TPM2.0命令详解：第三部分

TPM2.0

Commands

需积分: 15 192 浏览量更新于2024-07-18 1 收藏 5.19MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

"TPM2.0 Commands part3是TCG（Trusted Computing Group）发布的一份关于TPM2.0命令集的文档，该文档详细介绍了TPM2.0命令的功能和组成。这份文档属于Family "2.0"，Level 00，Revision 01.38，发布于2016年9月29日。文档旨在为开发者提供开发基于TPM2.0的产品时所需的命令规范。" TPM（Trusted Platform Module）2.0是一种安全芯片，它提供了一组用于保护信息安全和验证系统完整性及状态的硬件接口。TPM2.0命令集是其核心组成部分，包括了一系列用于加密、密钥管理、数字签名以及平台状态验证的操作。在TPM2.0 Commands part3中，你可能会了解到以下关键知识点： 1. **命令结构**：TPM2.0命令通常由命令头、参数和响应数据组成。命令头包含命令代码和命令大小，参数则根据具体命令的不同而变化，响应数据则是命令执行后的返回结果。 2. **命令列表**：文档可能列出了所有TPM2.0支持的命令，如`TPM2_Startup`、`TPM2_Shutdown`、`TPM2_GetCapability`、`TPM2_Create`（用于创建密钥对）、`TPM2_Load`（加载密钥到TPM中）、`TPM2_AuthorizeSession`（启动和管理安全会话）等。 3. **命令参数**：每个命令都有特定的输入参数和输出参数。例如，`TPM2_Create`命令可能需要指定密钥属性、父密钥的哈希值以及用于加密敏感数据的种子。 4. **命令响应**：TPM2.0命令执行后会返回一个响应，包括响应头、响应代码和响应数据。响应代码表示命令执行是否成功，如果失败，通常会包含错误代码来指示具体问题。 5. **安全特性**：TPM2.0支持的命令集包含了诸多安全特性，如RSA、ECC等加密算法，PCR（Platform Configuration Registers）用于记录平台状态，以及TPM内的非易失性存储来保护密钥和证书。 6. **权限和访问控制**：TPM2.0命令还涉及到权限管理和访问控制，例如，某些敏感操作可能需要通过授权才能执行，这通常涉及到使用授权会话和密码或密钥。 7. **TPM2.0标准**：文档可能还包括了关于如何符合TPM2.0标准的指导，以及如何与其他基于TPM2.0的系统和设备进行互操作的说明。 8. **版权和许可**：TCG对TPM2.0 Commands文档的分发有明确的版权许可规定，允许用户复制、修改和分发源代码，但也有相应的条件和免责声明。了解这些知识点，开发者可以更深入地理解TPM2.0的功能，并能有效地利用这些命令来实现系统的安全功能，如保护数据、确保平台的初始状态、防止恶意篡改等。

资源详情

资源推荐

Trusted Platform Module Library Part 3: Commands

Family “2.0” TCG Published Page 2

4 Notation

4.1 Introduction

For the purposes of this document, the notation given in TPM 2.0 Part 1 applies.

Command and response tables use various decorations to indicate the fields of the command and the

allowed types. These decorations are described in this clause.

4.2 Table Decorations

The symbols and terms in the Notation column of Table 1 are used in the tables for the command

schematics. These values indicate various qualifiers for the parameters or descriptions with which they

are associated.

Table 1 — Command Modifiers and Decoration

Notation

Meaning

A Type decoration – When appended to a value in the Type column of a command, this symbol

indicates that the parameter is allowed to use the “null” value of the data type (see "Conditional

Types" in TPM 2.0 Part 2). The null value is usually TPM_RH_NULL for a handle or

TPM_ALG_NULL for an algorithm selector.

A Name decoration – When this symbol precedes a handle parameter in the “Name” column, it

indicates that an authorization session is required for use of the entity associated with the handle.

If a handle does not have this symbol, then an authorization session is not allowed.

+PP

A Description modifier – This modifier may follow TPM_RH_PLATFORM in the “Description”

column to indicate that Physical Presence is required when platformAuth/platformPolicy is

provided.

+{PP}

A Description modifier – This modifier may follow TPM_RH_PLATFORM to indicate that Physical

Presence may be required when platformAuth/platformPolicy is provided. The commands with this

notation may be in the setList or clearList of TPM2_PP_Commands().

{NV}

A Description modifier – This modifier may follow the commandCode in the “Description” column

to indicate that the command may result in an update of NV memory and be subject to rate

throttling by the TPM. If the command code does not have this notation, then a write to NV

memory does not occur as part of the command actions.

NOTE Any command that uses authorization may cause a write to NV if there is an authorization

failure. A TPM may use the occasion of command execution to update the NV copy of clock.

{F}

A Description modifier – This modifier indicates that the “flushed” attribute will be SET in the

TPMA_CC for the command. The modifier may follow the commandCode in the “Description”

column to indicate that any transient handle context used by the command will be flushed from the

TPM when the command completes. This may be combined with the {NV} modifier but not with the

{E} modifier.

EXAMPLE 1 {NV F}

EXAMPLE 2 TPM2_SequenceComplete() will flush the context associated with the sequenceHandle.

{E}

A Description modifier – This modifier indicates that the “extensive” attribute will be SET in the

TPMA_CC for the command. This modifier may follow the commandCode in the “Description”

column to indicate that the command may flush many objects and re-enumeration of the loaded

context likely will be required. This may be combined with the {NV} modifier but not with the {F}

modifier.

EXAMPLE 1 {NV E}

EXAMPLE 2 TPM2_Clear() will flush all contexts associated with the Storage hierarchy and the

Endorsement hierarchy.

Trusted Platform Module Library Part 3: Commands

Family “2.0” TCG Published Page 3

Notation

Meaning

Auth Index:

A Description modifier – When a handle has a “@” decoration, the “Description” column will

contain an “Auth Index:” entry for the handle. This entry indicates the number of the authorization

session. The authorization sessions associated with handles will occur in the session area in the

order of the handles with the “@” modifier. Sessions used only for encryption/decryption or only for

audit will follow the handles used for authorization.

Auth Role:

A Description modifier – This will be in the “Description” column of a handle with the “@”

decoration. It may have a value of USER, ADMIN or DUP.

If the handle has the Auth Role of USER and the handle is an Object, the type of authorization is

determined by the setting of userWithAuth in the Object's attributes. If the handle is

TPM_RH_OWNER, TPM_RH_ENDORSEMENT, or TPM_RH_PLATFORM, operation is as if

userWithAuth is SET. If the handle references an NV Index, then the allowed authorizations are

determined by the settings of the attributes of the NV Index as described in TPM 2.0 Part 2,

"TPMA_NV (NV Index Attributes)."

If the Auth Role is ADMIN and the handle is an Object, the type of authorization is determined by

the setting of adminWithPolicy in the Object's attributes. If the handle is TPM_RH_OWNER,

TPM_RH_ENDORSEMENT, or TPM_RH_PLATFORM, operation is as if adminWithPolicy is SET.

If the handle is an NV index, operation is as if adminWithPolicy is SET (see 5.6 e)2)).

If the DUP role is selected, authorization may only be with a policy session (DUP role only applies

to Objects).

When either ADMIN or DUP role is selected, a policy command that selects the command being

authorized is required to be part of the policy.

EXAMPLE TPM2_Certify requires the ADMIN role for the first handle (objectHandle). The policy

authorization for objectHandle is required to contain

TPM2_PolicyCommandCode(commandCode == TPM_CC_Certify). This sets the state of the

policy so that it can be used for ADMIN role authorization in TPM2_Certify().

Trusted Platform Module Library Part 3: Commands

Family “2.0” TCG Published Page 4

Handle and Parameter Demarcation

The demarcations between the header, handle, and parameter parts are indicated by:

Table 2 — Separators

Separator

Meaning

the values immediately following are in the handle area

the values immediately following are in the parameter area

4.3 AuthorizationSize and ParameterSize

Authorization sessions are not shown in the command or response schematics. When the tag of a

command or response is TPM_ST_SESSIONS, then a 32-bit value will be present in the

command/response buffer to indicate the size of the authorization field or the parameter field. This value

shall immediately follow the handle area (which may contain no handles). For a command, this value

(authorizationSize) indicates the size of the Authorization Area and shall have a value of 9 or more. For a

response, this value (parameterSize) indicates the size of the parameter area and may have a value of

zero.

If the authorizationSize field is present in the command, parameterSize will be present in the response,

but only if the responseCode is TPM_RC_SUCCESS.

When authorization is required to use the TPM entity associated with a handle, then at least one session

will be present. To indicate this, the command tag Description field contains TPM_ST_SESSIONS.

Addional sessions for audit, encrypt, and decrypt may be present.

When the command tag Description field contains TPM_ST_NO_SESSIONS, then no sessions are

allowed and the authorizationSize field is not present.

When a command allows use of sessions when not required, the command tag Description field will

indicate the types of sessions that may be used with the command.

4.4 Return Code Alias

For the RC_FMT1 return codes that may add a parameter, handle, or session number, the prefix

TPM_RCS_ is an alias for TPM_RC_.

TPM_RC_n is added, where n is the parameter, handle, or session number. In addition, TPM_RC_H is

added for handle, TPM_RC_P for parameter, and TPM_RC_S for session errors.

NOTE TPM_RCS_ is a programming convention. Programmers should only add numbers to

TPM_RCS_ return codes, never TPM_RC_ return codes. Only return codes that can have a

number added have the TPM_RCS_ alias defined. Attempting to use a TPM_RCS_ return code

that does not have the TPM_RCS_ alias will cause a compiler error.

EXAMPLE 1 Since TPM_RC_VALUE can have a number added, TPM_RCS_VALUE is defined. A

program can use the construct "TPM_RCS_VALUE + number". Since TPM_RC_SIGNATURE

cannot have a number added, TPM_RCS_SIGNATURE is not defined. A program using the

construct "TPM_RCS_SIGNATURE + number" will not compile, alerting the programmer that the

construct is incorrect.

By convention, the number to be added is of the form RC_CommandName_ParameterName where

CommmandName is the name of the command with the TPM2_ prefix removed. The parameter name

alone is insufficient because the same parameter name could be in a different position in different

commands.

Trusted Platform Module Library Part 3: Commands

Family “2.0” TCG Published Page 5

EXAMPLE 2 TPM2_HMAC_Start with parameters that result in TPM_ALG_NULL as the hash algorithm will

returns TPM_RC_VALUE plus the parameter number. Since hashAlg is the second parameter,

This code results:

#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2)

return TPM_RCS_VALUE + RC_HMAC_Start_hashAlg;

5 Command Processing

5.1 Introduction

This clause defines the command validations that are required of any implementation and the response

code returned if the indicated check fails. Unless stated otherwise, the order of the checks is not

normative and different TPM may give different responses when a command has multiple errors.

In the description below, some statements that describe a check may be followed by a response code in

parentheses. This is the normative response code should the indicated check fail. A normative response

code may also be included in the statement.

5.2 Command Header Validation

Before a TPM may begin the actions associated with a command, a set of command format and

consistency checks shall be performed. These checks are listed below and should be performed in the

indicated order.

The TPM shall successfully unmarshal a TPMI_ST_COMMAND_TAG and verify that it is either

TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS (TPM_RC_BAD_TAG).

The TPM shall successfully unmarshal a UINT32 as the commandSize. If the TPM has an interface

buffer that is loaded by some hardware process, the number of octets in the input buffer for the

command reported by the hardware process shall exactly match the value in commandSize

(TPM_RC_COMMAND_SIZE).

NOTE A TPM may have direct access to system memory and unmarshal directly from that memory.

The TPM shall successfully unmarshal a TPM_CC and verify that the command is implemented

(TPM_RC_COMMAND_CODE).

5.3 Mode Checks

The following mode checks shall be performed in the order listed:

If the TPM is in Failure mode, then the commandCode is TPM_CC_GetTestResult or

TPM_CC_GetCapability (TPM_RC_FAILURE) and the command tag is TPM_ST_NO_SESSIONS

(TPM_RC_FAILURE).

NOTE 1 In Failure mode, the TPM has no cryptographic capability and processing of sessions is not

supported.

The TPM is in Field Upgrade mode (FUM), the commandCode is TPM_CC_FieldUpgradeData

(TPM_RC_UPGRADE).

If the TPM has not been initialized (TPM2_Startup()), then the commandCode is TPM_CC_Startup

(TPM_RC_INITIALIZE).

NOTE 2 The TPM may enter Failure mode during _TPM_Init processing, before TPM2_Startup(). Since

the platform firmware cannot know that the TPM is in Failure mode without accessing it, and

since the first command is required to be TPM2_Startup(), the expected sequence will be that

Trusted Platform Module Library Part 3: Commands

Family “2.0” TCG Published Page 6

platform firmware (the CRTM) will issue TPM2_Startup() and receive TPM_RC_FAILURE

indicating that the TPM is in Failure mode.

There may be failures where a TPM cannot record that it received TPM2_Startup(). In those

cases, a TPM in failure mode may process TPM2_GetTestResult(), TPM2_GetCapability(), or

the field upgrade commands. As a side effect, that TPM may process TPM2_GetTestResult(),

TPM2_GetCapability() or the field upgrade commands before TPM2_Startup().

This is a corner case exception to the rule that TPM2_Startup() must be the first command.

The mode checks may be performed before or after the command header validation.

5.4 Handle Area Validation

After successfully unmarshaling and validating the command header, the TPM shall perform the following

checks on the handles and sessions. These checks may be performed in any order.

NOTE 1 A TPM is required to perform the handle area validation before the authorization checks because an

authorization cannot be performed unless the authorization values and attributes for the referenced

entity are known by the TPM. For them to be known, the referenced entity must be in the TPM and

accessible.

The TPM shall successfully unmarshal the number of handles required by the command and validate

that the value of the handle is consistent with the command syntax. If not, the TPM shall return

TPM_RC_VALUE.

NOTE 2 The TPM may unmarshal a handle and validate that it references an entity on the TPM before

unmarshaling a subsequent handle.

NOTE 3 If the submitted command contains fewer handles than required by the syntax of the command,

the TPM may continue to read into the next area and attempt to interpret the data as a handle.

For all handles in the handle area of the command, the TPM will validate that the referenced entity is

present in the TPM.

1) If the handle references a transient object, the handle shall reference a loaded object

(TPM_RC_REFERENCE_H0 + N where N is the number of the handle in the command).

NOTE 4 If the hierarchy for a transient object is disabled, then the transient objects will be flushed

so this check will fail.

2) If the handle references a persistent object, then

i) the hierarchy associated with the object (platform or storage, based on the handle value) is

enabled (TPM_RC_HANDLE);

ii) the handle shall reference a persistent object that is currently in TPM non-volatile memory

(TPM_RC_HANDLE);

iii) if the handle references a persistent object that is associated with the endorsement hierarchy,

that the endorsement hierarchy is not disabled (TPM_RC_HANDLE); and

NOTE 5 The reference implementation keeps an internal attribute, passed down from a primary

key to its descendents, indicating the object's hierarchy.

iv) if the TPM implementation moves a persistent object to RAM for command processing then

sufficient RAM space is available (TPM_RC_OBJECT_MEMORY).

3) If the handle references an NV Index, then

i) an Index exists that corresponds to the handle (TPM_RC_HANDLE); and

ii) the hierarchy associated with the existing NV Index is not disabled (TPM_RC_HANDLE).

剩余454页未读，继续阅读

June_Hou

粉丝: 88
资源: 36

TPM2.0命令详解：第三部分

TPM2.0_secure_boot.zip

TPM 2.0 Main part 2

TPM 2.0规范特点

tpm2.0实例探索

tpm2.0 不支持

如何学习TPM2.0标准？

tpm2.0芯片厂家

tpm-rev-2.0-part-3-commands-01.38.pdf

a practical guide to tpm 2.0教材.pdf

tpm 2.0 规范

linux tpm2.0 设备通信样例

在tpm-tss中fapi功能

thinkpade550支持tpm版本2.0吗

tpm2-tss ,tpm2-tools之间关系

linux tpm2.0通信实现样例

linux c tpm2.0 通信样例

tcg_tpm2_r1p59_part1_architecture

TrustedPlatformModuleversion2.0是ESXI哪个版本开始有的功能,告诉我你的依据是什么，以及原文链接

tpm2-abrmd

对源码tpm2-tss-3.2.x\test\integration目录下的main-fapi.c进行调试分析，熟悉TSS FAPI层的基本开发流程

最新资源