EFI_STATUS EFIAPI Tpm2PolicySecret | ( | IN TPMI_DH_ENTITY | AuthHandle, | |
IN TPMI_SH_POLICY | PolicySession, | |||
IN TPMS_AUTH_COMMAND * | AuthSession, | |||
IN TPM2B_NONCE * | NonceTPM, | |||
IN TPM2B_DIGEST * | CpHashA, | |||
IN TPM2B_NONCE * | PolicyRef, | |||
IN INT32 | Expiration, | |||
OUT TPM2B_TIMEOUT * | Timeout, | |||
OUT TPMT_TK_AUTH * | PolicyTicket | |||
) |
This command includes a secret-based authorization to a policy. The caller proves knowledge of the secret value using an authorization session using the authValue associated with authHandle.
[in] | AuthHandle | Handle for an entity providing the authorization |
[in] | PolicySession | Handle for the policy session being extended. |
[in] | AuthSession | Auth Session context |
[in] | NonceTPM | The policy nonce for the session. |
[in] | CpHashA | Digest of the command parameters to which this authorization is limited. |
[in] | PolicyRef | A reference to a policy relating to the authorization. |
[in] | Expiration | Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. |
[out] | Timeout | Time value used to indicate to the TPM when the ticket expires. |
[out] | PolicyTicket | A ticket that includes a value indicating when the authorization expires. |
EFI_SUCCESS | Operation completed successfully. | |
EFI_DEVICE_ERROR | The command was unsuccessful. |
References CopyAuthSessionCommand(), EFI_STATUS(), Tpm2SubmitCommand(), and UINTN().