Trusted Platform Module Library Part 2: Structures Family “2.0” Level 00 Revision 00.99 October 31, 2013 Contact: admin@trustedcomputinggroup.org Published Copyright © TCG 2006-2013 TCG Part 2: Structures Trusted Platform Module Library Licenses and Notices 1. Copyright Licenses: Trusted Computing Group (TCG) grants to the user of the source code in this specification (the “Source Code”) a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted herein. The TCG grants to the user of the other parts of the specification (other than the Source Code) the rights to reproduce, distribute, display, and perform the specification solely for the purpose of developing products based on such documents. 2. Source Code Distribution Conditions: Redistributions of Source Code must retain the above copyright licenses, this list of conditions and the following disclaimers. Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. 3. Disclaimers: THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. Contact TCG Administration (admin@trustedcomputinggroup.org) for information on specification licensing rights available through TCG membership agreements. THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Without limitation, TCG and its members and licensors disclaim all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. Any marks and brands contained herein are the property of their respective owners. Page ii October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures CONTENTS 1 Scope .................................................................................................................................................... 1 2 Terms and definitions ............................................................................................................................ 1 3 Symbols and abbreviated terms ............................................................................................................ 1 4 Notation ................................................................................................................................................. 1 4.1 Introduction ................................................................................................................................ 1 4.2 Named Constants ...................................................................................................................... 2 4.3 Data Type Aliases (typedefs) .................................................................................................... 3 4.4 Enumerations............................................................................................................................. 3 4.5 Interface Type ............................................................................................................................ 4 4.6 Arrays ........................................................................................................................................ 5 4.7 Structure Definitions .................................................................................................................. 6 4.8 Conditional Types ...................................................................................................................... 7 4.9 Unions........................................................................................................................................ 8 4.9.1 Introduction...................................................................................................................... 8 4.9.2 Union Definition ............................................................................................................... 8 4.9.3 Union Instance ................................................................................................................ 9 4.9.4 Union Selector Definition ............................................................................................... 10 4.10 Bit Field Definitions .................................................................................................................. 11 4.11 Parameter Limits ..................................................................................................................... 11 4.12 Enumeration Macro ................................................................................................................. 13 4.13 Size Checking .......................................................................................................................... 13 4.14 Data Direction .......................................................................................................................... 14 4.15 Structure Validations ............................................................................................................... 14 4.16 Name Prefix Convention .......................................................................................................... 14 4.17 Data Alignment ........................................................................................................................ 15 4.18 Parameter Unmarshaling Errors .............................................................................................. 15 5 Base Types ......................................................................................................................................... 17 5.1 Primitive Types ........................................................................................................................ 17 5.2 Miscellaneous Types ............................................................................................................... 17 6 Constants ............................................................................................................................................ 18 6.1 TPM_SPEC (Specification Version Values) ............................................................................ 18 6.2 TPM_GENERATED ................................................................................................................. 18 6.3 TPM_ALG_ID .......................................................................................................................... 19 6.4 TPM_ECC_CURVE ................................................................................................................. 22 6.5 TPM_CC (Command Codes) .................................................................................................. 22 6.5.1 Format ........................................................................................................................... 22 6.5.2 Description .................................................................................................................... 23 6.5.3 TPM_CC Listing ............................................................................................................ 24 6.6 TPM_RC (Response Codes) ................................................................................................... 28 6.6.1 Description .................................................................................................................... 28 6.6.2 Response Code Formats .............................................................................................. 29 6.6.3 TPM_RC Values ........................................................................................................... 32 6.7 TPM_CLOCK_ADJUST ........................................................................................................... 37 6.8 TPM_EO (EA Arithmetic Operands) ........................................................................................ 37 6.9 TPM_ST (Structure Tags) ....................................................................................................... 38 6.10 TPM_SU (Startup Type) .......................................................................................................... 40 6.11 TPM_SE (Session Type) ......................................................................................................... 40 6.12 TPM_CAP (Capabilities) .......................................................................................................... 41 6.13 TPM_PT (Property Tag) .......................................................................................................... 41 6.14 TPM_PT_PCR (PCR Property Tag) ........................................................................................ 47 6.15 TPM_PS (Platform Specific) .................................................................................................... 49 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page iii October 31, 2013 Part 2: Structures Trusted Platform Module Library 7 Handles ............................................................................................................................................... 50 7.1 Introduction .............................................................................................................................. 50 7.2 TPM_HT (Handle Types) ......................................................................................................... 50 7.3 Persistent Handle Sub-ranges................................................................................................. 51 7.4 TPM_RH (Permanent Handles)............................................................................................... 52 7.5 TPM_HC (Handle Value Constants) ....................................................................................... 53 8 Attribute Structures .............................................................................................................................. 55 8.1 Description ............................................................................................................................... 55 8.2 TPMA_ALGORITHM ............................................................................................................... 55 8.3 TPMA_OBJECT (Object Attributes) ........................................................................................ 55 8.3.1 Introduction.................................................................................................................... 55 8.3.2 Structure Definition ........................................................................................................ 56 8.3.3 Attribute Descriptions .................................................................................................... 57 8.3.3.1 Introduction ............................................................................................................ 57 8.3.3.2 Bit[1] – fixedTPM ................................................................................................... 57 8.3.3.3 Bit[2] – stClear ....................................................................................................... 58 8.3.3.4 Bit[4] – fixedParent ................................................................................................ 58 8.3.3.5 Bit[5] – sensitiveDataOrigin ................................................................................... 58 8.3.3.6 Bit[6] – userWithAuth............................................................................................. 59 8.3.3.7 Bit[7] – adminWithPolicy........................................................................................ 59 8.3.3.8 Bit[10] – noDA ....................................................................................................... 59 8.3.3.9 Bit[11] – encryptedDuplication .............................................................................. 60 8.3.3.10 Bit[16] – restricted ................................................................................................. 60 8.3.3.11 Bit[17] – decrypt .................................................................................................... 61 8.3.3.12 Bit[18] – sign .......................................................................................................... 61 8.4 TPMA_SESSION (Session Attributes) .................................................................................... 62 8.5 TPMA_LOCALITY (Locality Attribute) ..................................................................................... 63 8.6 TPMA_PERMANENT .............................................................................................................. 64 8.7 TPMA_STARTUP_CLEAR ...................................................................................................... 65 8.8 TPMA_MEMORY .................................................................................................................... 66 8.9 TPMA_CC (Command Code Attributes) ................................................................................. 67 8.9.1 Introduction.................................................................................................................... 67 8.9.2 Structure Definition ........................................................................................................ 67 8.9.3 Field Descriptions .......................................................................................................... 67 8.9.3.1 Bits[15:0] – commandIndex ................................................................................... 67 8.9.3.2 Bit[22] – nv ............................................................................................................ 67 8.9.3.3 Bit[23] – extensive ................................................................................................. 67 8.9.3.4 Bit[24] – flushed ..................................................................................................... 68 8.9.3.5 Bits[27:25] – cHandles .......................................................................................... 68 8.9.3.6 Bit[28] – rHandle .................................................................................................... 68 8.9.3.7 Bit[29] – V .............................................................................................................. 69 8.9.3.8 Bits[31:30] – Res ................................................................................................... 69 9 Interface Types .................................................................................................................................... 70 9.1 Introduction .............................................................................................................................. 70 9.2 TPMI_YES_NO ....................................................................................................................... 70 9.3 TPMI_DH_OBJECT ................................................................................................................. 70 9.4 TPMI_DH_PERSISTENT ........................................................................................................ 71 9.5 TPMI_DH_ENTITY .................................................................................................................. 71 9.6 TPMI_DH_PCR ....................................................................................................................... 72 9.7 TPMI_SH_AUTH_SESSION ................................................................................................... 72 9.8 TPMI_SH_HMAC .................................................................................................................... 72 9.9 TPMI_SH_POLICY .................................................................................................................. 72 9.10 TPMI_DH_CONTEXT .............................................................................................................. 73 9.11 TPMI_RH_HIERARCHY .......................................................................................................... 73 9.12 TPMI_RH_ENABLES .............................................................................................................. 73 Page iv October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 9.13 9.14 9.15 9.16 9.17 9.18 9.19 9.20 9.21 9.22 9.23 9.24 9.25 9.26 9.27 9.28 9.29 9.30 10 Part 2: Structures TPMI_RH_HIERARCHY_AUTH .............................................................................................. 74 TPMI_RH_PLATFORM ........................................................................................................... 74 TPMI_RH_OWNER ................................................................................................................. 74 TPMI_RH_ENDORSEMENT ................................................................................................... 75 TPMI_RH_PROVISION ........................................................................................................... 75 TPMI_RH_CLEAR ................................................................................................................... 75 TPMI_RH_NV_AUTH .............................................................................................................. 76 TPMI_RH_LOCKOUT ............................................................................................................. 76 TPMI_RH_NV_INDEX ............................................................................................................. 76 TPMI_ALG_HASH ................................................................................................................... 77 TPMI_ALG_ASYM (Asymmetric Algorithms) .......................................................................... 77 TPMI_ALG_SYM (Symmetric Algorithms) .............................................................................. 78 TPMI_ALG_SYM_OBJECT ..................................................................................................... 78 TPMI_ALG_SYM_MODE ........................................................................................................ 79 TPMI_ALG_KDF (Key and Mask Generation Functions) ........................................................ 79 TPMI_ALG_SIG_SCHEME ..................................................................................................... 80 TPMI_ECC_KEY_EXCHANGE ............................................................................................... 80 TPMI_ST_COMMAND_TAG ................................................................................................... 80 Structure Definitions ............................................................................................................................ 81 10.1 TPMS_ALGORITHM_DESCRIPTION .................................................................................... 81 10.2 Hash/Digest Structures ............................................................................................................ 81 10.2.1 TPMU_HA (Hash) ......................................................................................................... 81 10.2.2 TPMT_HA...................................................................................................................... 82 10.3 Sized Buffers ........................................................................................................................... 82 10.3.1 Introduction.................................................................................................................... 82 10.3.2 TPM2B_DIGEST ........................................................................................................... 83 10.3.3 TPM2B_DATA ............................................................................................................... 83 10.3.4 TPM2B_NONCE ........................................................................................................... 83 10.3.5 TPM2B_AUTH .............................................................................................................. 83 10.3.6 TPM2B_OPERAND ...................................................................................................... 84 10.3.7 TPM2B_EVENT ............................................................................................................ 84 10.3.8 TPM2B_MAX_BUFFER ................................................................................................ 84 10.3.9 TPM2B_MAX_NV_BUFFER ......................................................................................... 84 10.3.10 TPM2B_TIMEOUT ........................................................................................................ 85 10.3.11 TPM2B_IV ..................................................................................................................... 85 10.4 Names ..................................................................................................................................... 85 10.4.1 Introduction.................................................................................................................... 85 10.4.2 TPMU_NAME ................................................................................................................ 85 10.4.3 TPM2B_NAME .............................................................................................................. 86 10.5 PCR Structures ........................................................................................................................ 86 10.5.1 TPMS_PCR_SELECT ................................................................................................... 86 10.5.2 TPMS_PCR_SELECTION ............................................................................................ 87 10.6 Tickets ..................................................................................................................................... 87 10.6.1 Introduction.................................................................................................................... 87 10.6.2 A NULL Ticket ............................................................................................................... 88 10.6.3 TPMT_TK_CREATION ................................................................................................. 89 10.6.4 TPMT_TK_VERIFIED ................................................................................................... 90 10.6.5 TPMT_TK_AUTH .......................................................................................................... 91 10.6.6 TPMT_TK_HASHCHECK ............................................................................................. 92 10.7 Property Structures .................................................................................................................. 92 10.7.1 TPMS_ALG_PROPERTY ............................................................................................. 92 10.7.2 TPMS_TAGGED_PROPERTY ..................................................................................... 92 10.7.3 TPMS_TAGGED_PCR_SELECT ................................................................................. 93 10.8 Lists ......................................................................................................................................... 93 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page v October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.8.1 TPML_CC...................................................................................................................... 93 10.8.2 TPML_CCA ................................................................................................................... 94 10.8.3 TPML_ALG.................................................................................................................... 94 10.8.4 TPML_HANDLE ............................................................................................................ 94 10.8.5 TPML_DIGEST ............................................................................................................. 95 10.8.6 TPML_DIGEST_VALUES ............................................................................................. 95 10.8.7 TPM2B_DIGEST_VALUES........................................................................................... 95 10.8.8 TPML_PCR_SELECTION............................................................................................. 96 10.8.9 TPML_ALG_PROPERTY.............................................................................................. 96 10.8.10 TPML_TAGGED_TPM_PROPERTY ............................................................................ 96 10.8.11 TPML_TAGGED_PCR_PROPERTY ............................................................................ 97 10.8.12 TPML_ECC_CURVE .................................................................................................... 97 10.9 Capabilities Structures ............................................................................................................. 97 10.9.1 TPMU_CAPABILITIES .................................................................................................. 97 10.9.2 TPMS_CAPABILITY_DATA .......................................................................................... 98 10.10 Clock/Counter Structures ........................................................................................................ 98 10.10.1 TPMS_CLOCK_INFO ................................................................................................... 98 10.10.2 Clock ............................................................................................................................. 98 10.10.3 ResetCount ................................................................................................................... 98 10.10.4 RestartCount ................................................................................................................. 99 10.10.5 Safe ............................................................................................................................... 99 10.10.6 TPMS_TIME_INFO ....................................................................................................... 99 10.11 TPM Attestation Structures .................................................................................................... 100 10.11.1 Introduction.................................................................................................................. 100 10.11.2 TPMS_TIME_ATTEST_INFO ..................................................................................... 100 10.11.3 TPMS_CERTIFY_INFO .............................................................................................. 100 10.11.1 TPMS_QUOTE_INFO ................................................................................................. 100 10.11.2 TPMS_COMMAND_AUDIT_INFO .............................................................................. 101 10.11.3 TPMS_SESSION_AUDIT_INFO ................................................................................. 101 10.11.4 TPMS_CREATION_INFO ........................................................................................... 101 10.11.5 TPMS_NV_CERTIFY_INFO ....................................................................................... 101 10.11.6 TPMI_ST_ATTEST ..................................................................................................... 102 10.11.7 TPMU_ATTEST .......................................................................................................... 102 10.11.8 TPMS_ATTEST .......................................................................................................... 103 10.11.9 TPM2B_ATTEST ........................................................................................................ 103 10.12 Authorization Structures ........................................................................................................ 104 10.12.1 TPMS_AUTH_COMMAND ......................................................................................... 104 10.12.2 TPMS_AUTH_RESPONSE ........................................................................................ 104 11 Algorithm Parameters and Structures ............................................................................................... 105 11.1 Symmetric .............................................................................................................................. 105 11.1.1 Introduction.................................................................................................................. 105 11.1.2 TPMI_AES_KEY_BITS ............................................................................................... 105 11.1.3 TPMI_SM4_KEY_BITS ............................................................................................... 105 11.1.4 TPMU_SYM_KEY_BITS ............................................................................................. 106 11.1.5 TPMU_SYM_MODE ................................................................................................... 106 11.1.6 TPMU_SYM_DETAILS ............................................................................................... 107 11.1.7 TPMT_SYM_DEF ....................................................................................................... 107 11.1.8 TPMT_SYM_DEF_OBJECT ....................................................................................... 107 11.1.9 TPM2B_SYM_KEY ..................................................................................................... 108 11.1.10 TPMS_SYMCIPHER_PARMS .................................................................................... 108 11.1.11 TPM2B_SENSITIVE_DATA ........................................................................................ 108 11.1.12 TPMS_SENSITIVE_CREATE ..................................................................................... 109 11.1.13 TPM2B_SENSITIVE_CREATE ................................................................................... 110 11.1.14 TPMS_SCHEME_SIGHASH....................................................................................... 110 11.1.15 TPMI_ALG_HASH_SCHEME ..................................................................................... 110 Page vi October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11.1.16 HMAC_SIG_SCHEME ................................................................................................ 110 11.1.17 TPMS_SCHEME_XOR ............................................................................................... 111 11.1.18 TPMU_SCHEME_HMAC ............................................................................................ 111 11.1.19 TPMT_KEYEDHASH_SCHEME ................................................................................. 111 11.2 Asymmetric ............................................................................................................................ 112 11.2.1 Signing Schemes ........................................................................................................ 112 11.2.1.1 Introduction .......................................................................................................... 112 11.2.1.2 RSA_SIG_SCHEMES ......................................................................................... 112 11.2.1.3 ECC_SIG_SCHEMES ......................................................................................... 112 11.2.1.4 TPMS_SCHEME_ECDAA................................................................................... 112 11.2.1.5 TPMU_SIG_SCHEME......................................................................................... 113 11.2.1.6 TPMT_SIG_SCHEME ......................................................................................... 113 11.2.2 Encryption Schemes ................................................................................................... 114 11.2.2.1 Introduction .......................................................................................................... 114 11.2.2.2 TPMS_SCHEME_OAEP ..................................................................................... 114 11.2.2.3 TPMS_SCHEME_ECDH ..................................................................................... 114 11.2.3 Key Derivation Schemes ............................................................................................. 114 11.2.3.1 Introduction .......................................................................................................... 114 11.2.3.2 TPMS_SCHEME_MGF1 ..................................................................................... 114 11.2.3.3 TPMS_SCHEME_KDF1_SP800_56a ................................................................. 114 11.2.3.4 TPMS_SCHEME_KDF2 ...................................................................................... 115 11.2.3.5 TPMS_SCHEME_KDF1_SP800_108 ................................................................. 115 11.2.3.6 TPMU_KDF_SCHEME........................................................................................ 115 11.2.3.7 TPMT_KDF_SCHEME ........................................................................................ 115 11.2.3.8 TPMI_ALG_ASYM_SCHEME ............................................................................. 116 11.2.3.9 TPMU_ASYM_SCHEME..................................................................................... 116 11.2.3.10 TPMT_ASYM_SCHEME ..................................................................................... 117 11.2.4 RSA ............................................................................................................................. 117 11.2.4.1 TPMI_ALG_RSA_SCHEME ................................................................................ 117 11.2.4.2 TPMT_RSA_SCHEME ........................................................................................ 117 11.2.4.3 TPMI_ALG_RSA_DECRYPT .............................................................................. 118 11.2.4.4 TPMT_RSA_DECRYPT ...................................................................................... 118 11.2.4.5 TPM2B_PUBLIC_KEY_RSA ............................................................................... 118 11.2.4.6 TPMI_RSA_KEY_BITS ....................................................................................... 118 11.2.4.7 TPM2B_PRIVATE_KEY_RSA ............................................................................ 119 11.2.5 ECC ............................................................................................................................. 120 11.2.5.1 TPM2B_ECC_PARAMETER .............................................................................. 120 11.2.5.2 TPMS_ECC_POINT ............................................................................................ 120 11.2.5.3 TPM2B_ECC_POINT .......................................................................................... 120 11.2.5.4 TPMI_ALG_ECC_SCHEME ............................................................................... 121 11.2.5.5 TPMI_ECC_CURVE ............................................................................................ 121 11.2.5.6 TPMT_ECC_SCHEME........................................................................................ 121 11.2.5.7 TPMS_ALGORITHM_DETAIL_ECC ................................................................... 122 11.3 Signatures.............................................................................................................................. 122 11.3.1 TPMS_SIGNATURE_RSASSA .................................................................................. 122 11.3.2 TPMS_SIGNATURE_RSAPSS .................................................................................. 122 11.3.3 TPMS_SIGNATURE_ECDSA ..................................................................................... 123 11.3.4 TPMU_SIGNATURE ................................................................................................... 123 11.3.5 TPMT_SIGNATURE ................................................................................................... 124 11.4 Key/Secret Exchange ............................................................................................................ 124 11.4.1 Introduction.................................................................................................................. 124 11.4.2 TPMU_ENCRYPTED_SECRET ................................................................................. 124 11.4.3 TPM2B_ENCRYPTED_SECRET ............................................................................... 125 12 Key/Object Complex.......................................................................................................................... 126 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page vii October 31, 2013 Part 2: Structures Trusted Platform Module Library 12.1 Introduction ............................................................................................................................ 126 12.2 Public Area Structures ........................................................................................................... 126 12.2.1 Description .................................................................................................................. 126 12.2.2 TPMI_ALG_PUBLIC ................................................................................................... 126 12.2.3 Type-Specific Parameters ........................................................................................... 126 12.2.3.1 Description .......................................................................................................... 126 12.2.3.2 TPMU_PUBLIC_ID .............................................................................................. 127 12.2.3.3 TPMS_KEYEDHASH_PARMS ........................................................................... 127 12.2.3.4 TPMS_ASYM_PARMS ....................................................................................... 127 12.2.3.5 TPMS_RSA_PARMS .......................................................................................... 128 12.2.3.6 TPMS_ECC_PARMS .......................................................................................... 129 12.2.3.7 TPMU_PUBLIC_PARMS .................................................................................... 129 12.2.3.8 TPMT_PUBLIC_PARMS ..................................................................................... 130 12.2.4 TPMT_PUBLIC ........................................................................................................... 130 12.2.5 TPM2B_PUBLIC ......................................................................................................... 131 12.3 Private Area Structures ......................................................................................................... 131 12.3.1 Introduction.................................................................................................................. 131 12.3.2 Sensitive Data Structures ............................................................................................ 131 12.3.2.1 Introduction .......................................................................................................... 131 12.3.2.2 TPM2B_PRIVATE_VENDOR_SPECIFIC ........................................................... 131 12.3.2.3 TPMU_SENSITIVE_COMPOSITE ...................................................................... 132 12.3.2.4 TPMT_SENSITIVE .............................................................................................. 132 12.3.3 TPM2B_SENSITIVE ................................................................................................... 132 12.3.4 Encryption ................................................................................................................... 133 12.3.5 Integrity........................................................................................................................ 133 12.3.6 _PRIVATE ................................................................................................................... 133 12.3.7 TPM2B_PRIVATE ....................................................................................................... 133 12.4 Identity Object ........................................................................................................................ 134 12.4.1 Description .................................................................................................................. 134 12.4.2 _ID_OBJECT .............................................................................................................. 134 12.4.3 TPM2B_ID_OBJECT .................................................................................................. 134 13 NV Storage Structures ...................................................................................................................... 135 13.1 TPM_NV_INDEX ................................................................................................................... 135 13.2 TPMA_NV (NV Index Attributes) ........................................................................................... 136 13.3 TPMS_NV_PUBLIC ............................................................................................................... 139 13.4 TPM2B_NV_PUBLIC ............................................................................................................. 139 14 Context Data ..................................................................................................................................... 140 14.1 Introduction ............................................................................................................................ 140 14.2 TPM2B_CONTEXT_SENSITIVE........................................................................................... 140 14.3 TPMS_CONTEXT_DATA ...................................................................................................... 140 14.4 TPM2B_CONTEXT_DATA .................................................................................................... 140 14.5 TPMS_CONTEXT ................................................................................................................. 141 14.6 Parameters of TPMS_CONTEXT .......................................................................................... 142 14.6.1 sequence ..................................................................................................................... 142 14.6.2 savedHandle ............................................................................................................... 142 14.6.3 hierarchy...................................................................................................................... 143 14.7 Context Protection ................................................................................................................. 143 14.7.1 Context Integrity .......................................................................................................... 143 14.7.2 Context Confidentiality ................................................................................................ 143 15 Creation Data .................................................................................................................................... 144 15.1 TPMS_CREATION_DATA .................................................................................................... 144 15.2 TPM2B_CREATION_DATA .................................................................................................. 144 Page viii October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Annex A (informative) Algorithm Constants ............................................................................................. 145 A.1 Introduction ............................................................................................................................ 145 A.2 Allowed Hash Algorithms....................................................................................................... 145 A.2.1 SHA1 ........................................................................................................................... 145 A.2.2 SHA256 ....................................................................................................................... 145 A.2.3 SHA384 ....................................................................................................................... 145 A.2.4 SHA512 ....................................................................................................................... 146 A.2.5 SM3_256 ..................................................................................................................... 146 A.3 Architectural Limits ................................................................................................................ 146 Annex B (informative) Implementation Definitions ................................................................................... 147 B.1 Introduction ............................................................................................................................ 147 B.2 Logic Values .......................................................................................................................... 147 B.3 Processor Values .................................................................................................................. 147 B.4 Implemented Algorithms ........................................................................................................ 148 B.5 Implemented Commands ...................................................................................................... 148 B.6 Algorithm Constants .............................................................................................................. 151 B.6.1 RSA ............................................................................................................................. 152 B.6.2 ECC ............................................................................................................................. 152 B.6.3 AES ............................................................................................................................. 152 B.6.4 SM4 ............................................................................................................................. 152 B.6.5 Symmetric ................................................................................................................... 153 B.7 Implementation Specific Values ............................................................................................ 154 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page ix October 31, 2013 Part 2: Structures Trusted Platform Module Library Tables Table 1 — Name Prefix Convention ........................................................................................................... 15 Table 2 — Unmarshaling Errors ................................................................................................................. 16 Table 3 — Definition of Base Types ........................................................................................................... 17 Table 4 — Definition of Types for Documentation Clarity ........................................................................... 17 Table 5 — Definition of (UINT32) TPM_SPEC Constants <> ..................................................................... 18 Table 6 — Definition of (UINT32) TPM_GENERATED Constants <O> ..................................................... 18 Table 7 — Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> ................................................. 19 Table 8 — Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> ............................ 22 Table 9 — TPM Command Format Fields Description ............................................................................... 22 Table 10 — Legend for Command Code Tables ........................................................................................ 23 Table 11 — Definition of (UINT32) TPM_CC Constants (Numeric Order) <IN/OUT, S> ........................... 24 Table 12 — Format-Zero Response Codes ................................................................................................ 30 Table 13 — Format-One Response Codes ................................................................................................ 31 Table 14 — Response Code Groupings ..................................................................................................... 31 Table 15 — Definition of (UINT32) TPM_RC Constants (Actions) <OUT> ................................................ 32 Table 16 — Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> ................................................. 37 Table 17 — Definition of (UINT16) TPM_EO Constants <IN/OUT> ........................................................... 37 Table 18 — Definition of (UINT16) TPM_ST Constants <IN/OUT, S> ....................................................... 38 Table 19 — Definition of (UINT16) TPM_SU Constants <IN> .................................................................... 40 Table 20 — Definition of (UINT8) TPM_SE Constants <IN> ...................................................................... 40 Table 21 — Definition of (UINT32) TPM_CAP Constants .......................................................................... 41 Table 22 — Definition of (UINT32) TPM_PT Constants <IN/OUT, S> ....................................................... 41 Table 23 — Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> ............................................. 47 Table 24 — Definition of (UINT32) TPM_PS Constants <OUT> ................................................................ 49 Table 25 — Definition of Types for Handles ............................................................................................... 50 Table 26 — Definition of (UINT8) TPM_HT Constants <S> ....................................................................... 50 Table 27 — Definition of (UINT32) TPM_RH Constants <IN, S> ............................................................... 52 Table 28 — Definition of (TPM_HANDLE) TPM_HC Constants <IN, S> ................................................... 54 Table 29 — Definition of (UINT32) TPMA_ALGORITHM Bits .................................................................... 55 Table 30 — Definition of (UINT32) TPMA_OBJECT Bits ........................................................................... 56 Table 31 — Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> .......................................................... 62 Table 32 — Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> ........................................................ 64 Table 33 — Definition of (UINT32) TPMA_PERMANENT Bits <OUT> ...................................................... 64 Table 34 — Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT> .............................................. 65 Table 35 — Definition of (UINT32) TPMA_MEMORY Bits <Out> .............................................................. 66 Table 36 — Definition of (TPM_CC) TPMA_CC Bits <OUT> ..................................................................... 67 Table 37 — Definition of (BYTE) TPMI_YES_NO Type ............................................................................. 70 Page x October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 38 — Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type........................................................ 70 Table 39 — Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type ............................................... 71 Table 40 — Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> ................................................ 71 Table 41 — Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> ..................................................... 72 Table 42 — Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> ........................ 72 Table 43 — Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> .......................................... 72 Table 44 — Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> ....................................... 72 Table 45 — Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type .................................................... 73 Table 46 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type ................................................ 73 Table 47 — Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type ..................................................... 73 Table 48 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> ............................ 74 Table 49 — Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> ......................................... 74 Table 50 — Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN> ............................................... 74 Table 51 — Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> ................................. 75 Table 52 — Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> ......................................... 75 Table 53 — Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> ................................................. 75 Table 54 — Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> ............................................ 76 Table 55 — Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> ........................................... 76 Table 56 — Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> .................................. 76 Table 57 — Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type............................................................ 77 Table 58 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type ........................................................... 77 Table 59 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type .............................................................. 78 Table 60 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type ............................................. 78 Table 61 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type ................................................. 79 Table 62 — Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type .............................................................. 79 Table 63 — Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type .............................................. 80 Table 64 — Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type ........................................ 80 Table 65 — Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type .................................................... 80 Table 66 — Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> .................................... 81 Table 67 — Definition of TPMU_HA Union <IN/OUT, S> ........................................................................... 81 Table 68 — Definition of TPMT_HA Structure <IN/OUT> .......................................................................... 82 Table 69 — Definition of TPM2B_DIGEST Structure ................................................................................. 83 Table 70 — Definition of TPM2B_DATA Structure ..................................................................................... 83 Table 71 — Definition of Types for TPM2B_NONCE ................................................................................. 83 Table 72 — Definition of Types for TPM2B_AUTH .................................................................................... 83 Table 73 — Definition of Types for TPM2B_OPERAND ............................................................................ 84 Table 74 — Definition of TPM2B_EVENT Structure ................................................................................... 84 Table 75 — Definition of TPM2B_MAX_BUFFER Structure ...................................................................... 84 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page xi October 31, 2013 Part 2: Structures Trusted Platform Module Library Table 76 — Definition of TPM2B_MAX_NV_BUFFER Structure ............................................................... 84 Table 77 — Definition of TPM2B_TIMEOUT Structure <IN/OUT> ............................................................. 85 Table 78 — Definition of TPM2B_IV Structure <IN/OUT> .......................................................................... 85 Table 79 — Definition of TPMU_NAME Union <> ...................................................................................... 85 Table 80 — Definition of TPM2B_NAME Structure .................................................................................... 86 Table 81 — Definition of TPMS_PCR_SELECT Structure ......................................................................... 87 Table 82 — Definition of TPMS_PCR_SELECTION Structure ................................................................... 87 Table 83 — Values for proof Used in Tickets ............................................................................................. 88 Table 84 — General Format of a Ticket ...................................................................................................... 88 Table 85 — Definition of TPMT_TK_CREATION Structure ........................................................................ 89 Table 86 — Definition of TPMT_TK_VERIFIED Structure .......................................................................... 90 Table 87 — Definition of TPMT_TK_AUTH Structure ................................................................................ 91 Table 88 — Definition of TPMT_TK_HASHCHECK Structure .................................................................... 92 Table 89 — Definition of TPMS_ALG_PROPERTY Structure <OUT> ....................................................... 92 Table 90 — Definition of TPMS_TAGGED_PROPERTY Structure <OUT> ............................................... 92 Table 91 — Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> ........................................... 93 Table 92 — Definition of TPML_CC Structure ............................................................................................ 93 Table 93 — Definition of TPML_CCA Structure <OUT> ............................................................................. 94 Table 94 — Definition of TPML_ALG Structure .......................................................................................... 94 Table 95 — Definition of TPML_HANDLE Structure <OUT>...................................................................... 94 Table 96 — Definition of TPML_DIGEST Structure .................................................................................... 95 Table 97 — Definition of TPML_DIGEST_VALUES Structure ................................................................... 95 Table 98 — Definition of TPM2B_DIGEST_VALUES Structure ................................................................. 95 Table 99 — Definition of TPML_PCR_SELECTION Structure ................................................................... 96 Table 100 — Definition of TPML_ALG_PROPERTY Structure <OUT> ..................................................... 96 Table 101 — Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> ................................... 96 Table 102 — Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> ................................... 97 Table 103 — Definition of {ECC} TPML_ECC_CURVE Structure <OUT> ................................................. 97 Table 104 — Definition of TPMU_CAPABILITIES Union <OUT>............................................................... 97 Table 105 — Definition of TPMS_CAPABILITY_DATA Structure <OUT> ................................................. 98 Table 106 — Definition of TPMS_CLOCK_INFO Structure ........................................................................ 98 Table 107 — Definition of TPMS_TIME_INFO Structure ........................................................................... 99 Table 108 — Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> ............................................. 100 Table 109 — Definition of TPMS_CERTIFY_INFO Structure <OUT> ...................................................... 100 Table 110 — Definition of TPMS_QUOTE_INFO Structure <OUT> ........................................................ 100 Table 111 — Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> ..................................... 101 Table 112 — Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> ........................................ 101 Table 113 — Definition of TPMS_CREATION_INFO Structure <OUT> .................................................. 101 Table 114 — Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> ............................................... 101 Page xii October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 115 — Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT> .................................................. 102 Table 116 — Definition of TPMU_ATTEST Union <OUT> ....................................................................... 102 Table 117 — Definition of TPMS_ATTEST Structure <OUT> .................................................................. 103 Table 118 — Definition of TPM2B_ATTEST Structure <OUT> ................................................................ 103 Table 119 — Definition of TPMS_AUTH_COMMAND Structure <IN> ..................................................... 104 Table 120 — Definition of TPMS_AUTH_RESPONSE Structure <OUT> ................................................ 104 Table 121 — Definition of {AES} (TPM_KEY_BITS) TPMI_AES_KEY_BITS Type ................................. 105 Table 122 — Definition of {SM4} (TPM_KEY_BITS) TPMI_SM4_KEY_BITS Type ................................. 105 Table 123 — Definition of TPMU_SYM_KEY_BITS Union ....................................................................... 106 Table 124 — Definition of TPMU_SYM_MODE Union ............................................................................. 106 Table 125 — xDefinition of TPMU_SYM_DETAILS Union ....................................................................... 107 Table 126 — Definition of TPMT_SYM_DEF Structure ............................................................................ 107 Table 127 — Definition of TPMT_SYM_DEF_OBJECT Structure ............................................................ 107 Table 128 — Definition of TPM2B_SYM_KEY Structure .......................................................................... 108 Table 129 — Definition of TPMS_SYMCIPHER_PARMS Structure ........................................................ 108 Table 130 — Definition of TPM2B_SENSITIVE_DATA Structure ............................................................ 108 Table 131 — Definition of TPMS_SENSITIVE_CREATE Structure <IN> ................................................ 109 Table 132 — Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> .......................................... 110 Table 133 — Definition of TPMS_SCHEME_SIGHASH Structure ........................................................... 110 Table 134 — Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type .......................... 110 Table 135 — Definition of Types for HMAC_SIG_SCHEME .................................................................... 110 Table 136 — Definition of TPMS_SCHEME_XOR Structure ................................................................... 111 Table 137 — Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> .................................... 111 Table 138 — Definition of TPMT_KEYEDHASH_SCHEME Structure ..................................................... 111 Table 139 — Definition of {RSA} Types for RSA_SIG_SCHEMES .......................................................... 112 Table 140 — Definition of {ECC} Types for ECC_SIG_SCHEMES.......................................................... 112 Table 141 — Definition of {ECC} TPMS_SCHEME_ECDAA Structure .................................................... 112 Table 142 — Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> .................................................... 113 Table 143 — Definition of TPMT_SIG_SCHEME Structure ..................................................................... 113 Table 144 — Definition of {RSA} TPMS_SCHEME_OAEP Structure ...................................................... 114 Table 145 — Definition of {ECC} TPMS_SCHEME_ECDH Structure ...................................................... 114 Table 146 — Definition of TPMS_SCHEME_MGF1 Structure ................................................................. 114 Table 147 — Definition of {ECC} TPMS_SCHEME_KDF1_SP800_56a Structure .................................. 114 Table 148 — Definition of TPMS_SCHEME_KDF2 Structure .................................................................. 115 Table 149 — Definition of TPMS_SCHEME_KDF1_SP800_108 Structure ............................................. 115 Table 150 — Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> ................................................... 115 Table 151 — Definition of TPMT_KDF_SCHEME Structure .................................................................... 115 Table 152 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> ................................. 116 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page xiii October 31, 2013 Part 2: Structures Trusted Platform Module Library Table 153 — Definition of TPMU_ASYM_SCHEME Union ...................................................................... 116 Table 154 — Definition of TPMT_ASYM_SCHEME Structure <> ............................................................ 117 Table 155 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type .............................. 117 Table 156 — Definition of {RSA} TPMT_RSA_SCHEME Structure ......................................................... 117 Table 157 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type ............................ 118 Table 158 — Definition of {RSA} TPMT_RSA_DECRYPT Structure ....................................................... 118 Table 159 — Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure ................................................ 118 Table 160 — Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type ................................. 119 Table 161 — Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure .............................................. 119 Table 162 — Definition of {ECC} TPM2B_ECC_PARAMETER Structure ............................................... 120 Table 163 — Definition of {ECC} TPMS_ECC_POINT Structure ............................................................. 120 Table 164 — Definition of {ECC} TPM2B_ECC_POINT Structure ........................................................... 120 Table 165 — Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type ............................. 121 Table 166 — Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type ................................ 121 Table 167 — Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure .................. 121 Table 168 — Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> ....................... 122 Table 169 — Definition of {RSA} TPMS_SIGNATURE_RSASSA Structure ............................................ 122 Table 170 — Definition of {RSA} TPMS_SIGNATURE_RSAPSS Structure ............................................ 123 Table 171 — Definition of {ECC} TPMS_SIGNATURE_ECDSA Structure .............................................. 123 Table 172 — Definition of TPMU_SIGNATURE Union <IN/OUT, S> ....................................................... 123 Table 173 — Definition of TPMT_SIGNATURE Structure ........................................................................ 124 Table 174 — Definition of TPMU_ENCRYPTED_SECRET Union <S> ................................................... 124 Table 175 — Definition of TPM2B_ENCRYPTED_SECRET Structure .................................................... 125 Table 176 — Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type .................................................... 126 Table 177 — Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> ......................................................... 127 Table 178 — Definition of TPMS_KEYEDHASH_PARMS Structure........................................................ 127 Table 179 — Definition of TPMS_ASYM_PARMS Structure <> .............................................................. 128 Table 180 — Definition of {RSA} TPMS_RSA_PARMS Structure ............................................................ 128 Table 181 — Definition of {ECC} TPMS_ECC_PARMS Structure ........................................................... 129 Table 182 — Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> ................................................ 129 Table 183 — Definition of TPMT_PUBLIC_PARMS Structure ................................................................. 130 Table 184 — Definition of TPMT_PUBLIC Structure ................................................................................ 130 Table 185 — Definition of TPM2B_PUBLIC Structure .............................................................................. 131 Table 186 — Definition of {RSA} TPM2B_PRIVATE_VENDOR_SPECIFIC Structure<> ........................ 131 Table 187 — Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> ................................. 132 Table 188 — Definition of TPMT_SENSITIVE Structure .......................................................................... 132 Table 189 — Definition of TPM2B_SENSITIVE Structure <IN/OUT> ...................................................... 132 Table 190 — Definition of _PRIVATE Structure <> .................................................................................. 133 Table 191 — Definition of TPM2B_PRIVATE Structure <IN/OUT, S> ..................................................... 133 Page xiv October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 192 — Definition of _ID_OBJECT Structure <> .............................................................................. 134 Table 193 — Definition of TPM2B_ID_OBJECT Structure <IN/OUT> ..................................................... 134 Table 194 — Definition of (UINT32) TPM_NV_INDEX Bits <> ................................................................. 135 Table 195 — Options for space Field of TPM_NV_INDEX ....................................................................... 136 Table 196 — Definition of (UINT32) TPMA_NV Bits ................................................................................ 137 Table 197 — Definition of TPMS_NV_PUBLIC Structure ......................................................................... 139 Table 198 — Definition of TPM2B_NV_PUBLIC Structure ....................................................................... 139 Table 199 — Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> ................................... 140 Table 200 — Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> .......................................... 140 Table 201 — Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> ............................................ 140 Table 202 — Definition of TPMS_CONTEXT Structure ........................................................................... 141 Table 203 — Context Handle Values ........................................................................................................ 142 Table 204 — Definition of TPMS_CREATION_DATA Structure <OUT> ................................................. 144 Table 205 — Definition of TPM2B_CREATION_DATA Structure <OUT> ............................................... 144 Table 206 — Defines for SHA1 Hash Values ........................................................................................... 145 Table 207 — Defines for SHA256 Hash Values ....................................................................................... 145 Table 208 — Defines for SHA384 Hash Values ....................................................................................... 145 Table 209 — Defines for SHA512 Hash Values ....................................................................................... 146 Table 210 — Defines for SM3_256 Hash Values ..................................................................................... 146 Table 211 — Defines for Architectural Limits Values ............................................................................... 146 Table 212 — Defines for Logic Values ..................................................................................................... 147 Table 213 — Defines for Processor Values .............................................................................................. 147 Table 214 — Defines for Implemented Algorithms ................................................................................... 148 Table 215 — Defines for Implemented Commands .................................................................................. 149 Table 216 — Defines for RSA Algorithm Constants ................................................................................. 152 Table 217 — Defines for ECC Algorithm Constants ................................................................................. 152 Table 218 — Defines for AES Algorithm Constants ................................................................................. 152 Table 219 — Defines for SM4 Algorithm Constants ................................................................................. 152 Table 220 — Defines for Symmetric Algorithm Constants ....................................................................... 153 Table 221 — Defines for Implementation Values ..................................................................................... 154 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page xv October 31, 2013 Part 2: Structures Trusted Platform Module Library Figures Figure 1 — Command Format .................................................................................................................... 22 Figure 2 — Format-Zero Response Codes ................................................................................................. 29 Figure 3 — Format-One Response Codes ................................................................................................. 30 Figure 4 — TPM 1.2 TPM_NV_INDEX ..................................................................................................... 135 Figure 5 — TPM 2.0 TPM_NV_INDEX ..................................................................................................... 135 Page xvi October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Trusted Platform Module Library Part 2: Structures 1 Scope This part of the Trusted Platform Module Library specification contains the definitions of the constants, flags, structure, and union definitions used to communicate with the TPM. Values defined in this document are used by the TPM commands defined in part 3: Commands and by the functions in part 4: Supporting Routines. NOTE 2 The structures in this document are the canonical form of the structures on the interface. All structures are "packed" with no octets of padding between structure elements. The TPM-internal form of the structures is dependent on the processor and compiler for the TPM implementation. Terms and definitions For the purposes of this document, the terms and definitions given in part 1 of this specification apply. 3 Symbols and abbreviated terms For the purposes of this document, the symbols and abbreviated terms given in part 1 apply. 4 4.1 Notation Introduction The information in this document is formatted so that it may be converted to standard computer-language formats by an automated process. The purpose of this automated process is to minimize the transcription errors that often occur during the conversion process. For the purposes of this document, the conventions given in Part 1 apply. In addition, the conventions and notations in this clause describe the representation of various data so that it is both human readable and amenable to automated processing. When a table row contains the keyword “reserved” (all lower case) in columns 1 or 2, the tools will not produce any values for the row in the table. NOTE 1 In the examples in this clause 4, the unmarshaling routines are shown as returning bool. In the code of the reference implementation, the return value is a TPM_RC. A bool is used in the examples, because the meaning of a TPM_RC is not yet defined. NOTE 2 The unmarshaling code examples are the actual code that would be produced by the automatic code generator used in the construction of the reference code. The actual code contains additional parameter checking that is omitted for clarity of the principle being illustrated. Actual examples of the code are found in Part 4. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 1 October 31, 2013 Part 2: Structures 4.2 Trusted Platform Module Library Named Constants A named constant is a numeric value to which a name has been assigned. In the C language, this is done with a #define statement. In this specification, a named constant is defined in a table that has a title that starts with “Definition” and ends with “Constants.” The table title will indicate the name of the class of constants that are being defined in the table. The title will include the data type of the constants in parentheses. The table in Example 1 names a collection of 16-bit constants and Example 2 shows the C code that might be produced from that table by an automated process. NOTE A named constant (#define) has no data type in C and an enumeration would be a better choice for many of the defined constants. However, the C language does not allow an enumerated type to have a storage type other than int so the method of using a combination of typedef and #define is used. EXAMPLE 1 Table xx — Definition of (UINT16) COUNTING Constants Parameter Value Description first 1 decimal value is implicitly the size of the second 0x0002 hex value will match the number of bits in the constant third 3 fourth 0x0004 EXAMPLE 2 /* The C language equivalent of the constants from the table above */ typedef UINT16 COUNTING; #define first 1 #define second 0x0002 #define third 3 #define fourth 0x0004 Page 2 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 4.3 Part 2: Structures Data Type Aliases (typedefs) When a group of named items is assigned a type, it is placed in a table that has a title starting with “Definition of Types.” In this specification, defined types have names that use all upper-case characters. The table in Example 1 shows how typedefs would be defined in this specification and Example 2 shows the C-compatible code that might be produced from that table by an automated process. EXAMPLE 1 Table xx — Definition of Types for Some Purpose Type Name Description unsigned short UINT16 UINT16 SOME_TYPE unsigned long UINT32 UINT32 LAST_TYPE EXAMPLE 2 /* C language equivalent of the typedefs from the table above */ typedef unsigned short UINT16; typedef UINT16 SOME_TYPE; typedef unsigned long UINT32; typedef UINT32 LAST_TYPE; 4.4 Enumerations A table that defines an enumerated data type will start with the word “Definition” and end with “Values.” A value in parenthesis will denote the intrinsic data size of the value and may have the values "INT8", "UINT8", "INT16", “UINT16”, "INT32", and “UINT32.” If this value is not present, “UINT16” is assumed. Most C compilers set the type of an enumerated value to be an integer on the machine – often 16 bits – but this is not always consistent. To ensure interoperability, the enumeration values may not exceed 32,384. The table in Example 1 shows how an enumeration would be defined in this specification. Example 2 shows the C code that might be produced from that table by an automated process. EXAMPLE 1 Table xx — Definition of (UINT16) CARD_SUIT Values Suit Names Value CLUBS 0x0000 DIAMONDS 0x000D HEARTS 0x001A SPADES Description 0x0027 EXAMPLE 2 /* C language equivalent of the structure defined in the table above */ typedef enum { CLUBS = 0x0000, DIAMONDS = 0x000D, HEARTS = 0x001A, SPADES = 0x0027 } CARD_SUIT; Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 3 October 31, 2013 Part 2: Structures 4.5 Trusted Platform Module Library Interface Type An interface type is used for an enumeration that is checked by the unmarshaling code. This type is defined for purposes of automatic generation of the code that will validate the type. The title will start with the keyword “Definition” and end with the keyword “Type.” A value in parenthesis indicates the base type of the interface. The table may contain an entry that is prefixed with the “#” character to indicate the response code if the validation code determines that the input parameter is the wrong type. EXAMPLE 1 Table xx — Definition of (CARD_SUIT) RED_SUIT Type Values Comments HEARTS DIAMONDS #TPM_RC_SUIT response code returned when the unmarshaling of this type fails NOTE TPM_RC_SUIT is an example and no such response code is actually defined in this specification. EXAMPLE 2 /* Validation code that might be automatically generated from table above */ if((*target != HEARTS) && (*target != DIAMONDS)) return TPM_RC_SUIT; In some cases, the allowed values are numeric values with no associated mnemonic. In such a case, the list of numeric values may be given a name. Then, when used in an interface definition, the name would have a "$" prefix to indicate that a named list of values should be substituted. To illustrate, assume that the implementation only supports two sizes (1024 and 2048 bits) for keys associated with some algorithm (MY algorithm). In the implementation section (Annex B a named list would be created. EXAMPLE 3 Table xx — Defines for MY Algorithm Constants Name Value Comments MY_KEY_SIZES_BITS {1024, 2048} braces because this is a list value Page 4 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Then, whenever an input value would need to be a valid MY key size for the implementation, the value $MY_KEY_SIZES_BITS could be used. Given the definition for MY_KEY_SIZES_BITS in example 3 above, the tables in example 4 and 5 below, are equivalent. EXAMPLE 4 Table xx — Definition of (UINT16) MY_KEY_BITS Type Parameter Description {1024, 2048} the number of bits in the supported key EXAMPLE 5 Table xx — Definition of (UINT16) MY_KEY_BITS Type Parameter $MY_KEY_SIZES_BITS 4.6 Description the number of bits in the supported key Arrays Arrays are denoted by a value in square brackets (“[ ]”) following a parameter name. The value in the brackets may be either an integer value such as “[20]” or the name of a component of the same structure that contains the array. The table in Example 1 shows how a structure containing fixed and variable-length arrays would be defined in this specification. Example 2 shows the C code that might be produced from that table by an automated process. EXAMPLE 1 Table xx — Definition of A_STRUCT Structure Parameter Type Description array1[20] UINT16 an array of 20 UINT16s a_size UINT16 array2[a_size] UINT32 an array of UINT32 values that has a number of elements determined by a_size above EXAMPLE 2 /* C language equivalent of the typedefs from the table above */ typedef struct { UINT16 array1[20]; UINT16 a_size; UINT32 array2[]; } A_STRUCT; Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 5 October 31, 2013 Part 2: Structures 4.7 Trusted Platform Module Library Structure Definitions The tables used to define structures have a title that starts with the word “Definition” and ends with “Structure.” The first column of the table will denote the reference names for the structure members; the second column the data type of the member; and the third column a synopsis of the use of the element. The table in Example 1 shows an example of how a structure would be defined in this specification and Example 2 shows the C code that might be produced from the table by an automated process. Example 3 illustrates the type of unmarshaling code that could be generated using the information available in the table. EXAMPLE 1 Table xx — Definition of SIMPLE_STRUCTURE Structure Parameter Type Description tag TPM_ST value1 INT32 value2 INT32 EXAMPLE 2 /* C language equivalent of the structure defined in the table above */ typedef struct { TPM_ST tag; INT32 value1 INT32 value2; } SIMPLE_STRUCTURE; EXAMPLE 3 bool SIMPLE_STRUCTURE_Unmarshal(SIMPLE_STRUCTURE *target, BYTE **buffer, INT32 *size) { // If unmarshal of tag succeeds if(TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size)) // then umarshal value1, and if that succeeds... if(INT32_Unmarshal((INT32 *)&(target->value1, buffer, size)) // then return the results of unmarshaling values return(INT32_Unmarshal((INT32 *)&(target->value2, buffer, size)) // if unmarshal of tag or value failed, return failure return FALSE; } Page 6 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 4.8 Part 2: Structures Conditional Types An enumeration may contain an extended value indicated by “+” preceding the name in the "Value" column. This “+” indicates that this is a conditional value that may be allowed in certain situations. NOTE In many cases, the input values are algorithm IDs. When two collections of algorithm IDs differ only because one collection allows TPM_ALG_NULL and the other does not, it is preferred that the re not be two completely different enumerations because this leads to many casts. To avoid this, the “+” can be added to a TPM_ALG_NULL value in the table defining the type. When the use of that type allows TPM_ALG_NULL to be in the set, the use would append a “+” to the instance. EXAMPLE Table xx — Definition of (CARD_SUIT) TPMI_CARD_SUIT Type Values Comments SPADES HEARTS DIAMONDS CLUBS +JOKER an optional value that may be allowed #TPM_RC_SUIT response code returned when the input value is not one of the values above When an interface type is used, a “+” will be appended to the type specification for the parameter when the conditional value is allowed. If no “+” is present, then the conditional value is not allowed. EXAMPLE 1 Table xx — Definition of POKER_CARD Structure Parameter Type Description suit TPMI_CARD_SUIT+ allows joker number UINT8 the card value EXAMPLE 2 Table xx — Definition of BRIDGE_CARD Structure Parameter Type Description suit TPMI_CARD_SUIT does not allow joker number UINT8 the card value Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 7 October 31, 2013 Part 2: Structures 4.9 Trusted Platform Module Library Unions 4.9.1 Introduction A union allows a structure to contain a variety of structures or types. The union has members, only one of which is present at a time. Three different tables are required to fully characterize a union so that it may be communicated on the TPM interface and used by the TPM: 1) union definition; 2) union instance; and 3) union selector definition. 4.9.2 Union Definition The table in Example 1 illustrates a union definition. The title of a union definition table starts with “Definition” and ends with “Union.” The “Parameter” column of a union definition lists the different names that are used when referring a specific type. The “Type” column identifies the data type of the member. The “Selector” column identifies the value that is used by the marshaling and unmarshaling code to determine which case of the union is present. If a parameter is the keyword “null,” then this denotes a selector with no contents. The table in Example 1 illustrates a union in which a conditional null selector is allowed to indicate an empty union member. Example 2 shows how the table would be converted into C-compatible code. The expectation is that the unmarshaling code for the union will validate that the selector for the union is one of values in the selector list. EXAMPLE 1 Table xx — Definition of NUMBER_UNION Union Parameter Type Selector a_byte BYTE BYTE_SELECT an_int int INT_SELECT a_float float FLOAT_SELECT +null NULL_SELECT Description the empty branch EXAMPLE 2 // C-compatible version of the union defined in the table above typedef union { BYTE a_byte; int an_int; float a_float; } NUMBER_UNION; EXAMPLE 3 Page 8 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures // Possible auto-generated code to unmarshal a union in Example 2 based on the // input value of selector bool NUMBER_UNION_Unmarshal(NUMBER_UNION *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch (selector) { case BYTE_SELECT: return BYTE_Unmarshal((BYTE *)&(target->a_byte), buffer, size); case INT_SELECT: return INT_Unmarshal((int *)&(target->an_int), buffer, size); case FLOAT_SELECT: return FLOAT_Unmarshal((float *)&(target->a_float), buffer, size); case NULL_SELECT: return; } A table may have a type with no selector. This is used when the first part of the structure for all union members is identical. This type is a programming convenience, allowing code to reference the common members without requiring a case statement to determine the specific structure. In object oriented programming terms, this type is a superclass and the types with selectors are subclasses. 4.9.3 Union Instance When a union is used in a structure that is sent on the interface, the structure will minimally contain a selector and a union. The selector value indicates which of the possible union members is present so that the unmarshaling code can unmarshal the correct type. The selector may be any of the parameters that occur in the structure before the union instance. To denote the structure parameter that is used as the selector, its name is in brackets (“[ ]”) placed before the parameter name associated with the union. The table in Example 1 shows the definition of a structure that contains a union and a selector. Example 2 shows how the table would be converted into C-compatible code and Example 3 shows how the unmarshaling code would handle the selector. EXAMPLE 1 Table xx — Definition of STRUCTURE_WITH_UNION Structure Parameter Type Description select NUMBER_SELECT a value indicating the type in number [select] number NUMBER_UNION a union as shown in 4.9.2 EXAMPLE 2 // C-compatible version of the union structure in the table above typedef struct { NUMBER_SELECT select; NUMBER_UNION number; } STRUCT_WITH_UNION; EXAMPLE 3 Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 9 October 31, 2013 Part 2: Structures Trusted Platform Module Library // Possible unmarshaling code for the structure above bool STRUCT_WITH_UNION_Unmarshal(STRUCT_WITH_UNION *target, BYTE **buffer, INT32 *size) { // Unmarshal the selector value if(!NUMBER_SELECT_Unmarshal((NUMBER_SELECT *)&target->select, buffer, size)) return FALSE; // Use the unmarshaled selector value to indicate to the union unmarshal // function which unmarshaling branch to follow. return(NUMBER_UNION_Unmarshal((NUMBER_UNION *)&(target->number), buffer, size, (UINT32)target->select); } 4.9.4 Union Selector Definition The selector definition limits the values that are used in unmarshaling a union. Two different selector sets applied to the same union define different types. For the union in 4.9.2, a selector definition should be limited to no more than four values, one for each of the union members. The selector definition could have fewer than four values. In Example 1, the table defines a value for each of the union members. EXAMPLE 1 Table xx — Definition of (INT8) NUMBER_SELECT Values <IN> Name Value BYTE_SELECT 3 INT_SELECT 2 FLOAT_SELECT 1 NULL_SELECT Comments 0 The unmarshaling code would limit the input values to the defined values. When the NUMBER_SELECT is used in the union instance of 4.9.3, any of the allowed union members of NUMBER_UNION could be present. A different selection could be used to limit the values in a specific instance. To get the different selection, a new structure is defined with a different selector. The table in example 2 illustrates a way to subset the union. The base type of the selection is NUMBER_SELECT so a NUMBER_SELECT will be unmarshaled before the checks are made to see if the value is in the correct range for JUST_INTEGERS types. If the base type had been UINT8, then no checking would occur prior to checking that the value is in the allowed list. In this particular case, the effect is the same in either case since the only values that will be accepted by the unmarshaling code for JUST_INTEGER are BYTE_SELECT and INT_SELECT. EXAMPLE 2 Table xx — Definition of (NUMBER_SELECT) AN_INTEGER Type <IN> Values {BYTE_SELECT, INT_SELECT} NOTE Comments list of allowed values Since NULL_SELECT is not in the list of values accepted as a JUST_INTEGER, the “+” modifier will have no effect if used for a JUST_INTEGERS type shown in Example 3. Page 10 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures The selector in Example 2 can then be used in a subset union as shown in Example 3. EXAMPLE 3 Table xx — Definition of JUST_INTEGERS Structure Parameter Type Description select AN_INTEGER a value indicating the type in number [select] number NUMBER_UNION a union as shown in 4.9.2 4.10 Bit Field Definitions A table that defines a structure containing bit fields has a title that starts with “Definition” and ends with “Bits.” A type identifier in parentheses in the title indicates the size of the datum that contains the bit fields. When the bit fields do not occupy consecutive locations, a spacer field is defined with a name of “Reserved.” Bits in these spaces are reserved and shall be zero. The table in Example 1 shows how a structure containing bit fields would be defined in this specification. Example 2 shows the C code that might be produced from that table by an automated process. When a field has more than one bit, the range is indicated by a pair of numbers separated by a colon (“:”). The numbers will be in high:low order. EXAMPLE1 Table xx — Definition of (UINT32) SOME_ATTRIBUTE Bits Bit 0 Name Action zeroth_bit SET (1): what to do if bit is 1 CLEAR (0): what to do if bit is 0 1 first_bit SET (1): what to do if bit is 1 CLEAR (0): what to do if bit is 0 6:2 7 Reserved A placeholder that spans 5 bits third_bit SET (1): what to do if bit is 1 CLEAR (0): what to do if bit is 0 31:8 Reserved Placeholder to fill 32 bits EXAMPLE 2 /* C language equivalent of the attributes structure defined in the table above */ typedef struct { int zeroth_bit : 1; int first_bit : 1; int Reserved3 : 5; int third_bit : 1; int Reserved7 : 24; } SOME_ATTRIBUTE; 4.11 Parameter Limits A parameter used in a structure may be given a set of values that can be checked by the unmarshaling code. The allowed values for a parameter may be included in the definition of the parameter by appending the values and delimiting them with braces (“{ }”). The values are comma-separated expressions. A range of numbers may be indicated by separating two expressions with a colon (“:”). The Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 11 October 31, 2013 Part 2: Structures Trusted Platform Module Library first number is an expression that represents the minimum allowed value and the second number indicates the maximum. If the minimum or maximum value expression is omitted, then the range is openended. Parameter limits expressed using braces apply only to inputs to the TPM. Any value returned by the TPM is assumed to be valid. The maximum size of an array may be indicated by putting a “{}” delimited expression following the square brackets (“[ ]”) that indicate that the value is an array. EXAMPLE Table xx — Definition of B_STRUCT Structure Parameter Type Description value1 {20:25} UINT16 a parameter that must have a value between 20 and 25 value2 {20} UINT16 a parameter that must have a value of 20 value3 {:25} INT16 a parameter that may be no larger than 25 Since the parameter is signed, the minimum value is the largest negative integer that may be expressed in 16 bits. value4 {20:} a parameter that must be at least 20 value5 {1,2,3,5} UINT16 a parameter that may only have one of the four listed values value6 {1, 2, 10:(10+10)} UINT32 a parameter that may have a value of 1, 2, or be between 10 and 20 array1[value1] BYTE Because the index refers to value1, which is a value limited to be between 20 and 25 inclusive, array1 is an array that may have between 20 and 25 octets. This is not the preferred way to indicate the upper limit for an array as it does not indicate the upper bound of the size. NOTE array2[value4]{:25} BYTE This is a limitation of the current parser. A different parser could associate the range of value1 with this value and compute the maximum size of the array. an array that may have between 20 and 25 octets This arrangement is used to allow the automatic code generation to allocate 25 octets to store the largest array2 that can be unmarshaled. The code generation can determine from this expression that value4 shall have a value of 25 or less. From the definition of value4 above, it can determine that value4 must have a value of at least 20. Page 12 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 4.12 Enumeration Macro An enumeration can be a list of allowed numeric values. For example, the allowed sizes for an RSA key might be expressed as: 4.13 Size Checking In some structures, a size field is present to indicate the number of octets in some subsequent part of the structure. In the B_STRUCT table in 4.11, value4 indicates how many octets to unmarshal for array2. This semantic applies when the size field determines the number of octets to unmarshal. However, in some cases, the subsequent structure is self-defining. If the size precedes a parameter that is not an octet array, then the unmarshaled size of that parameter is determined by its data type. The table in Example 1 shows a structure where the size parameter would nominally indicate the number of octets in the remainder of the structure. EXAMPLE 1 Table xx — Definition of C_STRUCT Structure Parameter Type Comments size UINT16 the expected size of the remainder of the structure anInteger UINT32 a 4-octet value In this particular case, the value of size would be incorrect if it had any value other than 4. So that the table parser is able to know that the purpose of the size parameter is to define the number of octets expected in the remainder of the structure, an equal sign (“=”) is appended to the parameter name. In the example below, the size= causes the parser to generate validation code that will check that the unmarshaled size of someStructure and someData adds to the value unmarshaled for size. When the “=” decoration is present, a value of zero is not allowed for the size. EXAMPLE 2 Table xx — Definition of D_STRUCT Structure Parameter Type Comments size= UINT16 the size of a structure The “=” indicates that the TPM is required to validate that the remainder of the D_STRUCT structure is exactly the value in size. That is, the number of bytes in the input buffer used to successfully unmarshal someStructure must be the same as size. someStructure A_STRUCT a structure to be unmarshaled The size of the structure is computed when it is unmarshaled. Because an “=” is present on the definition of size, the TPM is required to validate that the unmarshaled size exactly matches size. someData Family “2.0” Level 00 Revision 00.99 UINT32 a value Published Copyright © TCG 2006-2013 Page 13 October 31, 2013 Part 2: Structures Trusted Platform Module Library 4.14 Data Direction A structure or union may be input (IN), output (OUT), or internal. An input structure is sent to the TPM and is unmarshaled by the TPM. An output structure is sent from the TPM and is marshaled by the TPM. An internal structure is not used outside of the TPM except that it may be included in a saved context. By default, structures are assumed to be both IN and OUT and the code generation tool will generate both marshaling and unmarshaling code for the structure. This default may be changed by using values enclosed in angle brackets (“<>”) as part of the table title. If the angle brackets are empty, then the structure is internal and neither marshaling nor unmarshaling code is generated. If the angle brackets contain the letter “I” (such as in “IN” or “in” or “i”), then the structure is input and unmarshaling code will be generated. If the angle brackets contain the letter “O” (such as in “OUT” or “out” or “o”), then the structure is output and marshaling code will be generated. EXAMPLE 1 Both of the following table titles would indicate a structure that is used in both input and output Table xx — Definition of TPMS_A Structure Table xx — Definition of TPMS_A Structure <IN/OUT> EXAMPLE 2 The following table title would indicate a structure that is used only for input Table xx — Definition of TPMS_A Structure <IN> EXAMPLE 3 The following table title would indicate a structure that is used only for output Table xx — Definition of TPMS_A Structure <OUT> 4.15 Structure Validations By default, when a structure is used for input to the TPM, the code generation tool will generate the unmarshaling code for that structure. Auto-generation may be suppressed by adding an “S” within the angle brackets. EXAMPLE The following table titles indicate a structure for which the auto -generation of the validation code is to be suppressed. Table xx — Definition of TPMT_A Structure <S> Table xx — Definition of TPMT_A Structure <IN, S> Table xx — Definition of TPMT_A Structure <IN/OUT, S> 4.16 Name Prefix Convention Parameters are constants, variables, structures, unions, and structure members. Structure members are given a name that is indicative of its use, with no special prefix. The other parameter types are named according to their type with their name starting with “TPMx_”, where “x” is an optional character to indicate the data type. In some cases, additional qualifying characters will follow the underscore. These are generally used when dealing with an enumerated data type. TPMA_ This is an attribute structure, where bits are associated with particular attributes Page 14 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 1 — Name Prefix Convention Prefix Description _TPM_ an indication/signal from the TPM’s system interface TPM_ a constant or an enumerated type TPM2_ a command defined by this specification TPM2B_ a structure that is a sized buffer where the size of the buffer is contained in a 16-bit, unsigned value The first parameter is the size in octets of the second parameter. The second parameter may be any type. TPMA_ a structure where each of the fields defines an attribute and each field is usually a single bit All the attributes in an attribute structure are packed with the overall size of the structure indicated in the heading of the attribute description (UINT8, UINT16, or UINT32). TPM_ALG_ an enumerated type that indicates an algorithm A TPM_ALG_ is often used as a selector for a union. TPMI_ an interface type The value is specified for purposes of dynamic type checking when unmarshaled. TPML_ a list length followed by the indicated number of entries of the indicated type This is an array with a length field. TPMS_ a structure that is not a size buffer or a tagged buffer or a list TPMT_ a structure with the first parameter being a structure tag, indicating the type of the structure that follows A structure tag may be either a TPMT_ST_ or TPM_ALG_ depending on context. TPMU_ a union of structures, lists, or unions If a union exists, there will normally be a companion TPMT_ that is the expression of the union in a tagged structure, where the tag is the selector indicating which member of the union is present. TPM_xx_ an enumeration value of a particular type The value of “xx” will be indicative of the use of the enumerated type. A table of “TPM_xx” constant definitions will exist to define each of the TPM_xx_ values. EXAMPLE 1 TPM_CC_ indicates that the type is used for a commandCode. The allowed enumeration values will be found in the table defining the TPM_CC constants (Table 11). EXAMPLE 2 TPM_RC_ indicates that the type is used for a responseCode. The allowed enumeration values are in Table 15. 4.17 Data Alignment The data structures in this Part 2 use octet alignment for all structures. When used in a table to indicate a maximum size, the sizeof() function returns the octet-aligned size of the structure, with no padding. 4.18 Parameter Unmarshaling Errors The TPM commands are defined in Part 3. The command definition included C code that details the actions performed by that command. The code is written assuming that the parameters of the command have been unmarshaled. NOTE 1 An implementation is not required to process parameters in this manner or to separate the parameter parsing from the command actions. This method was chosen for the specification so that the normative behavior described by the detailed actions would be clear and unencumbered. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 15 October 31, 2013 Part 2: Structures Trusted Platform Module Library Unmarshaling is the process of processing the parameters in the input buffer and preparing the parameters for use by the command-specific action code. No data movement need take place but it is required that the TPM validate that the parameters meet the requirements of the expected data type as defined in this Part 2. When an error is encountered while unmarshaling a command parameter, an error response code is returned and no command processing occurs. A table defining a data type may have response codes embedded in the table to indicate the error returned when the input value does not match the parameters of the table. EXAMPLE 1 Table 11 has a listing of TPM command code values. The last row in the table contains "#TPM_RC_COMMAND_CODE" indicating the response code that is returned if the TPM is unmarshaling a value that it expects to be a TPM_CC and the input value is not in the table. NOTE 2 In the reference implementation, a parameter number is added to the response code so that the offending parameter can be isolated. In many cases, the table contains no specific response code value and the return code will be determined as defined in Table 2. Table 2 — Unmarshaling Errors Response code Usage TPM_RC_INSUFFICIENT the input buffer did not contain enough octets to allow unmarshaling of the expected data type; TPM_RC_RESERVED a non-zero value was found in a reserved field of an attribute structure (TPMA_) TPM_RC_SIZE the value of a size parameter is larger or smaller than allowed TPM_RC_VALUE A parameter does not have one of its allowed values TPM_RC_TAG A parameter that should be a structure tag has a value that is not supported by the TPM In some commands, a parameter may not be used because of various options of that command. However, the unmarshaling code is required to validate that all parameters have values that are allowed by the Part 2 definition of the parameter type even if that parameter is not used in the command actions. Page 16 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 5 Part 2: Structures Base Types 5.1 Primitive Types The types listed in Table 3 are the primitive types on which all of the other types and structures are based. The values in the “Type” column should be edited for the compiler and computer on which the TPM is implemented. The values in the “Name” column should remain the same because these values are used in the remainder of the specification. NOTE The types are compatible with the C99 standard and should be defined in stdint.h that is provided with a C99-compliant compiler; The parameters in the Name column should remain in the order shown. Table 3 — Definition of Base Types Type Name Description uint8_t UINT8 unsigned, 8-bit integer uint8_t BYTE unsigned 8-bit integer int8_t INT8 signed, 8-bit integer int BOOL a bit in an int This is not used across the interface but is used in many places in the code. If the type were sent on the interface, it would have to have a type with a specific number of bytes. uint16_t UINT16 unsigned, 16-bit integer int16_t INT16 signed, 16-bit integer uint32_t UINT32 unsigned, 32-bit integer int32_t INT32 signed, 32-bit integer uint64_t UINT64 unsigned, 64-bit integer int64_t INT64 signed, 64-bit integer 5.2 Miscellaneous Types These types are defined either for compatibility with previous versions of this specification or for clarity of this specification. Table 4 — Definition of Types for Documentation Clarity Type Name Description UINT32 TPM_ALGORITHM_ID this is the 1.2 compatible form of the TPM_ALG_ID UINT32 TPM_MODIFIER_INDICATOR UINT32 TPM_AUTHORIZATION_SIZE the authorizationSize parameter in a command UINT32 TPM_PARAMETER_SIZE the parameterSizeset parameter in a command UINT16 TPM_KEY_SIZE a key size in octets UINT16 TPM_KEY_BITS a key size in bits Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 17 October 31, 2013 Part 2: Structures 6 Trusted Platform Module Library Constants 6.1 TPM_SPEC (Specification Version Values) These values are readable with TPM2_GetCapability(). NOTE This table will require editing when the specification is updated. Table 5 — Definition of (UINT32) TPM_SPEC Constants <> Name Value Comments ASCII “2.0” with null terminator TPM_SPEC_FAMILY 0x322E3000 TPM_SPEC_LEVEL 00 the level number for the specification TPM_SPEC_VERSION 99 the version number of the spec (00.99 * 100) TPM_SPEC_YEAR 2013 the year of the version TPM_SPEC_DAY_OF_YEAR 304 the day of the year (October 31, 2013) 6.2 TPM_GENERATED This constant value differentiates TPM-generated structures from non-TPM structures. Table 6 — Definition of (UINT32) TPM_GENERATED Constants <O> Name Value Comments TPM_GENERATED_VALUE 0xff544347 0xFF ‘TCG’ (FF 54 43 4716) Page 18 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 6.3 Part 2: Structures TPM_ALG_ID The TCG maintains a registry of all algorithms that have an assigned algorithm ID. That registry is the definitive list of algorithms that may be supported by a TPM. NOTE Inclusion of an algorithm does NOT indicate that the necessary claims of the algorithm are av ailable under RAND terms from a TCG member. Table 7 is a copy of the TPM_ALG_ID constants table in the TCG registry as of the date of publication of this specification. Table 7 is provided for illustrative purposes only. {{Note for TCG Admin: Table 7 and the text in the paragraph above should be updated to reflect the final decisions by the TCG Board of Directors about inclusion of the table and the contents of the table. The desired approach is to leave the text as is and, immediately before publication of this specification for TCG admin to verify that Table 7 is the same as the algorithm registry table published by the TCG.}} An algorithm ID is often used like a tag to determine the type of a structure in a context-sensitive way. The values for TPM_ALG_ID shall be in the range of 00 0016 – 7F FF16. Other structure tags will be in the range 80 0016 – FF FF16. NOTE In TPM 1.2, these were defined as 32-bit constants. This specification limits the future size of the algorithm ID to 16 bits. The TPM_ALGORITHM_ID data type will continue to be a 32-bit number. An algorithm shall not be assigned a value in the range 00 C116 – 00 C616 in order to prevent any overlap with the command structure tags used in TPM 1.2. The implementation of some algorithms is dependent on the presence of other algorithms. When there is a dependency, the algorithm that is required is listed in column labeled "D" (dependent) in Table 7. EXAMPLE Implementation of TPM_ALG_RSASSA requires that the RSA algorithm be implemented. TPM_ALG_KEYEDHASH and TPM_ALG_NULL are required of all TPM implementations. Table 7 — Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> Algorithm Name Value Type a D Comments TPM_ALG_ERROR 0x0000 should not occur TPM_ALG_FIRST 0x0001 TPM_ALG_RSA 0x0001 AO the RSA algorithm TPM_ALG_SHA 0x0004 H the SHA1 algorithm TPM_ALG_SHA1 0x0004 H redefinition for documentation consistency OID 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 16 TPM_ALG_HMAC 0x0005 HX the RFC 2104 Hash Message Authentication Code (HMAC) algorithm TPM_ALG_AES 0x0006 S the AES algorithm with a key size of 128 bits for TPM 1.2 the AES algorithm with multiple sizes of key for TPM 2.0 TPM_ALG_MGF1 0x0007 HM the mask-generation function defined in IEEE Std 1363-2000 TPM_ALG_KEYEDHASH 0x0008 HEXO an encryption or signing algorithm using a keyed hash, defined by TCG in the TPM 2.0 specification may also refer to a data object that is neither signing nor encrypting TPM_ALG_XOR 0x000A HS marker value the XOR obfuscation algorithm NOTE Family “2.0” Level 00 Revision 00.99 The implementation of XOR obfuscation in TPM 2.0 is not the same as the XOR encryption method in TPM 1.2. Published Copyright © TCG 2006-2013 Page 19 October 31, 2013 Part 2: Structures Algorithm Name Trusted Platform Module Library a Value Type TPM_ALG_SHA256 0x000B H D Comments the SHA 256 algorithm OID 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 2016 TPM_ALG_SHA384 0x000C H the SHA 384 algorithm OID 30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 3016 TPM_ALG_SHA512 0x000D H the SHA 512 algorithm OID 30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 4016 TPM_ALG_NULL 0x0010 TPM_ALG_SM3_256 0x0012 H hash algorithm standardized by OSCCA Block size is 512 bits. Output size is 256 bits. TPM_ALG_SM4 0x0013 S symmetric algorithm standardized by OSCCA Key and block size are 128 bits. TPM_ALG_RSASSA 0x0014 AX RSA a signature algorithm according to PKCS#1v2.1, 8.2 TPM_ALG_RSAES 0x0015 AE RSA a padding algorithm according to PKCS#1v2.1, 7.2 TPM_ALG_RSAPSS 0x0016 AX RSA signature algorithm (RSSASSA-PSS) according to PKCS#1v2.1, 8.1 TPM_ALG_OAEP 0x0017 AE RSA padding algorithm PKCS#1v2.1, 7.1 TPM_ALG_ECDSA 0x0018 AX ECC signature algorithm using elliptic curve cryptography (ECC) TPM_ALG_ECDH 0x0019 AM ECC secret sharing using ECC from SP800-56A Based on context, this can be either One-Pass DiffieHellman, C(1, 1, ECC CDH) defined in 6.2.2.2 or Full Unified Model C(2, 2, ECC CDH) defined in 6.1.1.2 TPM_ALG_ECDAA 0x001A AX ECC elliptic-curve based, anonymous signing scheme TPM_ALG_SM2 0x001B AXE Null algorithm (RSAES_OAEP) according to ECC depending on context, either an elliptic-curve based, signature algorithm or a key exchange protocol NOTE This would be one of the algorithms specified in CM/T 0002 – 2012. TPM_ALG_ECSCHNORR 0x001C AX ECC elliptic-curve-based Schnorr signature TPM_ALG_ECMQV 0x001D AE ECC two-phase elliptic-curve key exchange -- C(2, 2, ECC MQV) from SP800-56A TPM_ALG_KDF1_SP800_56a 0x0020 HM ECC key derivation alternative #1 from SP800-56A TPM_ALG_KDF2 0x0021 HM key derivation function from IEEE Std 1363a-2004 TPM_ALG_KDF1_SP800_108 0x0022 HM a key derivation method according to SP 800-108, "5.1 KDF in Counter Mode” TPM_ALG_ECC 0x0023 AO prime field ECC TPM_ALG_SYMCIPHER 0x0025 O TPM_ALG_CTR 0x0040 SE Counter mode – if implemented, all symmetric block ciphers (S type) implemented shall be capable of using this mode. TPM_ALG_OFB 0x0041 SE Output Feedback mode – if implemented, all symmetric block ciphers (S type) implemented shall be capable of using this mode. TPM_ALG_CBC 0x0042 SE Cipher Block Chaining mode – if implemented, all symmetric block ciphers (S type) implemented shall be capable of using this mode. Page 20 October 31, 2013 the object type for a symmetric block cipher Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures a Algorithm Name Value Type TPM_ALG_CFB 0x0043 SE D Comments Cipher Feedback mode – if implemented, all symmetric block ciphers (S type) implemented shall be capable of using this mode. TPM_ALG_ECB 0x0044 SE Electronic Codebook mode – if implemented, all symmetric block ciphers (S type) implemented shall be capable of using this mode. NOTE This mode is not recommended for uses unless the key is frequently rotated such as in video codecs. TPM_ALG_LAST 0x0044 marker value reserved 0x00C1 0x00C1 – 0x00C6 are reserved reserved 0x00C2 reserved 0x00C3 reserved 0x00C4 reserved 0x00C5 reserved 0x00C6 NOTE a Column Indicates the algorithm type and use of the algorithm inside of the TPM. The values are: A – asymmetric algorithm with a public and private key S – symmetric algorithm with only a private key H – hash algorithm that compresses input data to a digest value X – signing algorithm E – an encryption algorithm M – a method such as a mask generation function O – an object type Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 21 October 31, 2013 Part 2: Structures 6.4 Trusted Platform Module Library TPM_ECC_CURVE The TCG maintains a registry of all curves that have an assigned curve identifier. That registry is the definitive list of curves that may be supported by a TPM. Table 8 is a copy of the TPM_ECC_CURVE constants table in the TCG registry as of the date of publication of this specification. Table 8 is provided for illustrative purposes only. {{Note for TCG Admin: Table 8 and the text in the paragraph above should be updated to reflect the final decisions by the TCG Board of Directors about inclusion of the table and the contents of the table. The desired approach is to leave the text as is and, immediately before publication of this specification for TCG admin to verify that Table 8 is the same as the curve registry table published by the TCG.}} Table 8 — Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> Name Value Comments TPM_ECC_NONE 0x0000 TPM_ECC_NIST_P192 0x0001 TPM_ECC_NIST_P224 0x0002 TPM_ECC_NIST_P256 0x0003 TPM_ECC_NIST_P384 0x0004 TPM_ECC_NIST_P521 0x0005 TPM_ECC_BN_P256 0x0010 curve to support ECDAA TPM_ECC_BN_P638 0x0011 curve to support ECDAA TPM_ECC_SM2_P256 0x0020 #TPM_RC_CURVE 6.5 6.5.1 TPM_CC (Command Codes) Format A command is a 32-bit structure with fields assigned as shown in Figure 1. 3 3 2 2 1 0 9 8 Res V 1 1 6 5 Reserved 0 0 Command Index Figure 1 — Command Format Table 9 — TPM Command Format Fields Description Bit 15:0 Name Definition Command Index the index of the command 28:16 Reserved 29 V 31:30 Res Page 22 October 31, 2013 shall be zero SET(1): the command is vendor specific CLEAR(0): the command is not vendor specific shall be zero Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 6.5.2 Part 2: Structures Description Table 10 provides the legend for the interpretation of the column data in Table 11. Table 10 — Legend for Command Code Tables Column Allowed Values Comments Name Command Code Name Name of the command Command Code Numeric value the numeric value for the commandCode NV Write blank, Y, O indicates whether the command may cause an NV write operation If this column contains a “Y,” then successful completion of the command is expected to cause modification of the NV memory because of the command actions. If the column contains an “O,” then the command may cause a modification to NV associated with an orderly shutdown. That is, the command may modify the orderly save state of NV, in which case, an NV write will be necessary. NOTE 1 Any command may be delayed in order for the TPM to complete NV actions due to a previous command or because of an asynchronous update of Clock. NOTE 2 Any command with an authorization value may cause an NV write on an authorization failure but the command does not complete successfully. If the entry is blank, then writing to NV is not allowed in the command actions. Physical Presence blank, Y indicates whether the platformAuth for this command may require confirmation through a physical presence indication Encrypted blank, 2, 4 A numeric value that indicates the number of octets in the size field of the first parameter of a command Blank indicates that no size field is present and no parameter encryption is allowed. Encrypt blank, 2, 4 A numeric value that indicates the number of octets in the size field of the first parameter of a response Blank indicates that no size field is present and no parameter encryption is allowed. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 23 October 31, 2013 Part 2: Structures 6.5.3 Trusted Platform Module Library TPM_CC Listing Table 11 lists the command codes and their attributes. The only normative column in this table is the column indicating the command code assigned to a specific command (the "Command Code" column). For all other columns, the command and response tables in Part 3 are definitive. Encrypt Encrypted Physical Presence NV Write Table 11 — Definition of (UINT32) TPM_CC Constants (Numeric Order) <IN/OUT, S> Name Command Code TPM_CC_FIRST 0x0000011F Compile variable. May decrease based on implementation. TPM_CC_PP_FIRST 0x0000011F Compile variable. Would decrease if new PP commands are added TPM_CC_NV_UndefineSpaceSpecial 0x0000011F Y Y TPM_CC_EvictControl 0x00000120 Y Y TPM_CC_HierarchyControl 0x00000121 Y Y TPM_CC_NV_UndefineSpace 0x00000122 Y Y TPM_CC_ChangeEPS 0x00000124 Y Y TPM_CC_ChangePPS 0x00000125 Y Y TPM_CC_Clear 0x00000126 Y Y TPM_CC_ClearControl 0x00000127 Y Y TPM_CC_ClockSet 0x00000128 Y Y TPM_CC_HierarchyChangeAuth 0x00000129 Y Y 2 TPM_CC_NV_DefineSpace 0x0000012A Y Y 2 TPM_CC_PCR_Allocate 0x0000012B Y Y TPM_CC_PCR_SetAuthPolicy 0x0000012C Y Y TPM_CC_PP_Commands 0x0000012D Y Y TPM_CC_SetPrimaryPolicy 0x0000012E Y Y 2 TPM_CC_FieldUpgradeStart 0x0000012F O Y 2 TPM_CC_ClockRateAdjust 0x00000130 O Y TPM_CC_CreatePrimary 0x00000131 TPM_CC_NV_GlobalWriteLock 0x00000132 TPM_CC_PP_LAST 0x00000132 TPM_CC_GetCommandAuditDigest 0x00000133 Y TPM_CC_NV_Increment 0x00000134 Y Page 24 October 31, 2013 Y O Comments 2 2 2 Y Compile variable 2 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Command Code TPM_CC_NV_SetBits 0x00000135 Y TPM_CC_NV_Extend 0x00000136 Y TPM_CC_NV_Write 0x00000137 Y TPM_CC_NV_WriteLock 0x00000138 Y TPM_CC_DictionaryAttackLockReset 0x00000139 O TPM_CC_DictionaryAttackParameters 0x0000013A Y TPM_CC_NV_ChangeAuth 0x0000013B Y 2 TPM_CC_PCR_Event 0x0000013C O 2 TPM_CC_PCR_Reset 0x0000013D O TPM_CC_SequenceComplete 0x0000013E O TPM_CC_SetAlgorithmSet 0x0000013F Y TPM_CC_SetCommandCodeAuditStatus 0x00000140 Y TPM_CC_FieldUpgradeData 0x00000141 O TPM_CC_IncrementalSelfTest 0x00000142 O TPM_CC_SelfTest 0x00000143 O TPM_CC_Startup 0x00000144 Y TPM_CC_Shutdown 0x00000145 Y TPM_CC_StirRandom 0x00000146 Y TPM_CC_ActivateCredential 0x00000147 TPM_CC_Certify 0x00000148 TPM_CC_PolicyNV 0x00000149 TPM_CC_CertifyCreation 0x0000014A TPM_CC_Duplicate 0x0000014B TPM_CC_GetTime 0x0000014C O 2 TPM_CC_GetSessionAuditDigest 0x0000014D O 2 TPM_CC_NV_Read 0x0000014E TPM_CC_NV_ReadLock 0x0000014F TPM_CC_ObjectChangeAuth 0x00000150 2 TPM_CC_PolicySecret 0x00000151 2 TPM_CC_Rewrap 0x00000152 2 Family “2.0” Level 00 Revision 00.99 Encrypt Name NV Write Encrypted Part 2: Structures Physical Presence Trusted Platform Module Library 2 PCR PCR 2 2 2 2 2 O 2 2 2 2 O Comments Policy 2 2 2 2 2 O Published Copyright © TCG 2006-2013 2 Policy 2 Page 25 October 31, 2013 Trusted Platform Module Library Command Code Encrypt TPM_CC_Create 0x00000153 2 2 TPM_CC_ECDH_ZGen 0x00000154 2 2 TPM_CC_HMAC 0x00000155 2 2 TPM_CC_Import 0x00000156 2 2 TPM_CC_Load 0x00000157 2 2 TPM_CC_Quote 0x00000158 2 2 TPM_CC_RSA_Decrypt 0x00000159 TPM_CC_HMAC_Start 0x0000015B 2 TPM_CC_SequenceUpdate 0x0000015C 2 TPM_CC_Sign 0x0000015D 2 TPM_CC_Unseal 0x0000015E TPM_CC_PolicySigned 0x00000160 TPM_CC_ContextLoad 0x00000161 O Context TPM_CC_ContextSave 0x00000162 O Context TPM_CC_ECDH_KeyGen 0x00000163 2 TPM_CC_EncryptDecrypt 0x00000164 2 TPM_CC_FlushContext 0x00000165 TPM_CC_LoadExternal 0x00000167 2 2 TPM_CC_MakeCredential 0x00000168 2 2 TPM_CC_NV_ReadPublic 0x00000169 TPM_CC_PolicyAuthorize 0x0000016A TPM_CC_PolicyAuthValue 0x0000016B Policy TPM_CC_PolicyCommandCode 0x0000016C Policy TPM_CC_PolicyCounterTimer 0x0000016D 2 Policy TPM_CC_PolicyCpHash 0x0000016E 2 Policy TPM_CC_PolicyLocality 0x0000016F TPM_CC_PolicyNameHash 0x00000170 TPM_CC_PolicyOR 0x00000171 TPM_CC_PolicyTicket 0x00000172 TPM_CC_ReadPublic 0x00000173 Page 26 October 31, 2013 NV Write Name Encrypted Physical Presence Part 2: Structures O Comments 2 2 2 2 Policy O Context NV 2 Policy Policy 2 Policy Policy 2 Published Copyright © TCG 2006-2013 Policy 2 Family “2.0” Level 00 Revision 00.99 Encrypt 2 NV Write Encrypted Part 2: Structures Physical Presence Trusted Platform Module Library 2 2 2 Name Command Code TPM_CC_RSA_Encrypt 0x00000174 TPM_CC_StartAuthSession 0x00000176 TPM_CC_VerifySignature 0x00000177 TPM_CC_ECC_Parameters 0x00000178 TPM_CC_FirmwareRead 0x00000179 TPM_CC_GetCapability 0x0000017A TPM_CC_GetRandom 0x0000017B TPM_CC_GetTestResult 0x0000017C TPM_CC_Hash 0x0000017D TPM_CC_PCR_Read 0x0000017E PCR TPM_CC_PolicyPCR 0x0000017F Policy TPM_CC_PolicyRestart 0x00000180 TPM_CC_ReadClock 0x00000181 TPM_CC_PCR_Extend 0x00000182 O 2 TPM_CC_PCR_SetAuthValue 0x00000183 N 2 TPM_CC_NV_Certify 0x00000184 O TPM_CC_EventSequenceComplete 0x00000185 O TPM_CC_HashSequenceStart 0x00000186 TPM_CC_PolicyPhysicalPresence 0x00000187 Policy TPM_CC_PolicyDuplicationSelect 0x00000188 Policy TPM_CC_PolicyGetDigest 0x00000189 Policy TPM_CC_TestParms 0x0000018A TPM_CC_Commit 0x0000018B TPM_CC_PolicyPassword 0x0000018C TPM_CC_ZGen_2Phase 0x0000018D TPM_CC_EC_Ephemeral 0x0000018E TPM_CC_PolicyNvWritten 0x0000018F Policy TPM_CC_LAST 0x0000018F Compile variable. May increase based on implementation. O Comments 2 2 2 O 2 2 2 Policy 2 2 NOTE #TPM_RC_COMMAND_CODE Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 This is not a FMT1 code and a parameter indicator value may not be added to Page 27 October 31, 2013 Encrypt Encrypted Command Code Name Physical Presence Trusted Platform Module Library NV Write Part 2: Structures Comments this value. 6.6 TPM_RC (Response Codes) 6.6.1 Description Each return from the TPM has a 32-bit response code. The TPM will always set the upper 20 bits (31:12) of the response code to 0 00 0016 and the low-order 12 bits (11:00) will contain the response code. When a command succeeds, the TPM shall return TPM_RC_SUCCESS (0 0016) and will update any authorization-session nonce associated with the command. When a command fails to complete for any reason, the TPM shall return a TPM_ST (UINT16) with a value of TPM_TAG_RSP_COMMAND or TPM_ST_NO_SESSIONS, followed by a UINT32 (responseSize) with a value of 10, followed by a UINT32 containing a response code with a value other than TPM_RC_SUCCESS. Commands defined in this specification will use a tag of either TPM_ST_NO_SESSIONS or TPM_ST_SESSIONS. Error responses will use a tag value of TPM_ST_NO_SESSIONS and the response code will be as defined in this specification. Commands that use tags defined in the TPM 1.2 specification will use TPM_TAG_RSP_COMMAND in an error and a response code defined in TPM 1.2. If the tag of the command is not a recognized command tag, the TPM error response will differ depending on TPM 1.2 compatibility. If the TPM supports 1.2 compatibility, the TPM shall return a tag of TPM_TAG_RSP_COMMAND and an appropriate TPM 1.2 response code (TPM_BADTAG = 00 00 00 1E16). If the TPM does not have compatibility with TPM 1.2, the TPM shall return TPM_ST_NO_SESSION and a response code of TPM_RC_TAG. When a command fails, the TPM shall not update the authorization-session nonces associated with the command and will not close the authorization sessions used by the command. Audit digests will not be updated on an error. Unless noted in the command actions, a command that returns an error shall leave the state of the TPM as if the command had not been attempted. The exception to this principle is that a failure due to an authorization failure may update the dictionary-attack protection values. Page 28 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 6.6.2 Part 2: Structures Response Code Formats The response codes for this specification are defined such that there is no overlap between the response codes used for this specification and those assigned in previous TPM specifications. The formats defined in this clause only apply when the tag for the response is TPM_ST_NO_SESSIONS. The response codes use two different format groups. One group contains the TPM 1.2 compatible response codes and the response codes for this specification that are not related to command parameters. The second group contains the errors that may be associated with a command parameter, handle, or session. Figure 2 shows the format for the response codes when bit 7 is zero. 1 1 1 0 0 9 0 8 0 7 S bit T r V 0 6 0 5 F 0 4 0 3 0 2 0 1 0 0 E Figure 2 — Format-Zero Response Codes Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 29 October 31, 2013 Part 2: Structures Trusted Platform Module Library The field definitions are: Table 12 — Format-Zero Response Codes Bit Name Definition 06:00 E the error number The interpretation of this field is dependent on the setting of the G and S fields. 07 F format selector CLEAR when the format is as defined in this Table 12 or when the response code is TPM_RC_BAD_TAG. 08 V version SET (1): The error number is defined in this specification and is returned when the response tag is TPM_ST_NO_SESSIONS. CLEAR (0): The error number is defined by a previous TPM specification. The error number is returned when the response tag is TPM_TAG_RSP_COMMAND. NOTE 09 In any error number returned by a TPM, the F (bit 7) and V (bit 8) attributes shall be CLEAR when the response tag is TPM_TAG_RSP_COMMAND value used in TPM 1.2. Reserved shall be zero. 10 T TCG/Vendor indicator SET (1): The response code is defined by the TPM vendor. CLEAR (0): The response code is defined by the TCG (a value in this specification). NOTE 11 S This attribute does not indicate a vendor-specific code unless the F attribute (bit[07]) is CLEAR. severity SET (1): The response code is a warning and the command was not necessarily in error. This command indicates that the TPM is busy or that the resources of the TPM have to be adjusted in order to allow the command to execute. CLEAR (0): The response code indicates that the command had an error that would prevent it from running. When the format bit (bit 7) is SET, then the error occurred during the unmarshaling or validation of an input parameter to the TPM. Figure 3 shows the format for the response codes when bit 7 is one. bit 1 1 1 0 0 9 N 0 8 0 7 0 6 1 0 5 P 0 4 0 3 0 2 0 1 0 0 E Figure 3 — Format-One Response Codes There are 64 errors with this format. The errors can be associated with a parameter, handle, or session. The error number for this format is in bits[05:00]. When an error is associated with a parameter, 0 40 16 is added and N is set to the parameter number. For an error associated with a handle, a parameter number (1 to 7) is added to the N field. For an error associated with a session, a value of 8 plus the session number (1 to 7) is added to the N field. In other words, if P is clear, then a value of 0 to 7 in the N field will indicate a handle error, and a value of 8 – 15 will indicate a session error. NOTE If an implementation is not able to designate the handle, session, or parameter in error, then P and N will be zero. Page 30 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures The field definitions are: Table 13 — Format-One Response Codes Bit Name Definition 05:00 E the error number The error number is independent of the other settings. 06 P SET (1): The error is associated with a parameter. CLEAR (0): The error is associated with a handle or a session. 07 F the response code format selector This field shall be SET for the format in this table. 11:08 N the number of the handle, session, or parameter in error If P is SET, then this field is the parameter in error. If P is CLEAR, then this field indicates the handle or session in error. Handles use values of N between 0000 2 and 01112. Sessions use values between 10002 and 11112. The groupings of response codes are determined by bits 08, 07, and 06 of the response code as summarized in Table 14. Table 14 — Response Code Groupings Bit 0 8 0 7 0 6 Definition 0 0 x a response code defined by TPM 1.2 NOTE An “x” in a column indicates that this may be either 0 or 1 and not affect the grouping of the response code. 1 0 x a response code defined by this specification with no handle, session, or parameter number modifier x 1 0 a response code defined by this specification with either a handle or session number modifier x 1 1 a response code defined by this specification with a parameter number modifier Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 31 October 31, 2013 Part 2: Structures 6.6.3 Trusted Platform Module Library TPM_RC Values In general, response codes defined in Part 2 will be unmarshaling errors and will have the F (format) bit SET. Codes that are unique to Part 3 will have the F bit CLEAR but the V (version) attribute will be SET to indicate that it is a TPM 2.0 response code. NOTE The constant RC_VER1 is used to indicate that the V attribute is SET and the constant RC_ FMT1 is used to indicate that the F attribute is SET and that the return code is variable based on handle, session, and parameter modifiers. Table 15 — Definition of (UINT32) TPM_RC Constants (Actions) <OUT> Name Value Description TPM_RC_SUCCESS 0x000 TPM_RC_BAD_TAG 0x01E defined for compatibility with TPM 1.2 RC_VER1 0x100 set for all format 0 response codes TPM_RC_INITIALIZE RC_VER1 + 0x000 TPM not initialized commands not being accepted because of a TPM failure TPM_RC_FAILURE RC_VER1 + 0x001 NOTE TPM_RC_SEQUENCE RC_VER1 + 0x003 improper use of a sequence handle TPM_RC_PRIVATE RC_VER1 + 0x00B TPM_RC_HMAC RC_VER1 + 0x019 TPM_RC_DISABLED RC_VER1 + 0x020 TPM_RC_EXCLUSIVE RC_VER1 + 0x021 command failed because audit sequence required exclusivity TPM_RC_AUTH_TYPE RC_VER1 + 0x024 authorization handle is not correct for command TPM_RC_AUTH_MISSING RC_VER1 + 0x025 command requires an authorization session for handle and it is not present. TPM_RC_POLICY RC_VER1 + 0x026 policy Failure In Math Operation or an invalid authPolicy value TPM_RC_PCR RC_VER1 + 0x027 PCR check fail TPM_RC_PCR_CHANGED RC_VER1 + 0x028 PCR have changed since checked. TPM_RC_UPGRADE RC_VER1 + 0x02D for all commands other than TPM2_FieldUpgradeData(), this code indicates that the TPM is in field upgrade mode; for TPM2_FieldUpgradeData(), this code indicates that the TPM is not in field upgrade mode TPM_RC_TOO_MANY_CONTEXTS RC_VER1 + 0x02E context ID counter is at maximum. TPM_RC_AUTH_UNAVAILABLE RC_VER1 + 0x02F authValue or authPolicy is not available for selected entity. TPM_RC_REBOOT RC_VER1 + 0x030 a _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation. RC_VER1 + 0x031 the protection algorithms (hash and symmetric) are not reasonably balanced. The digest size of the hash must be larger than the key size of the symmetric algorithm. TPM_RC_UNBALANCED Page 32 October 31, 2013 This may be returned by TPM2_GetTestResult() as the testResult parameter. Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Name Part 2: Structures Value Description TPM_RC_COMMAND_SIZE RC_VER1 + 0x042 command commandSize value is inconsistent with contents of the command buffer; either the size is not the same as the octets loaded by the hardware interface layer or the value is not large enough to hold a command header TPM_RC_COMMAND_CODE RC_VER1 + 0x043 command code not supported TPM_RC_AUTHSIZE RC_VER1 + 0x044 the value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required TPM_RC_AUTH_CONTEXT RC_VER1 + 0x045 use of an authorization session with a context command TPM_RC_NV_RANGE RC_VER1 + 0x046 NV offset+size is out of range. TPM_RC_NV_SIZE RC_VER1 + 0x047 Requested allocation size is larger than allowed. TPM_RC_NV_LOCKED RC_VER1 + 0x048 NV access locked. TPM_RC_NV_AUTHORIZATION RC_VER1 + 0x049 NV access authorization fails in command actions (this failure does not affect lockout.action) TPM_RC_NV_UNINITIALIZED RC_VER1 + 0x04A an NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored TPM_RC_NV_SPACE RC_VER1 + 0x04B insufficient space for NV allocation TPM_RC_NV_DEFINED RC_VER1 + 0x04C NV Index or persistend object already defined TPM_RC_BAD_CONTEXT RC_VER1 + 0x050 context in TPM2_ContextLoad() is not valid TPM_RC_CPHASH RC_VER1 + 0x051 cpHash value already set or not correct for use TPM_RC_PARENT RC_VER1 + 0x052 handle for parent is not a valid parent TPM_RC_NEEDS_TEST RC_VER1 + 0x053 some function needs testing. RC_VER1 + 0x054 returned when an internal function cannot process a request due to an unspecified problem. This code is usually related to invalid parameters that are not properly filtered by the input unmarshaling code. TPM_RC_SENSITIVE RC_VER1 + 0x055 the sensitive area did not unmarshal correctly after decryption – this code is used in lieu of the other unmarshaling errors so that an attacker cannot determine where the unmarshaling error occurred RC_MAX_FM0 RC_VER1 + 0x07F largest version 1 code that is not a warning TPM_RC_NO_RESULT New Subsection RC_FMT1 0x080 This bit is SET in all format 1 response codes The codes in this group may have a value added to them to indicate the handle, session, or parameter to which they apply. TPM_RC_ASYMMETRIC RC_FMT1 + 0x001 asymmetric algorithm not supported or not correct TPM_RC_ATTRIBUTES RC_FMT1 + 0x002 inconsistent attributes TPM_RC_HASH RC_FMT1 + 0x003 hash algrithm not supported or not appropriate TPM_RC_VALUE RC_FMT1 + 0x004 value is out of range or is not correct for the context TPM_RC_HIERARCHY RC_FMT1 + 0x005 hierarchy is not enabled or is not correct for the use Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 33 October 31, 2013 Part 2: Structures Trusted Platform Module Library Name Value Description TPM_RC_KEY_SIZE RC_FMT1 + 0x007 key size is not supported TPM_RC_MGF RC_FMT1 + 0x008 mask generation function not supported TPM_RC_MODE RC_FMT1 + 0x009 mode of operation not supported TPM_RC_TYPE RC_FMT1 + 0x00A the type of the value is not appropriate for the use TPM_RC_HANDLE RC_FMT1 + 0x00B the handle is not correct for the use TPM_RC_KDF RC_FMT1 + 0x00C unsupported key derivation function or function not appropriate for use TPM_RC_RANGE RC_FMT1 + 0x00D value was out of allowed range. TPM_RC_AUTH_FAIL RC_FMT1 + 0x00E the authorization HMAC check failed and DA counter incremented TPM_RC_NONCE RC_FMT1 + 0x00F invalid nonce size TPM_RC_PP RC_FMT1 + 0x010 authorization requires assertion of PP TPM_RC_SCHEME RC_FMT1 + 0x012 unsupported or incompatible scheme TPM_RC_SIZE RC_FMT1 + 0x015 structure is the wrong size TPM_RC_SYMMETRIC RC_FMT1 + 0x016 unsupported symmetric algorithm or key size, or not appropriate for instance TPM_RC_TAG RC_FMT1 + 0x017 incorrect structure tag TPM_RC_SELECTOR RC_FMT1 + 0x018 union selector is incorrect TPM_RC_INSUFFICIENT RC_FMT1 + 0x01A the TPM was unable to unmarshal a value because there were not enough octets in the input buffer TPM_RC_SIGNATURE RC_FMT1 + 0x01B the signature is not valid TPM_RC_KEY RC_FMT1 + 0x01C key fields are not compatible with the selected use TPM_RC_POLICY_FAIL RC_FMT1 + 0x01D a policy check failed TPM_RC_INTEGRITY RC_FMT1 + 0x01F integrity check failed TPM_RC_TICKET RC_FMT1 + 0x020 invalid ticket TPM_RC_RESERVED_BITS RC_FMT1 + 0x021 reserved bits not set to zero as required TPM_RC_BAD_AUTH RC_FMT1 + 0x022 authroization failure without DA implications TPM_RC_EXPIRED RC_FMT1 + 0x023 the policy has expired TPM_RC_POLICY_CC RC_FMT1 + 0x024 the commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented TPM_RC_BINDING RC_FMT1 + 0x025 public and sensitive portions of an object are not cryptographically bound TPM_RC_CURVE RC_FMT1 + 0x026 curve not supported TPM_RC_ECC_POINT RC_FMT1 + 0x027 point is not on the required curve. New Subsection RC_WARN 0x900 set for warning response codes TPM_RC_CONTEXT_GAP RC_WARN + 0x001 gap for context ID is too large TPM_RC_OBJECT_MEMORY RC_WARN + 0x002 out of memory for object contexts Page 34 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Name Value Description TPM_RC_SESSION_MEMORY RC_WARN + 0x003 out of memory for session contexts TPM_RC_MEMORY RC_WARN + 0x004 out of shared object/session memory or need space for internal operations TPM_RC_SESSION_HANDLES RC_WARN + 0x005 out of session handles – a session must be flushed before a new session may be created out of object handles – the handle space for objects is depleted and a reboot is required NOTE TPM_RC_LOCALITY TPM_RC_YIELDED This cannot occur implementation. NOTE TPM_RC_OBJECT_HANDLES There is no reason why an implementation would implement a design that would deplete handle space. Platform specifications are encouraged to forbid it. RC_WARN + 0x006 RC_WARN + 0x007 RC_WARN + 0x008 on the reference bad locality the TPM has suspended operation on the command; forward progress was made and the command may be retried. See Part 1, “Multi-tasking.” NOTE This cannot occur implementation. on the reference TPM_RC_CANCELED RC_WARN + 0x009 the command was canceled TPM_RC_TESTING RC_WARN + 0x00A TPM is performing self-tests TPM_RC_REFERENCE_H0 RC_WARN + 0x010 the 1 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_H1 RC_WARN + 0x011 the 2 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_H2 RC_WARN + 0x012 the 3 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_H3 RC_WARN + 0x013 the 4 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_H4 RC_WARN + 0x014 the 5 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_H5 RC_WARN + 0x015 the 6 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_H6 RC_WARN + 0x016 the 7 handle in the handle area references a transient object or session that is not loaded TPM_RC_REFERENCE_S0 RC_WARN + 0x018 the 1 authorization session handle references a session that is not loaded TPM_RC_REFERENCE_S1 RC_WARN + 0x019 the 2 authorization session handle references a session that is not loaded TPM_RC_REFERENCE_S2 RC_WARN + 0x01A the 3 authorization session handle references a session that is not loaded TPM_RC_REFERENCE_S3 RC_WARN + 0x01B the 4th authorization session handle references a session that is not loaded TPM_RC_REFERENCE_S4 RC_WARN + 0x01C the 5 session handle references a session that is not loaded TPM_RC_REFERENCE_S5 RC_WARN + 0x01D the 6 session handle references a session that is not loaded st nd rd th th th th st nd rd th th Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 35 October 31, 2013 Part 2: Structures Trusted Platform Module Library Name Value Description TPM_RC_REFERENCE_S6 RC_WARN + 0x01E the 7 authorization session handle references a session that is not loaded TPM_RC_NV_RATE RC_WARN + 0x020 the TPM is rate-limiting accesses to prevent wearout of NV TPM_RC_LOCKOUT RC_WARN + 0x021 authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode TPM_RC_RETRY RC_WARN + 0x022 the TPM was not able to start the command TPM_RC_NV_UNAVAILABLE RC_WARN + 0x023 the command may require writing of NV and NV is not current accessible TPM_RC_NOT_USED RC_WARN + 0x7F this value is reserved and shall not be returned by the TPM th Additional Defines TPM_RC_H 0x000 add to a handle-related error TPM_RC_P 0x040 add to a parameter-related error TPM_RC_S 0x800 add to a session-related error TPM_RC_1 0x100 add to a parameter-, handle-, or session-related error TPM_RC_2 0x200 add to a parameter-, handle-, or session-related error TPM_RC_3 0x300 add to a parameter-, handle-, or session-related error TPM_RC_4 0x400 add to a parameter-, handle-, or session-related error TPM_RC_5 0x500 add to a parameter-, handle-, or session-related error TPM_RC_6 0x600 add to a parameter-, handle-, or session-related error TPM_RC_7 0x700 add to a parameter-, handle-, or session-related error TPM_RC_8 0x800 add to a parameter-related error TPM_RC_9 0x900 add to a parameter-related error TPM_RC_A 0xA00 add to a parameter-related error TPM_RC_B 0xB00 add to a parameter-related error TPM_RC_C 0xC00 add to a parameter-related error TPM_RC_D 0xD00 add to a parameter-related error TPM_RC_E 0xE00 add to a parameter-related error TPM_RC_F 0xF00 add to a parameter-related error TPM_RC_N_MASK 0xF00 number mask Page 36 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 6.7 Part 2: Structures TPM_CLOCK_ADJUST A TPM_CLOCK_ADJUST value is used to change the rate at which the TPM internal oscillator is divided. A change to the divider will change the rate at which Clock and Time change. NOTE The recommended adjustments are approximately 1% for a course adjustment, 0.1% for a medium adjustment, and the minimum possible on the implementation for the fine adjustment (e.g., one count of the pre-scalar if possible). Table 16 — Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> Name Value Comments TPM_CLOCK_COARSE_SLOWER -3 Slow the Clock update rate by one coarse adjustment step. TPM_CLOCK_MEDIUM_SLOWER -2 Slow the Clock update rate by one medium adjustment step. TPM_CLOCK_FINE_SLOWER -1 Slow the Clock update rate by one fine adjustment step. TPM_CLOCK_NO_CHANGE 0 No change to the Clock update rate. TPM_CLOCK_FINE_FASTER 1 Speed the Clock update rate by one fine adjustment step. TPM_CLOCK_MEDIUM_FASTER 2 Speed the Clock update rate by one medium adjustment step. TPM_CLOCK_COARSE_FASTER 3 Speed the Clock update rate by one coarse adjustment step. #TPM_RC_VALUE 6.8 TPM_EO (EA Arithmetic Operands) Table 17 — Definition of (UINT16) TPM_EO Constants <IN/OUT> Operation Name Value Comments TPM_EO_EQ 0x0000 A=B TPM_EO_NEQ 0x0001 A≠B TPM_EO_SIGNED_GT 0x0002 A > B signed TPM_EO_UNSIGNED_GT 0x0003 A > B unsigned TPM_EO_SIGNED_LT 0x0004 A < B signed TPM_EO_UNSIGNED_LT 0x0005 A < B unsigned TPM_EO_SIGNED_GE 0x0006 A ≥ B signed TPM_EO_UNSIGNED_GE 0x0007 A ≥ B unsigned TPM_EO_SIGNED_LE 0x0008 A ≤ B signed TPM_EO_UNSIGNED_LE 0x0009 A ≤ B unsigned TPM_EO_BITSET 0x000A All bits SET in B are SET in A. ((A&B)=B) TPM_EO_BITCLEAR 0x000B All bits SET in B are CLEAR in A. ((A&B)=0) #TPM_RC_VALUE Family “2.0” Level 00 Revision 00.99 Response code returned when unmarshaling of this type fails Published Copyright © TCG 2006-2013 Page 37 October 31, 2013 Part 2: Structures 6.9 Trusted Platform Module Library TPM_ST (Structure Tags) Structure tags are used to disambiguate structures. They are 16-bit values with the most significant bit SET so that they do not overlap TPM_ALG_ID values. A single exception is made for the value associated with TPM_ST_RSP_COMMAND (0x00C4), which has the same value as the TPM_TAG_RSP_COMMAND tag from earlier versions of this specification. This value is used when the TPM is compatible with a previous TPM specification and the TPM cannot determine which family of response code to return because the command tag is not valid. Many of the structures defined in this document have parameters that are unions of other structures. That is, a parameter may be one of several structures. The parameter will have a selector value that indicates which of the options is actually present. In order to allow the marshaling and unmarshaling code to determine which of the possible structures is allowed, each selector will have a unique interface type and will constrain the number of possible tag values. Table 18 defines the structure tags values. The definition of many structures is context-sensitive using an algorithm ID. In cases where an algorithm ID is not a meaningful way to designate the structure, the values in this table are used. Table 18 — Definition of (UINT16) TPM_ST Constants <IN/OUT, S> Name TPM_ST_RSP_COMMAND Value Comments 0x00C4 tag value for a response; used when there is an error in the tag. This is also the value returned from a TPM 1.2 when an error occurs. This value is used in this specification because an error in the command tag may prevent determination of the family. When this tag is used in the response, the response code will be TPM_RC_BAD_TAG (0 1E16), which has the same numeric value as the TPM 1.2 response code for TPM_BADTAG. NOTE In a previously published version of this specification, TPM_RC_BAD_TAG was incorrectly assigned a value of 0x030 instead of 30 (0x01e). Some implementations my return the old value instead of the new value. TPM_ST_NULL 0X8000 no structure type specified TPM_ST_NO_SESSIONS 0x8001 tag value for a command/response for a command defined in this specification; indicating that the command/response has no attached sessions and no authorizationSize/parameterSize value is present If the responseCode from the TPM is not TPM_RC_SUCCESS, then the response tag shall have this value. TPM_ST_SESSIONS 0x8002 tag value for a command/response for a command defined in this specification; indicating that the command/response has one or more attached sessions and the authorizationSize/parameterSize field is present Page 38 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Name reserved Part 2: Structures Value Comments 0x8003 When used between application software and the TPM resource manager, this tag indicates that the command has no sessions and the handles are using the Name format rather than the 32-bit handle format. NOTE 1 The response to application software will have a tag of TPM_ST_NO_SESSIONS. Between the TRM and TPM, this tag would occur in a response from a TPM that overlaps the tag parameter of a request with the tag parameter of a response, when the response has no associated sessions. NOTE 2 reserved 0x8004 This tag is not used by all TPM or TRM implementations. When used between application software and the TPM resource manager, this tag indicates that the command has sessions and the handles are using the Name format rather than the 32-bit handle format. NOTE 1 If the command completes successfully, the response to application software will have a tag of TPM_ST_SESSIONS. Between the TRM and TPM, would occur in a response from a TPM that overlaps the tag parameter of a request with the tag parameter of a response, when the response has authorization sessions. NOTE 2 This tag is not used by all TPM or TRM implementations. TPM_ST_ATTEST_NV 0x8014 tag for an attestation structure TPM_ST_ATTEST_COMMAND_AUDIT 0x8015 tag for an attestation structure TPM_ST_ATTEST_SESSION_AUDIT 0x8016 tag for an attestation structure TPM_ST_ATTEST_CERTIFY 0x8017 tag for an attestation structure TPM_ST_ATTEST_QUOTE 0x8018 tag for an attestation structure TPM_ST_ATTEST_TIME 0x8019 tag for an attestation structure TPM_ST_ATTEST_CREATION 0x801A tag for an attestation structure reserved 0x801B do not use NOTE This was previously assigned to TPM_ST_ATTEST_NV. The tag is changed because the structure has changed TPM_ST_CREATION 0x8021 tag for a ticket type TPM_ST_VERIFIED 0x8022 tag for a ticket type TPM_ST_AUTH_SECRET 0x8023 tag for a ticket type TPM_ST_HASHCHECK 0x8024 tag for a ticket type TPM_ST_AUTH_SIGNED 0x8025 tag for a ticket type TPM_ST_FU_MANIFEST 0x8029 tag for a structure describing a Field Upgrade Policy Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 39 October 31, 2013 Part 2: Structures Trusted Platform Module Library 6.10 TPM_SU (Startup Type) These values are used in TPM2_Startup() to indicate the shutdown and startup mode. The defined startup sequences are: a) TPM Reset – Two cases: 1) Shutdown(CLEAR) followed by Startup(CLEAR) 2) Startup(CLEAR) with no Shutdown() b) TPM Restart – Shutdown(STATE) followed by Startup(CLEAR) c) TPM Resume – Shutdown(STATE) followed by Startup(STATE) TPM_SU values of 80 0016 and above are reserved for internal use of the TPM and may not be assigned values. NOTE In the reference code, a value of FF FF 16 indicates that the startup state has not been set. If this was defined in this table to be, say, TPM_SU_NONE, then TPM_SU_NONE would be a valid input value but the caller is not allowed to indicate the that the startup type is TPM_SU_NONE so the reserved value is defined in the implementation as required for internal TPM uses. Table 19 — Definition of (UINT16) TPM_SU Constants <IN> Name Value Description TPM_SU_CLEAR 0x0000 on TPM2_Shutdown(), indicates that the TPM should prepare for loss of power and save state required for an orderly startup (TPM Reset). on TPM2_Startup(), indicates that the TPM should start from perform TPM Reset or TPM Restart TPM_SU_STATE 0x0001 on TPM2_Shutdown(), indicates that the TPM should prepare for loss of power and save state required for an orderly startup (TPM Restart or TPM Resume) on TPM2_Startup(), indicates that the TPM should restore the state saved by TPM2_Shutdown(TPM_SU_STATE) #TPM_RC_VALUE response code when incorrect value is used 6.11 TPM_SE (Session Type) This type is used in TPM2_StartAuthSession() to indicate the type of the session to be created. Table 20 — Definition of (UINT8) TPM_SE Constants <IN> Name Value TPM_SE_HMAC 0x00 TPM_SE_POLICY 0x01 TPM_SE_TRIAL 0x03 #TPM_RC_VALUE Page 40 October 31, 2013 Description The policy session is being used to compute the policyHash and not for command authorization. This setting modifies some policy commands and prevents session from being used to authorize a command. response code when incorrect value is used Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 6.12 TPM_CAP (Capabilities) The TPM_CAP values are used in TPM2_GetCapability() to select the type of the value to be returned. The format of the response varies according to the type of the value. Table 21 — Definition of (UINT32) TPM_CAP Constants Capability Name Value Property Type Return Type TPM_CAP_FIRST 0x00000000 TPM_CAP_ALGS 0x00000000 TPM_ALG_ID TPM_CAP_HANDLES 0x00000001 TPM_HANDLE TPML_HANDLE TPM_CAP_COMMANDS 0x00000002 TPM_CC TPML_CCA TPM_CAP_PP_COMMANDS 0x00000003 TPM_CC TPML_CC TPM_CAP_AUDIT_COMMANDS 0x00000004 TPM_CC TPML_CC TPM_CAP_PCRS 0x00000005 reserved TPML_PCR_SELECTION TPM_CAP_TPM_PROPERTIES 0x00000006 TPM_PT TPML_TAGGED_TPM_PROPERTY TPM_CAP_PCR_PROPERTIES 0x00000007 TPM_PT_PCR (1) TPM_CAP_ECC_CURVES 0x00000008 TPM_ECC_CURVE TPM_CAP_LAST TPML_ALG_PROPERTY TPML_TAGGED_PCR_PROPERTY (1) 0x00000008 TPM_CAP_VENDOR_PROPERTY 0x00000100 manufacturer specific TPML_ECC_CURVE manufacturer-specific values #TPM_RC_VALUE NOTES: (1) The TPM_ALG_ID or TPM_ECC_CURVE is cast to a UINT32 6.13 TPM_PT (Property Tag) The TPM_PT constants are used in TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES) to indicate the property being selected or returned. The values in the fixed group (PT_FIXED) are not changeable through programmatic means other than a firmware update. The values in the variable group (PT_VAR) may be changed with TPM commands but should be persistent over power cycles and only changed when indicated by the detailed actions code. Table 22 — Definition of (UINT32) TPM_PT Constants <IN/OUT, S> Capability Name Value Comments TPM_PT_NONE 0x00000000 indicates no property type PT_GROUP 0x00000100 The number of properties in each group. NOTE The first group with any properties is group 1 (PT_GROUP * 1). Group 0 is reserved. PT_FIXED PT_GROUP * 1 the group of fixed properties returned as TPMS_TAGGED_PROPERTY The values in this group are only changed due to a firmware change in the TPM. TPM_PT_FAMILY_INDICATOR PT_FIXED + 0 a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY) Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 41 October 31, 2013 Part 2: Structures Capability Name TPM_PT_LEVEL Trusted Platform Module Library Value Comments PT_FIXED + 1 the level of the specification NOTE 1 TPM_PT_REVISION For this specification, the level is zero. NOTE 2 The level is on the title page of the specification. PT_FIXED + 2 the specification Revision times 100 EXAMPLE Revision 01.01 would have a value of 101. NOTE TPM_PT_DAY_OF_YEAR The Revision value is on the title page of the specification. PT_FIXED + 3 the specification day of year using TCG calendar EXAMPLE November 15, 2010, has a day of year value of 319 (00 00 01 3F16). NOTE TPM_PT_YEAR The specification date is on the title page of the specification. PT_FIXED + 4 the specification year using the CE EXAMPLE The year 2010 has a value of 00 00 07 DA16. NOTE The specification date is on the title page of the specification. TPM_PT_MANUFACTURER PT_FIXED + 5 the vendor ID unique to each TPM manufacturer TPM_PT_VENDOR_STRING_1 PT_FIXED + 6 the first four characters of the vendor ID string NOTE When the vendor string is fewer than 16 octets, the additional property values do not have to be present. A vendor string of 4 octets can be represented in one 32-bit value and no null terminating character is required. TPM_PT_VENDOR_STRING_2 PT_FIXED + 7 the second four characters of the vendor ID string TPM_PT_VENDOR_STRING_3 PT_FIXED + 8 the third four characters of the vendor ID string TPM_PT_VENDOR_STRING_4 PT_FIXED + 9 the fourth four characters of the vendor ID sting TPM_PT_VENDOR_TPM_TYPE PT_FIXED + 10 vendor-defined value indicating the TPM model TPM_PT_FIRMWARE_VERSION_1 PT_FIXED + 11 the most-significant 32 bits of a vendor-specific value indicating the version of the firmware TPM_PT_FIRMWARE_VERSION_2 PT_FIXED + 12 the least-significant 32 bits of a vendor-specific value indicating the version of the firmware TPM_PT_INPUT_BUFFER PT_FIXED + 13 the maximum size of TPM2B_MAX_BUFFER) TPM_PT_HR_TRANSIENT_MIN PT_FIXED + 14 the minimum number of transient objects that can be held in TPM RAM NOTE TPM_PT_HR_PERSISTENT_MIN parameter (typically, a This minimum shall be no less than the minimum value required by the platform-specific specification to which the TPM is built. PT_FIXED + 15 the minimum number of persistent objects that can be held in TPM NV memory NOTE TPM_PT_HR_LOADED_MIN a This minimum shall be no less than the minimum value required by the platform-specific specification to which the TPM is built. PT_FIXED + 16 the minimum number of authorization sessions that can be held in TPM RAM NOTE Page 42 October 31, 2013 This minimum shall be no less than the minimum value required by the platform-specific specification to which the TPM is built. Published Family “2.0” Copyright © TCG 2006-2013 Level 00 Revision 00.99 Trusted Platform Module Library Capability Name TPM_PT_ACTIVE_SESSIONS_MAX Part 2: Structures Value Comments PT_FIXED + 17 the number of authorization sessions that may be active at a time A session is active when it has a context associated with its handle. The context may either be in TPM RAM or be context saved. NOTE This value shall be no less than the minimum value required by the platform-specific specification to which the TPM is built. TPM_PT_PCR_COUNT PT_FIXED + 18 the number of PCR implemented NOTE This number is determined by the defined attributes, not the number of PCR that are populated. TPM_PT_PCR_SELECT_MIN PT_FIXED + 19 the minimum number of TPMS_PCR_SELECT.sizeOfSelect NOTE TPM_PT_CONTEXT_GAP_MAX octets in a This value is not determined by the number of PCR implemented but by the number of PCR required by the platform-specific specification with which the TPM is compliant. PT_FIXED + 20 the maximum allowed difference (unsigned) between the contextID values of two saved session contexts 16 This value shall be at least 2 -1 (65535). PT_FIXED + 21 skipped TPM_PT_NV_COUNTERS_MAX PT_FIXED + 22 the maximum number of NV Indexes that are allowed to have the TPMA_NV_COUNTER attribute SET NOTE It is allowed for this value to be larger than the number of NV Indexes that can be defined. This would be indicative of a TPM implementation that did not use different implementation technology for different NV Index types. TPM_PT_NV_INDEX_MAX PT_FIXED + 23 the maximum size of an NV Index data area TPM_PT_MEMORY PT_FIXED + 24 a TPMA_MEMORY indicating the memory management method for the TPM TPM_PT_CLOCK_UPDATE PT_FIXED + 25 interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV TPM_PT_CONTEXT_HASH PT_FIXED + 26 the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead() TPM_PT_CONTEXT_SYM PT_FIXED + 27 the algorithm used for encryption of saved contexts TPM_PT_CONTEXT_SYM_SIZE PT_FIXED + 28 the size of the key used for encryption of saved contexts TPM_PT_ORDERLY_COUNT PT_FIXED + 29 the modulus - 1 of the count for NV update of an orderly counter The returned value is MAX_ORDERLY_COUNT. N This will have a value of 2 – 1 where 1 ≤ N ≤ 32 NOTE An “orderly counter” is an NV Index with TPMA_NV_COUNTER and TPMA_NV_ORDERLY both SET. TPM_PT_MAX_COMMAND_SIZE PT_FIXED + 30 the maximum value for commandSize in a command TPM_PT_MAX_RESPONSE_SIZE PT_FIXED + 31 the maximum value for responseSize in a response TPM_PT_MAX_DIGEST PT_FIXED + 32 the maximum size of a digest that can be produced by the TPM TPM_PT_MAX_OBJECT_CONTEXT PT_FIXED + 33 the maximum size of an object context that will be returned by TPM2_ContextSave Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 43 October 31, 2013 Part 2: Structures Capability Name Trusted Platform Module Library Value Comments TPM_PT_MAX_SESSION_CONTEXT PT_FIXED + 34 the maximum size of a session context that will be returned by TPM2_ContextSave TPM_PT_PS_FAMILY_INDICATOR PT_FIXED + 35 platform-specific family (a TPM_PS value)(see Table 24) NOTE The platform-specific values for the TPM_PT_PS parameters are in the relevant platform-specific specification. In the reference implementation, all of these values are 0. TPM_PT_PS_LEVEL PT_FIXED + 36 the level of the platform-specific specification TPM_PT_PS_REVISION PT_FIXED + 37 the specification Revision times 100 for the platformspecific specification TPM_PT_PS_DAY_OF_YEAR PT_FIXED + 38 the platform-specific specification day of year using TCG calendar TPM_PT_PS_YEAR PT_FIXED + 39 the platform-specific specification year using the CE TPM_PT_SPLIT_MAX PT_FIXED + 40 the number of split signing operations supported by the TPM TPM_PT_TOTAL_COMMANDS PT_FIXED + 41 total number of commands implemented in the TPM TPM_PT_LIBRARY_COMMANDS PT_FIXED + 42 number of commands from the TPM library that are implemented TPM_PT_VENDOR_COMMANDS PT_FIXED + 43 number of vendor commands that are implemented TPM_PT_NV_BUFFER_MAX PT_FIXED + 44 the maximum data size in one NV write command PT_VAR PT_GROUP * 2 the group of variable properties returned as TPMS_TAGGED_PROPERTY The properties in this group change because of a Protected Capability other than a firmware update. The values are not necessarily persistent across all power transitions. TPM_PT_PERMANENT PT_VAR + 0 TPMA_PERMANENT TPM_PT_STARTUP_CLEAR PT_VAR + 1 TPMA_STARTUP_CLEAR TPM_PT_HR_NV_INDEX PT_VAR + 2 the number of NV Indexes currently defined TPM_PT_HR_LOADED PT_VAR + 3 the number of authorization sessions currently loaded into TPM RAM TPM_PT_HR_LOADED_AVAIL PT_VAR + 4 the number of additional authorization sessions, of any type, that could be loaded into TPM RAM This value is an estimate. If this value is at least 1, then at least one authorization session of any type may be loaded. Any command that changes the RAM memory allocation can make this estimate invalid. NOTE TPM_PT_HR_ACTIVE Page 44 October 31, 2013 PT_VAR + 5 A valid implementation may return 1 even if more than one authorization session would fit into RAM. the number of active authorization sessions currently being tracked by the TPM This is the sum of the loaded and saved sessions. Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Capability Name TPM_PT_HR_ACTIVE_AVAIL Part 2: Structures Value Comments PT_VAR + 6 the number of additional authorization sessions, of any type, that could be created This value is an estimate. If this value is at least 1, then at least one authorization session of any type may be created. Any command that changes the RAM memory allocation can make this estimate invalid. NOTE TPM_PT_HR_TRANSIENT_AVAIL PT_VAR + 7 A valid implementation may return 1 even if more than one authorization session could be created. estimate of the number of additional transient objects that could be loaded into TPM RAM This value is an estimate. If this value is at least 1, then at least one object of any type may be loaded. Any command that changes the memory allocation can make this estimate invalid. NOTE A valid implementation may return 1 even if more than one transient object would fit into RAM. TPM_PT_HR_PERSISTENT PT_VAR + 8 the number of persistent objects currently loaded into TPM NV memory TPM_PT_HR_PERSISTENT_AVAIL PT_VAR + 9 the number of additional persistent objects that could be loaded into NV memory This value is an estimate. If this value is at least 1, then at least one object of any type may be made persistent. Any command that changes the NV memory allocation can make this estimate invalid. NOTE A valid implementation may return 1 even if more than one persistent object would fit into NV memory. TPM_PT_NV_COUNTERS PT_VAR + 10 the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET TPM_PT_NV_COUNTERS_AVAIL PT_VAR + 11 the number of additional NV Indexes that can be defined with their TPMA_NV_COUNTER and TPMA_NV_ORDERLY attribute SET This value is an estimate. If this value is at least 1, then at least one NV Index may be created with the TPMA_NV_COUNTER and TPMA_NV_ORDERLY attributes SET. Any command that changes the NV memory allocation can make this estimate invalid. NOTE A valid implementation may return 1 even if more than one NV counter could be defined. TPM_PT_ALGORITHM_SET PT_VAR + 12 code that limits the algorithms that may be used with the TPM TPM_PT_LOADED_CURVES PT_VAR + 13 the number of loaded ECC curves TPM_PT_LOCKOUT_COUNTER PT_VAR + 14 the current value of the lockout counter (failedTries) TPM_PT_MAX_AUTH_FAIL PT_VAR + 15 the number of authorization failures before DA lockout is invoked TPM_PT_LOCKOUT_INTERVAL PT_VAR + 16 the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented TPM_PT_LOCKOUT_RECOVERY PT_VAR + 17 the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again TPM_PT_NV_WRITE_RECOVERY PT_VAR + 18 number of milliseconds before the TPM will accept another command that will modify NV This value is an approximation and may go up or down over time. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 45 October 31, 2013 Part 2: Structures Capability Name Trusted Platform Module Library Value Comments TPM_PT_AUDIT_COUNTER_0 PT_VAR + 19 the high-order 32 bits of the command audit counter TPM_PT_AUDIT_COUNTER_1 PT_VAR + 20 the low-order 32 bits of the command audit counter Page 46 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 6.14 TPM_PT_PCR (PCR Property Tag) The TPM_PT_PCR constants are used in TPM2_GetCapability() to indicate the property being selected or returned. The PCR properties can be read when capability == TPM_CAP_PCR_PROPERTIES. Table 23 — Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> Capability Name Value Comments TPM_PT_PCR_FIRST 0x00000000 bottom of the range of TPM_PT_PCR properties TPM_PT_PCR_SAVE 0x00000000 a SET bit in the TPMS_PCR_SELECT indicates that the PCR is saved and restored by TPM_SU_STATE TPM_PT_PCR_EXTEND_L0 0x00000001 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 0 This property is only present if a locality other than 0 is implemented. TPM_PT_PCR_RESET_L0 0x00000002 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 0 TPM_PT_PCR_EXTEND_L1 0x00000003 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 1 This property is only present if locality 1 is implemented. TPM_PT_PCR_RESET_L1 0x00000004 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 1 This property is only present if locality 1 is implemented. TPM_PT_PCR_EXTEND_L2 0x00000005 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 2 This property is only present if localities 1 and 2 are implemented. TPM_PT_PCR_RESET_L2 0x00000006 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 2 This property is only present if localities 1 and 2 are implemented. TPM_PT_PCR_EXTEND_L3 0x00000007 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 3 This property is only present if localities 1, 2, and 3 are implemented. TPM_PT_PCR_RESET_L3 0x00000008 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 3 This property is only present if localities 1, 2, and 3 are implemented. TPM_PT_PCR_EXTEND_L4 0x00000009 a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 4 This property is only present if localities 1, 2, 3, and 4 are implemented. TPM_PT_PCR_RESET_L4 0x0000000A a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 4 This property is only present if localities 1, 2, 3, and 4 are implemented. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 47 October 31, 2013 Part 2: Structures Capability Name reserved Trusted Platform Module Library Value Comments 0x0000000B – the values in this range are reserved 0x00000010 They correspond to values that may be used to describe attributes associated with the extended localities (32255).synthesize additional software localities. The meaning of these properties need not be the same as the meaning for the Extend and Reset properties above. TPM_PT_PCR_NO_INCREMENT 0x00000011 a SET bit in the TPMS_PCR_SELECT indicates that modifications to this PCR (reset or Extend) will not increment the pcrUpdateCounter TPM_PT_PCR_DRTM_RESET 0x00000012 a SET bit in the TPMS_PCR_SELECT indicates that the PCR is reset by a DRTM event These PCR are reset to -1 on TPM2_Startup() and reset to 0 on a _TPM_Hash_End event following a _TPM_Hash_Start event. TPM_PT_PCR_POLICY 0x00000013 a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled by policy This property is only present if the TPM supports policy control of a PCR. TPM_PT_PCR_AUTH 0x00000014 a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled by an authorization value This property is only present if the TPM supports authorization control of a PCR. reserved 0x00000015 reserved for the next (2 ) TPM_PT_PCR_POLICY set reserved 0x00000016 reserved for the next (2 ) TPM_PT_PCR_AUTH set reserved nd nd nd th 0x00000017 – reserved for the 2 through 255 TPM_PT_PCR_POLICY and 0x00000210 TPM_PT_PCR_AUTH values th and highest allowed, th and highest allowed, reserved 0x00000211 reserved to the 256 , TPM_PT_PCR_POLICY set reserved 0x00000212 reserved to the 256 , TPM_PT_PCR_AUTH set reserved 0x00000213 new PCR property values may be assigned starting with this value TPM_PT_PCR_LAST 0x00000014 top of the range of TPM_PT_PCR properties of the implementation If the TPM receives a request for a PCR property with a value larger than this, the TPM will return a zero length list and set the moreData parameter to NO. NOTE Page 48 October 31, 2013 This is an implementation-specific value. The value shown reflects the reference code implementation. Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 6.15 TPM_PS (Platform Specific) The platform values in Table 24 are used for the TPM_PT_PS_FAMILY_INDICATOR. NOTE Values below six (6) have the same values as the purview assignments in TPM 1.2. Table 24 — Definition of (UINT32) TPM_PS Constants <OUT> Capability Name Value Comments TPM_PS_MAIN 0x00000000 not platform specific TPM_PS_PC 0x00000001 PC Client TPM_PS_PDA 0x00000002 PDA (includes all mobile devices that are not specifically cell phones) TPM_PS_CELL_PHONE 0x00000003 Cell Phone TPM_PS_SERVER 0x00000004 Server WG TPM_PS_PERIPHERAL 0x00000005 Peripheral WG TPM_PS_TSS 0x00000006 TSS WG TPM_PS_STORAGE 0x00000007 Storage WG TPM_PS_AUTHENTICATION 0x00000008 Authentication WG TPM_PS_EMBEDDED 0x00000009 Embedded WG TPM_PS_HARDCOPY 0x0000000A Hardcopy WG TPM_PS_INFRASTRUCTURE 0x0000000B Infrastructure WG TPM_PS_VIRTUALIZATION 0x0000000C Virtualization WG TPM_PS_TNC 0x0000000D Trusted Network Connect WG TPM_PS_MULTI_TENANT 0x0000000E Multi-tenant WG TPM_PS_TC 0x0000000F Technical Committee Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 49 October 31, 2013 Part 2: Structures 7 Trusted Platform Module Library Handles 7.1 Introduction Handles are 32-bit values used to reference shielded locations of various types within the TPM. Table 25 — Definition of Types for Handles Type Name Description UINT32 TPM_HANDLE Handles may refer to objects (keys or data blobs), authorization sessions (HMAC and policy), NV Indexes, permanent TPM locations, and PCR. 7.2 TPM_HT (Handle Types) The 32-bit handle space is divided into 256 regions of equal size with 2 ranges represents a handle type. 24 values in each. Each of these The type of the entity is indicated by the MSO of its handle. The values for the MSO and the entity referenced are shown in Table 26. Table 26 — Definition of (UINT8) TPM_HT Constants <S> Name Value Comments TPM_HT_PCR 0x00 PCR – consecutive numbers, starting at 0, that reference the PCR registers A platform-specific specification will set the minimum number of PCR and an implementation may have more. TPM_HT_NV_INDEX 0x01 NV Index – assigned by the caller TPM_HT_HMAC_SESSION 0x02 HMAC Authorization Session – assigned by the TPM when the session is created TPM_HT_LOADED_SESSION 0x02 Loaded Authorization Session – used only in the context of TPM2_GetCapability This type references both loaded HMAC and loaded policy authorization sessions. TPM_HT_POLICY_SESSION 0x03 Policy Authorization Session – assigned by the TPM when the session is created TPM_HT_ACTIVE_SESSION 0x03 Active Authorization Session – used only in the context of TPM2_GetCapability This type references saved authorization session contexts for which the TPM is maintaining tracking information. TPM_HT_PERMANENT 0x40 Permanent Values – assigned by this specification in Table 27 TPM_HT_TRANSIENT 0x80 Transient Objects – assigned by the TPM when an object is loaded into transient-object memory or when a persistent object is converted to a transient object TPM_HT_PERSISTENT 0x81 Persistent Objects – assigned by the TPM when a loaded transient object is made persistent Page 50 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures When a transient object is loaded, the TPM shall assign a handle with an MSO of TPM_HT_TRANSIENT. The object may be assigned a different handle each time it is loaded. The TPM shall ensure that handles assigned to transient objects are unique and assigned to only one transient object at a time. EXAMPLE If a TPM is only able to hold 4 transient objects in internal memory, it might choose to assign handles to those objects with the values 80 00 00 0016 – 80 00 00 0316. When a transient object is converted to a persistent object (TPM2_EvictControl()), the TPM shall validate that the handle provided by the caller has an MSO of TPM_HT_PERSISTENT and that the handle is not already assigned to a persistent object. A handle is assigned to a session when the session is started. The handle shall have an MSO equal to TPM_HT_SESSION and remain associated with that session until the session is closed or flushed. The TPM shall ensure that a session handle is only associated with one session at a time. When the session is loaded into the TPM using TPM2_LoadContext(), it will have the same handle each time it is loaded. EXAMPLE 7.3 If a TPM is only able to track 64 active sessions at a time, it could number those sessions using the values xx 00 01 0016 – xx 00 01 3F 16 where xx is either 02 16 or 03 16 depending on the session type. Persistent Handle Sub-ranges Persistent handles are assigned by the caller of TPM2_EvictControl(). ownerAuth or platformAuth is required to authorize allocation of space for a persistent object. These entities are given separate ranges of persistent handles so that they do not have to allocate from a common range of handles. NOTE While this “namespace” allocation of the handle ranges could have been handled by convention, TPM enforcement is used to prevent errors by the OS or malicious software from affecting the platform’s use of the NV memory. The Owner is allocated persistent handles in the range of 81 00 00 0016 to 81 7F FF FF16 inclusive and the TPM will return an error if ownerAuth is used to attempt to assign a persistent handle outside of this range. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 51 October 31, 2013 Part 2: Structures 7.4 Trusted Platform Module Library TPM_RH (Permanent Handles) Table 27 lists the architecturally defined handles that cannot be changed. The handles include authorization handles, and special handles. Table 27 — Definition of (UINT32) TPM_RH Constants <IN, S> Name Value Type TPM_RH_FIRST 0x40000000 R TPM_RH_SRK 0x40000000 R TPM_RH_OWNER 0x40000001 K, A, P TPM_RH_REVOKE 0x40000002 R not used 1 TPM_RH_TRANSPORT 0x40000003 R not used 1 TPM_RH_OPERATOR 0x40000004 R not used 1 TPM_RH_ADMIN 0x40000005 R not used 1 TPM_RH_EK 0x40000006 R not used 1 TPM_RH_NULL 0x40000007 K, A, P a handle associated with the null hierarchy, an EmptyAuth authValue, and an Empty Policy authPolicy. TPM_RH_UNASSIGNED 0x40000008 R value reserved to the TPM to indicate a handle location that has not been initialized or assigned TPM_RS_PW 0x40000009 S authorization value authorization session TPM_RH_LOCKOUT 0x4000000A A references the authorization associated with the dictionary attack lockout reset TPM_RH_ENDORSEMENT 0x4000000B K, A, P references the Endorsement Primary endorsementAuth, and endorsementPolicy TPM_RH_PLATFORM 0x4000000C K, A, P references the Platform Primary Seed (PPS), platformAuth, and platformPolicy TPM_RH_PLATFORM_NV 0x4000000D C for phEnableNV R the top of the reserved handle area This is set to allow TPM2_GetCapability() to know where to stop. It may vary as implementations add to the permanent handle area. TPM_RH_LAST 0x4000000D Comments not used 1 handle references the Storage Primary Seed (SPS), the ownerAuth, and the ownerPolicy used to indicate a password Seed (EPS), Type definitions: R – a reserved value K – a Primary Seed A – an authorization value P – a policy value S – a session handle C - a controlNote 1 The handle is only used in a TPM that is compatible with a previous version of this specification. It is not used in any command defined in this version of the specification. Page 52 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 7.5 Part 2: Structures TPM_HC (Handle Value Constants) The definitions in Table 28 are used to define many of the interface data types. However, the values of these constants, other than PCR_FIRST, are informative and may be changed by an implementation as long as the values stay within the prescribed ranges for the handle type. NOTE PCR0 is architecturally defined to have a handle value of 0. For the reference implementation, the handle range for sessions starts at the lowest allowed value for a session handle. The highest value for a session handle is determined by how many active sessions are allowed by the implementation. The MSO of the session handle will be set according to the session type. A similar approach is used for transient objects with the first assigned handle at the bottom of the range defined by TPM_HT_TRANSIENT and the top of the range determined by the implementation-dependent value of MAX_LOADED_OBJECTS. The first assigned handle for evict objects is also at the bottom of the allowed range defined by TPM_HT_PERSISTENT and the top of the range determined by the implementation-dependent value of MAX_EVICT_OBJECTS. NOTE The values in Table 28 are intended to facilitate the process of making the handle larger than 32 bits in the future. It is intended that HR_MASK and HR_SHIFT are the only values that need change to resize the handle space. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 53 October 31, 2013 Part 2: Structures Trusted Platform Module Library Table 28 — Definition of (TPM_HANDLE) TPM_HC Constants <IN, S> Name Value Comments HR_HANDLE_MASK 0x00FFFFFF to mask off the HR HR_RANGE_MASK 0xFF000000 to mask off the variable part HR_SHIFT 24 HR_PCR (TPM_HT_PCR << HR_SHIFT) HR_HMAC_SESSION (TPM_HT_HMAC_SESSION << HR_SHIFT) HR_POLICY_SESSION (TPM_HT_POLICY_SESSION << HR_SHIFT) HR_TRANSIENT (TPM_HT_TRANSIENT << HR_SHIFT) HR_PERSISTENT (TPM_HT_PERSISTENT << HR_SHIFT) HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT) HR_PERMANENT (TPM_HT_PERMANENT << HR_SHIFT) PCR_FIRST (HR_PCR + 0) first PCR PCR_LAST (PCR_FIRST + IMPLEMENTATION_PCR-1) last PCR HMAC_SESSION_FIRST (HR_HMAC_SESSION + 0) first HMAC session HMAC_SESSION_LAST (HMAC_SESSION_FIRST+MAX_ACTIVE_SESSIONS-1) last HMAC session LOADED_SESSION_FIRST HMAC_SESSION_FIRST used in GetCapability LOADED_SESSION_LAST HMAC_SESSION_LAST used in GetCapability POLICY_SESSION_FIRST (HR_POLICY_SESSION + 0) first policy session POLICY_SESSION_LAST (POLICY_SESSION_FIRST + MAX_ACTIVE_SESSIONS-1) last policy session TRANSIENT_FIRST (HR_TRANSIENT + 0) first transient object ACTIVE_SESSION_FIRST POLICY_SESSION_FIRST used in GetCapability ACTIVE_SESSION_LAST POLICY_SESSION_LAST used in GetCapability TRANSIENT_LAST (TRANSIENT_FIRST+MAX_LOADED_OBJECTS-1) last transient object PERSISTENT_FIRST (HR_PERSISTENT + 0) first persistent object PERSISTENT_LAST (PERSISTENT_FIRST + 0x00FFFFFF) last persistent object PLATFORM_PERSISTENT (PERSISTENT_FIRST + 0x00800000) first platform persistent object NV_INDEX_FIRST (HR_NV_INDEX + 0) first allowed NV Index NV_INDEX_LAST (NV_INDEX_FIRST + 0x00FFFFFF) last allowed NV Index PERMANENT_FIRST TPM_RH_FIRST PERMANENT_LAST TPM_RH_LAST Page 54 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Attribute Structures 8 8.1 Description Attributes are expressed as bit fields of varying size. An attribute field structure may be 1, 2, or 4 octets in length. The bit numbers for an attribute structure are assigned with the number 0 assigned to the least-significant bit of the structure and the highest number assigned to the most-significant bit of the structure. The least significant bit is determined by treating the attribute structure as an integer. The least-significant bit would be the bit that is set when the value of the integer is 1. When any reserved bit in an attribute is SET, the TPM shall return TPM_RC_RESERVED_BITS. This response code is not shown in the tables for attributes. 8.2 TPMA_ALGORITHM This structure defines the attributes of an algorithm. Each algorithm has a fundamental attribute: asymmetric, symmetric, or hash. In some cases (e.g., TPM_ALG_RSA or TPM_ALG_AES), this is the only attribute. A mode, method, or scheme may have an associated asymmetric, symmetric, or hash algorithm. Table 29 — Definition of (UINT32) TPMA_ALGORITHM Bits Bit Name Definition 0 asymmetric SET (1): an asymmetric algorithm with public and private portions CLEAR (0): not an asymmetric algorithm 1 symmetric SET (1): a symmetric block cipher CLEAR (0): not a symmetric block cipher 2 hash SET (1): a hash algorithm CLEAR (0): not a hash algorithm 3 object SET (1): an algorithm that may be used as an object type CLEAR (0): an algorithm that is not used as an object type 7:4 Reserved 8 signing SET (1): a signing algorithm. The setting of asymmetric, symmetric, and hash will indicate the type of signing algorithm. CLEAR (0): not a signing algorithm 9 encrypting SET (1): an encryption/decryption algorithm. The setting of asymmetric, symmetric, and hash will indicate the type of encryption/decryption algorithm. CLEAR (0): not an encryption/decryption algorithm 10 method SET (1): a method such as a key derivative function (KDF) CLEAR (0): not a method 31:11 Reserved 8.3 8.3.1 TPMA_OBJECT (Object Attributes) Introduction Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 55 October 31, 2013 Part 2: Structures Trusted Platform Module Library This attribute structure indicates an object’s use, its authorization types, and it relationship to other objects. The state of the attributes is determined when the object is created and they are never changed by the TPM. Additionally, the setting of these structures is reflected in the integrity value of the private area of an object in order to allow the TPM to detect modifications of the Protected Object when stored off the TPM. 8.3.2 Structure Definition Table 30 — Definition of (UINT32) TPMA_OBJECT Bits Bit Name Definition 0 Reserved shall be zero 1 fixedTPM SET (1): The hierarchy of the object, as indicated by its Qualified Name, may not change. CLEAR (0): The hierarchy of the object may change as a result of this object or an ancestor key being duplicated for use in another hierarchy. 2 stClear SET (1): Previously saved contexts of this object may not be loaded after Startup(CLEAR). CLEAR (0): Saved contexts of this object may be used after a Shutdown(STATE) and subsequent Startup(). 3 Reserved shall be zero 4 fixedParent SET (1): The parent of the object may not change. CLEAR (0): The parent of the object may change as the result of a TPM2_Duplicate() of the object. 5 sensitiveDataOrigin SET (1): Indicates that, when the object was created with TPM2_Create() or TPM2_CreatePrimary(), the TPM generated all of the sensitive data other than the authValue. CLEAR (0): A portion of the sensitive data, other than the authValue, was provided by the caller. 6 userWithAuth SET (1): Approval of USER role actions with this object may be with an HMAC session or with a password using the authValue of the object or a policy session. CLEAR (0): Approval of USER role actions with this object may only be done with a policy session. 7 adminWithPolicy SET (1): Approval of ADMIN role actions with this object may only be done with a policy session. CLEAR (0): Approval of ADMIN role actions with this object may be with an HMAC session or with a password using the authValue of the object or a policy session. 9:8 Reserved shall be zero 10 noDA SET (1): The object is not subject to dictionary attack protections. CLEAR (0): The object is subject to dictionary attack protections. 11 encryptedDuplication SET (1): If the object is duplicated, then symmetricAlg shall not be TPM_ALG_NULL and newParentHandle shall not be TPM_RH_NULL. CLEAR (0): The object may be duplicated without an inner wrapper on the private portion of the object and the new parent may be TPM_RH_NULL. 15:12 Reserved 16 restricted Page 56 October 31, 2013 shall be zero SET (1): Key usage is restricted to manipulate structures of known format; the parent of this key shall have restricted SET. CLEAR (0): Key usage is not restricted to use on special formats. Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Bit Name Definition 17 decrypt SET (1): The private portion of the key may be used to decrypt. CLEAR (0): The private portion of the key may not be used to decrypt. 18 sign SET (1): The private portion of the key may be used to sign. CLEAR (0): The private portion of the key may not be used to sign. 31:19 Reserved 8.3.3 8.3.3.1 shall be zero Attribute Descriptions Introduction The following remaining paragraphs in this clause describe the use and settings for each of the TPMA_OBJECT attributes. The description includes checks that are performed on the objectAttributes when an object is created, when it is loaded, and when it is imported. In these descriptions: Creation – indicates settings for TPM2_CreatePrimary() the template parameter in TPM2_Create() or Load – indicates settings for the inPublic parameter in TPM2_Load() Import – indicates settings for the objectPublic parameter in TPM2_Import() External – indicates settings that apply to the inPublic parameter in TPM2_LoadExternal() if both the public and sensitive portions of the object are loaded NOTE For TPM2_LoadExternal() when only the public portion of the object is loaded, the only attribute checks are the checks in the validation code following Table 30 and the reserved attributes check. For any consistency error of attributes in TPMA_OBJECT, the TPM shall return TPM_RC_ATTRIBUTES. 8.3.3.2 Bit[1] – fixedTPM When SET, the object cannot be duplicated for use on a different TPM, either directly or indirectly and the Qualified Name of the object cannot change. When CLEAR, the object’s Qualified Name may change if the object or an ancestor is duplicated. NOTE This attribute is the logical inverse of the migratable attribute in 1.2. That is, when this attribute is C LEAR, it is the equivalent to a 1.2 object with migratable SET. Creation – If fixedTPM is SET in the object's parent, then fixedTPM and fixedParent shall both be set to the same value in template. If fixedTPM is CLEAR in the parent, this attribute shall also be CLEAR in template. NOTE For a Primary Object, the parent is considered to have fixedTPM SET. Load – If fixedTPM is SET in the object's parent, then fixedTPM and fixedParent shall both be set to the same value. If fixedTPM is CLEAR in the parent, this attribute shall also be CLEAR. Import – shall be CLEAR External – shall be CLEAR if both the public and sensitive portions are loaded or if fixedParent is CLEAR, otherwise may be SET or CLEAR Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 57 October 31, 2013 Part 2: Structures 8.3.3.3 Trusted Platform Module Library Bit[2] – stClear If this attribute is SET, then saved contexts of this object will be invalidated on TPM2_Startup(TPM_SU_CLEAR). If the attribute is CLEAR, then the TPM shall not invalidate the saved context if the TPM received TPM2_Shutdown(TPM_SU_STATE). If the saved state is valid when checked at the next TPM2_Startup(), then the TPM shall continue to be able to use the saved contexts. Creation – may be SET or CLEAR in template Load – may be SET or CLEAR Import – may be SET or CLEAR External – may be SET or CLEAR 8.3.3.4 Bit[4] – fixedParent If this attribute is SET, the object’s parent may not be changed. That is, this object may not be the object of a TPM2_Duplicate(). If this attribute is CLEAR, then this object may be the object of a TPM2_Duplicate(). Creation – may be SET or CLEAR in template Load – may be SET or CLEAR Import – shall be CLEAR External – shall be CLEAR if both the public and sensitive portions are loaded; otherwise it may be SET or CLEAR 8.3.3.5 Bit[5] – sensitiveDataOrigin This attribute is SET for any key that was generated by TPM in TPM2_Create() or TPM2_CreatePrimary(). If CLEAR, it indicates that the sensitive part of the object (other than the obfuscation value) was provided by the caller. NOTE 1 If the fixedTPM attribute is SET, then this attribute is authoritative and accurately reflects the source of the sensitive area data. If the fixedTPM attribute is CLEAR, then validation of this attribute requires evaluation of the properties of the ancestor keys. Creation – If inSensitive.sensitive.data.size is zero, then this attribute shall be SET in the template; otherwise, it shall be CLEAR in the template. NOTE 2 The inSensitive.sensitive.data.size parameter is required to be zero for an asymmetric key so sensitiveDataOrigin is required to be SET. NOTE 3 The inSensitive.sensitive.data.size parameter may not be zero for a data object so sensitiveDataOrigin is required to be CLEAR. A data object has type = TPM_ALG_KEYEDHASH and its sign and decrypt attributes are CLEAR. Load – may be SET or CLEAR Import – may be SET or CLEAR External – may be SET or CLEAR Page 58 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 8.3.3.6 Part 2: Structures Bit[6] – userWithAuth If SET, authorization for operations that require USER role authorization may be given if the caller provides proof of knowledge of the authValue of the object with an HMAC authorization session or a password. If this attribute is CLEAR, then then HMAC or password authorizations may not be used for USER role authorizations. NOTE 1 Regardless of the setting of this attribute, authorizations for operations th at require USER role authorizations may be provided with a policy session that satisfies the object's authPolicy. NOTE 2 Regardless of the setting of this attribute, the authValue may be referenced in a policy session or used to provide the bind value in TPM2_StartAuthSession(). However, if userWithAuth is CLEAR, then the object may be used as the bind object in TPM2_StartAuthSession() but the session cannot be used to authorize actions on the object. If this were allowed, then the userWithAuth control could be circumvented simply by using the object as the bind object. Creation – may be SET or CLEAR in template Load – may be SET or CLEAR Import – may be SET or CLEAR External – may be SET or CLEAR 8.3.3.7 Bit[7] – adminWithPolicy If CLEAR, authorization for operations that require ADMIN role may be given if the caller provides proof of knowledge of the authValue of the object with an HMAC authorization session or a password. If this attribute is SET, then then HMAC or password authorizations may not be used for ADMIN role authorizations. NOTE 1 Regardless of the setting of this attribute, operations that require ADMIN role authorization may be provided by a policy session that satisfies the object's authPolicy. NOTE 2 This attribute is similar to userWithAuth but the logic is a bit different. When userWithAuth is CLEAR, the authValue may not be used for USER mode authorizations. When adminWithPolicy is CLEAR, it means that the authValue may be used for ADMIN role. Policy may always be used regardless of t he setting of userWithAuth or adminWithPolicy. Actions that always require policy (TPM2_Duplicate()) are not affected by the setting of this attribute. Creation – may be SET or CLEAR in template Load – may be SET or CLEAR Import – may be SET or CLEAR External – may be SET or CLEAR 8.3.3.8 Bit[10] – noDA If SET, then authorization failures for the object do not affect the dictionary attack protection logic and authorization of the object is not blocked if the TPM is in lockout. Creation – may be SET or CLEAR in template Load – may be SET or CLEAR Import – may be SET or CLEAR External – may be SET or CLEAR Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 59 October 31, 2013 Part 2: Structures 8.3.3.9 Trusted Platform Module Library Bit[11] – encryptedDuplication If SET, then when the object is duplicated, the sensitive portion of the object is required to be encrypted with an inner wrapper and the new parent shall be an asymmetric key and not TPM_RH_NULL NOTE 1 Enforcement of these requirements in TPM2_Duplicate() is by not allowing symmetricAlg to be TPM_ALG_NULL and newParentHandle may not be TPM_RH_NULL. This attribute shall not be SET in any object that has fixedTPM SET. NOTE 2 This requirement means that encryptedDuplication may not be SET if the object cannot be directly or indirectly duplicated. If an object's parent has fixedTPM SET, and the object is duplicable (fixedParent == CLEAR), then encryptedDuplication may be SET or CLEAR in the object. NOTE 3 This allows the object at the boundary between duplicable and non -duplicable objects to have either setting. If an object's parent has fixedTPM CLEAR, then the object is required to have the same setting of encryptedDuplication as its parent. NOTE 4 This requirement forces all encryptedDuplication setting. duplicable objects in a duplication group to have the same Creation – shall be CLEAR if fixedTPM is SET. If fixedTPM is CLEAR, then this attribute shall have the same value as its parent unless fixedTPM is SET in the object's parent, in which case, it may be SET or CLEAR. Load – shall be CLEAR if fixedTPM is SET. If fixedTPM is CLEAR, then this attribute shall have the same value as its parent, unless fixedTPM is SET the parent, in which case, it may be SET or CLEAR. Import – if fixedTPM is SET in the object's new parent, then this attribute may be SET or CLEAR, otherwise, it shall have the same setting as the new parent. External – may be SET or CLEAR. 8.3.3.10 Bit[16] – restricted This this attribute modifies the decrypt and sign attributes of an object. NOTE A key with this object CLEAR may not be a parent for another object. Creation – shall be CLEAR in template if neither sign nor decrypt is SET in template. Load – shall be CLEAR if neither sign nor decrypt is SET in the object Import – may be SET or CLEAR External – shall be CLEAR Page 60 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 8.3.3.11 Part 2: Structures Bit[17] – decrypt When SET, the private portion of this key can be used to decrypt an external blob. If restricted is SET, then the TPM will return an error if the external decrypted blob is not formatted as appropriate for the command. NOTE 1 Since TPM-generated keys and sealed data will contain a hash and a structure tag, the TPM can ensure that it is not being used to improperly decrypt and return sensitive data that should not be returned. The only type of data that may be returned after decryption is a Sealed Data Object (a keyedHash object with decrypt and sign CLEAR). When restricted is CLEAR, there are no restrictions on the use of the private portion of the key for decryption and the key may be used to decrypt and return any structure encrypted by the public portion of the key. NOTE 2 A key with this attribute SET may be a parent for another object if restricted is SET and sign is CLEAR. If decrypt is SET on an object with type set to TPM_ALG_KEYEDHASH, it indicates that the object is an XOR encryption key. Creation – may be SET or CLEAR in template Load – may be SET or CLEAR Import – may be SET or CLEAR External – may be SET or CLEAR 8.3.3.12 Bit[18] – sign When this attribute is SET, the private portion of this key may be used to sign a digest. If restricted is SET, then the key may only be used to sign a digest that was computed by the TPM. A restricted signing key may be used to sign a TPM-generated digest. If a structure is generated by the TPM, it will begin with TPM_GENERATED_VALUE and the TPM may sign the digest of that structure. If the data is externally supplied and has TPM_GENERATED_VALUE as its first octets, then the TPM will not sign a digest of that data with a restricted signing key. If restricted is CLEAR, then the key may be used to sign any digest, whether generated by the TPM or externally provided. NOTE 1 Some asymmetric algorithms may not support both sign and decrypt being SET in the same key. If sign is SET on an object with type set to TPM_ALG_KEYEDHASH, it indicates that the object is an HMAC key. NOTE 2 A key with this attribute SET may not be a parent for another object. Creation – shall not be SET if decrypt and restricted are both SET Load – shall not be SET if decrypt and restricted are both SET Import – shall not be SET if decrypt and restricted are both SET External – shall not be SET if decrypt and restricted are both SET Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 61 October 31, 2013 Part 2: Structures 8.4 Trusted Platform Module Library TPMA_SESSION (Session Attributes) This octet in each session is used to identify the session type, indicate its relationship to any handles in the command, and indicate its use in parameter encryption. Table 31 — Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> Bit Name Meaning 0 continueSession SET (1): In a command, this setting indicates that the session is to remain active after successful completion of the command. In a response, it indicates that the session is still active. If SET in the command, this attribute shall be SET in the response. CLEAR (0): In a command, this setting indicates that the TPM should close the session and flush any related context when the command completes successfully. In a response, it indicates that the session is closed and the context is no longer active. This attribute has no meaning for a password authorization and the TPM will allow any setting of the attribute in the command and SET the attribute in the response. This attribute will only be CLEAR in one response for a logical session. If the attribute is CLEAR, the context associated with the session is no longer in use and the space is available. A session created after another session is ended may have the same handle but logically is not the same session. This attribute has no effect if the command does not complete successfully. 1 auditExclusive SET (1): In a command, this setting indicates that the command should only be executed if the session is exclusive at the start of the command. In a response, it indicates that the session is exclusive. This setting is only allowed if the audit attribute is SET. CLEAR (0): If audit is CLEAR, then this field is reserved but the error is TPM_RC_ATTRIBUTES rather than TPM_RC_RESERVED_BITS. See "Exclusive Audit Session" clause in Part 1. 2 auditReset SET (1): In a command, this setting indicates that the audit digest of the session should be initialized and the exclusive status of the session SET. CLEAR (0): If audit is CLEAR, then this field is reserved but the error is TPM_RC_ATTRIBUTES rather than TPM_RC_RESERVED_BITS. This setting is always used for a response. 4:3 Reserved shall be CLEAR decrypt SET (1): In a command, this setting indicates that the first parameter in the command is symmetrically encrypted using the parameter encryption scheme described in Part 1. The TPM will decrypt the parameter after performing any HMAC computations and before unmarshaling the parameter. In a response, the attribute is copied from the request but has no effect on the response. CLEAR (0): Session not used for encryption. 5 For a password authorization, this attribute will be CLEAR in both the command and response. This attribute may only be SET in one session per command. This attribute may be SET in a session that is not associated with a command handle. Such a session is provided for purposes of encrypting a parameter and not for authorization. This attribute may be SET in combination with any other session attributes. This attribute may only be SET if the first parameter of the command is a sized buffer (TPM2B_). Page 62 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Bit Name Meaning 6 encrypt SET (1): In a command, this setting indicates that the TPM should use this session to encrypt the first parameter in the response. In a response, it indicates that the attribute was set in the command and that the TPM used the session to encrypt the first parameter in the response using the parameter encryption scheme described in Part 1 of this specification. CLEAR (0): Session not used for encryption. For a password authorization, this attribute will be CLEAR in both the command and response. This attribute may only be SET in one session per command. This attribute may be SET in a session that is not associated with a command handle. Such a session is provided for purposes of encrypting a parameter and not for authorization. This attribute may only be SET if the first parameter of a response is a sized buffer (TPM2B_). 7 SET (1): In a command or response, this setting indicates that the session is for audit and that auditExclusive and auditReset have meaning. This session may also be used for authorization, encryption, or decryption. The encrypted and encrypt fields may be SET or CLEAR. CLEAR (0): Session is not used for audit. audit This attribute may only be SET in one session per command or response. If SET in the command, then this attribute will be SET in the response. 8.5 TPMA_LOCALITY (Locality Attribute) In a TPMS_CREATION_DATA structure, this structure is used to indicate the locality of the command that created the object. No more than one of the locality attributes shall be set in the creation data. When used in TPM2_PolicyLocality(), this structure indicates which localities are approved by the policy. When a policy is started, all localities are allowed. If TPM2_PolicyLocality() is executed, it indicates that the command may only be executed at specific localities. More than one locality may be selected. EXAMPLE 1 TPM_LOC_TWO would indicate that only locality 2 is authorized. EXAMPLE 2 TPM_LOC_ONE + TPM_LOC_TWO would indicate that locality 1 or 2 is authorized. EXAMPLE 3 TPM_LOC_FOUR + TPM_LOC_THREE would indicate that localities 3 or 4 are authorized. EXAMPLE 4 A value of 21 16 would represent a locality of 33. NOTE Locality values of 5 through 31 are not selectable. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 63 October 31, 2013 Part 2: Structures Trusted Platform Module Library If Extended is non-zero, then an extended locality is indicated and the TPMA_LOCALITY contains an integer value. Table 32 — Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> Bit Name Definition 0 TPM_LOC_ZERO 1 TPM_LOC_ONE 2 TPM_LOC_TWO 3 TPM_LOC_THREE 4 TPM_LOC_FOUR 7:5 8.6 Extended If any of these bits is set, an extended locality is indicated TPMA_PERMANENT The attributes in this structure are persistent and are not changed as a result of _TPM_Init or any TPM2_Startup(). Some of the attributes in this structure may change as the result of specific Protected Capabilities. This structure may be read using TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES, property = TPM_PT_PERMANENT). Table 33 — Definition of (UINT32) TPMA_PERMANENT Bits <OUT> Bit Parameter Description 0 ownerAuthSet SET (1): TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). CLEAR (0): ownerAuth has not been changed since TPM2_Clear(). 1 endorsementAuthSet SET (1): TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). CLEAR (0): endorsementAuth has not been changed since TPM2_Clear(). 2 lockoutAuthSet SET (1): TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). CLEAR (0): lockoutAuth has not been changed since TPM2_Clear(). 7:3 8 Reserved disableClear SET (1): TPM2_Clear() is disabled. CLEAR (0): TPM2_Clear() is enabled. NOTE See “TPM2_ClearControl” in Part 3 of this specification for details on changing this attribute. 9 inLockout SET (1): The TPM is in lockout and commands that require authorization with other than platformAuth will not succeed. 10 tpmGeneratedEPS SET (1): The EPS was created by the TPM. CLEAR (0): The EPS was created outside of the TPM using a manufacturerspecific process. 31:11 Reserved Page 64 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 8.7 Part 2: Structures TPMA_STARTUP_CLEAR These attributes are set to their default state on reset on each TPM Reset or TPM Restart. The attributes are preserved on TPM Resume. On each TPM2_Startup(TPM_SU_CLEAR), the TPM will set these attributes to their indicated defaults. This structure may be read using TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES, property = TPM_PT_STARTUP_CLEAR). Some of attributes may be changed as the result of specific Protected Capabilities. Table 34 — Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT> Bit 0 Parameter Description phEnable SET (1): (default) The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. CLEAR (0): platformAuth and platformPolicy may not be used for authorizations, and objects in the platform hierarchy, including NV Indexes and persistent objects, cannot be used. NOTE 1 shEnable SET (1): (default) The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. CLEAR (0): ownerAuth and ownerPolicy may not be used for authorizations, and objects in the Storage hierarchy, including NV Indexes and persistent objects, cannot be used. NOTE 2 ehEnable phEnableNV See “TPM2_HierarchyControl” in Part 3 of this specification for details on changing this attribute. SET (1): (default) The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. CLEAR (0): endorsementAuth and endorsementPolicy may not be used for authorizations, and objects in the endorsement hierarchy, including persistent objects, cannot be used. NOTE 3 See “TPM2_HierarchyControl” in Part 3 of this specification for details on changing this attribute. See “TPM2_HierarchyControl” in Part 3 of this specification for details on changing this attribute. SET (1): (default) NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. The platform can create define and undefine indices. CLEAR (0): NV indices that have TPMA_PLATFORM_CREATE SET may not be read or written (TPM_RC_HANDLE). The platform cannot define (TPM_RC_HIERARCHY) or undefined (TPM_RC_HANDLE) indices. NOTE See “TPM2_HierarchyControl” in Part 3 of this specification for details on changing this attribute. NOTE read refers to these commands: TPM2_NV_Read, TPM2_NV_ReadPublic, TPM_NV_Certify, TPM2_PolicyNV write refers to thse commands: TPM2_NV_Write, TPM2_NV_Increment, TPM2_NV_Extend, TPM2_NV_SetBits NOTE The TPM must query the index TPMA_PLATFORM_CREATE attribute to determine whether phEnableNV is applicable. Since the TPM will return TPM_RC_HANDLE if the index does not exist, it also returns this error code if the index is disabled. Otherwise, the TPM would leak the existence of an index even when disabled. 30:4 Reserved Family “2.0” Level 00 Revision 00.99 shall be zero Published Copyright © TCG 2006-2013 Page 65 October 31, 2013 Part 2: Structures Trusted Platform Module Library Bit Parameter Description 31 orderly SET (1): The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). CLEAR (0): TPM2_Startup(TPM_SU_CLEAR) was not preceded by a TPM2_Shutdown() of any type. NOTE 8.8 A shutdown is orderly if the TPM receives a TPM2_Shutdown() of any type followed by a TPM2_Startup() of any type. However, the TPM will return an error if TPM2_Startup(TPM_SU_STATE) was not preceded by TPM2_State_Save(TPM_SU_STATE). TPMA_MEMORY This structure of this attribute is used to report the memory management method used by the TPM for transient objects and authorization sessions. This structure may be read using TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES, property = TPM_PT_MEMORY). If the RAM memory is shared, then context save of a session may make it possible to load an additional transient object. Table 35 — Definition of (UINT32) TPMA_MEMORY Bits <Out> Bit Name Definition 0 sharedRAM SET (1): indicates that the RAM memory used for authorization session contexts is shared with the memory used for transient objects CLEAR (0): indicates that the memory used for authorization sessions is not shared with memory used for transient objects 1 sharedNV SET (1): indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values CLEAR (0): indicates that the persistent objects and NV Index values are allocated from separate sections of NV 2 objectCopiedToRam SET (1): indicates that the TPM copies persistent objects to a transient-object slot in RAM when the persistent object is referenced in a command. The TRM is required to make sure that an object slot is available. CLEAR (0): indicates that the TPM does not use transient-object slots when persistent objects are referenced 31:3 Reserved shall be zero Page 66 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 8.9 Part 2: Structures TPMA_CC (Command Code Attributes) 8.9.1 Introduction This structure defines the attributes of a command from a context management perspective. The fields of the structure indicate to the TPM Resource Manager (TRM) the number of resources required by a command and how the command affects the TPM’s resources. This structure is only used in a list returned by the TPM in response to TPM2_GetCapability(capability = TPM_CAP_COMMANDS). For a command to the TPM, only the commandIndex field and V attribute are allowed to be non-zero. 8.9.2 Structure Definition Table 36 — Definition of (TPM_CC) TPMA_CC Bits <OUT> Bit 15:0 Name Definition commandIndex indicates the command being selected 21:16 Reserved shall be zero 22 nv SET (1): indicates that the command may write to NV CLEAR (0): indicates that the command does not write to NV 23 extensive SET (1): This command could flush any number of loaded contexts. CLEAR (0): no additional changes other than indicated by the flushed attribute 24 flushed SET (1): The context associated with any transient handle in the command will be flushed when this command completes. CLEAR (0): No context is flushed as a side effect of this command. 27:25 cHandles indicates the number of the handles in the handle area for this command 28 rHandle SET (1): indicates the presence of the handle area in the input 29 V SET (1): indicates that the command is vendor-specific CLEAR (0): indicates that the command is defined in a version of this specification 31:30 Res 8.9.3 8.9.3.1 allocated for software; shall be zero Field Descriptions Bits[15:0] – commandIndex This is the command index of the command in the set of commands. The two sets are defined by the V attribute. If V is zero, then the commandIndex shall be in the set of commands defined in a version of this specification. If V is one, then the meaning of commandIndex is as determined by the TPM vendor. 8.9.3.2 Bit[22] – nv If this attribute is SET, then the TPM may perform an NV write as part of the command actions. This write is independent of any write that may occur as a result of dictionary attack protection. If this attribute is CLEAR, then the TPM shall not perform an NV write as part of the command actions. 8.9.3.3 Bit[23] – extensive Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 67 October 31, 2013 Part 2: Structures Trusted Platform Module Library If this attribute is SET, then the TPM may flush many transient objects as a side effect of this command. In Part 3, a command that has this attribute is indicated by using a “{E}” decoration in the “Description” column of the commandCode parameter. EXAMPLE See “TPM2_Clear” in Part 3. NOTE The “{E}” decoration may be combined with other decorations such as “{NV}” in which case the decoration would be “{NV E}.” 8.9.3.4 Bit[24] – flushed If this attribute is SET, then the TPM will flush transient objects as a side effect of this command. Any transient objects listed in the handle area of the command will be flushed from TPM memory. Handles associated with persistent objects, sessions, PCR, or other fixed TPM resources are not flushed. NOTE The TRM is expected to use this value to determine how many objects are loaded into transient TPM memory. NOTE The “{F}” decoration may be combined with other decorations such as “{NV}” in which case the decoration would be “{NV F}.” If this attribute is SET for a command, and the handle of the command is associated with a hierarchy (TPM_RH_PLATFORM, TPM_RH_OWNER, or TPM_RH_ENDORSEMENT), all loaded objects in the indicated hierarchy are flushed. The TRM is expected to know the behaviour of TPM2_ContextSave(), and sessions are flushed when context saved, but objects are not. The flushed attribute for that command shall be CLEAR. In Part 3, a command that has this attribute is indicated by using a “{F}” decoration in the “Description” column of the commandCode parameter. EXAMPLE 8.9.3.5 See “TPM2_SequenceComplete” in Part 3.” Bits[27:25] – cHandles This field indicates the number of handles in the handle area of the command. This number allows the TRM to enumerate the handles in the handle area and find the position of the authorizations (if any). 8.9.3.6 Bit[28] – rHandle If this attribute is SET, then the response to this command has a handle area. This area will contain no more than one handle. This field is necessary to allow the TRM to locate the parameterSize field in the response, which is then used to locate the authorizations. NOTE The TRM is expected to “virtualize” the handle value for any returned handle. Page 68 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures A TPM command is only allowed to have one handle in the session area. 8.9.3.7 Bit[29] – V When this attribute is SET, it indicates that the command operation is defined by the TPM vendor. When CLEAR, it indicates that the command is defined by a version of this specification. 8.9.3.8 Bits[31:30] – Res This field is reserved for system software. This field is required to be zero for a command to the TPM. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 69 October 31, 2013 Part 2: Structures 9 Trusted Platform Module Library Interface Types 9.1 Introduction This clause contains definitions for interface types. An interface type is type checked when it is unmarshaled. These types are based on an underlying type that is indicated in the table title by the value in parentheses. When an interface type is used, the base type is unmarshaled and then checked to see if it has one of the allowed values. 9.2 TPMI_YES_NO This interface type is used in place of a Boolean type in order to eliminate ambiguity in the handling of a octet that conveys a single bit of information. This type only has two allowed values, YES (1) and NO (0). NOTE This list is not used as input to the TPM. Table 37 — Definition of (BYTE) TPMI_YES_NO Type Value Description NO a value of 0 YES a value of 1 #TPM_RC_VALUE 9.3 TPMI_DH_OBJECT The TPMI_DH_OBJECT interface type is a handle that references a loaded object. The handles in this set are used to refer to either transient or persistent object. The range of these values would change according to the TPM implementation. NOTE These interface types should not be used by system software to qualify the keys produced by the TPM. The value returned by the TPM shall be used to reference the object. Table 38 — Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type Values Comments {TRANSIENT_FIRST:TRANSIENT_LAST} allowed range for transient objects {PERSISTENT_FIRST:PERSISTENT_LAST} allowed range for persistent objects +TPM_RH_NULL the conditional value #TPM_RC_VALUE Page 70 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 9.4 Part 2: Structures TPMI_DH_PERSISTENT The TPMI_DH_PERSISTENT interface type is a handle that references a location for a transient object. This type is used in TPM2_EvictControl() to indicate the handle to be assigned to the persistent object. Table 39 — Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type Values Comments {PERSISTENT_FIRST:PERSISTENT_LAST} allowed range for persistent objects #TPM_RC_VALUE 9.5 TPMI_DH_ENTITY The TPMI_DH_ENTITY interface type is TPM-defined values that are used to indicate that the handle refers to an authValue. The range of these values would change according to the TPM implementation. Table 40 — Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> Values Comments TPM_RH_OWNER TPM_RH_ENDORSEMENT TPM_RH_PLATFORM TPM_RH_LOCKOUT {TRANSIENT_FIRST : TRANSIENT_LAST} range of object handles {PERSISTENT_FIRST : PERSISTENT_LAST} {NV_INDEX_FIRST : NV_INDEX_LAST} {PCR_FIRST : PCR_LAST} +TPM_RH_NULL conditional value #TPM_RC_VALUE Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 71 October 31, 2013 Part 2: Structures 9.6 Trusted Platform Module Library TPMI_DH_PCR This interface type consists of the handles that may be used as PCR references. The upper end of this range of values would change according to the TPM implementation. NOTE 1 Typically, the 0 th PCR will have a handle value of zero. NOTE 2 The handle range for PCR is defined to be the same as the handle range for PCR in previous versions of TPM specifications. Table 41 — Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> Values Comments {PCR_FIRST:PCR_LAST} +TPM_RH_NULL conditional value #TPM_RC_VALUE 9.7 TPMI_SH_AUTH_SESSION The TPMI_SH_AUTH_SESSION interface type is TPM-defined values that are used to indicate that the handle refers to an authorization session. Table 42 — Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> Values Comments {HMAC_SESSION_FIRST : HMAC_SESSION_LAST} range of HMAC authorization session handles {POLICY_SESSION_FIRST: POLICY_SESSION_LAST} range of policy authorization session handles +TPM_RS_PW a password authorization #TPM_RC_VALUE error returned if the handle is out of range 9.8 TPMI_SH_HMAC This interface type is used for an authorization handle when the authorization session uses an HMAC. Table 43 — Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> Values Comments {HMAC_SESSION_FIRST: HMAC_SESSION_LAST} range of HMAC authorization session handles #TPM_RC_VALUE error returned if the handle is out of range 9.9 TPMI_SH_POLICY This interface type is used for a policy handle when it appears in a policy command. Table 44 — Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> Values Comments {POLICY_SESSION_FIRST: POLICY_SESSION_LAST} range of policy authorization session handles #TPM_RC_VALUE error returned if the handle is out of range Page 72 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 9.10 TPMI_DH_CONTEXT This type defines the handle values that may be used in TPM2_ContextSave() or TPM2_Flush(). Table 45 — Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type Values Comments {HMAC_SESSION_FIRST : HMAC_SESSION_LAST} {POLICY_SESSION_FIRST:POLICY_SESSION_LAST} {TRANSIENT_FIRST:TRANSIENT_LAST} #TPM_RC_VALUE 9.11 TPMI_RH_HIERARCHY The TPMI_RH_HIERARCHY interface type is used as the type of a handle in a command when the handle is required to be one of the hierarchy selectors. Table 46 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type Values Comments TPM_RH_OWNER Storage hierarchy TPM_RH_PLATFORM Platform hierarchy TPM_RH_ENDORSEMENT Endorsement hierarchy +TPM_RH_NULL no hierarchy #TPM_RC_VALUE response code returned when the unmarshaling of this type fails 9.12 TPMI_RH_ENABLES The TPMI_RH_ENABLES interface type is used as the type of a handle in a command when the handle is required to be one of the hierarchy or NV enables. Table 47 — Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type Values Comments TPM_RH_OWNER Storage hierarchy TPM_RH_PLATFORM Platform hierarchy TPM_RH_ENDORSEMENT Endorsement hierarchy TPM_RH_PLATFORM_NV Platform NV +TPM_RH_NULL no hierarchy #TPM_RC_VALUE response code returned when the unmarshaling of this type fails Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 73 October 31, 2013 Part 2: Structures Trusted Platform Module Library 9.13 TPMI_RH_HIERARCHY_AUTH This interface type is used as the type of a handle in a command when the handle is required to be one of the hierarchy selectors or the Lockout Authorization. Table 48 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> Values Comments TPM_RH_OWNER Storage hierarchy TPM_RH_PLATFORM Platform hierarchy TPM_RH_ENDORSEMENT Endorsement hierarchy TPM_RH_LOCKOUT Lockout Authorization #TPM_RC_VALUE response code returned when the unmarshaling of this type fails 9.14 TPMI_RH_PLATFORM The TPMI_RH_PLATFORM interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_PLATFORM indicating that platformAuth is required. Table 49 — Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> Values Comments TPM_RH_PLATFORM Platform hierarchy #TPM_RC_VALUE response code returned when the unmarshaling of this type fails 9.15 TPMI_RH_OWNER This interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_OWNER indicating that ownerAuth is required. Table 50 — Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN> Values Comments TPM_RH_OWNER Owner hierarchy +TPM_RH_NULL may allow the null handle #TPM_RC_VALUE response code returned when the unmarshaling of this type fails Page 74 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 9.16 TPMI_RH_ENDORSEMENT This interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_ENDORSEMENT indicating that endorsementAuth is required. Table 51 — Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> Values Comments TPM_RH_ENDORSEMENT Endorsement hierarchy +TPM_RH_NULL may allow the null handle #TPM_RC_VALUE response code returned when the unmarshaling of this type fails 9.17 TPMI_RH_PROVISION The TPMI_RH_PROVISION interface type is used as the type of the handle in a command when the only allowed handles are either TPM_RH_OWNER or TPM_RH_PLATFORM indicating that either platformAuth or ownerAuth are allowed. In most cases, either platformAuth or ownerAuth may be used to authorize the commands used for management of the resources of the TPM and this interface type will be used. Table 52 — Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> Value Comments TPM_RH_OWNER handle for ownerAuth TPM_RH_PLATFORM handle for platformAuth #TPM_RC_VALUE response code returned when the unmarshaling of this type fails 9.18 TPMI_RH_CLEAR The TPMI_RH_CLEAR interface type is used as the type of the handle in a command when the only allowed handles are either TPM_RH_LOCKOUT or TPM_RH_PLATFORM indicating that either platformAuth or lockoutAuth are allowed. This interface type is normally used for performing or controlling TPM2_Clear(). Table 53 — Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> Value Comments TPM_RH_LOCKOUT handle for lockoutAuth TPM_RH_PLATFORM handle for platformAuth #TPM_RC_VALUE response code returned when the unmarshaling of this type fails Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 75 October 31, 2013 Part 2: Structures Trusted Platform Module Library 9.19 TPMI_RH_NV_AUTH This interface type is used to identify the source of the authorization for access to an NV location. The handle value of a TPMI_RH_NV_AUTH shall indicate that the authorization value is either platformAuth, ownerAuth, or the authValue. This type is used in the commands that access an NV Index (commands of the form TPM2_NV_xxx) other than TPM2_NV_DefineSpace() and TPM2_NV_UndefineSpace(). Table 54 — Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> Value Comments TPM_RH_PLATFORM platformAuth is allowed TPM_RH_OWNER ownerAuth is allowed {NV_INDEX_FIRST:NV_INDEX_LAST} range for NV locations #TPM_RC_VALUE response code returned when unmarshaling of this type fails 9.20 TPMI_RH_LOCKOUT The TPMI_RH_LOCKOUT interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_LOCKOUT indicating that lockoutAuth is required. Table 55 — Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> Value Comments TPM_RH_LOCKOUT #TPM_RC_VALUE response code returned when the unmarshaling of this type fails 9.21 TPMI_RH_NV_INDEX This interface type is used to identify an NV location. This type is used in the NV commands. Table 56 — Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> Value Comments {NV_INDEX_FIRST:NV_INDEX_LAST} Range of NV Indexes #TPM_RC_VALUE error returned if the handle is out of range Page 76 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 9.22 TPMI_ALG_HASH A TPMI_ALG_HASH is an interface type of all the hash algorithms implemented on a specific TPM. Table 57 is a list of the hash algorithms that have an algorithm ID assigned by the TCG and does not indicate the algorithms that will be accepted by a TPM. NOTE An implementation would modify this table according to the implemented algorithms, changing the values that are accepted as hash algorithms. Table 57 — Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type Values Comments TPM_ALG_SHA1 example TPM_ALG_SHA256 example TPM_ALG_SM3_256 example TPM_ALG_SHA384 example TPM_ALG_SHA512 example +TPM_ALG_NULL #TPM_RC_HASH 9.23 TPMI_ALG_ASYM (Asymmetric Algorithms) A TPMI_ALG_ASYM is an interface type of all the asymmetric algorithms implemented on a specific TPM. Table 58 lists each of the asymmetric algorithms that have an algorithm ID assigned by the TCG. Table 58 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type Values Comments TPM_ALG_RSA TPM_ALG_ECC +TPM_ALG_NULL #TPM_RC_ASYMMETRIC Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 77 October 31, 2013 Part 2: Structures Trusted Platform Module Library 9.24 TPMI_ALG_SYM (Symmetric Algorithms) A TPMI_ALG_SYM is an interface type of all the symmetric algorithms that have an algorithm ID assigned by the TCG and are implemented on the TPM. The list in the table below is illustrative and will change according to the implementation. The validation code will only accept the subset of algorithms implemented on a TPM. NOTE The validation code produced by an example script will produce a CASE statement with a case for each of the values in the “Values” column. The case for a value is delimited by a #ifdef/#endif pair so that if the algorithm is not implemented on the TPM, then the case for the algorithm is not generated, and use of the algorithm will cause a TPM error (TPM_RC_SYMMETRIC). Table 59 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type Values Comments TPM_ALG_AES example TPM_ALG_SM4 example TPM_ALG_XOR example +TPM_ALG_NULL required to be present in all versions of this table #TPM_RC_SYMMETRIC 9.25 TPMI_ALG_SYM_OBJECT A TPMI_ALG_SYM_OBJECT is an interface type of all the TCG-defined symmetric algorithms that may be used as companion symmetric encryption algorithm for an asymmetric object. All algorithms in this list shall be block ciphers usable in Cipher Feedback (CFB). Table 60 is illustrative. It would be modified to indicate the algorithms of the TPM. NOTE TPM_ALG_XOR is not allowed in this list. Table 60 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type Values Comments TPM_ALG_AES example TPM_ALG_SM4 example +TPM_ALG_NULL required to be present in all versions of this table #TPM_RC_SYMMETRIC Page 78 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 9.26 TPMI_ALG_SYM_MODE A TPMI_ALG_SYM_MODE is an interface type of all the TCG-defined block-cipher modes of operation. This version of the table is not expected to be the table checked by the validation code. Rather, the table would be replaced by one containing the algorithms implemented on the TPM and that the values in that table would be checked by the input validation code. Table 61 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type Values Comments TPM_ALG_CTR IV will be determined by use. If the outside provides the nonce and initial counter, then the caller can know what IV to provide for chaining. TPM_ALG_OFB XOR last cipher text block with last plaintext to create IV for next block TPM_ALG_CBC IV will be determined by use. indefinite chaining using previous output block as IV for next block TPM_ALG_CFB shall be implemented in all TPM compliant with this specification IV will be determined by use. indefinite chaining using previous cipher text as IV TPM_ALG_ECB no IV or chaining value required +TPM_ALG_NULL #TPM_RC_MODE 9.27 TPMI_ALG_KDF (Key and Mask Generation Functions) A TPMI_ALG_KDF is an interface type of all the key derivation functions implemented on a specific TPM. Table 62 is exemplary and would change based on the algorithms implemented in a TPM. Table 62 — Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type Values Comments TPM_ALG_MGF1 TPM_ALG_KDF1_SP800_108 TPM_ALG_KDF1_SP800_56a TPM_ALG_KDF2 +TPM_ALG_NULL #TPM_RC_KDF Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 79 October 31, 2013 Part 2: Structures Trusted Platform Module Library 9.28 TPMI_ALG_SIG_SCHEME This is the definition of the interface type for a signature scheme. This table would change according to the algorithms implemented on the TPM. Table 63 — Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type Values Comments TPM_ALG_RSASSA requires that RSA be implemented TPM_ALG_RSAPSS requires that RSA be implemented TPM_ALG_ECDSA requires that ECC be implemented TPM_ALG_ECDAA requires that ECC and ECDAA be implemented TPM_ALG_ECSCHNORR TPM_ALG_SM2 requires that ECC be implemented TPM_ALG_HMAC present on all TPM +TPM_ALG_NULL #TPM_RC_SCHEME response code when a signature scheme is not correct 9.29 TPMI_ECC_KEY_EXCHANGE This is the definition of the interface type for an ECC key exchange scheme. This table would change according to the algorithms implemented on the TPM. Table 64 — Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type Values Comments TPM_ALG_ECDH used for single and two phase key exchange TPM_ALG_ECMQV TPM_ALG_SM2 requires that ECC be implemented +TPM_ALG_NULL #TPM_RC_SCHEME response code when a key exchange scheme is not correct 9.30 TPMI_ST_COMMAND_TAG This interface type is used for the command tags. The response code for a bad command tag has the same value as the TPM 1.2 response code (TPM_BAD_TAG). This value is used in case the software is not compatible with this specification and an unexpected response code might have unexpected side effects. Table 65 — Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type Values Comments TPM_ST_NO_SESSIONS TPM_ST_SESSIONS #TPM_RC_BAD_TAG Page 80 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10 Structure Definitions 10.1 TPMS_ALGORITHM_DESCRIPTION This structure is a return value for a TPM2_GetCapability() that reads the installed algorithms. Table 66 — Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> Parameter Type Description alg TPM_ALG_ID an algorithm attributes TPMA_ALGORITHM the attributes of the algorithm 10.2 Hash/Digest Structures 10.2.1 TPMU_HA (Hash) A TPMU_HA is a union of all the hash algorithms implemented on a TPM. Table 67 is exemplary and would change based on the algorithms implemented in a TPM. NOTE If processed by an automated tool, each entry of the table should be qualified (with #ifdef/#endif) so that if the hash algorithm is not implemented on the TPM, the parameter associated with that hash is not present. This will keep the union from being larger than the largest digest of a hash implemented on that TPM. Table 67 — Definition of TPMU_HA Union <IN/OUT, S> Parameter Type Selector sha1 [SHA1_DIGEST_SIZE] BYTE TPM_ALG_SHA1 sha256 [SHA256_DIGEST_SIZE] BYTE TPM_ALG_SHA256 sm3_256 [SM3_256_DIGEST_SIZE] BYTE TPM_ALG_SM3_256 sha384 [SHA384_DIGEST_SIZE] BYTE TPM_ALG_SHA384 sha512 [SHA512_DIGEST_SIZE] BYTE TPM_ALG_SHA512 null Family “2.0” Level 00 Revision 00.99 Description TPM_ALG_NULL Published Copyright © TCG 2006-2013 Page 81 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.2.2 TPMT_HA Table 68 shows the basic hash-agile structure used in this specification. To handle hash agility, this structure uses the hashAlg parameter to indicate the algorithm used to compute the digest and, by implication, the size of the digest. When transmitted, only the number of octets indicated by hashAlg is sent. NOTE In the exemplary code, when a TPMT_HA is allocated, the digest field is large enough to support the largest hash algorithm in the TPMU_HA union. Table 68 — Definition of TPMT_HA Structure <IN/OUT> Parameter Type Description hashAlg +TPMI_ALG_HASH selector of the hash contained in the digest that implies the size of the digest NOTE [hashAlg] digest TPMU_HA The leading “+” on the type indicates that this structure should pass an indication to the unmarshaling function for TPMI_ALG_HASH so that TPM_ALG_NULL will be allowed if a use of a TPMT_HA allows TPM_ALG_NULL. the digest data 10.3 Sized Buffers 10.3.1 Introduction The “TPM2B_” prefix is used for a structure that has a size field followed by a data buffer with the indicated number of octets. The size field is 16 bits. When the type of the second parameter in a TPM2B_ structure is BYTE, the TPM shall unmarshal the indicated number of octets, which may be zero. When the type of the second parameter in the TPM2B_ structure is not BYTE, the value of the size field shall either be zero indicating that no structure is to be unmarshaled; or it shall be identical to the number of octets unmarshaled for the second parameter. NOTE 1 If the TPM2B_ defines a structure and not an array of octets, then the structure is self-describing and the TPM will be able to determine how many octets are in the structure when it is unmarshaled. If that number of octets is not equal to the size parameter, then it is an error. NOTE 2 The reason that a structure may be put into a TPM2B_ is that the parts of the structure may be handled as separate opaque blocks by the application/system software. Rather than require that all of the structures in a command or response be marshaled or unmarshaled sequentially, the size field allows the structure to be manipulated as an opaque block. Placing a structure in a TPM2B_ also makes it possible to use parameter encryption on the structure. If a TPM2B_ is encrypted, the TPM will encrypt/decrypt the data field of the TPM2B_ but not the size parameter. The TPM will encrypt/decrypt the number of octets indicated by the size field. NOTE 3 In the reference implementation, a TPM2B type is defined that is a 16-bit size field followed by a single byte of data. The TPM2B_ is then defined as a union that contains a TPM2B (union member ‘b’) and the structure in the definition table (union member ‘t’). This union is used for internally generated structures so that there is a way to define a structure of the correct size (forced by the ‘t’ member) while giving a way to pass the structure generically as a ‘b’. Most function calls use the 't' member so that the compiler will generate a warning if there is a type error (a TPM2B_ of the wrong type). Having the type checked helps avoid many issues with buffer overflow caused by a too small buffer being passed to a function. Page 82 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.3.2 TPM2B_DIGEST This structure is used for a sized buffer that cannot be larger than the largest digest produced by any hash algorithm implemented on the TPM. As with all sized buffers, the size is checked to see if it is within the prescribed range. If not, the response code is TPM_RC_SIZE. NOTE For any structure, like the one below, that contains an implied size check, it is implied that TPM_RC_SIZE is a possible response code and the response code will not be listed in the table. Table 69 — Definition of TPM2B_DIGEST Structure Parameter Type Description size UINT16 size in octets of the buffer field; may be 0 buffer[size]{:sizeof(TPMU_HA)} BYTE the buffer area that can be no larger than a digest 10.3.3 TPM2B_DATA This structure is used for a data buffer that is required to be no larger than the size of the Name of an object. This size limit includes the algorithm ID of the hash and the hash data. Table 70 — Definition of TPM2B_DATA Structure Parameter Type Description size UINT16 size in octets of the buffer field; may be 0 buffer[size]{:sizeof(TPMT_HA)} BYTE the buffer area that contains the algorithm ID and the digest 10.3.4 TPM2B_NONCE Table 71 — Definition of Types for TPM2B_NONCE Type Name Description TPM2B_DIGEST TPM2B_NONCE size limited to the same as the digest structure 10.3.5 TPM2B_AUTH This structure is used for an authorization value and limits an authValue to being no larger than the largest digest produced by a TPM. In order to ensure consistency within an object, the authValue may be no larger than the size of the digest produced by the object’s nameAlg. This ensures that any TPM that can load the object will be able to handle the authValue of the object. Table 72 — Definition of Types for TPM2B_AUTH Type Name Description TPM2B_DIGEST TPM2B_AUTH size limited to the same as the digest structure Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 83 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.3.6 TPM2B_OPERAND This type is a sized buffer that can hold an operand for a comparison with an NV Index location. The maximum size of the operand is implementation dependent but a TPM is required to support an operand size that is at least as big as the digest produced by any of the hash algorithms implemented on the TPM. Table 73 — Definition of Types for TPM2B_OPERAND Type Name Description TPM2B_DIGEST TPM2B_OPERAND size limited to the same as the digest structure 10.3.7 TPM2B_EVENT This type is a sized buffer that can hold event data. Table 74 — Definition of TPM2B_EVENT Structure Parameter Type Description size UINT16 size of the operand buffer buffer [size] {:1024} BYTE the operand 10.3.8 TPM2B_MAX_BUFFER This type is a sized buffer that can hold a maximally sized buffer for commands that use a large data buffer such as TPM2_PCR_Event(), TPM2_Hash(), TPM2_SequenceUpdate(), or TPM2_FieldUpgradeData(). NOTE The above list is not comprehensive and other commands may use this buffer type. Table 75 — Definition of TPM2B_MAX_BUFFER Structure Parameter Type Description size UINT16 size of the buffer buffer [size] {:MAX_DIGEST_BUFFER} BYTE the operand NOTE MAX_DIGEST_BUFFER is TPMdependent but is required to be at least 1,024. 10.3.9 TPM2B_MAX_NV_BUFFER This type is a sized buffer that can hold a maximally sized buffer for NV data commands such as TPM2_NV_Read(), TPM2_NV_Write(), and TPM2_NV_Certify(). Table 76 — Definition of TPM2B_MAX_NV_BUFFER Structure Parameter Type Description size UINT16 size of the buffer buffer [size] {:MAX_NV_BUFFER_SIZE} BYTE the operand NOTE MAX_NV_BUFFER_SIZE dependent Page 84 October 31, 2013 Published Copyright © TCG 2006-2013 is TPM- Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.3.10 TPM2B_TIMEOUT This TPM-dependent structure is used to provide the timeout value for an authorization. Table 77 — Definition of TPM2B_TIMEOUT Structure <IN/OUT> Parameter Type Description size UINT16 size of the timeout value This value is fixed for a TPM implementation. buffer [size] {:sizeof(UINT64)} BYTE the timeout value 10.3.11 TPM2B_IV This structure is used for passing an initial value for a symmetric block cipher to or from the TPM. The size is set to be the largest block size of any implemented symmetric cipher implemented on the TPM. Table 78 — Definition of TPM2B_IV Structure <IN/OUT> Parameter Type Description size UINT16 size of the timeout value This value is fixed for a TPM implementation. buffer [size] {:MAX_SYM_BLOCK_SIZE} BYTE the timeout value 10.4 Names 10.4.1 Introduction The Name of an entity is used in place of the handle in authorization computations. The substitution occurs in cpHash and policyHash computations. For an entity that is defined by a public area (objects and NV Indexes), the Name is the hash of the public structure that defines the entity. The hash is done using the nameAlg of the entity. NOTE For an object, a TPMT_PUBLIC defines the entity. For an NV Index, a TPMS_NV_PUBLIC defines the entity. For entities not defined by a public area, the Name is the handle that is used to refer to the entity. 10.4.2 TPMU_NAME Table 79 — Definition of TPMU_NAME Union <> Parameter Type digest TPMT_HA when the Name is a digest handle TPM_HANDLE when the Name is a handle Family “2.0” Level 00 Revision 00.99 Selector Description Published Copyright © TCG 2006-2013 Page 85 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.4.3 TPM2B_NAME This buffer holds a Name for any entity type. The type of Name in the structure is determined by context and the size parameter. If size is four, then the Name is a handle. If size is zero, then no Name is present. Otherwise, the size shall be the size of a TPM_ALG_ID plus the size of the digest produced by the indicated hash algorithm. Table 80 — Definition of TPM2B_NAME Structure Parameter Type Description size UINT16 size of the Name structure name[size]{:sizeof(TPMU_NAME)} BYTE the Name structure 10.5 PCR Structures 10.5.1 TPMS_PCR_SELECT This structure provides a standard method of specifying a list of PCR. PCR numbering starts at zero. PcrSelect is an array of octets. The octet containing the bit corresponding to a specific PCR is found by dividing the PCR number by 8. EXAMPLE 1 The bit in pcrSelect corresponding to PCR 19 is in pcrSelect [2] (19/8 = 2). The least significant bit in a octet is bit number 0. The bit in the octet associated with a PCR is the remainder after division by 8. EXAMPLE 2 The bit in pcrSelect [2] corresponding to PCR 19 is bit 3 (19 mod 8). If sizeofSelect is 3, then the pcrSelect array that would specify PCR 19 and no other PCR is 00 00 08 16. Each bit in pcrSelect indicates whether the corresponding PCR is selected (1) or not (0). If the pcrSelect is all zero bits, then no PCR is selected. SizeofSelect indicates the number of octets in pcrSelect. The allowable values for sizeofSelect is determined by the number of PCR required by the applicable platform-specific specification and the number of PCR implemented in the TPM. The minimum value for sizeofSelect is: PCR_SELECT_MIN ≔ (PLATFORM_PCR + 7) / 8 (1) where PLATFORM_PCR the number of PCR required by the platform-specific specification The maximum value for sizeofSelect is: PCR_SELECT_MAX ≔ (IMPLEMENTATION_PCR + 7) / 8 (2) where IMPLEMENTATION_PCR Page 86 October 31, 2013 the number of PCR implemented on the TPM Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures If the TPM implements more PCR than there are bits in pcrSelect, the additional PCR are not selected. EXAMPLE 3 If the applicable platform-specific specification requires that the TPM have a minimum of 24 PCR but the TPM implements 32, then a PCR select of 3 octets would imply that PCR 24-31 are not selected. Table 81 — Definition of TPMS_PCR_SELECT Structure Parameter Type Description sizeofSelect {PCR_SELECT_MIN:} UINT8 the size in octets of the pcrSelect array pcrSelect [sizeofSelect] {:PCR_SELECT_MAX} BYTE the bit map of selected PCR #TPM_RC_VALUE 10.5.2 TPMS_PCR_SELECTION Table 82 — Definition of TPMS_PCR_SELECTION Structure Parameter Type Description hash TPMI_ALG_HASH the hash algorithm associated with the selection sizeofSelect {PCR_SELECT_MIN:} UINT8 the size in octets of the pcrSelect array pcrSelect [sizeofSelect] {:PCR_SELECT_MAX} BYTE the bit map of selected PCR #TPM_RC_VALUE 10.6 Tickets 10.6.1 Introduction Tickets are evidence that the TPM has previously processed some information. A ticket is an HMAC over the data using a secret key known only to the TPM. A ticket is a way to expand the state memory of the TPM. A ticket is only usable by the TPM that produced it. The formulations for tickets shown in this clause are to be used by a TPM that is compliant with this specification. The method of creating the ticket data is: HMACcontexAlg(proof, (ticketType || param { || param {…})) (3) where HMACcontexAlg() an HMAC using the hash used for context integrity proof a TPM secret value (depends on hierarchy) ticketType a value to differentiate the tickets param one or more values that were checked by the TPM Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 87 October 31, 2013 Part 2: Structures Trusted Platform Module Library The proof value used for each hierarchy is shown in Table 83. Table 83 — Values for proof Used in Tickets Hierarchy proof Description None Empty Buffer Platform phProof a value that changes with each change of the PPS Owner shProof a value that changes with each change of the SPS Endorsement ehProof a value that changes with each change of either the EPS or SPS The format for a ticket is shown in Table 84. This is a template for the tickets shown in the remainder of this clause. Table 84 — General Format of a Ticket Parameter Type Description tag TPM_ST structure tag indicating the type of the ticket hierarchy TPMI_RH_HIERARCHY+ the hierarchy of the proof value digest TPM2B_DIGEST the HMAC over the ticket-specific data 10.6.2 A NULL Ticket When a command requires a ticket and no ticket is available, the caller is required to provide a structure with a ticket tag that is correct for the context. The hierarchy shall be set to TPM_RH_NULL, and digest shall be the Empty Buffer (a buffer with a size field of zero). This construct is the NULL Ticket. When a response indicates that a ticket is returned, the TPM may return a NULL Ticket. NOTE Because each use of a ticket requires that the structure tag for the ticket be appropriate for the use, t here is no single representation of a NULL Ticket that will work in all circumstances. Minimally, a NULL ticket will have a structure type that is appropriate for the context. Page 88 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.6.3 TPMT_TK_CREATION This ticket is produced by TPM2_Create() or TPM2_CreatePrimary(). It is used to bind the creation data to the object to which it applies. The ticket is computed by HMACcontextAlg(proof, (TPM_ST_CREATION || name || HnameAlg(TPMS_CREATION_DATA))) (4) where HMACcontextAlg() an HMAC using the context integrity hash algorithm proof a TPM secret value associated with the hierarchy associated with name TPM_ST_CREATION a value used to ensure that the ticket is properly used name the Name of the object to which the creation data is to be associated HnameAlg() hash using the nameAlg of the created object TPMS_CREATION_DATA the creation data structure associated with name Table 85 — Definition of TPMT_TK_CREATION Structure Parameter Type Description tag {TPM_ST_CREATION} TPM_ST ticket structure tag error returned when tag is not TPM_ST_CREATION #TPM_RC_TAG hierarchy TPMI_RH_HIERARCHY+ the hierarchy containing name digest TPM2B_DIGEST This shall be the HMAC produced using a proof value of hierarchy. EXAMPLE A NULL Creation Ticket is the tuple <TPM_ST_CREATION, TPM_RH_NULL, 0x0000>. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 89 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.6.4 TPMT_TK_VERIFIED This ticket is produced by TPM2_VerifySignature(). This formulation is used for multiple ticket uses. The ticket provides evidence that the TPM has validated that a digest was signed by a key with the Name of keyName. The ticket is computed by HMACcontextAlg(proof, (TPM_ST_VERIFIED || digest || keyName)) (5) where HMACcontextAlg() an HMAC using the context integrity hash proof a TPM secret value associated with the hierarchy associated with TPM_ST_VERIFIED a value used to ensure that the ticket is properly used digest the signed digest keyName Name of the key that signed digest keyName Table 86 — Definition of TPMT_TK_VERIFIED Structure Parameter Type Description tag {TPM_ST_VERIFIED} TPM_ST ticket structure tag error returned when tag is not TPM_ST_VERIFIED #TPM_RC_TAG hierarchy TPMI_RH_HIERARCHY+ the hierarchy containing keyName digest TPM2B_DIGEST This shall be the HMAC produced using a proof value of hierarchy. EXAMPLE A NULL Verified Ticket is the tuple <TPM_ST_VERIFIED, TPM_RH_NULL, 0x0000>. Page 90 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.6.5 TPMT_TK_AUTH This ticket is produced by TPM2_PolicySigned() and TPM2_PolicySecret() when the authorization has an expiration time. The ticket is computed by HMACcontextAlg(proof, (TPM_ST_AUTH_xxx || timeout || cpHash || policyRef || keyName)) (6) where HMACcontextAlg() an HMAC using the context integrity hash proof a TPM secret value associated with the hierarchy of the key associated with keyName TPM_ST_AUTH_xxx either TPM_ST_AUTH_SIGNED or TPM_ST_AUTH_SECRET; used to ensure that the ticket is properly used timeout implementation-specific value indicating when the authorization expires cpHash optional hash of the authorized command policyRef optional reference to a policy value keyName Name of the key that signed the authorization Table 87 — Definition of TPMT_TK_AUTH Structure Parameter Type Description tag {TPM_ST_AUTH_SIGNED, TPM_ST_AUTH_SECRET} TPM_ST ticket structure tag #TPM_RC_TAG error returned when tag is not TPM_ST_AUTH hierarchy TPMI_RH_HIERARCHY+ the hierarchy of the object used to produce the ticket digest TPM2B_DIGEST This shall be the HMAC produced using a proof value of hierarchy. EXAMPLE A NULL Auth Ticket is the tuple <TPM_ST_AUTH_SIGNED, TPM_RH_NULL, 0x0000> or the tuple <TPM_ST_AUTH_SIGNED, TPM_RH_NULL, 0x0000> Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 91 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.6.6 TPMT_TK_HASHCHECK This ticket is produced by TPM2_SequenceComplete() when the message that was digested did not start with TPM_GENERATED_VALUE. The ticket is computed by HMACcontexAlg(proof, (TPM_ST_HASHCHECK || digest)) (7) where HMACcontexAlg () an HMAC using the context integrity hash proof a TPM secret value associated with the hierarchy indicated by the command TPM_ST_HASHCHECK a value used to ensure that the ticket is properly used digest the digest of the data Table 88 — Definition of TPMT_TK_HASHCHECK Structure Parameter Type Description tag {TPM_ST_HASHCHECK} TPM_ST ticket structure tag #TPM_RC_TAG error returned when is not TPM_ST_HASHCHECK hierarchy TPMI_RH_HIERARCHY+ the hierarchy digest TPM2B_DIGEST This shall be the HMAC produced using a proof value of hierarchy. 10.7 Property Structures 10.7.1 TPMS_ALG_PROPERTY This structure is used to report the properties of an algorithm identifier. It is returned in response to a TPM2_GetCapability() with capability = TPM_CAP_ALG. Table 89 — Definition of TPMS_ALG_PROPERTY Structure <OUT> Parameter Type Description alg TPM_ALG_ID an algorithm identifier algProperties TPMA_ALGORITHM the attributes of the algorithm 10.7.2 TPMS_TAGGED_PROPERTY This structure is used to report the properties that are UINT32 values. It is returned in response to a TPM2_GetCapability(). Table 90 — Definition of TPMS_TAGGED_PROPERTY Structure <OUT> Parameter Type Description property TPM_PT a property identifier value UINT32 the value of the property Page 92 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.7.3 TPMS_TAGGED_PCR_SELECT This structure is used in TPM2_GetCapability() to return the attributes of the PCR. Table 91 — Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> Parameter Type Description tag TPM_PT the property identifier sizeofSelect {PCR_SELECT_MIN:} UINT8 the size in octets of the pcrSelect array pcrSelect [sizeofSelect] {:PCR_SELECT_MAX} BYTE the bit map of PCR with the identified property 10.8 Lists 10.8.1 TPML_CC A list of command codes may be input to the TPM or returned by the TPM depending on the command. Table 92 — Definition of TPML_CC Structure Parameter Type Description count UINT32 number of commands in the commandCode list; may be 0 commandCodes[count]{:MAX_CAP_CC} TPM_CC a list of command codes The maximum only applies to a command code list in a command. The response size is limited only by the size of the parameter buffer. #TPM_RC_SIZE Family “2.0” Level 00 Revision 00.99 response code when count is greater than the maximum allowed list size Published Copyright © TCG 2006-2013 Page 93 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.8.2 TPML_CCA This list is only used in TPM2_GetCapability(capability = TPM_CAP_COMMANDS). The values in the list are returned in commandIndex order with vendor-specific commands returned after other commands. Because of the other attributes, the commands may not be returned in strict numerical order. They will be in commandIndex order. Table 93 — Definition of TPML_CCA Structure <OUT> Parameter Type Description count UINT32 number of values in the commandAttributes list; may be 0 commandAttributes[count]{:MAX_CAP_CC} TPMA_CC a list of command codes attributes 10.8.3 TPML_ALG This list is returned by TPM2_IncrementalSelfTest(). Table 94 — Definition of TPML_ALG Structure Parameter Type Description count UINT32 number of algorithms in the algorithms list; may be 0 algorithms[count]{:MAX_ALG_LIST_SIZE} TPM_ALG_ID a list of algorithm IDs The maximum only applies to an algorithm list in a command. The response size is limited only by the size of the parameter buffer. response code when count is greater than the maximum allowed list size #TPM_RC_SIZE 10.8.4 TPML_HANDLE This structure is used when the TPM returns a list of loaded handles when the capability in TPM2_GetCapability() is TPM_CAP_HANDLE. NOTE This list is not used as input to the TPM. Table 95 — Definition of TPML_HANDLE Structure <OUT> Name Type Description count UINT32 the number of handles in the list may have a value of 0 handle[count]{: MAX_CAP_HANDLES} TPM_HANDLE an array of handles #TPM_RC_SIZE Page 94 October 31, 2013 response code when count is greater than the maximum allowed list size Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.8.5 TPML_DIGEST This list is used to convey a list of digest values. This type is used in TPM2_PolicyOR() and in TPM2_PCR_Read(). Table 96 — Definition of TPML_DIGEST Structure Parameter Type Description count {2:} UINT32 number of digests in the list, minimum is two for TPM2_PolicyOR(). digests[count]{:8} TPM2B_DIGEST a list of digests For TPM2_PolicyOR(), all digests will have been computed using the digest of the policy session. For TPM2_PCR_Read(), each digest will be the size of the digest for the bank containing the PCR. #TPM_RC_SIZE response code when count is not at least two or is greater than eight 10.8.6 TPML_DIGEST_VALUES This list is used to convey a list of digest values. This type is returned by TPM2_Event() and TPM2_SequenceComplete() and is an input for TPM2_PCR_Extend(). NOTE 1 This construct limits the number of hashes in the list to the number of digests implemented in the TPM rather than the number of PCR banks. This allows extra values to appear in a call t o TPM2_PCR_Extend(). NOTE 2 The digest for an unimplemented hash algorithm may not be in a list because the TPM may not recognize the algorithm as being a hash and it may not know the digest size. Table 97 — Definition of TPML_DIGEST_VALUES Structure Parameter Type Description count UINT32 number of digests in the list digests[count]{:HASH_COUNT} TPMT_HA a list of tagged digests response code when count is greater than the possible number of banks #TPM_RC_SIZE 10.8.7 TPM2B_DIGEST_VALUES Digest list in a sized buffer. This list is returned by TPM2_PCR_SequenceComplete(). Table 98 — Definition of TPM2B_DIGEST_VALUES Structure Parameter Type Description size UINT16 size of the operand buffer buffer [size] {:sizeof(TPML_DIGEST_VALUES)} BYTE the operand Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 95 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.8.8 TPML_PCR_SELECTION This list is used to indicate the PCR that are included in a selection when more than one PCR value may be selected. This structure is an input parameter to TPM2_PolicyPCR() to indicate the PCR that will be included in the digest of PCR for the authorization. The structure is used in TPM2_PCR_Read() command to indicate the PCR values to be returned and in the response to indicate which PCR are included in the list of returned digests. The structure is an output parameter from TPM2_Create() and indicates the PCR used in the digest of the PCR state when the object was created. The structure is also contained in the attestation structure of TPM2_Quote(). When this structure is used to select PCR to be included in a digest, the selected PCR are concatenated to create a “message” containing all of the PCR, and then the message is hashed using the contextspecific hash algorithm. Table 99 — Definition of TPML_PCR_SELECTION Structure Parameter Type Description count UINT32 number of selection structures A value of zero is allowed. pcrSelections[count]{:HASH_COUNT} TPMS_PCR_SELECTION list of selections response code when count is greater than the possible number of banks #TPM_RC_SIZE 10.8.9 TPML_ALG_PROPERTY This list is used to report on a list of algorithm attributes. It is returned in a TPM2_GetCapability(). Table 100 — Definition of TPML_ALG_PROPERTY Structure <OUT> Parameter Type Description count UINT32 number of algorithm properties structures A value of zero is allowed. algProperties[count]{:MAX_CAP_ALGS} TPMS_ALG_PROPERTY list of properties 10.8.10 TPML_TAGGED_TPM_PROPERTY This list is used to report on a list of properties that are TPMS_TAGGED_PROPERTY values. It is returned by a TPM2_GetCapability(). Table 101 — Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> Parameter Type Description count UINT32 number of properties A value of zero is allowed. tpmProperty[count]{:MAX_TPM_PROPERTIES} TPMS_TAGGED_PROPERTY Page 96 October 31, 2013 Published Copyright © TCG 2006-2013 an array of tagged properties Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.8.11 TPML_TAGGED_PCR_PROPERTY This list is used to report on a list of properties that are TPMS_PCR_SELECT values. It is returned by a TPM2_GetCapability(). Table 102 — Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> Parameter Type Description count UINT32 number of properties A value of zero is allowed. pcrProperty[count]{:MAX_PCR_PROPERTIES} TPMS_TAGGED_PCR_SELECT a tagged PCR selection 10.8.12 TPML_ECC_CURVE This list is used to report the ECC curve ID values supported by the TPM. It is returned by a TPM2_GetCapability(). Table 103 — Definition of {ECC} TPML_ECC_CURVE Structure <OUT> Parameter Type Description count UINT32 number of curves A value of zero is allowed. eccCurves[count]{:MAX_ECC_CURVES} TPM_ECC_CURVE array of ECC curve identifiers 10.9 Capabilities Structures 10.9.1 TPMU_CAPABILITIES Table 104 — Definition of TPMU_CAPABILITIES Union <OUT> Parameter Type Selector algorithms TPML_ALG_PROPERTY TPM_CAP_ALGS handles TPML_HANDLE TPM_CAP_HANDLES command TPML_CCA TPM_CAP_COMMANDS ppCommands TPML_CC TPM_CAP_PP_COMMANDS auditCommands TPML_CC TPM_CAP_AUDIT_COMMANDS assignedPCR TPML_PCR_SELECTION TPM_CAP_PCRS tpmProperties TPML_TAGGED_TPM_PROPERTY TPM_CAP_TPM_PROPERTIES pcrProperties TPML_TAGGED_PCR_PROPERTY TPM_CAP_PCR_PROPERTIES eccCurves TPML_ECC_CURVE TPM_CAP_ECC_CURVES Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Description TPM_ALG_ECC Page 97 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.9.2 TPMS_CAPABILITY_DATA This data area is returned in response to a TPM2_GetCapability(). Table 105 — Definition of TPMS_CAPABILITY_DATA Structure <OUT> Parameter Type Description capability TPM_CAP the capability [capability]data TPMU_CAPABILITIES the capability data 10.10 Clock/Counter Structures 10.10.1 TPMS_CLOCK_INFO This structure is used in each of the attestation commands. Table 106 — Definition of TPMS_CLOCK_INFO Structure Parameter Type Description clock UINT64 time in milliseconds during which the TPM has been powered This structure element is used to report on the TPM's Clock value. The value of Clock shall be recorded in non-volatile memory no 22 less often than once per 2 milliseconds (~69.9 minutes) of TPM operation. The reference for the millisecond timer is the TPM oscillator. This value is reset to zero when the Storage Primary Seed is changed (TPM2_Clear()). This value may be advanced by TPM2_AdvanceClock(). resetCount UINT32 number of occurrences of TPM Reset since the last TPM2_Clear() restartCount UINT32 number of times that TPM2_Shutdown() or _TPM_Hash_Start have occurred since the last TPM Reset or TPM2_Clear(). safe TPMI_YES_NO no value of Clock greater than the current value of Clock has been previously reported by the TPM. Set to YES on TPM2_Clear(). 10.10.2 Clock Clock is a monotonically increasing counter that advances whenever power is applied to the TPM. The value of Clock may be set forward with TPM2_ClockSet() if ownerAuth or platformAuth is provided. The value of Clock is incremented each millisecond. TPM2_Clear() will set Clock to zero. Clock will be non-volatile but may have a volatile component that is updated every millisecond with the non-volatile component updated at a lower rate. If the implementation uses a volatile component, the non22 volatile component shall be updated no less frequently than every 2 milliseconds (~69.9 minutes). The update rate of the non-volatile portion of Clock shall be reported by a TPM2_GetCapability() with capability = TPM_CAP_TPM_PROPERTIES and property = TPM_PT_CLOCK_UPDATE. 10.10.3 ResetCount This counter shall increment on each TPM Reset. This counter shall be reset to zero by TPM2_Clear(). Page 98 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.10.4 RestartCount This counter shall increment by one for each TPM Restart or TPM Resume. The restartCount shall be reset to zero on a TPM Reset or TPM2_Clear(). 10.10.5 Safe This parameter is set to YES when the value reported in Clock is guaranteed to be unique for the current Owner. It is set to NO when the value of Clock may have been reported in a previous attestation or access. This parameter will be YES if a TPM2_Startup() was preceded by TPM2_Shutdown() with no intervening commands. It will also be YES after an update of the non-volatile bits of Clock have been updated at the end of an update interval. If a TPM implementation does not implement TPMS_CLOCK_INFO.clock shall always be zero. Clock, Safe shall always be NO and This parameter will be set to YES by TPM2_Clear(). 10.10.6 TPMS_TIME_INFO This structure is used in the TPM2_TICK attestation. The Time value reported in this structure is reset whenever the TPM is reset. An implementation may reset the value of Time any time after _TPM_Init and before the TPM returns after TPM2_Start(). The value of Time shall increment continuously while power is applied to the TPM. Table 107 — Definition of TPMS_TIME_INFO Structure Parameter Type Description time UINT64 time in milliseconds since the last _TPM_Init() or TPM2_Startup() This structure element is used to report on the TPM's Time value. clockInfo TPMS_CLOCK_INFO a structure containing the clock information Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 99 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.11 TPM Attestation Structures 10.11.1 Introduction This clause describes the structures that are used when a TPM creates a structure to be signed. The signing structures follow a standard format TPM2B_ATTEST with case-specific information embedded. 10.11.2 TPMS_TIME_ATTEST_INFO This structure is used when the TPM performs TPM2_GetClock. Table 108 — Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> Parameter Type Description time TPMS_TIME_INFO the Time, clock, resetCount, restartCount, and Safe indicator firmwareVersion UINT64 a vendor-specific value indicating the version number of the firmware 10.11.3 TPMS_CERTIFY_INFO This is the attested data for TPM2_Certify(). Table 109 — Definition of TPMS_CERTIFY_INFO Structure <OUT> Parameter Type Description name TPM2B_NAME Name of the certified object qualifiedName TPM2B_NAME Qualified Name of the certified object 10.11.1 TPMS_QUOTE_INFO This is the attested data for TPM2_Quote(). Table 110 — Definition of TPMS_QUOTE_INFO Structure <OUT> Parameter Type Description pcrSelect TPML_PCR_SELECTION information on algID, PCR selected and digest pcrDigest TPM2B_DIGEST digest of the selected PCR using the hash of the signing key Page 100 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.11.2 TPMS_COMMAND_AUDIT_INFO This is the attested data for TPM2_GetCommandAuditDigest(). Table 111 — Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> Parameter Type Description auditCounter UINT64 the monotonic audit counter digestAlg TPM_ALG_ID hash algorithm used for the command audit auditDigest TPM2B_DIGEST the current value of the audit digest commandDigest TPM2B_DIGEST digest of the command codes being audited using digestAlg 10.11.3 TPMS_SESSION_AUDIT_INFO This is the attested data for TPM2_GetSessionAuditDigest(). Table 112 — Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> Parameter Type Description exclusiveSession TPMI_YES_NO current exclusive status of the session TRUE if all of the commands recorded in the sessionDigest were executed without any intervening TPM command that did not use this transport session sessionDigest TPM2B_DIGEST the current value of the session audit digest 10.11.4 TPMS_CREATION_INFO This is the attested data for TPM2_CertifyCreation(). Table 113 — Definition of TPMS_CREATION_INFO Structure <OUT> Parameter Type Description objectName TPM2B_NAME Name of the object creationHash TPM2B_DIGEST creationHash 10.11.5 TPMS_NV_CERTIFY_INFO This structure contains the Name and contents of the selected NV Index that is certified by TPM2_NV_Certify(). Table 114 — Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> Parameter Type Description indexName TPM2B_NAME Name of the NV Index offset UINT16 the offset parameter of TPM2_NV_Certify() nvContents TPM2B_MAX_NV_BUFFER contents of the NV Index Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 101 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.11.6 TPMI_ST_ATTEST Table 115 — Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT> Value Description TPM_ST_ATTEST_CERTIFY generated by TPM2_Certify() TPM_ST_ATTEST_QUOTE generated by TPM2_Quote() TPM_ST_ATTEST_SESSION_AUDIT generated by TPM2_GetSessionAuditDigest() TPM_ST_ATTEST_COMMAND_AUDIT generated by TPM2_GetCommandAuditDigest() TPM_ST_ATTEST_TIME generated by TPM2_GetTime() TPM_ST_ATTEST_CREATION generated by TPM2_CertifyCreation() TPM_ST_ATTEST_NV generated by TPM2_NV_Certify() 10.11.7 TPMU_ATTEST Table 116 — Definition of TPMU_ATTEST Union <OUT> Parameter Type Selector certify TPMS_CERTIFY_INFO TPM_ST_ATTEST_CERTIFY creation TPMS_CREATION_INFO TPM_ST_ATTEST_CREATION quote TPMS_QUOTE_INFO TPM_ST_ATTEST_QUOTE commandAudit TPMS_COMMAND_AUDIT_INFO TPM_ST_ATTEST_COMMAND_AUDIT sessionAudit TPMS_SESSION_AUDIT_INFO TPM_ST_ATTEST_SESSION_AUDIT time TPMS_TIME_ATTEST_INFO TPM_ST_ATTEST_TIME nv TPMS_NV_CERTIFY_INFO TPM_ST_ATTEST_NV Page 102 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 10.11.8 TPMS_ATTEST This structure is used on each TPM-generated signed structure. The signature is over this structure. When the structure is signed by a key in the Storage hierarchy, the values of clockInfo.resetCount, clockInfo.restartCount, and firmwareVersion are obfuscated with a per-key obfuscation value. Table 117 — Definition of TPMS_ATTEST Structure <OUT> Parameter Type Description magic TPM_GENERATED the indication that this structure was created by a TPM (always TPM_GENERATED_VALUE) type TPMI_ST_ATTEST type of the attestation structure qualifiedSigner TPM2B_NAME Qualified Name of the signing key extraData TPM2B_DATA external information supplied by caller NOTE A TPM2B_DATA structure provides room for a digest and a method indicator to indicate the components of the digest. The definition of this method indicator is outside the scope of this specification. clockInfo TPMS_CLOCK_INFO Clock, resetCount, restartCount, and Safe firmwareVersion UINT64 TPM-vendor-specific field identifying the firmware on the TPM [type]attested TPMU_ATTEST the type-specific attestation information 10.11.9 TPM2B_ATTEST This sized buffer to contain the signed structure. The attestationData is the signed portion of the structure. The size parameter is not signed. Table 118 — Definition of TPM2B_ATTEST Structure <OUT> Parameter Type Description size UINT16 size of the attestationData structure attestationData[size]{:sizeof(TPMS_ATTEST)} BYTE the signed structure Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 103 October 31, 2013 Part 2: Structures Trusted Platform Module Library 10.12 Authorization Structures The structures in this clause are used for all authorizations. One or more of these structures will be present in a command or response that has a tag of TPM_ST_SESSIONS. 10.12.1 TPMS_AUTH_COMMAND This is the format used for each of the authorizations in the session area of a command. Table 119 — Definition of TPMS_AUTH_COMMAND Structure <IN> Parameter Type Description sessionHandle TPMI_SH_AUTH_SESSION+ the session handle nonce TPM2B_NONCE the session nonce, may be the Empty Buffer sessionAttributes TPMA_SESSION the session attributes hmac TPM2B_AUTH either an HMAC, a password, or an EmptyAuth 10.12.2 TPMS_AUTH_RESPONSE This is the format for each of the authorizations in the session area of the response. If the TPM returns TPM_RC_SUCCESS, then the session area of the response contains the same number of authorizations as the command and the authorizations are in the same order. Table 120 — Definition of TPMS_AUTH_RESPONSE Structure <OUT> Parameter Type Description nonce TPM2B_NONCE the session nonce, may be the Empty Buffer sessionAttributes TPMA_SESSION the session attributes hmac TPM2B_AUTH either an HMAC, a password, or an EmptyAuth Page 104 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11 Algorithm Parameters and Structures 11.1 Symmetric 11.1.1 Introduction This clause defines the parameters and structures for describing symmetric algorithms. 11.1.2 TPMI_AES_KEY_BITS This interface type defines the supported sizes for an AES key. This type is used to allow the unmarshaling routine to generate the proper validation code for the supported key sizes. An implementation that supports different key sizes would have a different set of selections. When used in TPM2_StartAuthSession(), the mode parameter shall be TPM_ALG_CFB. NOTE 1 Key size is expressed in bits. NOTE 2 The definition for AES_KEY_SIZES_BITS used in the reference implementation is found in Annex B Table 121 — Definition of {AES} (TPM_KEY_BITS) TPMI_AES_KEY_BITS Type Parameter Description $AES_KEY_SIZES_BITS number of bits in the key #TPM_RC_VALUE error when key size is not supported 11.1.3 TPMI_SM4_KEY_BITS This interface type defines the supported sizes for an SM4 key. This type is used to allow the unmarshaling routine to generate the proper validation code for the supported key sizes. An implementation that supports different key sizes would have a different set of selections. NOTE SM4 only supports a key size of 128 bits. Table 122 — Definition of {SM4} (TPM_KEY_BITS) TPMI_SM4_KEY_BITS Type Parameter Description $SM4_KEY_SIZES_BITS number of bits in the key #TPM_RC_VALUE Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 105 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.1.4 TPMU_SYM_KEY_BITS This union is used to collect the symmetric encryption key sizes. The xor entry is a hash algorithms selector and not a key size in bits. This overload is used in order to avoid an additional level of indirection with another union and another set of selectors. The xor entry is only selected in a TPMT_SYM_DEF, which is used to select the parameter encryption value. Table 123 — Definition of TPMU_SYM_KEY_BITS Union Parameter Type Selector aes TPMI_AES_KEY_BITS TPM_ALG_AES SM4 TPMI_SM4_KEY_BITS TPM_ALG_SM4 sym TPM_KEY_BITS xor TPMI_ALG_HASH Description when selector may be any of the symmetric block ciphers TPM_ALG_XOR overload for using xor NOTE null TPM_ALG_NULL allowed is not TPM_ALG_NULL 11.1.5 TPMU_SYM_MODE This union allows the mode value in a TPMT_SYM_DEF or TPMT_SYM_DEF_OBJECT to be empty. Table 124 — Definition of TPMU_SYM_MODE Union Parameter Type Selector Description aes TPMI_ALG_SYM_MODE TPM_ALG_AES NOTE TPM_ALG_NULL allowed is not SM4 TPMI_ALG_SYM_MODE TPM_ALG_SM4 NOTE TPM_ALG_NULL allowed is not sym TPMI_ALG_SYM_MODE when selector may be any of the symmetric block ciphers xor TPM_ALG_XOR no mode selector null TPM_ALG_NULL no mode selector Page 106 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11.1.6 TPMU_SYM_DETAILS This union allows additional parameters to be added for a symmetric cipher. Currently, no additional parameters are required for any of the symmetric algorithms. NOTE The “x” character in the table title will suppress generation of this type as the parser is not, at this time, able to generate the proper values (a union of all empty data types). When an algorithm is added that requires additional parameterization, the Type column will contain a value and the “x” may be removed. Table 125 — xDefinition of TPMU_SYM_DETAILS Union Parameter Type Selector aes TPM_ALG_AES SM4 Description TPM_ALG_SM4 sym when selector may be any of the symmetric block ciphers xor TPM_ALG_XOR null TPM_ALG_NULL 11.1.7 TPMT_SYM_DEF The TPMT_SYM_DEF structure is used to select an algorithm to be used for parameter encryption in those cases when different symmetric algorithms may be selected. Table 126 — Definition of TPMT_SYM_DEF Structure Parameter Type Description algorithm +TPMI_ALG_SYM indicates a symmetric algorithm [algorithm]keyBits TPMU_SYM_KEY_BITS a supported key size [algorithm]mode TPMU_SYM_MODE the mode for the key //[algorithm]details TPMU_SYM_DETAILS contains additional algorithm details NOTE This is commented out at this time as the parser may not produce the proper code for a union if none of the selectors produces any data. 11.1.8 TPMT_SYM_DEF_OBJECT This structure is used when different symmetric block cipher (not XOR) algorithms may be selected. Table 127 — Definition of TPMT_SYM_DEF_OBJECT Structure Parameter Type Description algorithm +TPMI_ALG_SYM_OBJECT selects a symmetric block cipher [algorithm]keyBits TPMU_SYM_KEY_BITS the key size [algorithm]mode TPMU_SYM_MODE default mode //[algorithm]details TPMU_SYM_DETAILS contains the additional algorithm details, if any NOTE Family “2.0” Level 00 Revision 00.99 This is commented out at this time as the parser may not produce the proper code for a union if none of the selectors produces any data. Published Copyright © TCG 2006-2013 Page 107 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.1.9 TPM2B_SYM_KEY This structure is used to hold a symmetric key in the sensitive area of an asymmetric object. The number of bits in the key is in keyBits in the public area. When keyBits is not an even multiple of 8 bits, the unused bits of buffer will be the most significant bits of buffer[0] and size will be rounded up to the number of octets required to hold all bits of the key. Table 128 — Definition of TPM2B_SYM_KEY Structure Parameter Type Description size UINT16 size, in octets, of the buffer containing the key; may be zero buffer [size] {:MAX_SYM_KEY_BYTES} BYTE the key 11.1.10 TPMS_SYMCIPHER_PARMS This structure contains the parameters for a symmetric block cipher object. Table 129 — Definition of TPMS_SYMCIPHER_PARMS Structure Parameter Type Description sym TPMT_SYM_DEF_OBJECT a symmetric block cipher 11.1.11 TPM2B_SENSITIVE_DATA This buffer holds the secret data of a data object. It can hold as much as 128 octets of data. MAX_SYM_DATA shall be 128. NOTE A named value rather than a numeric is used to make coding clearer. A numeric value does not indicate the reason that it has the specific value that is has. Table 130 — Definition of TPM2B_SENSITIVE_DATA Structure Parameter Type size UINT16 buffer[size]{: MAX_SYM_DATA} BYTE Page 108 October 31, 2013 Description the keyed hash private data structure Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11.1.12 TPMS_SENSITIVE_CREATE This structure defines the values to be placed in the sensitive area of a created object. This structure is only used within a TPM2B_SENSITIVE_CREATE structure. NOTE When sent to the TPM or unsealed, data is usually encrypted using parameter encryption. If data.size is not zero, and the object is not a keyedHash, data.size must match the size indicated in the keySize of public.parameters. If the object is a keyedHash, data.size may be any value up to the maximum allowed in a TPM2B_SENSITIVE_DATA. For an asymmetric object, data shall be an Empty Buffer and sensitiveDataOrigin shall be SET. Table 131 — Definition of TPMS_SENSITIVE_CREATE Structure <IN> Parameter Type Description userAuth TPM2B_AUTH the USER auth secret value data TPM2B_SENSITIVE_DATA data to be sealed Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 109 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.1.13 TPM2B_SENSITIVE_CREATE This structure contains the sensitive creation data in a sized buffer. This structure is defined so that both the userAuth and data values of the TPMS_SENSITIVE_CREATE may be passed as a single parameter for parameter encryption purposes. Table 132 — Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> Parameter Type Description size= UINT16 size of sensitive in octets (may not be zero) NOTE sensitive TPMS_SENSITIVE_CREATE The userAuth and data parameters in this buffer may both be zero length but the minimum size of this parameter will be the sum of the size fields of the two parameters of the TPMS_SENSITIVE_CREATE. data to be sealed or a symmetric key value. 11.1.14 TPMS_SCHEME_SIGHASH This structure is the scheme data for schemes that only require a hash to complete the scheme definition. Table 133 — Definition of TPMS_SCHEME_SIGHASH Structure Parameter Type Description hashAlg TPMI_ALG_HASH the hash algorithm used to digest the message 11.1.15 TPMI_ALG_HASH_SCHEME This is the list of values that may appear in a keyedHash as the scheme parameter. Table 134 — Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type Values Comments TPM_ALG_HMAC the "signing" scheme TPM_ALG_XOR the "obfuscation" scheme +TPM_ALG_NULL #TPM_RC_VALUE 11.1.16 HMAC_SIG_SCHEME Table 135 — Definition of Types for HMAC_SIG_SCHEME Type Name TPMS_SCHEME_SIGHASH TPMS_SCHEME_HMAC Page 110 October 31, 2013 Description Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11.1.17 TPMS_SCHEME_XOR This structure is for the XOR encryption scheme. Table 136 — Definition of TPMS_SCHEME_XOR Structure Parameter Type Description hashAlg +TPMI_ALG_HASH the hash algorithm used to digest the message kdf TPMI_ALG_KDF the key derivation function 11.1.18 TPMU_SCHEME_HMAC Table 137 — Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> Parameter Type Selector Description hmac TPMS_SCHEME_HMAC TPM_ALG_HMAC the "signing" scheme xor TPMS_SCHEME_XOR TPM_ALG_XOR the "obfuscation" scheme null TPM_ALG_NULL 11.1.19 TPMT_KEYEDHASH_SCHEME This structure is used for a hash signing object. Table 138 — Definition of TPMT_KEYEDHASH_SCHEME Structure Parameter Type Description scheme +TPMI_ALG_KEYEDHASH_SCHEME selects the scheme [scheme]details TPMU_SCHEME_KEYEDHASH the scheme parameters Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 111 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.2 Asymmetric 11.2.1 Signing Schemes 11.2.1.1 Introduction These structures are used to define the method in which the signature is to be created. These schemes would appear in an object’s public area and in commands where the signing scheme is variable. Every scheme is required to indicate a hash that is used in digesting the message. 11.2.1.2 RSA_SIG_SCHEMES These are the RSA schemes that only need a hash algorithm as a scheme parameter. For the TPM_ALG_RSAPSS signing scheme, the same hash algorithm is used for digesting TPMgenerated data (an attestation structure) and in the KDF used for the masking operation. The salt size is always the largest salt value that will fit into the available space. Table 139 — Definition of {RSA} Types for RSA_SIG_SCHEMES Type Name Description TPMS_SCHEME_SIGHASH TPMS_SCHEME_RSASSA TPMS_SCHEME_SIGHASH TPMS_SCHEME_RSAPSS 11.2.1.3 ECC_SIG_SCHEMES These are the ECC schemes that only need a hash algorithm as a controlling parameter. Table 140 — Definition of {ECC} Types for ECC_SIG_SCHEMES Type Name Description TPMS_SCHEME_SIGHASH TPMS_SCHEME_ECDSA TPMS_SCHEME_SIGHASH TPMS_SCHEME_SM2 TPMS_SCHEME_SIGHASH TPMS_SCHEME_ECSCHNORR 11.2.1.4 TPMS_SCHEME_ECDAA Table 141 — Definition of {ECC} TPMS_SCHEME_ECDAA Structure Parameter Type Description hashAlg TPMI_ALG_HASH the hash algorithm used to digest the message count UINT16 the counter value that is used between TPM2_Commit() and the sign operation Page 112 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 11.2.1.5 Part 2: Structures TPMU_SIG_SCHEME Table 142 — Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> Parameter Type Selector Description rsassa TPMS_SCHEME_RSASSA TPM_ALG_RSASSA the PKCS#1v1.5 scheme rsapss TPMS_SCHEME_RSAPSS TPM_ALG_RSAPSS the PKCS#1v2.1 PSS scheme ecdsa TPMS_SCHEME_ECDSA TPM_ALG_ECDSA the ECDSA scheme sm2 TPMS_SCHEME_SM2 TPM_ALG_SM2 ECDSA from SM2 ecdaa TPMS_SCHEME_ECDAA TPM_ALG_ECDAA the ECDAA scheme ecSchnorr TPMS_SCHEME_ECSCHNORR TPM_ALG_ECSCHNORR the EC Schnorr hmac TPMS_SCHEME_HMAC TPM_ALG_HMAC the HMAC scheme any TPMS_SCHEME_SIGHASH null 11.2.1.6 selector that allows access to digest for any signing scheme TPM_ALG_NULL no scheme or default TPMT_SIG_SCHEME Table 143 — Definition of TPMT_SIG_SCHEME Structure Parameter Type Description scheme +TPMI_ALG_SIG_SCHEME scheme selector [scheme]details TPMU_SIG_SCHEME scheme parameters Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 113 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.2.2 Encryption Schemes 11.2.2.1 Introduction These structures are used to indicate the hash algorithm used for the encrypting process. These schemes would appear in an object’s public area. 11.2.2.2 TPMS_SCHEME_OAEP Table 144 — Definition of {RSA} TPMS_SCHEME_OAEP Structure Parameter Type Description hashAlg +TPMI_ALG_HASH the hash algorithm used to digest the message 11.2.2.3 TPMS_SCHEME_ECDH For ECDH, KDFe is used for the key derivation function that only a hash algorithm is needed to complete the definition. Table 145 — Definition of {ECC} TPMS_SCHEME_ECDH Structure Parameter Type Description hashAlg +TPMI_ALG_HASH the hash algorithm used in the KDF 11.2.3 Key Derivation Schemes 11.2.3.1 Introduction These structures are used to define the key derivation for symmetric secret sharing using asymmetric methods. A secret shareing scheme is required in any asymmetric key with the decrypt attribute SET. These schemes would appear in an object’s public area and in commands where the secret sharing scheme is variable. Each scheme includes a symmetric algorithm and a KDF selection. 11.2.3.2 TPMS_SCHEME_MGF1 Table 146 — Definition of TPMS_SCHEME_MGF1 Structure Parameter Type Description hashAlg TPMI_ALG_HASH the hash algorithm used in the KDF 11.2.3.3 TPMS_SCHEME_KDF1_SP800_56a Table 147 — Definition of {ECC} TPMS_SCHEME_KDF1_SP800_56a Structure Parameter Type Description hashAlg TPMI_ALG_HASH the hash algorithm used in the KDF Page 114 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 11.2.3.4 Part 2: Structures TPMS_SCHEME_KDF2 Table 148 — Definition of TPMS_SCHEME_KDF2 Structure Parameter Type Description hashAlg TPMI_ALG_HASH the hash algorithm used in the KDF 11.2.3.5 TPMS_SCHEME_KDF1_SP800_108 Table 149 — Definition of TPMS_SCHEME_KDF1_SP800_108 Structure Parameter Type Description hashAlg TPMI_ALG_HASH the hash algorithm used in the KDF 11.2.3.6 TPMU_KDF_SCHEME Table 150 — Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> Parameter Type Selector mgf1 TPMS_SCHEME_MGF1 TPM_ALG_MGF1 kdf1_SP800_56a TPMS_SCHEME_KDF1_SP800_56a TPM_ALG_KDF1_SP800_56a kdf2 TPMS_SCHEME_KDF2 TPM_ALG_KDF2 kdf1_sp800_108 TPMS_SCHEME_KDF1_SP800_108 Description TPM_ALG_KDF1_SP800_108 null 11.2.3.7 TPM_ALG_NULL TPMT_KDF_SCHEME Table 151 — Definition of TPMT_KDF_SCHEME Structure Parameter Type Description scheme +TPMI_ALG_KDF scheme selector [scheme]details TPMU_KDF_SCHEME scheme parameters Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 115 October 31, 2013 Part 2: Structures 11.2.3.8 Trusted Platform Module Library TPMI_ALG_ASYM_SCHEME List of all of the scheme types for any asymmetric algorithm. This is used to define the TPMT_ASYM_SCHEME. Table 152 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> Values Comments TPM_ALG_RSASSA list of the allowed values TPM_ALG_RSAPSS TPM_ALG_RSAES TPM_ALG_OAEP TPM_ALG_ECDSA TPM_ALG_SM2 TPM_ALG_ECDAA TPM_ALG_ECDH +TPM_ALG_NULL #TPM_RC_VALUE 11.2.3.9 TPMU_ASYM_SCHEME This union of all asymmetric schemes is used in each of the asymmetric scheme structures. The actual scheme structure is defined by the interface type used for the selector. EXAMPLE The TPMT_RSA_SCHEME structure uses the TPMU_ASYM_SCHEME union but the selector type is TPMI_ALG_RSA_SCHEME. This means that the only elements of the union that can be selected for th e TPMT_RSA_SCHEME are those that are in TPMI_RSA_SCHEME. Table 153 — Definition of TPMU_ASYM_SCHEME Union Parameter Type Selector Description rsassa TPMS_SCHEME_RSASSA TPM_ALG_RSASSA the PKCS#1v1.5 scheme rsapss TPMS_SCHEME_RSAPSS TPM_ALG_RSAPSS the PKCS#1v2.1 PSS scheme TPM_ALG_RSAES the PKCS#1v2.1 RSAES scheme rsaes oaep TPMS_SCHEME_OAEP TPM_ALG_OAEP the PKSC#1v2.1 OAEP scheme ecdsa TPMS_SCHEME_ECDSA TPM_ALG_ECDSA an ECDSA scheme sm2 TPMS_SCHEME_SM2 TPM_ALG_SM2 sign or key exchange from SM2 ecdaa TPMS_SCHEME_ECDAA TPM_ALG_ECDAA an ECDAA scheme ecSchnorr TPMS_SCHEME_ECSCHNORR TPM_ALG_ECSCHNORR elliptic curve Schnorr signature ecdh anySig TPM_ALG_ECDH TPMS_SCHEME_SIGHASH null Page 116 October 31, 2013 TPM_ALG_NULL Published Copyright © TCG 2006-2013 no scheme or default This selects the NULL Signature. Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11.2.3.10 TPMT_ASYM_SCHEME This structure is defined to allow overlay of all of the schemes for any asymmetric object. This structure is not sent on the interface. Table 154 — Definition of TPMT_ASYM_SCHEME Structure <> Parameter Type Description scheme +TPMI_ALG_ASYM_SCHEME scheme selector [scheme]details TPMU_ASYM_SCHEME scheme parameters 11.2.4 RSA 11.2.4.1 TPMI_ALG_RSA_SCHEME The list of values that may appear in the scheme parameter of a TPMS_RSA_PARMS structure. Table 155 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type Values Comments TPM_ALG_RSASSA list of the allowed values TPM_ALG_RSAPSS TPM_ALG_RSAES TPM_ALG_OAEP +TPM_ALG_NULL #TPM_RC_VALUE 11.2.4.2 TPMT_RSA_SCHEME Table 156 — Definition of {RSA} TPMT_RSA_SCHEME Structure Parameter Type Description scheme +TPMI_ALG_RSA_SCHEME scheme selector [scheme]details TPMU_ASYM_SCHEME scheme parameters Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 117 October 31, 2013 Part 2: Structures 11.2.4.3 Trusted Platform Module Library TPMI_ALG_RSA_DECRYPT The list of values that are allowed in a decryption scheme selection as used in TPM2_RSA_Encrypt() and TPM2_RSA_Decrypt(). Table 157 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type Values Comments TPM_ALG_RSAES TPM_ALG_OAEP +TPM_ALG_NULL #TPM_RC_VALUE 11.2.4.4 TPMT_RSA_DECRYPT Table 158 — Definition of {RSA} TPMT_RSA_DECRYPT Structure Parameter Type Description scheme +TPMI_ALG_RSA_DECRYPT scheme selector [scheme]details TPMU_ASYM_SCHEME scheme parameters 11.2.4.5 TPM2B_PUBLIC_KEY_RSA This sized buffer holds the largest RSA public key supported by the TPM. NOTE The reference implementation only supports key sizes of 1,024 and 2,048 bits. Table 159 — Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure Parameter Type Description size UINT16 size of the buffer The value of zero is only valid for create. buffer[size] {: MAX_RSA_KEY_BYTES} BYTE Value 11.2.4.6 TPMI_RSA_KEY_BITS This holds the value that is the maximum size allowed for an RSA key. NOTE 1 An implementation is allowed to provide limited support for smaller RSA key sizes. That is, a TPM may be able to accept a smaller RSA key size in TPM2_LoadExternal() when only the public area is loaded but not accept that smaller key size in any command that loads both the public and private portions of an RSA key. This would allow the TPM to validate signatures using the smaller key but would prevent the TPM from using the smaller key size for any other purpose. NOTE 2 The definition for RSA_KEY_SIZES_BITS used in the reference implementation is found in Annex B Page 118 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 160 — Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type Parameter Description $RSA_KEY_SIZES_BITS the number of bits in the supported key #TPM_RC_VALUE error when key size is not supported 11.2.4.7 TPM2B_PRIVATE_KEY_RSA This sized buffer holds the largest RSA prime number supported by the TPM. NOTE All primes are required to have exactly half the number of significant bits as the public modulus , and the square of each prime is required to have the same number of significant bits as the public modulus. Table 161 — Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure Parameter Type size UINT16 buffer[size]{:MAX_RSA_KEY_BYTES/2} BYTE Family “2.0” Level 00 Revision 00.99 Description Published Copyright © TCG 2006-2013 Page 119 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.2.5 ECC 11.2.5.1 TPM2B_ECC_PARAMETER This sized buffer holds the largest ECC parameter (coordinate) supported by the TPM. Table 162 — Definition of {ECC} TPM2B_ECC_PARAMETER Structure Parameter Type Description size UINT16 size of buffer buffer[size] {:MAX_ECC_KEY_BYTES} BYTE the parameter data 11.2.5.2 TPMS_ECC_POINT This structure holds two ECC coordinates that, together, make up an ECC point. Table 163 — Definition of {ECC} TPMS_ECC_POINT Structure Parameter Type Description x TPM2B_ECC_PARAMETER X coordinate y TPM2B_ECC_PARAMETER Y coordinate 11.2.5.3 TPM2B_ECC_POINT This structure is defined to allow a point to be a single sized parameter so that it may be encrypted. NOTE If the point is to be omitted, the X and Y coordinates need to be individual ly set to Empty Buffers. The minimum value for size will be four. It is checked indirectly by unmarshaling of the TPMS_ECC_POINT. If the type of point were BYTE, then size could have been zero. However, this would complicate the process of marshaling the structure. Table 164 — Definition of {ECC} TPM2B_ECC_POINT Structure Parameter Type Description size= UINT16 size of the remainder of this structure point TPMS_ECC_POINT coordinates error returned if the unmarshaled size of point is not exactly equal to size #TPM_RC_SIZE Page 120 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 11.2.5.4 Part 2: Structures TPMI_ALG_ECC_SCHEME Table 165 — Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type Values Comments TPM_ALG_ECDSA these are the selections allowed for an ECC key TPM_ALG_SM2 TPM_ALG_ECDAA TPM_ALG_ECSCHNORR TPM_ALG_ECDH +TPM_ALG_NULL #TPM_RC_SCHEME 11.2.5.5 TPMI_ECC_CURVE The ECC curves implemented by the TPM. NOTE The definition of ECC_CURVES used in the reference implementation is found in Annex B Table 166 — Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type Parameter Description $ECC_CURVES the list of implemented curves #TPM_RC_CURVE error when curve is not supported 11.2.5.6 TPMT_ECC_SCHEME Table 167 — Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure Parameter Type Description scheme +TPMI_ALG_ECC_SCHEME scheme selector [scheme]details TPMU_SIG_SCHEME scheme parameters Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 121 October 31, 2013 Part 2: Structures 11.2.5.7 Trusted Platform Module Library TPMS_ALGORITHM_DETAIL_ECC This structure is used to report on the curve parameters of an ECC curve. It is returned by TPM2_ECC_Parameters(). Table 168 — Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> Parameter Type Description curveID TPM_ECC_CURVE identifier for the curve keySize UINT16 Size in bits of the key kdf TPMT_KDF_SCHEME the default KDF and hash algorithm used in secret sharing operations sign TPMT_ECC_SCHEME+ If not TPM_ALG_NULL, this is the mandatory signature scheme that is required to be used with this curve. p TPM2B_ECC_PARAMETER Fp (the modulus) a TPM2B_ECC_PARAMETER coefficient of the linear term in the curve equation b TPM2B_ECC_PARAMETER constant term for curve equation gX TPM2B_ECC_PARAMETER x coordinate of base point G gY TPM2B_ECC_PARAMETER y coordinate of base point G n TPM2B_ECC_PARAMETER order of G h TPM2B_ECC_PARAMETER cofactor (a size of zero indicates a cofactor of 1) 11.3 Signatures 11.3.1 TPMS_SIGNATURE_RSASSA Table 169 — Definition of {RSA} TPMS_SIGNATURE_RSASSA Structure Parameter Type Description hash TPMI_ALG_HASH the hash algorithm used to digest the message TPM_ALG_NULL is not allowed. sig TPM2B_PUBLIC_KEY_RSA The signature is the size of a public key. 11.3.2 TPMS_SIGNATURE_RSAPSS When the TPM generates a PSS signature, the salt size is the largest size allowed by the key and hash combination. EXAMPLE For a 2,048-bit public modulus key and SHA1 hash, the salt size is 256 – 20 – 2 = 234 octets. NOTE While this is significantly larger than required from a securit y perspective, it avoids issues of whether a particular size of salt value is sufficient. Page 122 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 170 — Definition of {RSA} TPMS_SIGNATURE_RSAPSS Structure Parameter Type Description hash TPMI_ALG_HASH the hash algorithm used in the signature process TPM_ALG_NULL is not allowed. sig TPM2B_PUBLIC_KEY_RSA The signature is the size of a public key. 11.3.3 TPMS_SIGNATURE_ECDSA Table 171 — Definition of {ECC} TPMS_SIGNATURE_ECDSA Structure Parameter Type Description hash TPMI_ALG_HASH the hash algorithm used in the signature process TPM_ALG_NULL is not allowed. signatureR TPM2B_ECC_PARAMETER signatureS TPM2B_ECC_PARAMETER 11.3.4 TPMU_SIGNATURE A TPMU_SIGNATURE_COMPOSITE is a union of the various signatures that is supported by a particular TPM implementation. The union allows substitution of any signature algorithm wherever a signature is required in a structure. Table 172 is an illustration of a TPMU_SIGNATURE for a TPM that implements both RSA and ECC signing. NOTE 1 All TPM are required to support a hash algorithm and the HMAC algorithm. When a symmetric algorithm is used for signing, the signing algorithm is assumed to be an HMAC based on the indicated hash algorithm. The HMAC key will either be referenced as part of the usage or will be implied by context. NOTE 2 The table below is illustrative. It would be modified to reflect the signatures produced by the TPM. Table 172 — Definition of TPMU_SIGNATURE Union <IN/OUT, S> Parameter Type Selector Description rsassa TPMS_SIGNATURE_RSASSA TPM_ALG_RSASSA a PKCS#1v1.5 signature rsapss TPMS_SIGNATURE_RSAPSS TPM_ALG_RSAPSS a PKCS#1v2.1PSS signature ecdsa TPMS_SIGNATURE_ECDSA TPM_ALG_ECDSA an ECDSA signature sm2 TPMS_SIGNATURE_ECDSA TPM_ALG_SM2 same format as ECDSA ecdaa TPMS_SIGNATURE_ECDSA TPM_ALG_ECDAA same format as ECDSA ecschnorr TPMS_SIGNATURE_ECDSA TPM_ALG_ECSCHNORR same format as ECDSA hmac TPMT_HA TPM_ALG_HMAC HMAC signature (required to be supported) any TPMS_SCHEME_SIGHASH null Family “2.0” Level 00 Revision 00.99 used to access the hash TPM_ALG_NULL Published Copyright © TCG 2006-2013 the NULL signature Page 123 October 31, 2013 Part 2: Structures Trusted Platform Module Library 11.3.5 TPMT_SIGNATURE Table 173 shows the basic algorithm-agile structure when a symmetric or asymmetric signature is indicated. The sigAlg parameter indicates the algorithm used for the signature. This structure is output from the attestation commands and is an input to TPM2_VerifySignature(), TPM2_PolicySigned(), and TPM2_FieldUpgradeStart(). Table 173 — Definition of TPMT_SIGNATURE Structure Parameter Type Description sigAlg +TPMI_ALG_SIG_SCHEME selector of the algorithm used to construct the signature [sigAlg]signature TPMU_SIGNATURE This shall be the actual signature information. 11.4 Key/Secret Exchange 11.4.1 Introduction The structures in this clause are used when a key or secret is being exchanged. The exchange may be in TPM2_StartAuthSession() where the secret is injected for salting the session, TPM2_Duplicate(), TPM2_Import, or TPM2_Rewrap() where the secret is the symmetric encryption key for the outer wrapper of a duplication blob, or TPM2_ActivateIdentity() or TPM2_CreateIdentity() where the secret is the symmetric encryption key for the credential blob. Particulars are described in Part 1. 11.4.2 TPMU_ENCRYPTED_SECRET This structure is used to hold either an ephemeral public point for ECDH, an OAEP-encrypted block for RSA, or a symmetrically encrypted value. This structure is defined for the limited purpose of determining the size of a TPM2B_ENCRYPTED_SECRET. The symmetrically encrypted value may use either CFB or XOR encryption. NOTE Table 174 is illustrative. It would be modified depending on the algorithms supported in the TPM. Table 174 — Definition of TPMU_ENCRYPTED_SECRET Union <S> Parameter Type Selector ecc[sizeof(TPMS_ECC_POINT)] BYTE TPM_ALG_ECC rsa[MAX_RSA_KEY_BYTES] BYTE TPM_ALG_RSA symmetric[sizeof(TPM2B_DIGEST)] BYTE TPM_ALG_SYMCIPHER keyedHash[sizeof(TPM2B_DIGEST)] BYTE TPM_ALG_KEYEDHASH Page 124 October 31, 2013 Published Copyright © TCG 2006-2013 Description Any symmetrically encrypted secret value will be limited to be no larger than a digest. Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 11.4.3 TPM2B_ENCRYPTED_SECRET Table 175 — Definition of TPM2B_ENCRYPTED_SECRET Structure Parameter Type Description size UINT16 size of the secret value secret[size] {:sizeof(TPMU_ENCRYPTED_SECRET)} BYTE secret Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 125 October 31, 2013 Part 2: Structures Trusted Platform Module Library 12 Key/Object Complex 12.1 Introduction An object description requires a TPM2B_PUBLIC structure and may require a TPMT_SENSITIVE structure. When the structure is stored off the TPM, the TPMT_SENSITIVE structure is encrypted within a TPM2B_PRIVATE structure. When the object requires two components for its description, those components are loaded as separate parameters in the TPM2_Load() command. When the TPM creates an object that requires both components, the TPM will return them as separate parameters from the TPM2_Create() operation. The TPM may produce multiple different TPM2B_PRIVATE structures for a single TPM2B_PUBLIC structure. Creation of a modified TPM2B_PRIVATE structure requires that the full structure be loaded with the TPM2_Load() command, modification of the TPMT_SENSITIVE data, and output of a new TPM2B_PRIVATE structure. 12.2 Public Area Structures 12.2.1 Description This clause defines the TPM2B_PUBLIC structure and the higher-level substructure that may be contained in a TPM2B_PUBLIC. The higher-level structures that are currently defined for inclusion in a TPM2B_PUBLIC are the structures for asymmetric keys, structures for symmetric keys, and structures for sealed data. 12.2.2 TPMI_ALG_PUBLIC Table 176 — Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type Values Comments TPM_ALG_KEYEDHASH required of all TPM TPM_ALG_SYMCIPHER required of all TPM TPM_ALG_RSA At least one asymmetric algorithm shall be implemented. TPM_ALG_ECC At least one asymmetric algorithm shall be implemented. #TPM_RC_TYPE response code when a public type is not supported 12.2.3 Type-Specific Parameters 12.2.3.1 Description The public area contains two fields (parameters and unique) that vary by object type. The parameters field varies according to the type of the object but the contents may be the same across multiple instances of a particular type. The unique field format also varies according to the type of the object and will also be unique for each instance. Page 126 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures For a symmetric key (type == TPM_ALG_SYMCIPHER), HMAC key (type == TPM_ALG_KEYEDHASH) or data object (also, type == TPM_ALG_KEYEDHASH), the contents of unique shall be computed from components of the sensitive area of the object as follows: unique ≔ HnameAlg(seedValue || sensitive) (8) where HnameAlg() the hash algorithm used to compute the Name of the object seedValue the digest-sized obfuscation value in the sensitive area of a symmetric key or symmetric data object found in a TPMT_SENSITIVE.seedValue.buffer sensitive the secret key/data of TPMT_SENSITIVE.sensitive.any.buffer 12.2.3.2 the object in the TPMU_PUBLIC_ID Table 177 — Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> Parameter Type Selector keyedHash TPM2B_DIGEST TPM_ALG_KEYEDHASH sym TPM2B_DIGEST TPM_ALG_SYMCIPHER rsa TPM2B_PUBLIC_KEY_RSA TPM_ALG_RSA ecc TPMS_ECC_POINT TPM_ALG_ECC 12.2.3.3 Description TPMS_KEYEDHASH_PARMS This structure describes the parameters that would appear in the public area of a KEYEDHASH object. Note Although the names are the same, the types of the structures are not the same as for asymmetric parameter lists. Table 178 — Definition of TPMS_KEYEDHASH_PARMS Structure Parameter Type Description scheme TPMT_KEYEDHASH_SCHEME+ Indicates the signing method used for a keyedHash signing object. This field also determines the size of the data field for a data object created with TPM2_Create(). This field shall not be set to TPM_ALG_NULL in a template if either sign or encrypt is SET. 12.2.3.4 TPMS_ASYM_PARMS This structure contains the common public area parameters for an asymmetric key. The first two parameters of the parameter definition structures of an asymmetric key shall have the same two first components. NOTE The sign parameter may have a different type in order to allow different schemes to be selected for each asymmetric type but the first parameter of each scheme definition shall be a TPM_ALG_ID for a valid signing scheme. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 127 October 31, 2013 Part 2: Structures Trusted Platform Module Library Table 179 — Definition of TPMS_ASYM_PARMS Structure <> Parameter Type Description symmetric TPMT_SYM_DEF_OBJECT+ the companion symmetric algorithm for a restricted decryption key and shall be set to a supported symmetric algorithm This field is optional for keys that are not decryption keys and shall be set to TPM_ALG_NULL if not used. scheme TPMT_ASYM_SCHEME+ for a key with the sign attribute SET, a valid signing scheme for the key type for a key with the decrypt attribute SET, a valid key exchange protocol for a key with sign and decrypt attributes, shall be TPM_ALG_NULL 12.2.3.5 TPMS_RSA_PARMS A TPM compatible with this specification and supporting RSA shall support numPrimes of two and an exponent of zero. Support for other values is optional. Use of other exponents in duplicated keys is not recommended because the resulting keys would not be interoperable with other TPMs. NOTE 1 Implementations are not required to check that exponent is the default exponent. They may fail to load the key if exponent is not zero. The reference implementation allows the values listed in the table. Table 180 — Definition of {RSA} TPMS_RSA_PARMS Structure Parameter Type Description symmetric TPMT_SYM_DEF_OBJECT+ for a restricted decryption key, shall be set to a supported symmetric algorithm, key size, and mode. if the key is not a restricted decryption key, this field shall be set to TPM_ALG_NULL. scheme TPMT_RSA_SCHEME+ for a signing key, shall be either TPM_ALG_RSAPSS TPM_ALG_RSASSA or TPM_ALG_NULL for an unrestricted decryption key, shall be TPM_ALG_RSAES, TPM_ALG_OAEP, or TPM_ALG_NULL unless the object also has the sign attribute for a restricted decryption key, this field shall be TPM_ALG_NULL NOTE keyBits When both sign and decrypt are SET, restricted shall be CLEAR and scheme shall be TPM_ALG_NULL. TPMI_RSA_KEY_BITS number of bits in the public modulus UINT32 the public exponent A prime number greater than 2. When zero, indicates that the exponent is the default 16 of 2 + 1 #TPM_RC_KEY_SIZE exponent #TPM_RC_VALUE Page 128 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library 12.2.3.6 Part 2: Structures TPMS_ECC_PARMS This structure contains the parameters for prime modulus ECC. Table 181 — Definition of {ECC} TPMS_ECC_PARMS Structure Parameter Type Description symmetric TPMT_SYM_DEF_OBJECT+ for a restricted decryption key, shall be set to a supported symmetric algorithm, key size. and mode. if the key is not a restricted decryption key, this field shall be set to TPM_ALG_NULL. scheme TPMT_ECC_SCHEME+ If the sign attribute of the key is SET, then this shall be a valid signing scheme. NOTE If the sign parameter in curveID indicates a mandatory scheme, then this field shall have the same value. If the decrypt attribute of the key is SET, then this shall be a valid key exchange scheme or TPM_ALG_NULL. If the key is a Storage Key, then this field shall be TPM_ALG_NULL. curveID TPMI_ECC_CURVE ECC curve ID kdf TPMT_KDF_SCHEME+ an optional key derivation scheme for generating a symmetric key from a Z value If the kdf parameter associated with curveID is not TPM_ALG_NULL then this is required to be NULL. NOTE 12.2.3.7 There are currently no commands where this parameter has effect and, in the reference code, this field needs to be set to TPM_ALG_NULL. TPMU_PUBLIC_PARMS Table 182 defines the possible parameter definition structures that may be contained in the public portion of a key. Table 182 — Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> Parameter Type (1) Selector Description keyedHashDetail TPMS_KEYEDHASH_PARMS TPM_ALG_KEYEDHASH sign | encrypt | neither symDetail TPMS_SYMCIPHER_PARMS TPM_ALG_SYMCIPHER a symmetric block cipher rsaDetail TPMS_RSA_PARMS TPM_ALG_RSA decrypt + sign (2) eccDetail TPMS_ECC_PARMS TPM_ALG_ECC decrypt + sign (2) asymDetail TPMS_ASYM_PARMS common scheme structure for RSA and ECC keys NOTES 1) Description column indicates which of TPMA_OBJECT.decrypt or TPMA_OBJECT.sign may be set. 2) “+” indicates that both may be set but one shall be set. “|” indicates the optional settings. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 129 October 31, 2013 Part 2: Structures 12.2.3.8 Trusted Platform Module Library TPMT_PUBLIC_PARMS This structure is used in TPM2_TestParms() to validate that a set of algorithm parameters is supported by the TPM. Table 183 — Definition of TPMT_PUBLIC_PARMS Structure Parameter Type Description type TPMI_ALG_PUBLIC the algorithm to be tested [type]parameters TPMU_PUBLIC_PARMS the algorithm details 12.2.4 TPMT_PUBLIC Table 184 defines the public area structure. The Name of the object is nameAlg concatenated with the digest of this structure using nameAlg. Table 184 — Definition of TPMT_PUBLIC Structure Parameter Type Description type TPMI_ALG_PUBLIC “algorithm” associated with this object nameAlg +TPMI_ALG_HASH algorithm used for computing the Name of the object NOTE The "+" indicates that the instance of a TPMT_PUBLIC may have a "+" to indicate that the nameAlg may be TPM_ALG_NULL. objectAttributes TPMA_OBJECT attributes that, along with type, determine the manipulations of this object authPolicy TPM2B_DIGEST optional policy for using this key The policy is computed using the nameAlg of the object. NOTE Shall be the Empty Buffer if no authorization policy is present. [type]parameters TPMU_PUBLIC_PARMS the algorithm or structure details [type]unique TPMU_PUBLIC_ID Page 130 October 31, 2013 the unique identifier of the structure For an asymmetric key, this would be the public key. Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 12.2.5 TPM2B_PUBLIC This sized buffer is used to embed a TPMT_PUBLIC in a command. Table 185 — Definition of TPM2B_PUBLIC Structure Parameter Type Description size= UINT16 size of publicArea NOTE publicArea +TPMT_PUBLIC The “=” will force the TPM to try to unmarshal a TPMT_PUBLIC and check that the unmarshaled size matches the value of size. If all the required fields of a TPMT_PUBLIC are not present, the TPM will return an error (generally TPM_RC_SIZE) when attempting to unmarshal the TPMT_PUBLIC. the public area NOTE The “+” indicates that the caller may specify that use of TPM_ALG_NULL is allowed for nameAlg. 12.3 Private Area Structures 12.3.1 Introduction The structures in 12.3 define the contents and construction of the private portion of a TPM object. A TPM2B_PRIVATE along with a TPM2B_PUBLIC are needed to describe a TPM object. A TPM2B_PRIVATE area may be encrypted by different symmetric algorithms or, in some cases, not encrypted at all. 12.3.2 Sensitive Data Structures 12.3.2.1 Introduction The structures in 12.3.2 define the presumptive internal representations of the sensitive areas of the various entities. A TPM may store the sensitive information in any desired format but when constructing a TPM_PRIVATE, the formats in this clause shall be used. 12.3.2.2 TPM2B_PRIVATE_VENDOR_SPECIFIC This structure is defined for coding purposes. For IO to the TPM, the sensitive portion of the key will be in a canonical form. For an RSA key, this will be one of the prime factors of the public modulus. After loading, it is typical that other values will be computed so that computations using the private key will not need to start with just one prime factor. This structure allows the vendor-specific structure to use the space of the The value for RSA_VENDOR_SPECIFIC is determined by the vendor. Table 186 — Definition of {RSA} TPM2B_PRIVATE_VENDOR_SPECIFIC Structure<> Parameter Type size UINT16 buffer[size]{:PRIVATE_VENDOR_SPECIFIC_BYTES} BYTE Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Description Page 131 October 31, 2013 Part 2: Structures 12.3.2.3 Trusted Platform Module Library TPMU_SENSITIVE_COMPOSITE Table 187 — Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> Parameter Type Selector Description rsa TPM2B_PRIVATE_KEY_RSA TPM_ALG_RSA a prime factor of the public key ecc TPM2B_ECC_PARAMETER TPM_ALG_ECC the integer private key bits TPM2B_SENSITIVE_DATA TPM_ALG_KEYEDHASH the private data sym TPM2B_SYM_KEY TPM_ALG_SYMCIPHER the symmetric key any TPM2B_PRIVATE_VENDOR_SPECIFIC 12.3.2.4 vendor-specific size for key storage TPMT_SENSITIVE Table 188 — Definition of TPMT_SENSITIVE Structure Parameter Type Description sensitiveType TPMI_ALG_PUBLIC identifier for the sensitive area This shall be the same as the type parameter of the associated public area. authValue TPM2B_AUTH user authorization data The authValue may be a zero-length string. This value shall not be larger than the size of the digest produced by the nameAlg of the object. seedValue TPM2B_DIGEST for asymmetric key object, the optional protection seed; for other objects, the obfuscation value This value shall not be larger than the size of the digest produced by nameAlg of the object. [sensitiveType]sensitive TPMU_SENSITIVE_COMPOSITE the type-specific private data 12.3.3 TPM2B_SENSITIVE The TPM2B_SENSITIVE structure is used as a parameter in TPM2_LoadExternal(). It is an unencrypted sensitive area but it may be encrypted using parameter encryption. NOTE When this structure is unmarshaled, the size of the sensitiveType determines what type of value is unmarshaled. Each value of sensitiveType is associated with a TPM2B. It is the maximum size for each of the TPM2B values will determine if the unmarshal operation is successful . Since there is no selector for the any or vendor options for the union, the maximum input and output sizes for a TMP2B_SENSITIVE are not affected by the sizes of those parameters. Table 189 — Definition of TPM2B_SENSITIVE Structure <IN/OUT> Parameter Type Description size UINT16 size of the private structure sensitiveArea TPMT_SENSITIVE an unencrypted sensitive area Page 132 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 12.3.4 Encryption A TPMS_SENSITIVE is the input to the encryption process. All TPMS_ENCRYPT structures are CFBencrypted using a key and Initialization Vector (IV) that are derived from a seed value. The method of generating the key and IV is described in “Protected Storage” subclause “Symmetric Encryption.” in Part 1. 12.3.5 Integrity The integrity computation is used to ensure that a protected object is modified when stored in memory outside of the TPM. The method of protecting the integrity of the sensitive area is described in “Protected Storage” subclause “Integrity” in Part 1. 12.3.6 _PRIVATE This structure is defined to size the contents of a TPM2B_PRIVATE. This structure is not directly marshaled or unmarshaled. For TPM2_Duplicate() and TPM2_Import(), the TPM2B_PRIVATE may contain multiply encrypted data and two integrity values. In some cases, the sensitive data is not encrypted and the integrity value is not present. For TPM2_Load() and TPM2_Create(), integrityInner is always present. If integrityInner is present, it and sensitive are encrypted as a single block. When an integrity value is not needed, it is not present and it is not represented by an Empty Buffer. Table 190 — Definition of _PRIVATE Structure <> Parameter Type Description integrityOuter TPM2B_DIGEST integrityInner TPM2B_DIGEST could also be a TPM2B_IV sensitive TPMT_SENSITIVE the sensitive area 12.3.7 TPM2B_PRIVATE The TPM2B_PRIVATE structure is used as a parameter in multiple commands that create, load, and modify the sensitive area of an object. Table 191 — Definition of TPM2B_PRIVATE Structure <IN/OUT, S> Parameter Type Description size UINT16 size of the private structure buffer[size] {:sizeof(_PRIVATE)} BYTE an encrypted private area Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 133 October 31, 2013 Part 2: Structures Trusted Platform Module Library 12.4 Identity Object 12.4.1 Description An identity object is used to convey credential protection value (CV) to a TPM that can load the object associated with the object. The CV is encrypted to a storage key on the target TPM, and if the credential integrity checks and the proper object is loaded in the TPM, then the TPM will return the CV. 12.4.2 _ID_OBJECT This structure is used for sizing the TPM2_ID_OBJECT. Table 192 — Definition of _ID_OBJECT Structure <> Parameter Type Description integrityHMAC TPM2B_DIGEST HMAC using the nameAlg of the storage key on the target TPM encIdentity TPM2B_DIGEST credential protector information returned if name matches the referenced object All of the encIdentity is encrypted, including the size field. NOTE The TPM is not required to check that the size is not larger than the digest of the nameAlg. However, if the size is larger, the ID object may not be usable on a TPM that has no digest larger than produced by nameAlg. 12.4.3 TPM2B_ID_OBJECT This structure is an output from TPM2_MakeCredential() and is an input to TPM2_ActivateCredential(). Table 193 — Definition of TPM2B_ID_OBJECT Structure <IN/OUT> Parameter Type Description size UINT16 size of the credential structure credential[size]{:sizeof(_ID_OBJECT)} BYTE an encrypted credential area Page 134 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 13 NV Storage Structures 13.1 TPM_NV_INDEX A TPM_NV_INDEX is used to reference a defined location in NV memory. The format of the Index is changed from TPM 1.2 in order to include the Index in the reserved handle space. Handles in this range use the digest of the public area of the Index as the Name of the entity in authorization computations The 32-bit TPM 1.2 NV Index format is shown in Figure 4. In order to allow the Index to fit into the 24 bits available in the reserved handle space, the Index value format is changed as shown in Figure 5. 3 3 2 2 2 2 2 2 2 1 0 9 8 7 6 5 4 3 1 1 6 5 T P U D reserved 0 0 Purview Index Figure 4 — TPM 1.2 TPM_NV_INDEX 3 1 2 2 4 3 0 0 TPM_HT_NV_INDEX Index Figure 5 — TPM 2.0 TPM_NV_INDEX NOTE This TPM_NV_INDEX format does not retain the Purview field and the D bit is not a part of an Index handle as in TPM 1.2. The TPMA_NV_PLATFORMCREATE attribute is a property of an Index that provides functionality similar to the D bit. A valid Index handle will have an MSO of TPM_HT_NV_INDEX. NOTE This structure is not used. It is defined here to indicate how the fields of the handle are assigned. The exemplary unmarshaling code unmarshals a TPM_HANDLE and validates that it is in the range for a TPM_NV_INDEX. Table 194 — Definition of (UINT32) TPM_NV_INDEX Bits <> Bit Name Definition 23:0 index The index of the NV location 31:24 RH_NV constant value of TPM_HT_NV_INDEX indicating the NV Index range #TPM_RC_VALUE response code returned if unmarshaling of this type fails because the handle value is incorrect Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 135 October 31, 2013 Part 2: Structures Trusted Platform Module Library Table 195 — Options for space Field of TPM_NV_INDEX Some prior versions of this specification contained a table here that assigned subsets of the index field to different entities. Since this assignment was a convention and not an architectural element of the TPM, the table was removed and the information is now contained in a registry document that is maintained by the TCG. 13.2 TPMA_NV (NV Index Attributes) This structure allows the TPM to keep track of the data and permissions to manipulate an NV Index. The platform controls (TPMA_NV_PPWRITE and TPMA_NV_PPREAD) and owner controls (TPMA_NV_OWNERWRITE and TPMA_NV_OWNERREAD) give the platform and owner access to NV Indexes using platformAuth or ownerAuth rather than the authValue or authPolicy of the Index. If access to an NV Index is to be restricted based on PCR, then an appropriate authPolicy shall be provided. NOTE platformAuth or ownerAuth can be provided in any type of authorization session or as a password. If TPMA_NV_AUTHREAD is SET, then the Index may be read if the Index authValue is provided. If TPMA_NV_POLICYREAD is SET, then the Index may be read if the Index authPolicy is satisfied. At least one of TPMA_NV_PPREAD, TPMA_NV_POLICYREAD shall be SET. TPMA_NV_OWNERREAD, TPMA_NV_AUTHREAD, or If TPMA_NV_AUTHWRITE is SET, then the Index may be written if the Index authValue is provided. If TPMA_NV_POLICYWRITE is SET, then the Index may be written if the Index authPolicy is satisfied. At least one of TPMA_NV_PPWRITE, TPMA_NV_OWNERWRITE TPMA_NV_AUTHWRITE, or TPMA_NV_POLICYWRITE shall be SET. If TPMA_NV_WRITELOCKED is SET, then the Index may not be written. If TPMA_NV_WRITEDEFINE is SET, TPMA_NV_WRITELOCKED may not be CLEAR except by deleting and redefining the Index. If TPMA_NV_WRITEDEFINE is CLEAR, then TPMA_NV_WRITELOCK will be CLEAR on the next TPM2_Startup(TPM_SU_CLEAR). If TPMA_NV_READLOCKED is SET, then the Index may not be read. TPMA_NV_READLOCK will be CLEAR on the next TPM2_Startup(TPM_SU_CLEAR). NOTE The TPM is expected to maintain indicators to indicate that the Index is temporarily locked. The state of these indicators is reported in the TPMA_NV_READLOCKED and TPMA_NV_WRITELOCKED attributes. If TPMA_NV_EXTEND is SET, then writes to the Index will cause an update of the Index using the extend operation with the nameAlg used to create the digest. Only one of TPMA_NV_EXTEND, TPMA_NV_COUNTER, or TPMA_NV_BITS may be set. When the Index is created (TPM2_NV_DefineSpace()), TPMA_NV_WRITELOCKED, TPMA_NV_READLOCKED, TPMA_NV_WRITTEN shall all be CLEAR in the parameter that defines the attributes of the created Index. Page 136 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Table 196 — Definition of (UINT32) TPMA_NV Bits Bit Name Description 0 TPMA_NV_PPWRITE SET (1): The Index data can be written if platformAuth is provided. CLEAR (0): Writing of the Index data cannot be authorized with platformAuth. 1 TPMA_NV_OWNERWRITE SET (1): The Index data can be written if ownerAuth is provided. CLEAR (0): Writing of the Index data cannot be authorized with ownerAuth. 2 TPMA_NV_AUTHWRITE SET (1): Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. CLEAR (0): Authorizations to change the Index contents that require USER role may not be provided with an HMAC session or password. 3 TPMA_NV_POLICYWRITE SET (1): Authorizations to change the Index contents that require USER role may be provided with a policy session. CLEAR (0): Authorizations to change the Index contents that require USER role may not be provided with a policy session. NOTE TPM2_NV_ChangeAuth() always requires that authorization be provided in a policy session. 4 TPMA_NV_COUNTER SET (1): Index contains an 8-octet value that is to be used as a counter and can only be modified with TPM2_NV_Increment(). CLEAR (0): The Index is not a counter. 5 TPMA_NV_BITS SET (1): Index contains an 8-octet value to be used as a bit field and can only be modified with TPM2_NV_SetBits(). CLEAR (0): The Index is not a bit field. 6 TPMA_NV_EXTEND SET (1): Index contains a digest-sized value used like a PCR. The Index may only be modified using TPM2_NV_Extend. The extend will use the nameAlg of the Index. CLEAR (0): Index is not a PCR. 9:7 Reserved shall be zero reserved for use in defining additional write controls 10 TPMA_NV_POLICY_DELETE SET (1): Index may not be deleted unless the authPolicy is satisfied. CLEAR (0): Index may be deleted with proper platform or owner authorization. 11 TPMA_NV_WRITELOCKED SET (1): Index cannot be written. CLEAR (0): Index can be written. 12 TPMA_NV_WRITEALL SET (1): A partial write of the Index data is not allowed. The write size shall match the defined space size. CLEAR (0): Partial writes are allowed. This setting is required if TPMA_NV_BITS is SET. 13 TPMA_NV_WRITEDEFINE SET (1): TPM2_NV_WriteLock() may be used to prevent further writes to this location. CLEAR (0): TPM2_NV_WriteLock() does not block subsequent writes. 14 TPMA_NV_WRITE_STCLEAR SET (1): TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. CLEAR (0): A write to this Index with a data size of zero does not change the write access. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 137 October 31, 2013 Part 2: Structures Trusted Platform Module Library Bit Name Description 15 TPMA_NV_GLOBALLOCK SET (1): If TPM2_NV_GlobalWriteLock() is successful, then further writes to this location are not permitted until the next TPM Reset or TPM Restart. CLEAR (0): TPM2_NV_GlobalWriteLock() has no effect on the writing of the data at this Index. 16 TPMA_NV_PPREAD SET (1): The Index data can be read if platformAuth is provided. CLEAR (0): Reading of the Index data cannot be authorized with platformAuth. 17 TPMA_NV_OWNERREAD SET (1): The Index data can be read if ownerAuth is provided. CLEAR (0): Reading of the Index data cannot be authorized with ownerAuth. 18 TPMA_NV_AUTHREAD SET (1): The Index data may be read if the authValue is provided. CLEAR (0): Reading of the Index data cannot be authorized with the Index authValue. 19 TPMA_NV_POLICYREAD SET (1): The Index data may be read if the authPolicy is satisfied. CLEAR (0): Reading of the Index data cannot be authorized with the Index authPolicy. Reserved shall be zero reserved for use in defining additional read controls 25 TPMA_NV_NO_DA SET (1): Authorization failures of the Index do not affect the DA logic and authorization of the Index is not blocked when the TPM is in Lockout mode. CLEAR (0): Authorization failures of the Index will increment the authorization failure counter and authorizations of this Index are not allowed when the TPM is in Lockout mode. 26 TPMA_NV_ORDERLY SET (1): NV Index state is only required to be saved when the TPM performs an orderly shutdown (TPM2_Shutdown()). Only an Index with TPMA_NV_COUNTER SET may have this setting. CLEAR (0): NV Index state is required to be persistent after the command to update the Index completes successfully (that is, the NV update is synchronous with the update command). 27 TPMA_NV_CLEAR_STCLEAR SET (1): TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. CLEAR (0): TPMA_NV_WRITTEN is not changed by TPM Restart. 24:20 NOTE This attribute may only be SET if TPMA_NV_COUNTER is not SET. NOTE If the TPMA_NV_ORDERLY is SET, TPMA_NV_WRITTEN will be CLEAR by TPM Reset. 28 TPMA_NV_READLOCKED SET (1): Reads of the Index are blocked until the next TPM Reset or TPM Restart. CLEAR (0): Reads of the Index are allowed if proper authorization is provided. 29 TPMA_NV_WRITTEN SET (1): Index has been written. CLEAR (0): Index has not been written. 30 TPMA_NV_PLATFORMCREATE SET (1): This Index may be undefined with platformAuth but not with ownerAuth. CLEAR (0): This Index may be undefined using ownerAuth but not with platformAuth. The TPM will validate that this attribute is SET when the Index is defined using platformAuth and will validate that this attribute is CLEAR when the Index is defined using ownerAuth. Page 138 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Bit Name Description 31 TPMA_NV_READ_STCLEAR SET (1): TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. CLEAR (0): TPM2_NV_ReadLock() has no effect on this Index. 13.3 TPMS_NV_PUBLIC This structure describes an NV Index. Table 197 — Definition of TPMS_NV_PUBLIC Structure Name Type Description nvIndex TPMI_RH_NV_INDEX the handle of the data area nameAlg TPMI_ALG_HASH hash algorithm used to compute the name of the Index and used for the authPolicy attributes TPMA_NV the Index attributes authPolicy TPM2B_DIGEST the access policy for the Index dataSize{:MAX_NV_INDEX_SIZE} UINT16 the size of the data area The maximum size is implementationdependent. The minimum maximum size is platform-specific. #TPM_RC_SIZE response code returned when the requested size is too large for the implementation 13.4 TPM2B_NV_PUBLIC This structure is used when a TPMS_NV_PUBLIC is sent on the TPM interface. Table 198 — Definition of TPM2B_NV_PUBLIC Structure Name Type Description size= UINT16 size of nvPublic nvPublic TPMS_NV_PUBLIC the public area Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 139 October 31, 2013 Part 2: Structures Trusted Platform Module Library 14 Context Data 14.1 Introduction This clause defines the contents of the TPM2_ContextLoad() command parameters. TPM2_ContextSave() response parameters and If the parameters provided by the caller in TPM2_ContextLoad() do not match the values returned by the TPM when the context was saved, the integrity check of the TPM2B_CONTEXT will fail and the object or session will not be loaded. 14.2 TPM2B_CONTEXT_SENSITIVE This structure holds the object or session context data. When saved, the full structure is encrypted. Table 199 — Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> Parameter Type size Description UINT16 buffer[size]{:MAX_CONTEXT_SIZE} BYTE the sensitive data 14.3 TPMS_CONTEXT_DATA This structure holds the integrity value and the encrypted data for a context. Table 200 — Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> Parameter Type Description integrity TPM2B_DIGEST the integrity value encrypted TPM2B_CONTEXT_SENSITIVE the sensitive area 14.4 TPM2B_CONTEXT_DATA This structure is used in a TPMS_CONTEXT. Table 201 — Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> Parameter Type size Description UINT16 buffer[size] {:sizeof(TPMS_CONTEXT_DATA)} BYTE Page 140 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 14.5 TPMS_CONTEXT This structure is used in TPM2_ContextLoad() and TPM2_ContextSave(). If the values of the TPMS_CONTEXT structure in TPM2_ContextLoad() are not the same as the values when the context was saved (TPM2_ContextSave()), then the TPM shall not load the context. Saved object contexts shall not be loaded as long as the associated hierarchy is disabled. Saved object contexts are invalidated when the Primary Seed of their hierarchy changes. Objects in the Endorsement hierarchy are invalidated when either the EPS or SPS is changed. When an object has the stClear attribute, it shall not be possible to reload the context or any descendant object after a TPM Reset or TPM Restart. NOTE 1 The reference implementation prevents reloads after TPM Restart by including the curre nt value of a clearCount in the saved object context. When an object is loaded, this value is compared with the current value of the clearCount if the object has the stClear attribute. If the values are not the same, then the object cannot be loaded. A sequence value is contained within the integrity-protected part of the saved context. The sequence value is repeated in the sequence parameter of the TPMS_CONTEXT of the context. The sequence parameter, along with other values, is used in the generation the protection values of the context. If the integrity value of the context is valid, but the sequence value of the decrypted context does not match the value in the sequence parameter, then TPM shall enter the failure mode because this is indicative of a specific type of attack on the context values. NOTE 2 If the integrity value is correct, but the decryption fails and produces the wrong value for sequence, this implies that either the TPM is faulty or an external entity is able to forge an integrity val ue for the context but they have insufficient information to know what the encryption key of the context. Since the TPM generated the valid context, then there is no reason for the sequence value in the context to be decrypted incorrectly other than the TPM is faulty or the TPM is under attack. In either case, it is appropriate for the TPM to enter failure more. Table 202 — Definition of TPMS_CONTEXT Structure Name Type Description sequence UINT64 the sequence number of the context NOTE Transient object contexts and contexts used different counters. session savedHandle TPMI_DH_CONTEXT the handle of the session, object or sequence hierarchy TPMI_RH_HIERARCHY+ the hierarchy of the context contextBlob TPM2B_CONTEXT_DATA the context data and integrity HMAC Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 141 October 31, 2013 Part 2: Structures Trusted Platform Module Library 14.6 Parameters of TPMS_CONTEXT 14.6.1 sequence The sequence parameter is used to differentiate the contexts and to allow the TPM to create a different encryption key for each context. Objects and sessions use different sequence counters. The sequence counter for objects (transient and sequence) is incremented when an object context is saved, and the sequence counter for sessions increments when a session is created or when it is loaded (TPM2_ContextLoad()). The session sequence number is the contextID counter. For a session, the sequence number also allows the TRM to find the “older” contexts so that they may be refreshed if the contextID are too widely separated. If an input value for sequence is larger than the value used in any saved context, the TPM shall return an error (TPM_RC_VALUE) and do no additional processing of the context. If the context is a session context and the input value for sequence is less than the current value of contextID minus the maximum range for sessions, the TPM shall return an error (TPM_RC_VALUE) and do no additional processing of the context. 14.6.2 savedHandle For a session, this is the handle that was assigned to the session when it was saved. For a transient object, the handle will have one of the values shown in Table 203. If the handle type for savedHandle is TPM_HT_TRANSIENT, then the low order bits are used to differentiate static objects from sequence objects. If an input value for handle is outside of the range of values used by the TPM, the TPM shall return an error (TPM_RC_VALUE) and do no additional processing of the context. Table 203 — Context Handle Values Value Description 0x02xxxxxx an HMAC session context 0x03xxxxxx a policy session context 0x80000000 an ordinary transient object 0x80000001 a sequence object 0x80000002 a transient object with the stClear attribute SET Page 142 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures 14.6.3 hierarchy This is the hierarchy (TPMI_RH_HIERARCHY) for the saved context and determines the proof value used in the construction of the encryption and integrity values for the context. For session and sequence contexts, the hierarchy is TPM_RC_NULL. The hierarchy for a transient object may be TPM_RH_NULL but it is not required. 14.7 Context Protection 14.7.1 Context Integrity The integrity of the context blob is protected by an HMAC. The integrity value is constructed such that changes to the component values will invalidate the context and prevent it from being loaded. Previously saved contexts for objects in the Platform hierarchy shall not be loadable after the PPS is changed. Previously saved contexts for objects in the Storage hierarchy shall not be loadable after the SPS is changed. Previously saved contexts for objects in the Endorsement hierarchy shall not be loadable after either the EPS or SPS is changed. Previously saved sessions shall not be loadable after the SPS changes. Previously saved contexts for objects that have their stClear attribute SET shall not be loadable after a TPM Restart. If a Storage Key has its stClear attribute SET, the descendants of this key shall not be loadable after TPM Restart. Previously saved contexts for a session and objects shall not be loadable after a TPM Reset. A saved context shall not be loaded if its HMAC is not valid. The equation for computing the HMAC for a context is found in “Context Integrity Protection” in Part 1. 14.7.2 Context Confidentiality The context data of sessions and objects shall be protected by symmetric encryption using CFB. The method for computing the IV and encryption key is found in “Context Confidentiality Protection” in Part 1. Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 143 October 31, 2013 Part 2: Structures Trusted Platform Module Library 15 Creation Data 15.1 TPMS_CREATION_DATA This structure provides information relating to the creation environment for the object. The creation data includes the parent Name, parent Qualified Name, and the digest of selected PCR. These values represent the environment in which the object was created. Creation data allows a relying party to determine if an object was created when some appropriate protections were present. When the object is created, the structure shown in Table 204 is generated and a ticket is computed over this data. If the parent is a permanent handle (TPM_RH_OWNER, TPM_RH_PLATFORM, TPM_RH_ENDORSEMENT, or TPM_RH_NULL), then parentName and parentQualifiedName will be set to the parent handle value and parentNameAlg will be TPM_ALG_NULL. Table 204 — Definition of TPMS_CREATION_DATA Structure <OUT> Parameter Type Description pcrSelect TPML_PCR_SELECTION list indicating the PCR included in pcrDigest pcrDigest TPM2B_DIGEST digest of the selected PCR using nameAlg of the object for which this structure is being created pcrDigest.size shall be zero if the pcrSelect list is empty. locality TPMA_LOCALITY the locality at which the object was created parentNameAlg TPM_ALG_ID nameAlg of the parent parentName TPM2B_NAME Name of the parent at time of creation The size will match digest size associated with parentNameAlg unless it is TPM_ALG_NULL, in which case the size will be 4 and parentName will be the hierarchy handle. parentQualifiedName TPM2B_NAME Qualified Name of the parent at the time of creation Size is the same as parentName. outsideInfo TPM2B_DATA association with additional information added by the key creator This will be the contents of the outsideInfo parameter in TPM2_Create() or TPM2_CreatePrimary(). 15.2 TPM2B_CREATION_DATA This structure is created by TPM2_Create() and TPM2_CreatePrimary(). It is never entered into the TPM and never has a size of zero. Table 205 — Definition of TPM2B_CREATION_DATA Structure <OUT> Parameter Type Description size= UINT16 size of the creation data creationData TPMS_CREATION_DATA Page 144 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Annex A (informative) Algorithm Constants A.1 Introduction This annex contains constants that are defined by algorithms. A.2 A.2.1 Allowed Hash Algorithms SHA1 Table 206 — Defines for SHA1 Hash Values Name Value SHA1_DIGEST_SIZE 20 SHA1_BLOCK_SIZE 64 SHA1_DER_SIZE Description 15 SHA1_DER A.2.2 Values are in octets. {0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E, 0x03,0x02,0x1A,0x05,0x00,0x04,0x14} SHA256 Table 207 — Defines for SHA256 Hash Values Name Value SHA256_DIGEST_SIZE 32 SHA256_BLOCK_SIZE 64 SHA256_DER_SIZE Description 19 SHA256_DER A.2.3 Values are in octets. {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86, 0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05, 0x00,0x04,0x20} SHA384 Table 208 — Defines for SHA384 Hash Values Name Value SHA384_DIGEST_SIZE 48 SHA384_BLOCK_SIZE 128 SHA384_DER_SIZE Description 19 SHA384_DER Family “2.0” Level 00 Revision 00.99 Values are in octets. {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86, 0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05, 0x00,0x04,0x30} Published Copyright © TCG 2006-2013 Page 145 October 31, 2013 Part 2: Structures A.2.4 Trusted Platform Module Library SHA512 Table 209 — Defines for SHA512 Hash Values Name Value SHA512_DIGEST_SIZE 64 SHA512_BLOCK_SIZE 128 SHA512_DER_SIZE Description 19 SHA512_DER A.2.5 Values are in octets. {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86, 0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05, 0x00,0x04,0x40} SM3_256 Table 210 — Defines for SM3_256 Hash Values Name Value Description SM3_256_DIGEST_SIZE 32 Values are in octets. SM3_256_BLOCK_SIZE 64 ?? SM3_256_DER_SIZE 18 SM3_256_DER A.3 {0x30,0x30,0x30,0x0c,0x06,0x08,0x2a,0x81, 0x1c,0x81,0x45,0x01,0x83,0x11,0x05,0x00, 0x04,0x20} Unknown Architectural Limits Table 211 — Defines for Architectural Limits Values Name MAX_SESSION_NUMBER Page 146 October 31, 2013 Value 3 Description the maximum number of authorization sessions that may be in a command This value may be increased if new commands require more than two authorization handles. Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Annex B (informative) Implementation Definitions B.1 Introduction This annex contains some of the tables that are used to define the desired implementation for the automated tools. NOTE B.2 The reference implementation assumes that stdint.h is used. Logic Values The values in this clause are used to see the generation of the subsequent tables. These values should not be changed. Table 212 — Defines for Logic Values Name Value YES 1 NO 0 TRUE 1 FALSE 0 SET 1 CLEAR Description 0 B.3 Processor Values These values are used to control generation of octet-swapping routines. The canonical octet ordering for the TPM input/output buffer is “big endian” with the most significant octet of any datum at the lowest address. NOTE The setting for the exemplar is for the x86 family of processor. Table 213 — Defines for Processor Values Name Value Description BIG_ENDIAN_TPM NO set to YES or NO according to the processor LITTLE_ENDIAN_TPM YES set to YES or NO according to the processor NOTE NO_AUTO_ALIGN NO set to YES if the processor does not allow unaligned accesses NOTE Family “2.0” Level 00 Revision 00.99 BIG_ENDIAN and LITTLE_ENDIAN shall be set to opposite values. If LITTLE_ENDIAN is YES, then the setting of this value has no effect. Published Copyright © TCG 2006-2013 Page 147 October 31, 2013 Part 2: Structures B.4 Trusted Platform Module Library Implemented Algorithms Table 214 is used to indicate the algorithms that are implemented in a TPM. The selections in the Value column may be changed to reflect the implementation. The values shown are illustrative. The "Implemented" column contains a "Y", "YES", or blank to indicate that the command is present in the implementation, an "N" or "NO" to indicate that the command is not implemented. The leading and trailing “_” characters are to avoid name space collisions with some crypto libraries. NOTE Table 214 — Defines for Implemented Algorithms Algorithm Name Implemented RSA YES SHA1 YES HMAC YES AES YES MGF1 YES XOR YES KEYEDHASH YES SHA256 YES SHA384 NO SHA512 NO SM3_256 YES SM4 Comments YES REQUIRED, do not change this value REQUIRED, do not change this value RSASSA (YES * RSA) requires RSA RSAES (YES * RSA) requires RSA RSAPSS (YES * RSA) requires RSA OAEP (YES * RSA) requires RSA ECC YES ECDH (YES * ECC) requires ECC ECDSA (YES * ECC) requires ECC ECDAA (YES * ECC) requires ECC SM2 (YES * ECC) requires ECC ECSCHNORR (YES * ECC) requires ECC ECMQV (NO * ECC) requires ECC SYMCIPHER KDF1_SP800_56a YES REQUIRED, at least one symmetric algorithm shall be implemented (YES * ECC) KDF2 NO KDF1_SP800_108 YES CTR YES OFB YES CBC YES CFB YES ECB requires ECC YES B.5 REQUIRED, do not change this value Implemented Commands Page 148 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures This table is used to indicate which of the commands are implemented. In the reference implementation, this table determines which commands can be called and drives the generation of various commanddependent switch statements. The "Implemented or Dependent" column contains a "Y", "YES", or blank to indicate that the command is present in the implementation; an "N" or "NO" to indicate that the command is not implemented; and an algorithm value if implementation of the command is dependent on a setting in Table 214. Linkage to Table 214 is not required and is provide as a convenience. To indicate that the command is implemented, only "Y", "N", blank, or a value from Table 214 is allowed. Table 215 — Defines for Implemented Commands Name ActivateCredential Implemented or Dependent Comments YES Certify Y CertifyCreation Y ChangeEPS Y ChangePPS Y Clear Y ClearControl Y ClockRateAdjust Y ClockSet Y Commit ECC ContextLoad Y Context ContextSave Y Context Create Y CreatePrimary Y DictionaryAttackLockReset Y DictionaryAttackParameters Y Duplicate Y ECC_Parameters ECC ECDH_KeyGen ECC ECDH_ZGen ECC EncryptDecrypt Y EventSequenceComplete Y EvictControl Y FieldUpgradeData N FieldUpgradeStart N FirmwareRead N FlushContext Y GetCapability Y GetCommandAuditDigest Y GetRandom Y GetSessionAuditDigest Y Family “2.0” Level 00 Revision 00.99 Context Published Copyright © TCG 2006-2013 Page 149 October 31, 2013 Part 2: Structures Name Trusted Platform Module Library Implemented or Dependent Comments GetTestResult Y GetTime Y Hash Y HashSequenceStart Y HierarchyChangeAuth Y HierarchyControl Y HMAC Y HMAC_Start Y Import Y IncrementalSelfTest Y Load Y LoadExternal Y MakeCredential Y NV_Certify Y NV_ChangeAuth Y NV_DefineSpace Y NV_Extend Y NV_GlobalWriteLock Y NV_Increment Y NV_Read Y NV_ReadLock Y NV_ReadPublic Y NV_SetBits Y NV_UndefineSpace Y NV_UndefineSpaceSpecial Y NV_Write Y NV_WriteLock Y ObjectChangeAuth Y PCR_Allocate Y PCR_Event Y PCR_Extend Y PCR_Read Y PCR PCR_Reset Y PCR PCR_SetAuthPolicy Y PCR_SetAuthValue Y PolicyAuthorize Y Policy PolicyAuthValue Y Policy PolicyCommandCode Y Policy PolicyCounterTimer Y Policy PolicyCpHash Y Policy Page 150 October 31, 2013 NV PCR Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Implemented or Dependent Name Comments PolicyDuplicationSelect Y Policy PolicyGetDigest Y Policy PolicyLocality Y Policy PolicyNameHash Y Policy PolicyNV Y Policy PolicyOR Y Policy PolicyPassword Y Policy PolicyPCR Y Policy PolicyPhysicalPresence Y Policy PolicyRestart Y PolicySecret Y Policy PolicySigned Y Policy PolicyTicket Y Policy PP_Commands Y Quote Y ReadClock Y ReadPublic Y Rewrap Y RSA_Decrypt RSA RSA_Encrypt RSA SelfTest Y SequenceComplete Y SequenceUpdate Y SetAlgorithmSet Y SetCommandCodeAuditStatus Y SetPrimaryPolicy Y Shutdown Y Sign Y StartAuthSession Y Startup Y StirRandom Y TestParms Y Unseal Y VerifySignature Y ZGen_2Phase Y EC_Ephemeral Y PolicyNvWritten Y B.6 Algorithm Constants Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 151 October 31, 2013 Part 2: Structures B.6.1 Trusted Platform Module Library RSA Table 216 — Defines for RSA Algorithm Constants Name Value Comments RSA_KEY_SIZES_BITS {1024, 2048} braces because this is a list value MAX_RSA_KEY_BITS 2048 MAX_RSA_KEY_BYTES ((MAX_RSA_KEY_BITS + 7) / 8) B.6.2 ECC Table 217 — Defines for ECC Algorithm Constants Name Value ECC_CURVES {TPM_ECC_NIST_P256, TPM_ECC_BN_P256, TPM_ECC_SM2_P256} ECC_KEY_SIZES_BITS {256} MAX_ECC_KEY_BITS 256 MAX_ECC_KEY_BYTES ((MAX_ECC_KEY_BITS + 7) / 8) B.6.3 Comments this is a list value with length of one AES Table 218 — Defines for AES Algorithm Constants Name Value AES_KEY_SIZES_BITS {128} MAX_AES_KEY_BITS 128 MAX_AES_BLOCK_SIZE_BYTES 16 MAX_AES_KEY_BYTES ((MAX_AES_KEY_BITS + 7) / 8) B.6.4 Comments SM4 Table 219 — Defines for SM4 Algorithm Constants Name Value SM4_KEY_SIZES_BITS {128} MAX_SM4_KEY_BITS 128 MAX_SM4_BLOCK_SIZE_BYTES 16 MAX_SM4_KEY_BYTES ((MAX_SM4_KEY_BITS + 7) / 8) Page 152 October 31, 2013 Comments Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library B.6.5 Part 2: Structures Symmetric The definitions in this table are derived from the implemented symmetric algorithms. Table 220 — Defines for Symmetric Algorithm Constants Name Value MAX_SYM_KEY_BITS MAX_AES_KEY_BITS MAX_SYM_KEY_BYTES MAX_AES_KEY_BYTES MAX_SYM_BLOCK_SIZE MAX_AES_BLOCK_SIZE_BYTES Family “2.0” Level 00 Revision 00.99 Comments Published Copyright © TCG 2006-2013 Page 153 October 31, 2013 Part 2: Structures B.7 Trusted Platform Module Library Implementation Specific Values The values listed in Table 221 are defined for a specific TPM implementation. The numbers in the Value column may be changed to reflect the implementation. The values shown are illustrative. Table 221 — Defines for Implementation Values Name Value Description FIELD_UPGRADE_IMPLEMENTED NO temporary define BSIZE UINT16 size used for internal storage of the size field of a TPM2B This is the definition used for the reference design. Compilation with this value changed may cause warnings about conversions. BUFFER_ALIGNMENT 4 sets the size granularity for the buffers in a TPM2B structure TPMxB buffers will be assigned a space that is a multiple of this value. This does not set the size limits for IO. Those are set by the canonical form of the TPMxB IMPLEMENTATION_PCR 24 the number of PCR in the TPM PLATFORM_PCR 24 the number of PCR required by the relevant platform specification DRTM_PCR 17 the DRTM PCR HCRTM_PCR 0 the PCR that will receive the HCRTM value at TPM2_Startup NUM_LOCALITIES 5 the number of localities supported by the TPM This is expected to be either 5 for a PC, or 1 for just about everything else. MAX_HANDLE_NUM 3 the maximum number of handles in the handle area This should be produced by the Part 3 parser but is here for now. MAX_ACTIVE_SESSIONS 64 the number of simultaneously active sessions that are supported by the TPM implementation CONTEXT_SLOT UINT16 the type of an entry in the array of saved contexts CONTEXT_COUNTER UINT64 the type of the saved session counter MAX_LOADED_SESSIONS 3 the number of sessions that the TPM may have in memory MAX_SESSION_NUM 3 this is the current maximum value Page 154 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99 Trusted Platform Module Library Part 2: Structures Name Value Description MAX_LOADED_OBJECTS 3 the number of simultaneously loaded objects that are supported by the TPM; this number does not include the objects that may be placed in NV memory by TPM2_EvictControl(). MIN_EVICT_OBJECTS 2 the minimum number of evict objects supported by the TPM PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) NUM_POLICY_PCR_GROUP 1 number of PCR groups that have individual policies NUM_AUTHVALUE_PCR_GROUP 1 number of PCR groups that have individual authorization values MAX_CONTEXT_SIZE 4000 This may be larger than necessary MAX_DIGEST_BUFFER 1024 MAX_NV_INDEX_SIZE 2048 maximum data size allowed in an NV Index MAX_NV_BUFFER_SIZE 1024 maximum data size in one NV read or write command MAX_CAP_BUFFER 1024 NV_MEMORY_SIZE 16384 NUM_STATIC_PCR 16 MAX_ALG_LIST_SIZE 64 number of algorithms that can be in a list TIMER_PRESCALE 100000 nominal value for the pre-scale value of Clock (the number of cycles of the TPM's oscillator for each increment of Clock) PRIMARY_SEED_SIZE 32 size of the Primary Seed in octets CONTEXT_ENCRYPT_ALG TPM_ALG_AES context encryption algorithm CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS context encryption key size in bits CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7 )/8) CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256 context integrity hash algorithm CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE number of byes in the context integrity digest PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE size of proof value in octets This size of the proof should be consistent with the digest size used for context integrity. NV_CLOCK_UPDATE_INTERVAL 12 the update interval expressed as a power of 2 seconds size of NV memory in octets A value of 12 is 4,096 seconds (~68 minutes). Family “2.0” Level 00 Revision 00.99 Published Copyright © TCG 2006-2013 Page 155 October 31, 2013 Part 2: Structures Trusted Platform Module Library Name Value Description NUM_POLICY_PCR 1 number of PCR that allow policy/auth MAX_COMMAND_SIZE 4096 maximum size of a command MAX_RESPONSE_SIZE 4096 maximum size of a response ORDERLY_BITS 8 number between 1 and 32 inclusive MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) maximum count of orderly counter before NV is updated This must be of the form 2N – 1 where 1 ≤ N ≤ 32. ALG_ID_FIRST TPM_ALG_FIRST used by GetCapability() processing to bound the algorithm search ALG_ID_LAST TPM_ALG_LAST used by GetCapability() processing to bound the algorithm search MAX_SYM_DATA 128 this is the maximum number of octets that may be in a sealed blob. MAX_RNG_ENTROPY_SIZE 64 RAM_INDEX_SPACE 512 RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 216 + 1 ENABLE_PCR_NO_INCREMENT YES indicates if the TPM_PT_PCR_NO_INCREME NT group is implemented CRT_FORMAT_RSA YES PRIVATE_VENDOR_SPECIFIC_BYTES ((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2)) Page 156 October 31, 2013 Published Copyright © TCG 2006-2013 Family “2.0” Level 00 Revision 00.99