1 /* Microsoft Reference Implementation for TPM 2.0 2 * 3 * The copyright in this software is being made available under the BSD License, 4 * included below. This software may be subject to other third party and 5 * contributor rights, including patent rights, and no such rights are granted 6 * under this license. 7 * 8 * Copyright (c) Microsoft Corporation 9 * 10 * All rights reserved. 11 * 12 * BSD License 13 * 14 * Redistribution and use in source and binary forms, with or without modification, 15 * are permitted provided that the following conditions are met: 16 * 17 * Redistributions of source code must retain the above copyright notice, this list 18 * of conditions and the following disclaimer. 19 * 20 * Redistributions in binary form must reproduce the above copyright notice, this 21 * list of conditions and the following disclaimer in the documentation and/or 22 * other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 28 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 31 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 /*(Auto-generated) 36 * Created by TpmPrototypes; Version 3.0 July 18, 2017 37 * Date: Mar 6, 2020 Time: 01:50:11PM 38 */ 39 40 #ifndef _PLATFORM_FP_H_ 41 #define _PLATFORM_FP_H_ 42 43 //** From Cancel.c 44 45 //***_plat__IsCanceled() 46 // Check if the cancel flag is set 47 // Return Type: int 48 // TRUE(1) if cancel flag is set 49 // FALSE(0) if cancel flag is not set 50 LIB_EXPORT int 51 _plat__IsCanceled( 52 void 53 ); 54 55 // Set cancel flag. 56 LIB_EXPORT void 57 _plat__SetCancel( 58 void 59 ); 60 61 //***_plat__ClearCancel() 62 // Clear cancel flag 63 LIB_EXPORT void 64 _plat__ClearCancel( 65 void 66 ); 67 68 69 //** From Clock.c 70 71 //***_plat__TimerReset() 72 // This function sets current system clock time as t0 for counting TPM time. 73 // This function is called at a power on event to reset the clock. When the clock 74 // is reset, the indication that the clock was stopped is also set. 75 LIB_EXPORT void 76 _plat__TimerReset( 77 void 78 ); 79 80 //*** _plat__TimerRestart() 81 // This function should be called in order to simulate the restart of the timer 82 // should it be stopped while power is still applied. 83 LIB_EXPORT void 84 _plat__TimerRestart( 85 void 86 ); 87 88 //*** _plat__RealTime() 89 // This is another, probably futile, attempt to define a portable function 90 // that will return a 64-bit clock value that has mSec resolution. 91 LIB_EXPORT uint64_t 92 _plat__RealTime( 93 void 94 ); 95 96 //***_plat__TimerRead() 97 // This function provides access to the tick timer of the platform. The TPM code 98 // uses this value to drive the TPM Clock. 99 // 100 // The tick timer is supposed to run when power is applied to the device. This timer 101 // should not be reset by time events including _TPM_Init. It should only be reset 102 // when TPM power is re-applied. 103 // 104 // If the TPM is run in a protected environment, that environment may provide the 105 // tick time to the TPM as long as the time provided by the environment is not 106 // allowed to go backwards. If the time provided by the system can go backwards 107 // during a power discontinuity, then the _plat__Signal_PowerOn should call 108 // _plat__TimerReset(). 109 LIB_EXPORT uint64_t 110 _plat__TimerRead( 111 void 112 ); 113 114 //*** _plat__TimerWasReset() 115 // This function is used to interrogate the flag indicating if the tick timer has 116 // been reset. 117 // 118 // If the resetFlag parameter is SET, then the flag will be CLEAR before the 119 // function returns. 120 LIB_EXPORT int 121 _plat__TimerWasReset( 122 void 123 ); 124 125 //*** _plat__TimerWasStopped() 126 // This function is used to interrogate the flag indicating if the tick timer has 127 // been stopped. If so, this is typically a reason to roll the nonce. 128 // 129 // This function will CLEAR the s_timerStopped flag before returning. This provides 130 // functionality that is similar to status register that is cleared when read. This 131 // is the model used here because it is the one that has the most impact on the TPM 132 // code as the flag can only be accessed by one entity in the TPM. Any other 133 // implementation of the hardware can be made to look like a read-once register. 134 LIB_EXPORT int 135 _plat__TimerWasStopped( 136 void 137 ); 138 139 //***_plat__ClockAdjustRate() 140 // Adjust the clock rate 141 LIB_EXPORT void 142 _plat__ClockAdjustRate( 143 int adjust // IN: the adjust number. It could be positive 144 // or negative 145 ); 146 147 148 //** From DebugHelpers.c 149 150 #if CERTIFYX509_DEBUG 151 152 //*** DebugFileInit() 153 // This function opens the file used to hold the debug data. 154 // Return Type: int 155 // 0 success 156 // != 0 error 157 int 158 DebugFileInit( 159 void 160 ); 161 162 //*** DebugDumpBuffer() 163 void 164 DebugDumpBuffer( 165 int size, 166 unsigned char *buf, 167 const char *identifier 168 ); 169 #endif // CERTIFYX509_DEBUG 170 171 172 //** From Entropy.c 173 174 //*** _plat__GetEntropy() 175 // This function is used to get available hardware entropy. In a hardware 176 // implementation of this function, there would be no call to the system 177 // to get entropy. 178 // Return Type: int32_t 179 // < 0 hardware failure of the entropy generator, this is sticky 180 // >= 0 the returned amount of entropy (bytes) 181 // 182 LIB_EXPORT int32_t 183 _plat__GetEntropy( 184 unsigned char *entropy, // output buffer 185 uint32_t amount // amount requested 186 ); 187 188 189 //** From LocalityPlat.c 190 191 //***_plat__LocalityGet() 192 // Get the most recent command locality in locality value form. 193 // This is an integer value for locality and not a locality structure 194 // The locality can be 0-4 or 32-255. 5-31 is not allowed. 195 LIB_EXPORT unsigned char 196 _plat__LocalityGet( 197 void 198 ); 199 200 //***_plat__LocalitySet() 201 // Set the most recent command locality in locality value form 202 LIB_EXPORT void 203 _plat__LocalitySet( 204 unsigned char locality 205 ); 206 207 208 //** From NVMem.c 209 210 //*** _plat__NvErrors() 211 // This function is used by the simulator to set the error flags in the NV 212 // subsystem to simulate an error in the NV loading process 213 LIB_EXPORT void 214 _plat__NvErrors( 215 int recoverable, 216 int unrecoverable 217 ); 218 219 //***_plat__NVEnable() 220 // Enable NV memory. 221 // 222 // This version just pulls in data from a file. In a real TPM, with NV on chip, 223 // this function would verify the integrity of the saved context. If the NV 224 // memory was not on chip but was in something like RPMB, the NV state would be 225 // read in, decrypted and integrity checked. 226 // 227 // The recovery from an integrity failure depends on where the error occurred. It 228 // it was in the state that is discarded by TPM Reset, then the error is 229 // recoverable if the TPM is reset. Otherwise, the TPM must go into failure mode. 230 // Return Type: int 231 // 0 if success 232 // > 0 if receive recoverable error 233 // <0 if unrecoverable error 234 LIB_EXPORT int 235 _plat__NVEnable( 236 void *platParameter // IN: platform specific parameters 237 ); 238 239 //***_plat__NVDisable() 240 // Disable NV memory 241 LIB_EXPORT void 242 _plat__NVDisable( 243 int delete // IN: If TRUE, delete the NV contents. 244 ); 245 246 //***_plat__IsNvAvailable() 247 // Check if NV is available 248 // Return Type: int 249 // 0 NV is available 250 // 1 NV is not available due to write failure 251 // 2 NV is not available due to rate limit 252 LIB_EXPORT int 253 _plat__IsNvAvailable( 254 void 255 ); 256 257 //***_plat__NvMemoryRead() 258 // Function: Read a chunk of NV memory 259 LIB_EXPORT void 260 _plat__NvMemoryRead( 261 unsigned int startOffset, // IN: read start 262 unsigned int size, // IN: size of bytes to read 263 void *data // OUT: data buffer 264 ); 265 266 //*** _plat__NvIsDifferent() 267 // This function checks to see if the NV is different from the test value. This is 268 // so that NV will not be written if it has not changed. 269 // Return Type: int 270 // TRUE(1) the NV location is different from the test value 271 // FALSE(0) the NV location is the same as the test value 272 LIB_EXPORT int 273 _plat__NvIsDifferent( 274 unsigned int startOffset, // IN: read start 275 unsigned int size, // IN: size of bytes to read 276 void *data // IN: data buffer 277 ); 278 279 //***_plat__NvMemoryWrite() 280 // This function is used to update NV memory. The "write" is to a memory copy of 281 // NV. At the end of the current command, any changes are written to 282 // the actual NV memory. 283 // NOTE: A useful optimization would be for this code to compare the current 284 // contents of NV with the local copy and note the blocks that have changed. Then 285 // only write those blocks when _plat__NvCommit() is called. 286 LIB_EXPORT int 287 _plat__NvMemoryWrite( 288 unsigned int startOffset, // IN: write start 289 unsigned int size, // IN: size of bytes to write 290 void *data // OUT: data buffer 291 ); 292 293 //***_plat__NvMemoryClear() 294 // Function is used to set a range of NV memory bytes to an implementation-dependent 295 // value. The value represents the erase state of the memory. 296 LIB_EXPORT void 297 _plat__NvMemoryClear( 298 unsigned int start, // IN: clear start 299 unsigned int size // IN: number of bytes to clear 300 ); 301 302 //***_plat__NvMemoryMove() 303 // Function: Move a chunk of NV memory from source to destination 304 // This function should ensure that if there overlap, the original data is 305 // copied before it is written 306 LIB_EXPORT void 307 _plat__NvMemoryMove( 308 unsigned int sourceOffset, // IN: source offset 309 unsigned int destOffset, // IN: destination offset 310 unsigned int size // IN: size of data being moved 311 ); 312 313 //***_plat__NvCommit() 314 // This function writes the local copy of NV to NV for permanent store. It will write 315 // NV_MEMORY_SIZE bytes to NV. If a file is use, the entire file is written. 316 // Return Type: int 317 // 0 NV write success 318 // non-0 NV write fail 319 LIB_EXPORT int 320 _plat__NvCommit( 321 void 322 ); 323 324 //***_plat__SetNvAvail() 325 // Set the current NV state to available. This function is for testing purpose 326 // only. It is not part of the platform NV logic 327 LIB_EXPORT void 328 _plat__SetNvAvail( 329 void 330 ); 331 332 //***_plat__ClearNvAvail() 333 // Set the current NV state to unavailable. This function is for testing purpose 334 // only. It is not part of the platform NV logic 335 LIB_EXPORT void 336 _plat__ClearNvAvail( 337 void 338 ); 339 340 //*** _plat__NVNeedsManufacture() 341 // This function is used by the simulator to determine when the TPM's NV state 342 // needs to be manufactured. 343 LIB_EXPORT int 344 _plat__NVNeedsManufacture( 345 void 346 ); 347 348 349 //** From PlatformACT.c 350 351 //*** _plat__ACT_GetImplemented() 352 // This function tests to see if an ACT is implemented. It is a belt and suspenders 353 // function because the TPM should not be calling to manipulate an ACT that is not 354 // implemented. However, this could help the simulator code which doesn't necessarily 355 // know if an ACT is implemented or not. 356 LIB_EXPORT int 357 _plat__ACT_GetImplemented( 358 uint32_t act 359 ); 360 361 //*** _plat__ACT_GetRemaining() 362 // This function returns the remaining time. If an update is pending, 'newValue' is 363 // returned. Otherwise, the current counter value is returned. Note that since the 364 // timers keep running, the returned value can get stale immediately. The actual count 365 // value will be no greater than the returned value. 366 LIB_EXPORT uint32_t 367 _plat__ACT_GetRemaining( 368 uint32_t act //IN: the ACT selector 369 ); 370 371 //*** _plat__ACT_GetSignaled() 372 LIB_EXPORT int 373 _plat__ACT_GetSignaled( 374 uint32_t act //IN: number of ACT to check 375 ); 376 377 //*** _plat__ACT_SetSignaled() 378 LIB_EXPORT void 379 _plat__ACT_SetSignaled( 380 uint32_t act, 381 int on 382 ); 383 384 //*** _plat__ACT_GetPending() 385 LIB_EXPORT int 386 _plat__ACT_GetPending( 387 uint32_t act //IN: number of ACT to check 388 ); 389 390 //*** _plat__ACT_UpdateCounter() 391 // This function is used to write the newValue for the counter. If an update is 392 // pending, then no update occurs and the function returns FALSE. If 'setSignaled' 393 // is TRUE, then the ACT signaled state is SET and if 'newValue' is 0, nothing 394 // is posted. 395 LIB_EXPORT int 396 _plat__ACT_UpdateCounter( 397 uint32_t act, // IN: ACT to update 398 uint32_t newValue // IN: the value to post 399 ); 400 401 //***_plat__ACT_EnableTicks() 402 // This enables and disables the processing of the once-per-second ticks. This should 403 // be turned off ('enable' = FALSE) by _TPM_Init and turned on ('enable' = TRUE) by 404 // TPM2_Startup() after all the initializations have completed. 405 LIB_EXPORT void 406 _plat__ACT_EnableTicks( 407 int enable 408 ); 409 410 //*** _plat__ACT_Tick() 411 // This processes the once-per-second clock tick from the hardware. This is set up 412 // for the simulator to use the control interface to send ticks to the TPM. These 413 // ticks do not have to be on a per second basis. They can be as slow or as fast as 414 // desired so that the simulation can be tested. 415 LIB_EXPORT void 416 _plat__ACT_Tick( 417 void 418 ); 419 420 //***_plat__ACT_Initialize() 421 // This function initializes the ACT hardware and data structures 422 LIB_EXPORT int 423 _plat__ACT_Initialize( 424 void 425 ); 426 427 428 //** From PowerPlat.c 429 430 //***_plat__Signal_PowerOn() 431 // Signal platform power on 432 LIB_EXPORT int 433 _plat__Signal_PowerOn( 434 void 435 ); 436 437 //*** _plat__WasPowerLost() 438 // Test whether power was lost before a _TPM_Init. 439 // 440 // This function will clear the "hardware" indication of power loss before return. 441 // This means that there can only be one spot in the TPM code where this value 442 // gets read. This method is used here as it is the most difficult to manage in the 443 // TPM code and, if the hardware actually works this way, it is hard to make it 444 // look like anything else. So, the burden is placed on the TPM code rather than the 445 // platform code 446 // Return Type: int 447 // TRUE(1) power was lost 448 // FALSE(0) power was not lost 449 LIB_EXPORT int 450 _plat__WasPowerLost( 451 void 452 ); 453 454 //*** _plat_Signal_Reset() 455 // This a TPM reset without a power loss. 456 LIB_EXPORT int 457 _plat__Signal_Reset( 458 void 459 ); 460 461 //***_plat__Signal_PowerOff() 462 // Signal platform power off 463 LIB_EXPORT void 464 _plat__Signal_PowerOff( 465 void 466 ); 467 468 469 //** From PPPlat.c 470 471 //***_plat__PhysicalPresenceAsserted() 472 // Check if physical presence is signaled 473 // Return Type: int 474 // TRUE(1) if physical presence is signaled 475 // FALSE(0) if physical presence is not signaled 476 LIB_EXPORT int 477 _plat__PhysicalPresenceAsserted( 478 void 479 ); 480 481 //***_plat__Signal_PhysicalPresenceOn() 482 // Signal physical presence on 483 LIB_EXPORT void 484 _plat__Signal_PhysicalPresenceOn( 485 void 486 ); 487 488 //***_plat__Signal_PhysicalPresenceOff() 489 // Signal physical presence off 490 LIB_EXPORT void 491 _plat__Signal_PhysicalPresenceOff( 492 void 493 ); 494 495 496 //** From RunCommand.c 497 498 //***_plat__RunCommand() 499 // This version of RunCommand will set up a jum_buf and call ExecuteCommand(). If 500 // the command executes without failing, it will return and RunCommand will return. 501 // If there is a failure in the command, then _plat__Fail() is called and it will 502 // longjump back to RunCommand which will call ExecuteCommand again. However, this 503 // time, the TPM will be in failure mode so ExecuteCommand will simply build 504 // a failure response and return. 505 LIB_EXPORT void 506 _plat__RunCommand( 507 uint32_t requestSize, // IN: command buffer size 508 unsigned char *request, // IN: command buffer 509 uint32_t *responseSize, // IN/OUT: response buffer size 510 unsigned char **response // IN/OUT: response buffer 511 ); 512 513 //***_plat__Fail() 514 // This is the platform depended failure exit for the TPM. 515 LIB_EXPORT NORETURN void 516 _plat__Fail( 517 void 518 ); 519 520 521 //** From Unique.c 522 523 //** _plat__GetUnique() 524 // This function is used to access the platform-specific unique value. 525 // This function places the unique value in the provided buffer ('b') 526 // and returns the number of bytes transferred. The function will not 527 // copy more data than 'bSize'. 528 // NOTE: If a platform unique value has unequal distribution of uniqueness 529 // and 'bSize' is smaller than the size of the unique value, the 'bSize' 530 // portion with the most uniqueness should be returned. 531 LIB_EXPORT uint32_t 532 _plat__GetUnique( 533 uint32_t which, // authorities (0) or details 534 uint32_t bSize, // size of the buffer 535 unsigned char *b // output buffer 536 ); 537 538 #endif // _PLATFORM_FP_H_ 539