TCG TPM Main Part 2 TPM Structures Specification version 1.2 Level 2 Revision 94 29 March 2006 Contact: tpmwg@trustedcomputinggroup.org TCG Published Copyright TCG 2003-2006 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 ii Level 2 Revision 94 29 March 2006 TCG Published Copyright 2003-2006 Trusted Computing Group, Incorporated. Disclaimer THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Without limitation, TCG disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. No license, express or implied, by estoppel or otherwise, to any TCG or TCG member intellectual property rights is granted herein. Except that a license is hereby granted by TCG to copy and reproduce this specification for internal use only. Contact the Trusted Computing Group at [website link] for information on specification licensing through membership agreements. Any marks and brands contained herein are the property of their respective owners. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 iii TCG Published Revision History .10 Started: 1 April 2003. Last Updated: 04/30/01 by David Grawrock 52 Started 15 July 2003 by David Grawrock 53 Started 5 Aug 2003 by David Grawrock 63 Started 2 October 2003 by David Grawrock All change history now listed in Part 1 (DP) 91 Section 19.2 Informative updated by Tasneem Brutch, on Sept. 2005 94 Added the following statement to Section 17 (Ordinals): "The following table is normative, and is the ove r riding authority in case of discrepancies in other parts of this specification." 94 Added "Physical Presence" column to the table in Section 17 (Ordinals). TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 v TCG Published Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 vi Level 2 Revision 94 29 March 2006 TCG Published TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 vii TCG Published Table of Contents 1. Scope and Audience...............................................................................................................................1 1.1 Key words ...................................................................................................................................1 1.2 Statement Type ...........................................................................................................................1 2. Basic Definitions .....................................................................................................................................2 2.1 Representation of Information.......................................................................................................2 2.1.1 Endness of Structures ...........................................................................................................2 2.1.2 Byte Packing.........................................................................................................................2 2.1.3 Lengths ................................................................................................................................2 2.2 Defines .......................................................................................................................................3 2.2.1 Basic data types....................................................................................................................3 2.2.2 Boolean types .......................................................................................................................3 2.2.3 Helper redefinitions ...............................................................................................................3 2.2.4 Vendor specific .....................................................................................................................5 3. Structure Tags........................................................................................................................................6 3.1 TPM_STRUCTURE_TAG ............................................................................................................7 4. Types ....................................................................................................................................................9 4.1 TPM_RESOURCE_TYPE ............................................................................................................9 4.2 TPM_PAYLOAD_TYPE .............................................................................................................10 4.3 TPM_ENTITY_TYPE .................................................................................................................11 4.4 Handles ....................................................................................................................................12 4.4.1 Reserved Key Handles ........................................................................................................13 4.5 TPM_STARTUP_TYPE..............................................................................................................14 4.6 TPM_STARTUP_EFFECTS .......................................................................................................15 4.7 TPM_PROTOCOL_ID ................................................................................................................16 4.8 TPM_ALGORITHM_ID...............................................................................................................17 4.9 TPM_PHYSICAL_PRESENCE ...................................................................................................18 4.10 TPM_MIGRATE_SCHEME ........................................................................................................19 4.11 TPM_EK_TYPE.........................................................................................................................20 4.12 TPM_PLATFORM_SPECIFIC ....................................................................................................21 5. Basic Structures ...................................................................................................................................22 5.1 TPM_STRUCT_VER .................................................................................................................22 5.2 TPM_VERSION_BYTE ..............................................................................................................23 5.3 TPM_VERSION.........................................................................................................................24 5.4 TPM_DIGEST ...........................................................................................................................25 5.4.1 Creating a PCR composite hash ..........................................................................................26 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 viii Level 2 Revision 94 29 March 2006 TCG Published 5.5 TPM_NONCE ............................................................................................................................27 5.6 TPM_AUTHDATA ......................................................................................................................28 5.7 TPM_KEY_HANDLE_LIST.........................................................................................................29 5.8 TPM_KEY_USAGE values .........................................................................................................30 5.8.1 Mandatory Key Usage Schemes ..........................................................................................30 5.9 TPM_AUTH_DATA_USAGE values ............................................................................................32 5.10 TPM_KEY_FLAGS ....................................................................................................................33 5.11 TPM_CHANGEAUTH_VALIDATE ..............................................................................................34 5.12 TPM_MIGRATIONKEYAUTH .....................................................................................................35 5.13 TPM_COUNTER_VALUE ..........................................................................................................36 5.14 TPM_SIGN_INFO Structure .......................................................................................................37 5.15 TPM_MSA_COMPOSITE ...........................................................................................................38 5.16 TPM_CMK_AUTH .....................................................................................................................39 5.17 TPM_CMK_DELEGATE values ..................................................................................................40 5.18 TPM_SELECT_SIZE .................................................................................................................41 5.19 TPM_CMK_MIGAUTH ...............................................................................................................42 5.20 TPM_CMK_SIGTICKET.............................................................................................................43 5.21 TPM_CMK_MA_APPROVAL......................................................................................................44 6. Command Tags ....................................................................................................................................45 7. Internal Data Held By TPM....................................................................................................................46 7.1 TPM_PERMANENT_FLAGS ......................................................................................................47 7.1.1 Flag Restrictions .................................................................................................................51 7.2 TPM_STCLEAR_FLAGS............................................................................................................52 7.2.1 Flag Restrictions .................................................................................................................54 7.3 TPM_STANY_FLAGS ................................................................................................................55 7.3.1 Flag Restrictions .................................................................................................................56 7.4 TPM_PERMANENT_DATA ........................................................................................................57 7.4.1 Flag Restrictions .................................................................................................................60 7.5 TPM_STCLEAR_DATA ..............................................................................................................61 7.5.1 Flag Restrictions .................................................................................................................61 7.6 TPM_STANY_DATA ..................................................................................................................63 7.6.1 Flag Restrictions .................................................................................................................64 8. PCR Structures ....................................................................................................................................65 8.1 TPM_PCR_SELECTION............................................................................................................66 8.2 TPM_PCR_COMPOSITE ...........................................................................................................68 8.3 TPM_PCR_INFO .......................................................................................................................69 8.4 TPM_PCR_INFO_LONG............................................................................................................70 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 ix TCG Published 8.5 TPM_PCR_INFO_SHORT .........................................................................................................71 8.6 TPM_LOCALITY_SELECTION...................................................................................................72 8.7 PCR Attributes...........................................................................................................................73 8.8 TPM_PCR_ATTRIBUTES ..........................................................................................................74 8.8.1 Comparing command locality to PCR flags ...........................................................................75 8.9 Debug PCR register ...................................................................................................................76 8.10 Mapping PCR Structures ............................................................................................................77 9. Storage Structures................................................................................................................................79 9.1 TPM_STORED_DATA ...............................................................................................................79 9.2 TPM_STORED_DATA12 ...........................................................................................................80 9.3 TPM_SEALED_DATA ................................................................................................................81 9.4 TPM_SYMMETRIC_KEY ...........................................................................................................82 9.5 TPM_BOUND_DATA .................................................................................................................83 10. TPM_KEY complex ..............................................................................................................................84 10.1 TPM_KEY_PARMS ...................................................................................................................85 10.1.1 TPM_RSA_KEY_PARMS ....................................................................................................86 10.1.2 TPM_SYMMETRIC_KEY_PARMS .......................................................................................86 10.2 TPM_KEY .................................................................................................................................87 10.3 TPM_KEY12 .............................................................................................................................88 10.4 TPM_STORE_PUBKEY .............................................................................................................89 10.5 TPM_PUBKEY ..........................................................................................................................90 10.6 TPM_STORE_ASYMKEY ..........................................................................................................91 10.7 TPM_STORE_PRIVKEY ............................................................................................................92 10.8 TPM_MIGRATE_ASYMKEY.......................................................................................................93 10.9 TPM_KEY_CONTROL...............................................................................................................94 11. Signed Structures .................................................................................................................................95 11.1 TPM_CERTIFY_INFO Structure .................................................................................................95 11.2 TPM_CERTIFY_INFO2 Structure ...............................................................................................96 11.3 TPM_QUOTE_INFO Structure....................................................................................................98 11.4 TPM_QUOTE_INFO2 Structure..................................................................................................99 12. Identity Structures .............................................................................................................................. 100 12.1 TPM_EK_BLOB....................................................................................................................... 100 12.2 TPM_EK_BLOB_ACTIVATE .................................................................................................... 101 12.3 TPM_EK_BLOB_AUTH............................................................................................................ 102 12.4 TPM_CHOSENID_HASH ......................................................................................................... 103 12.5 TPM_IDENTITY_CONTENTS .................................................................................................. 104 12.6 TPM_IDENTITY_REQ ............................................................................................................. 105 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 x Level 2 Revision 94 29 March 2006 TCG Published 12.7 TPM_IDENTITY_PROOF ......................................................................................................... 106 12.8 TPM_ASYM_CA_CONTENTS .................................................................................................. 107 12.9 TPM_SYM_CA_ATTESTATION ............................................................................................... 108 13. Transport structures............................................................................................................................ 109 13.1 TPM _TRANSPORT_PUBLIC .................................................................................................. 109 13.1.1 TPM_TRANSPORT_ATTRIBUTES Definitions.................................................................... 109 13.2 TPM_TRANSPORT_INTERNAL............................................................................................... 110 13.3 TPM_TRANSPORT_LOG_IN structure ..................................................................................... 111 13.4 TPM_TRANSPORT_LOG_OUT structure ................................................................................. 112 13.5 TPM_TRANSPORT_AUTH structure ........................................................................................ 113 14. Audit Structures .................................................................................................................................. 114 14.1 TPM_AUDIT_EVENT_IN structure............................................................................................ 114 14.2 TPM_AUDIT_EVENT_OUT structure........................................................................................ 115 15. Tick Structures ................................................................................................................................... 116 15.1 TPM_CURRENT_TICKS.......................................................................................................... 116 16. Return codes...................................................................................................................................... 117 17. Ordinals ............................................................................................................................................. 122 17.1 TSC Ordinals........................................................................................................................... 131 18. Context structures .............................................................................................................................. 132 18.1 TPM_CONTEXT_BLOB ........................................................................................................... 132 18.2 TPM_CONTEXT_SENSITIVE................................................................................................... 134 19. NV storage structures ......................................................................................................................... 135 19.1 TPM_NV_INDEX..................................................................................................................... 135 19.1.1 Required TPM_NV_INDEX values...................................................................................... 136 19.1.2 Reserved Index values ...................................................................................................... 137 19.2 TPM_NV_ATTRIBUTES .......................................................................................................... 138 19.3 TPM_NV_DATA_PUBLIC ........................................................................................................ 140 19.4 TPM_NV_DATA_SENSITIVE ................................................................................................... 141 19.5 Max NV Size ........................................................................................................................... 142 19.6 TPM_NV_DATA_AREA ........................................................................................................... 143 20. Delegate Structures ............................................................................................................................ 144 20.1 Structures and encryption......................................................................................................... 144 20.2 Delegate Definitions ................................................................................................................. 145 20.2.1 Owner Permission Settings ................................................................................................ 146 20.2.2 Owner commands not delegated........................................................................................ 147 20.2.3 Key Permission settings..................................................................................................... 148 20.2.4 Key commands not delegated ............................................................................................ 149 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 xi TCG Published 20.3 TPM_FAMILY_FLAGS ............................................................................................................. 150 20.4 TPM_FAMILY_LABEL ............................................................................................................. 151 20.5 TPM_FAMILY_TABLE_ENTRY ................................................................................................ 152 20.6 TPM_FAMILY_TABLE ............................................................................................................. 153 20.7 TPM_DELEGATE_LABEL........................................................................................................ 154 20.8 TPM_DELEGATE_PUBLIC ...................................................................................................... 155 20.9 TPM_DELEGATE_TABLE_ROW.............................................................................................. 156 20.10 TPM_DELEGATE_TABLE........................................................................................................ 157 20.11 TPM_DELEGATE_SENSITIVE................................................................................................. 158 20.12 TPM_DELEGATE_OWNER_BLOB........................................................................................... 159 20.13 TPM_DELEGATE_KEY_BLOB................................................................................................. 160 20.14 TPM_FAMILY_OPERATION Values ......................................................................................... 161 21. Capability areas ................................................................................................................................. 162 21.1 TPM_CAPABILITY_AREA for TPM_GetCapability..................................................................... 162 21.2 CAP_PROPERTY Subcap values for TPM_GetCapability .......................................................... 164 21.3 Bit ordering for structures ......................................................................................................... 166 21.3.1 Deprecated GetCapability Responses ................................................................................ 166 21.4 TPM_CAPABILITY_AREA Values for TPM_SetCapability .......................................................... 167 21.5 SubCap Values for TPM_SetCapability ..................................................................................... 168 21.6 TPM_CAP_VERSION_INFO .................................................................................................... 169 22. DAA Structures .................................................................................................................................. 170 22.1 Size definitions ........................................................................................................................ 170 22.2 Constant definitions ................................................................................................................. 170 22.3 TPM_DAA_ISSUER................................................................................................................. 171 22.4 TPM_DAA_TPM...................................................................................................................... 172 22.5 TPM_DAA_CONTEXT ............................................................................................................. 173 22.6 TPM_DAA_JOINDATA ............................................................................................................. 174 22.7 TPM_STANY_DATA Additions ................................................................................................. 175 22.8 TPM_DAA_BLOB .................................................................................................................... 176 22.9 TPM_DAA_SENSITIVE............................................................................................................ 177 23. Redirection......................................................................................................................................... 178 23.1 TPM_REDIR_COMMAND........................................................................................................ 178 24. Deprecated Structures ........................................................................................................................ 179 24.1 Persistent Flags ....................................................................................................................... 179 24.2 Volatile Flags ........................................................................................................................... 179 24.3 TPM persistent data................................................................................................................. 179 24.4 TPM volatile data..................................................................................................................... 179 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 xii Level 2 Revision 94 29 March 2006 TCG Published 24.5 TPM SV data........................................................................................................................... 180 24.6 TPM_SYM_MODE ................................................................................................................... 180 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 1 TCG Published 1. Scope and Audience1 The TPCA main specification is an industry specification that enables trust in computing2 platforms in general. The main specification is broken into parts to make the role of each3 document clear. A version of the specification (like 1.2) requires all parts to be a complete4 specification.5 This is Part 3 the structures that the TPM will use.6 This document is an industry specification that enables trust in computing platforms in7 general.8 1.1 Key words9 The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD,"10 "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in the chapters 2-1011 normative statements are to be interpreted as described in [RFC-2119].12 1.2 Statement Type13 Please note a very important distinction between different sections of text throughout this14 document. You will encounter two distinctive kinds of text: informative comment and15 normative statements. Because most of the text in this specification will be of the kind16 normative statements, the authors have informally defined it as the default and, as such,17 have specifically called out text of the kind informative comment They have done this by18 flagging the beginning and end of each informative comment and highlighting its text in19 gray. This means that unless text is specifically marked as of the kind informative20 comment, you can consider it of the kind normative statements.21 For example:22 Start of informative comment23 This is the first paragraph of 1­n paragraphs containing text of the kind informative24 comment ...25 This is the second paragraph of text of the kind informative comment ...26 This is the nth paragraph of text of the kind informative comment ...27 To understand the TPM specification the user must read the specification. (This use of28 MUST does not require any action).29 End of informative comment30 This is the first paragraph of one or more paragraphs (and/or sections) containing the text31 of the kind normative statements ...32 To understand the TPM specification the user MUST read the specification. (This use of33 MUST indicates a keyword usage and requires an action).34 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 2 Level 2 Revision 94 29 March 2006 TCG Published 2. Basic Definitions35 Start of informative comment36 The following structures and formats describe the interoperable areas of the specification.37 There is no requirement that internal storage or memory representations of data must38 follow these structures. These requirements are in place only during the movement of data39 from a TPM to some other entity.40 End of informative comment41 2.1 Representation of Information42 2.1.1 Endness of Structures43 Each structure MUST use big endian bit ordering, which follows the Internet standard and44 requires that the low-order bit appear to the far right of a word, buffer, wire format, or other45 area and the high-order bit appear to the far left.46 2.1.2 Byte Packing47 All structures MUST be packed on a byte boundary.48 2.1.3 Lengths49 The "Byte" is the unit of length when the length of a parameter is specified.50 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 3 TCG Published 2.2 Defines51 Start of informative comment52 These definitions are in use to make a consistent use of values throughout the structure53 specifications.54 End of informative comment55 2.2.1 Basic data types56 Parameters57 Typedef Name Description unsigned char BYTE Basic byte used to transmit all character fields. unsigned char BOOL TRUE/FALSE field. TRUE = 0x01, FALSE = 0x00 unsigned short UINT16 16-bit field. The definition in different architectures may need to specify 16 bits instead of the short definition unsigned long UINT32 32-bit field. The definition in different architectures may need to specify 32 bits instead of the long definition 2.2.2 Boolean types58 Name Value Description TRUE 0x01 Assertion FALSE 0x00 Contradiction 2.2.3 Helper redefinitions59 The following definitions are to make the definitions more explicit and easier to read.60 Parameters61 Typedef Name Description BYTE TPM_AUTH_DATA_USAGE Indicates the conditions where it is required that authorization be presented. BYTE TPM_PAYLOAD_TYPE The information as to what the payload is in an encrypted structure BYTE TPM_VERSION_BYTE The version info breakdown UINT16 TPM_TAG The request or response authorization type. UINT16 TPM_PROTOCOL_ID The protocol in use. UINT16 TPM_STARTUP_TYPE Indicates the start state. UINT16 TPM_ENC_SCHEME The definition of the encryption scheme. UINT16 TPM_SIG_SCHEME The definition of the signature scheme. UINT16 TPM_MIGRATE_SCHEME The definition of the migration scheme UINT16 TPM_PHYSICAL_PRESENCE Sets the state of the physical presence mechanism. UINT16 TPM_ENTITY_TYPE Indicates the types of entity that are supported by the TPM. UINT16 TPM_KEY_USAGE Indicates the permitted usage of the key. UINT16 TPM_EK_TYPE The type of asymmetric encrypted structure in use by the endorsement key Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 4 Level 2 Revision 94 29 March 2006 TCG Published Typedef Name Description UINT16 TPM_STRUCTURE_TAG The tag for the structure UINT16 TPM_PLATFORM_SPECIFIC The platform specific spec to which the information relates to UINT32 TPM_COMMAND_CODE The command ordinal. UINT32 TPM_CAPABILITY_AREA Identifies a TPM capability area. UINT32 TPM_KEY_FLAGS Indicates information regarding a key. UINT32 TPM_ALGORITHM_ID Indicates the type of algorithm. UINT32 TPM_MODIFIER_INDICATOR The locality modifier UINT32 TPM_ACTUAL_COUNT The actual number of a counter. UINT32 TPM_TRANSPORT_ATTRIBUTES Attributes that define what options are in use for a transport session UINT32 TPM_AUTHHANDLE Handle to an authorization session UINT32 TPM_DIRINDEX Index to a DIR register UINT32 TPM_KEY_HANDLE The area where a key is held assigned by the TPM. UINT32 TPM_PCRINDEX Index to a PCR register UINT32 TPM_RESULT The return code from a function UINT32 TPM_RESOURCE_TYPE The types of resources that a TPM may have using internal resources UINT32 TPM_KEY_CONTROL Allows for controlling of the key when loaded and how to handle TPM_Startup issues UINT32 TPM_NV_INDEX The index into the NV storage area UINT32 TPM_FAMILY_ID The family ID. Families IĎs are automatically assigned a sequence number by the TPM. A trusted process can set the FamilyID value in an individual row to NULL, which invalidates that row. The family ID resets to NULL on each change of TPM Owner. UINT32 TPM_FAMILY_VERIFICATION A value used as a label for the most recent verification of this family. Set to zero when not in use. UINT32 TPM_STARTUP_EFFECTS How the TPM handles var UINT32 TPM_SYM_MODE The mode of a symmetric encryption UINT32 TPM_FAMILY_FLAGS The family flags UINT32 TPM_DELEGATE_INDEX The index value for the delegate NV table UINT32 TPM_CMK_DELEGATE The restrictions placed on delegation of CMK commands UINT32 TPM_COUNT_ID The ID value of a monotonic counter UINT32 TPM_REDIT_COMMAND A command to execute UINT32 TPM_TRANSHANDLE A transport session handle UINT32 TPM_HANDLE A generic handle could be key, transport etc. UINT32 TPM_FAMILY_OPERATION What operation is happening TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 5 TCG Published 2.2.4 Vendor specific62 Start of informative comment63 For all items that can specify an individual algorithm, protocol or item the specification64 allows for vendor specific selections. The mechanism to specify a vendor specific mechanism65 is to set the high bit of the identifier on.66 End of informative comment67 The following defines allow for the quick specification of a vendor specific item.68 Parameters69 Name Value TPM_Vendor_Specific32 0x00000400 TPM_Vendor_Specific8 0x80 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 6 Level 2 Revision 94 29 March 2006 TCG Published 3. Structure Tags70 Start of informative comment71 There have been some indications that knowing what structure is in use would be valuable72 information in each structure. This new tag will be in each new structure that the TPM73 defines.74 The upper nibble of the value designates the purview of the structure tag. 0 is used for TPM75 structures, 1 for platforms, and 2-F are reserved.76 End of informative comment77 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 7 TCG Published 3.1 TPM_STRUCTURE_TAG78 The upper nibble of the value MUST be 0 for all TPM structures.79 TPM_ResourceTypes80 Name Value Structure TPM_TAG_CONTEXTBLOB 0x0001 TPM_CONTEXT_BLOB TPM_TAG_CONTEXT_SENSITIVE 0x0002 TPM_CONTEXT_SENSITIVE TPM_TAG_CONTEXTPOINTER 0x0003 TPM_CONTEXT_POINTER TPM_TAG_CONTEXTLIST 0x0004 TPM_CONTEXT_LIST TPM_TAG_SIGNINFO 0x0005 TPM_SIGN_INFO TPM_TAG_PCR_INFO_LONG 0x0006 TPM_PCR_INFO_LONG TPM_TAG_PERSISTENT_FLAGS 0x0007 TPM_PERMANENT_FLAGS TPM_TAG_VOLATILE_FLAGS 0x0008 TPM_VOLATILE_FLAGS TPM_TAG_PERSISTENT_DATA 0x0009 TPM_PERSISTENT_DATA TPM_TAG_VOLATILE_DATA 0x000A TPM_VOLATILE_DATA TPM_TAG_SV_DATA 0x000B TPM _SV_DATA TPM_TAG_EK_BLOB 0x000C TPM_EK_BLOB TPM_TAG_EK_BLOB_AUTH 0x000D TPM_EK_BLOB_AUTH TPM_TAG_COUNTER_VALUE 0x000E TPM_COUNTER_VALUE TPM_TAG_TRANSPORT_INTERNAL 0x000F TPM_TRANSPORT_INTERNAL TPM_TAG_TRANSPORT_LOG_IN 0x0010 TPM_TRANSPORT_LOG_IN TPM_TAG_TRANSPORT_LOG_OUT 0x0011 TPM _TRANSPORT_LOG_OUT TPM_TAG_AUDIT_EVENT_IN 0x0012 TPM_AUDIT_EVENT_IN TPM_TAG_AUDIT_EVENT_OUT 0X0013 TPM_AUDIT_EVENT_OUT TPM_TAG_CURRENT_TICKS 0x0014 TPM_CURRENT_TICKS TPM_TAG_KEY 0x0015 TPM _KEY TPM_TAG_STORED_DATA12 0x0016 TPM_ STORED_DATA12 TPM_TAG_NV_ATTRIBUTES 0x0017 TPM_ NV_ATTRIBUTES TPM_TAG_NV_DATA_PUBLIC 0x0018 TPM _NV_DATA_PUBLIC TPM_TAG_NV_DATA_SENSITIVE 0x0019 TPM _NV_DATA_SENSITIVE TPM_TAG_DELEGATIONS 0x 001A TPM DELEGATIONS TPM_TAG_DELEGATE_PUBLIC 0x001B TPM_ DELEGATE_PUBLIC TPM_TAG_DELEGATE_TABLE_ROW 0x001C TPM_DELEGATE_TABLE_ROW TPM_TAG_TRANSPORT_AUTH 0x001D TPM_TRANSPORT_AUTH TPM_TAG_TRANSPORT_PUBLIC 0X001E TPM_TRANSPORT_PUBLIC TPM_TAG_PERMANENT_F LAGS 0X001F TPM_PERMANENT_FLAGS TPM_TAG_STCLEAR_FLAGS 0X0020 TPM_STCLEAR_FLAGS TPM_TAG_STANY_FLAGS 0X0021 TPM_STANY_FLAGS TPM_TAG_PERMANENT_DATA 0X0022 TPM_PERMANENT_DATA Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 8 Level 2 Revision 94 29 March 2006 TCG Published Name Value Structure TPM_TAG_STCLEAR_DATA 0X0023 TPM_STCLEAR_DATA TPM_TAG_STANY_DATA 0X0024 TPM_STANY_DATA TPM_TAG_FAMILY_TABLE_ENTRY 0X0025 TPM_FAMILY_TABLE_ENTRY TPM_TAG_DELEGATE_SENSITIVE 0X0026 TPM_DELEGATE_SENSITIVE TPM_TAG_DELG_KEY_BLOB 0X0027 TPM_DELG_KEY_BLOB TPM_TAG_KEY12 0x0028 TPM_KEY12 TPM_TAG_CERTIFY_INFO2 0X0029 TPM_CERTIFY_INFO2 TPM_TAG_DELEGATE_OWNER_BLOB 0X002A TPM_DELEGATE_OWNER_BLOB TPM_TAG_EK_BLOB_ACTIVATE 0X002B TPM_EK_BLOB_ACTIVATE TPM_TAG_DAA_BLOB 0X002C TPM_DAA_BLOB TPM_TAG_DAA_CONTEXT 0X002D TPM_DAA_CONTEXT TPM_TAG_DAA_ENFORCE 0X002E TPM_DAA_ENFORCE TPM_TAG_DAA_ISSUER 0X002F TPM_DAA_ISSUER TPM_TAG_CAP_VERSION_INFO 0X0030 TPM_CAP_VERSION_INFO TPM_TAG_DAA_SENSITIVE 0X0031 TPM_DAA_SENSITIVE TPM_TAG_DAA_TPM 0X0032 TPM_DAA_TPM TPM_TAG_CMK_MIGAUTH 0X0033 TPM_CMK_MIGAUTH TPM_TAG_CMK_SIGTICKET 0X0034 TPM_CMK_SIGTICKET TPM_TAG_CMK_MA_APPROVAL 0X0035 TPM_CMK_MA_APPROVAL TPM_TAG_QUOTE_INFO2 0X0036 TPM_QUOTE_INFO2 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 9 TCG Published 4. Types81 4.1 TPM_RESOURCE_TYPE82 TPM_ResourceTypes83 Name Value Description TPM_RT_KEY 0x00000001 The handle is a key handle and is the result of a LoadKey type operation TPM_RT_AUTH 0x00000002 The handle is an authorization handle. Auth handles come from TPM_OIAP, TPM_OSAP and TPM_DSAP TPM_RT_HASH 0X00000003 Reserved for hashes TPM_RT_TRANS 0x00000004 The handle is for a transport session. Transport handles come from TPM_EstablishTransport TPM_RT_CONTEXT 0x00000005 Resource wrapped and held outside the TPM using the context save/restore commands TPM_RT_COUNTER 0x00000006 Reserved for counters TPM_RT_DELEGATE 0x00000007 The handle is for a delegate row. These are the internal rows held in NV storage by the TPM TPM_RT_DAA_TPM 0x00000008 The value is a DAA TPM specific blob TPM_RT_DAA_V0 0x00000009 The value is a DAA V0 parameter TPM_RT_DAA_V1 0x0000000A The value is a DAA V1 parameter Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 10 Level 2 Revision 94 29 March 2006 TCG Published 4.2 TPM_PAYLOAD_TYPE84 Start of informative comment85 This structure specifies the type of payload in various messages.86 End of informative comment87 TPM_PAYLOAD_TYPE Values88 Value Name Comments 0x01 TPM_PT_ASYM The entity is an asymmetric key 0x02 TPM_PT_BIND The entity is bound data 0x03 TPM_PT_MIGRATE The entity is a migration blob 0x04 TPM_PT_MAINT The entity is a maintenance blob 0x05 TPM_PT_SEAL The entity is sealed data 0x06 TPM_PT_MIGRATE_RESTRICTED The entity is a restricted-migration asymmetric key 0x07 TPM_PT_MIGRATE_EXTERNAL The entity is a external migratable key 0x08 TPM_PT_CMK_MIGRATE The entity is a CMK migratable blob 0x09 ­ 0x7F Reserved for future use by TPM 0x80 ­ 0xFF Vendor specific payloads TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 11 TCG Published 4.3 TPM_ENTITY_TYPE89 Start of informative comment90 This specifies the types of entity and ADIP encryption schemes that are supported by the91 TPM.92 The LSB is used to indicate the entity type. The MSB is used to indicate the ADIP93 encryption scheme when applicable.94 For compatibility with TPM 1.1, this mapping is maintained:95 0x0001 specifies a keyHandle entity with XOR encryption96 0x0002 specifies an owner entity with XOR encryption97 0x0003 specifies some data entity with XOR encryption98 0x0004 specifies the SRK entity with XOR encryption99 0x0005 specifies a key entity with XOR encryption100 End of informative comment101 When the entity is not being used for ADIP encryption, the MSB MUST be 0x00.102 TPM_ENTITY_TYPE LSB Values103 Value Entity Name Key Handle Comments 0x01 TPM_ET_KEYHANDLE The entity is a keyHandle or key 0x02 TPM_ET_OWNER 0x40000001 The entity is the TPM Owner 0x03 TPM_ET_DATA The entity is some data 0x04 TPM_ET_SRK 0x40000000 The entity is the SRK 0x05 TPM_ET_KEY The entity is a key or keyHandle 0x06 TPM_ET_REVOKE 0x40000002 The entity is the RevokeTrust value 0x07 TPM_ET_DEL_OWNER_BLOB The entity is a delegate owner blob 0x08 TPM_ET_DEL_ROW The entity is a delegate row 0x09 TPM_ET_DEL_KEY_BLOB The entity is a delegate key blob 0x0A TPM_ET_COUNTER The entity is a counter 0x0B TPM_ET_NV The entity is a NV index 0x40 TPM_ET_RESERVED_HANDLE Reserved. This value avoids collisions with the handle MSB setting. TPM_ENTITY_TYPE MSB Values104 Value Algorithm ADIP encryption scheme 0x 00 TPM_ET_XOR XOR 0x 06 TPM_ET_AES128 AES 128 bits Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 12 Level 2 Revision 94 29 March 2006 TCG Published 4.4 Handles105 Start of informative comment106 Handles provides pointers to TPM internal resources. Handles should provide the ability to107 locate an entity without collision. When handles are used, the TPM must be able to108 unambiguously determine the entity type.109 Handles are 32 bit values. To enable ease of use in handles and to assist in internal use of110 handles the TPM will use the following rules when creating the handle.111 The three least significant bytes (LSB) of the handle contain whatever entropy the TPM112 needs to provide collision avoidance. The most significant byte (MSB) may also be included.113 Counter handles need not provide collision avoidance.114 Reserved key handles115 Certain TPM entities have handles that point specifically to them, like the SRK. These116 values always use the MSB of 0x40. This is a reserved key handle value and all special117 handles will use the 0x40 prefix.118 Handle collisions119 The TPM provides good, but not foolproof protection against handle collisions. If system or120 application software detects a collision that is problematic, the software should evict the121 resource, and re-submit the command.122 End of informative comment123 1. The TPM MUST generate key, authorization session, transport session, and daa handles124 and MAY generate counter handles as follows:125 a. The three LSB of the handle MUST and the MSB MAY contain the collision resistance126 values. The TPM MUST provide protection against handle collision. The TPM MUST127 implement one of the following:128 i. The three LSB of the handle MUST and the MSB MAY be generated randomly. The129 TPM MUST ensure that no currently loaded entity of the same type has the same130 handle.131 ii. The three LSB of the handle MUST be generated from a monotonic counter. The132 monotonic counter value MUST NOT reset on TPM startup, but may wrap over the133 life of the TPM.134 b. The MSB MAY be a value that does not contribute to collision resistance.135 2. A key handle MUST NOT have the reserved value 0x40 in the MSB.136 3. The TPM MAY use the counter index as the monotonic counter handle.137 4. Handles are not required to be globally unique between entity groups (key, authorization138 session, transport session, and daa).139 a. For example, a newly generated authorization handle MAY have the same value as a140 loaded key handle.141 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 13 TCG Published 4.4.1 Reserved Key Handles142 Start of informative comment143 The reserved key handles. These values specify specific keys or specific actions for the TPM.144 TPM_KH_TRANSPORT indicates to TPM_EstablishTransport that there is no encryption key,145 and that the "secret" wrapped parameters are actually passed unencrypted.146 End of informative comment147 1. All reserved key handles MUST start with 0x40.148 Key Handle Values149 Key Handle Handle Name Comments 0x40000000 TPM_KH_SRK The handle points to the SRK 0x40000001 TPM_KH_OWNER The handle points to the TPM Owner 0x40000002 TPM_KH_REVOKE The handle points to the RevokeTrust value 0x40000003 TPM_KH_TRANSPORT The handle points to the TPM_EstablishTransport static authorization 0x40000004 TPM_KH_OPERATOR The handle points to the Operator auth 0x40000005 TPM_KH_ADMIN The handle points to the delegation administration auth 0x40000006 TPM_KH_EK The handle points to the PUBEK, only usable with TPM_OwnerReadInternalPub Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 14 Level 2 Revision 94 29 March 2006 TCG Published 4.5 TPM_STARTUP_TYPE150 Start of informative comment151 To specify what type of startup is occurring.152 End of informative comment153 TPM_STARTUP_TYPE Values154 Value Event Name Comments 0x0001 TPM_ST_CLEAR The TPM is starting up from a clean state 0x0002 TPM_ST_STATE The TPM is starting up from a saved state 0x0003 TPM_ST_DEACTIVATED The TPM is to startup and set the deactivated flag to TRUE TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 15 TCG Published 4.6 TPM_STARTUP_EFFECTS155 Start of Informative comment156 This structure lists for the various resources and sessions on a TPM the affect that157 TPM_Startup has on the values.158 The table makeup is still an open issue.159 End of informative comment160 Types of Startup161 Bit position Name Description 31-8 No information and MUST be FALSE 7 TPM_Startup has no effect on auditDigest 6 auditDigest is set to NULL on TPM_Startup(ST_CLEAR) but not on other types of TPM_Startup 5 auditDigest is set to NULL on TPM_Startup(any) 4 TPM_RT_KEY resources are initialized by TPM_Startup(ST_ANY) 3 TPM_RT_AUTH resources are initialized by TPM_Startup(ST_STATE) 2 TPM_RT_HASH resources are initialized by TPM_Startup(ST_STATE) 1 TPM_RT_TRANS resources are initialized by TPM_Startup(ST_STATE) 0 TPM_RT_CONTEXT session (but not key) resources are initialized by TPM_Startup(ST_STATE) Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 16 Level 2 Revision 94 29 March 2006 TCG Published 4.7 TPM_PROTOCOL_ID162 Start of informative comment163 This value identifies the protocol in use.164 End of informative comment165 TPM_PROTOCOL_ID Values166 Value Event Name Comments 0x0001 TPM_PID_OIAP The OIAP protocol. 0x0002 TPM_PID_OSAP The OSAP protocol. 0x0003 TPM_PID_ADIP The ADIP protocol. 0X0004 TPM_PID_ADCP The ADCP protocol. 0X0005 TPM_PID_OWNER The protocol for taking ownership of a TPM. 0x0006 TPM_PID_DSAP The DSAP protocol 0x0007 TPM_PID_TRANSPORT The transport protocol TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 17 TCG Published 4.8 TPM_ALGORITHM_ID167 Start of informative comment168 This table defines the types of algorithms which may be supported by the TPM.169 End of informative comment170 TPM_ALGORITHM_ID values171 Value Name Description 0x00000001 TPM_ALG_RSA The RSA algorithm. 0x00000002 TPM_ALG_DES The DES algorithm 0X00000003 TPM_ALG_3DES The 3DES algorithm in EDE mode 0x00000004 TPM_ALG_SHA The SHA1 algorithm 0x00000005 TPM_ALG_HMAC The RFC 2104 HMAC algorithm 0x00000006 TPM_ALG_AES128 The AES algorithm , key size 128 0x00000007 TPM_ALG_MGF1 The XOR algorithm using MGF1 to create a string the size of the encrypted block 0x00000008 TPM_ALG_AES192 AES, key size 192 0x00000009 TPM_ALG_AES256 AES, key size 256 0x0000000A TPM_ALG_XOR XOR using the rolling nonces Description172 The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC,173 TPM_ALG_MGF1174 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 18 Level 2 Revision 94 29 March 2006 TCG Published 4.9 TPM_PHYSICAL_PRESENCE175 Name Value Description TPM_PHYSICAL_PRESENCE_HW_DISABLE 0x0200h Sets the physicalPresenceHWEnable to FALSE TPM_PHYSICAL_PRESENCE_CMD_DISABLE 0x0100h Sets the physicalPresenceCMDEnable to FALSE TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK 0x0080h Sets the physicalPresenceLifetimeLock to TRUE TPM_PHYSICAL_PRESENCE_HW_ENABLE 0x0040h Sets the physicalPresenceHWEnable to TRUE TPM_PHYSICAL_PRESENCE_CMD_ENABLE 0x0020h Sets the physicalPresenceCMDEnable to TRUE TPM_PHYSICAL_PRESENCE_NOTPRESENT 0x0010h Sets PhysicalPresence = FALSE TPM_PHYSICAL_PRESENCE_PRESENT 0x0008h Sets PhysicalPresence = TRUE TPM_PHYSICAL_PRESENCE_LOCK 0x0004h Sets PhysicalPresenceLock = TRUE TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 19 TCG Published 4.10 TPM_MIGRATE_SCHEME176 Start of informative comment177 The scheme indicates how the StartMigrate command should handle the migration of the178 encrypted blob.179 End of informative comment180 TPM_MIGRATE_SCHEME values181 Name Value Description TPM_MS_MIGRATE 0x 0001 A public key that can be used with all TPM migration commands other than `ReWrap' mode. TPM_MS_REWRAP 0x0002 A public key that can be used for the ReWrap mode of TPM_CreateMigrationBlob. TPM_MS_MAINT 0x0003 A public key that can be used for the Maintenance commands TPM_MS_RESTRICT_MIGRATE 0x0004 The key is to be migrated to a Migration Authority. TPM_MS_RESTRICT_APPROVE_DOUBLE 0x0005 The key is to be migrated to an entity approved by a Migration Authority using double wrapping Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 20 Level 2 Revision 94 29 March 2006 TCG Published 4.11 TPM_EK_TYPE182 Start of informative comment183 This structure indicates what type of information that the EK is dealing with.184 End of informative comment185 Name Value Description TPM_EK_TYPE_ACTIVATE 0x0001 The blob MUST be TPM_EK_BLOB_ACTIVATE TPM_EK_TYPE_AUTH 0x0002 The blob MUST be TPM_EK_BLOB_AUTH TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 21 TCG Published 4.12 TPM_PLATFORM_SPECIFIC186 Start of informative comment187 This enumerated type indicates the platform specific spec that the information relates to.188 End of informative comment189 Name Value Description TPM_PS_PC_11 0x0001 PC Specific version 1.1 TPM_PS_PC_12 0x0002 PC Specific version 1.2 TPM_PS_PDA_12 0x0003 PDA Specific version 1.2 TPM_PS_Server_12 0x0004 Server Specific version 1.2 TPM_PS_Mobile_12 0x0005 Mobil Specific version 1.2 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 22 Level 2 Revision 94 29 March 2006 TCG Published 5. Basic Structures190 5.1 TPM_STRUCT_VER191 Start of informative comment192 This indicates the version of the structure.193 Version 1.2 deprecates the use of this structure in all other structures. The structure is not194 deprecated as many of the structures that contain this structure are not deprecated.195 The rationale behind keeping this structure and adding the new version structure is that in196 version 1.1 this structure was in use for two purposes. The first was to indicate the197 structure version, and in that mode the revMajor and revMinor were suppose to be set to 0.198 The second use was in getCap and the structure would then return the correct revMajor199 and revMinor. This use model caused problems in keeping track of when the revs were or200 were not set and how software used the information. Version 1.2 went to structure tags.201 Some structures did not change and the TPM_STRUCT_VER is still in use. To avoid the202 problems from 1.1 this structure now is a fixed value and only remains for backwards203 compatibility. Structure versioning comes from the tag on the structure and the getCap204 response for TPM versioning uses TPM_VERSION.205 End of informative comment206 Definition207 typedef struct tdTPM_STRUCT_VER {208 BYTE major;209 BYTE minor;210 BYTE revMajor;211 BYTE revMinor;212 } TPM_STRUCT_VER;213 Parameters214 Type Name Description BYTE major This SHALL indicate themajor version of the structure. MUST be 0x01 BYTE minor This SHALL indicate the minor version of the structure. MUST be 0x01 BYTE revMajor This MUST be 0x00 BYTE revMinor This MUST be 0x00 Descriptions215 1. Provides the version of the structure216 2. The TPM SHALL inspect all fields to determine if the TPM can properly interpret the217 structure.218 a. On error the TPM MUST return TPM_BAD_VERSION219 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 23 TCG Published 5.2 TPM_VERSION_BYTE220 Start of Informative comment221 Allocating a byte for the version information is wasteful of space. The current allocation222 does not provide sufficient resolution to indicate completely the version of the TPM. To allow223 for backwards compatibility the size of the structure does not change from 1.1.224 To enable minor version numbers with 2-digit resolution, the byte representing a version225 splits into two BCD encoded nibbles. The ordering of the low and high order provides226 backwards compatibility with existing numbering.227 An example of an implementation of this is; a version of 1.23 would have the value 2 in bit228 positions 3-0 and the value 3 in bit positions 7-4.229 End of informative comment230 TPM_VERSION_BYTE is a byte. The byte is broken up according to the following rule231 Bit position Name Description 7-4 leastSigVer Least significant nibble of the minor version. MUST be values within the range of 0000-1001 3-0 mostSigVer Most significant nibble of the minor version. MUST be values within the range of 0000-1001 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 24 Level 2 Revision 94 29 March 2006 TCG Published 5.3 TPM_VERSION232 Start of informative comment233 This structure provides information relative the version of the TPM. This structure should234 only be in use by TPM_GetCapability to provide the information relative to the TPM.235 End of informative comment236 Definition237 typedef struct tdTPM_VERSION {238 TPM_VERSION_BYTE major;239 TPM_VERSION_BYTE minor;240 BYTE revMajor;241 BYTE revMinor;242 } TPM_VERSION;243 Parameters244 Type Name Description TPM_VERSION_BYTE Major This SHALL indicate the major version of the TPM, mostSigVer MUST be 0x01, leastSigVer MUST be 0x00 TPM_VERSION_BYTE Minor This SHALL indicate the minor version of the TPM, mostSigVerMUST be 0x01 or 0x02, leastSigVer MUST be 0x00 BYTE revMajor This SHALL be the value of the TPM_PERMANENT_DATA-> revMajor BYTE revMinor This SHALL be the value of the TPM_PERMANENT_DATA-> revMinor Descriptions245 1. The major and minor fields indicate the specification version the TPM was designed for246 2. The revMajor and revMinor fields indicate the manufacturer's revision of the TPM247 a. Most challengers of the TPM MAY ignore the revMajor and revMinor fields248 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 25 TCG Published 5.4 TPM_DIGEST249 Start of informative comment250 The digest value reports the result of a hash operation.251 In version 1 the hash algorithm is SHA-1 with a resulting hash result being 20 bytes or 160252 bits.253 It is understood that algorithm agility is lost due to fixing the hash at 20 bytes and on SHA-254 1. The reason for fixing is due to the internal use of the digest. It is the AuthData values, it255 provides the secrets for the HMAC and the size of 20 bytes determines the values that can256 be stored and encrypted. For this reason, the size is fixed and any changes to this value257 require a new version of the specification.258 End of informative comment259 Definition260 typedef struct tdTPM_DIGEST{261 BYTE digest[digestSize];262 } TPM_DIGEST;263 Parameters264 Type Name Description BYTE digest This SHALL be the actual digest information Description265 The digestSize parameter MUST indicate the block size of the algorithm and MUST be 20 or266 greater.267 For all TPM v1 hash operations, the hash algorithm MUST be SHA-1 and the digestSize268 parameter is therefore equal to 20.269 Redefinitions270 Typedef Name Description TPM_DIGEST TPM_CHOSENID_HASH This SHALL be the digest of the chosen identityLabel and privacyCA for a new TPM identity. TPM_DIGEST TPM_COMPOSITE_HASH This SHALL be the hash of a list of PCR indexes and PCR values that a key or data is bound to. TPM_DIGEST TPM_DIRVALUE This SHALL be the value of a DIR register TPM_DIGEST TPM_HMAC TPM_DIGEST TPM_PCRVALUE The value inside of the PCR TPM_DIGEST TPM_AUDITDIGEST This SHALL be the value of the current internal audit state TPM_DIGEST TPM_DAA_TPM_SEED This SHALL be a random value generated by a TPM immediately after the EK is installed in that TPM, whenever an EK is installed in that TPM TPM_DIGEST TPM_DAA_CONTEXT_SEED This SHALL be a random value Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 26 Level 2 Revision 94 29 March 2006 TCG Published 5.4.1 Creating a PCR composite hash271 The definition specifies the operation necessary to create TPM_COMPOSITE_HASH.272 Action273 1. The hashing MUST be done using the SHA-1 algorithm.274 2. The input must be a valid TPM_PCR_SELECTION structure.275 3. The process creates a TPM_PCR_COMPOSITE structure from the TPM_PCR_SELECTION276 structure and the PCR values to be hashed. If constructed by the TPM the values MUST277 come from the current PCR registers indicated by the PCR indices in the278 TPM_PCR_SELECTION structure.279 4. The process then computes a SHA-1 digest of the TPM_PCR_COMPOSITE structure.280 5. The output is the SHA-1 digest just computed.281 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 27 TCG Published 5.5 TPM_NONCE282 Start of informative comment283 A nonce is a random value that provides protection from replay and other attacks. Many of284 the commands and protocols in the specification require a nonce. This structure provides a285 consistent view of what a nonce is.286 End of informative comment287 Definition288 typedef struct tdTPM_NONCE{289 BYTE nonce[20];290 } TPM_NONCE;291 Parameters292 Type Name Description BYTE Nonce This SHALL be the 20 bytes of random data. When created by the TPM the value MUST be the next 20 bytes from the RNG. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 28 Level 2 Revision 94 29 March 2006 TCG Published 5.6 TPM_AUTHDATA293 Start of informative comment294 The AuthData data is the information that is saved or passed to provide proof of ownership295 of an entity. For version 1 this area is always 20 bytes.296 End of informative comment297 Definition298 typedef BYTE tdTPM_AUTHDATA[20];299 Descriptions300 When sending AuthData data to the TPM the TPM does not validate the decryption of the301 data. It is the responsibility of the entity owner to validate that the AuthData data was302 properly received by the TPM. This could be done by immediately attempting to open an303 authorization session.304 The owner of the data can select any value for the data305 Redefinitions306 Typedef Name Description TPM_AUTHDATA TPM_SECRET A secret plaintext value used in the authorization process. TPM_AUTHDATA TPM_ENCAUTH A ciphertext (encrypted) version of AuthData data. The encryption mechanism depends on the context. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 29 TCG Published 5.7 TPM_KEY_HANDLE_LIST307 Start of informative comment308 TPM_KEY_HANDLE_LIST is a structure used to describe the handles of all keys currently309 loaded into a TPM.310 End of informative comment311 Definition312 typedef struct tdTPM_KEY_HANDLE_LIST {313 UINT16 loaded;314 [size_is(loaded)] TPM_KEY_HANDLE handle[];315 } TPM_KEY_HANDLE_LIST;316 Parameters317 Type Name Description UINT16 loaded The number of keys currently loaded in the TPM. UINT32 handle An array of handles, one for each key currently loaded in the TPM Description318 The order in which keys are reported is manufacturer-specific.319 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 30 Level 2 Revision 94 29 March 2006 TCG Published 5.8 TPM_KEY_USAGE values320 Start of informative comment321 This table defines the types of keys that are possible.322 Each key has a setting defining the encryption and signature scheme to use. The selection323 of a key usage value limits the choices of encryption and signature schemes.324 End of informative comment325 Name Value Description TPM_KEY_SIGNING 0x0010 This SHALL indicate a signing key. The [private] key SHALL be used for signing operations, only. This means that it MUST be a leaf of the Protected Storage key hierarchy. TPM_KEY_STORAGE 0x0011 This SHALL indicate a storage key. The key SHALL be used to wrap and unwrap other keys in the Protected Storage hierarchy TPM_KEY_IDENTITY 0x0012 This SHALL indicate an identity key. The key SHALL be used for operations that require a TPM identity, only. TPM_KEY_AUTHCHANGE 0X0013 This SHALL indicate an ephemeral key that is in use during the ChangeAuthAsym process, only. TPM_KEY_BIND 0x0014 This SHALL indicate a key that can be used for TPM_Bind and TPM_UnBind operations only. TPM_KEY_LEGACY 0x0015 This SHALL indicate a key that can perform signing and binding operations. The key MAY be used for both signing and binding operations. The TPM_KEY_LEGACY key type is to allow for use by applications where both signing and encryption operations occur with the same key. The useof this key type is not recommended TPM_KEY_MIGRATE 0x0016 This SHALL indicate a key in use for TPM_MigrateKey 5.8.1 Mandatory Key Usage Schemes326 Start of Informative comment327 For a given key usage type there are subset of valid encryption and signature schemes.328 End of informative comment329 The key usage value for a key determines the encryption and / or signature schemes which330 MUST be used with that key. The table below maps the schemes defined by this331 specification to the defined key usage values.332 Name Allowed Encryption schemes Allowed Signature Schemes TPM_KEY_SIGNING TPM_ES_NONE TPM_SS_RSASSAPKCS1v15_SHA1 TPM_SS_RSASSAPKCS1V15_DER TPM_SS_RSASSAPKCSV15_INFO TPM_KEY_STORAGE TPM_ES_RSAESOAEP_SHA1_MGF1 TPM_SS_NONE TPM_KEY_IDENTITY TPM_ES_NONE TPM_SS_RSASSAPKCS1v15_SHA1 TPM_KEY_AUTHCHANGE TPM_ES_RSAESOAEP_SHA1_MGF1 TPM_SS_NONE TPM_KEY_BIND TPM_ES_RSAESOAEP_SHA1_MGF1 TPM_ES_RSAESPKCSV15 TPM_SS_NONE TPM_KEY_LEGACY TPM_ES_RSAESOAEP_SHA1_MGF1 TPM_ES_RSAESPKCSV15 TPM_SS_RSASSAPKCS1v15_SHA1 TPM_SS_RSASSAPKCS1V15_DER TPM_KEY_MIGRATE TPM_ES_RSAESOAEP_SHA1_MGF1 TPM_SS_NONE TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 31 TCG Published Where manufacturer specific schemes are used, the strength must be at least that listed in333 the above table for TPM_KEY_STORAGE, TPM_KEY_IDENTITY and334 TPM_KEY_AUTHCHANGE key types.335 336 The TPM MUST check that the encryption scheme defined for use with the key is a valid337 scheme for the key type, as follows:338 Key algorithm Approved schemes Scheme Value TPM_ALG_RSA TPM_ES_NONE 0x0001 TPM_ES_RSAESPKCSv15 0x0002 TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003 TPM_ALG_AES or 3DES TPM_ES_SYM_CNT 0x0004 TPM_ALG_AES or 3DES TPM_ES_SYM_OFB 0x0005 339 The TPM MUST check that the signature scheme defined for use with the key is a valid340 scheme for the key type, as follows:341 Key algorithm Approved schemes Scheme Value TPM_ALG_RSA TPM_SS_NONE 0x0001 TPM_SS_RSASSAPKCS1v15_SHA1 0x0002 TPM_SS_RSASSAPKCS1v15_DER 0x0003 TPM_SS_RSASSAPKCS1v15_INFO 0x0004 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 32 Level 2 Revision 94 29 March 2006 TCG Published 5.9 TPM_AUTH_DATA_USAGE values342 Start of informative comment343 The indication to the TPM when authorization sessions for an entity are required. The only344 two options at this time are always or never. Future versions may allow for more complex345 decisions regarding AuthData checking.346 End of informative comment347 Name Value Description TPM_AUTH_NEVER 0x00 This SHALL indicate that usage of the key without authorization is permitted. TPM_AUTH_ALWAYS 0x01 This SHALL indicate that on each usage of the key the authorization MUST be performed. TPM_AUTH_PRIV_USE_ONLY 0x03 This SHALL indicate that on commands that require the TPM to use the private portion of the key, the authorization MUST be performed. For commands that cause the TPM to read the public portion of the key, but not to use the private portion (e.g. TPM_GetPubKey), the authorization may be omitted. All other values are reserved for future use. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 33 TCG Published 5.10 TPM_KEY_FLAGS348 Start of informative comment349 This table defines the meanings of the bits in a TPM_KEY_FLAGS structure, used in350 TPM_KEY and TPM_CERTIFY_INFO.351 End of informative comment352 TPM_KEY_FLAGS Values353 Name Mask Value Description redirection 0x00000001 This mask value SHALL indicate the use of redirected output. migratable 0x00000002 This mask value SHALL indicate that the key is migratable. isVolatile 0x00000004 This mask value SHALL indicate that the key MUST be unloaded upon execution of the TPM_Startup(ST_Clear). This does not indicate that a nonvolatile key will remain loaded across TPM_Startup(ST_Clear) events. pcrIgnoredOnRead 0x00000008 When TRUE the TPM MUST NOT check digestAtRelease or localityAtRelease for commands that use the public portion of the key like TPM_GetPubKey When FALSE the TPM MUST check digestAtRelease and localityAtRelease for commands that use the public portion of the key migrateAuthority 0x00000010 When set indicates that the key is under control of a migration authority. The TPM MUST only allow the creation of a key with this flag in TPM_CMK_CreateKey 354 The value of TPM_KEY_FLAGS MUST be decomposed into individual mask values. The355 presence of a mask value SHALL have the effect described in the above table356 On input, all undefined bits MUST be zero. The TPM MUST return an error if any undefined357 bit is set. On output, the TPM MUST set all undefined bits to zero.358 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 34 Level 2 Revision 94 29 March 2006 TCG Published 5.11 TPM_CHANGEAUTH_VALIDATE359 Start of informative comment360 This structure provides an area that will stores the new AuthData data and the challenger's361 nonce.362 End of informative comment363 Definition364 typedef struct tdTPM_CHANGEAUTH_VALIDATE {365 TPM_SECRET newAuthSecret;366 TPM_NONCE n1;367 } TPM_CHANGEAUTH_VALIDATE;368 Parameters369 Type Name Description TPM_SECRET newAuthSecret This SHALL be the new AuthData data for the target entity TPM_NONCE n1 This SHOULD be a nonce, to enable the caller to verify that the target TPM is on-line. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 35 TCG Published 5.12 TPM_MIGRATIONKEYAUTH370 Start of informative comment371 This structure provides the proof that the associated public key has TPM Owner AuthData372 to be a migration key.373 End of informative comment374 Definition375 typedef struct tdTPM_MIGRATIONKEYAUTH{376 TPM_PUBKEY migrationKey;377 TPM_MIGRATE_SCHEME migrationScheme;378 TPM_DIGEST digest;379 } TPM_MIGRATIONKEYAUTH;380 Parameters381 Type Name Description TPM_PUBKEY migrationKey This SHALL be the public key of the migration facility TPM_MIGRATE_SCHEME migrationScheme This shall be the type of migration operation. TPM_DIGEST digest This SHALL be the digest value of the concatenation of migration key, migration scheme and tpmProof Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 36 Level 2 Revision 94 29 March 2006 TCG Published 5.13 TPM_COUNTER_VALUE382 Start of informative comment383 This structure returns the counter value. For interoperability, the value size should be 4384 bytes.385 End of informative comment386 Definition387 typedef struct tdTPM_COUNTER_VALUE{388 TPM_STRUCTURE_TAG tag;389 BYTE label[4];390 TPM_ACTUAL_COUNT counter;391 } TPM_COUNTER_VALUE;392 Parameters393 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_COUNTER_VALUE BYTE label The label for the counter TPM_ACTUAL_COUNT counter The 32-bit counter value. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 37 TCG Published 5.14 TPM_SIGN_INFO Structure394 Start of informative comment395 This structure provides the mechanism for the TPM to quote the current values of a list of396 PCRs.397 This is an addition in 1.2 and must be added to all commands that produce a signature. It398 will not be added to 1.1 commands that produce a signature.399 End of informative comment400 Definition401 typedef struct tdTPM_SIGN_INFO {402 TPM_STRUCTURE_TAG tag;403 BYTE fixed[4];404 TPM_NONCE replay;405 UINT32 dataLen;406 [size_is (dataLen)] BYTE* data;407 } TPM_SIGN_INFO;408 Parameters409 Type Name Description TPM_STRUCTURE_TAG tag Set to TPM_TAG_SIGNINFO BYTE fixed The ASCII text that identifies what function was performing the signing operation TPM_NONCE replay Nonce provided by caller to prevent replay attacks UINT32 dataLen The length of the data area BYTE data The data that is being signed Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 38 Level 2 Revision 94 29 March 2006 TCG Published 5.15 TPM_MSA_COMPOSITE410 Start of informative comment411 TPM_MSA_COMPOSITE contains an arbitrary number of digests of public keys belonging to412 Migration Authorities. An instance of TPM_MSA_COMPOSITE is incorporated into the413 migrationAuth value of a certified-migration-key (CMK), and any of the Migration414 Authorities specified in that instance is able to approve the migration of that certified-415 migration-key.416 End of informative comment417 Definition418 typedef struct tdTPM_MSA_COMPOSITE {419 UINT32 MSAlist;420 TPM_DIGEST[] migAuthDigest[];421 } TPM_MSA_COMPOSITE;422 Parameters423 Type Name Description UINT32 MSAlist The number of migAuthDigests. MSAlist MUST be one (1) or greater. TPM_DIGEST[] migAuthDigest[] An arbitrary number of digests of public keys belonging to Migration Authorities. 424 TPMs MUST support TPM_MSA_COMPOSITE structures with MSAlist of four (4) or less, and425 MAY support larger values of MSAlist.426 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 39 TCG Published 5.16 TPM_CMK_AUTH427 Start of informative comment428 The signed digest of TPM_CMK_AUTH is a ticket to prove that an entity with public key429 "migrationAuthority" has approved the public key "destination Key" as a migration430 destination for the key with public key "sourceKey".431 Normally the digest of TPM_CMK_AUTH is signed by the private key corresponding to432 "migrationAuthority".433 To reduce data size, TPM_CMK_AUTH contains just the digests of "migrationAuthority",434 "destinationKey" and "sourceKey".435 End of informative comment436 Definition437 typedef struct tdTPM_CMK_AUTH{438 TPM_DIGEST migrationAuthorityDigest;439 TPM_DIGEST destinationKeyDigest;440 TPM_DIGEST sourceKeyDigest;441 } TPM_CMK_AUTH;442 Parameters443 Type Name Description TPM_DIGEST migrationAuthorityDigest The digest of a public key belonging to a Migration Authority TPM_DIGEST destinationKey Digest The digest of a TPM_PUBKEY structure that is an approved destination key for the private key associated with "sourceKey" TPM_DIGEST sourceKeyDigest The digest of a TPM_PUBKEY structure whose corresponding private key is approved by a Migration Authority to be migrated as a child to the destinationKey. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 40 Level 2 Revision 94 29 March 2006 TCG Published 5.17 TPM_CMK_DELEGATE values444 Start of informative comment445 The bits of TPM_CMK_DELEGATE are flags that determine how the TPM responds to446 delegated requests to manipulate a certified-migration-key, a loaded key with payload type447 TPM_PT_MIGRATE_RESTRICTED or TPM_PT_MIGRATE_EXTERNAL.448 End of informative comment449 Bit Name Description 31 TPM_CMK_DELEGATE_SIGNING When set to 1, this bit SHALL indicate that a delegated command may manipulate a CMK of TPM_KEY_U SAGE == TPM_KEY_SIGNING 30 TPM_CMK_DELEGATE_STORAGE When set to 1, this bit SHALL indicate that a delegated command may manipulate a CMK of TPM_KEY_USAGE == TPM_KEY_STORAGE 29 TPM_CMK_DELEGATE_BIND When set to 1, this bit SHALL indicate that a delegated command may manipulate a CMK of TPM_KEY_USAGE == TPM_KEY_BIND 28 TPM_CMK_DELEGATE_LEGACY When set to 1, this bit SHALL indicate that a delegated command may manipulate a CMK of TPM_KEY_USAGE == TPM_KEY_LEGACY 27 TPM_CMK_DELEGATE_MIGRATE When set to 1, this bit SHALL indicate that a delegated command may manipulate a CMK of TPM_KEY_USAGE == TPM_KEY_MIGRATE 26:0 reserved MUST be 0 The default value of TPM_CMK_Delegate is zero (0)450 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 41 TCG Published 5.18 TPM_SELECT_SIZE451 Start of informative comment452 This structure provides the indication for the version and sizeOfSelect structure in453 TPM_GetCapability. Entities wishing to know if the TPM supports, for a specific version, a454 specific size fills in this structure and requests a TPM_GetCapability response from the455 TPM.456 For instance, the entity would fill in version 1.1 and size 2. As 2 was the default size the457 TPM should return true. Filling in 1.1 and size 3, would return true or false depending on458 the capabilities of the TPM. For 1.2 the default size is 3 so all TPM's should support that459 size.460 The real purpose of this structure is to see if the TPM supports an optional size for previous461 versions.462 End of informative comment463 Definition464 typedef struct tdTPM_SELECT_SIZE {465 BYTE major;466 BYTE minor;467 UINT16 reqSize;468 } TPM_SELECT_SIZE;469 Parameters470 Type Name Description BYTE Major This SHALL indicate the major version of the TPM. This MUST be 0x01 BYTE Minor This SHALL indicate the minor version of the TPM. This MAY be 0x01 or 0x02 UINT16 reqSize This SHALL indicate the value for a sizeOfSelect field in the TPM_SELECTION structure Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 42 Level 2 Revision 94 29 March 2006 TCG Published 5.19 TPM_CMK_MIGAUTH471 Start of informative comment472 Structure to keep track of the CMK migration authorization473 End of informative comment474 Definition475 typedef struct tdTPM_CMK_MIGAUTH{476 TPM_STRUCTURE_TAG tag;477 TPM_DIGEST msaDigest;478 TPM_DIGEST pubKeyDigest;479 } TPM_CMK_MIGAUTH;480 Parameters481 Type Name Description TPM_STRUCTURE_TAG tag Set to TPM_TAG_CMK_MIGAUTH TPM_DIGEST msaDigest The digest of a TPM_MSA_COMPOSITE structure containing the migration authority public key and parameters. TPM_DIGEST pubKeyDigest The hash of the associated public key TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 43 TCG Published 5.20 TPM_CMK_SIGTICKET482 Start of informative comment483 Structure to keep track of the CMK migration authorization484 End of informative comment485 Definition486 typedef struct tdTPM_CMK_SIGTICKET{487 TPM_STRUCTURE_TAG tag;488 TPM_DIGEST verKeyDigest;489 TPM_DIGEST signedData;490 } TPM_CMK_SIGTICKET;491 Parameters492 Type Name Description TPM_STRUCTURE_TAG tag Set to TPM_TAG_CMK_SIGTICKET TPM_DIGEST verKeyDigest The hash of a TPM_PUBKEY structure containing the public key and parameters of the key that can verify the ticket TPM_DIGEST signedData The ticket data Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 44 Level 2 Revision 94 29 March 2006 TCG Published 5.21 TPM_CMK_MA_APPROVAL493 Start of informative comment494 Structure to keep track of the CMK migration authorization495 End of informative comment496 Definition497 typedef struct tdTPM_CMK_MA_APPROVAL{498 TPM_STRUCTURE_TAG tag;499 TPM_DIGEST migrationAuthorityDigest;500 } TPM_CMK_MA_APPROVAL;501 Parameters502 Type Name Description TPM_STRUCTURE_TAG tag Set to TPM_TAG_CMK_MA_APPROVAL TPM_DIGEST migrationAuthorityDigest The hash of a TPM_MSA_COMPOSITE structure containing the hash of one or more migration authority public keys and parameters. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 45 TCG Published 6. Command Tags503 Start of informative comment504 These tags indicate to the TPM the construction of the command either as input or as505 output. The AUTH indicates that there are one or more AuthData values that follow the506 command parameters.507 End of informative comment508 Tag Name Description 0x00C1 TPM_TAG_RQU_COMMAND A command with no authentication. 0x00C2 TPM_TAG_RQU_AUTH1_COMMAND An authenticated command with one authentication handle 0x00C3 TPM_TAG_RQU_AUTH2_COMMAND An authenticated command with two authentication handles 0x00C4 TPM_TAG_RSP_COMMAND A response from a command with no authentication 0x00C5 TPM_TAG_RSP_AUTH1_COMMAND An authenticated response with one authentication handle 0x00C6 TPM_TAG_RSP_AUTH2_COMMAND An authenticated response with two authentication handles Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 46 Level 2 Revision 94 29 March 2006 TCG Published 7. Internal Data Held By TPM509 Start of Informative comment510 There are many flags and data fields that the TPM must manage to maintain the current511 state of the TPM. The areas under TPM control have different lifetimes. Some areas are512 permanent, some reset upon TPM_Startup(ST_CLEAR) and some reset upon513 TPM_Startup(ST_STATE).514 Previously the data areas were not grouped exactly according to their reset capabilities. It515 has become necessary to properly group the areas into the three classifications.516 Each field has defined mechanisms to allow the control of the field. The mechanism may517 require authorization or physical presence to properly authorize the management of the518 field.519 End of informative comment520 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 47 TCG Published 7.1 TPM_PERMANENT_FLAGS521 Start of Informative comment522 These flags maintain state information for the TPM. The values are not affected by any523 TPM_Startup command.524 The TPM_SetCapability command indicating TPM_PF_READPUBEK can set readPubek525 either TRUE or FALSE. It has more capability than the deprecated TPM_DisablePubekRead,526 which can only set readPubek to FALSE.527 End of informative comment528 typedef struct tdTPM_PERMANENT_FLAGS{529 TPM_STRUCTURE_TAG tag;530 BOOL disable;531 BOOL ownership;532 BOOL deactivated;533 BOOL readPubek;534 BOOL disableOwnerClear;535 BOOL allowMaintenance;536 BOOL physicalPresenceLifetimeLock;537 BOOL physicalPresenceHWEnable;538 BOOL physicalPresenceCMDEnable;539 BOOL CEKPUsed;540 BOOL TPMpost;541 BOOL TPMpostLock;542 BOOL FIPS;543 BOOL operator;544 BOOL enableRevokeEK;545 BOOL nvLocked;546 BOOL readSRKPub;547 BOOL tpmEstablished;548 BOOL maintenanceDone;549 } TPM_PERMANENT_FLAGS;550 Parameters551 Type Name Description Flag Name TPM_STRUCT URE_TAG tag TPM_TAG_PERMANENT_FLAGS BOOL disable The state of the disable flag. The default state is TRUE TPM_PF_DISABLE BOOL ownership The ability to install an owner. The default state is TRUE. TPM_PF_OWNERSHIP BOOL deactivated The state of the inactive flag. The default state is TRUE. TPM_PF_DEACTIVATED BOOL readPubek The ability to read the PUBEK without owner AuthData. The default state is TRUE. TPM_PF_READPUBEK BOOL disableOwnerClear Whether the owner authorized clear commands are active. The default state is FALSE. TPM_PF_DISABLEOWNERCLEAR BOOL allowMaintenance Whether the TPM Owner may create a maintenance archive. The default state is TRUE. TPM_PF_ALLOWMAINTENANCE BOOL physicalPresenceLifetimeL ock This bit can only be set to TRUE; it cannot be set to FALSE except during the manufacturing process. TPM_PF_PHYSICALPRESENCELIFETIMELOCK Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 48 Level 2 Revision 94 29 March 2006 TCG Published Type Name Description Flag Name FALSE: The state of either physicalPresenceHWEnable or physicalPresenceCMDEnable MAY be changed. (DEFAULT) TRUE: The state of either physicalPresenceHWEnable or physicalPresenceCMDEnable MUST NOT be changed for the life of the TPM. BOOL physicalPresenceHWEnabl e FALSE: Disable the hardware signal indicating physical presence. (DEFAULT) TRUE: Enables the hardware signal indicating physical presence. TPM_PF_PHYSICALPRESENCEHWENABLE BOOL physicalPresenceCMDEna ble FALSE: Disable the command indicating physical presence. (DEFAULT) TRUE: Enables the command indicating physical presence. TPM_PF_PHYSICALPRESENCECMDENABLE BOOL CEKPUsed TRUE: The PRIVEK and PUBEK were created using TPM_CreateEndorsementKeyPair. FALSE: The PRIVEK and PUBEK were created using a manufacturers process. NOTE: This flag has no default value as the key pair MUST be created by one or the other mechanism. TPM_PF_CEKPUSED BOOL TPMpost The meaning of this bit clarified in rev87. While actual us e does not match the name, for backwards compatibility there is no change to the name. TRUE: After TPM_Startup, if there is a call to TPM_ContinueSelfTest the TPM MUST execute the actions of TPM_SelfTestFull FALSE: After TPM_Startup, if there is a call to TPM_ContinueSelfTest the TPM MUST execute the actions of TPM_ContinueSelfTest If the TPM supports the implicit invocation of TPM_ContinueSelftTest upon the use of an untested resource, the TPM MUST use the TPMPost flag to execute the actions of either TPM_ContinueSelfTest or TPM_SelfTestFull The TPM manufacturer sets this bit during TPM manufacturing and the bit is unchangeable after shipping the TPM The default state is FALSE TPM_PF_TPMPOST BOOL TPMpostLock With the clarification of TPMPost TPMpostLock is now unnecessary. This flag is now deprecated TPM_PF_TPMPOSTLOCK BOOL FIPS TRUE: This TPM operates in FIPS mode FALSE: This TPM does NOT operate in FIPS mode TPM_PF_FIPS BOOL operator TRUE: The operator AuthData value is valid FALSE: the operator AuthData value is not set (DEFAULT) TPM_PF_OPERATOR BOOL enableRevokeEK TRUE: The TPM_RevokeTrust command is active FALSE: the TPM RevokeTrust command is disabled TPM_PF_ENABLEREVOKEEK BOOL nvLocked TRUE: All NV area authorization checks are active FALSE:No NV area checks are performed, except for maxNVWrites. FALSE is the default value TPM_PF_NV_LOCKED BOOL readSRKPub TRUE: GetPubKey will return the SRK pub key FALSE: GetPubKey will not return the SRK pub key Default is FALSE TPM_PF_READSRKPUB BOOL tpmEstablished TRUE: TPM_HASH_START has been executed at some time FALSE: TPM_HASH_START has not been executed at any TPM_PF_TPMESTABLISHED TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 49 TCG Published Type Name Description Flag Name time Default is FALSE. Reset to FALSE using TSC_ResetEstablishmentBit BOOL maintenanceDone TRUE: A maintenance archive has been created for the current SRK TPM_PF_MAINTENANCEDONE Description552 These values are permanent in the TPM and MUST not change upon execution of553 TPM_Startup(any) command.554 Actions555 1. If disable is TRUE the following commands will execute with their normal protections556 a. The Avail Disabled column in the ordinal table indicates which commands can and557 cannot execute558 b. If the command is not available the TPM MUST return TPM_DISABLED upon any559 attempt to execute the ordinal560 c. TSC_PhysicalPresence can execute when the TPM is disabled561 d. A disabled TPM never prevents the extend capabilities from operating. This is562 necessary in order to ensure that the records of sequences of integrity metrics in a563 TPM are always up-to-date. It is irrelevant whether an inactive TPM prevents the564 extend capabilities from operating, because PCR values cannot be used until the565 platform is rebooted, at which point existing PCR values are discarded566 2. If ownership has the value of FALSE, then any attempt to install an owner fails with the567 error value TPM_INSTALL_DISABLED.568 3. If deactivated is TRUE569 a. This flag does not directly cause capabilities to return the error code570 TPM_DEACTIVATED.571 b. TPM_Startup uses this flag to set the state of TPM_STCLEAR_FLAGS -> deactivated572 when the TPM is booted in the state stType==TPM_ST_CLEAR. Only573 TPM_STCLEAR_FLAGS -> deactivated determines whether capabilities will return the574 error code TPM_DEACTIVATED.575 c. A change in TPM_PERMANENT_FLAGS -> deactivated therefore has no effect on576 whether capabilities will return the error code TPM_DEACTIVATED until the next577 execution of TPM_Startup(ST_CLEAR)578 4. If readPubek is TRUE then the TPM_ReadPubek will return the PUBEK, if FALSE the579 command will return TPM_DISABLED_CMD.580 5. If disableOwnerClear is TRUE then TPM_OwnerClear will return581 TPM_CLEAR_DISABLED, if false the commands will execute.582 6. The physicalPresenceHWEnable and physicalPresenceCMDEnable flags MUST mask583 their respective signals before further processing. The hardware signal, if enabled by the584 physicalPresenceHWEnable flag, MUST be logically ORed with the PhysicalPresence flag,585 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 50 Level 2 Revision 94 29 March 2006 TCG Published if enabled, to obtain the final physical presence value used to allow or disallow local586 commands.587 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 51 TCG Published 7.1.1 Flag Restrictions588 Flag SubCap number 0x00000000 + Set Set restrictions Actions from +1 TPM_PF_DISABLE Y Owner authorization or physical presence TPM_OwnerSetDisable TPM_PhysicalEnable TPM_PhysicalDisable +2 TPM_PF_OWNERSHIP Y No authorization. No ownerinstalled. Physical presence asserted Not available when TPM deactivated or disabled TPM_SetOwnerInstall +3 TPM_PF_DEACTIVATED Y No authorization, physical presence assertion Not available when TPM disabled TPM_PhysicalSetDeactivated +4 TPM_PF_READPUBEK Y Owner authorization. Not available when TPM deactivated or disabled +5 TPM_PF_DISABLEOWNERCLEAR Y Owner authorization. Can only set to TRUE. After being set only ForceClear resets back to FALSE. Not available when TPM deactivated or disabled TPM_DisableOwnerClear +6 TPM_PF_ALLOWMAINTENANCE Y Owner authorization. Can only set to FALSE, TRUE invalid value. After being set only changing TPM owner resets back to TRUE Not available when TPM deactivated or disabled TPM_KillMaintenanceFeature +7 TPM_PF_PHYSICALPRESENCELIFETI MELOCK N +8 TPM_PF_PHYSICALPRESENCEHWEN ABLE N +9 TPM_PF_PHYSICALPRESENCECMDE NABLE N +10 TPM_PF_CEKPUSED N +11 TPM_PF_TPMPOST N +12 TPM_PF_TPMPOSTLOCK N +13 TPM_PF_FIPS N +14 TPM_PF_OPERATOR N +15 TPM_PF_ENABLEREVOKEEK N +16 TPM_PF_NV_LOCKED N +17 TPM_PF_READSRKPUB Y Owner Authorization Not available when TPM deactivated or disabled TPM_SetCapability +18 TPM_PF_TPMESTABLISHED Y Locality 3 or locality 4. Can only set to FALSE. TSC_ResetEstablishmentBit +19 TPM_PF_MAINTENANCEDONE N Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 52 Level 2 Revision 94 29 March 2006 TCG Published 7.2 TPM_STCLEAR_FLAGS589 Start of Informative comment590 These flags maintain state that is reset on each TPM_Startup(ST_CLEAR) command. The591 values are not affected by TPM_Startup(ST_STATE) commands.592 End of informative comment593 #define TPM_MAX_FAMILY 8594 595 typedef struct tdTPM_STCLEAR_FLAGS{596 TPM_STRUCTURE_TAG tag;597 BOOL deactivated;598 BOOL disableForceClear;599 BOOL physicalPresence;600 BOOL physicalPresenceLock;601 BOOL bGlobalLock;602 } TPM_STCLEAR_FLAGS;603 Parameters604 Type Name Description Flag Name TPM_STRUCT URE_TAG tag TPM_TAG_STCLEAR_FLAGS BOOL deactivated Prevents the operation of most capabilities. There is no default state. It is initialized by TPM_Startup to the same value as TPM_PERMANENT_FLAGS -> deactivated or a set value depending on the type of TPM_Startup. TPM_SetTempDeactivated sets it to TRUE. TPM_SF_DEACTIVATED BOOL disableForceClear Prevents the operation of TPM_ForceClear when TRUE. The default state is FALSE. TPM_DisableForceClear sets it to TRUE. TPM_SF_DISABLEFORCECLEAR BOOL physicalPresence Software indication whether an Owner is physically present. The default state is FALSE (Owner is not physically present) TPM_SF_PHYSICALPRESENCE BOOL physicalPresenceLock Indicates whether changes to the physicalPresence flag are permitted. TPM_Startup/ST_CLEAR sets PhysicalPresence to its default state of FALSE (allow changes to PhysicalPresence flag). The meaning of TRUE is: Do not allow further changes to PhysicalPresence flag. TSC_PhysicalPresence can change the state of physicalPresenceLock. TPM_SF_PHYSICALPRESENCELOCK BOOL bGlobalLock Set to FALSE on each TPM_Startup(ST_CLEAR). Set to TRUE when a write to NV_Index =0 is successful TPM_SF_BGLOBALLOCK Description605 These values MUST reset upon execution of TPM_Startup(ST_CLEAR).606 These values MUST NOT reset upon execution of TPM_Startup(ST_STATE) or607 TPM_Startup(ST_DEACTIVATED)608 Actions609 1. If deactivated is TRUE the following commands SHALL execute with their normal610 protections611 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 53 TCG Published a. The Avail Deactivated column in the ordinal table indicates which commands can612 and cannot execute613 b. If the command is not available the TPM MUST return TPM_DEACTIVATED upon any614 attempt to execute the ordinal615 c. TSC_PhysicalPresence can execute when deactivated616 d. TPM_Extend and TPM_SHA1CompleteExtend MAY execute with their normal617 protections618 2. If disableForceClear is TRUE then the TPM_ForceClear command returns619 TPM_CLEAR_DISABLED, if FALSE then the command will execute.620 3. If physicalPresence is TRUE and TPM_PERMANENT_FLAGS ->621 physicalPresenceCMDEnable is TRUE, the TPM MAY assume that the Owner is622 physically present.623 4. If physicalPresenceLock is TRUE, TSC_PhysicalPresence MUST NOT change the624 physicalPresence flag. If physicalPresenceLock is FALSE, TSC_PhysicalPresence will625 operate.626 a. Set physicalPresenceLock to TRUE at TPM manufacture.627 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 54 Level 2 Revision 94 29 March 2006 TCG Published 7.2.1 Flag Restrictions628 Flag SubCap number 0x00000000 + Set Set restrictions Actions from +1 TPM_SF_DEACTIVATED N +2 TPM_SF_DISABLEFOR CECLEAR Y Not available when TPM deactivated or disabled. Can only set to TRUE. TPM_DisableForceClear +3 TPM_SF_PHYSICALPRESENCE N +4 TPM_SF_PHYSICALPRESENCELOCK N +5 TPM_SF_BGLOBALLOCK N TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 55 TCG Published 7.3 TPM_STANY_FLAGS629 Start of Informative comment630 These flags reset on any TPM_Startup command.631 postInitialise indicates only that TPM_Startup has run, not that it was successful.632 TOSPresent indicates the presence of a Trusted Operating System (TOS) that was633 established using the TPM_HASH_START command in the TPM Interface.634 End of informative comment635 typedef struct tdTPM_STANY_FLAGS{636 TPM_STRUCTURE_TAG tag;637 BOOL postInitialise;638 TPM_MODIFIER_INDICATOR localityModifier;639 BOOL transportExclusive;640 BOOL TOSPresent;641 } TPM_STANY_FLAGS;642 Parameters643 Type Name Description Flag Name TPM_STRUCT URE_TAG tag TPM_TAG_STANY_FLAGS BOOL postInitialise Prevents the operation of most capabilities. There is no default state. It is initialized by TPM_Init to TRUE. TPM_Startup sets it to FALSE. TPM_AF_POSTINITIALISE TPM_MODIFIE R_INDICATOR localityModifier This SHALL indicate for each command the presence of a locality modifier for the command. It MUST be always ensured that the value during usage reflects the currently active locality. TPM_AF_LOCALITYMODIFIER BOOL transportExclusive Defaults to FALSE. TRUE when there is an exclusive transport session active. Execution of ANY command other than TPM_ExecuteTransport targeting the exclusive transport session MUST invalidate the exclusive transport session. TPM_AF_TRANSPORTEXCLUSIVE BOOL TOSPresent Defaults to FALSE Set to TRUE on TPM_HASH_START set to FALSE using setCapability TPM_AF_TOSPRESENT Description644 This structure MUST reset on TPM_Startup(any)645 Actions646 1. If postInitialise is TRUE, TPM_Startup SHALL execute as normal647 a. All other commands SHALL return TPM_INVALID_POSTINIT648 2. localityModifier is set upon receipt of each command to the TPM. The localityModifier649 MUST be cleared when the command execution response is read650 3. If transportExclusive is TRUE651 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 56 Level 2 Revision 94 29 March 2006 TCG Published a. If a command invalidates the exclusive transport session, the command MUST still652 execute.653 b. If TPM_EstablishTransport specifies an exclusive transport session, the existing654 session is invalidated, a new session is created, and transportExclusive remains655 TRUE.656 7.3.1 Flag Restrictions657 Flag SubCap number 0x00000000 + Set Set restrictions Actions from +1 TPM_AF_POSTINITIALISE N +2 TPM_AF_LOCALITYMODIFIER N +3 TPM_AF_TRANSPORTEXCLUSIVE N +4 TPM_AF_TOSPRESENT Y Locality 3 or 4, can only set to FALSE Not available when TPM deactivated or disabled TPM_SetCapability TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 57 TCG Published 7.4 TPM_PERMANENT_DATA658 Start of Informative comment659 This is an informative structure and not normative. It is purely for convenience of writing660 the spec.661 This structure contains the data fields that are permanently held in the TPM and not662 affected by TPM_Startup(any).663 Many of these fields contain highly confidential and privacy sensitive material. The TPM664 must maintain the protections around these fields.665 End of informative comment666 Definition667 #define TPM_MIN_COUNTERS 4 // the minimum number of counters is 4668 #define TPM_DELEGATE_KEY TPM_KEY669 #define TPM_NUM_PCR 16670 #define TPM_MAX_NV_WRITE_NOOWNER 64671 672 typedef struct tdTPM_PERMANENT_DATA{673 TPM_STRUCTURE_TAG tag;674 BYTE revMajor;675 BYTE revMinor;676 TPM_NONCE tpmProof;677 TPM_NONCE ekReset;678 TPM_SECRET ownerAuth;679 TPM_SECRET operatorAuth;680 TPM_DIRVALUE authDIR[1];681 TPM_PUBKEY manuMaintPub;682 TPM_KEY endorsementKey;683 TPM_KEY srk;684 TPM_KEY contextKey;685 TPM_KEY delegateKey;686 TPM_COUNTER_VALUE auditMonotonicCounter;687 TPM_COUNTER_VALUE monotonicCounter[TPM_MIN_COUNTERS];688 TPM_PCR_ATTRIBUTES pcrAttrib[TPM_NUM_PCR];689 BYTE ordinalAuditStatus[];690 BYTE* rngState;691 TPM_FAMILY_TABLE familyTable;692 TPM_DELEGATE_TABLE delegateTable;693 UINT32 maxNVBufSize;694 UINT32 lastFamilyID;695 UINT32 noOwnerNVWrite;696 TPM_CMK_DELEGATE restrictDelegate;697 TPM_DAA_TPM_SEED tpmDAASeed698 }TPM_PERMANENT_DATA;699 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 58 Level 2 Revision 94 29 March 2006 TCG Published Parameters700 Type Name Description Flag Name TPM_STRUCT URE_TAG tag TPM_TAG_PERMANENT_DATA BYTE revMajor This is the TPM major revision indicator. This SHALL be set by the TPME, only. The default value is manufacturer- specific. TPM_PD_REVMAJOR BYTE revMinor This is the TPM minor revision indicator. This SHALL be set by the TPME, only. The default value is manufacturer- specific. TPM_PD_REVMINOR TPM_NONCE tpmProof This is a random number that each TPM maintains to validate blobs in the SEAL and other processes. The default value is manufacturer-specific. TPM_PD_TPMPROOF TPM_SECRET ownerAuth This is the TPM -Owner's AuthData data. The default value is manufacturer-specific. TPM_PD_OWNERAUTH TPM_SECRET operatorAuth The value that allows the execution of the SetTempDisabled command TPM_PD_OPERATORAUTH TPM_PUBKEY manuMaintPub This is the manufacturer's public key to use in the maintenance operations. The default value is manufacturer- specific. TPM_PD_MANUMAINTPUB TPM_KEY endorsementKey This is the TPM's endorsement key pair. TPM_PD_ENDORSEMENTKEY TPM_KEY srk This is the TPM's StorageRootKey. TPM_PD_SRK TPM_KEY delegateKey This key encrypts delegate rows that are stored outside the TPM. The key MAY be symmetric or asymmetric. The key size for the algorithm SHOULD be equivalent to 128-bit AES key. The TPM MAY set this value once or allow for changes to this value. This key MUST NOT be the EK or SRK To save space this key MAY be the same key that performs context blob encryption. If an asymmetric algorithm is in use for this key the public portion of the key MUST never be revealed by the TPM. This value MUST be reset when the TPM Owner changes. The value MUST be invalidated with the actions of TPM_OwnerClear. The value MUST be set on TPM_TakeOwnership. The contextKey and delegateKey MAY be the same value. TPM_PD_DELEGATEKEY TPM_KEY contextKey This is the key in use to perform context saves. The key may be symmetric or asymmetric. The key size is predicated by the algorithm in use. This value MUST be reset when the TPM Owner changes. This key MUST NOT be a copy of the EK or SRK. The contextKey and delegateKey MAY be the same value. TPM_PD_CONTEXTKEY TPM_COUNTE R_VALUE auditMonotonicCounter This SHALL be the audit monotonic counter for the TPM. This value starts at 0 and increments according to the rules of auditing. The label SHALL be fixed at 4 bytes of 0x00. TPM_PD_AUDITMONOTONICCOUNTER TPM_COUNTE R_VALUE monotonicCounter This SHALL be the monotonic counters for the TPM. The individual counters start and increment according to the rules of monotonic counters. TPM_PD_MONOTONICCOUNTER TPM_PCR_ATT RIBUTES pcrAttrib The attributes for all of the PCR registers supported by the TPM. TPM_PD_PCRATTRIB byte ordinalAuditStatus Table indicating which ordinals are being audited. TPM_PD_ORDINALAUDITSTATUS TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 59 TCG Published Type Name Description Flag Name TPM_DIRVALU E authDIR The array of TPM Owner authorized DIR. Points to the same location as the NV index value. TPM_PD_AUTHDIR BYTE* rngState State information describing the random number generator. TPM_PD_RNGSTATE TPM_FAMILY_ TABLE familyTable The family table in use for delegations TPM_PD_FAMILYTABLE TPM_DELEGAT E_TABLE delegateTable The delegate table TPM_DELEGATETABLE TPM_NONCE ekReset Nonce held by TPM to validate TPM_RevokeTrust. This value is set as the next 20 bytes from the TPM RNG when the EK is set using TPM_CreateRevocableEK TPM_PD_EKRESET UINT32 maxNVBufSize The maximum size that can be specified in TPM_NV_DefineSpace. This is NOT related to the amount of current NV storage available. This value would be set by the TPM manufacturer and would take into account all of the variables in the specific TPM implementation. Variables could include TPM input buffer max size, transport session overhead, available memory and other factors. The minimum value of maxNVBufSize MUST be 512 and can be larger. TPM_PD_MAXNVBUFSIZE UINT32 lastFamilyID A value that sets the high water mark for family IĎs. Set to 0 during TPM manufacturing and never reset. TPM_PD_LASTFAMILYID UINT32 noOwnerNVWrite The count of NV writes that have occurred when there is no TPM Owner. This value starts at 0 in manufacturing and after each TPM_OwnerClear. If the value exceeds 64 the TPM returns TPM_MAXNVWRITES to any command attempting to manipulate the NV storage. Commands that manipulate the NV store are: TPM_Delegate_Manage TPM_Delegate_LoadOwnerDelegation TPM_NV_DefineSpace TPM_NV_WriteValue TPM_PD_NOOWNERNVWRITE TPM_CMK_DEL EGATE restrictDelegate The settings that allow for the delegation and use on CMK keys. Default value is FALSE (0x00000000) TPM_PD_RESTRICTDELEGATE TPM_DAA_TPM _SEED tpmDAASeed This SHALL be a random value generated after generation of the EK. tpmDAASeed does not change during TPM Owner changes If the EK is removed (RevokeTrust) then the TPM MUST invalidate the tpmDAASeed TPM_PD_TPMDAASEED Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 60 Level 2 Revision 94 29 March 2006 TCG Published 7.4.1 Flag Restrictions701 Flag SubCap number 0x00000000 + Set Set restrictions Actions from +1 TPM_PD_REVMAJOR N +2 TPM_PD_REVMINOR N +3 TPM_PD_TPMPROOF N +4 TPM_PD_OWNERAUTH N +5 TPM_PD_OPERATORAUTH N +6 TPM_PD_MANUMAINTPUB N +7 TPM_PD_ENDORSEMENTKEY N +8 TPM_PD_SRK N +9 TPM_PD_DELEGATEKEY N +10 TPM_PD_CONTEXTKEY N +11 TPM_PD_AUDITMONOTONICCOUNTE R N +12 TPM_PD_MONOTONICCOUNTER N +13 TPM_PD_PCRATTRIB N +14 TPM_PD_ORDINALAUDITSTATUS N +15 TPM_PD_AUTHDIR N +16 TPM_PD_RNGSTATE N +17 TPM_PD_FAMILYTABLE N +18 TPM_DELEGATETABLE N +19 TPM_PD_EKRESET N +20 TPM_PD_MAXNVBUFSIZE N +21 TPM_PD_LASTFAMILYID N +22 TPM_PD_NOOWNERNVWRITE N +23 TPM_PD_RESTRICTDELEGATE Y Owner authorization. Not available when TPM deactivated or disabled. TPM_CMK_SetRestrictions +24 TPM_PD_TPMDAASEED N TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 61 TCG Published 7.5 TPM_STCLEAR_DATA702 Start of Informative comment703 This is an informative structure and not normative. It is purely for convenience of writing704 the spec.705 Most of the data in this structure resets on TPM_Startup(ST_CLEAR). A TPM may706 implement rules that provide longer-term persistence for the data. The TPM reflects how it707 handles the data in various getcapability fields including startup effects.708 End of informative comment709 Definition710 typedef struct tdTPM_STCLEAR_DATA{711 TPM_STRUCTURE_TAG tag;712 TPM_NONCE contextNonceKey;713 TPM_COUNT_ID countID;714 UINT32 ownerReference;715 BOOL disableResetLock;716 TPM_PCRVALUE PCR[TPM_NUM_PCR];717 }TPM_STCLEAR_DATA;718 Parameters719 Type Name Description Flag Name TPM_STRUCTUR E_TAG tag TPM_TAG_STCLEAR_DATA TPM_NONCE contextNonceKey This is the nonce in use to properly identify saved key context blobs This SHALL be set to null on each TPM_Startup (ST_Clear). TPM_SD_CONTEXTNONCEKEY TPM_COUNT_ID countID This is the handle for the current monotonic counter. This SHALL be set to NULL on each TPM_Startup(ST_Clear). TPM_SD_COUNTID UINT32 ownerReference Points to where to obtain the owner secret in OIAP and OSAP commands. This allows a TSS to manage 1.1 applications on a 1.2 TPM where delegation is in operation. Default value is TPM_KH_OWNER. TPM_SD_OWNERREFERENCE BOOL disableResetLock Disables TPM_ResetLockValue upon authorization failure. The value remains TRUE for the timeout period. Default is FALSE. The value is in the STCLEAR_DATA structure as the implementation of this flag is TPM vendor specific. TPM_SD_DISABLERESETLOCK TPM_PCRVALUE PCR Platform configuration registers TPM_SD_PCR 7.5.1 Flag Restrictions720 Flag SubCap number 0x00000000 + Set Set restrictions Actions from +1 TPM_SD_CONTEXTNONCEKEY N +2 TPM_SD_COUNTID N Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 62 Level 2 Revision 94 29 March 2006 TCG Published Flag SubCap number 0x00000000 + Set Set restrictions Actions from +3 TPM_SD_OWNERREFERENCE N +4 TPM_SD_DISABLERESETLOCK N +5 TPM_SD_PCR N TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 63 TCG Published 7.6 TPM_STANY_DATA721 Start of Informative comment722 This is an informative structure and not normative. It is purely for convenience of writing723 the spec.724 Most of the data in this structure resets on TPM_Startup(ST_STATE). A TPM may implement725 rules that provide longer-term persistence for the data. The TPM reflects how it handles the726 data in various TPM_GetCapability fields including startup effects.727 End of informative comment728 Definition729 #define TPM_MIN_SESSIONS 3730 #define TPM_MIN_SESSION_LIST 16731 732 typedef struct tdTPM_SESSION_DATA{733 ... // vendor specific734 } TPM_SESSION_DATA;735 736 typedef struct tdTPM_STANY_DATA{737 TPM_STRUCTURE_TAG tag;738 TPM_NONCE contextNonceSession;739 TPM_DIGEST auditDigest ;740 TPM_CURRENT_TICKS currentTicks;741 UINT32 contextCount;742 UINT32 contextList[TPM_MIN_SESSION_LIST];743 TPM_SESSION_DATA sessions[TPM_MIN_SESSIONS];744 }TPM_STANY_DATA;745 Parameters of STANY_DATA746 Type Name Description Flag Name TPM_STRUCT URE_TAG tag TPM_TAG_STANY_DATA TPM_NONCE contextNonceSession This is the nonce in use to properly identify saved session context blobs. This MUST be set to null on each TPM_Startup (ST_Clear). The nonce MAY be set to null on TPM_Startup(any). TPM_AD_CONTEXTNONCESESSION TPM_DIGEST auditDigest This is the extended value that is the audit log. This SHALL be set to NULLS at the start of each audit session. TPM_AD_AUDITDIGEST TPM_CURREN T_TICKS currentTicks This is the current tick counter. This is reset to 0 according to the rules when the TPM can tick. See the section on the tick counter for details. TPM_AD_CURRENTTICKS UINT32 contextCount This is the counter to avoid session context blob replay attacks. This MUST be set to 0 on each TPM_Startup (ST_Clear). The value MAY be set to 0 on TPM_Startup (any). TPM_AD_CONTEXTCOUNT UINT32 contextList This is the list of outstanding session blobs. All elements of this array MUST be set to 0 on each TPM_AD_CONTEXTLIST Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 64 Level 2 Revision 94 29 March 2006 TCG Published Type Name Description Flag Name TPM_Startup (ST_Clear). The values MAY be set to 0 on TPM_Startup (any). TPM_MIN_SESSION_LIST MUST be 16 or greater. TPM_SESSION _DATA sessions List of current sessions. Sessions can be OSAP, OIAP, DSAP and Transport TPM_AD_SESSIONS Descriptions747 1. The group of contextNonceSession, contextCount, contextList MUST reset at the same748 time.749 2. The contextList MUST keep track of UINT32 values. There is NO requirement that the750 actual memory be 32 bits751 3. contextList MUST support a minimum of 16 entries, it MAY support more.752 4. The TPM MAY restrict the absolute difference between contextList entries753 a. For instance if the TPM enforced distance was 10754 i. Entries 8 and 15 would be valid755 ii. Entries 8 and 28 would be invalid756 b. The minimum distance that the TPM MUST support is 2^16, the TPM MAY support757 larger distances758 7.6.1 Flag Restrictions759 Flag SubCap number 0x00000000 + Set Set restrictions Actions from +1 TPM_AD_CONTEXTNONCESESSION N +2 TPM_AD_AUDITDIGEST N +3 TPM_AD_CURRENTTICKS N +4 TPM_AD_CONTEXTCOUNT N +5 TPM_AD_CONTEXTLIST N +6 TPM_AD_SESSIONS N TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 65 TCG Published 8. PCR Structures760 Start of informative comment761 The PCR structures expose the information in PCR register, allow for selection of PCR762 register or registers in the SEAL operation and define what information is held in the PCR763 register.764 These structures are in use during the wrapping of keys and sealing of blobs.765 End of informative comment766 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 66 Level 2 Revision 94 29 March 2006 TCG Published 8.1 TPM_PCR_SELECTION767 Start of informative comment768 This structure provides a standard method of specifying a list of PCR registers.769 Design points770 1. The user needs to be able to specify the null set of PCR. The mask in pcrSelect indicates771 if a PCR is active or not. Having the mask be a null value that specifies no selected PCR is772 valid.773 2. The TPM must support a sizeOfSelect that indicates the minimum number of PCR on the774 platform. For a 1.2 PC TPM with 24 PCR this value would be 3.775 3. The TPM may support additional PCR over the platform minimum. When supporting776 additional PCR the TPM must support a sizeOfSelect that can indicate the use of an777 individual PCR.778 4. The TPM may support sizeOfSelect that reflects PCR use other than the maximum. For779 instance, a PC TPM that supported 48 PCR would require support for a sizeOfSelect of 6780 and a sizeOfSelect of 3 (for the 24 required PCR). The TPM could support sizes of 4 and 5.781 5. It is desirable for the TPM to support fixed size structures. Nothing in these rules782 prevents a TPM from only supporting a known set of sizeOfSelect structures.783 Odd bit ordering784 To the new reader the ordering of the PCR may seem strange. It is. However, the original785 TPM vendors all interpreted the 1.0 specification to indicate the ordering as it is. The786 scheme works and is understandable, so to avoid any backwards compatibility no change to787 the ordering occurs in 1.2. The TPM vendor's interpretation of the 1.0 specification is the788 start to the comment that there are no ambiguities in the specification just context sensitive789 interpretations.790 End of informative comment791 Definition792 typedef struct tdTPM_PCR_SELECTION {793 UINT16 sizeOfSelect;794 [size_is(sizeOfSelect)] BYTE pcrSelect[];795 } TPM_PCR_SELECTION;796 Parameters797 Type Name Description UINT16 sizeOfSelect The size in bytes of the pcrSelect structure BYTE[] pcrSelect This SHALL be a bit map that indicates if a PCR is active or not Description798 1. PCR selection occurs modulo 8. The minimum granularity for a PCR selection is 8. The799 specification of registers MUST occur in banks of 8.800 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 67 TCG Published 2. pcrSelect is a contiguous bit map that shows which PCR are selected. Each byte801 represents 8 PCR. Byte 0 indicates PCR 0-7, byte 1 8-15 and so on. For each byte, the802 individual bits represent a corresponding PCR. Refer to the figures below for the803 mapping of an individual bit to a PCR within a byte. All pcrSelect bytes follow the same804 mapping.805 a. If the TPM supported 48 PCR to select PCR 0 and 47, the sizeOfSelect would be 6 and806 only two bits would be set to a 1. The remaining portion of pcrSelect would be NULL807 3. When an individual bit is 1 the indicated PCR is selected. If 0 the PCR is not selected.808 a. To select PCR 0, pcrSelect would be 00000001809 b. To select PCR 7, pcrSelect would by 10000000810 c. To select PCR 7 and 0, pcrSelect would be 10000001811 4. If TPM_PCR_SELECTION.pcrSelect is all 0's812 a. The process MUST set TPM_COMPOSITE_HASH to be all 0's.813 5. Else814 a. The process creates a TPM_PCR_COMPOSITE structure from the815 TPM_PCR_SELECTION structure and the PCR values to be hashed. If constructed by816 the TPM the values MUST come from the current PCR registers indicated by the PCR817 indices in the TPM_PCR_SELECTION structure.818 6. The TPM MUST support a sizeOfSelect value that reflects the minimum number of PCR819 as specified in the platform specific specification820 7. The TPM MAY return an error if the sizeOfSelect is a value greater than one that821 represents the number of PCR on the TPM822 8. The TPM MUST return an error if sizeOfSelect is 0823 Byte 0824 +-+-+-+-+-+-+-+-+825 |7|6|5|4|3|2|1|0|826 +-+-+-+-+-+-+-+-+827 828 Byte 1829 +-+-+-+-+-+-+-+-+830 |F|E|D|C|B|A|9|8|831 +-+-+-+-+-+-+-+-+832 833 Byte 2834 +--+--+--+--+--+--+--+--+835 |17|16|15|14|13|12|11|10|836 +--+--+--+--+--+--+--+--+837 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 68 Level 2 Revision 94 29 March 2006 TCG Published 8.2 TPM_PCR_COMPOSITE838 Start of informative comment839 The composite structure provides the index and value of the PCR register to be used when840 creating the value that SEALS an entity to the composite.841 End of informative comment842 Definition843 typedef struct tdTPM_PCR_COMPOSITE {844 TPM_PCR_SELECTION select;845 UINT32 valueSize;846 [size_is(valueSize)] TPM_PCRVALUE pcrValue[];847 } TPM_PCR_COMPOSITE;848 Parameters849 Type Name Description TPM_PCR_SELECTION select This SHALL be the indication of which PCR values are active UINT32 valueSize This SHALL be the size of the pcrValue field TPM_PCRVALUE pcrValue[] This SHALL be an array of TPM_PCRVALUE structures. The values come in the order specified by the select parameter and are concatenated into a single blob TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 69 TCG Published 8.3 TPM_PCR_INFO850 Start of informative comment851 The TPM_PCR_INFO structure contains the information related to the wrapping of a key or852 the sealing of data, to a set of PCRs.853 End of informative comment854 Definition855 typedef struct tdTPM_PCR_INFO{856 TPM_PCR_SELECTION pcrSelection;857 TPM_COMPOSITE_HASH digestAtRelease;858 TPM_COMPOSITE_HASH digestAtCreation;859 } TPM_PCR_INFO;860 Parameters861 Type Name Description TPM_PCR_SELECTION pcrSelection This SHALL be the selection of PCRs to which the data or key is bound. TPM_COMPOSITE_HASH digestAtRelease This SHALL be the digest of the PCR indices and PCR values to verify when revealing Sealed Data or using a key that was wrapped to PCRs. TPM_COMPOSITE_HASH digestAtCreation This SHALL be the composite digest value of the PCR values, at the time when the sealing is performed. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 70 Level 2 Revision 94 29 March 2006 TCG Published 8.4 TPM_PCR_INFO_LONG862 Start of informative comment863 The TPM_PCR_INFO structure contains the information related to the wrapping of a key or864 the sealing of data, to a set of PCRs.865 The LONG version includes information necessary to properly define the configuration that866 creates the blob using the PCR selection.867 End of informative comment868 Definition869 typedef struct tdTPM_PCR_INFO_LONG{870 TPM_STRUCTURE_TAG tag;871 TPM_LOCALITY_SELECTION localityAtCreation;872 TPM_LOCALITY_SELECTION localityAtRelease;873 TPM_PCR_SELECTION creationPCRSelection;874 TPM_PCR_SELECTION releasePCRSelection;875 TPM_COMPOSITE_HASH digestAtCreation;876 TPM_COMPOSITE_HASH digestAtRelease;877 } TPM_PCR_INFO_LONG;878 Parameters879 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_PCR_INFO_LONG TPM_LOCALITY_SELECTION localityAtCreation This SHALL be the locality modifier when the blob is created TPM_LOCALITY_SELECTION localityAtRelease This SHALL be the locality modifier required to reveal Sealed Data or using a key that was wrapped to PCRs This value MUST not be zero (0). TPM_PCR_SELECTION creationPCRSelection This SHALL be the selection of PCRs active when the blob is created TPM_PCR_SELECTION releasePCRSelection This SHALL be the selection of PCRs to which the data or key is bound. TPM_COMPOSITE_HASH digestAtCreation This SHALL be the composite digest value of the PCR values, when the blob is created TPM_COMPOSITE_HASH digestAtRelease This SHALL be the digest of the PCR indices and PCR values to verify when revealing Sealed Data or using a key that was wrapped to PCRs. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 71 TCG Published 8.5 TPM_PCR_INFO_SHORT880 Start of informative comment881 This structure is for defining a digest at release when the only information that is necessary882 is the release configuration.883 This structure does not have a tag to keep the structure short. Software and the TPM need884 to evaluate the structures where the INFO_SHORT structure resides to avoid miss885 identifying the INFO_SHORT structure.886 End of informative comment887 Definition888 typedef struct tdTPM_PCR_INFO_SHORT{889 TPM_PCR_SELECTION pcrSelection;890 TPM_LOCALITY_SELECTION localityAtRelease;891 TPM_COMPOSITE_HASH digestAtRelease;892 } TPM_PCR_INFO_SHORT;893 Parameters894 Type Name Description TPM_PCR_SELECTION pcrSelection This SHALL be the selection of PCRs that specifies the digestAtRelease TPM_LOCALITY_SELECTION localityAtRelease This SHALL be the locality modifier required to release the information TPM_COMPOSITE_HASH digestAtRelease This SHALL be the digest of the PCR indices and PCR values to verify when revealing auth data Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 72 Level 2 Revision 94 29 March 2006 TCG Published 8.6 TPM_LOCALITY_SELECTION895 Start of informative comment896 When used with localityAtCreation only one bit is set and it corresponds to the locality of897 the command creating the structure.898 When used with localityAtRelease the bits indicate which localities CAN perform the release.899 TPM_LOC_TWO would indicate that only locality 2 can perform the release900 TPM_LOC_ONE || TPM_LOC_TWO would indicate that localities 1 or 2 could perform the901 release902 TPM_LOC_FOUR || TPM_LOC_THREE would indicate that localities 3 or 4 could perform903 the release.904 End of informative comment905 Definition906 #define TPM_LOCALITY_SELECTION BYTE907 908 Bit Name Description 7:5 Reserved Must be 0 4 TPM_LOC_FOUR Locality 4 3 TPM_LOC_THREE Locality 3 2 TPM_LOC_TWO Locality 2 1 TPM_LOC_ONE Locality 1 0 TPM_LOC_ZERO Locality 0. This is the same as the legacy interface. 909 The TPM MUST treat a value of 0 as an error. The default value is 0x1F which indicates that910 localities 0-4 have been selected.911 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 73 TCG Published 8.7 PCR Attributes912 Start of informative comment913 The PCR registers will have attributes associated with the PCR register. These attributes914 allow for the PCR registers to be differentiated between other PCR registers.915 This specification defines the generic meaning of the attributes. For a specific platform the916 actual setting of the attribute is a platform specific issue.917 The attributes are values that are set during the manufacturing process of the TPM and918 platform and are not field settable or changeable values.919 To accommodate debugging PCR[15] for all platforms will have a certain set of attributes.920 The setting of these attributes is to allow for easy debugging. This means that values in921 PCR[15] provide no security information. It is anticipated that PCR[15] would be set by a922 developer during their development cycle. Developers are responsible for ensuring that a923 conflict between two programs does not invalidate the settings they are interested in.924 The attributes are pcrReset, pcrResetLocal, pcrExtendLocal. Attributes can be set in any925 combination that is appropriate for the platform.926 The pcrReset attribute allows the PCR to be reset at times other than TPM_STARTUP.927 The pcrResetLocal attribute allows the PCR to be reset at times other than TPM_STARTUP.928 The reset is legal when the mapping of the command locality to PCR flags results in accept.929 See 8.8.1 for details.930 The pcrExtendLocal attribute modifies the PCR such that the PCR can only be Extended931 when the mapping of the command locality to PCR flags results in accept. See 8.8.1 for932 details.933 End of informative comment934 1. The PCR attributes MUST be set during manufacturing.935 2. For a specific PCR register, the PCR attributes MUST match the requirements of the936 TCG platform specific specification that describes the platform.937 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 74 Level 2 Revision 94 29 March 2006 TCG Published 8.8 TPM_PCR_ATTRIBUTES938 Informative comment :939 These attributes are available on a per PCR basis.940 The TPM is not required to maintain this structure internally to the TPM.941 When a challenger evaluates a PCR an understanding of this structure is vital to the proper942 understanding of the platform configuration. As this structure is static for all platforms of943 the same type the structure does not need to be reported with each quote.944 End of informative comment945 Definition946 typedef struct tdTPM_PCR_ATTRIBUTES{947 BOOL pcrReset;948 TPM_LOCALITY_SELECTION pcrExtendLocal;949 TPM_LOCALITY_SELECTION pcrResetLocal;950 } TPM_PCR_ATTRIBUTES;951 Types of Persistent Data952 Type Name Description BOOL pcrReset A value of TRUE SHALL indicate that the PCR register can be reset using the TPM_PCR_Reset command. If pcrReset is: FALSE-Default value of the PCR MUST be 0x00..00 Reset on TPM_Startup(ST_Clear) only Saved by TPM_SaveState Can not be reset by TPM_PCR_Reset TRUE ­ Default value of the PCR MUST be 0xFF..FF. Reset on TPM_Startup(any) MUST not be part of any state stored by TPM_SaveState Can be reset by TPM_PCR_Reset When reset as part of HASH_START the starting value MUST be 0x00..00 TPM_LOCALITY_SELECTION pcrResetLocal An indication of which localities can reset the PCR TPM_LOCALITY_SELECTION pcrExtendLocal An indication of which localities can perform extends on the PCR. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 75 TCG Published 8.8.1 Comparing command locality to PCR flags953 Start of informative comment954 This is an informative section to show the details of how to check locality against the955 locality modifier received with a command. The operation works for any of reset, extend or956 use but for example this will use read.957 Map L1 to TPM_STANY_FLAGS -> localityModifier958 Map P1 to TPM_PERMANENT_DATA -> pcrAttrib->[selectedPCR].pcrExtendLocal959 If, for the value L1, the corresponding bit is set in the bit map P1960 return accept961 else return reject962 End of informative comment963 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 76 Level 2 Revision 94 29 March 2006 TCG Published 8.9 Debug PCR register964 Start of informative comment965 There is a need to define a PCR that allows for debugging. The attributes of the debug966 register are such that it is easy to reset but the register provides no measurement value967 that can not be spoofed. Production applications should not use the debug PCR for any968 SEAL or other operations. The anticipation is that the debug PCR is set and used by969 application developers during the application development cycle. Developers are responsible970 for ensuring that a conflict between two programs does not invalidate the settings they are971 interested in.972 The specific register that is the debug PCR MUST be set by the platform specific973 specification.974 End of informative comment975 The attributes for the debug PCR SHALL be the following:976 pcrReset = TRUE;977 pcrResetLocal = 0x1f;978 pcrExtendLocal = 0x1f;979 pcrUseLocal = 0x1f;980 981 These settings are to create a PCR register that developers can use to reset at any time982 during their development cycle.983 The debug PCR does NOT need to be saved during TPM_SaveState984 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 77 TCG Published 8.10 Mapping PCR Structures985 Start of informative comment986 When moving information from one PCR structure type to another, i.e. TPM_PCR_INFO to987 TPM_PCR_INFO_SHORT, the mapping between fields could be ambiguous. This section988 describes how the various fields map and what the TPM must do when adding or losing989 information.990 End of informative comment991 1. Set IN to TPM_PCR_INFO992 2. Set IL to TPM_PCR_INFO_LONG993 3. Set IS to TPM_PCR_INFO_SHORT994 4. To set IS from IN995 a. Set IS -> pcrSelection to IN -> pcrSelection996 b. Set IS -> digestAtRelease to IN -> digestAtRelease997 c. Set IS -> localityAtRelease to 0x1F to indicate all localities are valid998 d. Ignore IN -> digestAtCreation999 5. To set IS from IL1000 a. Set IS -> pcrSelection to IL -> releasePCRSelection1001 b. Set IS -> localityAtRelease to IL -> localityAtRelease1002 c. Set IS -> digestAtRelease to IL -> digestAtRelease1003 d. Ignore all other IL values1004 6. To set IL from IN1005 a. Set IL -> localityAtCreation to 0x1F1006 b. Set IL -> localityAtRelease to 0x1F1007 c. Set IL -> creationPCRSelection to IN -> pcrSelection1008 d. Set IL -> releasePCRSelection to IN -> pcrSelection1009 e. Set IL -> digestAtRelease to IN -> digestAtRelease1010 f. Set IL -> digestAtRelease to IN -> digestAtRelease1011 7. To set IL from IS1012 a. Set IL -> localityAtCreation to 0x1F1013 b. Set IL -> localityAtRelease to IS localityAtRelease1014 c. Set IL -> creationPCRSelection to NULL1015 d. Set IL -> releasePCRSelection to IS -> pcrSelection1016 e. Set IL -> digestAtCreation to NULL1017 f. Set IL -> digestAtRelease to IS -> digestAtRelease1018 8. To set IN from IS1019 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 78 Level 2 Revision 94 29 March 2006 TCG Published a. Set IN -> pcrSelection to IS -> pcrSelection1020 b. Set IN -> digestAtRelease to IS -> digestAtRelease1021 c. Set IN -> digestAtCreation to NULL1022 9. To set IN from IL1023 a. Set IN -> pcrSelection to IL -> releasePCRSelection1024 b. Set IN -> digestAtRelease to IL -> digestAtRelease1025 c. If IL -> creationPCRSelection and IL -> localityAtCreation both match IL ->1026 releasePCRSelection and IL ­> localityAtRelease1027 i. Set IN -> digestAtCreation to IL -> digestAtCreation1028 d. Else1029 i. Set IN -> digestAtCreation to NULL1030 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 79 TCG Published 9. Storage Structures1031 9.1 TPM_STORED_DATA1032 Start of informative comment1033 The definition of this structure is necessary to ensure the enforcement of security1034 properties.1035 This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR1036 index and values that must be present to properly unseal the data.1037 This structure only provides 1.1 data store and uses TPM_PCR_INFO1038 End of informative comment1039 Definition1040 typedef struct tdTPM_STORED_DATA {1041 TPM_STRUCT_VER ver;1042 UINT32 sealInfoSize;1043 [size_is(sealInfoSize)] BYTE* sealInfo;1044 UINT32 encDataSize;1045 [size_is(encDataSize)] BYTE* encData;1046 } TPM_STORED_DATA;1047 Parameters1048 Type Name Description TPM_STRUCT_VER ver This MUST be 1.1.0.0 UINT32 sealInfoSize Size of the sealInfo parameter BYTE* sealInfo This SHALL be a structure of type TPM_PCR_INFO or a 0 length array if the data is not bound to PCRs. UINT32 encDataSize This SHALL be the size of the encData parameter BYTE* encData This shall be an encrypted TPM_SEALED_DATA structure containing the confidential part of the data. Descriptions1049 1. This structure is created during the TPM_Seal process. The confidential data is1050 encrypted using a non-migratable key. When the TPM_Unseal decrypts this structure1051 the TPM_Unseal uses the public information in the structure to validate the current1052 configuration and release the decrypted data1053 2. When sealInfoSize is not 0 sealInfo MUST be TPM_PCR_INFO1054 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 80 Level 2 Revision 94 29 March 2006 TCG Published 9.2 TPM_STORED_DATA121055 Start of informative comment1056 The definition of this structure is necessary to ensure the enforcement of security1057 properties.1058 This structure is in use by the TPM_Seal and TPM_Unseal commands to identify the PCR1059 index and values that must be present to properly unseal the data.1060 End of informative comment1061 Definition1062 typedef struct tdTPM_STORED_DATA12 {1063 TPM_STRUCTURE_TAG tag;1064 TPM_ENTITY_TYPE et;1065 UINT32 sealInfoSize;1066 [size_is(sealInfoSize)] BYTE* sealInfo;1067 UINT32 encDataSize;1068 [size_is(encDataSize)] BYTE* encData;1069 } TPM_STORED_DATA12;1070 Parameters1071 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_STORED_DATA12 TPM_ENTITY_TYPE et The type of blob UINT32 sealInfoSize Size of the sealInfo parameter BYTE* sealInfo This SHALL be a structure of type TPM_PCR_INFO_LONG UINT32 encDataSize This SHALL be the size of the encData parameter BYTE* encData This shall be an encrypted TPM_SEALED_DATA structure containing the confidential part of the data. Descriptions1072 1. This structure is created during the TPM_Seal process. The confidential data is1073 encrypted using a non-migratable key. When the TPM_Unseal decrypts this structure1074 the TPM_Unseal uses the public information in the structure to validate the current1075 configuration and release the decrypted data.1076 2. If sealInfoSize is not 0 then sealInfo MUST be TPM_PCR_INFO_LONG1077 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 81 TCG Published 9.3 TPM_SEALED_DATA1078 Start of informative comment1079 This structure contains confidential information related to sealed data, including the data1080 itself.1081 End of informative comment1082 Definition1083 typedef struct tdTPM_SEALED_DATA {1084 TPM_PAYLOAD_TYPE payload;1085 TPM_SECRET authData;1086 TPM_NONCE tpmProof;1087 TPM_DIGEST storedDigest;1088 UINT32 dataSize;1089 [size_is(dataSize)] BYTE* data;1090 } TPM_SEALED_DATA;1091 Parameters1092 Type Name Description TPM_PAYLOAD_TYPE payload This SHALL indicate the payload type of TPM_PT_SEAL TPM_SECRET authData This SHALL be the AuthData data for this value TPM_NONCE tpmProof This SHALL be a copy of TPM_PERMANENT_DATA-> tpmProof TPM_DIGEST storedDigest This SHALL be a digest of the TPM_STORED_DATA struc ture, excluding the fields TPM_STORED_DATA -> encDataSize and TPM_STORED_DATA -> encData. UINT32 dataSize This SHALL be the size of the data parameter BYTE* data This SHALL be the data to be sealed Description1093 1. To tie the TPM_STORED_DATA structure to the TPM_SEALED_DATA structure this1094 structure contains a digest of the containing TPM_STORED_DATA structure.1095 2. The digest calculation does not include the encDataSize and encData parameters.1096 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 82 Level 2 Revision 94 29 March 2006 TCG Published 9.4 TPM_SYMMETRIC_KEY1097 Start of informative comment1098 This structure describes a symmetric key, used during the process "Collating a Request for1099 a Trusted Platform Module Identity".1100 End of informative comment1101 Definition1102 typedef struct tdTPM_SYMMETRIC_KEY {1103 TPM_ALGORITHM_ID algId;1104 TPM_ENC_SCHEME encScheme;1105 UINT16 size;1106 [size_is(size)] BYTE* data;1107 } TPM_SYMMETRIC_KEY;1108 Parameters1109 Type Name Description TPM_ALGORITHM_ID algId This SHALL be the algorithm identifier of the symmetric key. TPM_ENC_SCHEME encScheme This SHALL fully identify the manner in which the key will be used forencryption operations. UINT16 size This SHALL be the size of the data parameter in bytes BYTE* data This SHALL be the symmetric key data TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 83 TCG Published 9.5 TPM_BOUND_DATA1110 Start of informative comment1111 This structure is defined because it is used by a TPM_UnBind command in a consistency1112 check.1113 The intent of TCG is to promote "best practice" heuristics for the use of keys: a signing key1114 shouldn't be used for storage, and so on. These heuristics are used because of the potential1115 threats that arise when the same key is used in different ways. The heuristics minimize the1116 number of ways in which a given key can be used.1117 One such heuristic is that a key of type TPM_KEY_BIND, and no other type of key, should1118 always be used to create the blob that is unwrapped by TPM_UnBind. Binding is not a TPM1119 function, so the only choice is to perform a check for the correct payload type when a blob1120 is unwrapped by a key of type TPM_KEY_BIND. This requires the blob to have internal1121 structure.1122 Even though payloadData has variable size, TPM_BOUND_DATA deliberately does not1123 include the size of payloadData. This is to maximize the size of payloadData that can be1124 encrypted when TPM_BOUND_DATA is encrypted in a single block. When using1125 TPM_UnBind to obtain payloadData, the size of payloadData is deduced as a natural result1126 of the (RSA) decryption process.1127 End of informative comment1128 Definition1129 typedef struct tdTPM_BOUND_DATA {1130 TPM_STRUCT_VER ver;1131 TPM_PAYLOAD_TYPE payload;1132 BYTE[] payloadData;1133 } TPM_BOUND_DATA;1134 Parameters1135 Type Name Description TPM_STRUCT_VER ver This MUST be 1.1.0.0 TPM_PAYLOAD_TYPE payload This SHALL be the value TPM_PT_BIND BYTE[] payloadData The bound data Descriptions1136 1. This structure MUST be used for creating data when (wrapping with a key of type1137 TPM_KEY_BIND) or (wrapping using the encryption algorithm1138 TPM_ES_RSAESOAEP_SHA1_M). If it is not, the TPM_UnBind command will fail.1139 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 84 Level 2 Revision 94 29 March 2006 TCG Published 10. TPM_KEY complex1140 Start of informative comment1141 The TPA_KEY complex is where all of the information regarding keys is kept. These1142 structures combine to fully define and protect the information regarding an asymmetric key.1143 This version of the specification only fully defines RSA keys, however the design is such that1144 in the future when other asymmetric algorithms are available the general structure will not1145 change.1146 One overriding design goal is for a 2048 bit RSA key to be able to properly protect another1147 2048 bit RSA key. This stems from the fact that the SRK is a 2048 bit key and all identities1148 are 2048 bit keys. A goal is to have these keys only require one decryption when loading an1149 identity into the TPM. The structures as defined meet this goal.1150 Every TPM_KEY is allowed only one encryption scheme or one signature scheme (or one of1151 each in the case of legacy keys) throughout its lifetime. Note however that more than one1152 scheme could be used with externally generated keys, by introducing the same key in1153 multiple blobs.1154 End of informative comment:1155 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 85 TCG Published 10.1 TPM_KEY_PARMS1156 Start of informative comment1157 This provides a standard mechanism to define the parameters used to generate a key pair,1158 and to store the parts of a key shared between the public and private key parts.1159 End of informative comment1160 Definition1161 typedef struct tdTPM_KEY_PARMS {1162 TPM_ALGORITHM_ID algorithmID;1163 TPM_ENC_SCHEME encScheme;1164 TPM_SIG_SCHEME sigScheme;1165 UINT32 parmSize;1166 [size_is(parmSize)] BYTE* parms;1167 } TPM_KEY_PARMS;1168 Parameters1169 Type Name Description TPM_ALGORITHM_ID algorithmID This SHALL be the key algorithm in use TPM_ENC_SCHEME encScheme This SHALL be the encryption scheme that the key uses to encrypt information TPM_SIG_SCHEME sigScheme This SHALL be the signature scheme that the key uses to perform digital signatures UINT32 parmSize This SHALL be the size of the parms field in bytes BYTE[] parms This SHALL be the parameter information dependant upon the key algorithm. Descriptions1170 The contents of the `parms' field will vary depending upon algorithmId:1171 Algorithm Id PARMS Contents TPM_ALG_RSA A structure of type TPM_RSA_KEY_PARMS TPM_ALG_DES A structure of type TPM_SYMMETRIC_KEY_PARMS TPM_ALG_3DES A structure of type TPM_SYMMETRIC_KEY_PARMS TPM_ALG_SHA No content TPM_ALG_HMAC No content TPM_ALG_AES A structure of type TPM_SYMMETRIC_KEY_PARMS TPM_ALG_MGF1 No content Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 86 Level 2 Revision 94 29 March 2006 TCG Published 10.1.1 TPM_RSA_KEY_PARMS1172 Start of informative comment1173 This structure describes the parameters of an RSA key.1174 End of informative comment1175 Definition1176 typedef struct tdTPM_RSA_KEY_PARMS {1177 UINT32 keyLength;1178 UINT32 numPrimes;1179 UINT32 exponentSize;1180 BYTE[] exponent;1181 } TPM_RSA_KEY_PARMS;1182 Parameters1183 Type Name Description UINT32 keyLength This specifies the size of the RSA key in bits UINT32 numPrimes This specifies the number of prime factors used by this RSA key. UINT32 exponentSize This SHALL be the size of the exponent. If the key is using the default exponent then the exponentSize MUST be 0. BYTE[] exponent The public exponent of this key 10.1.2 TPM_SYMMETRIC_KEY_PARMS1184 Start of informative comment1185 This structure describes the parameters for symmetric algorithms1186 End of informative comment1187 Definition1188 typedef struct tdTPM_SYMMETRIC_KEY_PARMS {1189 UINT32 keyLength;1190 UINT32 blockSize;1191 UINT32 ivSize;1192 [size_is(ivSize)] BYTE IV;1193 } TPM_SYMMETRIC_KEY_PARMS;1194 Parameters1195 Type Name Description UINT32 keyLength This SHALL indicate the length of the key in bits UINT32 blockSize This SHALL indicate the blocksize of the algorithm UINT32 ivSize This SHALL indicate the size of the IV BYTE[] IV The initialization vector TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 87 TCG Published 10.2 TPM_KEY1196 Start of informative comment1197 The TPM_KEY structure provides a mechanism to transport the entire asymmetric key pair.1198 The private portion of the key is always encrypted.1199 The reason for using a size and pointer for the PCR info structure is save space when the1200 key is not bound to a PCR. The only time the information for the PCR is kept with the key is1201 when the key needs PCR info.1202 The 1.2 version has a change in the PCRInfo area. For 1.2 the structure uses the1203 TPM_PCR_INFO_LONG structure to properly define the PCR registers in use.1204 End of informative comment:1205 Definition1206 typedef struct tdTPM_KEY{1207 TPM_STRUCT_VER ver;1208 TPM_KEY_USAGE keyUsage;1209 TPM_KEY_FLAGS keyFlags;1210 TPM_AUTH_DATA_USAGE authDataUsage;1211 TPM_KEY_PARMS algorithmParms;1212 UINT32 PCRInfoSize;1213 BYTE* PCRInfo;1214 TPM_STORE_PUBKEY pubKey;1215 UINT32 encDataSize;1216 [size_is(encDataSize)] BYTE* encData;1217 } TPM_KEY;1218 Parameters1219 Type Name Description TPM_STRUCT_VER ver This MUST be 1.1.0.0 TPM_KEY_USAGE keyUsage This SHALL be the TPM key usage that determines the operations permitted with this key TPM_KEY_FLAGS keyFlags This SHALL be the indication of migration, redirection etc. TPM_AUTH_DATA_USAGE authDataUsage This SHALL Indicate the conditions where it is required that authorization be presented. TPM_KEY_PARMS algorithmParms This SHALL be the information regarding the algorithm for this key UINT32 PCRInfoSize This SHALL be the length of the pcrInfo parameter. If the key is not bound to a PCR this value SHOULD be 0. BYTE* PCRInfo This SHALL be a structure of type TPM_PCR_INFO, or an empty array if the key is not bound to PCRs. TPM_STORE_PUBKEY pubKey This SHALL be the public portion of thekey UINT32 encDataSize This SHALL be the size of the encData parameter. BYTE* encData This SHALL be an encrypted TPM_STORE_ASYMKEY structure or TPM_MIGRATE_ASYMKEY structure Version handling1220 1. A TPM MUST be able to read and create TPM_KEY structures1221 2. A TPM MUST not allow a TPM_KEY structure to contain a TPM_PCR_INFO_LONG1222 structure1223 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 88 Level 2 Revision 94 29 March 2006 TCG Published 10.3 TPM_KEY121224 Start of informative comment1225 This provides the same functionality as TPM_KEY but uses the new PCR_INFO_LONG1226 structures and the new structure tagging. In all other aspects this is the same structure.1227 End of informative comment:1228 Definition1229 typedef struct tdTPM_KEY12{1230 TPM_STRUCTURE_TAG tag;1231 UINT16 fill;1232 TPM_KEY_USAGE keyUsage;1233 TPM_KEY_FLAGS keyFlags;1234 TPM_AUTH_DATA_USAGE authDataUsage;1235 TPM_KEY_PARMS algorithmParms;1236 UINT32 PCRInfoSize;1237 BYTE* PCRInfo;1238 TPM_STORE_PUBKEY pubKey;1239 UINT32 encDataSize;1240 [size_is(encDataSize)] BYTE* encData;1241 } TPM_KEY12;1242 Parameters1243 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_KEY12 UINT16 fill MUST be 0x0000 TPM_KEY_USAGE keyUsage This SHALL be the TPM key usage that determines the operations permitted with this key TPM_KEY_FLAGS keyFlags This SHALL be the indication of migration, redirection etc. TPM_AUTH_DATA_USAGE authDataUsage This SHALL Indicate the conditions where it is required that authorization be presented. TPM_KEY_PARMS algorithmParms This SHALL be the information regarding the algorithm for this key UINT32 PCRInfoSize This SHALL be the length of the pcrInfo parameter. If the key is not bound to a PCR this value SHOULD be 0. BYTE* PCRInfo This SHALL be a structure of type TPM_PCR_INFO_LONG, TPM_STORE_PUBKEY pubKey This SHALL be the public portion of the key UINT32 encDataSize This SHALL be the size of the encData parameter. BYTE* encData This SHALL be an encrypted TPM_STORE_ASYMKEY structure TPM_MIGRATE_ASYMKEY structure Version handling1244 1. The TPM MUST be able to read and create TPM_KEY12 structures1245 2. The TPM MUST not allow a TPM_KEY12 structure to contain a TPM_PCR_INFO structure1246 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 89 TCG Published 10.4 TPM_STORE_PUBKEY1247 Start of informative comment1248 This structure can be used in conjunction with a corresponding TPM_KEY_PARMS to1249 construct a public key which can be unambiguously used.1250 End of informative comment1251 typedef struct tdTPM_STORE_PUBKEY {1252 UINT32 keyLength;1253 BYTE[] key;1254 } TPM_STORE_PUBKEY;1255 Parameters1256 Type Name Description UINT32 keyLength This SHALL be the length of the key field. BYTE[] key This SHALL be a structure interpreted according to the algorithm Id in the corresponding TPM_KEY_PARMS structure. Descriptions1257 The contents of the `key' field will vary depending upon the corresponding key algorithm:1258 Algorithm Id `Key' Contents TPM_ALG_RSA The RSA public modulus Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 90 Level 2 Revision 94 29 March 2006 TCG Published 10.5 TPM_PUBKEY1259 Start of informative comment1260 The TPM_PUBKEY structure contains the public portion of an asymmetric key pair. It1261 contains all the information necessary for iťs unambiguous usage. It is possible to1262 construct this structure from a TPM_KEY, using the algorithmParms and pubKey fields.1263 End of informative comment1264 Definition1265 typedef struct tdTPM_PUBKEY{1266 TPM_KEY_PARMS algorithmParms;1267 TPM_STORE_PUBKEY pubKey;1268 } TPM_PUBKEY;1269 Parameters1270 Type Name Description TPM_KEY_PARMS algorithmParms This SHALL be the information regarding this key TPM_STORE_PUBKEY pubKey This SHALL be the public key information Descriptions1271 The pubKey member of this structure shall contain the public key for a specific algorithm.1272 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 91 TCG Published 10.6 TPM_STORE_ASYMKEY1273 Start of informative comment1274 The TPM_STORE_ASYMKEY structure provides the area to identify the confidential1275 information related to a key. This will include the private key factors for an asymmetric key.1276 The structure is designed so that encryption of a TPM_STORE_ASYMKEY structure1277 containing a 2048 bit RSA key can be done in one operation if the encrypting key is 20481278 bits.1279 Using typical RSA notation the structure would include P, and when loading the key include1280 the unencrypted P*Q which would be used to recover the Q value.1281 To accommodate the future use of multiple prime RSA keys the specification of additional1282 prime factors is an optional capability.1283 This structure provides the basis of defining the protection of the private key.1284 Changes in this structure MUST be reflected in the TPM_MIGRATE_ASYMKEY structure1285 (section 10.8).1286 End of informative comment1287 Definition1288 typedef struct tdTPM_STORE_ASYMKEY { // pos len total1289 TPM_PAYLOAD_TYPE payload; // 0 1 11290 TPM_SECRET usageAuth; // 1 20 211291 TPM_SECRET migrationAuth; // 21 20 411292 TPM_DIGEST pubDataDigest; // 41 20 611293 TPM_STORE_PRIVKEY privKey; // 61 132-151 193-2141294 } TPM_STORE_ASYMKEY;1295 Parameters1296 Type Name Description TPM_PAYLOAD_TYPE payload This SHALL set to TPM_PT_ASYM to indicate an asymmetric key. If used in TPM_CMK_ConvertMigration the value SHALL be TPM_PT_MIGRATE_EXTERNAL If used in TPM_CMK_CreateKey the value SHALL be TPM_PT_MIGRATE_RESTRICTED TPM_SECRET usageAuth This SHALL be the AuthData data necessary to authorize the use of this value TPM_SECRET migrationAuth This SHALL be the migration AuthData data for a migratable key, or the TPM secret value tpmProof for a non-migratable key created by the TPM. If the TPM sets this parameter to the value tpmProof, then the TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY structure MUST be set to 0. If this parameter is set to the migration AuthData data for the key in parameter PrivKey, then the TPM_KEY.keyFlags.migratable of the corresponding TPM_KEY structure SHOULD be set to 1. TPM_DIGEST pubDataDigest This SHALL be the digest of the corresponding TPM_KEY structure, excluding the fields TPM_KEY.encSize and TPM_KEY.encData. When TPM_KEY -> pcrInfoSize is 0 then the digest calculation has no input from the pcrInfo field. The pcrInfoSize field MUST always be part of the digest calculation. TPM_STORE_PRIVKEY privKey This SHALL be the private key data. The privKey can be a variable length which allows for differences in the key format. The maximum size of the area would be 151 bytes. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 92 Level 2 Revision 94 29 March 2006 TCG Published 10.7 TPM_STORE_PRIVKEY1297 Start of informative comment1298 This structure can be used in conjunction with a corresponding TPM_PUBKEY to construct1299 a private key which can be unambiguously used.1300 End of informative comment1301 typedef struct tdTPM_STORE_PRIVKEY {1302 UINT32 keyLength;1303 [size_is(keyLength)] BYTE* key;1304 } TPM_STORE_PRIVKEY;1305 Parameters1306 Type Name Description UINT32 keyLength This SHALL be the length of the key field. BYTE* key This SHALL be a structure interpreted according to the algorithm Id in the corresponding TPM_KEY structure. Descriptions1307 All migratable keys MUST be RSA keys with two (2) prime factors.1308 For non-migratable keys, the size, format and contents of privKey.key MAY be vendor1309 specific and MAY not be the same as that used for migratable keys. The level of1310 cryptographic protection MUST be at least as strong as a migratable key.1311 Algorithm Id key Contents TPM_ALG_RSA When the numPrimes defined in the corresponding TPM_RSA_KEY_PARMS field is 2, this shall be one of the prime factors of the key. Upon loading of the key the TPM calculates the other prime factor by dividing the modulus, TPM_RSA_PUBKEY, by this value. The TPM MAY support RSA keys with more than two prime factors. Definition of the storage structure for these keys is left to the TPM Manufacturer. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 93 TCG Published 10.8 TPM_MIGRATE_ASYMKEY1312 Start of informative comment1313 The TPM_MIGRATE_ASYMKEY structure provides the area to identify the private key factors1314 of a asymmetric key while the key is migrating between TPM's.1315 This structure provides the basis of defining the protection of the private key.1316 End of informative comment1317 Definition1318 typedef struct tdTPM_MIGRATE_ASYMKEY { // pos len total1319 TPM_PAYLOAD_TYPE payload; // 0 1 11320 TPM_SECRET usageAuth; // 1 20 211321 TPM_DIGEST pubDataDigest; // 21 20 411322 UINT32 partPrivKeyLen; // 41 4 451323 [size_is(partPrivKeyLen)] BYTE* partPrivKey; // 45 112-127 157-1721324 } TPM_MIGRATE_ASYMKEY;1325 Parameters1326 Type Name Description TPM_PAYLOAD_TYPE payload This SHALL set to TPM_PT_MIGRATEor TPM_PT_CMK_MIGRATE to indicate an migrating asymmetric key or TPM_PT_MAINT to indicate a maintenance key. TPM_SECRET usageAuth This SHALL be a copy of the usageAuth from the TPM_STORE_ASYMKEY structure. TPM_DIGEST pubDataDigest This SHALL be a copy of the pubDataDigest from the TPM_STORE_ASYMKEY structure. UINT32 partPrivKeyLen This SHALL be the size of the partPrivKey field BYTE* partPrivKey This SHALL be the k2 area as described in TPM_CreateMigrationBlob Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 94 Level 2 Revision 94 29 March 2006 TCG Published 10.9 TPM_KEY_CONTROL1327 Start of informative comment1328 Attributes that can control various aspects of key usage and manipulation1329 End of informative comment1330 Bit Name Description 31:1 Reserved Must be 0 0 TPM_KEY_CONTROL_OWNER_EVICT Owner controls when the key is evicted from the TPM. When set the TPM MUST preserve key the key across all TPM_Init invocations. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 95 TCG Published 11. Signed Structures1331 11.1 TPM_CERTIFY_INFO Structure1332 Start of informative comment1333 When the TPM certifies a key, it must provide a signature with a TPM identity key on1334 information that describes that key. This structure provides the mechanism to do so.1335 Key usage and keyFlags must have their upper byte set to null to avoid collisions with the1336 other signature headers.1337 End of informative comment1338 Definition1339 typedef struct tdTPM_CERTIFY_INFO{1340 TPM_STRUCT_VER version;1341 TPM_KEY_USAGE keyUsage;1342 TPM_KEY_FLAGS keyFlags;1343 TPM_AUTH_DATA_USAGE authDataUsage;1344 TPM_KEY_PARMS algorithmParms;1345 TPM_DIGEST pubkeyDigest;1346 TPM_NONCE data;1347 BOOL parentPCRStatus;1348 UINT32 PCRInfoSize;1349 [size_is(pcrInfoSize)] BYTE* PCRInfo;1350 } TPM_CERTIFY_INFO;1351 Parameters1352 Type Name Description TPM_STRUCT_VER version This MUST be 1.1.0.0 TPM_KEY_USAGE keyUsage This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified. The upper byte MUST be NULL TPM_KEY_FLAGS keyFlags This SHALL be set to the same value as the corresponding parameter in the TPM_KEY structure that describes the public key that is being certified. The upper byte MUST be NULL. TPM_AUTH_DATA_USAGE authDataUsage This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified TPM_KEY_PARMS algorithmParms This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified TPM_DIGEST pubKeyDigest This SHALL be a digest of the value TPM_KEY -> pubKey -> key in a TPM_KEY representation of the key to be certified TPM_NONCE data This SHALL be externally provided data. BOOL parentPCRStatus This SHALL indicate if any parent key was wrapped to a PCR UINT32 PCRInfoSize This SHALL be the size of the pcrInfo parameter. A value of zero indicates that the key is not wrapped to a PCR BYTE* PCRInfo This SHALL be the TPM_PCR_INFO structure. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 96 Level 2 Revision 94 29 March 2006 TCG Published 11.2 TPM_CERTIFY_INFO2 Structure1353 Start of informative comment1354 When the TPM certifies a key, it must provide a signature with a TPM identity key on1355 information that describes that key. This structure provides the mechanism to do so.1356 Key usage and keyFlags must have their upper byte set to null to avoid collisions with the1357 other signature headers.1358 End of informative comment1359 Definition1360 typedef struct tdTPM_CERTIFY_INFO2{1361 TPM_STRUCTURE_TAG tag;1362 BYTE fill;1363 TPM_PAYLOAD_TYPE payloadType;1364 TPM_KEY_USAGE keyUsage;1365 TPM_KEY_FLAGS keyFlags;1366 TPM_AUTH_DATA_USAGE authDataUsage;1367 TPM_KEY_PARMS algorithmParms;1368 TPM_DIGEST pubkeyDigest;1369 TPM_NONCE data;1370 BOOL parentPCRStatus;1371 UINT32 PCRInfoSize;1372 [size_is(pcrInfoSize)] BYTE* PCRInfo;1373 UINT32 migrationAuthoritySize ;1374 [size_is(migrationAuthoritySize)] BYTE migrationAuthority;1375 } TPM_CERTIFY_INFO2;1376 Parameters1377 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_CERTIFY_INFO2 BYTE fill MUST be 0x00 TPM_PAYLOAD_TYPE payloadType This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified TPM_KEY_USAGE keyUsage This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified. The upper byte MUST be NULL TPM_KEY_FLAGS keyFlags This SHALL be set to the same value as the corresponding parameter in the TPM_KEY structure that describes the public key that is being certified. The upper byte MUST be NULL. TPM_AUTH_DATA_USAGE authDataUsage This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified TPM_KEY_PARMS algorithmParms This SHALL be the same value that would be set in a TPM_KEY representation of the key to be certified TPM_DIGEST pubKeyDigest This SHALL be a digest of the value TPM_KEY -> pubKey -> key in a TPM_KEY representation of the key to be certified TPM_NONCE data This SHALL be externally provided data. BOOL parentPCRStatus This SHALL indicate if any parent key was wrapped to a PCR UINT32 PCRInfoSize This SHALL be the size of the pcrInfo parameter. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 97 TCG Published Type Name Description BYTE* PCRInfo This SHALL be the TPM_PCR_INFO_SHORT structure. UINT32 migrationAuthoritySize This SHALL be the size of migrationAuthority BYTE[] migrationAuthority If the key to be certified has [payload == TPM_PT_MIGRATE_RESTRICTED or payload ==TPM_PT_MIGRATE_EXTERNAL], migrationAuthority is the digest of the TPM_MSA_COMPOSITE and has TYPE == TPM_DIGEST. Otherwise it is NULL. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 98 Level 2 Revision 94 29 March 2006 TCG Published 11.3 TPM_QUOTE_INFO Structure1378 Start of informative comment1379 This structure provides the mechanism for the TPM to quote the current values of a list of1380 PCRs.1381 End of informative comment1382 Definition1383 typedef struct tdTPM_QUOTE_INFO{1384 TPM_STRUCT_VER version;1385 BYTE fixed[4];1386 TPM_COMPOSITE_HASH digestValue;1387 TPM_NONCE externalData;1388 } TPM_QUOTE_INFO;1389 Parameters1390 Type Name Description TPM_STRUCT_VER version This MUST be 1.1.0.0 BYTE fixed This SHALL always be the string `QUOŤ TPM_COMPOSITE_HASH digestValue This SHALL be the result of the composite hash algorithm using the current values of the requested PCR indices. TPM_NONCE externalData 160 bits of externally supplied data TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 99 TCG Published 11.4 TPM_QUOTE_INFO2 Structure1391 Start of informative comment1392 This structure provides the mechanism for the TPM to quote the current values of a list of1393 PCRs.1394 End of informative comment1395 Definition1396 typedef struct tdTPM_QUOTE_INFO2{1397 TPM_STRUCTURE_TAG tag;1398 BYTE fixed[4];1399 TPM_NONCE externalData;1400 TPM_PCR_INFO_SHORT infoShort;1401 } TPM_QUOTE_INFO2;1402 Parameters1403 Type Name Description TPM_STRUCTURE_TAG tag This SHALL be TPM_TAG_QUOTE_INFO2 BYTE fixed This SHALL always be the string `QUT2' TPM_NONCE externalData 160 bits of externally supplied data TPM_PCR_INFO_SHORT infoShort the quoted PCR registers Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 100 Level 2 Revision 94 29 March 2006 TCG Published 12. Identity Structures1404 12.1 TPM_EK_BLOB1405 Start of informative comment1406 This structure provides a wrapper to each type of structure that will be in use when the1407 endorsement key is in use.1408 End of informative comment1409 Definition1410 typedef struct tdTPM_EK_BLOB{1411 TPM_STRUCTURE_TAG tag;1412 TPM_EK_TYPE ekType;1413 UINT32 blobSize;1414 [size_is(blobSize)] byte* blob;1415 } TPM_EK_BLOB;1416 Parameters1417 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_EK_BLOB TPM_EK_TYPE ekType This SHALL be set to reflect the type of blob in use UINT32 blobSize The size of the blob field BYTE* blob The blob of information depending on the type TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 101 TCG Published 12.2 TPM_EK_BLOB_ACTIVATE1418 Start of informative comment1419 This structure contains the symmetric key to encrypt the identity credential.1420 This structure always is contained in a TPM_EK_BLOB.1421 End of informative comment1422 Definition1423 typedef struct tdTPM_EK_BLOB_ACTIVATE{1424 TPM_STRUCTURE_TAG tag;1425 TPM_SYMMETRIC_KEY sessionKey;1426 TPM_DIGEST idDigest;1427 TPM_PCR_INFO_SHORT pcrInfo;1428 } TPM_EK_BLOB_ACTIVATE;1429 Parameters1430 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_EK_BLOB_ACTIVATE TPM_SYMMETRIC_KEY sessionKey This SHALL be the session key used by the CA to encrypt the TPM_IDENTITY_CREDENTIAL TPM_DIGEST idDigest This SHALL be the digest of the TPM_PUBKEY that is being certified by the CA TPM_PCR_INFO_SHORT pcrInfo This SHALL indicate the PCR's and localities Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 102 Level 2 Revision 94 29 March 2006 TCG Published 12.3 TPM_EK_BLOB_AUTH1431 Start of informative comment1432 This structure contains the symmetric key to encrypt the identity credential.1433 This structure always is contained in a TPM_EK_BLOB.1434 End of informative comment1435 Definition1436 typedef struct tdTPM_EK_BLOB_AUTH{1437 TPM_STRUCTURE_TAG tag;1438 TPM_SECRET authValue;1439 } TPM_EK_BLOB_AUTH;1440 Parameters1441 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_EK_BLOB_AUTH TPM_SECRET authValue This SHALL be the AuthData value 1442 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 103 TCG Published 12.4 TPM_CHOSENID_HASH1443 This definition specifies the operation necessary to create a TPM_CHOSENID_HASH1444 structure.1445 Parameters1446 Type Name Description BYTE [ ] identityLabel The label chosen for a new TPM identity TPM_PUBKEY privacyCA The public key of a TTP chosen to attest to a new TPM identity Action1447 1. TPM_CHOSENID_HASH = SHA(identityLabel || privacyCA)1448 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 104 Level 2 Revision 94 29 March 2006 TCG Published 12.5 TPM_IDENTITY_CONTENTS1449 Start of informative comment1450 TPM_MakeIdentity uses this structure and the signature of this structure goes to a privacy1451 CA during the certification process. There is no reason to update the version as this1452 structure did not change for version 1.2.1453 End of informative comment1454 Definition1455 typedef struct tdTPM_IDENTITY_CONTENTS {1456 TPM_STRUCT_VER ver;1457 UINT32 ordinal;1458 TPM_CHOSENID_HASH labelPrivCADigest;1459 TPM_PUBKEY identityPubKey;1460 } TPM_IDENTITY_CONTENTS;1461 Parameters1462 Type Name Description TPM_STRUCT_VER ver This MUST be 1.1.0.0. This is the version information for this structure and not the underlying key. UINT32 ordinal This SHALL be the ordinal of the TPM_MakeIdentity command. TPM_CHOSENID_HASH labelPrivCADigest This SHALL be the result of hashing the chosen identityLabel and privacyCA for the new TPM identity TPM_PUBKEY identityPubKey This SHALL be the public key structure of the identity key TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 105 TCG Published 12.6 TPM_IDENTITY_REQ1463 Start of informative comment1464 This structure is sent by the TSS to the Privacy CA to create the identity credential.1465 This structure is informative only.1466 End of informative comment1467 Parameters1468 Type Name Description UINT32 asymSize This SHALL be the size of the asymmetric encrypted area created by TSS_CollateIdentityRequest UINT32 symSize This SHALL be the size of the symmetric encrypted area created by TSS_CollateIdentityRequest TPM_KEY_PARMS asymAlgorithm This SHALL be the parameters for the asymmetric algorithm used to create the asymBlob TPM_KEY_PARMS symAlgorithm This SHALL be the parameters for the symmetric algorithm used to create the symBlob BYTE* asymBlob This SHALL be the asymmetric encrypted area from TSS_CollateIdentityRequest BYTE* symBlob This SHALL be the symmetric encrypted area from TSS_CollateIdentityRequest Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 106 Level 2 Revision 94 29 March 2006 TCG Published 12.7 TPM_IDENTITY_PROOF1469 Start of informative comment1470 Structure in use during the AIK credential process.1471 End of informative comment1472 Type Name Description TPM_STRUCT_VER ver This MUST be 1.1.0.0 UINT32 labelSize This SHALL be the size of the label area UINT32 identityBindingSize This SHALL be the size of the identitybinding area UINT32 endorsementSize This SHALL be the size of the endorsement credential UINT32 platformSize This SHALL be the size of the platform credential UINT32 conformanceSize This SHALL be the size of the conformance credential TPM_PUBKEY identityKey This SHALL be the public key of the new identity BYTE* labelArea This SHALL be the text label for the new identity BYTE* identityBinding This SHALL be the signature value of TPM_IDENTITY_CONTENTS structure from the TPM_MakeIdentity command BYTE* endorsementCredential This SHALL be the TPM endorsement credential BYTE* platformCredential This SHALL be the TPM platform credential BYTE* conformanceCredential This SHALL be the TPM conformance credential TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 107 TCG Published 12.8 TPM_ASYM_CA_CONTENTS1473 Start of informative comment1474 This structure contains the symmetric key to encrypt the identity credential.1475 End of informative comment1476 Definition1477 typedef struct tdTPM_ASYM_CA_CONTENTS{1478 TPM_SYMMETRIC_KEY sessionKey;1479 TPM_DIGEST idDigest;1480 } TPM_ASYM_CA_CONTENTS;1481 Parameters1482 Type Name Description TPM_SYMMETRIC_KEY sessionKey This SHALL be the session key used by the CA to encrypt the TPM_IDENTITY_CREDENTIAL TPM_DIGEST idDigest This SHALL be the digest of the TPM _PUBKEY of the key that is being certified by the CA Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 108 Level 2 Revision 94 29 March 2006 TCG Published 12.9 TPM_SYM_CA_ATTESTATION1483 Start of informative comment1484 This structure returned by the Privacy CA with the encrypted identity credential.1485 End of informative comment1486 Type Name Description UINT32 credSize This SHALL be the size of the credential parameter TPM_KEY_PARMS algorithm This SHALL be the indicator and parameters for the symmetric algorithm BYTE* credential This is the result of encrypting TPM_IDENTITY_CREDENTIAL using the session_key and the algorithm indicated "algorithm" TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 109 TCG Published 13. Transport structures1487 13.1 TPM _TRANSPORT_PUBLIC1488 Start of informative comment1489 The public information relative to a transport session1490 End of informative comment1491 Definition1492 typedef struct tdTPM_TRANSPORT_PUBLIC{1493 TPM_STRUCTURE_TAG tag;1494 TPM_TRANSPORT_ATTRIBUTES transAttributes;1495 TPM_ALGORITHM_ID algId;1496 TPM_ENC_SCHEME encScheme;1497 } TPM_TRANSPORT_PUBLIC;1498 Parameters1499 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_TRANSPORT_PUBLIC TPM_TRANSPORT_ATTRIBUTES transAttributes The attributes of this session TPM_ALGORITHM_ID algId This SHALL be the algorithm identifier of the symmetric key. TPM_ENC_SCHEME encScheme This SHALL fully identify the manner in which the key will be used for encryption operations. 13.1.1 TPM_TRANSPORT_ATTRIBUTES Definitions1500 Name Value Description TPM_TRANSPORT_ENCRYPT 0x00000001 The session will provide encryption using the internal encryption algorithm TPM_TRANSPORT_LOG 0x00000002 The session will provide a log of all operations that occur in the session TPM_TRANSPORT_EXCLUSIVE 0X00000004 The transport session is exclusive and any command executed outside the transport session causes the invalidation of the session Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 110 Level 2 Revision 94 29 March 2006 TCG Published 13.2 TPM_TRANSPORT_INTERNAL1501 Start of informative comment1502 The internal information regarding transport session1503 End of informative comment1504 Definition1505 typedef struct tdTPM_TRANSPORT_INTERNAL{1506 TPM_STRUCTURE_TAG tag;1507 TPM_AUTHDATA authData;1508 TPM_TRANSPORT_PUBLIC transPublic;1509 TPM_TRANSHANDLE transHandle;1510 TPM_NONCE transNonceEven;1511 TPM_DIGEST transDigest;1512 } TPM_TRANSPORT_INTERNAL;1513 Parameters1514 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_TRANSPORT_INTERNAL TPM_AUTHDATA authData The shared secret for this session TPM_TRANSPORT_PUBLIC transPublic The public information of this session TPM_TRANSHANDLE transHandle The handle for this session TPM_NONCE transNonceEven The even nonce for the rolling protocol TPM_DIGEST transDigest The log of transport events TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 111 TCG Published 13.3 TPM_TRANSPORT_LOG_IN structure1515 Start of informative comment1516 The logging of transport commands occurs in two steps, before execution with the input1517 parameters and after execution with the output parameters.1518 This structure is in use for input log calculations.1519 End of informative comment1520 Definition1521 typedef struct tdTPM_TRANSPORT_LOG_IN{1522 TPM_STRUCTURE_TAG tag;1523 TPM_DIGEST parameters;1524 TPM_DIGEST pubKeyHash;1525 } TPM_TRANSPORT_LOG_IN;1526 Parameters1527 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_TRANSPORT_LOG_IN TPM_DIGEST parameters The actual parameters contained in the digest are subject to the rules of the command using this structure. To find the exact calculation refer to the actions in the command using this structure. TPM_DIGEST pubKeyHash The hash of any keys in the transport command Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 112 Level 2 Revision 94 29 March 2006 TCG Published 13.4 TPM_TRANSPORT_LOG_OUT structure1528 Start of informative comment1529 The logging of transport commands occurs in two steps, before execution with the input1530 parameters and after execution with the output parameters.1531 This structure is in use for output log calculations.1532 This structure is in use for the INPUT logging during releaseTransport.1533 End of informative comment1534 Definition1535 typedef struct tdTPM_TRANSPORT_LOG_OUT{1536 TPM_STRUCTURE_TAG tag;1537 TPM_CURRENT_TICKS currentTicks;1538 TPM_DIGEST parameters;1539 TPM_MODIFIER_INDICATOR locality;1540 } TPM_TRANSPORT_LOG_OUT;1541 Parameters1542 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_TRANSPORT_LOG_OUT TPM_CURRENT_TICKS currentTicks The current tick count. This SHALL be the value of the current TPM tick counter. TPM_DIGEST parameters The actual parameters contained in the digest are subject to the rules of the command using this structure. To find the exact calculation refer to the actions in the command using this structure. TPM_MODIFIER_INDICATOR locality The locality that called TPM_ExecuteTransport TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 113 TCG Published 13.5 TPM_TRANSPORT_AUTH structure1543 Start of informative comment1544 This structure provides the validation for the encrypted AuthData value.1545 End of informative comment1546 Definition1547 typedef struct tdTPM_TRANSPORT_AUTH {1548 TPM_STRUCTURE_TAG tag;1549 TPM_AUTHDATA authData;1550 } TPM_TRANSPORT_AUTH;1551 Parameters1552 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_TRANSPORT_AUTH TPM_AUTHDATA authData The AuthData value Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 114 Level 2 Revision 94 29 March 2006 TCG Published 14. Audit Structures1553 14.1 TPM_AUDIT_EVENT_IN structure1554 Start of informative comment1555 This structure provides the auditing of the command upon receipt of the command. It1556 provides the information regarding the input parameters.1557 End of informative comment1558 Definition1559 typedef struct tdTPM_AUDIT_EVENT_IN {1560 TPM_STRUCTURE_TAG tag;1561 TPM_DIGEST inputParms;1562 TPM_COUNTER_VALUE auditCount;1563 } TPM_AUDIT_EVENT_IN;1564 Parameters1565 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_AUDIT_EVENT_IN TPM_DIGEST inputParms Digest value according to the HMAC digest rules of the "above the line" parameters (i.e. the first HMAC digest calculation). When there are no HMAC rules, the input digest includes all parameters including and after the ordinal. TPM_COUNTER_VALUE auditCount The current value of the audit monotonic counter TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 115 TCG Published 14.2 TPM_AUDIT_EVENT_OUT structure1566 Start of informative comment1567 This structure reports the results of the command execution. It includes the return code1568 and the output parameters.1569 End of informative comment1570 Definition1571 typedef struct tdTPM_AUDIT_EVENT_OUT {1572 TPM_STRUCTURE_TAG tag;1573 TPM_DIGEST outputParms;1574 TPM_COUNTER_VALUE auditCount;1575 } TPM_AUDIT_EVENT_OUT;1576 Parameters1577 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_AUDIT_EVENT_OUT TPM_DIGEST outputParms Digest value according to the HMAC digest rules of the "above the line" parameters (i.e. the first HMAC digest calculation). When there are no HMAC rules, the output digest includes the return code, the ordinal, and all parameters after the return code. TPM_COUNTER_VALUE auditCount The current value of the audit monotonic counter 1578 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 116 Level 2 Revision 94 29 March 2006 TCG Published 15. Tick Structures1579 15.1 TPM_CURRENT_TICKS1580 Start of informative comment1581 This structure holds the current number of time ticks in the TPM. The value is the number1582 of time ticks from the start of the current session. Session start is a variable function that is1583 platform dependent. Some platforms may have batteries or other power sources and keep1584 the TPM clock session across TPM initialization sessions.1585 The element of the TPM_CURRENT_TICKS structure provides the relationship1586 between ticks and seconds.1587 No external entity may ever set the current number of time ticks held in1588 TPM_CURRENT_TICKS. This value is always reset to 0 when a new clock session starts and1589 increments under control of the TPM.1590 Maintaining the relationship between the number of ticks counted by the TPM and some1591 real world clock is a task for external software.1592 End of informative comment1593 Definition1594 typedef struct tdTPM_CURRENT_TICKS {1595 TPM_STRUCTURE_TAG tag;1596 UINT64 currentTicks;1597 UINT16 tickRate;1598 TPM_NONCE tickNonce;1599 }TPM_CURRENT_TICKS;1600 Parameters1601 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_CURRENT_TICKS UINT64 currentTicks The number of ticks since the start of this tick session UINT16 tickRate One tick represents x microseconds. The maximum resolution of the TPM tick counter would then be 1 microsecond. The minimum resolution SHOULD be 1 millisecond. TPM_NONCE tickNonce The nonce created by the TPM when resetting the currentTicks to 0. This indicates the beginning of a time session. This value MUST be valid before the first use of TPM_CURRENT_TICKS. The value can be set at TPM_Startup or just prior to first use. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 117 TCG Published 16. Return codes1602 Start of informative comment1603 The TPM has five types of return code. One indicates successful operation and four indicate1604 failure. TPM_SUCCESS (00000000) indicates successful execution. The failure reports are:1605 TPM defined fatal errors (00000001 to 000003FF), vendor defined fatal errors (00000400 to1606 000007FF), TPM defined non-fatal errors (00000800 to 00000BFF), vendor defined non-fatal1607 errors (00000C00 to 00000FFF).1608 The range of vendor defined non-fatal errors was determined by the TSS-WG, which defined1609 XXXX YCCC with XXXX as OS specific and Y defining the TSS SW stack layer (0: TPM layer)1610 All failure cases return a non-authenticated fixed set of information, only. This is due to the1611 fact that the failure may have been due to authentication or other factors and there is no1612 possibility of producing an authenticated response.1613 Fatal errors also terminate any authorization sessions. This is a result of returning only the1614 error code as there is no way to return and continue the nonce's necessary to maintain an1615 authorization session. Non-fatal errors do not terminate authorization sessions.1616 End of informative comment1617 Description1618 1. When a command fails for ANY reason, the TPM MUST return only the following three1619 items:1620 a. TPM_TAG_RQU_COMMAND (2 bytes)1621 b. ParamLength(4 bytes, fixed at 10)1622 c. Return Code (4 bytes, never TPM_SUCCESS)1623 2. When a capability has failed to complete successfully, the TPM MUST return a legal1624 error code. Otherwise the TPM SHOULD return TPM_SUCCESS. If a TPM returns an1625 error code after executing a capability, it SHOULD be the error code specified by the1626 capability or another legal error code that is appropriate to the error condition1627 3. A fatal failure SHALL cause termination of the associated authorization or transport1628 session. A non-fatal failure SHALL NOT cause termination of the associated1629 authorization or transport session.1630 4. A fatal failure of a wrapped command SHALL not cause any disruption of a transport1631 session that wrapped the failing command. The exception to this is when the failure1632 causes the TPM itself to go into failure mode (selftest failure etc.)1633 The return code MUST use the following base. The return code MAY be TCG defined or1634 vendor defined.1635 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 118 Level 2 Revision 94 29 March 2006 TCG Published Mask Parameters1636 Name Value Description TPM_BASE 0x0 The start of TPM return codes TPM_SUCCESS TPM_BASE Successful completion of the operation TPM_VENDOR_ERROR TPM_Vendor_Specific32 Mask to indicate that the error code is vendor specific for vendor specific commands. TPM_NON_FATAL 0x00000800 Mask to indicate that the error code is a non-fatal failure. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 119 TCG Published TPM-defined fatal error codes1637 Name Value Description TPM_AUTHFAIL TPM_BASE + 1 Authentication failed TPM_BADINDEX TPM_BASE + 2 The index to a PCR, DIR or other register is incorrect TPM_BAD_PARAMETER TPM_BASE + 3 One or more parameter is bad TPM_AUDITFAILURE TPM_BASE + 4 An operation completed successfully but the auditing of that operation failed. TPM_CLEAR_DISABLED TPM_BASE + 5 The clear disable flag is set and all clear operations now require physical access TPM_DEACTIVATED TPM_BASE + 6 The TPM is deactivated TPM_DISABLED TPM_BASE + 7 The TPM is disabled TPM_DISABLED_CMD TPM_BASE + 8 The target command has been disabled TPM_FAIL TPM_BASE + 9 The operation failed TPM_BAD_ORDINAL TPM_BASE + 10 The ordinal was unknown or inconsistent TPM_INSTALL_DISABLED TPM_BASE + 11 The ability to install an owner is disabled TPM_INVALID_KEYHANDLE TPM_BASE + 12 The key handle can not be interpreted TPM_KEYNOTFOUND TPM_BASE + 13 Thekeyhandle points to an invalid key TPM_INAPPROPRIATE_ENC TPM_BASE + 14 Unacceptable encryption scheme TPM_MIGRATEFAIL TPM_BASE + 15 Migration authorization failed TPM_INVALID_PCR_INFO TPM_BASE + 16 PCR information could not be interpreted TPM_NOSPACE TPM_BASE + 17 No room to load key. TPM_NOSRK TPM_BASE + 18 There is no SRK set TPM_NOTSEALED_BLOB TPM_BASE + 19 An encrypted blob is invalid or was not created by this TPM TPM_OWNER_SET TPM_BASE + 20 There is already an Owner TPM_RESOURCES TPM_BASE + 21 The TPM has insufficient internal resources to perform the requested action. TPM_SHORTRANDOM TPM_BASE + 22 A random string was too short TPM_SIZE TPM_BASE + 23 The TPM does not have the space to perform the operation. TPM_WRONGPCRVAL TPM_BASE + 24 The named PCR value does not match the current PCR value. TPM_BAD_PARAM_SIZE TPM_BASE + 25 The paramSize argument to the command has the incorrect value TPM_SHA_THREAD TPM_BASE + 26 There is no existing SHA-1 thread. TPM_SHA_ERROR TPM_BASE + 27 The calculation is unable to proceed because the existing SHA-1 thread has already encountered an error. TPM_FAILEDSELFTEST TPM_BASE + 28 Self-test has failed and the TPM has shutdown. TPM_AUTH2FAIL TPM_BASE + 29 The authorization for the second key in a 2 key function failed authorization TPM_BADTAG TPM_BASE + 30 The tag value sent to for a command is invalid TPM_IOERROR TPM_BASE + 31 An IO error occurred transmitting information to the TPM TPM_ENCRYPT_ERROR TPM_BASE + 32 The encryption process had a problem. TPM_DECRYPT_ERROR TPM_BASE + 33 The decryption process did not complete. TPM_INVALID_AUTHHANDLE TPM_BASE + 34 An invalid handle was used. TPM_NO_ENDORSEMENT TPM_BASE + 35 The TPM does not a EK installed TPM_INVALID_KEYUSAGE TPM_BASE + 36 The usage of a key is not allowed Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 120 Level 2 Revision 94 29 March 2006 TCG Published Name Value Description TPM_WRONG_ENTITYTYPE TPM_BASE + 37 The submitted entity type is not allowed TPM_INVALID_POSTINIT TPM_BASE + 38 The command was received in the wrong sequence relative to TPM_Init and a subsequent TPM_Startup TPM_INAPPROPRIATE_SIG TPM_BASE + 39 Signed data cannot include additional DER information TPM_BAD_KEY_PROPERTY TPM_BASE + 40 The key properties in TPM_KEY_PARMs are not supported by this TPM TPM_BAD_MIGRATION TPM_BASE + 41 The migration properties of this key are incorrect. TPM_BAD_SCHEME TPM_BASE + 42 The signature or encryption scheme for this key is incorrect or not permitted in this situation. TPM_BAD_DATASIZE TPM_BASE + 43 The size of the data (or blob) parameter is bad or inconsistent with the referenced key TPM_BAD_MODE TPM_BASE + 44 A mode parameter is bad, such as capArea or subCapArea for TPM_GetCapability, physicalPresence parameter for TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob. TPM_BAD_PRESENCE TPM_BASE + 45 Either the physicalPresence or physicalPresenceLock bits have the wrong value TPM_BAD_VERSION TPM_BASE + 46 The TPM cannot perform this version of the capability TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 The TPM does not allow for wrapped transport sessions TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 TPM audit construction failed and the underlying command was returning a failure code also TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 TPM audit construction failed and the underlying command was returning success TPM_NOTRESETABLE TPM_BASE + 50 Attempt to reset a PCR register that does not have the resettable attribute TPM_NOTLOCAL TPM_BASE + 51 Attempt to reset a PCR register that requires locality and locality modifier not part of command transport TPM_BAD_TYPE TPM_BASE + 52 Make identity blob not properly typed TPM_INVALID_RESOURCE TPM_BASE + 53 When saving context identified resource type does not match actual resource TPM_NOTFIPS TPM_BASE + 54 The TPM is attempting to execute a command only available when in FIPS mode TPM_INVALID_FAMILY TPM_BASE + 55 The command is attempting to use an invalid family ID TPM_NO_NV_PERMISSION TPM_BASE + 56 The permission to manipulate the NV storage is not available TPM_REQUIRES_SIGN TPM_BASE + 57 The operation requires a signed command TPM_KEY_NOTSUPPORTED TPM_BASE + 58 Wrong operation to load an NV key TPM_AUTH_CONFLICT TPM_BASE + 59 NV_LoadKey blob requires both owner and blob authorization TPM_AREA_LOCKED TPM_BASE + 60 The NV area is locked and not writable TPM_BAD_LOCALITY TPM_BASE + 61 The locality is incorrect for the attempted operation TPM_READ_ONLY TPM_BASE + 62 The NV area is read only and can't be written to TPM_PER_NOWRITE TPM_BASE + 63 There is no protection on the write to the NV area TPM_FAMILYCOUNT TPM_BASE + 64 The family count value does not match TPM_WRITE_LOCKED TPM_BASE + 65 The NV area has already been written to TPM_BAD_ATTRIBUTES TPM_BASE + 66 The NV area attributes conflict TPM_INVALID_STRUCTURE TPM_BASE + 67 The structure tag and version are invalid or inconsistent TPM_KEY_OWNER_CONTROL TPM_BASE + 68 The key is under control of the TPM Owner and can only be evicted by the TPM Owner. TPM_BAD_COUNTER TPM_BASE + 69 The counter handle is incorrect TPM_NOT_FULLWRITE TPM_BASE + 70 The write is not a complete write of the area TPM_CONTEXT_GAP TPM_BASE + 71 The gap between saved context counts is too large TPM_MAXNVWRITES TPM_BASE + 72 The maximum number of NV writes without an owner has been exceeded TPM_NOOPERATOR TPM_BASE + 73 No operator AuthData value is set TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 121 TCG Published Name Value Description TPM_RESOURCEMISSING TPM_BASE + 74 The resource pointed to by context is not loaded TPM_DELEGATE_LOCK TPM_BASE + 75 The delegate administration is locked TPM_DELEGATE_FAMILY TPM_BASE + 76 Attempt to manage a family other then the delegated family TPM_DELEGATE_ADMIN TPM_BASE + 77 Delegation table management not enabled TPM_TRANSPORT_NOTEXCLUSIVE TPM_BASE + 78 There was a command executed outside of an exclusive transport session TPM_OWNER_CONTROL TPM_BASE + 79 Attempt to context save a owner evict controlled key TPM_DAA_RESOURCES TPM_BASE + 80 The DAA command has no resources available to execute the command TPM_DAA_INPUT_DATA0 TPM_BASE + 81 The consistency check on DAA parameter inputData0 has failed. TPM_DAA_INPUT_DATA1 TPM_BASE + 82 The consistency check on DAA parameter inputData1 has failed. TPM_DAA_ISSUER_SETTINGS TPM_BASE + 83 The consistency check on DAA_issuerSettings has failed. TPM_DAA_TPM_SETTINGS TPM_BASE + 84 The consistency check on DAA_tpmSpecific has failed. TPM_DAA_STAGE TPM_BASE + 85 The atomic process indicated by the submitted DAA command is not the expected process. TPM_DAA_ISSUER_VALIDITY TPM_BASE + 86 The issuer's validity check has detected an inconsistency TPM_DAA_WRONG_W TPM_BASE + 87 The consistency check on w has failed. TPM_BAD_HANDLE TPM_BASE + 88 The handle is incorrect TPM_BAD_DELEGATE TPM_BASE + 89 Delegation is not correct TPM_BADCONTEXT TPM_BASE + 90 The context blob is invalid TPM_TOOMANYCONTEXTS TPM_BASE + 91 Too many contexts held by the TPM TPM_MA_TICKET_SIGNATURE TPM_BASE + 92 Migration authority signature validation failure TPM_MA_DESTINATION TPM_BASE + 93 Migration destination not authenticated TPM_MA_SOURCE TPM_BASE + 94 Migration source incorrect TPM_MA_AUTHORITY TPM_BASE + 95 Incorrect migration authority TPM_PERMANENTEK TPM_BASE + 97 Attempt to revoke the EK and the EK is not revocable TPM_BAD_SIGNATURE TPM_BASE + 98 Bad signature of CMK ticket TPM_NOCONTEXTSPACE TPM_BASE + 99 There is no room in the context list for additional contexts TPM-defined non-fatal errors1638 Name Value Description TPM_RETRY TPM_BASE + TPM_NON_FATAL The TPM is too busy to respond to the command immediately, but the command could be resubmitted at a later time The TPM MAY return TPM_RETRY for any command at any time. TPM_NEEDS_SELFTEST TPM_BASE + TPM_NON_FATAL + 1 TPM_ContinueSelfTest has not been run. TPM_DOING_SELFTEST TPM_BASE + TPM_NON_FATAL + 2 The TPM is currently executing the actions of TPM_ContinueSelfTest because the ordinal required resources that have not been tested. TPM_DEFEND_LOCK_RUNNING TPM_BASE + TPM_NON_FATAL + 3 The TPM is defending against dictionary attacks and is in some time-out period. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 122 Level 2 Revision 94 29 March 2006 TCG Published 17. Ordinals1639 Start of informative comment1640 The command ordinals provide the index value for each command. The following list1641 contains the index value and other information relative to the ordinal.1642 TPM commands are divided into three classes: Protected/Unprotected, Non-1643 Connection/Connection related, and TPM/Vendor.1644 End of informative comment1645 Ordinals are 32 bit values. The upper byte contains values that serve as flag indicators, the1646 next byte contains values indicating what committee designated the ordinal, and the final1647 two bytes contain the Command Ordinal Index.1648 3 2 11649 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 01650 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+1651 |P|C|V| Reserved| Purview | Command Ordinal Index |1652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+1653 Where:1654 P is Protected/Unprotected command. When 0 the command is a Protected command, when1655 1 the command is an Unprotected command.1656 C is Non-Connection/Connection related command. When 0 this command passes through1657 to either the protected (TPM) or unprotected (TSS) components.1658 V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the command is1659 vendor defined.1660 All reserved area bits are set to 0.1661 The following masks are created to allow for the quick definition of the commands1662 Value Event Name Comments 0x00000000 TPM_PROTECTED_COMMAND TPM protected command, specified in main specification 0x80000000 TPM_UNPROTECTED_COMMAND TSS command, specified in the TSS specification 0x40000000 TPM_CONNECTION_COMMAND TSC command, protected connection commands are specified in the main specification. Unprotected connection commands are specified in the TSS. 0x20000000 TPM_VENDOR_COMMAND Command that is vendor specific for a given TPM or TSS. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 123 TCG Published The following Purviews have been defined:1663 Value Event Name Comments 0x00 TPM_MAIN Command is from the main specification 0x01 TPM_PC Command is specific to the PC 0x02 TPM_PDA Command is specific to a PDA 0x03 TPM_CELL_PHONE Command is specific to a cell phone 0x04 TPM_SERVER Command is specific to servers 1664 Combinations for the main specification would be1665 Value Event Name TPM_PROTECTED_COMMAND | TPM_MAIN TPM_PROTECTED_ORDINAL TPM_UNPROTECTED_COMMAND | TPM_MAIN TPM_UNPROTECTED_ORDINAL TPM_CONNECTION_COMMAND | TPM_MAIN TPM_CONNECTION_ORDINAL 1666 If a command is tagged from the audit column the default state is that use of that command1667 SHALL be audited. Otherwise, the default state is that use of that command SHALL NOT be1668 audited.1669 Column Column Values Comments and valid column entries AUTH2 x Does the command support two authorization entities, normally two keys AUTH1 x Does the commands support an single authorization session RQU x Does the command execute without any authorization Optional x Is the command optional No Owner x Is the command executable when no owner is present PCR Use Enforced x Does the command enforce PCR restrictions when executed Physical presence P,O,T P = The command requires physical presence O = The command requires physical presence or operator authentication T = The command requires physical presence or TPM owner authentication T* = The NV space maybe configured to require physical presence additional to TPM owner authentication A* = The NV space maybe configured to require physical presence additional to other entity owner authentication Audit x, N Is the default for auditing enabled N = Never the ordinal is never audited Duration S, M, L What is the expected duration of the command, S = Short implies no asymmetric cryptography M = Medium implies an asymmetric operation L = Long implies asymmetric key generation 1.2 Changes N, D, X, C N = New for 1.2 X = Deleted in 1.2 D = Deprecated in 1.2 C = Changed in 1.2 FIPS changes x Ordinal has change to satisfy FIPS 140 requirements Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 124 Level 2 Revision 94 29 March 2006 TCG Published Avail Deactivated x, A Ordinal will execute when deactivated A = Authorization means that command will only work if the underlying NV store does not require authorization Avail Disabled x, A Ordinal will execute when disabled A = Authorization means that command will only work if the underlying NV store does not require authorization The TPM MUST return TPM_DISABLED for all commands other than those marked as available 1670 The following table is normative, and is the over riding authority in case of discrepancies in1671 other parts of this specification.1672 1673 TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled TPM_ORD_ActivateIdentity 122 0x0000007A X X X X M TPM_ORD_AuthorizeMigrationKey 43 0x0000002B X X S TPM_ORD_CertifyKey 50 0x00000032 X X X X M TPM_ORD_CertifyKey2 51 0x00000033 X X X X M N TPM_ORD_CertifySelfTest 82 0x00000052 X X X M X TPM_ORD_ChangeAuth 12 0x0000000C X X M TPM_ORD_ChangeAuthAsymFinish 15 0x0000000F X X X M D TPM_ORD_ChangeAuthAsymStart 14 0x0000000E X X X L D TPM_ORD_ChangeAuthOwner 16 0x00000010 X X X S TPM_ORD_CMK_ApproveMA 29 0x0000001D X S N TPM_ORD_CMK_ConvertMigration 36 0x00000024 X X M N TPM_ORD_CMK_CreateBlob 27 0x0000001B X X M N TPM_ORD_CMK_CreateKey 19 0x00000013 X X L N X TPM_ORD_CMK_CreateTicket 18 0x00000012 X M N TPM_ORD_CMK_SetRestrictions 28 0x0000001C X X T S N TPM_ORD_ContinueSelfTest 83 0x00000053 X X L X X X TPM_ORD_ConvertMigrationBlob 42 0x0000002A X X X X M TPM_ORD_CreateCounter 220 0x000000DC X S N TPM_ORD_CreateEndorsementKeyPair 120 0x00000078 X X L TPM_ORD_CreateMaintenanceArchive 44 0x0000002C X X X S TPM_ORD_CreateMigrationBlob 40 0x00000028 X X X X M TPM_ORD_CreateRevocableEK 127 0x0000007F X X X L N TPM_ORD_CreateWrapKey 31 0x0000001F X X X L X TPM_ORD_DAA_Join 41 0x00000029 X X L N TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 125 TCG Published TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled TPM_ORD_DAA_Sign 49 0x00000031 X X L N TPM_ORD_Delegate_CreateKeyDelegat ion 212 0x000000D4 X M N TPM_ORD_Delegate_CreateOwnerDele gation 213 0x000000D5 X M N TPM_ORD_Delegate_LoadOwnerDelega tion 216 0x000000D8 X X X M N TPM_ORD_Delegate_Manage 210 0x000000D2 X X X M N TPM_ORD_Delegate_ReadTable 219 0x000000DB X X S N TPM_ORD_Delegate_UpdateVerification 209 0x000000D1 X S N TPM_ORD_Delegate_VerifyDelegation 214 0x000000D6 X M N TPM_ORD_DirRead 26 0x0000001A X S D TPM_ORD_DirWriteAuth 25 0x00000019 X S D TPM_ORD_DisableForceClear 94 0x0000005E X X X S TPM_ORD_DisableOwnerClear 92 0x0000005C X X S TPM_ORD_DisablePubekRead 126 0x0000007E X X S TPM_ORD_DSAP 17 0x00000011 X S N X X TPM_ORD_EstablishTransport 230 0x000000E6 X X X S N TPM_ORD_EvictKey 34 0x00000022 X S D TPM_ORD_ExecuteTransport 231 0x000000E7 X ? L N TPM_ORD_Extend 20 0x00000014 X X S X X TPM_ORD_FieldUpgrade 170 0x000000AA X X X X X ? TPM_ORD_FlushSpecific 186 0x000000BA X X S N X X TPM_ORD_ForceClear 93 0x0000005D X X P X S TPM_ORD_GetAuditDigest 133 0x00000085 X X X N S N TPM_ORD_GetAuditDigestSigned 134 0x00000086 X X X N M N TPM_ORD_GetAuditEvent 130 0x00000082 X X N S X TPM_ORD_GetAuditEventSigned 131 0x00000083 X X X N M X TPM_ORD_GetCapability 101 0x00000065 X X S C X X TPM_ORD_GetCapabilityOwner 102 0x00000066 X S D TPM_ORD_GetCapabilitySigned 100 0x00000064 X X X M X TPM_ORD_GetOrdinalAuditStatus 140 0x0000008C X N S X TPM_ORD_GetPubKey 33 0x00000021 X X X S TPM_ORD_GetRandom 70 0x00000046 X X S TPM_ORD_GetTestResult 84 0x00000054 X X S X X Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 126 Level 2 Revision 94 29 March 2006 TCG Published TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled TPM_ORD_GetTicks 241 0x000000F1 X X S N TPM_ORD_IncrementCounter 221 0x000000DD X S N TPM_ORD_Init 151 0x00000097 X M X X TPM_ORD_KeyControlOwner 35 0x00000023 X S N TPM_ORD_KillMaintenanceFeature 46 0x0000002E X X X S TPM_ORD_LoadAuthContext 183 0x000000B7 X X X M D TPM_ORD_LoadContext 185 0x000000B9 X M N TPM_ORD_LoadKey 32 0x00000020 X X X M D X TPM_ORD_LoadKey2 65 0x00000041 X X X M C X TPM_ORD_LoadKeyContext 181 0x000000B5 X X X S D TPM_ORD_LoadMaintenanceArchive 45 0x0000002D X X X S TPM_ORD_LoadManuMaintPub 47 0x0000002F X X X S TPM_ORD_MakeIdentity 121 0x00000079 X X X X L X TPM_ORD_MigrateKey 37 0x00000025 X X X M C TPM_ORD_NV_DefineSpace 204 0x000000CC X X X T S N A A TPM_ORD_NV_ReadValue 207 0x000000CF X X X T* X S N A A TPM_ORD_NV_ReadValueAuth 208 0x000000D0 X A* X S N TPM_ORD_NV_WriteValue 205 0x000000CD X X X T* X S N A A TPM_ORD_NV_WriteValueAuth 206 0x000000CE X A* X S N TPM_ORD_OIAP 10 0x0000000A X X S X X TPM_ORD_OSAP 11 0x0000000B X S X X TPM_ORD_OwnerClear 91 0x0000005B X X S TPM_ORD_OwnerReadInternalPub 129 0x00000081 X S C TPM_ORD_OwnerReadPubek 125 0x0000007D X X S D TPM_ORD_OwnerSetDisable 110 0x0000006E X X S X X TPM_ORD_PCR_Reset 200 0x000000C8 X X S N X X TPM_ORD_PcrRead 21 0x00000015 X X S TPM_ORD_PhysicalDisable 112 0x00000070 X X P X S X TPM_ORD_PhysicalEnable 111 0x0000006F X X P X S X X TPM_ORD_PhysicalSetDeactivated 114 0x00000072 X X P X S X TPM_ORD_Quote 22 0x00000016 X X X M TPM_ORD_Quote2 62 0x0000003E X X X X M N TPM_ORD_ReadCounter 222 0x000000DE X X S N TPM_ORD_ReadManuMaintPub 48 0x00000030 X X X S TPM_ORD_ReadPubek 124 0x0000007C X X X S TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 127 TCG Published TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled TPM_ORD_ReleaseCounter 223 0x000000DF X X S N TPM_ORD_ReleaseCounterOwner 224 0x000000E0 X S N TPM_ORD_ReleaseTransportSigned 232 0x000000E8 X X X M N TPM_ORD_Reset 90 0x0000005A X X S C X X TPM_ORD_ResetLockValue 64 0x00000040 X S N TPM_ORD_RevokeTrust 128 0x00000080 X X X P S N TPM_ORD_SaveAuthContext 182 0x000000B6 X X X M D TPM_ORD_SaveContext 184 0x000000B8 X M N TPM_ORD_SaveKeyContext 180 0x000000B4 X X X M D TPM_ORD_SaveState 152 0x00000098 X X M X X TPM_ORD_Seal 23 0x00000017 X X M TPM_ORD_Sealx 61 0x0000003D X X X M N TPM_ORD_SelfTestFull 80 0x00000050 X X L X X TPM_ORD_SetCapability 63 0x0000003F X X S N X X TPM_ORD_SetOperatorAuth 116 0x00000074 X X P S N TPM_ORD_SetOrdinalAuditStatus 141 0x0000008D X X X S TPM_ORD_SetOwnerInstall 113 0x00000071 X X P X S TPM_ORD_SetOwnerPointer 117 0x00000075 X S N TPM_ORD_SetRedirection 154 0x0000009A X X P X S TPM_ORD_SetTempDeactivated 115 0x00000073 X X X O X S TPM_ORD_SHA1Complete 162 0x000000A2 X X S X X TPM_ORD_SHA1CompleteExtend 163 0x000000A3 X X S X X TPM_ORD_SHA1Start 160 0x000000A0 X X S X X TPM_ORD_SHA1Update 161 0x000000A1 X X S X X TPM_ORD_Sign 60 0x0000003C X X X M TPM_ORD_Startup 153 0x00000099 X X S X X TPM_ORD_StirRandom 71 0x00000047 X X S TPM_ORD_TakeOwnership 13 0x0000000D X X X L X TPM_ORD_Terminate_Handle 150 0x00000096 X X S D X X TPM_ORD_TickStampBlob 242 0x000000F2 X X X M N TPM_ORD_UnBind 30 0x0000001E X X X M TPM_ORD_Unseal 24 0x00000018 X X X M C UNUSED 38 0x00000026 UNUSED 39 0x00000027 UNUSED 66 0x00000042 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 128 Level 2 Revision 94 29 March 2006 TCG Published TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled UNUSED 67 0x00000043 UNUSED 68 0x00000044 UNUSED 69 0x00000045 UNUSED 72 0x00000048 UNUSED 73 0x00000049 UNUSED 74 0x0000004A UNUSED 75 0x0000004B UNUSED 76 0x0000004C UNUSED 77 0x0000004D UNUSED 78 0x0000004E UNUSED 79 0x0000004F UNUSED 81 0x00000051 UNUSED 85 0x00000055 UNUSED 86 0x00000056 UNUSED 87 0x00000057 UNUSED 88 0x00000058 UNUSED 89 0x00000059 UNUSED 95 0x0000005F UNUSED 96 0x00000060 UNUSED 97 0x00000061 UNUSED 98 0x00000062 UNUSED 99 0x00000063 UNUSED 103 0x00000067 UNUSED 104 0x00000068 UNUSED 105 0x00000069 UNUSED 106 0x0000006A UNUSED 107 0x0000006B UNUSED 108 0x0000006C UNUSED 109 0x0000006D UNUSED 118 0x00000076 UNUSED 119 0x00000077 UNUSED 132 0x00000084 UNUSED 135 0x00000087 UNUSED 136 0x00000088 UNUSED 137 0x00000089 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 129 TCG Published TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled UNUSED 138 0x0000008A UNUSED 139 0x0000008B UNUSED 142 0x0000008E UNUSED 143 0x0000008F UNUSED 144 0x00000090 UNUSED 145 0x00000091 UNUSED 146 0x00000092 UNUSED 147 0x00000093 UNUSED 148 0x00000094 UNUSED 149 0x00000095 UNUSED 155 0x0000009B UNUSED 156 0x0000009C UNUSED 157 0x0000009D UNUSED 158 0x0000009E UNUSED 159 0x0000009F UNUSED 164 0x000000A4 UNUSED 165 0x000000A5 UNUSED 166 0x000000A6 UNUSED 167 0x000000A7 UNUSED 168 0x000000A8 UNUSED 169 0x000000A9 UNUSED 171 0x000000AB UNUSED 172 0x000000AC UNUSED 173 0x000000AD UNUSED 174 0x000000AE UNUSED 175 0x000000AF UNUSED 176 0x000000B0 UNUSED 177 0x000000B1 UNUSED 178 0x000000B2 UNUSED 179 0x000000B3 UNUSED 187 0x000000BB UNUSED 188 0x000000BC UNUSED 189 0x000000BD UNUSED 190 0x000000BE UNUSED 191 0x000000BF Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 130 Level 2 Revision 94 29 March 2006 TCG Published TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PhysicalPresence PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled UNUSED 192 0x000000C0 UNUSED 193 0x000000C1 UNUSED 194 0x000000C2 UNUSED 195 0x000000C3 UNUSED 196 0x000000C4 UNUSED 197 0x000000C5 UNUSED 198 0x000000C6 UNUSED 199 0x000000C7 UNUSED 202 0x000000CA UNUSED 203 0x000000CB UNUSED 211 0x000000D3 UNUSED 215 0x000000D7 Unused 217 0x000000D9 x S UNUSED 218 0x000000DA UNUSED 225 0x000000E1 UNUSED 233 0x000000E9 UNUSED 234 0x000000EA UNUSED 235 0x000000EB UNUSED 236 0x000000EC UNUSED 237 0x000000ED UNUSED 238 0x000000EE UNUSED 239 0x000000EF UNUSED 240 0x000000F0 UNUSED 201 0x00000C9 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 131 TCG Published 17.1 TSC Ordinals1674 Start of informative comment1675 The TSC ordinals are optional in the main specification. They are mandatory in the PC1676 Client specification.1677 End of informative comment1678 The connection commands manage the TPM's connection to the TBB.1679 TPM_PROTECTED_O RDINAL+ Completeordinal AUTH2 AUTH1 RQU Optional NoOwner PCRUseenforced Audit Duration 1.2 FIPSChanges AvailDeactivated AvailDisabled TSC_ORD_PhysicalPresence 10 0x4000000A X X X S C X X TSC_ORD_ResetEstablishmentBit 11 0x4000000B X X X S N X X Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 132 Level 2 Revision 94 29 March 2006 TCG Published 18. Context structures1680 18.1 TPM_CONTEXT_BLOB1681 Start of informative comment1682 This is the header for the wrapped context. The blob contains all information necessary to1683 reload the context back into the TPM.1684 The additional data is in use by the TPM manufacturer to save information that will assist1685 in the reloading of the context. This area must not contain any shielded data. For instance,1686 the field could contain some size information that allows the TPM more efficient loads of the1687 context. The additional area could not contain one of the primes for a RSA key.1688 To ensure integrity of the blob when using symmetric encryption the TPM vendor could use1689 some valid cipher chaining mechanism. To ensure the integrity without depending on1690 correct implementation the TPM_CONTEXT_BLOB structure uses a HMAC of the entire1691 structure using tpmProof as the secret value.1692 End of informative comment1693 Definition1694 typedef struct tdTPM_CONTEXT_BLOB {1695 TPM_STRUCTURE_TAG tag;1696 TPM_RESOURCE_TYPE resourceType;1697 TPM_HANDLE handle;1698 BYTE[16] label;1699 UINT32 contextCount;1700 TPM_DIGEST integrityDigest;1701 UINT32 additionalSize;1702 [size_is(additionalSize)] BYTE* additionalData;1703 UINT32 sensitiveSize;51704 [size_is(sensitiveSize)] BYTE* sensitiveData;1705 }TPM_CONTEXT_BLOB;1706 Parameters1707 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_CONTEXTBLOB TPM_RESOURCE_TYPE resourceType The resource type TPM_HANDLE handle Previous handle of the resource BYTE[16] label Label for identification of the blob. Free format area. UINT32 contextCount MUST be TPM_STANY_DATA -> contextCount when creating the structure. This value is ignored for context blobs that reference a key. TPM_DIGEST integrityDigest The integrity of the entire blob including the sensitive area. This is a HMAC calculation with the entire structure (including sensitiveData) being the hash and tpmProof is the secret UINT32 additionalSize The size of additionalData BYTE additionalData Additional information set by the TPM that helps define and reload the context. The information held in this area MUST NOT expose any TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 133 TCG Published Type Name Description information held in shielded locations. This should include any IV for symmetric encryption UINT32 sensitiveSize The size of sensitiveData BYTE sensitiveData The normal information for the resource that can be exported Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 134 Level 2 Revision 94 29 March 2006 TCG Published 18.2 TPM_CONTEXT_SENSITIVE1708 Start of informative comment1709 The internal areas that the TPM needs to encrypt and store off the TPM.1710 This is an informative structure and the TPM can implement in any manner they wish.1711 End of informative comment1712 Definition1713 typedef struct tdTPM_CONTEXT_SENSITIVE {1714 TPM_STRUCTURE_TAG tag;1715 TPM_NONCE contextNonce;1716 UINT32 internalSize;1717 [size_is(internalSize)] BYTE* internalData;1718 }TPM_CONTEXT_SENSITIVE;1719 Parameters1720 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_CONTEXT_SENSITIVE TPM_NONCE contextNonce On context blobs other than keys this MUST be TPM_STANY_DATA > contextNonceSession For keys the value is TPM_STCLEAR_DATA -> contextNonceKey UINT32 internalSize The size of the internalData area BYTE internalData The internal data area TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 135 TCG Published 19. NV storage structures1721 19.1 TPM_NV_INDEX1722 Start of informative comment1723 The index provides the handle to identify the area of storage. The reserved bits allow for a1724 segregation of the index name space to avoid name collisions.1725 The TCG defines the space where the high order bits (T, P, U) are 0. The other spaces are1726 controlled by the indicated entity.1727 End of informative comment1728 The TPM_NV_INDEX is a 32-bit value.1729 3 2 11730 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 01731 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+1732 |T|P|U|D| resvd | Purview | Index |1733 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+1734 Where:1735 1. All reserved area bits are set to 01736 a. T is the TPM manufacturer reserved bit. 0 indicates TCG defined value 1 indicates a1737 TPM manufacturer specific value1738 b. P is the platform manufacturer reserved bit. 1 indicates that the index controlled by1739 the platform manufacturer.1740 c. U is for the platform user. 1 indicates that the index controlled by the platform user.1741 d. D indicates defined. 1 indicates that the index is permanently defined and that any1742 defineSpace operation will fail.1743 e. TCG reserved areas have T/P/U set to 01744 f. TCG reserved areas MAY have D set to 0 or 11745 2. Purview is the same value used to indicate the platform specific area. This value is the1746 same purview as in use for command ordinals.1747 a. The TPM MUST reject index values that do not match the purview of the TPM. This1748 means that a index value for a PDA is rejected by a TPM designed to work on the PC.1749 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 136 Level 2 Revision 94 29 March 2006 TCG Published 19.1.1 Required TPM_NV_INDEX values1750 Start of informative comment1751 The required index values must be found on each TPM regardless of platform. These areas1752 are always present and do not require a TPM_NV_DefineSpace command to allocate.1753 A platform specific specification may add additional required index values for the platform.1754 End of informative comment1755 1. The TPM MUST reserve the space as indicated for the required index values1756 Required Index values1757 Value Index Name Default Size Attributes 0xFFFFFFFF TPM_NV_INDEX_LOCK Size for this MUST be 0. This value turns on the NV authorization protections. Once executed all NV areas us the protections as defined. This value never resets. Attempting to execute TPM_NV_DefineSpace on this value with non-zero size MUST result in a TPM_BADINDEX response. None 0x00000000 TPM_NV_INDEX0 Size for this MUST be 0. This value allows for the setting of the bGlobalLock flag, which is only reset on TPM_Startup(ST_Clear) Attempting to execute TPM_NV_WriteValue with a size other than zero MUST result in the TPM_BADINDEX error code. None 0x10000001 TPM_NV_INDEX_DIR Size MUST be 20. This index points to the deprecated DIR command area from 1.1. The TPM MUST map this reserved space to be the area operated on by the 1.1 DIR commands. As the DIR commands are deprecated any additional DIR functionally MUST use the NV commands and not the DIR command. Attempts to execute TPM_NV_DefineSpace with this index MUST result in TPM_BADINDEX TPM_NV_PER_OWNERWRITE TPM_NV_PER_WRITEALL TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 137 TCG Published 19.1.2 Reserved Index values1758 Start of informative comment1759 The reserved values are defined to avoid index collisions. These values are not in each and1760 every TPM.1761 End of informative comment1762 1. The reserved index values are to avoid index value collisions.1763 2. These index values require a TPM_NV_DefineSpace to have the area for the index1764 allocated1765 3. A platform specific specification MAY indicate that reserved values are required.1766 4. The reserved index values MAY have their D bit set by the TPM vendor to permanently1767 reserve the index in the TPM1768 Value Event Name Default Size 0x0000F000 TPM_NV_INDEX_EKCert The Endorsement credential 0x0000F 001 TPM_NV_INDEX_TPM_CC The TPM Conformance credential 0x0000F002 TPM_NV_INDEX_PlatformCert The platform credential 0x0000F003 TPM_NV_INDEX_Platform_CC The Platform conformance credential 0x000111xx TPM_NV_INDEX_TSS Reserved for TSS use 0x000112xx TPM_NV_INDEX_PC Reserved for PC Client use 0x000113xx TPM_NV_INDEX_SERVER reserved for Server use 0x000114xx TPM_NV_INDEX_MOBILE Reserved for mobile use 0x000115xx TPM_NV_INDEX_PERIPHERAL Reserved for peripheral use 0x000116xx TPM_NV_INDEX_GPIO_xx Reserved for GPIO pins 0x0001xxxx TPM_NV_INDEX_GROUP_RESV Reserved for TCG WG's Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 138 Level 2 Revision 94 29 March 2006 TCG Published 19.2 TPM_NV_ATTRIBUTES1769 Start of informative comment1770 This structure allows the TPM to keep track of the data and permissions to manipulate the1771 area.1772 A write once per lifetime of the TPM attribute, while attractive, is simply too dangerous1773 (attacker allocates all of the NV area and uses it). The locked attribute adds close to that1774 functionality. This allows the area to be "locked" and only changed when unlocked. The lock1775 bit would be set for all indexes sometime during the initialization of a platform. The use1776 model would be that the platform BIOS would lock the TPM and only allow changes in the1777 BIOS setup routine.1778 There are no locality bits to allow for a locality to define space. The rationale behind this is1779 that the define space includes the permissions so that would mean any locality could define1780 space. The use model for localities would assume that the platform owner was opting into1781 the use of localities and would define the space necessary to operate when the opt-in was1782 authorized.1783 When using the command TPM_NV_ReadValue, the attributes TPM_NV_PER_AUTHREAD1784 and TPM_NV_PER_OWNERREAD cannot both be set to TRUE. Similarly, when using the1785 commnd TPM_NV_WriteValue, the attributes TPM_NV_PER_AUTHWRITE and1786 TPM_NV_PER_OWNERWRITE cannot both be TRUE at the same time.1787 End of informative comment1788 Definition1789 typedef struct tdTPM_NV_ATTRIBUTES{1790 TPM_STRUCTURE_TAG tag;1791 UINT32 attributes;1792 } TPM_NV_ATTRIBUTES;1793 Parameters1794 Type Name Description TPM_STRUCTURE_TAG tag TPM_TAG_NV_ATTRIBUTES UINT32 attributes The attribute area Attributes values1795 Bit Name Description 31 TPM_NV_PER_READ_STCLEAR The value can be read until locked by a read with a data size of 0. It can only be unlocked by TPM_Startup(ST_Clear) or a successful write. 30:19 Reserved 18 TPM_NV_PER_AUTHREAD The value requires authorization to read 17 TPM_NV_PER_OWNERREAD The value requires TPM Owner authorization to read. 16 TPM_NV_PER_PPREAD The value requires physical presence to read 15 TPM_NV_PER_GLOBALLOCK The value is writable until a write to index 0 is successful. The lock of this attribute is reset by TPM_Startup(ST_CLEAR). Lock held by SF -> bGlobalLock TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 139 TCG Published Bit Name Description 14 TPM_NV_PER_WRITE_STCLEAR The value is writable until a write to the specified index with a datasize of 0 is successful. The lock of this attribute is reset by TPM_Startup(ST_CLEAR). Lock held for each area in bWriteSTClear 13 TPM_NV_PER_WRITEDEFINE The value can only be written once after performing the TPM_NV_DefineSpace command. Lock held for each area as bWriteDefine. Lock set by writing to the index with a datasize of 0 12 TPM_NV_PER_WRITEALL The value must be written in a single operation 11:3 Reserved for write additions 2 TPM_NV_PER_AUTHWRITE The value requires authorization to write 1 TPM_NV_PER_OWNERWRITE The value requires TPM Owner authorization to write 0 TPM_NV_PER_PPWRITE The value requires physical presence to write Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 140 Level 2 Revision 94 29 March 2006 TCG Published 19.3 TPM_NV_DATA_PUBLIC1796 Start of informative comment1797 This structure represents the public description and controls on the NV area.1798 End of informative comment1799 Definition1800 typedef struct tdTPM_NV_DATA_PUBLIC {1801 TPM_STRUCTURE_TAG tag;1802 TPM_NV_INDEX nvIndex;1803 TPM_PCR_INFO_SHORT pcrInfoRead;1804 TPM_PCR_INFO_SHORT pcrInfoWrite;1805 TPM_NV_ATTRIBUTES permission;1806 BOOL bReadSTClear;1807 BOOL bWriteSTClear;1808 BOOL bWriteDefine;1809 UINT32 dataSize;1810 } TPM_NV_DATA_PUBLIC;1811 Parameters1812 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_NV_DATA_PUBLIC TPM_NV_INDEX nvIndex The index of the data area TPM_PCR_INFO_SHORT pcrInfoRead The PCR selection that allows reading of the area TPM_PCR_INFO_SHORT pcrInfoWrite The PCR selection that allows writing of the area TPM_NV_ATTRIBUTES permission The permissions for manipulating the area BOOL bReadSTClear Set to FALSE on each TPM_Startup(ST_Clear) and set to TRUE aftera ReadValuexxx with datasize of 0 BOOL bWriteSTClear Set to FALSE on each TPM_Startup(ST_CLEAR) and set to TRUE after a WriteValuexxx with a datasize of 0. Set to FALSE on a WriteValuexxx with a datasize other than 0. BOOL bWriteDefine Set to FALSE after TPM_NV_DefineSpace and set to TRUE after a successful WriteValue with a datasize of 0 UINT32 dataSize The size of the data area in bytes Actions1813 1. On read of this structure (through TPM_GetCapability) if pcrInfoRead -> pcrSelect is 01814 then pcrInfoRead -> digestAtRelease MUST be 0x00...001815 2. On read of this structure (through TPM_GetCapability) if pcrInfoWrite -> pcrSelect is 01816 then pcrInfoWrite -> digestAtRelease MUST be 0x00...001817 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 141 TCG Published 19.4 TPM_NV_DATA_SENSITIVE1818 Start of informative comment1819 This is an internal structure that the TPM uses to keep the actual NV data and the controls1820 regarding the area.1821 This entire section is informative1822 End of informative comment1823 Definition1824 typedef struct tdTPM_NV_DATA_SENSITIVE {1825 TPM_STRUCTURE_TAG tag;1826 TPM_NV_DATA_PUBLIC pubInfo;1827 TPM_AUTHDATA authValue;1828 [size_is(dataSize)] BYTE* data;1829 } TPM_NV_DATA_SENSITIVE;1830 Parameters1831 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_NV_DATA_SENSITIVE TPM_NV_DATA_PUBLIC pubInfo The public information regarding this area TPM_AUTHDATA authValue The AuthData value to manipulate the value BYTE* data The data area. This MUST not contain any sensitive information as the TPM does not provide any confidentiality on the data. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 142 Level 2 Revision 94 29 March 2006 TCG Published 19.5 Max NV Size1832 The value TPM_MAX_NV_SIZE is a value where the minimum value is set by the platform1833 specific specification. The TPM vendor can design a TPM with a size that is larger than the1834 minimum.1835 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 143 TCG Published 19.6 TPM_NV_DATA_AREA1836 Start of informative comment1837 TPM_NV_DATA_AREA is an indication of the internal structure the TPM uses to track NV1838 areas. The structure definition is TPM vendor specific and never leaves the TPM. The1839 structure would contain both the TPM_NV_DATA_PUBLIC and TPM_NV_DATA_SENSITIVE1840 areas.1841 End of informative comment1842 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 144 Level 2 Revision 94 29 March 2006 TCG Published 20. Delegate Structures1843 20.1 Structures and encryption1844 Start of informative comment1845 The TPM is responsible for encrypting various delegation elements when stored off the TPM.1846 When the structures are TPM internal structures and not in use by any other process (i.e.1847 TPM_DELEGATE_SENSITIVE) the structure is merely an informative comment as to the1848 information necessary to make delegation work. The TPM may put additional, or possibly,1849 less information into the structure and still obtain the same result.1850 Where the structures are in use across TPM's or in use by outside processes (i.e.1851 TPM_DELEGATE_PUBLIC) the structure is normative and the must use the structure1852 without modification.1853 End of informative comment1854 1. The TPM MUST provide encryption of sensitive areas held outside of the TPM. The1855 encryption MUST be comparable to AES 128-bit key or a full three key triple DES.1856 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 145 TCG Published 20.2 Delegate Definitions1857 Informative comment1858 The delegations are in a 64-bit field. Each bit describes a capability that the TPM Owner or1859 an authorized key user can delegate to a trusted process by setting that bit. Each delegation1860 bit setting is independent of any other delegation bit setting in a row.1861 If a TPM command is not listed in the following table, then the TPM Owner or the key user1862 cannot delegate that capability to a trusted process. For the TPM commands that are listed1863 in the following table, if the bit associated with a TPM command is set to zero in the row of1864 the table that identifies a trusted process, then that process has not been delegated to use1865 that TPM command.1866 The minimum granularity for delegation is at the ordinal level. It is not possible to delegate1867 an option of an ordinal. This implies that if the options present a difficulty and there is a1868 need to separate the delegations then there needs to be a split into two separate ordinals.1869 End of informative comment1870 #define TPM_DEL_OWNER_BITS 0x000000011871 #define TPM_DEL_KEY_BITS 0x000000021872 1873 typedef struct tdTPM_DELEGATIONS{1874 TPM_STRUCTURE_TAG tag;1875 UINT32 delegateType;1876 UINT32 per1;1877 UINT32 per2;1878 } TPM_DELEGATIONS;1879 Parameters1880 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_DELEGATIONS UINT32 delegateType Owner or key UNIT32 per1 The first block of permissions UINT32 per2 The second block of permissions Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 146 Level 2 Revision 94 29 March 2006 TCG Published 20.2.1 Owner Permission Settings1881 Informative comment1882 This section is going to remove any ambiguity as to the order of bits in the permission array1883 End of informative comment1884 Per1 bits1885 Bit Number Ordinal Bit Name 31 Reserved Reserved MUST be 0 30 TPM_ORD_SetOrdinalAuditStatus TPM_DELEGATE_SetOrdinalAuditStatus 29 TPM_ORD_DirWriteAuth TPM_DELEGATE_DirWriteAuth 28 TPM_ORD_CMK_ApproveMA TPM_DELEGATE_CMK_ApproveMA 27 26 TPM_ORD_CMK_CreateTicket TPM_DELEGATE_CMK_CreateTicket 25 24 TPM_ORD_Delegate_LoadOwnerDelegation TPM_DELEGATE_Delegate_LoadOwnerDelegation 23 TPM_ORD_DAA_Join TPM_DELEGATE_DAA_Join 22 TPM_ORD_AuthorizeMigrationKey TPM_DELEGATE_AuthorizeMigrationKey 21 TPM_ORD_CreateMaintenanceArchive TPM_DELEGATE_CreateMaintenanceArchive 20 TPM_ORD_LoadMaintenanceArchive TPM_DELEGATE_LoadMaintenanceArchive 19 TPM_ORD_KillMaintenanceFeature TPM_DELEGATE_KillMaintenanceFeature 18 TPM_ORD_OwnerReadInternalPub TPM_DELEGATE_OwnerReadInternalPub 17 TPM_ORD_ResetLockValue TPM_DELEGATE_ResetLockValue 16 TPM_ORD_OwnerClear TPM_DELEGATE_OwnerClear 15 TPM_ORD_DisableOwnerClear TPM_DELEGATE_DisableOwnerClear 14 13 TPM_ORD_OwnerSetDisable TPM_DELEGATE_OwnerSetDisable 12 TPM_ORD_SetCapability TPM_DELEGATE_SetCapability 11 TPM_ORD_MakeIdentity TPM_DELEGATE_MakeIdentity 10 TPM_ORD_ActivateIdentity TPM_DELEGATE_ActivateIdentity 9 TPM_ORD_OwnerReadPubek TPM_DELEGATE_OwnerReadPubek 8 TPM_ORD_DisablePubekRead TPM_DELEGATE_DisablePubekRead 7 TPM_ORD_SetRedirection TPM_DELEGATE_SetRedirection 6 TPM_ORD_FieldUpgrade TPM_DELEGATE_FieldUpgrade 5 TPM_ORD_Delegate_UpdateVerification TPM_DELEGATE_Delegate_UpdateVerification 4 TPM_ORD_CreateCounter TPM_DELEGATE_CreateCounter 3 TPM_ORD_ReleaseCounterOwner TPM_DELEGATE_ReleaseCounterOwner 2 TPM_ORD_Delegate_Manage TPM_DELEGATE_Delegate_Manage 1 TPM_ORD_Delegate_CreateOwnerDelegation TPM_DELEGATE_Delegate_CreateOwnerDelegation 0 TPM_ORD_DAA_Sign TPM_DELEGATE_DAA_Sign TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 147 TCG Published Per2 bits1886 Bit Number Ordinal Bit Name 31:0 Reserved Reserved MUST be 0 20.2.2 Owner commands not delegated1887 Start of informative comment1888 Not all TPM Owner authorized commands can be delegated. The following table lists those1889 commands the reason why the command is not delegated.1890 End of informative comment1891 Command Rationale TPM_ChangeAuthOwner Delegating change owner allows the delegatee to control the TPM Owner. This implies that the delegate has more control than the owner. The owner can create the same situation by merely having the process that the owner wishes to control the TPM to perform ChangeOwner with the current owners permission. TPM_TakeOwnership If you don't have an ow ner how can the current owner delegate the command. TPM_CMK_SetRestrictions This command allows the owner to restrict what processes can be delegated the ability to create and manipulate CMK keys Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 148 Level 2 Revision 94 29 March 2006 TCG Published 20.2.3 Key Permission settings1892 Informative comment1893 This section is going to remove any ambiguity as to the order of bits in the permission array1894 End of informative comment1895 Per1 bits1896 Bit Number Ordinal Bit Name 31:29 Reserved Reserved MUST be 0 28 TPM_ORD_CMK_ConvertMigration TPM_KEY_DELEGATE_CMK_ConvertMigration 27 TPM_ORD_TickStampBlob TPM_KEY_DELEGATE_TickStampBlob 26 TPM_ORD_ChangeAuthAsymStart TPM_KEY_DELEGATE_ChangeAuthAsymStart 25 TPM_ORD_ChangeAuthAsymFinish TPM_KEY_DELEGATE_ChangeAuthAsymFinish 24 TPM_ORD_CMK_CreateKey TPM_KEY_DELEGATE_CMK_CreateKey 23 TPM_ORD_MigrateKey TPM_KEY_DELEGATE_MigrateKey 22 TPM_ORD_LoadKey2 TPM_KEY_DELEGATE_LoadKey2 21 TPM_ORD_EstablishTransport TPM_KEY_DELEGATE_EstablishTransport 20 TPM_ORD_ReleaseTransportSigned TPM_KEY_DELEGATE_ReleaseTransportSigned 19 TPM_ORD_Quote2 TPM_KEY_DELEGATE_Quote2 18 TPM_ORD_Sealx TPM_KEY_DELEGATE_Sealx 17 TPM_ORD_MakeIdentity TPM_KEY_DELEGATE_MakeIdentity 16 TPM_ORD_ActivateIdentity TPM_KEY_DELEGATE_ActivateIdentity 15 TPM_ORD_GetAuditDigestSigned TPM_KEY_DELEGATE_GetAuditDigestSigned 14 TPM_ORD_Sign TPM_KEY_DELEGATE_Sign 13 TPM_ORD_CertifyKey2 TPM_KEY_DELEGATE_CertifyKey2 12 TPM_ORD_CertifyKey TPM_KEY_DELEGATE_CertifyKey 11 TPM_ORD_CreateWrapKey TPM_KEY_DELEGATE_CreateWrapKey 10 TPM_ORD_CMK_CreateBlob TPM_KEY_DELEGATE_CMK_CreateBlob 9 TPM_ORD_CreateMigrationBlob TPM_KEY_DELEGATE_CreateMigrationBlob 8 TPM_ORD_ConvertMigrationBlob TPM_KEY_DELEGATE_ConvertMigrationBlob 7 TPM_ORD_Delegate_CreateKeyDelegation TPM_KEY_DELEGATE_Delegate_CreateKeyDelegation 6 TPM_ORD_ChangeAuth TPM_KEY_DELEGATE_ChangeAuth 5 TPM_ORD_GetPubKey TPM_KEY_DELEGATE_GetPubKey 4 TPM_ORD_UnBind TPM_KEY_DELEGATE_UnBind 3 TPM_ORD_Quote TPM_KEY_DELEGATE_Quote 2 TPM_ORD_Unseal TPM_KEY_DELEGATE_Unseal 1 TPM_ORD_Seal TPM_KEY_DELEGATE_Seal 0 TPM_ORD_LoadKey TPM_KEY_DELEGATE_LoadKey TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 149 TCG Published Per2 bits1897 Bit Number Ordinal Bit Name 31:0 Reserved Reserved MUST be 0 20.2.4 Key commands not delegated1898 Start of informative comment1899 Not all TPM key commands can be delegated. The following table lists those commands the1900 reason why the command is not delegated.1901 End of informative comment1902 Command Rationale None TPM_CertifySelfTest This command has a security hole and is deleted Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 150 Level 2 Revision 94 29 March 2006 TCG Published 20.3 TPM_FAMILY_FLAGS1903 Start of informative comment1904 These flags indicate the operational state of the delegation and family table. These flags are1905 additions to TPM_PERMANENT_FLAGS and are not standalone values.1906 End of informative comment1907 TPM_FAMILY_FLAGS bit settings1908 Bit Number Bit Name Comments 31:2 Reserved MUST be 0 1 TPM_DELEGATE_ADMIN_LOCK TRUE: Some TPM_Delegate_XXX commands are locked and return TPM_DELEGATE_LOCK FALSE: TPM_Delegate_XXX commands are available Default is FALSE 0 TPM_FAMFLAG_ENABLED When TRUE the table is enabled. The default value is FALSE. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 151 TCG Published 20.4 TPM_FAMILY_LABEL1909 Start of informative comment1910 Used in the family table to hold a one-byte numeric value (sequence number) that software1911 can map to a string of bytes that can be displayed or used by applications.1912 This is not sensitive data.1913 End of informative comment1914 typedef struct tdTPM_FAMILY_LABEL{1915 BYTE label;1916 } TPM_FAMILY_LABEL;1917 Parameters1918 Type Name Description BYTE label A sequence number that software can map to a string of bytes that can be displayed or used by the applications. This MUST not contain sensitive information. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 152 Level 2 Revision 94 29 March 2006 TCG Published 20.5 TPM_FAMILY_TABLE_ENTRY1919 Start of informative comment1920 The family table entry is an individual row in the family table. There are no sensitive values1921 in a family table entry.1922 Each family table entry contains values to facilitate table management: the familyID1923 sequence number value that associates a family table row with one or more delegate table1924 rows, a verification sequence number value that identifies when rows in the delegate table1925 were last verified, and a BYTE family label value that software can map to an ASCII text1926 description of the entity using the family table entry1927 End of informative comment1928 typedef struct tdTPM_FAMILY_TABLE_ENTRY{1929 TPM_STRUCTURE_TAG tag;1930 TPM_FAMILY_LABEL familyLabel;1931 TPM_FAMILY_ID familyID;1932 TPM_FAMILY_VERIFICATION verificationCount;1933 TPM_FAMILY_FLAGS flags;1934 } TPM_FAMILY_TABLE_ENTRY;1935 Description1936 The default value of all fields in a family row at TPM manufacture SHALL be null.1937 Parameters1938 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_FAMILY_TABLE_ENTRY TPM_FAMILY_LABEL familyLabel A sequence number that software can map to a string of bytes that can be displayed or used by the applications. This MUST not contain sensitive information. TPM_FAMILY_ID familyID The family ID in use to tie values together. This is not a sensitive value. TPM_FAMILY_VERIFICATION verificationCount The value inserted into delegation rows to indicate that they are the current generation of rows. Used to identify when a row in the delegate table was last verified. This is not a sensitive value. TPM_FAMILY_FLAGS flags See section on TPM_FAMILY_FLAGS. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 153 TCG Published 20.6 TPM_FAMILY_TABLE1939 Start of informative comment1940 The family table is stored in a TPM shielded location. There are no confidential values in the1941 family table. The family table contains a minimum of 8 rows.1942 End of informative comment1943 #define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 81944 1945 typedef struct tdTPM_FAMILY_TABLE{1946 TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN];1947 } TPM_FAMILY_TABLE;1948 Parameters1949 Type Name Description TPM_FAMILY_TABLE_ENTRY famTableRow The array of family table entries Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 154 Level 2 Revision 94 29 March 2006 TCG Published 20.7 TPM_DELEGATE_LABEL1950 Start of informative comment1951 Used in the delegate table to hold a byte that can be displayed or used by applications. This1952 is not sensitive data.1953 End of informative comment1954 typedef struct tdTPM_DELEGATE_LABEL{1955 BYTE label;1956 } TPM_DELEGATE_LABEL;1957 Parameters1958 Type Name Description BYTE label A byte that can be displayed or used by the applications. This MUST not contain sensitive information. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 155 TCG Published 20.8 TPM_DELEGATE_PUBLIC1959 Start of informative comment1960 The information of a delegate row that is public and does not have any sensitive1961 information.1962 TPM_PCR_INFO_SHORT is appropriate here as the command to create this is done using1963 owner authorization, hence the owner authorized the command and the delegation. There is1964 no need to validate what configuration was controlling the platform during the blob1965 creation.1966 End of informative comment1967 typedef struct tdTPM_DELEGATE_PUBLIC{1968 TPM_STRUCTURE_TAG tag;1969 TPM_DELEGATE_LABEL rowLabel;1970 TPM_PCR_INFO_SHORT pcrInfo;1971 TPM_DELEGATIONS permissions;1972 TPM_FAMILY_ID familyID;1973 TPM_FAMILY_VERIFICATION verificationCount1974 } TPM_DELEGATE_PUBLIC;1975 Description1976 The default value of all fields of a delegate row at TPM manufacture SHALL be null. The1977 table MUST NOT contain any sensitive information.1978 Parameters1979 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_DELEGATE_PUBLIC TPM_DELEGATE_LABEL rowlabel This SHALL be the label for the row. It MUST not contain any sensitive information. TPM_PCR_INFO_SHORT pcrInfo This SHALL be the designation of the process that can use the permission. This is a not sensitive value. PCR_SELECTION may be NULL. If selected the pcrInfo MUST be checked on each use of the delegation. Use of the delegation is where the delegation is passed as an authorization handle. TPM_DELEGATIONS permissions This SHALL be the permissions that are allowed to the indicated process. This is not a sensitive value. TPM_FAMILY_ID familyID This SHALL be the family ID that identifies which family the row belongs to. This is not a sensitive value. TPM_FAMILY_VERIFICATION verificationCount A copy of verificationCount from the associated family table. This is not a sensitive value. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 156 Level 2 Revision 94 29 March 2006 TCG Published 20.9 TPM_DELEGATE_TABLE_ROW1980 Start of informative comment1981 A row of the delegate table.1982 End of informative comment1983 typedef struct tdTPM_DELEGATE_TABLE_ROW{1984 TPM_STRUCTURE_TAG tag;1985 TPM_DELEGATE_PUBLIC pub;1986 TPM_SECRET authValue;1987 } TPM_DELEGATE_TABLE_ROW;1988 Description1989 The default value of all fields of a delegate row at TPM manufacture SHALL be empty1990 Parameters1991 Type Name Description TPM_STRUCTURE_TAG tag This SHALL TPM_TAG_DELEGATE_TABLE_ROW TPM_DELEGATE_PUBLIC pub This SHALL be the public information for a table row. TPM_SECRET authValue This SHALL be the AuthData value that can use the permissions. This is a sensitive value. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 157 TCG Published 20.10TPM_DELEGATE_TABLE1992 Start of informative comment1993 This is the delegate table. The table contains a minimum of 2 rows.1994 This will be an entry in the TPM_PERMANENT_DATA structure.1995 End of informative comment1996 #define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 21997 1998 typedef struct tdTPM_DELEGATE_TABLE{1999 TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN];2000 } TPM_DELEGATE_TABLE;2001 Parameters2002 Type Name Description TPM_DELEGATE_TABLE_ROW delRow The array of delegations Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 158 Level 2 Revision 94 29 March 2006 TCG Published 20.11TPM_DELEGATE_SENSITIVE2003 Start of informative comment2004 The TPM_DELEGATE_SENSITIVE structure is the area of a delegate blob that contains2005 sensitive information.2006 This structure is informative as the TPM vendor can include additional information. This2007 structure is under complete control of the TPM and is never seen by any entity other then2008 internal TPM processes.2009 End of informative comment2010 typedef struct tdTPM_DELEGATE_SENSITIVE {2011 TPM_STRUCTURE_TAG tag;2012 TPM_SECRET authValue;2013 } TPM_DELEGATE_SENSITIVE;2014 Parameters2015 Type Name Description TPM_STRUCTURE_TAG tag This MUST be TPM _TAG_DELEGATE_SENSITIVE TPM_SECRET authValue AuthDatavalue TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 159 TCG Published 20.12TPM_DELEGATE_OWNER_BLOB2016 Start of informative comment2017 This data structure contains all the information necessary to externally store a set of owner2018 delegation rights that can subsequently be loaded or used by this TPM.2019 The encryption mechanism for the sensitive area is a TPM choice. The TPM may use2020 asymmetric encryption and the SRK for the key. The TPM may use symmetric encryption2021 and a secret key known only to the TPM.2022 End of informative comment2023 typedef struct tdTPM_DELEGATE_OWNER_BLOB{2024 TPM_STRUCTURE_TAG tag;2025 TPM_DELEGATE_PUBLIC pub;2026 TPM_DIGEST integrityDigest;2027 UINT32 additionalSize;2028 [size_is(additionalSize)] BYTE* additionalArea;2029 UINT32 sensitiveSize;2030 [size_is(sensitiveSize)] BYTE* sensitiveArea;2031 } TPM_DELEGATE_OWNER_BLOB;2032 Parameters2033 Type Name Description TPM_STRUCTURE_TAG tag This MUST be TPM_TAG_DELEGATE_OWNER_BLOB TPM_DELEGATE_PUBLIC pub The public information for this blob TPM_DIGEST integrityDigest The HMAC to guarantee the integrity of the entire structure UINT32 additionalSize The size of additionalArea BYTE additionalArea An area that the TPM can add to the blob which MUST NOT contain any sensitive information. This would include any IV material for symmetric encryption UINT32 sensitiveSize The size of the sensitive area BYTE sensitiveArea The area that contains the encrypted TPM_DELEGATE_SENSITIVE Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 160 Level 2 Revision 94 29 March 2006 TCG Published 20.13 TPM_DELEGATE_KEY_BLOB2034 Start of informative comment2035 A structure identical to TPM_DELEGATE_OWNER_BLOB but which stores delegation2036 information for user keys. As compared to TPM_DELEGATE_OWNER_BLOB, it adds a hash2037 of the corresponding public key value to the public information.2038 End of informative comment2039 typedef struct tdTPM_DELEGATE_KEY_BLOB{2040 TPM_STRUCTURE_TAG tag;2041 TPM_DELEGATE_PUBLIC pub;2042 TPM_DIGEST integrityDigest;2043 TPM_DIGEST pubKeyDigest;2044 UINT32 additionalSize;2045 [size_is(additionalSize)] BYTE* additionalArea;2046 UINT32 sensitiveSize;2047 [size_is(sensitiveSize)] BYTE* sensitiveArea;2048 } TPM_DELEGATE_KEY_BLOB;2049 Parameters2050 Type Name Description TPM_STRUCTURE_TAG tag This MUST be TPM_TAG_DELG_KEY_BLOB TPM_DELEGATE_PUBLIC pub The public information for this blob TPM_DIGEST integrityDigest The HMAC to guarantee the integrity of the entire structure TPM_DIGEST pubKeyDigest The digest, that uniquely identifies the key for which this usage delegation applies. This is a hash of the TPM_STORE_PUBKEY structure. UINT32 additionalSize The size of the integrity area BYTE additionalArea An area that the TPM can add to the blob which MUST NOT contain any sensitive information. This would include any IV material for symmetric encryption UINT32 sensitiveSize The size of the sensitive area BYTE sensitiveArea The area that contains the encrypted TPM_DELEGATE_SENSITIVE TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 161 TCG Published 20.14 TPM_FAMILY_OPERATION Values2051 Start of informative comment2052 These are the opFlag values used by TPM_Delegate_Manage.2053 End of informative comment2054 Value Capability Name Comments 0x00000001 TPM_FAMILY_CREATE Create a new family 0x00000002 TPM_FAMILY_ENABLE Set or reset the enable flag for this family. 0x00000003 TPM_FAMILY_ADMIN Prevent administration of this family.. 0x00000004 TPM_FAMILY_INVALIDATE Invalidate a specific family row. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 162 Level 2 Revision 94 29 March 2006 TCG Published 21. Capability areas2055 21.1 TPM_CAPABILITY_AREA for TPM_GetCapability2056 Start of informative comment2057 The TPM needs to provide to outside entities various pieces of information regarding the2058 design and current state of the TPM. The process works by first supplying an area to look at2059 and then optionally a refinement to further indicate the type of information requested. The2060 documents use the terms capability and subCap to indicate the area and subarea in2061 question.2062 Some capabilities have a single purpose and the subCap is either ignored or supplies a2063 handle or other generic piece of information.2064 The following table contains both the values for the capabilities but also the sub2065 capabilities. When providing the value for a subCap it appears in the capability name slot.2066 End of informative comment2067 1. For the capability TPM_CAP_AUTH_ENCRYPT, the response to the sub cap2068 TPM_ALGORITHM_ID is as follows:2069 a. TPM_ALG_AES128 returns TRUE if OSAP supports TPM_ET_AES1282070 b. TPM_ALG_XOR returns TRUE if OSAP supports TPM_ET_XOR2071 TPM_CAPABILITY_AREA Values for TPM_GetCapability2072 Value Capability Name Sub cap Comments 0x00000001 TPM_CAP_ORD A command ordinal Boolean value. TRUE indicates that the TPM supports the ordinal. FALSE indicates that the TPM does not support the ordinal. 0x00000002 TPM_CAP_ALG TPM_ALG_XX: A value from TPM_ALGORITHM_ID Boolean value. TRUE means that the TPM supports the algorithm for TPM_Sign, TPM_Seal, TPM_UnSeal and TPM_UnBind and related commands. FALSE indicates that for these types of commands the algorithm is not supported. 0x00000003 TPM_CAP_PID TPM_PID_xx: A value of TPM_PROTOCOL_ID: Boolean value. TRUEindicates that the TPM supports the protocol, FALSE indicates that the TPM does not support the protocol. 0x00000004 TPM_CAP_FLAG Either of the next two subcaps 0x00000108 TPM_CAP_FLAG_PERMANENT Return the TPM_PERMANENT_FLAGS structure. Each flagin the structure returns as a byte. 0x00000109 TPM_CAP_FLAG_VOLATILE Return the TPM_STCLEAR_FLAGS structure. Each flag in the structure returns as a byte. 0x00000005 TPM_CAP_PROPERTY See following table for the subcaps 0x00000006 TPM_CAP_VERSION Ignored TPM_STRUCT_VER structure. The major and minor version MUST indicate 1.1. The firmware revision MUST indicate 0.0. The use of this value is deprecated, new software SHOULD use TPM_CAP_VERSION_VAL to obtain version and revision information regarding the TPM. 0x00000007 TPM_CAP_KEY_HANDLE Ignored A TPM_KEY_HANDLE_LIST structure that enumerates all key handles TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 163 TCG Published Value Capability Name Sub cap Comments loaded on the TPM. The list only contains the number of handles that an external manager can operate with and does not include the EK or SRK. This is command is available for backwards compatibility. It is the same as TPM_CAP_HANDLEwith a resource type of keys. 0x00000008 TPM_CAP_CHECK_LOADED ALGORITHM: A value of TPM_KEY_PARMS A Boolean value. TRUE indicates that the TPM has enough memory available to load a key of the type specified by ALGORITHM. FALSE indicates that the TPM does not have enough memory. 0x00000009 TPM_CAP_SYM_MODE TPM_SYM_MODE A Boolean value. TRUE indicates that the TPM supports the TPM_SYM_MODE, FALSE indicates the TPM does not support the mode. 0x0000000A Unused 0x0000000B Unused 0x0000000C TPM_CAP_KEY_STATUS handle Boolean value of ownerEvict. The handle MUST point to a valid key handle. 0x0000000D TPM_CAP_NV_LIST ignored A list of UINT32 that are the NV storage indexes. 0x0000000E Unused 0x0000000F Unused 0x00000010 TPM_CAP_MFR manufacturer specific Manufacturer specific. The manufacturer may provide any additional information regarding the TPM and the TPM state but MUST not expose any sensitive information. 0x00000011 TPM_CAP_NV_INDEX TPM_NV_INDEX A TPM_NV_DATA_PUBLIC structure that indicates the values for the TPM_NV_INDEX 0x00000012 TPM_CAP_TRANS_ALG TPM_ALG_XXX Boolean value. TRUE means that the TPM supports the algorithm for TPM_EstablishTransport, TPM_ExecuteTransport and TPM_ReleaseTransportSigned. FALSE indicates that for these three commands the algorithm is not supported." 0x00000013 0x00000014 TPM_CAP_HANDLE TPM_RESOURCE_TYPE A TPM_KEY_HANDLE_LIST structure that enumerates all handles currently loaded in the TPM for the given resource type. When describing keys the handle list only contains the number of handles that an external manager can operate with and does not include the EK or SRK. Legal resources are TPM_RT_KEY, TPM_RT_AUTH, TPM_RT_TRANS,, TPM_RT_COUNTER TPM_RT_CONTEXT is valid and returns not a list of handles but a list of the context count values. 0x00000015 TPM_CAP_TRANS_ES TPM_ES_XXX Boolean value. TRUE means the TPM supports the encryptionscheme in a transport session for at least one algorithm. 0x00000016 0x00000017 TPM_CAP_AUTH_ENCRYPT TPM_ALGORITHM_ID Boolean value. TRUE indicates that the TPM supports the encryption algorithm in OSAP encryption of AuthData values 0x00000018 TPM_CAP_SELECT_SIZE TPM_SELECT_SIZE Boolean value. TRUE indicates that the TPM supports reqSize in TPM_PCR_SELECTION -> sizeOfSelect for the given version. For instance a request could ask for version 1.1 size 2 and the TPM would indicate TRUE. For 1.1 size 3 the TPM would indicate FALSE. For 1.2 size 3 the TPM would indicate TRUE. 0x00000019 0x0000001A TPM_CAP_VERSION_VAL Ignored TPM_CAP_VERSION_INFO structure. The TPM fills in the structure and returns the information indicating what the TPM currently supports. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 164 Level 2 Revision 94 29 March 2006 TCG Published 21.2 CAP_PROPERTY Subcap values for TPM_GetCapability2073 Start of informative comment2074 The TPM_CAP_PROPERTY capability has numerous subcap values. The definition for all2075 subcap values occurs in this table.2076 TPM_CAP_PROP_MANUFACTURER returns a value unique to each manufacturer. A2077 company appreviation such as a null terminated stock ticker is a typical choice. However,2078 there is no requirement that the value contain printable characters.2079 End of informative comment2080 TPM_CAP_PROPERTY Subcap Values for TPM_GetCapability2081 Value Capability Name Comments 0x00000101 TPM_CAP_PROP_PCR UINT32 value. Returns the number of PCR registers supported by the TPM 0x00000102 TPM_CAP_PROP_DIR UNIT32. Deprecated. Returns the number of DIR, which is now fixed at 1 0x00000103 TPM_CAP_PROP_MANUFACTURER UINT32 value. Returns the Identifier of the TPM manufacturer. 0x00000104 TPM_CAP_PROP_KEYS UINT32 value. Returns the number of 2048-bit RSA keys that can be loaded. This MAY vary with time and circumstances. 0x00000107 TPM_CAP_PROP_MIN_COUNTER UINT32. The minimum amount of time in 10ths of a second that must pass between invocations of incrementing the monotonic counter. 0x0000010A TPM_CAP_PROP_AUTHSESS UINT32. The number of available authorization sessions. This may vary with time and circumstances 0x0000010B TPM_CAP_PROP_TRANSESS UINT32. The number of transport sessions the TPM could currently support 0x0000010C TPM_CAP_PROP_COUNTERS UINT32. The number of available monotonic counters. This MAY vary with time and circumstances. 0x0000010D TPM_CAP_PROP_MAX_AUTHSESS UINT32. The maximum number of loaded authorization sessions the TPM supports 0x0000010E TPM_CAP_PROP_MAX_TRANSESS UINT32. The maximum number of loaded transport sessions the TPM supports. This MAY vary with time and circumstances 0x0000010F TPM_CAP_PROP_MAX_COUNTERS UINT32. The maximum number of monotonic counters under control of TPM_CreateCounter 0x00000110 TPM_CAP_PROP_MAX_KEYS UINT32. The maximum number of 2048 RSA keys that the TPM can support. The number does not include the EK or SRK. 0x 00000111 TPM_CAP_PROP_OWNER BOOL. A value of TRUE indicates that the TPM has successfully installed an owner. 0x00000112 TPM_CAP_PROP_CONTEXT UINT32. The number of available sav ed session slots. This MAY vary with time and circumstances. 0x00000113 TPM_CAP_PROP_MAX_CONTEXT UINT32. The maximum number of saved session slots. 0x00000114 TPM_CAP_PROP_FAMILYROWS UINT32. The maximum number of rows in the family table 0x00000115 TPM_CAP_PROP_TIS_TIMEOUT A 4 element array of UINT32 values each denoting the timeout value in microseconds for the following in this order: TIMEOUT_A, TIMEOUT_B, TIMEOUT_C, TIMEOUT_D Where these timeouts are to be used is determined by the platform specific TPM Interface Specification. 0x00000116 TPM_CAP_PROP_STARTUP_EFFECT The TPM_STARTUP_EFFECTS structure 0x00000117 TPM_CAP_PROP_DELEGATE_ROW UINT32. The maximum size of the delegate table in rows. 0x00000118 open 0x00000119 TPM_CAP_PROP_DAA_MAX UINT32. The maximum number of DAA sessions (join or sign) that the TPM supports 0x0000011A TPM_CAP_PROP_SESSION_DAA UINT32. The number of available DAA sessions. This may vary with time and circumstances 0x0000011B TPM_CAP_PROP_CONTEXT_DIST UINT32. The maximum distance between context count values. This MUST be at least 2^16-1 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 165 TCG Published Value Capability Name Comments 0x0000011C TPM_CAP_PROP_DAA_INTERRUPT BOOL. A value of TRUE indicates that the TPM will accept ANY command while executing a DAA Join or Sign. A value of FALSE indicates that the TPM will invalidate the DAA Join or Sign upon the receipt of any command other than the next join/sign in the session or a TPM_SaveContext 0X0000011D TPM_CAP_PROP_SESSIONS UNIT32. The number of available sessions from the pool. This MAY vary with time and circumstances. Pool sessions include authorization and transport sessions. 0x0000011E TPM_CAP_PROP_MAX_SESSIONS UINT32. The maximum number of sessions the TPM supports. 0x0000011F TPM_CAP_PROP_CMK_RESTRICTION UINT32 TPM_Permanent_Data -> restrictDelegate 0x00000120 TPM_CAP_PROP_DURATION A 3 element array of UINT32 values each denoting the duration value in microseconds of the duration of the three classes of commands: Small, Medium and Long in the following in this order: SMALL_DURATION, MEDIUM_DURATION, LONG_DURATION 0x00000121 open 0x00000122 TPM_CAP_PROP_ACTIVE_COUNTER TPM_COUNT_ID. The id of the current counter. 0xff..ff if no counter is active, either because no counter has been set active or because the active counter has been released. 0x00000123 TPM_CAP_PROP_MAX_NV_AVAILABLE UINT32. The maximum number of NV space that can be allocated, MAY vary with time and circumstances. 0x00000124 TPM_CAP_PROP_INPUT_BUFFER UINT32. The size of the TPM input buffer in bytes. 0x00000125 XX Next number Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 166 Level 2 Revision 94 29 March 2006 TCG Published 21.3 Bit ordering for structures2082 Start of informative comment2083 When returning a structure the TPM will use the following bit ordering scheme2084 Sample structure2085 typedef struct tdSAMPLE {2086 TPM_STRUCTURE_TAG tag;2087 UINT32 N1;2088 UINT32 N2;2089 } SAMPLE;2090 End of informative comment2091 1. Using the sample structure in the informative comment as a template the TPM performs2092 the following marshaling2093 a. Bit 0 of the output is first bit following the open bracket. The first bit of tag is then2094 bit 0 of the output.2095 b. Bit-N of the output is the nth bit from the opening bracket2096 i. The bits of N1 appear before the bits of N2 in the output2097 2. All structures use the endness defined in section 2.1 of this document2098 21.3.1 Deprecated GetCapability Responses2099 Num CapArea subCap Response 1 TPM_CAP_PROPERTY TPM_CAP_PROP_DIR_AUTH UINT32 value. Returns the number of DIR registers under control of the TPM owner supported by the TPM. As there is now only 1 DIR, this is deprecated to always return a value of 1 in version 1.2. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 167 TCG Published 21.4 TPM_CAPABILITY_AREA Values for TPM_SetCapability2100 TPM_CAPABILITY_AREA Values for TPM_SetCapability2101 Value Capability Name Sub cap Comments 0x00000001 TPM_SET_PERM_FLAGS SeeTPM_PERMANENT_FLAGS structure The ability to set a value is field specific and a review of the structure will disclose the ability and requirements to set a value 0x00000002 TPM_SET_PERM_DATA See TPM_PERMANENT_DATA structure The ability to set a value is field specific and a review of the structure will disclose the ability and requirements to set a value 0x00000003 TPM_SET_STCLEAR_FLAGS See TPM_STCLEAR_FLAGS structure The ability to set a value is field specific and a review of the structure will disclose the ability and requirements to set a value 0x00000004 TPM_SET_STCLEAR_DATA SeeTPM_STCLEAR_DATA structure The ability to set a value is field specific and a review of the structure will disclose the ability and requirements to set a value 0x00000005 TPM_SET_STANY_FLAGS See TPM_STANY_FLAGS structure The ability to set a value is field specific and a review of the structure will disclose the ability and requirements to set a value 0x00000006 TPM_SET_STANY_DATA See TPM_STANY_DATA structure The ability to set a value is field specific and a review of the structure will disclose the ability and requirements to set a value 0x00000007 TPM_SET_VENDOR Vendor specific This area allows the vendor to set specific areas in the TPM according to the normal shielded location requirements 2102 The setValue type for TPM_SetCapability is determined by the definition of the SubCap2103 value listed in the structure definition of each flag section. The setValueSize is set according2104 to this type.2105 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 168 Level 2 Revision 94 29 March 2006 TCG Published 21.5 SubCap Values for TPM_SetCapability2106 1. SubCap values for TPM_SetCapability are found in each flag definition section under the2107 table "Flag Restrictions for SetCapability". Each table has the following column2108 definitions:2109 a. Flag SubCap Number 0x00000000+: Incremental flag value used in the SubCap field2110 b. Set: A "Y" in this column indicates that the flag can be set by TPM_SetCapability. An2111 "N" in this column indicates that the flag can not be set by TPM_SetCapability.2112 c. Set restrictions: Restrictions on how and when TPM_SetCapability can set a flag.2113 Each flag that can be set with TPM_SetCapability may have one or more restrictions2114 on how and when TPM_SetCapability can be used to change a value of a flag. A2115 definition of common restrictions is listed below.2116 d. Actions From: This column contains information on other TPM command areas that2117 can effect a flag2118 2. Common Restriction Definitions2119 a. Owner authorization: TPM_SetCapability must use owner authorization to change the2120 value of a flag2121 b. Physical presence assertion: Physical presence must be asserted in order for2122 TPM_SetCapability to change the value of a flag2123 c. No Authorization: TPM_SetCapability must be sent as TPM_TAG_RQU_COMMAND2124 (no authorization)2125 d. If a capability is restricted to a fixed value, setValueSize MUST still indicate the size2126 of setValue. setValue MUST indicate the fixed value, or the TPM will return an error2127 code.2128 i. For example, since TPM_PERMANENT_FLAGS -> tpmEstablished can only be set2129 to FALSE, setValueSize MUST be 1 (for a BOOL) and setValue MUST be 0..2130 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 169 TCG Published 21.6 TPM_CAP_VERSION_INFO2131 Start of informative comment2132 This structure is an output from a TPM_GetCapability request. TPM returns the current2133 version and revision of the TPM.2134 The specLevel is defined in the document "Specification Naming and Numbering".2135 The errataRev letter allows the TPM to indicate, e.g., 1.2a or 1.2b.2136 The tpmVendorID is a value unique to each vendor. The company PCI vendor ID in the2137 lower 16 bits, with the upper 16 bts set to 0, is a typical choice.2138 The vendor specific area allows the TPM vendor to provide support for vendor options. The2139 TPM vendor may define the area to the TPM vendor's needs.2140 End of informative comment2141 Definition2142 typedef struct tdTPM_CAP_VERSION_INFO {2143 TPM_STRUCTURE_TAG tag;2144 TPM_VERSION version;2145 UINT16 specLevel;2146 BYTE errataRev;2147 BYTE tpmVendorID[4];2148 UINT16 vendorSpecificSize;2149 [size_is(vendorSpecificSize)] BYTE* vendorSpecific;2150 } TPM_CAP_VERSION_INFO;2151 2152 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_CAP_VERSION_INFO TPM_VERSION version The version and revision UINT16 specLevel The level of ordinals supported BYTE errataRev The letter version of the spec BYTE tpmVendorID The vendor ID ­ Obtained from TCG UINT16 vendorSpecificSize The size of the vendor specific area BYTE* vendorSpecific Vendor specific information Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 170 Level 2 Revision 94 29 March 2006 TCG Published 22. DAA Structures2153 All byte and bit areas are byte arrays treated as large integers2154 22.1 Size definitions2155 #define DAA_SIZE_r0 43 (Bytes)2156 #define DAA_SIZE_r1 43 (Bytes)2157 #define DAA_SIZE_r2 128 (Bytes)2158 #define DAA_SIZE_r3 168 (Bytes)2159 #define DAA_SIZE_r4 219 (Bytes)2160 #define DAA_SIZE_NT 20 (Bytes)2161 #define DAA_SIZE_v0 128 (Bytes)2162 #define DAA_SIZE_v1 192 (Bytes)2163 #define DAA_SIZE_NE 256 (Bytes)2164 #define DAA_SIZE_w 256 (Bytes)2165 #define DAA_SIZE_issuerModulus 256 (Bytes)2166 22.2 Constant definitions2167 #define DAA_power0 1042168 #define DAA_power1 10242169 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 171 TCG Published 22.3 TPM_DAA_ISSUER2170 Start of informative comment2171 This structure is the abstract representation of non-secret settings controlling a DAA2172 context. The structure is required when loading public DAA data into a TPM.2173 TPM_DAA_ISSUER parameters are normally held outside the TPM as plain text data, and2174 loaded into a TPM when a DAA session is required. A TPM_DAA_ISSUER structure contains2175 no integrity check: the TPM_DAA_ISSUER structure at time of JOIN is indirectly verified by2176 the issuer during the JOIN process, and a digest of the verified TPM_DAA_ISSUER structure2177 is held inside the TPM_DAA_TPM structure created by the JOIN process.2178 Parameters DAA_digest_X are digests of public DAA_generic_X parameters, and used to2179 verify that the correct value of DAA_generic_X has been loaded. DAA_generic_q is stored in2180 its native form to reduce command complexity.2181 End of informative comment2182 Definition2183 typedef struct tdTPM_DAA_ISSUER {2184 TPM_STRUCTURE_TAG tag;2185 TPM_DIGEST DAA_digest_R0;2186 TPM_DIGEST DAA_digest_R1;2187 TPM_DIGEST DAA_digest_S0;2188 TPM_DIGEST DAA_digest_S1;2189 TPM_DIGEST DAA_digest_n;2190 TPM_DIGEST DAA_digest_gamma;2191 BYTE[26] DAA_generic_q;2192 } TPM_DAA_ISSUER;2193 2194 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_DAA_ISSUER TPM_DIGEST DAA_digest_R0 A digest of the parameter "R0", which is not secret and may be common to many TPMs. TPM_DIGEST DAA_digest_R1 A digest of the parameter "R1", which is not secret and may be common to many TPMs. TPM_DIGEST DAA_digest_S0 A digest of the parameter "S0", which is not secret and may be common to many TPMs. TPM_DIGEST DAA_digest_S1 A digest of the parameter "S1", which is not secret and may be common to many TPMs. TPM_DIGEST DAA_digest_n A digest of the parameter "n", which is not secret and may be common to many TPMs. TPM_DIGEST DAA_digest_gamma A digest of the parameter "gamma", which is not secret and may be common to many TPMs. BYTE[] DAA_ generic _q The parameter q, which is not secret and may be common to many TPMs. Note that q is slightly larger than a digest, but is stored in its native form to simplify the TPM_DAA_join command. Otherwise, JOIN requires 3 input parameters. Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 172 Level 2 Revision 94 29 March 2006 TCG Published 22.4 TPM_DAA_TPM2195 Start of informative comment2196 This structure is the abstract representation of TPM specific parameters used during a DAA2197 context. TPM-specific DAA parameters may be stored outside the TPM, and hence this2198 structure is needed to save private DAA data from a TPM, or load private DAA data into a2199 TPM.2200 If a TPM_DAA_TPM structure is stored outside the TPM, it is stored in a confidential format2201 that can be interpreted only by the TPM created it. This is to ensure that secret parameters2202 are rendered confidential, and that both secret and non-secret data in TPM_DAA_TPM form2203 a self-consistent set.2204 TPM_DAA_TPM includes a digest of the public DAA parameters that were used during2205 creation of the TPM_DAA_TPM structure. This is needed to verify that a TPM_DAA_TPM is2206 being used with the public DAA parameters used to create the TPM_DAA_TPM structure.2207 Parameters DAA_digest_v0 and DAA_digest_v1 are digests of public DAA_private_v0 and2208 DAA_private_v1 parameters, and used to verify that the correct private parameters have2209 been loaded.2210 Parameter DAA_count is stored in its native form, because it is smaller than a digest,2211 and is required to enforce consistency.2212 End of informative comment2213 Definition2214 typedef struct tdTPM_DAA_TPM {2215 TPM_STRUCTURE_TAG tag;2216 TPM_DIGEST DAA_digestIssuer;2217 TPM_DIGEST DAA_digest_v0;2218 TPM_DIGEST DAA_digest_v1;2219 TPM_DIGEST DAA_rekey;2220 UINT32 DAA_count;2221 } TPM_DAA_TPM;2222 Parameters2223 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_DAA_TPM TPM_DIGEST DAA_digestIssuer A digest of a TPM_DAA_ISSUER structure that contains the parameters used to generate this TPM_DAA_TPM structure. TPM_DIGEST DAA_digest_v0 A digest of the parameter "v0", which is secret and specific to this TPM. "v0" is generated during a JOIN phase. TPM_DIGEST DAA_digest_v1 A digest of the parameter "v1", which is secret and specific to this TPM. "v1" is generated during a JOIN phase. TPM_DIGEST DAA_rekey A digest related to the rekeying process, which is not secret but is specific to this TPM, and must be consistent across JOIN/SIGN sessions. "rekey" is generated during a JOIN phase. UINT32 DAA_count The parameter "count", which is not secret but must be consistent across JOIN/SIGN sessions. "count" is an input to the TPM from the host system. TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 173 TCG Published 22.5 TPM_DAA_CONTEXT2224 Start of informative comment2225 TPM_DAA_CONTEXT structure is created and used inside a TPM, and never leaves the TPM.2226 This entire section is informative as the TPM does not expose this structure.2227 TPM_DAA_CONTEXT includes a digest of the public and private DAA parameters that were2228 used during creation of the TPM_DAA_CONTEXT structure. This is needed to verify that a2229 TPM_DAA_CONTEXT is being used with the public and private DAA parameters used to2230 create the TPM_DAA_CONTEXT structure.2231 End of informative comment2232 Definition2233 typedef struct tdTPM_DAA_CONTEXT {2234 TPM_STRUCTURE_TAG tag;2235 TPM_DIGEST DAA_digestContext2236 TPM_DIGEST DAA_digest;2237 TPM_DAA_CONTEXT_SEED DAA_contextSeed;2238 BYTE[256] DAA_scratch;2239 BYTE DAA_stage;2240 } TPM_DAA_CONTEXT;2241 Parameters2242 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_DAA_CONTEXT TPM_DIGEST DAA_digestContext A digest of parameters used to generate this structure. The parameters vary, depending on whether the session is a JOIN session or a SIGN session. TPM_DIGEST DAA_digest A running digest of certain parameters generated during DAA computation; operationally the same as a PCR (which holds a running digest of integrity metrics). TPM_DAA_CONTEXT_SEED DAA_contextSeed The seed used to generate other DAA session parameters BYTE[] DAA_scratch Memory used to hold different parameters at different times of DAA computation, but only one parameter at a time. The maximum size of this field is 256 bytes BYTE DAA_stage A counter, indicating the stage of DAA computation that was most recently completed. The value of the counter is zero if the TPM currently contains no DAA context. When set to zero (0) the TPM MUST clear all other fields in this structure. The TPM MUST set DAA_stage to 0 on TPM_Startup(ANY) Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 174 Level 2 Revision 94 29 March 2006 TCG Published 22.6 TPM_DAA_JOINDATA2243 Start of informative comment2244 This structure is the abstract representation of data that exists only during a specific JOIN2245 session.2246 End of informative comment2247 Definition2248 typedef struct tdTPM_DAA_JOINDATA {2249 BYTE[128] DAA_join_u0;2250 BYTE[138] DAA_join_u1;2251 TPM_DIGEST DAA_digest_n0;2252 } TPM_DAA_JOINDATA;2253 Parameters2254 Type Name Description BYTE[] DAA_join_u0 A TPM-specific secret "u0", us ed during the JOIN phase, and discarded afterwards. BYTE[] DAA_join_u1 A TPM-specific secret "u1", used during the JOIN phase, and discarded afterwards. TPM_DIGEST DAA_digest_n0 A digest of the parameter "n0", which is an RSA public key with exponent 2^16 +1 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 175 TCG Published 22.7 TPM_STANY_DATA Additions2255 Informative comment2256 This shows that the volatile data areas are added to the TPM_STANY_DATA structure2257 End of informative comment2258 Definition2259 typedef struct tdTPM_STANY_DATA{2260 TPM_DAA_ISSUER DAA_issuerSettings;2261 TPM_DAA_TPM DAA_tpmSpecific;2262 TPM_DAA_CONTEXT DAA_session;2263 TPM_DAA_JOINDATA DAA_joinSession2264 }TPM_STANY_DATA;2265 Types of Volatile Data2266 Type Name Description TPM_DAA_ISSUER DAA_issuerSettings A set of DAA issuer parameters controlling a DAA session. TPM_DAA_TPM DAA_tpmSpecific A set of DAA parameters associated with a specific TPM. TPM_DAA_CONTEXT DAA_session A set of DAA parameters associated with a DAA session. TPM_DAA_JOIN DAA_joinSession A set of DAA parameters used only during the JOIN phase of a DAA session, and generated by the TPM. 2267 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 176 Level 2 Revision 94 29 March 2006 TCG Published 22.8 TPM_DAA_BLOB2268 Informative comment2269 The structure passed during the join process2270 End of informative comment2271 Definition2272 typedef struct tdTPM_DAA_BLOB {2273 TPM_STRUCTURE_TAG tag;2274 TPM_RESOURCE_TYPE resourceType;2275 BYTE[16] label;2276 TPM_DIGEST blobIntegrity;2277 UINT32 additionalSize;2278 [size_is(additionalSize)] BYTE* additionalData;2279 UINT32 sensitiveSize;2280 [size_is(sensitiveSize)] BYTE* sensitiveData;2281 }TPM_DAA_BLOB;2282 2283 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_DAA_BLOB TPM_RESOURCE_TYPE resourceType The resource type: enc(DAA_tpmSpecific) or enc(v0) or enc(v1) BYTE[16] label Label for identification of the blob. Free format area. TPM_DIGEST blobIntegrity The integrity of the entire blob including the sensitive area. This is a HMAC calculation with the entire structure (including sensitiveData) being the hash and tpmProof is the secret UINT32 additionalSize The size of additionalData BYTE additionalData Additional information set by the TPM that helps define and reload the context. The information held in this area MUST NOT expose any information held in shielded locations. This should include any IV for symmetric encryption UINT32 sensitiveSize The size of sensitiveData BYTE sensitiveData A TPM_DAA_SENSITIVE structure TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 177 TCG Published 22.9 TPM_DAA_SENSITIVE2284 Informative comment2285 The encrypted area for the DAA parameters2286 End of informative comment2287 Definition2288 typedef struct tdTPM_DAA_SENSITIVE {2289 TPM_STRUCTURE_TAG tag;2290 UINT32 internalSize;2291 [size_is(internalSize)] BYTE* internalData;2292 }TPM_DAA_SENSITIVE;2293 2294 Type Name Description TPM_STRUCTURE_TAG tag MUST be TPM_TAG_DAA_SENSITIVE UINT32 internalSize The size of the internalData area BYTE internalData DAA_tpmSpecific or DAA_private_v0 or DAA_private_v1 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 178 Level 2 Revision 94 29 March 2006 TCG Published 23. Redirection2295 23.1 TPM_REDIR_COMMAND2296 Informative comment2297 The types of redirections2298 End of informative comment2299 Command modes2300 Name Value Description 0x00000001 TPM Main Part 2 TPM Structures TCG Copyright Specification version 1.2 Level 2 Revision 94 29 March 2006 Draft 179 TCG Published 24. Deprecated Structures2301 24.1 Persistent Flags2302 Start of Informative comment2303 Rewritten to be part of the PERMANENT, STANY and STCLEAR structures2304 End of informative comment2305 typedef struct tdTPM_PERSISTENT_FLAGS{2306 // deleted see version 1.12307 } TPM_PERSISTENT_FLAGS;2308 24.2 Volatile Flags2309 Start of Informative comment2310 Rewritten to be part of the PERMANENT, STANY and STCLEAR structures2311 End of informative comment2312 typedef struct tdTPM_VOLATILE_FLAGS{2313 // see version 1.12314 } TPM_VOLATILE_FLAGS;2315 24.3 TPM persistent data2316 Start of Informative comment2317 Rewritten to be part of the PERMANENT, STANY and STCLEAR structures2318 End of informative comment2319 Definition2320 typedef struct tdTPM_PERSISTENT_DATA{2321 // see version 1.12322 }TPM_PERSISTENT_DATA;2323 24.4 TPM volatile data2324 Start of Informative comment2325 Rewritten to be part of the PERMANENT, STANY and STCLEAR structures2326 End of informative comment2327 Definition2328 typedef struct tdTPM_VOLATILE_DATA{2329 // see version 1.12330 }TPM_VOLATILE_DATA;2331 Copyright TCG TPM Main Part 2 TPM Structures Specification version 1.2 180 Level 2 Revision 94 29 March 2006 TCG Published 24.5 TPM SV data2332 Start of informative comment2333 Rewritten to be part of the PERMANENT, STANY and STCLEAR structures2334 End of informative comment2335 Definition2336 typedef struct tdTPM_SV_DATA{2337 // see version 1.12338 }TPM_SV_DATA;2339 2340 24.6 TPM_SYM_MODE2341 Start of informative comment2342 This indicates the mode of a symmetric encryption. Mode is Electronic CookBook (ECB) or2343 some other such mechanism.2344 End of informative comment2345 TPM_SYM_MODE values2346 Value Name Description 0x00000001 TPM_SYM_MODE_ECB The electronic cookbook mode (this requires no IV) 0x00000002 TPM_SYM_MODE_CBC Cipher block chaining mode 0X00000003 TPM_SYM_MODE_CFB Cipher feedback mode Description2347 The TPM MAY support any of the symmetric encryption modes2348