Trusted Platform Module Library
Part 2: Structures
Family “2.0”
Level 00 Revision 00.99
October 31, 2013
Contact: admin@trustedcomputinggroup.org
Published
Copyright © TCG 2006-2013
TCG
�Part 2: Structures
Trusted Platform Module Library
Licenses and Notices
1. Copyright Licenses:
Trusted Computing Group (TCG) grants to the user of the source code in this specification (the
“Source Code”) a worldwide, irrevocable, nonexclusive, royalty free, copyright license to
reproduce, create derivative works, distribute, display and perform the Source Code and
derivative works thereof, and to grant others the rights granted herein.
The TCG grants to the user of the other parts of the specification (other than the Source Code)
the rights to reproduce, distribute, display, and perform the specification solely for the purpose of
developing products based on such documents.
2. Source Code Distribution Conditions:
Redistributions of Source Code must retain the above copyright licenses, this list of conditions
and the following disclaimers.
Redistributions in binary form must reproduce the above copyright licenses, this list of conditions
and the following disclaimers in the documentation and/or other materials provided with the
distribution.
3. Disclaimers:
THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF
LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH
RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES)
THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.
Contact TCG Administration (admin@trustedcomputinggroup.org) for information on specification
licensing rights available through TCG membership agreements.
THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES
WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF
INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY OTHERWISE ARISING OUT OF
ANY PROPOSAL, SPECIFICATION OR SAMPLE.
Without limitation, TCG and its members and licensors disclaim all liability, including liability for
infringement of any proprietary rights, relating to use of information in this specification and to the
implementation of this specification, and TCG disclaims all liability for cost of procurement of
substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential,
direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in
any way out of use or reliance upon this specification or any information herein.
Any marks and brands contained herein are the property of their respective owners.
Page ii
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
CONTENTS
1
Scope .................................................................................................................................................... 1
2
Terms and definitions ............................................................................................................................ 1
3
Symbols and abbreviated terms ............................................................................................................ 1
4
Notation ................................................................................................................................................. 1
4.1
Introduction ................................................................................................................................ 1
4.2
Named Constants ...................................................................................................................... 2
4.3
Data Type Aliases (typedefs) .................................................................................................... 3
4.4
Enumerations............................................................................................................................. 3
4.5
Interface Type ............................................................................................................................ 4
4.6
Arrays ........................................................................................................................................ 5
4.7
Structure Definitions .................................................................................................................. 6
4.8
Conditional Types ...................................................................................................................... 7
4.9
Unions........................................................................................................................................ 8
4.9.1
Introduction...................................................................................................................... 8
4.9.2
Union Definition ............................................................................................................... 8
4.9.3
Union Instance ................................................................................................................ 9
4.9.4
Union Selector Definition ............................................................................................... 10
4.10 Bit Field Definitions .................................................................................................................. 11
4.11 Parameter Limits ..................................................................................................................... 11
4.12 Enumeration Macro ................................................................................................................. 13
4.13 Size Checking .......................................................................................................................... 13
4.14 Data Direction .......................................................................................................................... 14
4.15 Structure Validations ............................................................................................................... 14
4.16 Name Prefix Convention .......................................................................................................... 14
4.17 Data Alignment ........................................................................................................................ 15
4.18 Parameter Unmarshaling Errors .............................................................................................. 15
5
Base Types ......................................................................................................................................... 17
5.1
Primitive Types ........................................................................................................................ 17
5.2
Miscellaneous Types ............................................................................................................... 17
6
Constants ............................................................................................................................................ 18
6.1
TPM_SPEC (Specification Version Values) ............................................................................ 18
6.2
TPM_GENERATED ................................................................................................................. 18
6.3
TPM_ALG_ID .......................................................................................................................... 19
6.4
TPM_ECC_CURVE ................................................................................................................. 22
6.5
TPM_CC (Command Codes) .................................................................................................. 22
6.5.1
Format ........................................................................................................................... 22
6.5.2
Description .................................................................................................................... 23
6.5.3
TPM_CC Listing ............................................................................................................ 24
6.6
TPM_RC (Response Codes) ................................................................................................... 28
6.6.1
Description .................................................................................................................... 28
6.6.2
Response Code Formats .............................................................................................. 29
6.6.3
TPM_RC Values ........................................................................................................... 32
6.7
TPM_CLOCK_ADJUST ........................................................................................................... 37
6.8
TPM_EO (EA Arithmetic Operands) ........................................................................................ 37
6.9
TPM_ST (Structure Tags) ....................................................................................................... 38
6.10 TPM_SU (Startup Type) .......................................................................................................... 40
6.11 TPM_SE (Session Type) ......................................................................................................... 40
6.12 TPM_CAP (Capabilities) .......................................................................................................... 41
6.13 TPM_PT (Property Tag) .......................................................................................................... 41
6.14 TPM_PT_PCR (PCR Property Tag) ........................................................................................ 47
6.15 TPM_PS (Platform Specific) .................................................................................................... 49
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page iii
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
7
Handles ............................................................................................................................................... 50
7.1
Introduction .............................................................................................................................. 50
7.2
TPM_HT (Handle Types) ......................................................................................................... 50
7.3
Persistent Handle Sub-ranges................................................................................................. 51
7.4
TPM_RH (Permanent Handles)............................................................................................... 52
7.5
TPM_HC (Handle Value Constants) ....................................................................................... 53
8
Attribute Structures .............................................................................................................................. 55
8.1
Description ............................................................................................................................... 55
8.2
TPMA_ALGORITHM ............................................................................................................... 55
8.3
TPMA_OBJECT (Object Attributes) ........................................................................................ 55
8.3.1
Introduction.................................................................................................................... 55
8.3.2
Structure Definition ........................................................................................................ 56
8.3.3
Attribute Descriptions .................................................................................................... 57
8.3.3.1
Introduction ............................................................................................................ 57
8.3.3.2
Bit[1] – fixedTPM ................................................................................................... 57
8.3.3.3
Bit[2] – stClear ....................................................................................................... 58
8.3.3.4
Bit[4] – fixedParent ................................................................................................ 58
8.3.3.5
Bit[5] – sensitiveDataOrigin ................................................................................... 58
8.3.3.6
Bit[6] – userWithAuth............................................................................................. 59
8.3.3.7
Bit[7] – adminWithPolicy........................................................................................ 59
8.3.3.8
Bit[10] – noDA ....................................................................................................... 59
8.3.3.9
Bit[11] – encryptedDuplication .............................................................................. 60
8.3.3.10
Bit[16] – restricted ................................................................................................. 60
8.3.3.11
Bit[17] – decrypt .................................................................................................... 61
8.3.3.12
Bit[18] – sign .......................................................................................................... 61
8.4
TPMA_SESSION (Session Attributes) .................................................................................... 62
8.5
TPMA_LOCALITY (Locality Attribute) ..................................................................................... 63
8.6
TPMA_PERMANENT .............................................................................................................. 64
8.7
TPMA_STARTUP_CLEAR ...................................................................................................... 65
8.8
TPMA_MEMORY .................................................................................................................... 66
8.9
TPMA_CC (Command Code Attributes) ................................................................................. 67
8.9.1
Introduction.................................................................................................................... 67
8.9.2
Structure Definition ........................................................................................................ 67
8.9.3
Field Descriptions .......................................................................................................... 67
8.9.3.1
Bits[15:0] – commandIndex ................................................................................... 67
8.9.3.2
Bit[22] – nv ............................................................................................................ 67
8.9.3.3
Bit[23] – extensive ................................................................................................. 67
8.9.3.4
Bit[24] – flushed ..................................................................................................... 68
8.9.3.5
Bits[27:25] – cHandles .......................................................................................... 68
8.9.3.6
Bit[28] – rHandle .................................................................................................... 68
8.9.3.7
Bit[29] – V .............................................................................................................. 69
8.9.3.8
Bits[31:30] – Res ................................................................................................... 69
9
Interface Types .................................................................................................................................... 70
9.1
Introduction .............................................................................................................................. 70
9.2
TPMI_YES_NO ....................................................................................................................... 70
9.3
TPMI_DH_OBJECT ................................................................................................................. 70
9.4
TPMI_DH_PERSISTENT ........................................................................................................ 71
9.5
TPMI_DH_ENTITY .................................................................................................................. 71
9.6
TPMI_DH_PCR ....................................................................................................................... 72
9.7
TPMI_SH_AUTH_SESSION ................................................................................................... 72
9.8
TPMI_SH_HMAC .................................................................................................................... 72
9.9
TPMI_SH_POLICY .................................................................................................................. 72
9.10 TPMI_DH_CONTEXT .............................................................................................................. 73
9.11 TPMI_RH_HIERARCHY .......................................................................................................... 73
9.12 TPMI_RH_ENABLES .............................................................................................................. 73
Page iv
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
9.13
9.14
9.15
9.16
9.17
9.18
9.19
9.20
9.21
9.22
9.23
9.24
9.25
9.26
9.27
9.28
9.29
9.30
10
Part 2: Structures
TPMI_RH_HIERARCHY_AUTH .............................................................................................. 74
TPMI_RH_PLATFORM ........................................................................................................... 74
TPMI_RH_OWNER ................................................................................................................. 74
TPMI_RH_ENDORSEMENT ................................................................................................... 75
TPMI_RH_PROVISION ........................................................................................................... 75
TPMI_RH_CLEAR ................................................................................................................... 75
TPMI_RH_NV_AUTH .............................................................................................................. 76
TPMI_RH_LOCKOUT ............................................................................................................. 76
TPMI_RH_NV_INDEX ............................................................................................................. 76
TPMI_ALG_HASH ................................................................................................................... 77
TPMI_ALG_ASYM (Asymmetric Algorithms) .......................................................................... 77
TPMI_ALG_SYM (Symmetric Algorithms) .............................................................................. 78
TPMI_ALG_SYM_OBJECT ..................................................................................................... 78
TPMI_ALG_SYM_MODE ........................................................................................................ 79
TPMI_ALG_KDF (Key and Mask Generation Functions) ........................................................ 79
TPMI_ALG_SIG_SCHEME ..................................................................................................... 80
TPMI_ECC_KEY_EXCHANGE ............................................................................................... 80
TPMI_ST_COMMAND_TAG ................................................................................................... 80
Structure Definitions ............................................................................................................................ 81
10.1 TPMS_ALGORITHM_DESCRIPTION .................................................................................... 81
10.2 Hash/Digest Structures ............................................................................................................ 81
10.2.1
TPMU_HA (Hash) ......................................................................................................... 81
10.2.2
TPMT_HA...................................................................................................................... 82
10.3 Sized Buffers ........................................................................................................................... 82
10.3.1
Introduction.................................................................................................................... 82
10.3.2
TPM2B_DIGEST ........................................................................................................... 83
10.3.3
TPM2B_DATA ............................................................................................................... 83
10.3.4
TPM2B_NONCE ........................................................................................................... 83
10.3.5
TPM2B_AUTH .............................................................................................................. 83
10.3.6
TPM2B_OPERAND ...................................................................................................... 84
10.3.7
TPM2B_EVENT ............................................................................................................ 84
10.3.8
TPM2B_MAX_BUFFER ................................................................................................ 84
10.3.9
TPM2B_MAX_NV_BUFFER ......................................................................................... 84
10.3.10 TPM2B_TIMEOUT ........................................................................................................ 85
10.3.11 TPM2B_IV ..................................................................................................................... 85
10.4 Names ..................................................................................................................................... 85
10.4.1
Introduction.................................................................................................................... 85
10.4.2
TPMU_NAME ................................................................................................................ 85
10.4.3
TPM2B_NAME .............................................................................................................. 86
10.5 PCR Structures ........................................................................................................................ 86
10.5.1
TPMS_PCR_SELECT ................................................................................................... 86
10.5.2
TPMS_PCR_SELECTION ............................................................................................ 87
10.6 Tickets ..................................................................................................................................... 87
10.6.1
Introduction.................................................................................................................... 87
10.6.2
A NULL Ticket ............................................................................................................... 88
10.6.3
TPMT_TK_CREATION ................................................................................................. 89
10.6.4
TPMT_TK_VERIFIED ................................................................................................... 90
10.6.5
TPMT_TK_AUTH .......................................................................................................... 91
10.6.6
TPMT_TK_HASHCHECK ............................................................................................. 92
10.7 Property Structures .................................................................................................................. 92
10.7.1
TPMS_ALG_PROPERTY ............................................................................................. 92
10.7.2
TPMS_TAGGED_PROPERTY ..................................................................................... 92
10.7.3
TPMS_TAGGED_PCR_SELECT ................................................................................. 93
10.8 Lists ......................................................................................................................................... 93
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page v
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.8.1
TPML_CC...................................................................................................................... 93
10.8.2
TPML_CCA ................................................................................................................... 94
10.8.3
TPML_ALG.................................................................................................................... 94
10.8.4
TPML_HANDLE ............................................................................................................ 94
10.8.5
TPML_DIGEST ............................................................................................................. 95
10.8.6
TPML_DIGEST_VALUES ............................................................................................. 95
10.8.7
TPM2B_DIGEST_VALUES........................................................................................... 95
10.8.8
TPML_PCR_SELECTION............................................................................................. 96
10.8.9
TPML_ALG_PROPERTY.............................................................................................. 96
10.8.10 TPML_TAGGED_TPM_PROPERTY ............................................................................ 96
10.8.11 TPML_TAGGED_PCR_PROPERTY ............................................................................ 97
10.8.12 TPML_ECC_CURVE .................................................................................................... 97
10.9 Capabilities Structures ............................................................................................................. 97
10.9.1
TPMU_CAPABILITIES .................................................................................................. 97
10.9.2
TPMS_CAPABILITY_DATA .......................................................................................... 98
10.10 Clock/Counter Structures ........................................................................................................ 98
10.10.1 TPMS_CLOCK_INFO ................................................................................................... 98
10.10.2 Clock ............................................................................................................................. 98
10.10.3 ResetCount ................................................................................................................... 98
10.10.4 RestartCount ................................................................................................................. 99
10.10.5 Safe ............................................................................................................................... 99
10.10.6 TPMS_TIME_INFO ....................................................................................................... 99
10.11 TPM Attestation Structures .................................................................................................... 100
10.11.1 Introduction.................................................................................................................. 100
10.11.2 TPMS_TIME_ATTEST_INFO ..................................................................................... 100
10.11.3 TPMS_CERTIFY_INFO .............................................................................................. 100
10.11.1 TPMS_QUOTE_INFO ................................................................................................. 100
10.11.2 TPMS_COMMAND_AUDIT_INFO .............................................................................. 101
10.11.3 TPMS_SESSION_AUDIT_INFO ................................................................................. 101
10.11.4 TPMS_CREATION_INFO ........................................................................................... 101
10.11.5 TPMS_NV_CERTIFY_INFO ....................................................................................... 101
10.11.6 TPMI_ST_ATTEST ..................................................................................................... 102
10.11.7 TPMU_ATTEST .......................................................................................................... 102
10.11.8 TPMS_ATTEST .......................................................................................................... 103
10.11.9 TPM2B_ATTEST ........................................................................................................ 103
10.12 Authorization Structures ........................................................................................................ 104
10.12.1 TPMS_AUTH_COMMAND ......................................................................................... 104
10.12.2 TPMS_AUTH_RESPONSE ........................................................................................ 104
11
Algorithm Parameters and Structures ............................................................................................... 105
11.1 Symmetric .............................................................................................................................. 105
11.1.1
Introduction.................................................................................................................. 105
11.1.2
TPMI_AES_KEY_BITS ............................................................................................... 105
11.1.3
TPMI_SM4_KEY_BITS ............................................................................................... 105
11.1.4
TPMU_SYM_KEY_BITS ............................................................................................. 106
11.1.5
TPMU_SYM_MODE ................................................................................................... 106
11.1.6
TPMU_SYM_DETAILS ............................................................................................... 107
11.1.7
TPMT_SYM_DEF ....................................................................................................... 107
11.1.8
TPMT_SYM_DEF_OBJECT ....................................................................................... 107
11.1.9
TPM2B_SYM_KEY ..................................................................................................... 108
11.1.10 TPMS_SYMCIPHER_PARMS .................................................................................... 108
11.1.11 TPM2B_SENSITIVE_DATA ........................................................................................ 108
11.1.12 TPMS_SENSITIVE_CREATE ..................................................................................... 109
11.1.13 TPM2B_SENSITIVE_CREATE ................................................................................... 110
11.1.14 TPMS_SCHEME_SIGHASH....................................................................................... 110
11.1.15 TPMI_ALG_HASH_SCHEME ..................................................................................... 110
Page vi
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11.1.16 HMAC_SIG_SCHEME ................................................................................................ 110
11.1.17 TPMS_SCHEME_XOR ............................................................................................... 111
11.1.18 TPMU_SCHEME_HMAC ............................................................................................ 111
11.1.19 TPMT_KEYEDHASH_SCHEME ................................................................................. 111
11.2 Asymmetric ............................................................................................................................ 112
11.2.1
Signing Schemes ........................................................................................................ 112
11.2.1.1
Introduction .......................................................................................................... 112
11.2.1.2
RSA_SIG_SCHEMES ......................................................................................... 112
11.2.1.3
ECC_SIG_SCHEMES ......................................................................................... 112
11.2.1.4
TPMS_SCHEME_ECDAA................................................................................... 112
11.2.1.5
TPMU_SIG_SCHEME......................................................................................... 113
11.2.1.6
TPMT_SIG_SCHEME ......................................................................................... 113
11.2.2
Encryption Schemes ................................................................................................... 114
11.2.2.1
Introduction .......................................................................................................... 114
11.2.2.2
TPMS_SCHEME_OAEP ..................................................................................... 114
11.2.2.3
TPMS_SCHEME_ECDH ..................................................................................... 114
11.2.3
Key Derivation Schemes ............................................................................................. 114
11.2.3.1
Introduction .......................................................................................................... 114
11.2.3.2
TPMS_SCHEME_MGF1 ..................................................................................... 114
11.2.3.3
TPMS_SCHEME_KDF1_SP800_56a ................................................................. 114
11.2.3.4
TPMS_SCHEME_KDF2 ...................................................................................... 115
11.2.3.5
TPMS_SCHEME_KDF1_SP800_108 ................................................................. 115
11.2.3.6
TPMU_KDF_SCHEME........................................................................................ 115
11.2.3.7
TPMT_KDF_SCHEME ........................................................................................ 115
11.2.3.8
TPMI_ALG_ASYM_SCHEME ............................................................................. 116
11.2.3.9
TPMU_ASYM_SCHEME..................................................................................... 116
11.2.3.10 TPMT_ASYM_SCHEME ..................................................................................... 117
11.2.4
RSA ............................................................................................................................. 117
11.2.4.1
TPMI_ALG_RSA_SCHEME ................................................................................ 117
11.2.4.2
TPMT_RSA_SCHEME ........................................................................................ 117
11.2.4.3
TPMI_ALG_RSA_DECRYPT .............................................................................. 118
11.2.4.4
TPMT_RSA_DECRYPT ...................................................................................... 118
11.2.4.5
TPM2B_PUBLIC_KEY_RSA ............................................................................... 118
11.2.4.6
TPMI_RSA_KEY_BITS ....................................................................................... 118
11.2.4.7
TPM2B_PRIVATE_KEY_RSA ............................................................................ 119
11.2.5
ECC ............................................................................................................................. 120
11.2.5.1
TPM2B_ECC_PARAMETER .............................................................................. 120
11.2.5.2
TPMS_ECC_POINT ............................................................................................ 120
11.2.5.3
TPM2B_ECC_POINT .......................................................................................... 120
11.2.5.4
TPMI_ALG_ECC_SCHEME ............................................................................... 121
11.2.5.5
TPMI_ECC_CURVE ............................................................................................ 121
11.2.5.6
TPMT_ECC_SCHEME........................................................................................ 121
11.2.5.7
TPMS_ALGORITHM_DETAIL_ECC ................................................................... 122
11.3 Signatures.............................................................................................................................. 122
11.3.1
TPMS_SIGNATURE_RSASSA .................................................................................. 122
11.3.2
TPMS_SIGNATURE_RSAPSS .................................................................................. 122
11.3.3
TPMS_SIGNATURE_ECDSA ..................................................................................... 123
11.3.4
TPMU_SIGNATURE ................................................................................................... 123
11.3.5
TPMT_SIGNATURE ................................................................................................... 124
11.4 Key/Secret Exchange ............................................................................................................ 124
11.4.1
Introduction.................................................................................................................. 124
11.4.2
TPMU_ENCRYPTED_SECRET ................................................................................. 124
11.4.3
TPM2B_ENCRYPTED_SECRET ............................................................................... 125
12
Key/Object Complex.......................................................................................................................... 126
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page vii
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
12.1 Introduction ............................................................................................................................ 126
12.2 Public Area Structures ........................................................................................................... 126
12.2.1
Description .................................................................................................................. 126
12.2.2
TPMI_ALG_PUBLIC ................................................................................................... 126
12.2.3
Type-Specific Parameters ........................................................................................... 126
12.2.3.1
Description .......................................................................................................... 126
12.2.3.2
TPMU_PUBLIC_ID .............................................................................................. 127
12.2.3.3
TPMS_KEYEDHASH_PARMS ........................................................................... 127
12.2.3.4
TPMS_ASYM_PARMS ....................................................................................... 127
12.2.3.5
TPMS_RSA_PARMS .......................................................................................... 128
12.2.3.6
TPMS_ECC_PARMS .......................................................................................... 129
12.2.3.7
TPMU_PUBLIC_PARMS .................................................................................... 129
12.2.3.8
TPMT_PUBLIC_PARMS ..................................................................................... 130
12.2.4
TPMT_PUBLIC ........................................................................................................... 130
12.2.5
TPM2B_PUBLIC ......................................................................................................... 131
12.3 Private Area Structures ......................................................................................................... 131
12.3.1
Introduction.................................................................................................................. 131
12.3.2
Sensitive Data Structures ............................................................................................ 131
12.3.2.1
Introduction .......................................................................................................... 131
12.3.2.2
TPM2B_PRIVATE_VENDOR_SPECIFIC ........................................................... 131
12.3.2.3
TPMU_SENSITIVE_COMPOSITE ...................................................................... 132
12.3.2.4
TPMT_SENSITIVE .............................................................................................. 132
12.3.3
TPM2B_SENSITIVE ................................................................................................... 132
12.3.4
Encryption ................................................................................................................... 133
12.3.5
Integrity........................................................................................................................ 133
12.3.6
_PRIVATE ................................................................................................................... 133
12.3.7
TPM2B_PRIVATE ....................................................................................................... 133
12.4 Identity Object ........................................................................................................................ 134
12.4.1
Description .................................................................................................................. 134
12.4.2
_ID_OBJECT .............................................................................................................. 134
12.4.3
TPM2B_ID_OBJECT .................................................................................................. 134
13
NV Storage Structures ...................................................................................................................... 135
13.1 TPM_NV_INDEX ................................................................................................................... 135
13.2 TPMA_NV (NV Index Attributes) ........................................................................................... 136
13.3 TPMS_NV_PUBLIC ............................................................................................................... 139
13.4 TPM2B_NV_PUBLIC ............................................................................................................. 139
14
Context Data ..................................................................................................................................... 140
14.1 Introduction ............................................................................................................................ 140
14.2 TPM2B_CONTEXT_SENSITIVE........................................................................................... 140
14.3 TPMS_CONTEXT_DATA ...................................................................................................... 140
14.4 TPM2B_CONTEXT_DATA .................................................................................................... 140
14.5 TPMS_CONTEXT ................................................................................................................. 141
14.6 Parameters of TPMS_CONTEXT .......................................................................................... 142
14.6.1
sequence ..................................................................................................................... 142
14.6.2
savedHandle ............................................................................................................... 142
14.6.3
hierarchy...................................................................................................................... 143
14.7 Context Protection ................................................................................................................. 143
14.7.1
Context Integrity .......................................................................................................... 143
14.7.2
Context Confidentiality ................................................................................................ 143
15
Creation Data .................................................................................................................................... 144
15.1 TPMS_CREATION_DATA .................................................................................................... 144
15.2 TPM2B_CREATION_DATA .................................................................................................. 144
Page viii
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Annex A (informative) Algorithm Constants ............................................................................................. 145
A.1
Introduction ............................................................................................................................ 145
A.2
Allowed Hash Algorithms....................................................................................................... 145
A.2.1
SHA1 ........................................................................................................................... 145
A.2.2
SHA256 ....................................................................................................................... 145
A.2.3
SHA384 ....................................................................................................................... 145
A.2.4
SHA512 ....................................................................................................................... 146
A.2.5
SM3_256 ..................................................................................................................... 146
A.3
Architectural Limits ................................................................................................................ 146
Annex B (informative) Implementation Definitions ................................................................................... 147
B.1
Introduction ............................................................................................................................ 147
B.2
Logic Values .......................................................................................................................... 147
B.3
Processor Values .................................................................................................................. 147
B.4
Implemented Algorithms ........................................................................................................ 148
B.5
Implemented Commands ...................................................................................................... 148
B.6
Algorithm Constants .............................................................................................................. 151
B.6.1
RSA ............................................................................................................................. 152
B.6.2
ECC ............................................................................................................................. 152
B.6.3
AES ............................................................................................................................. 152
B.6.4
SM4 ............................................................................................................................. 152
B.6.5
Symmetric ................................................................................................................... 153
B.7
Implementation Specific Values ............................................................................................ 154
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page ix
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Tables
Table 1 — Name Prefix Convention ........................................................................................................... 15
Table 2 — Unmarshaling Errors ................................................................................................................. 16
Table 3 — Definition of Base Types ........................................................................................................... 17
Table 4 — Definition of Types for Documentation Clarity ........................................................................... 17
Table 5 — Definition of (UINT32) TPM_SPEC Constants <> ..................................................................... 18
Table 6 — Definition of (UINT32) TPM_GENERATED Constants <O> ..................................................... 18
Table 7 — Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S> ................................................. 19
Table 8 — Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S> ............................ 22
Table 9 — TPM Command Format Fields Description ............................................................................... 22
Table 10 — Legend for Command Code Tables ........................................................................................ 23
Table 11 — Definition of (UINT32) TPM_CC Constants (Numeric Order) <IN/OUT, S> ........................... 24
Table 12 — Format-Zero Response Codes ................................................................................................ 30
Table 13 — Format-One Response Codes ................................................................................................ 31
Table 14 — Response Code Groupings ..................................................................................................... 31
Table 15 — Definition of (UINT32) TPM_RC Constants (Actions) <OUT> ................................................ 32
Table 16 — Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN> ................................................. 37
Table 17 — Definition of (UINT16) TPM_EO Constants <IN/OUT> ........................................................... 37
Table 18 — Definition of (UINT16) TPM_ST Constants <IN/OUT, S> ....................................................... 38
Table 19 — Definition of (UINT16) TPM_SU Constants <IN> .................................................................... 40
Table 20 — Definition of (UINT8) TPM_SE Constants <IN> ...................................................................... 40
Table 21 — Definition of (UINT32) TPM_CAP Constants .......................................................................... 41
Table 22 — Definition of (UINT32) TPM_PT Constants <IN/OUT, S> ....................................................... 41
Table 23 — Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S> ............................................. 47
Table 24 — Definition of (UINT32) TPM_PS Constants <OUT> ................................................................ 49
Table 25 — Definition of Types for Handles ............................................................................................... 50
Table 26 — Definition of (UINT8) TPM_HT Constants <S> ....................................................................... 50
Table 27 — Definition of (UINT32) TPM_RH Constants <IN, S> ............................................................... 52
Table 28 — Definition of (TPM_HANDLE) TPM_HC Constants <IN, S> ................................................... 54
Table 29 — Definition of (UINT32) TPMA_ALGORITHM Bits .................................................................... 55
Table 30 — Definition of (UINT32) TPMA_OBJECT Bits ........................................................................... 56
Table 31 — Definition of (UINT8) TPMA_SESSION Bits <IN/OUT> .......................................................... 62
Table 32 — Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT> ........................................................ 64
Table 33 — Definition of (UINT32) TPMA_PERMANENT Bits <OUT> ...................................................... 64
Table 34 — Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT> .............................................. 65
Table 35 — Definition of (UINT32) TPMA_MEMORY Bits <Out> .............................................................. 66
Table 36 — Definition of (TPM_CC) TPMA_CC Bits <OUT> ..................................................................... 67
Table 37 — Definition of (BYTE) TPMI_YES_NO Type ............................................................................. 70
Page x
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 38 — Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type........................................................ 70
Table 39 — Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type ............................................... 71
Table 40 — Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN> ................................................ 71
Table 41 — Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN> ..................................................... 72
Table 42 — Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT> ........................ 72
Table 43 — Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT> .......................................... 72
Table 44 — Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT> ....................................... 72
Table 45 — Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type .................................................... 73
Table 46 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type ................................................ 73
Table 47 — Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type ..................................................... 73
Table 48 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN> ............................ 74
Table 49 — Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN> ......................................... 74
Table 50 — Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN> ............................................... 74
Table 51 — Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN> ................................. 75
Table 52 — Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN> ......................................... 75
Table 53 — Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN> ................................................. 75
Table 54 — Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN> ............................................ 76
Table 55 — Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN> ........................................... 76
Table 56 — Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT> .................................. 76
Table 57 — Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type............................................................ 77
Table 58 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type ........................................................... 77
Table 59 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type .............................................................. 78
Table 60 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type ............................................. 78
Table 61 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type ................................................. 79
Table 62 — Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type .............................................................. 79
Table 63 — Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type .............................................. 80
Table 64 — Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type ........................................ 80
Table 65 — Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type .................................................... 80
Table 66 — Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT> .................................... 81
Table 67 — Definition of TPMU_HA Union <IN/OUT, S> ........................................................................... 81
Table 68 — Definition of TPMT_HA Structure <IN/OUT> .......................................................................... 82
Table 69 — Definition of TPM2B_DIGEST Structure ................................................................................. 83
Table 70 — Definition of TPM2B_DATA Structure ..................................................................................... 83
Table 71 — Definition of Types for TPM2B_NONCE ................................................................................. 83
Table 72 — Definition of Types for TPM2B_AUTH .................................................................................... 83
Table 73 — Definition of Types for TPM2B_OPERAND ............................................................................ 84
Table 74 — Definition of TPM2B_EVENT Structure ................................................................................... 84
Table 75 — Definition of TPM2B_MAX_BUFFER Structure ...................................................................... 84
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page xi
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Table 76 — Definition of TPM2B_MAX_NV_BUFFER Structure ............................................................... 84
Table 77 — Definition of TPM2B_TIMEOUT Structure <IN/OUT> ............................................................. 85
Table 78 — Definition of TPM2B_IV Structure <IN/OUT> .......................................................................... 85
Table 79 — Definition of TPMU_NAME Union <> ...................................................................................... 85
Table 80 — Definition of TPM2B_NAME Structure .................................................................................... 86
Table 81 — Definition of TPMS_PCR_SELECT Structure ......................................................................... 87
Table 82 — Definition of TPMS_PCR_SELECTION Structure ................................................................... 87
Table 83 — Values for proof Used in Tickets ............................................................................................. 88
Table 84 — General Format of a Ticket ...................................................................................................... 88
Table 85 — Definition of TPMT_TK_CREATION Structure ........................................................................ 89
Table 86 — Definition of TPMT_TK_VERIFIED Structure .......................................................................... 90
Table 87 — Definition of TPMT_TK_AUTH Structure ................................................................................ 91
Table 88 — Definition of TPMT_TK_HASHCHECK Structure .................................................................... 92
Table 89 — Definition of TPMS_ALG_PROPERTY Structure <OUT> ....................................................... 92
Table 90 — Definition of TPMS_TAGGED_PROPERTY Structure <OUT> ............................................... 92
Table 91 — Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT> ........................................... 93
Table 92 — Definition of TPML_CC Structure ............................................................................................ 93
Table 93 — Definition of TPML_CCA Structure <OUT> ............................................................................. 94
Table 94 — Definition of TPML_ALG Structure .......................................................................................... 94
Table 95 — Definition of TPML_HANDLE Structure <OUT>...................................................................... 94
Table 96 — Definition of TPML_DIGEST Structure .................................................................................... 95
Table 97 — Definition of TPML_DIGEST_VALUES Structure ................................................................... 95
Table 98 — Definition of TPM2B_DIGEST_VALUES Structure ................................................................. 95
Table 99 — Definition of TPML_PCR_SELECTION Structure ................................................................... 96
Table 100 — Definition of TPML_ALG_PROPERTY Structure <OUT> ..................................................... 96
Table 101 — Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT> ................................... 96
Table 102 — Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT> ................................... 97
Table 103 — Definition of {ECC} TPML_ECC_CURVE Structure <OUT> ................................................. 97
Table 104 — Definition of TPMU_CAPABILITIES Union <OUT>............................................................... 97
Table 105 — Definition of TPMS_CAPABILITY_DATA Structure <OUT> ................................................. 98
Table 106 — Definition of TPMS_CLOCK_INFO Structure ........................................................................ 98
Table 107 — Definition of TPMS_TIME_INFO Structure ........................................................................... 99
Table 108 — Definition of TPMS_TIME_ATTEST_INFO Structure <OUT> ............................................. 100
Table 109 — Definition of TPMS_CERTIFY_INFO Structure <OUT> ...................................................... 100
Table 110 — Definition of TPMS_QUOTE_INFO Structure <OUT> ........................................................ 100
Table 111 — Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT> ..................................... 101
Table 112 — Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT> ........................................ 101
Table 113 — Definition of TPMS_CREATION_INFO Structure <OUT> .................................................. 101
Table 114 — Definition of TPMS_NV_CERTIFY_INFO Structure <OUT> ............................................... 101
Page xii
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 115 — Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT> .................................................. 102
Table 116 — Definition of TPMU_ATTEST Union <OUT> ....................................................................... 102
Table 117 — Definition of TPMS_ATTEST Structure <OUT> .................................................................. 103
Table 118 — Definition of TPM2B_ATTEST Structure <OUT> ................................................................ 103
Table 119 — Definition of TPMS_AUTH_COMMAND Structure <IN> ..................................................... 104
Table 120 — Definition of TPMS_AUTH_RESPONSE Structure <OUT> ................................................ 104
Table 121 — Definition of {AES} (TPM_KEY_BITS) TPMI_AES_KEY_BITS Type ................................. 105
Table 122 — Definition of {SM4} (TPM_KEY_BITS) TPMI_SM4_KEY_BITS Type ................................. 105
Table 123 — Definition of TPMU_SYM_KEY_BITS Union ....................................................................... 106
Table 124 — Definition of TPMU_SYM_MODE Union ............................................................................. 106
Table 125 — xDefinition of TPMU_SYM_DETAILS Union ....................................................................... 107
Table 126 — Definition of TPMT_SYM_DEF Structure ............................................................................ 107
Table 127 — Definition of TPMT_SYM_DEF_OBJECT Structure ............................................................ 107
Table 128 — Definition of TPM2B_SYM_KEY Structure .......................................................................... 108
Table 129 — Definition of TPMS_SYMCIPHER_PARMS Structure ........................................................ 108
Table 130 — Definition of TPM2B_SENSITIVE_DATA Structure ............................................................ 108
Table 131 — Definition of TPMS_SENSITIVE_CREATE Structure <IN> ................................................ 109
Table 132 — Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S> .......................................... 110
Table 133 — Definition of TPMS_SCHEME_SIGHASH Structure ........................................................... 110
Table 134 — Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type .......................... 110
Table 135 — Definition of Types for HMAC_SIG_SCHEME .................................................................... 110
Table 136 — Definition of TPMS_SCHEME_XOR Structure ................................................................... 111
Table 137 — Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> .................................... 111
Table 138 — Definition of TPMT_KEYEDHASH_SCHEME Structure ..................................................... 111
Table 139 — Definition of {RSA} Types for RSA_SIG_SCHEMES .......................................................... 112
Table 140 — Definition of {ECC} Types for ECC_SIG_SCHEMES.......................................................... 112
Table 141 — Definition of {ECC} TPMS_SCHEME_ECDAA Structure .................................................... 112
Table 142 — Definition of TPMU_SIG_SCHEME Union <IN/OUT, S> .................................................... 113
Table 143 — Definition of TPMT_SIG_SCHEME Structure ..................................................................... 113
Table 144 — Definition of {RSA} TPMS_SCHEME_OAEP Structure ...................................................... 114
Table 145 — Definition of {ECC} TPMS_SCHEME_ECDH Structure ...................................................... 114
Table 146 — Definition of TPMS_SCHEME_MGF1 Structure ................................................................. 114
Table 147 — Definition of {ECC} TPMS_SCHEME_KDF1_SP800_56a Structure .................................. 114
Table 148 — Definition of TPMS_SCHEME_KDF2 Structure .................................................................. 115
Table 149 — Definition of TPMS_SCHEME_KDF1_SP800_108 Structure ............................................. 115
Table 150 — Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> ................................................... 115
Table 151 — Definition of TPMT_KDF_SCHEME Structure .................................................................... 115
Table 152 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> ................................. 116
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page xiii
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Table 153 — Definition of TPMU_ASYM_SCHEME Union ...................................................................... 116
Table 154 — Definition of TPMT_ASYM_SCHEME Structure <> ............................................................ 117
Table 155 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type .............................. 117
Table 156 — Definition of {RSA} TPMT_RSA_SCHEME Structure ......................................................... 117
Table 157 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type ............................ 118
Table 158 — Definition of {RSA} TPMT_RSA_DECRYPT Structure ....................................................... 118
Table 159 — Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure ................................................ 118
Table 160 — Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type ................................. 119
Table 161 — Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure .............................................. 119
Table 162 — Definition of {ECC} TPM2B_ECC_PARAMETER Structure ............................................... 120
Table 163 — Definition of {ECC} TPMS_ECC_POINT Structure ............................................................. 120
Table 164 — Definition of {ECC} TPM2B_ECC_POINT Structure ........................................................... 120
Table 165 — Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type ............................. 121
Table 166 — Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type ................................ 121
Table 167 — Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure .................. 121
Table 168 — Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT> ....................... 122
Table 169 — Definition of {RSA} TPMS_SIGNATURE_RSASSA Structure ............................................ 122
Table 170 — Definition of {RSA} TPMS_SIGNATURE_RSAPSS Structure ............................................ 123
Table 171 — Definition of {ECC} TPMS_SIGNATURE_ECDSA Structure .............................................. 123
Table 172 — Definition of TPMU_SIGNATURE Union <IN/OUT, S> ....................................................... 123
Table 173 — Definition of TPMT_SIGNATURE Structure ........................................................................ 124
Table 174 — Definition of TPMU_ENCRYPTED_SECRET Union <S> ................................................... 124
Table 175 — Definition of TPM2B_ENCRYPTED_SECRET Structure .................................................... 125
Table 176 — Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type .................................................... 126
Table 177 — Definition of TPMU_PUBLIC_ID Union <IN/OUT, S> ......................................................... 127
Table 178 — Definition of TPMS_KEYEDHASH_PARMS Structure........................................................ 127
Table 179 — Definition of TPMS_ASYM_PARMS Structure <> .............................................................. 128
Table 180 — Definition of {RSA} TPMS_RSA_PARMS Structure ............................................................ 128
Table 181 — Definition of {ECC} TPMS_ECC_PARMS Structure ........................................................... 129
Table 182 — Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> ................................................ 129
Table 183 — Definition of TPMT_PUBLIC_PARMS Structure ................................................................. 130
Table 184 — Definition of TPMT_PUBLIC Structure ................................................................................ 130
Table 185 — Definition of TPM2B_PUBLIC Structure .............................................................................. 131
Table 186 — Definition of {RSA} TPM2B_PRIVATE_VENDOR_SPECIFIC Structure<> ........................ 131
Table 187 — Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S> ................................. 132
Table 188 — Definition of TPMT_SENSITIVE Structure .......................................................................... 132
Table 189 — Definition of TPM2B_SENSITIVE Structure <IN/OUT> ...................................................... 132
Table 190 — Definition of _PRIVATE Structure <> .................................................................................. 133
Table 191 — Definition of TPM2B_PRIVATE Structure <IN/OUT, S> ..................................................... 133
Page xiv
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 192 — Definition of _ID_OBJECT Structure <> .............................................................................. 134
Table 193 — Definition of TPM2B_ID_OBJECT Structure <IN/OUT> ..................................................... 134
Table 194 — Definition of (UINT32) TPM_NV_INDEX Bits <> ................................................................. 135
Table 195 — Options for space Field of TPM_NV_INDEX ....................................................................... 136
Table 196 — Definition of (UINT32) TPMA_NV Bits ................................................................................ 137
Table 197 — Definition of TPMS_NV_PUBLIC Structure ......................................................................... 139
Table 198 — Definition of TPM2B_NV_PUBLIC Structure ....................................................................... 139
Table 199 — Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT> ................................... 140
Table 200 — Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S> .......................................... 140
Table 201 — Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT> ............................................ 140
Table 202 — Definition of TPMS_CONTEXT Structure ........................................................................... 141
Table 203 — Context Handle Values ........................................................................................................ 142
Table 204 — Definition of TPMS_CREATION_DATA Structure <OUT> ................................................. 144
Table 205 — Definition of TPM2B_CREATION_DATA Structure <OUT> ............................................... 144
Table 206 — Defines for SHA1 Hash Values ........................................................................................... 145
Table 207 — Defines for SHA256 Hash Values ....................................................................................... 145
Table 208 — Defines for SHA384 Hash Values ....................................................................................... 145
Table 209 — Defines for SHA512 Hash Values ....................................................................................... 146
Table 210 — Defines for SM3_256 Hash Values ..................................................................................... 146
Table 211 — Defines for Architectural Limits Values ............................................................................... 146
Table 212 — Defines for Logic Values ..................................................................................................... 147
Table 213 — Defines for Processor Values .............................................................................................. 147
Table 214 — Defines for Implemented Algorithms ................................................................................... 148
Table 215 — Defines for Implemented Commands .................................................................................. 149
Table 216 — Defines for RSA Algorithm Constants ................................................................................. 152
Table 217 — Defines for ECC Algorithm Constants ................................................................................. 152
Table 218 — Defines for AES Algorithm Constants ................................................................................. 152
Table 219 — Defines for SM4 Algorithm Constants ................................................................................. 152
Table 220 — Defines for Symmetric Algorithm Constants ....................................................................... 153
Table 221 — Defines for Implementation Values ..................................................................................... 154
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page xv
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Figures
Figure 1 — Command Format .................................................................................................................... 22
Figure 2 — Format-Zero Response Codes ................................................................................................. 29
Figure 3 — Format-One Response Codes ................................................................................................. 30
Figure 4 — TPM 1.2 TPM_NV_INDEX ..................................................................................................... 135
Figure 5 — TPM 2.0 TPM_NV_INDEX ..................................................................................................... 135
Page xvi
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Trusted Platform Module Library
Part 2: Structures
1
Scope
This part of the Trusted Platform Module Library specification contains the definitions of the constants,
flags, structure, and union definitions used to communicate with the TPM. Values defined in this
document are used by the TPM commands defined in part 3: Commands and by the functions in part 4:
Supporting Routines.
NOTE
2
The structures in this document are the canonical form of the structures on the interface. All structures
are "packed" with no octets of padding between structure elements. The TPM-internal form of the
structures is dependent on the processor and compiler for the TPM implementation.
Terms and definitions
For the purposes of this document, the terms and definitions given in part 1 of this specification apply.
3
Symbols and abbreviated terms
For the purposes of this document, the symbols and abbreviated terms given in part 1 apply.
4
4.1
Notation
Introduction
The information in this document is formatted so that it may be converted to standard computer-language
formats by an automated process. The purpose of this automated process is to minimize the transcription
errors that often occur during the conversion process.
For the purposes of this document, the conventions given in Part 1 apply.
In addition, the conventions and notations in this clause describe the representation of various data so
that it is both human readable and amenable to automated processing.
When a table row contains the keyword “reserved” (all lower case) in columns 1 or 2, the tools will not
produce any values for the row in the table.
NOTE 1
In the examples in this clause 4, the unmarshaling routines are shown as returning bool. In the code of
the reference implementation, the return value is a TPM_RC. A bool is used in the examples, because
the meaning of a TPM_RC is not yet defined.
NOTE 2
The unmarshaling code examples are the actual code that would be produced by the automatic code
generator used in the construction of the reference code. The actual code contains additional parameter
checking that is omitted for clarity of the principle being illustrated. Actual examples of the code are found
in Part 4.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 1
October 31, 2013
�Part 2: Structures
4.2
Trusted Platform Module Library
Named Constants
A named constant is a numeric value to which a name has been assigned. In the C language, this is done
with a #define statement. In this specification, a named constant is defined in a table that has a title that
starts with “Definition” and ends with “Constants.”
The table title will indicate the name of the class of constants that are being defined in the table. The title
will include the data type of the constants in parentheses.
The table in Example 1 names a collection of 16-bit constants and Example 2 shows the C code that
might be produced from that table by an automated process.
NOTE
A named constant (#define) has no data type in C and an enumeration would be a better choice for
many of the defined constants. However, the C language does not allow an enumerated type to have a
storage type other than int so the method of using a combination of typedef and #define is used.
EXAMPLE 1
Table xx — Definition of (UINT16) COUNTING Constants
Parameter
Value
Description
first
1
decimal value is implicitly the size of the
second
0x0002
hex value will match the number of bits in the constant
third
3
fourth
0x0004
EXAMPLE 2
/* The C language equivalent of the constants from the table above */
typedef
UINT16
COUNTING;
#define
first
1
#define
second
0x0002
#define
third
3
#define
fourth
0x0004
Page 2
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
4.3
Part 2: Structures
Data Type Aliases (typedefs)
When a group of named items is assigned a type, it is placed in a table that has a title starting with
“Definition of Types.” In this specification, defined types have names that use all upper-case characters.
The table in Example 1 shows how typedefs would be defined in this specification and Example 2 shows
the C-compatible code that might be produced from that table by an automated process.
EXAMPLE 1
Table xx — Definition of Types for Some Purpose
Type
Name
Description
unsigned short
UINT16
UINT16
SOME_TYPE
unsigned long
UINT32
UINT32
LAST_TYPE
EXAMPLE 2
/* C language equivalent of the typedefs from the table above */
typedef unsigned short
UINT16;
typedef UINT16
SOME_TYPE;
typedef unsigned long
UINT32;
typedef UINT32
LAST_TYPE;
4.4
Enumerations
A table that defines an enumerated data type will start with the word “Definition” and end with “Values.”
A value in parenthesis will denote the intrinsic data size of the value and may have the values "INT8",
"UINT8", "INT16", “UINT16”, "INT32", and “UINT32.” If this value is not present, “UINT16” is assumed.
Most C compilers set the type of an enumerated value to be an integer on the machine – often 16 bits –
but this is not always consistent. To ensure interoperability, the enumeration values may not exceed
32,384.
The table in Example 1 shows how an enumeration would be defined in this specification. Example 2
shows the C code that might be produced from that table by an automated process.
EXAMPLE 1
Table xx — Definition of (UINT16) CARD_SUIT Values
Suit Names
Value
CLUBS
0x0000
DIAMONDS
0x000D
HEARTS
0x001A
SPADES
Description
0x0027
EXAMPLE 2
/* C language equivalent of the structure defined in the table above */
typedef enum {
CLUBS
=
0x0000,
DIAMONDS
=
0x000D,
HEARTS
=
0x001A,
SPADES
=
0x0027
} CARD_SUIT;
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 3
October 31, 2013
�Part 2: Structures
4.5
Trusted Platform Module Library
Interface Type
An interface type is used for an enumeration that is checked by the unmarshaling code. This type is
defined for purposes of automatic generation of the code that will validate the type. The title will start with
the keyword “Definition” and end with the keyword “Type.” A value in parenthesis indicates the base type
of the interface. The table may contain an entry that is prefixed with the “#” character to indicate the
response code if the validation code determines that the input parameter is the wrong type.
EXAMPLE 1
Table xx — Definition of (CARD_SUIT) RED_SUIT Type
Values
Comments
HEARTS
DIAMONDS
#TPM_RC_SUIT
response code returned when the unmarshaling of this type fails
NOTE
TPM_RC_SUIT is an example and no such response
code is actually defined in this specification.
EXAMPLE 2
/* Validation code that might be automatically generated from table above */
if((*target != HEARTS) && (*target != DIAMONDS))
return TPM_RC_SUIT;
In some cases, the allowed values are numeric values with no associated mnemonic. In such a case, the
list of numeric values may be given a name. Then, when used in an interface definition, the name would
have a "$" prefix to indicate that a named list of values should be substituted.
To illustrate, assume that the implementation only supports two sizes (1024 and 2048 bits) for keys
associated with some algorithm (MY algorithm). In the implementation section (Annex B a named list
would be created.
EXAMPLE 3
Table xx — Defines for MY Algorithm Constants
Name
Value
Comments
MY_KEY_SIZES_BITS
{1024, 2048}
braces because this is a list value
Page 4
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Then, whenever an input value would need to be a valid MY key size for the implementation, the value
$MY_KEY_SIZES_BITS could be used. Given the definition for MY_KEY_SIZES_BITS in example 3
above, the tables in example 4 and 5 below, are equivalent.
EXAMPLE 4
Table xx — Definition of (UINT16) MY_KEY_BITS Type
Parameter
Description
{1024, 2048}
the number of bits in the supported key
EXAMPLE 5
Table xx — Definition of (UINT16) MY_KEY_BITS Type
Parameter
$MY_KEY_SIZES_BITS
4.6
Description
the number of bits in the supported key
Arrays
Arrays are denoted by a value in square brackets (“[ ]”) following a parameter name. The value in the
brackets may be either an integer value such as “[20]” or the name of a component of the same structure
that contains the array.
The table in Example 1 shows how a structure containing fixed and variable-length arrays would be
defined in this specification. Example 2 shows the C code that might be produced from that table by an
automated process.
EXAMPLE 1
Table xx — Definition of A_STRUCT Structure
Parameter
Type
Description
array1[20]
UINT16
an array of 20 UINT16s
a_size
UINT16
array2[a_size]
UINT32
an array of UINT32 values that has a
number of elements determined by a_size
above
EXAMPLE 2
/* C language equivalent of the typedefs from the table above */
typedef struct {
UINT16
array1[20];
UINT16
a_size;
UINT32
array2[];
} A_STRUCT;
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 5
October 31, 2013
�Part 2: Structures
4.7
Trusted Platform Module Library
Structure Definitions
The tables used to define structures have a title that starts with the word “Definition” and ends with
“Structure.” The first column of the table will denote the reference names for the structure members; the
second column the data type of the member; and the third column a synopsis of the use of the element.
The table in Example 1 shows an example of how a structure would be defined in this specification and
Example 2 shows the C code that might be produced from the table by an automated process. Example 3
illustrates the type of unmarshaling code that could be generated using the information available in the
table.
EXAMPLE 1
Table xx — Definition of SIMPLE_STRUCTURE Structure
Parameter
Type
Description
tag
TPM_ST
value1
INT32
value2
INT32
EXAMPLE 2
/* C language equivalent of the structure defined in the table above */
typedef struct {
TPM_ST
tag;
INT32
value1
INT32
value2;
} SIMPLE_STRUCTURE;
EXAMPLE 3
bool SIMPLE_STRUCTURE_Unmarshal(SIMPLE_STRUCTURE *target, BYTE **buffer, INT32 *size)
{
// If unmarshal of tag succeeds
if(TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size))
// then umarshal value1, and if that succeeds...
if(INT32_Unmarshal((INT32 *)&(target->value1, buffer, size))
// then return the results of unmarshaling values
return(INT32_Unmarshal((INT32 *)&(target->value2, buffer, size))
// if unmarshal of tag or value failed, return failure
return FALSE;
}
Page 6
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
4.8
Part 2: Structures
Conditional Types
An enumeration may contain an extended value indicated by “+” preceding the name in the "Value"
column. This “+” indicates that this is a conditional value that may be allowed in certain situations.
NOTE
In many cases, the input values are algorithm IDs. When two collections of algorithm IDs differ only
because one collection allows TPM_ALG_NULL and the other does not, it is preferred that the re not be
two completely different enumerations because this leads to many casts. To avoid this, the “+” can be
added to a TPM_ALG_NULL value in the table defining the type. When the use of that type allows
TPM_ALG_NULL to be in the set, the use would append a “+” to the instance.
EXAMPLE
Table xx — Definition of (CARD_SUIT) TPMI_CARD_SUIT Type
Values
Comments
SPADES
HEARTS
DIAMONDS
CLUBS
+JOKER
an optional value that may be allowed
#TPM_RC_SUIT
response code returned when the input value is not one of the
values above
When an interface type is used, a “+” will be appended to the type specification for the parameter when
the conditional value is allowed. If no “+” is present, then the conditional value is not allowed.
EXAMPLE 1
Table xx — Definition of POKER_CARD Structure
Parameter
Type
Description
suit
TPMI_CARD_SUIT+
allows joker
number
UINT8
the card value
EXAMPLE 2
Table xx — Definition of BRIDGE_CARD Structure
Parameter
Type
Description
suit
TPMI_CARD_SUIT
does not allow joker
number
UINT8
the card value
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 7
October 31, 2013
�Part 2: Structures
4.9
Trusted Platform Module Library
Unions
4.9.1
Introduction
A union allows a structure to contain a variety of structures or types. The union has members, only one of
which is present at a time. Three different tables are required to fully characterize a union so that it may
be communicated on the TPM interface and used by the TPM:
1) union definition;
2) union instance; and
3) union selector definition.
4.9.2
Union Definition
The table in Example 1 illustrates a union definition. The title of a union definition table starts with
“Definition” and ends with “Union.” The “Parameter” column of a union definition lists the different names
that are used when referring a specific type. The “Type” column identifies the data type of the member.
The “Selector” column identifies the value that is used by the marshaling and unmarshaling code to
determine which case of the union is present.
If a parameter is the keyword “null,” then this denotes a selector with no contents. The table in Example 1
illustrates a union in which a conditional null selector is allowed to indicate an empty union member.
Example 2 shows how the table would be converted into C-compatible code.
The expectation is that the unmarshaling code for the union will validate that the selector for the union is
one of values in the selector list.
EXAMPLE 1
Table xx — Definition of NUMBER_UNION Union
Parameter
Type
Selector
a_byte
BYTE
BYTE_SELECT
an_int
int
INT_SELECT
a_float
float
FLOAT_SELECT
+null
NULL_SELECT
Description
the empty branch
EXAMPLE 2
// C-compatible version of the union defined in the table above
typedef union {
BYTE
a_byte;
int
an_int;
float
a_float;
} NUMBER_UNION;
EXAMPLE 3
Page 8
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
// Possible auto-generated code to unmarshal a union in Example 2 based on the
// input value of selector
bool NUMBER_UNION_Unmarshal(NUMBER_UNION *target, BYTE **buffer,
INT32 *size, UINT32 selector)
{
switch (selector) {
case BYTE_SELECT:
return BYTE_Unmarshal((BYTE *)&(target->a_byte), buffer, size);
case INT_SELECT:
return INT_Unmarshal((int *)&(target->an_int), buffer, size);
case FLOAT_SELECT:
return FLOAT_Unmarshal((float *)&(target->a_float), buffer, size);
case NULL_SELECT:
return;
}
A table may have a type with no selector. This is used when the first part of the structure for all union
members is identical. This type is a programming convenience, allowing code to reference the common
members without requiring a case statement to determine the specific structure. In object oriented
programming terms, this type is a superclass and the types with selectors are subclasses.
4.9.3
Union Instance
When a union is used in a structure that is sent on the interface, the structure will minimally contain a
selector and a union. The selector value indicates which of the possible union members is present so that
the unmarshaling code can unmarshal the correct type. The selector may be any of the parameters that
occur in the structure before the union instance. To denote the structure parameter that is used as the
selector, its name is in brackets (“[ ]”) placed before the parameter name associated with the union.
The table in Example 1 shows the definition of a structure that contains a union and a selector. Example 2
shows how the table would be converted into C-compatible code and Example 3 shows how the
unmarshaling code would handle the selector.
EXAMPLE 1
Table xx — Definition of STRUCTURE_WITH_UNION Structure
Parameter
Type
Description
select
NUMBER_SELECT
a value indicating the type in number
[select] number
NUMBER_UNION
a union as shown in 4.9.2
EXAMPLE 2
// C-compatible version of the union structure in the table above
typedef struct {
NUMBER_SELECT
select;
NUMBER_UNION
number;
} STRUCT_WITH_UNION;
EXAMPLE 3
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 9
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
// Possible unmarshaling code for the structure above
bool STRUCT_WITH_UNION_Unmarshal(STRUCT_WITH_UNION *target, BYTE **buffer, INT32 *size)
{
// Unmarshal the selector value
if(!NUMBER_SELECT_Unmarshal((NUMBER_SELECT *)&target->select, buffer, size))
return FALSE;
// Use the unmarshaled selector value to indicate to the union unmarshal
// function which unmarshaling branch to follow.
return(NUMBER_UNION_Unmarshal((NUMBER_UNION *)&(target->number),
buffer, size, (UINT32)target->select);
}
4.9.4
Union Selector Definition
The selector definition limits the values that are used in unmarshaling a union. Two different selector sets
applied to the same union define different types.
For the union in 4.9.2, a selector definition should be limited to no more than four values, one for each of
the union members. The selector definition could have fewer than four values.
In Example 1, the table defines a value for each of the union members.
EXAMPLE 1
Table xx — Definition of (INT8) NUMBER_SELECT Values <IN>
Name
Value
BYTE_SELECT
3
INT_SELECT
2
FLOAT_SELECT
1
NULL_SELECT
Comments
0
The unmarshaling code would limit the input values to the defined values. When the NUMBER_SELECT
is used in the union instance of 4.9.3, any of the allowed union members of NUMBER_UNION could be
present.
A different selection could be used to limit the values in a specific instance. To get the different selection,
a new structure is defined with a different selector. The table in example 2 illustrates a way to subset the
union. The base type of the selection is NUMBER_SELECT so a NUMBER_SELECT will be unmarshaled
before the checks are made to see if the value is in the correct range for JUST_INTEGERS types. If the
base type had been UINT8, then no checking would occur prior to checking that the value is in the
allowed list. In this particular case, the effect is the same in either case since the only values that will be
accepted by the unmarshaling code for JUST_INTEGER are BYTE_SELECT and INT_SELECT.
EXAMPLE 2
Table xx — Definition of (NUMBER_SELECT) AN_INTEGER Type <IN>
Values
{BYTE_SELECT, INT_SELECT}
NOTE
Comments
list of allowed values
Since NULL_SELECT is not in the list of values accepted as a JUST_INTEGER, the “+” modifier will have
no effect if used for a JUST_INTEGERS type shown in Example 3.
Page 10
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
The selector in Example 2 can then be used in a subset union as shown in Example 3.
EXAMPLE 3
Table xx — Definition of JUST_INTEGERS Structure
Parameter
Type
Description
select
AN_INTEGER
a value indicating the type in number
[select] number
NUMBER_UNION
a union as shown in 4.9.2
4.10 Bit Field Definitions
A table that defines a structure containing bit fields has a title that starts with “Definition” and ends with
“Bits.” A type identifier in parentheses in the title indicates the size of the datum that contains the bit
fields.
When the bit fields do not occupy consecutive locations, a spacer field is defined with a name of
“Reserved.” Bits in these spaces are reserved and shall be zero.
The table in Example 1 shows how a structure containing bit fields would be defined in this specification.
Example 2 shows the C code that might be produced from that table by an automated process.
When a field has more than one bit, the range is indicated by a pair of numbers separated by a colon (“:”).
The numbers will be in high:low order.
EXAMPLE1
Table xx — Definition of (UINT32) SOME_ATTRIBUTE Bits
Bit
0
Name
Action
zeroth_bit
SET (1): what to do if bit is 1
CLEAR (0): what to do if bit is 0
1
first_bit
SET (1): what to do if bit is 1
CLEAR (0): what to do if bit is 0
6:2
7
Reserved
A placeholder that spans 5 bits
third_bit
SET (1): what to do if bit is 1
CLEAR (0): what to do if bit is 0
31:8
Reserved
Placeholder to fill 32 bits
EXAMPLE 2
/* C language equivalent of the attributes structure defined in the table above */
typedef struct {
int zeroth_bit : 1;
int first_bit : 1;
int Reserved3 : 5;
int third_bit : 1;
int Reserved7 : 24;
} SOME_ATTRIBUTE;
4.11 Parameter Limits
A parameter used in a structure may be given a set of values that can be checked by the unmarshaling
code. The allowed values for a parameter may be included in the definition of the parameter by
appending the values and delimiting them with braces (“{ }”). The values are comma-separated
expressions. A range of numbers may be indicated by separating two expressions with a colon (“:”). The
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 11
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
first number is an expression that represents the minimum allowed value and the second number
indicates the maximum. If the minimum or maximum value expression is omitted, then the range is openended.
Parameter limits expressed using braces apply only to inputs to the TPM. Any value returned by the
TPM is assumed to be valid.
The maximum size of an array may be indicated by putting a “{}” delimited expression following the
square brackets (“[ ]”) that indicate that the value is an array.
EXAMPLE
Table xx — Definition of B_STRUCT Structure
Parameter
Type
Description
value1 {20:25}
UINT16
a parameter that must have a value between 20
and 25
value2 {20}
UINT16
a parameter that must have a value of 20
value3 {:25}
INT16
a parameter that may be no larger than 25
Since the parameter is signed, the minimum value
is the largest negative integer that may be
expressed in 16 bits.
value4 {20:}
a parameter that must be at least 20
value5 {1,2,3,5}
UINT16
a parameter that may only have one of the four
listed values
value6 {1, 2, 10:(10+10)}
UINT32
a parameter that may have a value of 1, 2, or be
between 10 and 20
array1[value1]
BYTE
Because the index refers to value1, which is a
value limited to be between 20 and 25 inclusive,
array1 is an array that may have between 20 and
25 octets. This is not the preferred way to indicate
the upper limit for an array as it does not indicate
the upper bound of the size.
NOTE
array2[value4]{:25}
BYTE
This is a limitation of the current
parser. A different parser could
associate the range of value1 with this
value and compute the maximum size
of the array.
an array that may have between 20 and 25 octets
This arrangement is used to allow the automatic
code generation to allocate 25 octets to store the
largest array2 that can be unmarshaled. The code
generation can determine from this expression that
value4 shall have a value of 25 or less. From the
definition of value4 above, it can determine that
value4 must have a value of at least 20.
Page 12
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
4.12 Enumeration Macro
An enumeration can be a list of allowed numeric values. For example, the allowed sizes for an RSA key
might be expressed as:
4.13 Size Checking
In some structures, a size field is present to indicate the number of octets in some subsequent part of the
structure. In the B_STRUCT table in 4.11, value4 indicates how many octets to unmarshal for array2. This
semantic applies when the size field determines the number of octets to unmarshal. However, in some
cases, the subsequent structure is self-defining. If the size precedes a parameter that is not an octet
array, then the unmarshaled size of that parameter is determined by its data type. The table in Example 1
shows a structure where the size parameter would nominally indicate the number of octets in the
remainder of the structure.
EXAMPLE 1
Table xx — Definition of C_STRUCT Structure
Parameter
Type
Comments
size
UINT16
the expected size of the remainder of the structure
anInteger
UINT32
a 4-octet value
In this particular case, the value of size would be incorrect if it had any value other than 4. So that the
table parser is able to know that the purpose of the size parameter is to define the number of octets
expected in the remainder of the structure, an equal sign (“=”) is appended to the parameter name.
In the example below, the size= causes the parser to generate validation code that will check that the
unmarshaled size of someStructure and someData adds to the value unmarshaled for size. When the “=”
decoration is present, a value of zero is not allowed for the size.
EXAMPLE 2
Table xx — Definition of D_STRUCT Structure
Parameter
Type
Comments
size=
UINT16
the size of a structure
The “=” indicates that the TPM is required to
validate that the remainder of the D_STRUCT
structure is exactly the value in size. That is, the
number of bytes in the input buffer used to
successfully unmarshal someStructure must be the
same as size.
someStructure
A_STRUCT
a structure to be unmarshaled
The size of the structure is computed when it is
unmarshaled. Because an “=” is present on the
definition of size, the TPM is required to validate
that the unmarshaled size exactly matches size.
someData
Family “2.0”
Level 00 Revision 00.99
UINT32
a value
Published
Copyright © TCG 2006-2013
Page 13
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
4.14 Data Direction
A structure or union may be input (IN), output (OUT), or internal. An input structure is sent to the TPM and
is unmarshaled by the TPM. An output structure is sent from the TPM and is marshaled by the TPM. An
internal structure is not used outside of the TPM except that it may be included in a saved context.
By default, structures are assumed to be both IN and OUT and the code generation tool will generate
both marshaling and unmarshaling code for the structure. This default may be changed by using values
enclosed in angle brackets (“<>”) as part of the table title. If the angle brackets are empty, then the
structure is internal and neither marshaling nor unmarshaling code is generated. If the angle brackets
contain the letter “I” (such as in “IN” or “in” or “i”), then the structure is input and unmarshaling code will be
generated. If the angle brackets contain the letter “O” (such as in “OUT” or “out” or “o”), then the structure
is output and marshaling code will be generated.
EXAMPLE 1
Both of the following table titles would indicate a structure that is used in both input and output
Table xx — Definition of TPMS_A Structure
Table xx — Definition of TPMS_A Structure <IN/OUT>
EXAMPLE 2
The following table title would indicate a structure that is used only for input
Table xx — Definition of TPMS_A Structure <IN>
EXAMPLE 3
The following table title would indicate a structure that is used only for output
Table xx — Definition of TPMS_A Structure <OUT>
4.15 Structure Validations
By default, when a structure is used for input to the TPM, the code generation tool will generate the
unmarshaling code for that structure. Auto-generation may be suppressed by adding an “S” within the
angle brackets.
EXAMPLE
The following table titles indicate a structure for which the auto -generation of the validation code is to be
suppressed.
Table xx — Definition of TPMT_A Structure <S>
Table xx — Definition of TPMT_A Structure <IN, S>
Table xx — Definition of TPMT_A Structure <IN/OUT, S>
4.16 Name Prefix Convention
Parameters are constants, variables, structures, unions, and structure members. Structure members are
given a name that is indicative of its use, with no special prefix. The other parameter types are named
according to their type with their name starting with “TPMx_”, where “x” is an optional character to indicate
the data type.
In some cases, additional qualifying characters will follow the underscore. These are generally used when
dealing with an enumerated data type.
TPMA_ This is an attribute structure, where bits are associated with particular attributes
Page 14
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 1 — Name Prefix Convention
Prefix
Description
_TPM_
an indication/signal from the TPM’s system interface
TPM_
a constant or an enumerated type
TPM2_
a command defined by this specification
TPM2B_
a structure that is a sized buffer where the size of the buffer is contained in a 16-bit, unsigned
value
The first parameter is the size in octets of the second parameter. The second parameter may be
any type.
TPMA_
a structure where each of the fields defines an attribute and each field is usually a single bit
All the attributes in an attribute structure are packed with the overall size of the structure
indicated in the heading of the attribute description (UINT8, UINT16, or UINT32).
TPM_ALG_
an enumerated type that indicates an algorithm
A TPM_ALG_ is often used as a selector for a union.
TPMI_
an interface type
The value is specified for purposes of dynamic type checking when unmarshaled.
TPML_
a list length followed by the indicated number of entries of the indicated type
This is an array with a length field.
TPMS_
a structure that is not a size buffer or a tagged buffer or a list
TPMT_
a structure with the first parameter being a structure tag, indicating the type of the structure that
follows
A structure tag may be either a TPMT_ST_ or TPM_ALG_ depending on context.
TPMU_
a union of structures, lists, or unions
If a union exists, there will normally be a companion TPMT_ that is the expression of the union
in a tagged structure, where the tag is the selector indicating which member of the union is
present.
TPM_xx_
an enumeration value of a particular type
The value of “xx” will be indicative of the use of the enumerated type. A table of “TPM_xx”
constant definitions will exist to define each of the TPM_xx_ values.
EXAMPLE 1
TPM_CC_ indicates that the type is used for a commandCode. The allowed enumeration
values will be found in the table defining the TPM_CC constants (Table 11).
EXAMPLE 2
TPM_RC_ indicates that the type is used for a responseCode. The allowed enumeration
values are in Table 15.
4.17 Data Alignment
The data structures in this Part 2 use octet alignment for all structures. When used in a table to indicate a
maximum size, the sizeof() function returns the octet-aligned size of the structure, with no padding.
4.18
Parameter Unmarshaling Errors
The TPM commands are defined in Part 3. The command definition included C code that details the
actions performed by that command. The code is written assuming that the parameters of the command
have been unmarshaled.
NOTE 1
An implementation is not required to process parameters in this manner or to separate the parameter
parsing from the command actions. This method was chosen for the specification so that the normative
behavior described by the detailed actions would be clear and unencumbered.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 15
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Unmarshaling is the process of processing the parameters in the input buffer and preparing the
parameters for use by the command-specific action code. No data movement need take place but it is
required that the TPM validate that the parameters meet the requirements of the expected data type as
defined in this Part 2.
When an error is encountered while unmarshaling a command parameter, an error response code is
returned and no command processing occurs. A table defining a data type may have response codes
embedded in the table to indicate the error returned when the input value does not match the parameters
of the table.
EXAMPLE 1
Table 11 has a listing of TPM command code values. The last row in the table contains
"#TPM_RC_COMMAND_CODE" indicating the response code that is returned if the TPM is unmarshaling
a value that it expects to be a TPM_CC and the input value is not in the table.
NOTE 2
In the reference implementation, a parameter number is added to the response code so that the offending
parameter can be isolated.
In many cases, the table contains no specific response code value and the return code will be determined
as defined in Table 2.
Table 2 — Unmarshaling Errors
Response code
Usage
TPM_RC_INSUFFICIENT
the input buffer did not contain enough octets to allow unmarshaling of the
expected data type;
TPM_RC_RESERVED
a non-zero value was found in a reserved field of an attribute structure (TPMA_)
TPM_RC_SIZE
the value of a size parameter is larger or smaller than allowed
TPM_RC_VALUE
A parameter does not have one of its allowed values
TPM_RC_TAG
A parameter that should be a structure tag has a value that is not supported by
the TPM
In some commands, a parameter may not be used because of various options of that command.
However, the unmarshaling code is required to validate that all parameters have values that are allowed
by the Part 2 definition of the parameter type even if that parameter is not used in the command actions.
Page 16
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
5
Part 2: Structures
Base Types
5.1
Primitive Types
The types listed in Table 3 are the primitive types on which all of the other types and structures are
based. The values in the “Type” column should be edited for the compiler and computer on which the
TPM is implemented. The values in the “Name” column should remain the same because these values
are used in the remainder of the specification.
NOTE
The types are compatible with the C99 standard and should be defined in stdint.h that is provided with a
C99-compliant compiler;
The parameters in the Name column should remain in the order shown.
Table 3 — Definition of Base Types
Type
Name
Description
uint8_t
UINT8
unsigned, 8-bit integer
uint8_t
BYTE
unsigned 8-bit integer
int8_t
INT8
signed, 8-bit integer
int
BOOL
a bit in an int
This is not used across the interface but is used in many places in the code. If
the type were sent on the interface, it would have to have a type with a specific
number of bytes.
uint16_t
UINT16
unsigned, 16-bit integer
int16_t
INT16
signed, 16-bit integer
uint32_t
UINT32
unsigned, 32-bit integer
int32_t
INT32
signed, 32-bit integer
uint64_t
UINT64
unsigned, 64-bit integer
int64_t
INT64
signed, 64-bit integer
5.2
Miscellaneous Types
These types are defined either for compatibility with previous versions of this specification or for clarity of
this specification.
Table 4 — Definition of Types for Documentation Clarity
Type
Name
Description
UINT32
TPM_ALGORITHM_ID
this is the 1.2 compatible form of the TPM_ALG_ID
UINT32
TPM_MODIFIER_INDICATOR
UINT32
TPM_AUTHORIZATION_SIZE
the authorizationSize parameter in a command
UINT32
TPM_PARAMETER_SIZE
the parameterSizeset parameter in a command
UINT16
TPM_KEY_SIZE
a key size in octets
UINT16
TPM_KEY_BITS
a key size in bits
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 17
October 31, 2013
�Part 2: Structures
6
Trusted Platform Module Library
Constants
6.1
TPM_SPEC (Specification Version Values)
These values are readable with TPM2_GetCapability().
NOTE
This table will require editing when the specification is updated.
Table 5 — Definition of (UINT32) TPM_SPEC Constants <>
Name
Value
Comments
ASCII “2.0” with null terminator
TPM_SPEC_FAMILY
0x322E3000
TPM_SPEC_LEVEL
00
the level number for the specification
TPM_SPEC_VERSION
99
the version number of the spec (00.99 * 100)
TPM_SPEC_YEAR
2013
the year of the version
TPM_SPEC_DAY_OF_YEAR
304
the day of the year (October 31, 2013)
6.2
TPM_GENERATED
This constant value differentiates TPM-generated structures from non-TPM structures.
Table 6 — Definition of (UINT32) TPM_GENERATED Constants <O>
Name
Value
Comments
TPM_GENERATED_VALUE
0xff544347
0xFF ‘TCG’ (FF 54 43 4716)
Page 18
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
6.3
Part 2: Structures
TPM_ALG_ID
The TCG maintains a registry of all algorithms that have an assigned algorithm ID. That registry is the
definitive list of algorithms that may be supported by a TPM.
NOTE
Inclusion of an algorithm does NOT indicate that the necessary claims of the algorithm are av ailable
under RAND terms from a TCG member.
Table 7 is a copy of the TPM_ALG_ID constants table in the TCG registry as of the date of publication of
this specification. Table 7 is provided for illustrative purposes only.
{{Note for TCG Admin: Table 7 and the text in the paragraph above should be updated to reflect the final
decisions by the TCG Board of Directors about inclusion of the table and the contents of the table. The
desired approach is to leave the text as is and, immediately before publication of this specification for
TCG admin to verify that Table 7 is the same as the algorithm registry table published by the TCG.}}
An algorithm ID is often used like a tag to determine the type of a structure in a context-sensitive way.
The values for TPM_ALG_ID shall be in the range of 00 0016 – 7F FF16. Other structure tags will be in the
range 80 0016 – FF FF16.
NOTE
In TPM 1.2, these were defined as 32-bit constants. This specification limits the future size of the
algorithm ID to 16 bits. The TPM_ALGORITHM_ID data type will continue to be a 32-bit number.
An algorithm shall not be assigned a value in the range 00 C116 – 00 C616 in order to prevent any overlap
with the command structure tags used in TPM 1.2.
The implementation of some algorithms is dependent on the presence of other algorithms. When there is
a dependency, the algorithm that is required is listed in column labeled "D" (dependent) in Table 7.
EXAMPLE
Implementation of TPM_ALG_RSASSA requires that the RSA algorithm be implemented.
TPM_ALG_KEYEDHASH and TPM_ALG_NULL are required of all TPM implementations.
Table 7 — Definition of (UINT16) TPM_ALG_ID Constants <IN/OUT, S>
Algorithm Name
Value
Type
a
D
Comments
TPM_ALG_ERROR
0x0000
should not occur
TPM_ALG_FIRST
0x0001
TPM_ALG_RSA
0x0001
AO
the RSA algorithm
TPM_ALG_SHA
0x0004
H
the SHA1 algorithm
TPM_ALG_SHA1
0x0004
H
redefinition for documentation consistency
OID 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 16
TPM_ALG_HMAC
0x0005
HX
the RFC 2104 Hash Message Authentication Code
(HMAC) algorithm
TPM_ALG_AES
0x0006
S
the AES algorithm with a key size of 128 bits for TPM
1.2
the AES algorithm with multiple sizes of key for TPM
2.0
TPM_ALG_MGF1
0x0007
HM
the mask-generation function defined in IEEE Std
1363-2000
TPM_ALG_KEYEDHASH
0x0008
HEXO
an encryption or signing algorithm using a keyed hash,
defined by TCG in the TPM 2.0 specification
may also refer to a data object that is neither signing
nor encrypting
TPM_ALG_XOR
0x000A
HS
marker value
the XOR obfuscation algorithm
NOTE
Family “2.0”
Level 00 Revision 00.99
The implementation of XOR obfuscation in TPM
2.0 is not the same as the XOR encryption
method in TPM 1.2.
Published
Copyright © TCG 2006-2013
Page 19
October 31, 2013
�Part 2: Structures
Algorithm Name
Trusted Platform Module Library
a
Value
Type
TPM_ALG_SHA256
0x000B
H
D
Comments
the SHA 256 algorithm
OID 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05
00 04 2016
TPM_ALG_SHA384
0x000C
H
the SHA 384 algorithm
OID 30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05
00 04 3016
TPM_ALG_SHA512
0x000D
H
the SHA 512 algorithm
OID 30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05
00 04 4016
TPM_ALG_NULL
0x0010
TPM_ALG_SM3_256
0x0012
H
hash algorithm standardized by OSCCA
Block size is 512 bits.
Output size is 256 bits.
TPM_ALG_SM4
0x0013
S
symmetric algorithm standardized by OSCCA
Key and block size are 128 bits.
TPM_ALG_RSASSA
0x0014
AX
RSA a signature algorithm according to PKCS#1v2.1, 8.2
TPM_ALG_RSAES
0x0015
AE
RSA a padding algorithm according to PKCS#1v2.1, 7.2
TPM_ALG_RSAPSS
0x0016
AX
RSA signature algorithm (RSSASSA-PSS) according to
PKCS#1v2.1, 8.1
TPM_ALG_OAEP
0x0017
AE
RSA padding algorithm
PKCS#1v2.1, 7.1
TPM_ALG_ECDSA
0x0018
AX
ECC signature algorithm using elliptic curve cryptography
(ECC)
TPM_ALG_ECDH
0x0019
AM
ECC secret sharing using ECC from SP800-56A
Based on context, this can be either One-Pass DiffieHellman, C(1, 1, ECC CDH) defined in 6.2.2.2 or Full
Unified Model C(2, 2, ECC CDH) defined in 6.1.1.2
TPM_ALG_ECDAA
0x001A
AX
ECC elliptic-curve based, anonymous signing scheme
TPM_ALG_SM2
0x001B
AXE
Null algorithm
(RSAES_OAEP)
according
to
ECC depending on context, either an elliptic-curve based,
signature algorithm or a key exchange protocol
NOTE
This would be one of the algorithms specified in
CM/T 0002 – 2012.
TPM_ALG_ECSCHNORR
0x001C
AX
ECC elliptic-curve-based Schnorr signature
TPM_ALG_ECMQV
0x001D
AE
ECC two-phase elliptic-curve key exchange -- C(2, 2, ECC
MQV) from SP800-56A
TPM_ALG_KDF1_SP800_56a
0x0020
HM
ECC key derivation alternative #1 from SP800-56A
TPM_ALG_KDF2
0x0021
HM
key derivation function from IEEE Std 1363a-2004
TPM_ALG_KDF1_SP800_108
0x0022
HM
a key derivation method according to SP 800-108, "5.1
KDF in Counter Mode”
TPM_ALG_ECC
0x0023
AO
prime field ECC
TPM_ALG_SYMCIPHER
0x0025
O
TPM_ALG_CTR
0x0040
SE
Counter mode – if implemented, all symmetric block
ciphers (S type) implemented shall be capable of using
this mode.
TPM_ALG_OFB
0x0041
SE
Output Feedback mode – if implemented, all
symmetric block ciphers (S type) implemented shall be
capable of using this mode.
TPM_ALG_CBC
0x0042
SE
Cipher Block Chaining mode – if implemented, all
symmetric block ciphers (S type) implemented shall be
capable of using this mode.
Page 20
October 31, 2013
the object type for a symmetric block cipher
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
a
Algorithm Name
Value
Type
TPM_ALG_CFB
0x0043
SE
D
Comments
Cipher Feedback mode – if implemented, all
symmetric block ciphers (S type) implemented shall be
capable of using this mode.
TPM_ALG_ECB
0x0044
SE
Electronic Codebook mode – if implemented, all
symmetric block ciphers (S type) implemented shall be
capable of using this mode.
NOTE
This mode is not recommended for uses unless
the key is frequently rotated such as in video
codecs.
TPM_ALG_LAST
0x0044
marker value
reserved
0x00C1
0x00C1 – 0x00C6 are reserved
reserved
0x00C2
reserved
0x00C3
reserved
0x00C4
reserved
0x00C5
reserved
0x00C6
NOTE a Column Indicates the algorithm type and use of the algorithm inside of the TPM. The values are:
A – asymmetric algorithm with a public and private key
S – symmetric algorithm with only a private key
H – hash algorithm that compresses input data to a digest value
X – signing algorithm
E – an encryption algorithm
M – a method such as a mask generation function
O – an object type
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 21
October 31, 2013
�Part 2: Structures
6.4
Trusted Platform Module Library
TPM_ECC_CURVE
The TCG maintains a registry of all curves that have an assigned curve identifier. That registry is the
definitive list of curves that may be supported by a TPM.
Table 8 is a copy of the TPM_ECC_CURVE constants table in the TCG registry as of the date of
publication of this specification. Table 8 is provided for illustrative purposes only.
{{Note for TCG Admin: Table 8 and the text in the paragraph above should be updated to reflect the final
decisions by the TCG Board of Directors about inclusion of the table and the contents of the table. The
desired approach is to leave the text as is and, immediately before publication of this specification for
TCG admin to verify that Table 8 is the same as the curve registry table published by the TCG.}}
Table 8 — Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants <IN/OUT, S>
Name
Value
Comments
TPM_ECC_NONE
0x0000
TPM_ECC_NIST_P192
0x0001
TPM_ECC_NIST_P224
0x0002
TPM_ECC_NIST_P256
0x0003
TPM_ECC_NIST_P384
0x0004
TPM_ECC_NIST_P521
0x0005
TPM_ECC_BN_P256
0x0010
curve to support ECDAA
TPM_ECC_BN_P638
0x0011
curve to support ECDAA
TPM_ECC_SM2_P256
0x0020
#TPM_RC_CURVE
6.5
6.5.1
TPM_CC (Command Codes)
Format
A command is a 32-bit structure with fields assigned as shown in Figure 1.
3 3 2 2
1 0 9 8
Res V
1 1
6 5
Reserved
0
0
Command Index
Figure 1 — Command Format
Table 9 — TPM Command Format Fields Description
Bit
15:0
Name
Definition
Command Index
the index of the command
28:16 Reserved
29
V
31:30 Res
Page 22
October 31, 2013
shall be zero
SET(1): the command is vendor specific
CLEAR(0): the command is not vendor specific
shall be zero
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
6.5.2
Part 2: Structures
Description
Table 10 provides the legend for the interpretation of the column data in Table 11.
Table 10 — Legend for Command Code Tables
Column
Allowed
Values
Comments
Name
Command
Code Name
Name of the command
Command Code
Numeric value
the numeric value for the commandCode
NV Write
blank, Y, O
indicates whether the command may cause an NV write operation
If this column contains a “Y,” then successful completion of the
command is expected to cause modification of the NV memory
because of the command actions.
If the column contains an “O,” then the command may cause a
modification to NV associated with an orderly shutdown. That is, the
command may modify the orderly save state of NV, in which case, an
NV write will be necessary.
NOTE 1
Any command may be delayed in order for the TPM to complete
NV actions due to a previous command or because of an
asynchronous update of Clock.
NOTE 2
Any command with an authorization value may cause an NV write
on an authorization failure but the command does not complete
successfully.
If the entry is blank, then writing to NV is not allowed in the command
actions.
Physical Presence
blank, Y
indicates whether the platformAuth for this command may require
confirmation through a physical presence indication
Encrypted
blank, 2, 4
A numeric value that indicates the number of octets in the size field of
the first parameter of a command
Blank indicates that no size field is present and no parameter
encryption is allowed.
Encrypt
blank, 2, 4
A numeric value that indicates the number of octets in the size field of
the first parameter of a response
Blank indicates that no size field is present and no parameter
encryption is allowed.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 23
October 31, 2013
�Part 2: Structures
6.5.3
Trusted Platform Module Library
TPM_CC Listing
Table 11 lists the command codes and their attributes. The only normative column in this table is the
column indicating the command code assigned to a specific command (the "Command Code" column).
For all other columns, the command and response tables in Part 3 are definitive.
Encrypt
Encrypted
Physical Presence
NV Write
Table 11 — Definition of (UINT32) TPM_CC Constants (Numeric Order) <IN/OUT, S>
Name
Command
Code
TPM_CC_FIRST
0x0000011F
Compile variable. May decrease
based on implementation.
TPM_CC_PP_FIRST
0x0000011F
Compile variable. Would decrease
if new PP commands are added
TPM_CC_NV_UndefineSpaceSpecial
0x0000011F
Y
Y
TPM_CC_EvictControl
0x00000120
Y
Y
TPM_CC_HierarchyControl
0x00000121
Y
Y
TPM_CC_NV_UndefineSpace
0x00000122
Y
Y
TPM_CC_ChangeEPS
0x00000124
Y
Y
TPM_CC_ChangePPS
0x00000125
Y
Y
TPM_CC_Clear
0x00000126
Y
Y
TPM_CC_ClearControl
0x00000127
Y
Y
TPM_CC_ClockSet
0x00000128
Y
Y
TPM_CC_HierarchyChangeAuth
0x00000129
Y
Y
2
TPM_CC_NV_DefineSpace
0x0000012A
Y
Y
2
TPM_CC_PCR_Allocate
0x0000012B
Y
Y
TPM_CC_PCR_SetAuthPolicy
0x0000012C
Y
Y
TPM_CC_PP_Commands
0x0000012D
Y
Y
TPM_CC_SetPrimaryPolicy
0x0000012E
Y
Y
2
TPM_CC_FieldUpgradeStart
0x0000012F
O
Y
2
TPM_CC_ClockRateAdjust
0x00000130
O
Y
TPM_CC_CreatePrimary
0x00000131
TPM_CC_NV_GlobalWriteLock
0x00000132
TPM_CC_PP_LAST
0x00000132
TPM_CC_GetCommandAuditDigest
0x00000133
Y
TPM_CC_NV_Increment
0x00000134
Y
Page 24
October 31, 2013
Y
O
Comments
2
2
2
Y
Compile variable
2
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Command
Code
TPM_CC_NV_SetBits
0x00000135
Y
TPM_CC_NV_Extend
0x00000136
Y
TPM_CC_NV_Write
0x00000137
Y
TPM_CC_NV_WriteLock
0x00000138
Y
TPM_CC_DictionaryAttackLockReset
0x00000139
O
TPM_CC_DictionaryAttackParameters
0x0000013A
Y
TPM_CC_NV_ChangeAuth
0x0000013B
Y
2
TPM_CC_PCR_Event
0x0000013C
O
2
TPM_CC_PCR_Reset
0x0000013D
O
TPM_CC_SequenceComplete
0x0000013E
O
TPM_CC_SetAlgorithmSet
0x0000013F
Y
TPM_CC_SetCommandCodeAuditStatus
0x00000140
Y
TPM_CC_FieldUpgradeData
0x00000141
O
TPM_CC_IncrementalSelfTest
0x00000142
O
TPM_CC_SelfTest
0x00000143
O
TPM_CC_Startup
0x00000144
Y
TPM_CC_Shutdown
0x00000145
Y
TPM_CC_StirRandom
0x00000146
Y
TPM_CC_ActivateCredential
0x00000147
TPM_CC_Certify
0x00000148
TPM_CC_PolicyNV
0x00000149
TPM_CC_CertifyCreation
0x0000014A
TPM_CC_Duplicate
0x0000014B
TPM_CC_GetTime
0x0000014C
O
2
TPM_CC_GetSessionAuditDigest
0x0000014D
O
2
TPM_CC_NV_Read
0x0000014E
TPM_CC_NV_ReadLock
0x0000014F
TPM_CC_ObjectChangeAuth
0x00000150
2
TPM_CC_PolicySecret
0x00000151
2
TPM_CC_Rewrap
0x00000152
2
Family “2.0”
Level 00 Revision 00.99
Encrypt
Name
NV Write
Encrypted
Part 2: Structures
Physical Presence
Trusted Platform Module Library
2
PCR
PCR
2
2
2
2
2
O
2
2
2
2
O
Comments
Policy
2
2
2
2
2
O
Published
Copyright © TCG 2006-2013
2
Policy
2
Page 25
October 31, 2013
�Trusted Platform Module Library
Command
Code
Encrypt
TPM_CC_Create
0x00000153
2
2
TPM_CC_ECDH_ZGen
0x00000154
2
2
TPM_CC_HMAC
0x00000155
2
2
TPM_CC_Import
0x00000156
2
2
TPM_CC_Load
0x00000157
2
2
TPM_CC_Quote
0x00000158
2
2
TPM_CC_RSA_Decrypt
0x00000159
TPM_CC_HMAC_Start
0x0000015B
2
TPM_CC_SequenceUpdate
0x0000015C
2
TPM_CC_Sign
0x0000015D
2
TPM_CC_Unseal
0x0000015E
TPM_CC_PolicySigned
0x00000160
TPM_CC_ContextLoad
0x00000161
O
Context
TPM_CC_ContextSave
0x00000162
O
Context
TPM_CC_ECDH_KeyGen
0x00000163
2
TPM_CC_EncryptDecrypt
0x00000164
2
TPM_CC_FlushContext
0x00000165
TPM_CC_LoadExternal
0x00000167
2
2
TPM_CC_MakeCredential
0x00000168
2
2
TPM_CC_NV_ReadPublic
0x00000169
TPM_CC_PolicyAuthorize
0x0000016A
TPM_CC_PolicyAuthValue
0x0000016B
Policy
TPM_CC_PolicyCommandCode
0x0000016C
Policy
TPM_CC_PolicyCounterTimer
0x0000016D
2
Policy
TPM_CC_PolicyCpHash
0x0000016E
2
Policy
TPM_CC_PolicyLocality
0x0000016F
TPM_CC_PolicyNameHash
0x00000170
TPM_CC_PolicyOR
0x00000171
TPM_CC_PolicyTicket
0x00000172
TPM_CC_ReadPublic
0x00000173
Page 26
October 31, 2013
NV Write
Name
Encrypted
Physical Presence
Part 2: Structures
O
Comments
2
2
2
2
Policy
O
Context
NV
2
Policy
Policy
2
Policy
Policy
2
Published
Copyright © TCG 2006-2013
Policy
2
Family “2.0”
Level 00 Revision 00.99
�Encrypt
2
NV Write
Encrypted
Part 2: Structures
Physical Presence
Trusted Platform Module Library
2
2
2
Name
Command
Code
TPM_CC_RSA_Encrypt
0x00000174
TPM_CC_StartAuthSession
0x00000176
TPM_CC_VerifySignature
0x00000177
TPM_CC_ECC_Parameters
0x00000178
TPM_CC_FirmwareRead
0x00000179
TPM_CC_GetCapability
0x0000017A
TPM_CC_GetRandom
0x0000017B
TPM_CC_GetTestResult
0x0000017C
TPM_CC_Hash
0x0000017D
TPM_CC_PCR_Read
0x0000017E
PCR
TPM_CC_PolicyPCR
0x0000017F
Policy
TPM_CC_PolicyRestart
0x00000180
TPM_CC_ReadClock
0x00000181
TPM_CC_PCR_Extend
0x00000182
O
2
TPM_CC_PCR_SetAuthValue
0x00000183
N
2
TPM_CC_NV_Certify
0x00000184
O
TPM_CC_EventSequenceComplete
0x00000185
O
TPM_CC_HashSequenceStart
0x00000186
TPM_CC_PolicyPhysicalPresence
0x00000187
Policy
TPM_CC_PolicyDuplicationSelect
0x00000188
Policy
TPM_CC_PolicyGetDigest
0x00000189
Policy
TPM_CC_TestParms
0x0000018A
TPM_CC_Commit
0x0000018B
TPM_CC_PolicyPassword
0x0000018C
TPM_CC_ZGen_2Phase
0x0000018D
TPM_CC_EC_Ephemeral
0x0000018E
TPM_CC_PolicyNvWritten
0x0000018F
Policy
TPM_CC_LAST
0x0000018F
Compile variable. May increase
based on implementation.
O
Comments
2
2
2
O
2
2
2
Policy
2
2
NOTE
#TPM_RC_COMMAND_CODE
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
This is not a FMT1 code
and a parameter indicator
value may not be added to
Page 27
October 31, 2013
�Encrypt
Encrypted
Command
Code
Name
Physical Presence
Trusted Platform Module Library
NV Write
Part 2: Structures
Comments
this value.
6.6
TPM_RC (Response Codes)
6.6.1
Description
Each return from the TPM has a 32-bit response code. The TPM will always set the upper 20 bits (31:12)
of the response code to 0 00 0016 and the low-order 12 bits (11:00) will contain the response code.
When a command succeeds, the TPM shall return TPM_RC_SUCCESS (0 0016) and will update any
authorization-session nonce associated with the command.
When a command fails to complete for any reason, the TPM shall return
a TPM_ST (UINT16) with a value of TPM_TAG_RSP_COMMAND or TPM_ST_NO_SESSIONS,
followed by
a UINT32 (responseSize) with a value of 10, followed by
a UINT32 containing a response code with a value other than TPM_RC_SUCCESS.
Commands defined in this specification will use a tag of either TPM_ST_NO_SESSIONS or
TPM_ST_SESSIONS. Error responses will use a tag value of TPM_ST_NO_SESSIONS and the
response code will be as defined in this specification. Commands that use tags defined in the TPM 1.2
specification will use TPM_TAG_RSP_COMMAND in an error and a response code defined in TPM 1.2.
If the tag of the command is not a recognized command tag, the TPM error response will differ depending
on TPM 1.2 compatibility. If the TPM supports 1.2 compatibility, the TPM shall return a tag of
TPM_TAG_RSP_COMMAND and an appropriate TPM 1.2 response code (TPM_BADTAG =
00 00 00 1E16). If the TPM does not have compatibility with TPM 1.2, the TPM shall return
TPM_ST_NO_SESSION and a response code of TPM_RC_TAG.
When a command fails, the TPM shall not update the authorization-session nonces associated with the
command and will not close the authorization sessions used by the command. Audit digests will not be
updated on an error. Unless noted in the command actions, a command that returns an error shall leave
the state of the TPM as if the command had not been attempted. The exception to this principle is that a
failure due to an authorization failure may update the dictionary-attack protection values.
Page 28
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
6.6.2
Part 2: Structures
Response Code Formats
The response codes for this specification are defined such that there is no overlap between the response
codes used for this specification and those assigned in previous TPM specifications.
The formats defined in this clause only apply when the tag for the response is TPM_ST_NO_SESSIONS.
The response codes use two different format groups. One group contains the TPM 1.2 compatible
response codes and the response codes for this specification that are not related to command
parameters. The second group contains the errors that may be associated with a command parameter,
handle, or session.
Figure 2 shows the format for the response codes when bit 7 is zero.
1
1
1
0
0
9
0
8
0
7
S
bit
T
r
V
0
6
0
5
F
0
4
0
3
0
2
0
1
0
0
E
Figure 2 — Format-Zero Response Codes
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 29
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
The field definitions are:
Table 12 — Format-Zero Response Codes
Bit
Name
Definition
06:00
E
the error number
The interpretation of this field is dependent on the setting of the G and S fields.
07
F
format selector
CLEAR when the format is as defined in this Table 12 or when the response code is
TPM_RC_BAD_TAG.
08
V
version
SET (1): The error number is defined in this specification and is returned when the response tag
is TPM_ST_NO_SESSIONS.
CLEAR (0): The error number is defined by a previous TPM specification. The error number is
returned when the response tag is TPM_TAG_RSP_COMMAND.
NOTE
09
In any error number returned by a TPM, the F (bit 7) and V (bit 8) attributes shall be CLEAR
when the response tag is TPM_TAG_RSP_COMMAND value used in TPM 1.2.
Reserved shall be zero.
10
T
TCG/Vendor indicator
SET (1): The response code is defined by the TPM vendor.
CLEAR (0): The response code is defined by the TCG (a value in this specification).
NOTE
11
S
This attribute does not indicate a vendor-specific code unless the F attribute (bit[07]) is CLEAR.
severity
SET (1): The response code is a warning and the command was not necessarily in error. This
command indicates that the TPM is busy or that the resources of the TPM have to be adjusted in
order to allow the command to execute.
CLEAR (0): The response code indicates that the command had an error that would prevent it
from running.
When the format bit (bit 7) is SET, then the error occurred during the unmarshaling or validation of an
input parameter to the TPM. Figure 3 shows the format for the response codes when bit 7 is one.
bit
1
1
1
0
0
9
N
0
8
0
7
0
6
1
0
5
P
0
4
0
3
0
2
0
1
0
0
E
Figure 3 — Format-One Response Codes
There are 64 errors with this format. The errors can be associated with a parameter, handle, or session.
The error number for this format is in bits[05:00]. When an error is associated with a parameter, 0 40 16 is
added and N is set to the parameter number.
For an error associated with a handle, a parameter number (1 to 7) is added to the N field. For an error
associated with a session, a value of 8 plus the session number (1 to 7) is added to the N field. In other
words, if P is clear, then a value of 0 to 7 in the N field will indicate a handle error, and a value of 8 – 15
will indicate a session error.
NOTE
If an implementation is not able to designate the handle, session, or parameter in error, then P and N will
be zero.
Page 30
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
The field definitions are:
Table 13 — Format-One Response Codes
Bit
Name Definition
05:00
E
the error number
The error number is independent of the other settings.
06
P
SET (1): The error is associated with a parameter.
CLEAR (0): The error is associated with a handle or a session.
07
F
the response code format selector
This field shall be SET for the format in this table.
11:08
N
the number of the handle, session, or parameter in error
If P is SET, then this field is the parameter in error. If P is CLEAR, then this field indicates the
handle or session in error. Handles use values of N between 0000 2 and 01112. Sessions use
values between 10002 and 11112.
The groupings of response codes are determined by bits 08, 07, and 06 of the response code as
summarized in Table 14.
Table 14 — Response Code Groupings
Bit
0
8
0
7
0
6
Definition
0
0
x
a response code defined by TPM 1.2
NOTE
An “x” in a column indicates that this may be either 0 or 1 and not affect the grouping of the response
code.
1
0
x
a response code defined by this specification with no handle, session, or parameter number modifier
x
1
0
a response code defined by this specification with either a handle or session number modifier
x
1
1
a response code defined by this specification with a parameter number modifier
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 31
October 31, 2013
�Part 2: Structures
6.6.3
Trusted Platform Module Library
TPM_RC Values
In general, response codes defined in Part 2 will be unmarshaling errors and will have the F (format) bit
SET. Codes that are unique to Part 3 will have the F bit CLEAR but the V (version) attribute will be SET to
indicate that it is a TPM 2.0 response code.
NOTE
The constant RC_VER1 is used to indicate that the V attribute is SET and the constant RC_ FMT1 is used
to indicate that the F attribute is SET and that the return code is variable based on handle, session, and
parameter modifiers.
Table 15 — Definition of (UINT32) TPM_RC Constants (Actions) <OUT>
Name
Value
Description
TPM_RC_SUCCESS
0x000
TPM_RC_BAD_TAG
0x01E
defined for compatibility with TPM 1.2
RC_VER1
0x100
set for all format 0 response codes
TPM_RC_INITIALIZE
RC_VER1 + 0x000
TPM not initialized
commands not being accepted because of a TPM
failure
TPM_RC_FAILURE
RC_VER1 + 0x001
NOTE
TPM_RC_SEQUENCE
RC_VER1 + 0x003
improper use of a sequence handle
TPM_RC_PRIVATE
RC_VER1 + 0x00B
TPM_RC_HMAC
RC_VER1 + 0x019
TPM_RC_DISABLED
RC_VER1 + 0x020
TPM_RC_EXCLUSIVE
RC_VER1 + 0x021
command failed because audit sequence required
exclusivity
TPM_RC_AUTH_TYPE
RC_VER1 + 0x024
authorization handle is not correct for command
TPM_RC_AUTH_MISSING
RC_VER1 + 0x025
command requires an authorization session for
handle and it is not present.
TPM_RC_POLICY
RC_VER1 + 0x026
policy Failure In Math Operation or an invalid
authPolicy value
TPM_RC_PCR
RC_VER1 + 0x027
PCR check fail
TPM_RC_PCR_CHANGED
RC_VER1 + 0x028
PCR have changed since checked.
TPM_RC_UPGRADE
RC_VER1 + 0x02D
for
all
commands
other
than
TPM2_FieldUpgradeData(), this code indicates
that the TPM is in field upgrade mode; for
TPM2_FieldUpgradeData(), this code indicates
that the TPM is not in field upgrade mode
TPM_RC_TOO_MANY_CONTEXTS
RC_VER1 + 0x02E
context ID counter is at maximum.
TPM_RC_AUTH_UNAVAILABLE
RC_VER1 + 0x02F
authValue or authPolicy is not available for
selected entity.
TPM_RC_REBOOT
RC_VER1 + 0x030
a _TPM_Init and Startup(CLEAR) is required
before the TPM can resume operation.
RC_VER1 + 0x031
the protection algorithms (hash and symmetric) are
not reasonably balanced. The digest size of the
hash must be larger than the key size of the
symmetric algorithm.
TPM_RC_UNBALANCED
Page 32
October 31, 2013
This
may
be
returned
by
TPM2_GetTestResult() as the testResult
parameter.
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Name
Part 2: Structures
Value
Description
TPM_RC_COMMAND_SIZE
RC_VER1 + 0x042
command commandSize value is inconsistent with
contents of the command buffer; either the size is
not the same as the octets loaded by the hardware
interface layer or the value is not large enough to
hold a command header
TPM_RC_COMMAND_CODE
RC_VER1 + 0x043
command code not supported
TPM_RC_AUTHSIZE
RC_VER1 + 0x044
the value of authorizationSize is out of range or the
number of octets in the Authorization Area is
greater than required
TPM_RC_AUTH_CONTEXT
RC_VER1 + 0x045
use of an authorization session with a context
command
TPM_RC_NV_RANGE
RC_VER1 + 0x046
NV offset+size is out of range.
TPM_RC_NV_SIZE
RC_VER1 + 0x047
Requested allocation size is larger than allowed.
TPM_RC_NV_LOCKED
RC_VER1 + 0x048
NV access locked.
TPM_RC_NV_AUTHORIZATION
RC_VER1 + 0x049
NV access authorization fails in command actions
(this failure does not affect lockout.action)
TPM_RC_NV_UNINITIALIZED
RC_VER1 + 0x04A
an NV Index is used before being initialized or the
state saved by TPM2_Shutdown(STATE) could not
be restored
TPM_RC_NV_SPACE
RC_VER1 + 0x04B
insufficient space for NV allocation
TPM_RC_NV_DEFINED
RC_VER1 + 0x04C
NV Index or persistend object already defined
TPM_RC_BAD_CONTEXT
RC_VER1 + 0x050
context in TPM2_ContextLoad() is not valid
TPM_RC_CPHASH
RC_VER1 + 0x051
cpHash value already set or not correct for use
TPM_RC_PARENT
RC_VER1 + 0x052
handle for parent is not a valid parent
TPM_RC_NEEDS_TEST
RC_VER1 + 0x053
some function needs testing.
RC_VER1 + 0x054
returned when an internal function cannot process
a request due to an unspecified problem. This
code is usually related to invalid parameters that
are not properly filtered by the input unmarshaling
code.
TPM_RC_SENSITIVE
RC_VER1 + 0x055
the sensitive area did not unmarshal correctly after
decryption – this code is used in lieu of the other
unmarshaling errors so that an attacker cannot
determine where the unmarshaling error occurred
RC_MAX_FM0
RC_VER1 + 0x07F
largest version 1 code that is not a warning
TPM_RC_NO_RESULT
New Subsection
RC_FMT1
0x080
This bit is SET in all format 1 response codes
The codes in this group may have a value added to
them to indicate the handle, session, or parameter
to which they apply.
TPM_RC_ASYMMETRIC
RC_FMT1 + 0x001
asymmetric algorithm not supported or not correct
TPM_RC_ATTRIBUTES
RC_FMT1 + 0x002
inconsistent attributes
TPM_RC_HASH
RC_FMT1 + 0x003
hash algrithm not supported or not appropriate
TPM_RC_VALUE
RC_FMT1 + 0x004
value is out of range or is not correct for the
context
TPM_RC_HIERARCHY
RC_FMT1 + 0x005
hierarchy is not enabled or is not correct for the
use
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 33
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Name
Value
Description
TPM_RC_KEY_SIZE
RC_FMT1 + 0x007
key size is not supported
TPM_RC_MGF
RC_FMT1 + 0x008
mask generation function not supported
TPM_RC_MODE
RC_FMT1 + 0x009
mode of operation not supported
TPM_RC_TYPE
RC_FMT1 + 0x00A
the type of the value is not appropriate for the use
TPM_RC_HANDLE
RC_FMT1 + 0x00B
the handle is not correct for the use
TPM_RC_KDF
RC_FMT1 + 0x00C
unsupported key derivation function or function not
appropriate for use
TPM_RC_RANGE
RC_FMT1 + 0x00D
value was out of allowed range.
TPM_RC_AUTH_FAIL
RC_FMT1 + 0x00E
the authorization HMAC check failed and DA
counter incremented
TPM_RC_NONCE
RC_FMT1 + 0x00F
invalid nonce size
TPM_RC_PP
RC_FMT1 + 0x010
authorization requires assertion of PP
TPM_RC_SCHEME
RC_FMT1 + 0x012
unsupported or incompatible scheme
TPM_RC_SIZE
RC_FMT1 + 0x015
structure is the wrong size
TPM_RC_SYMMETRIC
RC_FMT1 + 0x016
unsupported symmetric algorithm or key size, or
not appropriate for instance
TPM_RC_TAG
RC_FMT1 + 0x017
incorrect structure tag
TPM_RC_SELECTOR
RC_FMT1 + 0x018
union selector is incorrect
TPM_RC_INSUFFICIENT
RC_FMT1 + 0x01A
the TPM was unable to unmarshal a value
because there were not enough octets in the input
buffer
TPM_RC_SIGNATURE
RC_FMT1 + 0x01B
the signature is not valid
TPM_RC_KEY
RC_FMT1 + 0x01C
key fields are not compatible with the selected use
TPM_RC_POLICY_FAIL
RC_FMT1 + 0x01D
a policy check failed
TPM_RC_INTEGRITY
RC_FMT1 + 0x01F
integrity check failed
TPM_RC_TICKET
RC_FMT1 + 0x020
invalid ticket
TPM_RC_RESERVED_BITS
RC_FMT1 + 0x021
reserved bits not set to zero as required
TPM_RC_BAD_AUTH
RC_FMT1 + 0x022
authroization failure without DA implications
TPM_RC_EXPIRED
RC_FMT1 + 0x023
the policy has expired
TPM_RC_POLICY_CC
RC_FMT1 + 0x024
the commandCode in the policy is not the
commandCode of the command or the command
code in a policy command references a command
that is not implemented
TPM_RC_BINDING
RC_FMT1 + 0x025
public and sensitive portions of an object are not
cryptographically bound
TPM_RC_CURVE
RC_FMT1 + 0x026
curve not supported
TPM_RC_ECC_POINT
RC_FMT1 + 0x027
point is not on the required curve.
New Subsection
RC_WARN
0x900
set for warning response codes
TPM_RC_CONTEXT_GAP
RC_WARN + 0x001
gap for context ID is too large
TPM_RC_OBJECT_MEMORY
RC_WARN + 0x002
out of memory for object contexts
Page 34
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Name
Value
Description
TPM_RC_SESSION_MEMORY
RC_WARN + 0x003
out of memory for session contexts
TPM_RC_MEMORY
RC_WARN + 0x004
out of shared object/session memory or need
space for internal operations
TPM_RC_SESSION_HANDLES
RC_WARN + 0x005
out of session handles – a session must be flushed
before a new session may be created
out of object handles – the handle space for
objects is depleted and a reboot is required
NOTE
TPM_RC_LOCALITY
TPM_RC_YIELDED
This cannot occur
implementation.
NOTE
TPM_RC_OBJECT_HANDLES
There is no reason why an implementation
would implement a design that would deplete
handle space. Platform specifications are
encouraged to forbid it.
RC_WARN + 0x006
RC_WARN + 0x007
RC_WARN + 0x008
on
the
reference
bad locality
the TPM has suspended operation on the
command; forward progress was made and the
command may be retried.
See Part 1, “Multi-tasking.”
NOTE
This cannot occur
implementation.
on
the
reference
TPM_RC_CANCELED
RC_WARN + 0x009
the command was canceled
TPM_RC_TESTING
RC_WARN + 0x00A
TPM is performing self-tests
TPM_RC_REFERENCE_H0
RC_WARN + 0x010
the 1 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_H1
RC_WARN + 0x011
the 2 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_H2
RC_WARN + 0x012
the 3 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_H3
RC_WARN + 0x013
the 4 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_H4
RC_WARN + 0x014
the 5 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_H5
RC_WARN + 0x015
the 6 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_H6
RC_WARN + 0x016
the 7 handle in the handle area references a
transient object or session that is not loaded
TPM_RC_REFERENCE_S0
RC_WARN + 0x018
the 1 authorization session handle references a
session that is not loaded
TPM_RC_REFERENCE_S1
RC_WARN + 0x019
the 2 authorization session handle references a
session that is not loaded
TPM_RC_REFERENCE_S2
RC_WARN + 0x01A
the 3 authorization session handle references a
session that is not loaded
TPM_RC_REFERENCE_S3
RC_WARN + 0x01B
the 4th authorization session handle references a
session that is not loaded
TPM_RC_REFERENCE_S4
RC_WARN + 0x01C
the 5 session handle references a session that is
not loaded
TPM_RC_REFERENCE_S5
RC_WARN + 0x01D
the 6 session handle references a session that is
not loaded
st
nd
rd
th
th
th
th
st
nd
rd
th
th
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 35
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Name
Value
Description
TPM_RC_REFERENCE_S6
RC_WARN + 0x01E
the 7 authorization session handle references a
session that is not loaded
TPM_RC_NV_RATE
RC_WARN + 0x020
the TPM is rate-limiting accesses to prevent
wearout of NV
TPM_RC_LOCKOUT
RC_WARN + 0x021
authorizations for objects subject to DA protection
are not allowed at this time because the TPM is in
DA lockout mode
TPM_RC_RETRY
RC_WARN + 0x022
the TPM was not able to start the command
TPM_RC_NV_UNAVAILABLE
RC_WARN + 0x023
the command may require writing of NV and NV is
not current accessible
TPM_RC_NOT_USED
RC_WARN + 0x7F
this value is reserved and shall not be returned by
the TPM
th
Additional Defines
TPM_RC_H
0x000
add to a handle-related error
TPM_RC_P
0x040
add to a parameter-related error
TPM_RC_S
0x800
add to a session-related error
TPM_RC_1
0x100
add to a parameter-, handle-, or session-related
error
TPM_RC_2
0x200
add to a parameter-, handle-, or session-related
error
TPM_RC_3
0x300
add to a parameter-, handle-, or session-related
error
TPM_RC_4
0x400
add to a parameter-, handle-, or session-related
error
TPM_RC_5
0x500
add to a parameter-, handle-, or session-related
error
TPM_RC_6
0x600
add to a parameter-, handle-, or session-related
error
TPM_RC_7
0x700
add to a parameter-, handle-, or session-related
error
TPM_RC_8
0x800
add to a parameter-related error
TPM_RC_9
0x900
add to a parameter-related error
TPM_RC_A
0xA00
add to a parameter-related error
TPM_RC_B
0xB00
add to a parameter-related error
TPM_RC_C
0xC00
add to a parameter-related error
TPM_RC_D
0xD00
add to a parameter-related error
TPM_RC_E
0xE00
add to a parameter-related error
TPM_RC_F
0xF00
add to a parameter-related error
TPM_RC_N_MASK
0xF00
number mask
Page 36
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
6.7
Part 2: Structures
TPM_CLOCK_ADJUST
A TPM_CLOCK_ADJUST value is used to change the rate at which the TPM internal oscillator is divided.
A change to the divider will change the rate at which Clock and Time change.
NOTE
The recommended adjustments are approximately 1% for a course adjustment, 0.1% for a medium
adjustment, and the minimum possible on the implementation for the fine adjustment (e.g., one count of
the pre-scalar if possible).
Table 16 — Definition of (INT8) TPM_CLOCK_ADJUST Constants <IN>
Name
Value
Comments
TPM_CLOCK_COARSE_SLOWER
-3
Slow the Clock update rate by one coarse adjustment step.
TPM_CLOCK_MEDIUM_SLOWER
-2
Slow the Clock update rate by one medium adjustment step.
TPM_CLOCK_FINE_SLOWER
-1
Slow the Clock update rate by one fine adjustment step.
TPM_CLOCK_NO_CHANGE
0
No change to the Clock update rate.
TPM_CLOCK_FINE_FASTER
1
Speed the Clock update rate by one fine adjustment step.
TPM_CLOCK_MEDIUM_FASTER
2
Speed the Clock update rate by one medium adjustment step.
TPM_CLOCK_COARSE_FASTER
3
Speed the Clock update rate by one coarse adjustment step.
#TPM_RC_VALUE
6.8
TPM_EO (EA Arithmetic Operands)
Table 17 — Definition of (UINT16) TPM_EO Constants <IN/OUT>
Operation Name
Value
Comments
TPM_EO_EQ
0x0000
A=B
TPM_EO_NEQ
0x0001
A≠B
TPM_EO_SIGNED_GT
0x0002
A > B signed
TPM_EO_UNSIGNED_GT
0x0003
A > B unsigned
TPM_EO_SIGNED_LT
0x0004
A < B signed
TPM_EO_UNSIGNED_LT
0x0005
A < B unsigned
TPM_EO_SIGNED_GE
0x0006
A ≥ B signed
TPM_EO_UNSIGNED_GE
0x0007
A ≥ B unsigned
TPM_EO_SIGNED_LE
0x0008
A ≤ B signed
TPM_EO_UNSIGNED_LE
0x0009
A ≤ B unsigned
TPM_EO_BITSET
0x000A
All bits SET in B are SET in A. ((A&B)=B)
TPM_EO_BITCLEAR
0x000B
All bits SET in B are CLEAR in A. ((A&B)=0)
#TPM_RC_VALUE
Family “2.0”
Level 00 Revision 00.99
Response code returned when unmarshaling of this type fails
Published
Copyright © TCG 2006-2013
Page 37
October 31, 2013
�Part 2: Structures
6.9
Trusted Platform Module Library
TPM_ST (Structure Tags)
Structure tags are used to disambiguate structures. They are 16-bit values with the most significant bit
SET so that they do not overlap TPM_ALG_ID values. A single exception is made for the value
associated with TPM_ST_RSP_COMMAND (0x00C4), which has the same value as the
TPM_TAG_RSP_COMMAND tag from earlier versions of this specification. This value is used when the
TPM is compatible with a previous TPM specification and the TPM cannot determine which family of
response code to return because the command tag is not valid.
Many of the structures defined in this document have parameters that are unions of other structures. That
is, a parameter may be one of several structures. The parameter will have a selector value that indicates
which of the options is actually present.
In order to allow the marshaling and unmarshaling code to determine which of the possible structures is
allowed, each selector will have a unique interface type and will constrain the number of possible tag
values.
Table 18 defines the structure tags values. The definition of many structures is context-sensitive using an
algorithm ID. In cases where an algorithm ID is not a meaningful way to designate the structure, the
values in this table are used.
Table 18 — Definition of (UINT16) TPM_ST Constants <IN/OUT, S>
Name
TPM_ST_RSP_COMMAND
Value
Comments
0x00C4
tag value for a response; used when there is an error
in the tag. This is also the value returned from a TPM
1.2 when an error occurs. This value is used in this
specification because an error in the command tag
may prevent determination of the family. When this tag
is used in the response, the response code will be
TPM_RC_BAD_TAG (0 1E16), which has the same
numeric value as the TPM 1.2 response code for
TPM_BADTAG.
NOTE
In a previously published version of this
specification,
TPM_RC_BAD_TAG
was
incorrectly assigned a value of 0x030 instead of
30 (0x01e). Some implementations my return the
old value instead of the new value.
TPM_ST_NULL
0X8000
no structure type specified
TPM_ST_NO_SESSIONS
0x8001
tag value for a command/response for a command
defined in this specification; indicating that the
command/response has no attached sessions and no
authorizationSize/parameterSize value is present
If the responseCode from the TPM is not
TPM_RC_SUCCESS, then the response tag shall
have this value.
TPM_ST_SESSIONS
0x8002
tag value for a command/response for a command
defined in this specification; indicating that the
command/response has one or more attached
sessions and the authorizationSize/parameterSize
field is present
Page 38
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Name
reserved
Part 2: Structures
Value
Comments
0x8003
When used between application software and the TPM
resource manager, this tag indicates that the
command has no sessions and the handles are using
the Name format rather than the 32-bit handle format.
NOTE 1
The response to application software will have a
tag of TPM_ST_NO_SESSIONS.
Between the TRM and TPM, this tag would occur in a
response from a TPM that overlaps the tag parameter
of a request with the tag parameter of a response,
when the response has no associated sessions.
NOTE 2
reserved
0x8004
This tag is not used by all TPM or TRM
implementations.
When used between application software and the TPM
resource manager, this tag indicates that the
command has sessions and the handles are using the
Name format rather than the 32-bit handle format.
NOTE 1
If the command completes successfully, the
response to application software will have a tag
of TPM_ST_SESSIONS.
Between the TRM and TPM, would occur in a
response from a TPM that overlaps the tag parameter
of a request with the tag parameter of a response,
when the response has authorization sessions.
NOTE 2
This tag is not used by all TPM or TRM
implementations.
TPM_ST_ATTEST_NV
0x8014
tag for an attestation structure
TPM_ST_ATTEST_COMMAND_AUDIT
0x8015
tag for an attestation structure
TPM_ST_ATTEST_SESSION_AUDIT
0x8016
tag for an attestation structure
TPM_ST_ATTEST_CERTIFY
0x8017
tag for an attestation structure
TPM_ST_ATTEST_QUOTE
0x8018
tag for an attestation structure
TPM_ST_ATTEST_TIME
0x8019
tag for an attestation structure
TPM_ST_ATTEST_CREATION
0x801A
tag for an attestation structure
reserved
0x801B
do not use
NOTE
This
was
previously
assigned
to
TPM_ST_ATTEST_NV. The tag is changed
because the structure has changed
TPM_ST_CREATION
0x8021
tag for a ticket type
TPM_ST_VERIFIED
0x8022
tag for a ticket type
TPM_ST_AUTH_SECRET
0x8023
tag for a ticket type
TPM_ST_HASHCHECK
0x8024
tag for a ticket type
TPM_ST_AUTH_SIGNED
0x8025
tag for a ticket type
TPM_ST_FU_MANIFEST
0x8029
tag for a structure describing a Field Upgrade Policy
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 39
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
6.10 TPM_SU (Startup Type)
These values are used in TPM2_Startup() to indicate the shutdown and startup mode. The defined
startup sequences are:
a) TPM Reset – Two cases:
1) Shutdown(CLEAR) followed by Startup(CLEAR)
2) Startup(CLEAR) with no Shutdown()
b) TPM Restart – Shutdown(STATE) followed by Startup(CLEAR)
c) TPM Resume – Shutdown(STATE) followed by Startup(STATE)
TPM_SU values of 80 0016 and above are reserved for internal use of the TPM and may not be assigned
values.
NOTE
In the reference code, a value of FF FF 16 indicates that the startup state has not been set. If this was
defined in this table to be, say, TPM_SU_NONE, then TPM_SU_NONE would be a valid input value but
the caller is not allowed to indicate the that the startup type is TPM_SU_NONE so the reserved value is
defined in the implementation as required for internal TPM uses.
Table 19 — Definition of (UINT16) TPM_SU Constants <IN>
Name
Value
Description
TPM_SU_CLEAR
0x0000
on TPM2_Shutdown(), indicates that the TPM should prepare
for loss of power and save state required for an orderly startup
(TPM Reset).
on TPM2_Startup(), indicates that the TPM should start from
perform TPM Reset or TPM Restart
TPM_SU_STATE
0x0001
on TPM2_Shutdown(), indicates that the TPM should prepare
for loss of power and save state required for an orderly startup
(TPM Restart or TPM Resume)
on TPM2_Startup(), indicates that the TPM should restore the
state saved by TPM2_Shutdown(TPM_SU_STATE)
#TPM_RC_VALUE
response code when incorrect value is used
6.11 TPM_SE (Session Type)
This type is used in TPM2_StartAuthSession() to indicate the type of the session to be created.
Table 20 — Definition of (UINT8) TPM_SE Constants <IN>
Name
Value
TPM_SE_HMAC
0x00
TPM_SE_POLICY
0x01
TPM_SE_TRIAL
0x03
#TPM_RC_VALUE
Page 40
October 31, 2013
Description
The policy session is being used to compute the policyHash and
not for command authorization.
This setting modifies some policy commands and prevents
session from being used to authorize a command.
response code when incorrect value is used
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
6.12 TPM_CAP (Capabilities)
The TPM_CAP values are used in TPM2_GetCapability() to select the type of the value to be returned.
The format of the response varies according to the type of the value.
Table 21 — Definition of (UINT32) TPM_CAP Constants
Capability Name
Value
Property Type
Return Type
TPM_CAP_FIRST
0x00000000
TPM_CAP_ALGS
0x00000000 TPM_ALG_ID
TPM_CAP_HANDLES
0x00000001 TPM_HANDLE
TPML_HANDLE
TPM_CAP_COMMANDS
0x00000002 TPM_CC
TPML_CCA
TPM_CAP_PP_COMMANDS
0x00000003 TPM_CC
TPML_CC
TPM_CAP_AUDIT_COMMANDS
0x00000004 TPM_CC
TPML_CC
TPM_CAP_PCRS
0x00000005 reserved
TPML_PCR_SELECTION
TPM_CAP_TPM_PROPERTIES
0x00000006 TPM_PT
TPML_TAGGED_TPM_PROPERTY
TPM_CAP_PCR_PROPERTIES
0x00000007 TPM_PT_PCR
(1)
TPM_CAP_ECC_CURVES
0x00000008 TPM_ECC_CURVE
TPM_CAP_LAST
TPML_ALG_PROPERTY
TPML_TAGGED_PCR_PROPERTY
(1)
0x00000008
TPM_CAP_VENDOR_PROPERTY 0x00000100 manufacturer specific
TPML_ECC_CURVE
manufacturer-specific values
#TPM_RC_VALUE
NOTES:
(1) The TPM_ALG_ID or TPM_ECC_CURVE is cast to a UINT32
6.13 TPM_PT (Property Tag)
The TPM_PT constants are used in TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES) to
indicate the property being selected or returned.
The values in the fixed group (PT_FIXED) are not changeable through programmatic means other than a
firmware update. The values in the variable group (PT_VAR) may be changed with TPM commands but
should be persistent over power cycles and only changed when indicated by the detailed actions code.
Table 22 — Definition of (UINT32) TPM_PT Constants <IN/OUT, S>
Capability Name
Value
Comments
TPM_PT_NONE
0x00000000
indicates no property type
PT_GROUP
0x00000100
The number of properties in each group.
NOTE The first group with any properties is group 1
(PT_GROUP * 1). Group 0 is reserved.
PT_FIXED
PT_GROUP * 1 the
group
of
fixed
properties
returned
as
TPMS_TAGGED_PROPERTY
The values in this group are only changed due to a
firmware change in the TPM.
TPM_PT_FAMILY_INDICATOR
PT_FIXED + 0 a 4-octet character string containing the TPM Family value
(TPM_SPEC_FAMILY)
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 41
October 31, 2013
�Part 2: Structures
Capability Name
TPM_PT_LEVEL
Trusted Platform Module Library
Value
Comments
PT_FIXED + 1 the level of the specification
NOTE 1
TPM_PT_REVISION
For this specification, the level is zero.
NOTE 2
The level is on the title page of the specification.
PT_FIXED + 2 the specification Revision times 100
EXAMPLE Revision 01.01 would have a value of 101.
NOTE
TPM_PT_DAY_OF_YEAR
The Revision value is on the title page of the
specification.
PT_FIXED + 3 the specification day of year using TCG calendar
EXAMPLE November 15, 2010, has a day of year value of 319
(00 00 01 3F16).
NOTE
TPM_PT_YEAR
The specification date is on the title page of the
specification.
PT_FIXED + 4 the specification year using the CE
EXAMPLE The year 2010 has a value of 00 00 07 DA16.
NOTE
The specification date is on the title page of the
specification.
TPM_PT_MANUFACTURER
PT_FIXED + 5 the vendor ID unique to each TPM manufacturer
TPM_PT_VENDOR_STRING_1
PT_FIXED + 6 the first four characters of the vendor ID string
NOTE
When the vendor string is fewer than 16 octets, the
additional property values do not have to be present.
A vendor string of 4 octets can be represented in one
32-bit value and no null terminating character is
required.
TPM_PT_VENDOR_STRING_2
PT_FIXED + 7 the second four characters of the vendor ID string
TPM_PT_VENDOR_STRING_3
PT_FIXED + 8 the third four characters of the vendor ID string
TPM_PT_VENDOR_STRING_4
PT_FIXED + 9 the fourth four characters of the vendor ID sting
TPM_PT_VENDOR_TPM_TYPE
PT_FIXED + 10 vendor-defined value indicating the TPM model
TPM_PT_FIRMWARE_VERSION_1
PT_FIXED + 11 the most-significant 32 bits of a vendor-specific value
indicating the version of the firmware
TPM_PT_FIRMWARE_VERSION_2
PT_FIXED + 12 the least-significant 32 bits of a vendor-specific value
indicating the version of the firmware
TPM_PT_INPUT_BUFFER
PT_FIXED + 13 the maximum size of
TPM2B_MAX_BUFFER)
TPM_PT_HR_TRANSIENT_MIN
PT_FIXED + 14 the minimum number of transient objects that can be held
in TPM RAM
NOTE
TPM_PT_HR_PERSISTENT_MIN
parameter
(typically,
a
This minimum shall be no less than the minimum
value required by the platform-specific specification
to which the TPM is built.
PT_FIXED + 15 the minimum number of persistent objects that can be
held in TPM NV memory
NOTE
TPM_PT_HR_LOADED_MIN
a
This minimum shall be no less than the minimum
value required by the platform-specific specification
to which the TPM is built.
PT_FIXED + 16 the minimum number of authorization sessions that can
be held in TPM RAM
NOTE
Page 42
October 31, 2013
This minimum shall be no less than the minimum
value required by the platform-specific specification
to which the TPM is built.
Published
Family “2.0”
Copyright © TCG 2006-2013
Level 00 Revision 00.99
�Trusted Platform Module Library
Capability Name
TPM_PT_ACTIVE_SESSIONS_MAX
Part 2: Structures
Value
Comments
PT_FIXED + 17 the number of authorization sessions that may be active at
a time
A session is active when it has a context associated with
its handle. The context may either be in TPM RAM or be
context saved.
NOTE
This value shall be no less than the minimum value
required by the platform-specific specification to
which the TPM is built.
TPM_PT_PCR_COUNT
PT_FIXED + 18 the number of PCR implemented
NOTE This number is determined by the defined
attributes, not the number of PCR that are populated.
TPM_PT_PCR_SELECT_MIN
PT_FIXED + 19 the
minimum
number
of
TPMS_PCR_SELECT.sizeOfSelect
NOTE
TPM_PT_CONTEXT_GAP_MAX
octets
in
a
This value is not determined by the number of PCR
implemented but by the number of PCR required by
the platform-specific specification with which the TPM
is compliant.
PT_FIXED + 20 the maximum allowed difference (unsigned) between the
contextID values of two saved session contexts
16
This value shall be at least 2 -1 (65535).
PT_FIXED + 21 skipped
TPM_PT_NV_COUNTERS_MAX
PT_FIXED + 22 the maximum number of NV Indexes that are allowed to
have the TPMA_NV_COUNTER attribute SET
NOTE
It is allowed for this value to be larger than the
number of NV Indexes that can be defined. This
would be indicative of a TPM implementation that did
not use different implementation technology for
different NV Index types.
TPM_PT_NV_INDEX_MAX
PT_FIXED + 23 the maximum size of an NV Index data area
TPM_PT_MEMORY
PT_FIXED + 24 a TPMA_MEMORY indicating the memory management
method for the TPM
TPM_PT_CLOCK_UPDATE
PT_FIXED + 25 interval, in milliseconds, between updates to the copy of
TPMS_CLOCK_INFO.clock in NV
TPM_PT_CONTEXT_HASH
PT_FIXED + 26 the algorithm used for the integrity HMAC on saved
contexts
and
for
hashing
the
fuData
of
TPM2_FirmwareRead()
TPM_PT_CONTEXT_SYM
PT_FIXED + 27 the algorithm used for encryption of saved contexts
TPM_PT_CONTEXT_SYM_SIZE
PT_FIXED + 28 the size of the key used for encryption of saved contexts
TPM_PT_ORDERLY_COUNT
PT_FIXED + 29 the modulus - 1 of the count for NV update of an orderly
counter
The returned value is MAX_ORDERLY_COUNT.
N
This will have a value of 2 – 1 where 1 ≤ N ≤ 32
NOTE
An “orderly counter” is an NV Index with
TPMA_NV_COUNTER and TPMA_NV_ORDERLY
both SET.
TPM_PT_MAX_COMMAND_SIZE
PT_FIXED + 30 the maximum value for commandSize in a command
TPM_PT_MAX_RESPONSE_SIZE
PT_FIXED + 31 the maximum value for responseSize in a response
TPM_PT_MAX_DIGEST
PT_FIXED + 32 the maximum size of a digest that can be produced by the
TPM
TPM_PT_MAX_OBJECT_CONTEXT
PT_FIXED + 33 the maximum size of an object context that will be
returned by TPM2_ContextSave
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 43
October 31, 2013
�Part 2: Structures
Capability Name
Trusted Platform Module Library
Value
Comments
TPM_PT_MAX_SESSION_CONTEXT PT_FIXED + 34 the maximum size of a session context that will be
returned by TPM2_ContextSave
TPM_PT_PS_FAMILY_INDICATOR
PT_FIXED + 35 platform-specific family (a TPM_PS value)(see Table 24)
NOTE
The platform-specific values for the TPM_PT_PS
parameters are in the relevant platform-specific
specification. In the reference implementation, all of
these values are 0.
TPM_PT_PS_LEVEL
PT_FIXED + 36 the level of the platform-specific specification
TPM_PT_PS_REVISION
PT_FIXED + 37 the specification Revision times 100 for the platformspecific specification
TPM_PT_PS_DAY_OF_YEAR
PT_FIXED + 38 the platform-specific specification day of year using TCG
calendar
TPM_PT_PS_YEAR
PT_FIXED + 39 the platform-specific specification year using the CE
TPM_PT_SPLIT_MAX
PT_FIXED + 40 the number of split signing operations supported by the
TPM
TPM_PT_TOTAL_COMMANDS
PT_FIXED + 41 total number of commands implemented in the TPM
TPM_PT_LIBRARY_COMMANDS
PT_FIXED + 42 number of commands from the TPM library that are
implemented
TPM_PT_VENDOR_COMMANDS
PT_FIXED + 43 number of vendor commands that are implemented
TPM_PT_NV_BUFFER_MAX
PT_FIXED + 44 the maximum data size in one NV write command
PT_VAR
PT_GROUP * 2 the group of variable properties returned as
TPMS_TAGGED_PROPERTY
The properties in this group change because of a
Protected Capability other than a firmware update. The
values are not necessarily persistent across all power
transitions.
TPM_PT_PERMANENT
PT_VAR + 0
TPMA_PERMANENT
TPM_PT_STARTUP_CLEAR
PT_VAR + 1
TPMA_STARTUP_CLEAR
TPM_PT_HR_NV_INDEX
PT_VAR + 2
the number of NV Indexes currently defined
TPM_PT_HR_LOADED
PT_VAR + 3
the number of authorization sessions currently loaded into
TPM RAM
TPM_PT_HR_LOADED_AVAIL
PT_VAR + 4
the number of additional authorization sessions, of any
type, that could be loaded into TPM RAM
This value is an estimate. If this value is at least 1, then at
least one authorization session of any type may be
loaded. Any command that changes the RAM memory
allocation can make this estimate invalid.
NOTE
TPM_PT_HR_ACTIVE
Page 44
October 31, 2013
PT_VAR + 5
A valid implementation may return 1 even if more
than one authorization session would fit into RAM.
the number of active authorization sessions currently
being tracked by the TPM
This is the sum of the loaded and saved sessions.
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Capability Name
TPM_PT_HR_ACTIVE_AVAIL
Part 2: Structures
Value
Comments
PT_VAR + 6
the number of additional authorization sessions, of any
type, that could be created
This value is an estimate. If this value is at least 1, then at
least one authorization session of any type may be
created. Any command that changes the RAM memory
allocation can make this estimate invalid.
NOTE
TPM_PT_HR_TRANSIENT_AVAIL
PT_VAR + 7
A valid implementation may return 1 even if more
than one authorization session could be created.
estimate of the number of additional transient objects that
could be loaded into TPM RAM
This value is an estimate. If this value is at least 1, then at
least one object of any type may be loaded. Any
command that changes the memory allocation can make
this estimate invalid.
NOTE
A valid implementation may return 1 even if more
than one transient object would fit into RAM.
TPM_PT_HR_PERSISTENT
PT_VAR + 8
the number of persistent objects currently loaded into
TPM NV memory
TPM_PT_HR_PERSISTENT_AVAIL
PT_VAR + 9
the number of additional persistent objects that could be
loaded into NV memory
This value is an estimate. If this value is at least 1, then at
least one object of any type may be made persistent. Any
command that changes the NV memory allocation can
make this estimate invalid.
NOTE
A valid implementation may return 1 even if more
than one persistent object would fit into NV memory.
TPM_PT_NV_COUNTERS
PT_VAR + 10
the number of defined NV Indexes that have NV
TPMA_NV_COUNTER attribute SET
TPM_PT_NV_COUNTERS_AVAIL
PT_VAR + 11
the number of additional NV Indexes that can be defined
with
their
TPMA_NV_COUNTER
and
TPMA_NV_ORDERLY attribute SET
This value is an estimate. If this value is at least 1, then at
least one NV Index may be created with the
TPMA_NV_COUNTER
and
TPMA_NV_ORDERLY
attributes SET. Any command that changes the NV
memory allocation can make this estimate invalid.
NOTE A valid implementation may return 1 even if more
than one NV counter could be defined.
TPM_PT_ALGORITHM_SET
PT_VAR + 12
code that limits the algorithms that may be used with the
TPM
TPM_PT_LOADED_CURVES
PT_VAR + 13
the number of loaded ECC curves
TPM_PT_LOCKOUT_COUNTER
PT_VAR + 14
the current value of the lockout counter (failedTries)
TPM_PT_MAX_AUTH_FAIL
PT_VAR + 15
the number of authorization failures before DA lockout is
invoked
TPM_PT_LOCKOUT_INTERVAL
PT_VAR + 16
the number of seconds before the value reported by
TPM_PT_LOCKOUT_COUNTER is decremented
TPM_PT_LOCKOUT_RECOVERY
PT_VAR + 17
the number of seconds after a lockoutAuth failure before
use of lockoutAuth may be attempted again
TPM_PT_NV_WRITE_RECOVERY
PT_VAR + 18
number of milliseconds before the TPM will accept
another command that will modify NV
This value is an approximation and may go up or down
over time.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 45
October 31, 2013
�Part 2: Structures
Capability Name
Trusted Platform Module Library
Value
Comments
TPM_PT_AUDIT_COUNTER_0
PT_VAR + 19
the high-order 32 bits of the command audit counter
TPM_PT_AUDIT_COUNTER_1
PT_VAR + 20
the low-order 32 bits of the command audit counter
Page 46
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
6.14 TPM_PT_PCR (PCR Property Tag)
The TPM_PT_PCR constants are used in TPM2_GetCapability() to indicate the property being selected
or returned. The PCR properties can be read when capability == TPM_CAP_PCR_PROPERTIES.
Table 23 — Definition of (UINT32) TPM_PT_PCR Constants <IN/OUT, S>
Capability Name
Value
Comments
TPM_PT_PCR_FIRST
0x00000000
bottom of the range of TPM_PT_PCR properties
TPM_PT_PCR_SAVE
0x00000000
a SET bit in the TPMS_PCR_SELECT indicates that the PCR is
saved and restored by TPM_SU_STATE
TPM_PT_PCR_EXTEND_L0
0x00000001
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be extended from locality 0
This property is only present if a locality other than 0 is
implemented.
TPM_PT_PCR_RESET_L0
0x00000002
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be reset by TPM2_PCR_Reset() from locality 0
TPM_PT_PCR_EXTEND_L1
0x00000003
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be extended from locality 1
This property is only present if locality 1 is implemented.
TPM_PT_PCR_RESET_L1
0x00000004
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be reset by TPM2_PCR_Reset() from locality 1
This property is only present if locality 1 is implemented.
TPM_PT_PCR_EXTEND_L2
0x00000005
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be extended from locality 2
This property is only present if localities 1 and 2 are
implemented.
TPM_PT_PCR_RESET_L2
0x00000006
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be reset by TPM2_PCR_Reset() from locality 2
This property is only present if localities 1 and 2 are
implemented.
TPM_PT_PCR_EXTEND_L3
0x00000007
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be extended from locality 3
This property is only present if localities 1, 2, and 3 are
implemented.
TPM_PT_PCR_RESET_L3
0x00000008
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be reset by TPM2_PCR_Reset() from locality 3
This property is only present if localities 1, 2, and 3 are
implemented.
TPM_PT_PCR_EXTEND_L4
0x00000009
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be extended from locality 4
This property is only present if localities 1, 2, 3, and 4 are
implemented.
TPM_PT_PCR_RESET_L4
0x0000000A
a SET bit in the TPMS_PCR_SELECT indicates that the PCR
may be reset by TPM2_PCR_Reset() from locality 4
This property is only present if localities 1, 2, 3, and 4 are
implemented.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 47
October 31, 2013
�Part 2: Structures
Capability Name
reserved
Trusted Platform Module Library
Value
Comments
0x0000000B – the values in this range are reserved
0x00000010 They correspond to values that may be used to describe
attributes associated with the extended localities (32255).synthesize additional software localities. The meaning of
these properties need not be the same as the meaning for the
Extend and Reset properties above.
TPM_PT_PCR_NO_INCREMENT
0x00000011
a SET bit in the TPMS_PCR_SELECT indicates that
modifications to this PCR (reset or Extend) will not increment
the pcrUpdateCounter
TPM_PT_PCR_DRTM_RESET
0x00000012
a SET bit in the TPMS_PCR_SELECT indicates that the PCR is
reset by a DRTM event
These PCR are reset to -1 on TPM2_Startup() and reset to 0 on
a _TPM_Hash_End event following a _TPM_Hash_Start event.
TPM_PT_PCR_POLICY
0x00000013
a SET bit in the TPMS_PCR_SELECT indicates that the PCR is
controlled by policy
This property is only present if the TPM supports policy control
of a PCR.
TPM_PT_PCR_AUTH
0x00000014
a SET bit in the TPMS_PCR_SELECT indicates that the PCR is
controlled by an authorization value
This property is only present if the TPM supports authorization
control of a PCR.
reserved
0x00000015
reserved for the next (2 ) TPM_PT_PCR_POLICY set
reserved
0x00000016
reserved for the next (2 ) TPM_PT_PCR_AUTH set
reserved
nd
nd
nd
th
0x00000017 – reserved for the 2 through 255 TPM_PT_PCR_POLICY and
0x00000210 TPM_PT_PCR_AUTH values
th
and
highest
allowed,
th
and
highest
allowed,
reserved
0x00000211
reserved
to
the
256 ,
TPM_PT_PCR_POLICY set
reserved
0x00000212
reserved
to
the
256 ,
TPM_PT_PCR_AUTH set
reserved
0x00000213
new PCR property values may be assigned starting with this
value
TPM_PT_PCR_LAST
0x00000014
top of the range of TPM_PT_PCR properties of the
implementation
If the TPM receives a request for a PCR property with a value
larger than this, the TPM will return a zero length list and set the
moreData parameter to NO.
NOTE
Page 48
October 31, 2013
This is an implementation-specific value. The value shown
reflects the reference code implementation.
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
6.15 TPM_PS (Platform Specific)
The platform values in Table 24 are used for the TPM_PT_PS_FAMILY_INDICATOR.
NOTE
Values below six (6) have the same values as the purview assignments in TPM 1.2.
Table 24 — Definition of (UINT32) TPM_PS Constants <OUT>
Capability Name
Value
Comments
TPM_PS_MAIN
0x00000000
not platform specific
TPM_PS_PC
0x00000001
PC Client
TPM_PS_PDA
0x00000002
PDA (includes all mobile devices that are not specifically cell
phones)
TPM_PS_CELL_PHONE
0x00000003
Cell Phone
TPM_PS_SERVER
0x00000004
Server WG
TPM_PS_PERIPHERAL
0x00000005
Peripheral WG
TPM_PS_TSS
0x00000006
TSS WG
TPM_PS_STORAGE
0x00000007
Storage WG
TPM_PS_AUTHENTICATION
0x00000008
Authentication WG
TPM_PS_EMBEDDED
0x00000009
Embedded WG
TPM_PS_HARDCOPY
0x0000000A
Hardcopy WG
TPM_PS_INFRASTRUCTURE
0x0000000B
Infrastructure WG
TPM_PS_VIRTUALIZATION
0x0000000C Virtualization WG
TPM_PS_TNC
0x0000000D Trusted Network Connect WG
TPM_PS_MULTI_TENANT
0x0000000E
Multi-tenant WG
TPM_PS_TC
0x0000000F
Technical Committee
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 49
October 31, 2013
�Part 2: Structures
7
Trusted Platform Module Library
Handles
7.1
Introduction
Handles are 32-bit values used to reference shielded locations of various types within the TPM.
Table 25 — Definition of Types for Handles
Type
Name
Description
UINT32
TPM_HANDLE
Handles may refer to objects (keys or data blobs), authorization sessions (HMAC and policy), NV
Indexes, permanent TPM locations, and PCR.
7.2
TPM_HT (Handle Types)
The 32-bit handle space is divided into 256 regions of equal size with 2
ranges represents a handle type.
24
values in each. Each of these
The type of the entity is indicated by the MSO of its handle. The values for the MSO and the entity
referenced are shown in Table 26.
Table 26 — Definition of (UINT8) TPM_HT Constants <S>
Name
Value
Comments
TPM_HT_PCR
0x00
PCR – consecutive numbers, starting at 0, that reference the PCR
registers
A platform-specific specification will set the minimum number of PCR
and an implementation may have more.
TPM_HT_NV_INDEX
0x01
NV Index – assigned by the caller
TPM_HT_HMAC_SESSION
0x02
HMAC Authorization Session – assigned by the TPM when the
session is created
TPM_HT_LOADED_SESSION
0x02
Loaded Authorization Session – used only in the context of
TPM2_GetCapability
This type references both loaded HMAC and loaded policy
authorization sessions.
TPM_HT_POLICY_SESSION
0x03
Policy Authorization Session – assigned by the TPM when the
session is created
TPM_HT_ACTIVE_SESSION
0x03
Active Authorization Session – used only in the context of
TPM2_GetCapability
This type references saved authorization session contexts for which
the TPM is maintaining tracking information.
TPM_HT_PERMANENT
0x40
Permanent Values – assigned by this specification in Table 27
TPM_HT_TRANSIENT
0x80
Transient Objects – assigned by the TPM when an object is loaded
into transient-object memory or when a persistent object is converted
to a transient object
TPM_HT_PERSISTENT
0x81
Persistent Objects – assigned by the TPM when a loaded transient
object is made persistent
Page 50
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
When a transient object is loaded, the TPM shall assign a handle with an MSO of TPM_HT_TRANSIENT.
The object may be assigned a different handle each time it is loaded. The TPM shall ensure that handles
assigned to transient objects are unique and assigned to only one transient object at a time.
EXAMPLE
If a TPM is only able to hold 4 transient objects in internal memory, it might choose to assign handles to
those objects with the values 80 00 00 0016 – 80 00 00 0316.
When a transient object is converted to a persistent object (TPM2_EvictControl()), the TPM shall validate
that the handle provided by the caller has an MSO of TPM_HT_PERSISTENT and that the handle is not
already assigned to a persistent object.
A handle is assigned to a session when the session is started. The handle shall have an MSO equal to
TPM_HT_SESSION and remain associated with that session until the session is closed or flushed. The
TPM shall ensure that a session handle is only associated with one session at a time. When the session
is loaded into the TPM using TPM2_LoadContext(), it will have the same handle each time it is loaded.
EXAMPLE
7.3
If a TPM is only able to track 64 active sessions at a time, it could number those sessions using the
values xx 00 01 0016 – xx 00 01 3F 16 where xx is either 02 16 or 03 16 depending on the session type.
Persistent Handle Sub-ranges
Persistent handles are assigned by the caller of TPM2_EvictControl(). ownerAuth or platformAuth is
required to authorize allocation of space for a persistent object. These entities are given separate ranges
of persistent handles so that they do not have to allocate from a common range of handles.
NOTE
While this “namespace” allocation of the handle ranges could have been handled by convention, TPM
enforcement is used to prevent errors by the OS or malicious software from affecting the platform’s use of
the NV memory.
The Owner is allocated persistent handles in the range of 81 00 00 0016 to 81 7F FF FF16 inclusive and
the TPM will return an error if ownerAuth is used to attempt to assign a persistent handle outside of this
range.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 51
October 31, 2013
�Part 2: Structures
7.4
Trusted Platform Module Library
TPM_RH (Permanent Handles)
Table 27 lists the architecturally defined handles that cannot be changed. The handles include
authorization handles, and special handles.
Table 27 — Definition of (UINT32) TPM_RH Constants <IN, S>
Name
Value
Type
TPM_RH_FIRST
0x40000000
R
TPM_RH_SRK
0x40000000
R
TPM_RH_OWNER
0x40000001
K, A, P
TPM_RH_REVOKE
0x40000002
R
not used
1
TPM_RH_TRANSPORT
0x40000003
R
not used
1
TPM_RH_OPERATOR
0x40000004
R
not used
1
TPM_RH_ADMIN
0x40000005
R
not used
1
TPM_RH_EK
0x40000006
R
not used
1
TPM_RH_NULL
0x40000007
K, A, P
a handle associated with the null hierarchy, an EmptyAuth
authValue, and an Empty Policy authPolicy.
TPM_RH_UNASSIGNED
0x40000008
R
value reserved to the TPM to indicate a handle location that
has not been initialized or assigned
TPM_RS_PW
0x40000009
S
authorization value
authorization session
TPM_RH_LOCKOUT
0x4000000A
A
references the authorization associated with the dictionary
attack lockout reset
TPM_RH_ENDORSEMENT
0x4000000B
K, A, P
references the Endorsement Primary
endorsementAuth, and endorsementPolicy
TPM_RH_PLATFORM
0x4000000C
K, A, P
references the Platform Primary Seed (PPS), platformAuth,
and platformPolicy
TPM_RH_PLATFORM_NV
0x4000000D
C
for phEnableNV
R
the top of the reserved handle area
This is set to allow TPM2_GetCapability() to know where to
stop. It may vary as implementations add to the permanent
handle area.
TPM_RH_LAST
0x4000000D
Comments
not used
1
handle references the Storage Primary Seed (SPS), the
ownerAuth, and the ownerPolicy
used
to
indicate
a
password
Seed
(EPS),
Type definitions:
R – a reserved value
K – a Primary Seed
A – an authorization value
P – a policy value
S – a session handle
C - a controlNote 1 The handle is only used in a TPM that is compatible with a previous version of this specification. It is not used
in any command defined in this version of the specification.
Page 52
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
7.5
Part 2: Structures
TPM_HC (Handle Value Constants)
The definitions in Table 28 are used to define many of the interface data types. However, the values of
these constants, other than PCR_FIRST, are informative and may be changed by an implementation as
long as the values stay within the prescribed ranges for the handle type.
NOTE
PCR0 is architecturally defined to have a handle value of 0.
For the reference implementation, the handle range for sessions starts at the lowest allowed value for a
session handle. The highest value for a session handle is determined by how many active sessions are
allowed by the implementation. The MSO of the session handle will be set according to the session type.
A similar approach is used for transient objects with the first assigned handle at the bottom of the range
defined by TPM_HT_TRANSIENT and the top of the range determined by the implementation-dependent
value of MAX_LOADED_OBJECTS.
The first assigned handle for evict objects is also at the bottom of the allowed range defined by
TPM_HT_PERSISTENT and the top of the range determined by the implementation-dependent value of
MAX_EVICT_OBJECTS.
NOTE
The values in Table 28 are intended to facilitate the process of making the handle larger than 32 bits in
the future. It is intended that HR_MASK and HR_SHIFT are the only values that need change to resize
the handle space.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 53
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Table 28 — Definition of (TPM_HANDLE) TPM_HC Constants <IN, S>
Name
Value
Comments
HR_HANDLE_MASK
0x00FFFFFF
to mask off the HR
HR_RANGE_MASK
0xFF000000
to mask off the variable
part
HR_SHIFT
24
HR_PCR
(TPM_HT_PCR << HR_SHIFT)
HR_HMAC_SESSION
(TPM_HT_HMAC_SESSION << HR_SHIFT)
HR_POLICY_SESSION
(TPM_HT_POLICY_SESSION << HR_SHIFT)
HR_TRANSIENT
(TPM_HT_TRANSIENT << HR_SHIFT)
HR_PERSISTENT
(TPM_HT_PERSISTENT << HR_SHIFT)
HR_NV_INDEX
(TPM_HT_NV_INDEX << HR_SHIFT)
HR_PERMANENT
(TPM_HT_PERMANENT << HR_SHIFT)
PCR_FIRST
(HR_PCR + 0)
first PCR
PCR_LAST
(PCR_FIRST + IMPLEMENTATION_PCR-1)
last PCR
HMAC_SESSION_FIRST
(HR_HMAC_SESSION + 0)
first HMAC session
HMAC_SESSION_LAST
(HMAC_SESSION_FIRST+MAX_ACTIVE_SESSIONS-1)
last HMAC session
LOADED_SESSION_FIRST HMAC_SESSION_FIRST
used in GetCapability
LOADED_SESSION_LAST
HMAC_SESSION_LAST
used in GetCapability
POLICY_SESSION_FIRST
(HR_POLICY_SESSION + 0)
first policy session
POLICY_SESSION_LAST
(POLICY_SESSION_FIRST + MAX_ACTIVE_SESSIONS-1) last policy session
TRANSIENT_FIRST
(HR_TRANSIENT + 0)
first transient object
ACTIVE_SESSION_FIRST
POLICY_SESSION_FIRST
used in GetCapability
ACTIVE_SESSION_LAST
POLICY_SESSION_LAST
used in GetCapability
TRANSIENT_LAST
(TRANSIENT_FIRST+MAX_LOADED_OBJECTS-1)
last transient object
PERSISTENT_FIRST
(HR_PERSISTENT + 0)
first persistent object
PERSISTENT_LAST
(PERSISTENT_FIRST + 0x00FFFFFF)
last persistent object
PLATFORM_PERSISTENT
(PERSISTENT_FIRST + 0x00800000)
first platform persistent
object
NV_INDEX_FIRST
(HR_NV_INDEX + 0)
first allowed NV Index
NV_INDEX_LAST
(NV_INDEX_FIRST + 0x00FFFFFF)
last allowed NV Index
PERMANENT_FIRST
TPM_RH_FIRST
PERMANENT_LAST
TPM_RH_LAST
Page 54
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Attribute Structures
8
8.1
Description
Attributes are expressed as bit fields of varying size. An attribute field structure may be 1, 2, or 4 octets in
length.
The bit numbers for an attribute structure are assigned with the number 0 assigned to the least-significant
bit of the structure and the highest number assigned to the most-significant bit of the structure.
The least significant bit is determined by treating the attribute structure as an integer. The least-significant
bit would be the bit that is set when the value of the integer is 1.
When any reserved bit in an attribute is SET, the TPM shall return TPM_RC_RESERVED_BITS. This
response code is not shown in the tables for attributes.
8.2
TPMA_ALGORITHM
This structure defines the attributes of an algorithm.
Each algorithm has a fundamental attribute: asymmetric, symmetric, or hash. In some cases (e.g.,
TPM_ALG_RSA or TPM_ALG_AES), this is the only attribute.
A mode, method, or scheme may have an associated asymmetric, symmetric, or hash algorithm.
Table 29 — Definition of (UINT32) TPMA_ALGORITHM Bits
Bit
Name
Definition
0
asymmetric
SET (1): an asymmetric algorithm with public and private portions
CLEAR (0): not an asymmetric algorithm
1
symmetric
SET (1): a symmetric block cipher
CLEAR (0): not a symmetric block cipher
2
hash
SET (1): a hash algorithm
CLEAR (0): not a hash algorithm
3
object
SET (1): an algorithm that may be used as an object type
CLEAR (0): an algorithm that is not used as an object type
7:4
Reserved
8
signing
SET (1): a signing algorithm. The setting of asymmetric, symmetric, and hash
will indicate the type of signing algorithm.
CLEAR (0): not a signing algorithm
9
encrypting
SET (1): an encryption/decryption algorithm. The setting of asymmetric,
symmetric, and hash will indicate the type of encryption/decryption algorithm.
CLEAR (0): not an encryption/decryption algorithm
10
method
SET (1): a method such as a key derivative function (KDF)
CLEAR (0): not a method
31:11 Reserved
8.3
8.3.1
TPMA_OBJECT (Object Attributes)
Introduction
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 55
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
This attribute structure indicates an object’s use, its authorization types, and it relationship to other
objects.
The state of the attributes is determined when the object is created and they are never changed by the
TPM. Additionally, the setting of these structures is reflected in the integrity value of the private area of an
object in order to allow the TPM to detect modifications of the Protected Object when stored off the TPM.
8.3.2
Structure Definition
Table 30 — Definition of (UINT32) TPMA_OBJECT Bits
Bit
Name
Definition
0
Reserved
shall be zero
1
fixedTPM
SET (1): The hierarchy of the object, as indicated by its Qualified Name, may
not change.
CLEAR (0): The hierarchy of the object may change as a result of this object or
an ancestor key being duplicated for use in another hierarchy.
2
stClear
SET (1): Previously saved contexts of this object may not be loaded after
Startup(CLEAR).
CLEAR (0): Saved contexts of this object may be used after a
Shutdown(STATE) and subsequent Startup().
3
Reserved
shall be zero
4
fixedParent
SET (1): The parent of the object may not change.
CLEAR (0): The parent of the object may change as the result of a
TPM2_Duplicate() of the object.
5
sensitiveDataOrigin
SET (1): Indicates that, when the object was created with TPM2_Create() or
TPM2_CreatePrimary(), the TPM generated all of the sensitive data other than
the authValue.
CLEAR (0): A portion of the sensitive data, other than the authValue, was
provided by the caller.
6
userWithAuth
SET (1): Approval of USER role actions with this object may be with an HMAC
session or with a password using the authValue of the object or a policy
session.
CLEAR (0): Approval of USER role actions with this object may only be done
with a policy session.
7
adminWithPolicy
SET (1): Approval of ADMIN role actions with this object may only be done with
a policy session.
CLEAR (0): Approval of ADMIN role actions with this object may be with an
HMAC session or with a password using the authValue of the object or a policy
session.
9:8
Reserved
shall be zero
10
noDA
SET (1): The object is not subject to dictionary attack protections.
CLEAR (0): The object is subject to dictionary attack protections.
11
encryptedDuplication
SET (1): If the object is duplicated, then symmetricAlg shall not be
TPM_ALG_NULL and newParentHandle shall not be TPM_RH_NULL.
CLEAR (0): The object may be duplicated without an inner wrapper on the
private portion of the object and the new parent may be TPM_RH_NULL.
15:12 Reserved
16
restricted
Page 56
October 31, 2013
shall be zero
SET (1): Key usage is restricted to manipulate structures of known format; the
parent of this key shall have restricted SET.
CLEAR (0): Key usage is not restricted to use on special formats.
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Bit
Name
Definition
17
decrypt
SET (1): The private portion of the key may be used to decrypt.
CLEAR (0): The private portion of the key may not be used to decrypt.
18
sign
SET (1): The private portion of the key may be used to sign.
CLEAR (0): The private portion of the key may not be used to sign.
31:19 Reserved
8.3.3
8.3.3.1
shall be zero
Attribute Descriptions
Introduction
The following remaining paragraphs in this clause describe the use and settings for each of the
TPMA_OBJECT attributes. The description includes checks that are performed on the objectAttributes
when an object is created, when it is loaded, and when it is imported. In these descriptions:
Creation –
indicates
settings
for
TPM2_CreatePrimary()
the
template
parameter
in
TPM2_Create()
or
Load
–
indicates settings for the inPublic parameter in TPM2_Load()
Import
–
indicates settings for the objectPublic parameter in TPM2_Import()
External
–
indicates settings that apply to the inPublic parameter in TPM2_LoadExternal() if both the
public and sensitive portions of the object are loaded
NOTE
For TPM2_LoadExternal() when only the public portion of the object is loaded, the only attribute checks
are the checks in the validation code following Table 30 and the reserved attributes check.
For any consistency error of attributes in TPMA_OBJECT, the TPM shall return TPM_RC_ATTRIBUTES.
8.3.3.2
Bit[1] – fixedTPM
When SET, the object cannot be duplicated for use on a different TPM, either directly or indirectly and the
Qualified Name of the object cannot change. When CLEAR, the object’s Qualified Name may change if
the object or an ancestor is duplicated.
NOTE
This attribute is the logical inverse of the migratable attribute in 1.2. That is, when this attribute is C LEAR,
it is the equivalent to a 1.2 object with migratable SET.
Creation –
If fixedTPM is SET in the object's parent, then fixedTPM and fixedParent shall both be
set to the same value in template. If fixedTPM is CLEAR in the parent, this attribute shall
also be CLEAR in template.
NOTE
For a Primary Object, the parent is considered to have fixedTPM SET.
Load
–
If fixedTPM is SET in the object's parent, then fixedTPM and fixedParent shall both be
set to the same value. If fixedTPM is CLEAR in the parent, this attribute shall also be
CLEAR.
Import
–
shall be CLEAR
External
–
shall be CLEAR if both the public and sensitive portions are loaded or if fixedParent is
CLEAR, otherwise may be SET or CLEAR
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 57
October 31, 2013
�Part 2: Structures
8.3.3.3
Trusted Platform Module Library
Bit[2] – stClear
If this attribute is SET, then saved contexts of this object will be invalidated on
TPM2_Startup(TPM_SU_CLEAR). If the attribute is CLEAR, then the TPM shall not invalidate the saved
context if the TPM received TPM2_Shutdown(TPM_SU_STATE). If the saved state is valid when checked
at the next TPM2_Startup(), then the TPM shall continue to be able to use the saved contexts.
Creation –
may be SET or CLEAR in template
Load
–
may be SET or CLEAR
Import
–
may be SET or CLEAR
External
–
may be SET or CLEAR
8.3.3.4
Bit[4] – fixedParent
If this attribute is SET, the object’s parent may not be changed. That is, this object may not be the object
of a TPM2_Duplicate(). If this attribute is CLEAR, then this object may be the object of a
TPM2_Duplicate().
Creation –
may be SET or CLEAR in template
Load
–
may be SET or CLEAR
Import
–
shall be CLEAR
External
–
shall be CLEAR if both the public and sensitive portions are loaded; otherwise it may be
SET or CLEAR
8.3.3.5
Bit[5] – sensitiveDataOrigin
This attribute is SET for any key that was generated by TPM in TPM2_Create() or
TPM2_CreatePrimary(). If CLEAR, it indicates that the sensitive part of the object (other than the
obfuscation value) was provided by the caller.
NOTE 1
If the fixedTPM attribute is SET, then this attribute is authoritative and accurately reflects the source of
the sensitive area data. If the fixedTPM attribute is CLEAR, then validation of this attribute requires
evaluation of the properties of the ancestor keys.
Creation –
If inSensitive.sensitive.data.size is zero, then this attribute shall be SET in the template;
otherwise, it shall be CLEAR in the template.
NOTE 2
The inSensitive.sensitive.data.size parameter is required to be zero for an asymmetric key so
sensitiveDataOrigin is required to be SET.
NOTE 3
The inSensitive.sensitive.data.size parameter may not be zero for a data object so sensitiveDataOrigin is
required to be CLEAR. A data object has type = TPM_ALG_KEYEDHASH and its sign and decrypt
attributes are CLEAR.
Load
–
may be SET or CLEAR
Import
–
may be SET or CLEAR
External
–
may be SET or CLEAR
Page 58
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
8.3.3.6
Part 2: Structures
Bit[6] – userWithAuth
If SET, authorization for operations that require USER role authorization may be given if the caller
provides proof of knowledge of the authValue of the object with an HMAC authorization session or a
password.
If this attribute is CLEAR, then then HMAC or password authorizations may not be used for USER role
authorizations.
NOTE 1
Regardless of the setting of this attribute, authorizations for operations th at require USER role
authorizations may be provided with a policy session that satisfies the object's authPolicy.
NOTE 2
Regardless of the setting of this attribute, the authValue may be referenced in a policy session or used to
provide the bind value in TPM2_StartAuthSession(). However, if userWithAuth is CLEAR, then the object
may be used as the bind object in TPM2_StartAuthSession() but the session cannot be used to authorize
actions on the object. If this were allowed, then the userWithAuth control could be circumvented simply by
using the object as the bind object.
Creation –
may be SET or CLEAR in template
Load
–
may be SET or CLEAR
Import
–
may be SET or CLEAR
External
–
may be SET or CLEAR
8.3.3.7
Bit[7] – adminWithPolicy
If CLEAR, authorization for operations that require ADMIN role may be given if the caller provides proof of
knowledge of the authValue of the object with an HMAC authorization session or a password.
If this attribute is SET, then then HMAC or password authorizations may not be used for ADMIN role
authorizations.
NOTE 1
Regardless of the setting of this attribute, operations that require ADMIN role authorization may be
provided by a policy session that satisfies the object's authPolicy.
NOTE 2
This attribute is similar to userWithAuth but the logic is a bit different. When userWithAuth is CLEAR, the
authValue may not be used for USER mode authorizations. When adminWithPolicy is CLEAR, it means
that the authValue may be used for ADMIN role. Policy may always be used regardless of t he setting of
userWithAuth or adminWithPolicy.
Actions that always require policy (TPM2_Duplicate()) are not affected by the setting of this attribute.
Creation –
may be SET or CLEAR in template
Load
–
may be SET or CLEAR
Import
–
may be SET or CLEAR
External
–
may be SET or CLEAR
8.3.3.8
Bit[10] – noDA
If SET, then authorization failures for the object do not affect the dictionary attack protection logic and
authorization of the object is not blocked if the TPM is in lockout.
Creation –
may be SET or CLEAR in template
Load
–
may be SET or CLEAR
Import
–
may be SET or CLEAR
External
–
may be SET or CLEAR
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 59
October 31, 2013
�Part 2: Structures
8.3.3.9
Trusted Platform Module Library
Bit[11] – encryptedDuplication
If SET, then when the object is duplicated, the sensitive portion of the object is required to be encrypted
with an inner wrapper and the new parent shall be an asymmetric key and not TPM_RH_NULL
NOTE 1
Enforcement of these requirements in TPM2_Duplicate() is by not allowing symmetricAlg to be
TPM_ALG_NULL and newParentHandle may not be TPM_RH_NULL.
This attribute shall not be SET in any object that has fixedTPM SET.
NOTE 2
This requirement means that encryptedDuplication may not be SET if the object cannot be directly or
indirectly duplicated.
If an object's parent has fixedTPM SET, and the object is duplicable (fixedParent == CLEAR), then
encryptedDuplication may be SET or CLEAR in the object.
NOTE 3
This allows the object at the boundary between duplicable and non -duplicable objects to have either
setting.
If an object's parent has fixedTPM CLEAR, then the object is required to have the same setting of
encryptedDuplication as its parent.
NOTE 4
This requirement forces all
encryptedDuplication setting.
duplicable
objects
in
a
duplication
group
to
have
the
same
Creation –
shall be CLEAR if fixedTPM is SET. If fixedTPM is CLEAR, then this attribute shall have
the same value as its parent unless fixedTPM is SET in the object's parent, in which
case, it may be SET or CLEAR.
Load
–
shall be CLEAR if fixedTPM is SET. If fixedTPM is CLEAR, then this attribute shall have
the same value as its parent, unless fixedTPM is SET the parent, in which case, it may
be SET or CLEAR.
Import
–
if fixedTPM is SET in the object's new parent, then this attribute may be SET or CLEAR,
otherwise, it shall have the same setting as the new parent.
External
–
may be SET or CLEAR.
8.3.3.10
Bit[16] – restricted
This this attribute modifies the decrypt and sign attributes of an object.
NOTE
A key with this object CLEAR may not be a parent for another object.
Creation –
shall be CLEAR in template if neither sign nor decrypt is SET in template.
Load
–
shall be CLEAR if neither sign nor decrypt is SET in the object
Import
–
may be SET or CLEAR
External
–
shall be CLEAR
Page 60
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
8.3.3.11
Part 2: Structures
Bit[17] – decrypt
When SET, the private portion of this key can be used to decrypt an external blob. If restricted is SET,
then the TPM will return an error if the external decrypted blob is not formatted as appropriate for the
command.
NOTE 1
Since TPM-generated keys and sealed data will contain a hash and a structure tag, the TPM can ensure
that it is not being used to improperly decrypt and return sensitive data that should not be returned. The
only type of data that may be returned after decryption is a Sealed Data Object (a keyedHash object with
decrypt and sign CLEAR).
When restricted is CLEAR, there are no restrictions on the use of the private portion of the key for
decryption and the key may be used to decrypt and return any structure encrypted by the public portion of
the key.
NOTE 2
A key with this attribute SET may be a parent for another object if restricted is SET and sign is CLEAR.
If decrypt is SET on an object with type set to TPM_ALG_KEYEDHASH, it indicates that the object is an
XOR encryption key.
Creation –
may be SET or CLEAR in template
Load
–
may be SET or CLEAR
Import
–
may be SET or CLEAR
External
–
may be SET or CLEAR
8.3.3.12
Bit[18] – sign
When this attribute is SET, the private portion of this key may be used to sign a digest. If restricted is
SET, then the key may only be used to sign a digest that was computed by the TPM. A restricted signing
key may be used to sign a TPM-generated digest. If a structure is generated by the TPM, it will begin with
TPM_GENERATED_VALUE and the TPM may sign the digest of that structure. If the data is externally
supplied and has TPM_GENERATED_VALUE as its first octets, then the TPM will not sign a digest of
that data with a restricted signing key.
If restricted is CLEAR, then the key may be used to sign any digest, whether generated by the TPM or
externally provided.
NOTE 1
Some asymmetric algorithms may not support both sign and decrypt being SET in the same key.
If sign is SET on an object with type set to TPM_ALG_KEYEDHASH, it indicates that the object is an
HMAC key.
NOTE 2
A key with this attribute SET may not be a parent for another object.
Creation –
shall not be SET if decrypt and restricted are both SET
Load
–
shall not be SET if decrypt and restricted are both SET
Import
–
shall not be SET if decrypt and restricted are both SET
External
–
shall not be SET if decrypt and restricted are both SET
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 61
October 31, 2013
�Part 2: Structures
8.4
Trusted Platform Module Library
TPMA_SESSION (Session Attributes)
This octet in each session is used to identify the session type, indicate its relationship to any handles in
the command, and indicate its use in parameter encryption.
Table 31 — Definition of (UINT8) TPMA_SESSION Bits <IN/OUT>
Bit
Name
Meaning
0
continueSession
SET (1): In a command, this setting indicates that the session is to remain active
after successful completion of the command. In a response, it indicates that the
session is still active. If SET in the command, this attribute shall be SET in the
response.
CLEAR (0): In a command, this setting indicates that the TPM should close the
session and flush any related context when the command completes successfully. In
a response, it indicates that the session is closed and the context is no longer active.
This attribute has no meaning for a password authorization and the TPM will allow
any setting of the attribute in the command and SET the attribute in the response.
This attribute will only be CLEAR in one response for a logical session. If the attribute
is CLEAR, the context associated with the session is no longer in use and the space
is available. A session created after another session is ended may have the same
handle but logically is not the same session.
This attribute has no effect if the command does not complete successfully.
1
auditExclusive
SET (1): In a command, this setting indicates that the command should only be
executed if the session is exclusive at the start of the command. In a response, it
indicates that the session is exclusive. This setting is only allowed if the audit
attribute is SET.
CLEAR (0): If audit is CLEAR, then this field is reserved but the error is
TPM_RC_ATTRIBUTES rather than TPM_RC_RESERVED_BITS.
See "Exclusive Audit Session" clause in Part 1.
2
auditReset
SET (1): In a command, this setting indicates that the audit digest of the session
should be initialized and the exclusive status of the session SET.
CLEAR (0): If audit is CLEAR, then this field is reserved but the error is
TPM_RC_ATTRIBUTES rather than TPM_RC_RESERVED_BITS. This setting is
always used for a response.
4:3
Reserved
shall be CLEAR
decrypt
SET (1): In a command, this setting indicates that the first parameter in the command
is symmetrically encrypted using the parameter encryption scheme described in Part
1. The TPM will decrypt the parameter after performing any HMAC computations and
before unmarshaling the parameter. In a response, the attribute is copied from the
request but has no effect on the response.
CLEAR (0): Session not used for encryption.
5
For a password authorization, this attribute will be CLEAR in both the command and
response.
This attribute may only be SET in one session per command.
This attribute may be SET in a session that is not associated with a command
handle. Such a session is provided for purposes of encrypting a parameter and not
for authorization.
This attribute may be SET in combination with any other session attributes.
This attribute may only be SET if the first parameter of the command is a sized buffer
(TPM2B_).
Page 62
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Bit
Name
Meaning
6
encrypt
SET (1): In a command, this setting indicates that the TPM should use this session to
encrypt the first parameter in the response. In a response, it indicates that the
attribute was set in the command and that the TPM used the session to encrypt the
first parameter in the response using the parameter encryption scheme described in
Part 1 of this specification.
CLEAR (0): Session not used for encryption.
For a password authorization, this attribute will be CLEAR in both the command and
response.
This attribute may only be SET in one session per command.
This attribute may be SET in a session that is not associated with a command
handle. Such a session is provided for purposes of encrypting a parameter and not
for authorization.
This attribute may only be SET if the first parameter of a response is a sized buffer
(TPM2B_).
7
SET (1): In a command or response, this setting indicates that the session is for audit
and that auditExclusive and auditReset have meaning. This session may also be
used for authorization, encryption, or decryption. The encrypted and encrypt fields
may be SET or CLEAR.
CLEAR (0): Session is not used for audit.
audit
This attribute may only be SET in one session per command or response. If SET in
the command, then this attribute will be SET in the response.
8.5
TPMA_LOCALITY (Locality Attribute)
In a TPMS_CREATION_DATA structure, this structure is used to indicate the locality of the command that
created the object. No more than one of the locality attributes shall be set in the creation data.
When used in TPM2_PolicyLocality(), this structure indicates which localities are approved by the policy.
When a policy is started, all localities are allowed. If TPM2_PolicyLocality() is executed, it indicates that
the command may only be executed at specific localities. More than one locality may be selected.
EXAMPLE 1
TPM_LOC_TWO would indicate that only locality 2 is authorized.
EXAMPLE 2
TPM_LOC_ONE + TPM_LOC_TWO would indicate that locality 1 or 2 is authorized.
EXAMPLE 3
TPM_LOC_FOUR + TPM_LOC_THREE would indicate that localities 3 or 4 are authorized.
EXAMPLE 4
A value of 21 16 would represent a locality of 33.
NOTE
Locality values of 5 through 31 are not selectable.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 63
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
If Extended is non-zero, then an extended locality is indicated and the TPMA_LOCALITY contains an
integer value.
Table 32 — Definition of (UINT8) TPMA_LOCALITY Bits <IN/OUT>
Bit
Name
Definition
0
TPM_LOC_ZERO
1
TPM_LOC_ONE
2
TPM_LOC_TWO
3
TPM_LOC_THREE
4
TPM_LOC_FOUR
7:5
8.6
Extended
If any of these bits is set, an extended locality is indicated
TPMA_PERMANENT
The attributes in this structure are persistent and are not changed as a result of _TPM_Init or any
TPM2_Startup(). Some of the attributes in this structure may change as the result of specific Protected
Capabilities.
This
structure
may
be
read
using
TPM2_GetCapability(capability
=
TPM_CAP_TPM_PROPERTIES, property = TPM_PT_PERMANENT).
Table 33 — Definition of (UINT32) TPMA_PERMANENT Bits <OUT>
Bit
Parameter
Description
0
ownerAuthSet
SET (1): TPM2_HierarchyChangeAuth() with ownerAuth has been executed since
the last TPM2_Clear().
CLEAR (0): ownerAuth has not been changed since TPM2_Clear().
1
endorsementAuthSet
SET (1): TPM2_HierarchyChangeAuth() with endorsementAuth has been executed
since the last TPM2_Clear().
CLEAR (0): endorsementAuth has not been changed since TPM2_Clear().
2
lockoutAuthSet
SET (1): TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since
the last TPM2_Clear().
CLEAR (0): lockoutAuth has not been changed since TPM2_Clear().
7:3
8
Reserved
disableClear
SET (1): TPM2_Clear() is disabled.
CLEAR (0): TPM2_Clear() is enabled.
NOTE
See “TPM2_ClearControl” in Part 3 of this specification for details on changing
this attribute.
9
inLockout
SET (1): The TPM is in lockout and commands that require authorization with other
than platformAuth will not succeed.
10
tpmGeneratedEPS
SET (1): The EPS was created by the TPM.
CLEAR (0): The EPS was created outside of the TPM using a manufacturerspecific process.
31:11 Reserved
Page 64
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
8.7
Part 2: Structures
TPMA_STARTUP_CLEAR
These attributes are set to their default state on reset on each TPM Reset or TPM Restart. The attributes
are preserved on TPM Resume.
On each TPM2_Startup(TPM_SU_CLEAR), the TPM will set these attributes to their indicated defaults.
This structure may be read using TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES,
property = TPM_PT_STARTUP_CLEAR).
Some of attributes may be changed as the result of specific Protected Capabilities.
Table 34 — Definition of (UINT32) TPMA_STARTUP_CLEAR Bits <OUT>
Bit
0
Parameter
Description
phEnable
SET (1): (default) The platform hierarchy is enabled and platformAuth or
platformPolicy may be used for authorization.
CLEAR (0): platformAuth and platformPolicy may not be used for authorizations,
and objects in the platform hierarchy, including NV Indexes and persistent objects,
cannot be used.
NOTE
1
shEnable
SET (1): (default) The Storage hierarchy is enabled and ownerAuth or ownerPolicy
may be used for authorization.
CLEAR (0): ownerAuth and ownerPolicy may not be used for authorizations, and
objects in the Storage hierarchy, including NV Indexes and persistent objects,
cannot be used.
NOTE
2
ehEnable
phEnableNV
See “TPM2_HierarchyControl” in Part 3 of this specification for details on
changing this attribute.
SET (1): (default) The EPS hierarchy is enabled and endorsementAuth may be
used to authorize commands.
CLEAR (0): endorsementAuth and endorsementPolicy may not be used for
authorizations, and objects in the endorsement hierarchy, including persistent
objects, cannot be used.
NOTE
3
See “TPM2_HierarchyControl” in Part 3 of this specification for details on
changing this attribute.
See “TPM2_HierarchyControl” in Part 3 of this specification for details on
changing this attribute.
SET (1): (default) NV indices that have TPMA_PLATFORM_CREATE SET may be
read or written. The platform can create define and undefine indices.
CLEAR (0): NV indices that have TPMA_PLATFORM_CREATE SET may not be
read or written (TPM_RC_HANDLE). The platform cannot
define
(TPM_RC_HIERARCHY) or undefined (TPM_RC_HANDLE) indices.
NOTE
See “TPM2_HierarchyControl” in Part 3 of this specification for details on changing
this attribute.
NOTE
read refers to these commands: TPM2_NV_Read, TPM2_NV_ReadPublic, TPM_NV_Certify,
TPM2_PolicyNV
write refers to thse commands: TPM2_NV_Write, TPM2_NV_Increment, TPM2_NV_Extend,
TPM2_NV_SetBits
NOTE The TPM must query the index TPMA_PLATFORM_CREATE attribute to determine
whether phEnableNV is applicable. Since the TPM will return TPM_RC_HANDLE if the index
does not exist, it also returns this error code if the index is disabled. Otherwise, the TPM
would leak the existence of an index even when disabled.
30:4 Reserved
Family “2.0”
Level 00 Revision 00.99
shall be zero
Published
Copyright © TCG 2006-2013
Page 65
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Bit
Parameter
Description
31
orderly
SET (1): The TPM received a TPM2_Shutdown() and a matching TPM2_Startup().
CLEAR (0): TPM2_Startup(TPM_SU_CLEAR) was not preceded by a
TPM2_Shutdown() of any type.
NOTE
8.8
A shutdown is orderly if the TPM receives a TPM2_Shutdown() of any type
followed by a TPM2_Startup() of any type. However, the TPM will return an error if
TPM2_Startup(TPM_SU_STATE)
was
not
preceded
by
TPM2_State_Save(TPM_SU_STATE).
TPMA_MEMORY
This structure of this attribute is used to report the memory management method used by the TPM for
transient
objects
and
authorization
sessions.
This
structure
may be
read
using
TPM2_GetCapability(capability = TPM_CAP_TPM_PROPERTIES, property = TPM_PT_MEMORY).
If the RAM memory is shared, then context save of a session may make it possible to load an additional
transient object.
Table 35 — Definition of (UINT32) TPMA_MEMORY Bits <Out>
Bit
Name
Definition
0
sharedRAM
SET (1): indicates that the RAM memory used for authorization session
contexts is shared with the memory used for transient objects
CLEAR (0): indicates that the memory used for authorization sessions is not
shared with memory used for transient objects
1
sharedNV
SET (1): indicates that the NV memory used for persistent objects is shared
with the NV memory used for NV Index values
CLEAR (0): indicates that the persistent objects and NV Index values are
allocated from separate sections of NV
2
objectCopiedToRam
SET (1): indicates that the TPM copies persistent objects to a transient-object
slot in RAM when the persistent object is referenced in a command. The TRM
is required to make sure that an object slot is available.
CLEAR (0): indicates that the TPM does not use transient-object slots when
persistent objects are referenced
31:3
Reserved
shall be zero
Page 66
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
8.9
Part 2: Structures
TPMA_CC (Command Code Attributes)
8.9.1
Introduction
This structure defines the attributes of a command from a context management perspective. The fields of
the structure indicate to the TPM Resource Manager (TRM) the number of resources required by a
command and how the command affects the TPM’s resources.
This structure is only used in a list returned by the TPM in response to TPM2_GetCapability(capability =
TPM_CAP_COMMANDS).
For a command to the TPM, only the commandIndex field and V attribute are allowed to be non-zero.
8.9.2
Structure Definition
Table 36 — Definition of (TPM_CC) TPMA_CC Bits <OUT>
Bit
15:0
Name
Definition
commandIndex
indicates the command being selected
21:16 Reserved
shall be zero
22
nv
SET (1): indicates that the command may write to NV
CLEAR (0): indicates that the command does not write to NV
23
extensive
SET (1): This command could flush any number of loaded contexts.
CLEAR (0): no additional changes other than indicated by the flushed attribute
24
flushed
SET (1): The context associated with any transient handle in the command will
be flushed when this command completes.
CLEAR (0): No context is flushed as a side effect of this command.
27:25 cHandles
indicates the number of the handles in the handle area for this command
28
rHandle
SET (1): indicates the presence of the handle area in the input
29
V
SET (1): indicates that the command is vendor-specific
CLEAR (0): indicates that the command is defined in a version of this
specification
31:30 Res
8.9.3
8.9.3.1
allocated for software; shall be zero
Field Descriptions
Bits[15:0] – commandIndex
This is the command index of the command in the set of commands. The two sets are defined by the V
attribute. If V is zero, then the commandIndex shall be in the set of commands defined in a version of this
specification. If V is one, then the meaning of commandIndex is as determined by the TPM vendor.
8.9.3.2
Bit[22] – nv
If this attribute is SET, then the TPM may perform an NV write as part of the command actions. This write
is independent of any write that may occur as a result of dictionary attack protection. If this attribute is
CLEAR, then the TPM shall not perform an NV write as part of the command actions.
8.9.3.3
Bit[23] – extensive
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 67
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
If this attribute is SET, then the TPM may flush many transient objects as a side effect of this command.
In Part 3, a command that has this attribute is indicated by using a “{E}” decoration in the “Description”
column of the commandCode parameter.
EXAMPLE
See “TPM2_Clear” in Part 3.
NOTE
The “{E}” decoration may be combined with other decorations such as “{NV}” in which case the decoration
would be “{NV E}.”
8.9.3.4
Bit[24] – flushed
If this attribute is SET, then the TPM will flush transient objects as a side effect of this command. Any
transient objects listed in the handle area of the command will be flushed from TPM memory. Handles
associated with persistent objects, sessions, PCR, or other fixed TPM resources are not flushed.
NOTE
The TRM is expected to use this value to determine how many objects are loaded into transient TPM
memory.
NOTE
The “{F}” decoration may be combined with other decorations such as “{NV}” in which case the decoration
would be “{NV F}.”
If this attribute is SET for a command, and the handle of the command is associated with a hierarchy
(TPM_RH_PLATFORM, TPM_RH_OWNER, or TPM_RH_ENDORSEMENT), all loaded objects in the
indicated hierarchy are flushed.
The TRM is expected to know the behaviour of TPM2_ContextSave(), and sessions are flushed when
context saved, but objects are not. The flushed attribute for that command shall be CLEAR.
In Part 3, a command that has this attribute is indicated by using a “{F}” decoration in the “Description”
column of the commandCode parameter.
EXAMPLE
8.9.3.5
See “TPM2_SequenceComplete” in Part 3.”
Bits[27:25] – cHandles
This field indicates the number of handles in the handle area of the command. This number allows the
TRM to enumerate the handles in the handle area and find the position of the authorizations (if any).
8.9.3.6
Bit[28] – rHandle
If this attribute is SET, then the response to this command has a handle area. This area will contain no
more than one handle. This field is necessary to allow the TRM to locate the parameterSize field in the
response, which is then used to locate the authorizations.
NOTE
The TRM is expected to “virtualize” the handle value for any returned handle.
Page 68
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
A TPM command is only allowed to have one handle in the session area.
8.9.3.7
Bit[29] – V
When this attribute is SET, it indicates that the command operation is defined by the TPM vendor. When
CLEAR, it indicates that the command is defined by a version of this specification.
8.9.3.8
Bits[31:30] – Res
This field is reserved for system software. This field is required to be zero for a command to the TPM.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 69
October 31, 2013
�Part 2: Structures
9
Trusted Platform Module Library
Interface Types
9.1
Introduction
This clause contains definitions for interface types. An interface type is type checked when it is
unmarshaled. These types are based on an underlying type that is indicated in the table title by the value
in parentheses. When an interface type is used, the base type is unmarshaled and then checked to see if
it has one of the allowed values.
9.2
TPMI_YES_NO
This interface type is used in place of a Boolean type in order to eliminate ambiguity in the handling of a
octet that conveys a single bit of information. This type only has two allowed values, YES (1) and NO (0).
NOTE
This list is not used as input to the TPM.
Table 37 — Definition of (BYTE) TPMI_YES_NO Type
Value
Description
NO
a value of 0
YES
a value of 1
#TPM_RC_VALUE
9.3
TPMI_DH_OBJECT
The TPMI_DH_OBJECT interface type is a handle that references a loaded object. The handles in this
set are used to refer to either transient or persistent object. The range of these values would change
according to the TPM implementation.
NOTE
These interface types should not be used by system software to qualify the keys produced by the TPM.
The value returned by the TPM shall be used to reference the object.
Table 38 — Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type
Values
Comments
{TRANSIENT_FIRST:TRANSIENT_LAST}
allowed range for transient objects
{PERSISTENT_FIRST:PERSISTENT_LAST}
allowed range for persistent objects
+TPM_RH_NULL
the conditional value
#TPM_RC_VALUE
Page 70
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
9.4
Part 2: Structures
TPMI_DH_PERSISTENT
The TPMI_DH_PERSISTENT interface type is a handle that references a location for a transient object.
This type is used in TPM2_EvictControl() to indicate the handle to be assigned to the persistent object.
Table 39 — Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type
Values
Comments
{PERSISTENT_FIRST:PERSISTENT_LAST}
allowed range for persistent objects
#TPM_RC_VALUE
9.5
TPMI_DH_ENTITY
The TPMI_DH_ENTITY interface type is TPM-defined values that are used to indicate that the handle
refers to an authValue. The range of these values would change according to the TPM implementation.
Table 40 — Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type <IN>
Values
Comments
TPM_RH_OWNER
TPM_RH_ENDORSEMENT
TPM_RH_PLATFORM
TPM_RH_LOCKOUT
{TRANSIENT_FIRST : TRANSIENT_LAST}
range of object handles
{PERSISTENT_FIRST : PERSISTENT_LAST}
{NV_INDEX_FIRST : NV_INDEX_LAST}
{PCR_FIRST : PCR_LAST}
+TPM_RH_NULL
conditional value
#TPM_RC_VALUE
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 71
October 31, 2013
�Part 2: Structures
9.6
Trusted Platform Module Library
TPMI_DH_PCR
This interface type consists of the handles that may be used as PCR references. The upper end of this
range of values would change according to the TPM implementation.
NOTE 1
Typically, the 0 th PCR will have a handle value of zero.
NOTE 2
The handle range for PCR is defined to be the same as the handle range for PCR in previous versions of
TPM specifications.
Table 41 — Definition of (TPM_HANDLE) TPMI_DH_PCR Type <IN>
Values
Comments
{PCR_FIRST:PCR_LAST}
+TPM_RH_NULL
conditional value
#TPM_RC_VALUE
9.7
TPMI_SH_AUTH_SESSION
The TPMI_SH_AUTH_SESSION interface type is TPM-defined values that are used to indicate that the
handle refers to an authorization session.
Table 42 — Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT>
Values
Comments
{HMAC_SESSION_FIRST : HMAC_SESSION_LAST}
range of HMAC authorization session handles
{POLICY_SESSION_FIRST: POLICY_SESSION_LAST}
range of policy authorization session handles
+TPM_RS_PW
a password authorization
#TPM_RC_VALUE
error returned if the handle is out of range
9.8
TPMI_SH_HMAC
This interface type is used for an authorization handle when the authorization session uses an HMAC.
Table 43 — Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT>
Values
Comments
{HMAC_SESSION_FIRST: HMAC_SESSION_LAST}
range of HMAC authorization session handles
#TPM_RC_VALUE
error returned if the handle is out of range
9.9
TPMI_SH_POLICY
This interface type is used for a policy handle when it appears in a policy command.
Table 44 — Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT>
Values
Comments
{POLICY_SESSION_FIRST: POLICY_SESSION_LAST}
range of policy authorization session handles
#TPM_RC_VALUE
error returned if the handle is out of range
Page 72
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
9.10 TPMI_DH_CONTEXT
This type defines the handle values that may be used in TPM2_ContextSave() or TPM2_Flush().
Table 45 — Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type
Values
Comments
{HMAC_SESSION_FIRST : HMAC_SESSION_LAST}
{POLICY_SESSION_FIRST:POLICY_SESSION_LAST}
{TRANSIENT_FIRST:TRANSIENT_LAST}
#TPM_RC_VALUE
9.11 TPMI_RH_HIERARCHY
The TPMI_RH_HIERARCHY interface type is used as the type of a handle in a command when the
handle is required to be one of the hierarchy selectors.
Table 46 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type
Values
Comments
TPM_RH_OWNER
Storage hierarchy
TPM_RH_PLATFORM
Platform hierarchy
TPM_RH_ENDORSEMENT
Endorsement hierarchy
+TPM_RH_NULL
no hierarchy
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
9.12 TPMI_RH_ENABLES
The TPMI_RH_ENABLES interface type is used as the type of a handle in a command when the handle
is required to be one of the hierarchy or NV enables.
Table 47 — Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type
Values
Comments
TPM_RH_OWNER
Storage hierarchy
TPM_RH_PLATFORM
Platform hierarchy
TPM_RH_ENDORSEMENT
Endorsement hierarchy
TPM_RH_PLATFORM_NV
Platform NV
+TPM_RH_NULL
no hierarchy
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 73
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
9.13 TPMI_RH_HIERARCHY_AUTH
This interface type is used as the type of a handle in a command when the handle is required to be one of
the hierarchy selectors or the Lockout Authorization.
Table 48 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN>
Values
Comments
TPM_RH_OWNER
Storage hierarchy
TPM_RH_PLATFORM
Platform hierarchy
TPM_RH_ENDORSEMENT
Endorsement hierarchy
TPM_RH_LOCKOUT
Lockout Authorization
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
9.14 TPMI_RH_PLATFORM
The TPMI_RH_PLATFORM interface type is used as the type of a handle in a command when the only
allowed handle is TPM_RH_PLATFORM indicating that platformAuth is required.
Table 49 — Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN>
Values
Comments
TPM_RH_PLATFORM
Platform hierarchy
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
9.15 TPMI_RH_OWNER
This interface type is used as the type of a handle in a command when the only allowed handle is
TPM_RH_OWNER indicating that ownerAuth is required.
Table 50 — Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN>
Values
Comments
TPM_RH_OWNER
Owner hierarchy
+TPM_RH_NULL
may allow the null handle
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
Page 74
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
9.16 TPMI_RH_ENDORSEMENT
This interface type is used as the type of a handle in a command when the only allowed handle is
TPM_RH_ENDORSEMENT indicating that endorsementAuth is required.
Table 51 — Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN>
Values
Comments
TPM_RH_ENDORSEMENT
Endorsement hierarchy
+TPM_RH_NULL
may allow the null handle
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
9.17 TPMI_RH_PROVISION
The TPMI_RH_PROVISION interface type is used as the type of the handle in a command when the only
allowed handles are either TPM_RH_OWNER or TPM_RH_PLATFORM indicating that either
platformAuth or ownerAuth are allowed.
In most cases, either platformAuth or ownerAuth may be used to authorize the commands used for
management of the resources of the TPM and this interface type will be used.
Table 52 — Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN>
Value
Comments
TPM_RH_OWNER
handle for ownerAuth
TPM_RH_PLATFORM
handle for platformAuth
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
9.18 TPMI_RH_CLEAR
The TPMI_RH_CLEAR interface type is used as the type of the handle in a command when the only
allowed handles are either TPM_RH_LOCKOUT or TPM_RH_PLATFORM indicating that either
platformAuth or lockoutAuth are allowed.
This interface type is normally used for performing or controlling TPM2_Clear().
Table 53 — Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN>
Value
Comments
TPM_RH_LOCKOUT
handle for lockoutAuth
TPM_RH_PLATFORM
handle for platformAuth
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 75
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
9.19 TPMI_RH_NV_AUTH
This interface type is used to identify the source of the authorization for access to an NV location. The
handle value of a TPMI_RH_NV_AUTH shall indicate that the authorization value is either platformAuth,
ownerAuth, or the authValue. This type is used in the commands that access an NV Index (commands of
the form TPM2_NV_xxx) other than TPM2_NV_DefineSpace() and TPM2_NV_UndefineSpace().
Table 54 — Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN>
Value
Comments
TPM_RH_PLATFORM
platformAuth is allowed
TPM_RH_OWNER
ownerAuth is allowed
{NV_INDEX_FIRST:NV_INDEX_LAST}
range for NV locations
#TPM_RC_VALUE
response code returned when unmarshaling of this type fails
9.20 TPMI_RH_LOCKOUT
The TPMI_RH_LOCKOUT interface type is used as the type of a handle in a command when the only
allowed handle is TPM_RH_LOCKOUT indicating that lockoutAuth is required.
Table 55 — Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN>
Value
Comments
TPM_RH_LOCKOUT
#TPM_RC_VALUE
response code returned when the unmarshaling of this type fails
9.21 TPMI_RH_NV_INDEX
This interface type is used to identify an NV location. This type is used in the NV commands.
Table 56 — Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT>
Value
Comments
{NV_INDEX_FIRST:NV_INDEX_LAST}
Range of NV Indexes
#TPM_RC_VALUE
error returned if the handle is out of range
Page 76
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
9.22 TPMI_ALG_HASH
A TPMI_ALG_HASH is an interface type of all the hash algorithms implemented on a specific TPM. Table
57 is a list of the hash algorithms that have an algorithm ID assigned by the TCG and does not indicate
the algorithms that will be accepted by a TPM.
NOTE
An implementation would modify this table according to the implemented algorithms, changing the values
that are accepted as hash algorithms.
Table 57 — Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type
Values
Comments
TPM_ALG_SHA1
example
TPM_ALG_SHA256
example
TPM_ALG_SM3_256
example
TPM_ALG_SHA384
example
TPM_ALG_SHA512
example
+TPM_ALG_NULL
#TPM_RC_HASH
9.23 TPMI_ALG_ASYM (Asymmetric Algorithms)
A TPMI_ALG_ASYM is an interface type of all the asymmetric algorithms implemented on a specific TPM.
Table 58 lists each of the asymmetric algorithms that have an algorithm ID assigned by the TCG.
Table 58 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type
Values
Comments
TPM_ALG_RSA
TPM_ALG_ECC
+TPM_ALG_NULL
#TPM_RC_ASYMMETRIC
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 77
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
9.24 TPMI_ALG_SYM (Symmetric Algorithms)
A TPMI_ALG_SYM is an interface type of all the symmetric algorithms that have an algorithm ID assigned
by the TCG and are implemented on the TPM.
The list in the table below is illustrative and will change according to the implementation. The validation
code will only accept the subset of algorithms implemented on a TPM.
NOTE
The validation code produced by an example script will produce a CASE statement with a case for each of
the values in the “Values” column. The case for a value is delimited by a #ifdef/#endif pair so that if the
algorithm is not implemented on the TPM, then the case for the algorithm is not generated, and use of the
algorithm will cause a TPM error (TPM_RC_SYMMETRIC).
Table 59 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type
Values
Comments
TPM_ALG_AES
example
TPM_ALG_SM4
example
TPM_ALG_XOR
example
+TPM_ALG_NULL
required to be present in all versions of this table
#TPM_RC_SYMMETRIC
9.25 TPMI_ALG_SYM_OBJECT
A TPMI_ALG_SYM_OBJECT is an interface type of all the TCG-defined symmetric algorithms that may
be used as companion symmetric encryption algorithm for an asymmetric object. All algorithms in this list
shall be block ciphers usable in Cipher Feedback (CFB).
Table 60 is illustrative. It would be modified to indicate the algorithms of the TPM.
NOTE
TPM_ALG_XOR is not allowed in this list.
Table 60 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type
Values
Comments
TPM_ALG_AES
example
TPM_ALG_SM4
example
+TPM_ALG_NULL
required to be present in all versions of this table
#TPM_RC_SYMMETRIC
Page 78
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
9.26 TPMI_ALG_SYM_MODE
A TPMI_ALG_SYM_MODE is an interface type of all the TCG-defined block-cipher modes of operation.
This version of the table is not expected to be the table checked by the validation code. Rather, the table
would be replaced by one containing the algorithms implemented on the TPM and that the values in that
table would be checked by the input validation code.
Table 61 — Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type
Values
Comments
TPM_ALG_CTR
IV will be determined by use.
If the outside provides the nonce and initial counter, then the caller can
know what IV to provide for chaining.
TPM_ALG_OFB
XOR last cipher text block with last plaintext to create IV for next block
TPM_ALG_CBC
IV will be determined by use.
indefinite chaining using previous output block as IV for next block
TPM_ALG_CFB
shall be implemented in all TPM compliant with this specification
IV will be determined by use.
indefinite chaining using previous cipher text as IV
TPM_ALG_ECB
no IV or chaining value required
+TPM_ALG_NULL
#TPM_RC_MODE
9.27 TPMI_ALG_KDF (Key and Mask Generation Functions)
A TPMI_ALG_KDF is an interface type of all the key derivation functions implemented on a specific TPM.
Table 62 is exemplary and would change based on the algorithms implemented in a TPM.
Table 62 — Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type
Values
Comments
TPM_ALG_MGF1
TPM_ALG_KDF1_SP800_108
TPM_ALG_KDF1_SP800_56a
TPM_ALG_KDF2
+TPM_ALG_NULL
#TPM_RC_KDF
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 79
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
9.28 TPMI_ALG_SIG_SCHEME
This is the definition of the interface type for a signature scheme. This table would change according to
the algorithms implemented on the TPM.
Table 63 — Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type
Values
Comments
TPM_ALG_RSASSA
requires that RSA be implemented
TPM_ALG_RSAPSS
requires that RSA be implemented
TPM_ALG_ECDSA
requires that ECC be implemented
TPM_ALG_ECDAA
requires that ECC and ECDAA be implemented
TPM_ALG_ECSCHNORR
TPM_ALG_SM2
requires that ECC be implemented
TPM_ALG_HMAC
present on all TPM
+TPM_ALG_NULL
#TPM_RC_SCHEME
response code when a signature scheme is not correct
9.29 TPMI_ECC_KEY_EXCHANGE
This is the definition of the interface type for an ECC key exchange scheme. This table would change
according to the algorithms implemented on the TPM.
Table 64 — Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type
Values
Comments
TPM_ALG_ECDH
used for single and two phase key exchange
TPM_ALG_ECMQV
TPM_ALG_SM2
requires that ECC be implemented
+TPM_ALG_NULL
#TPM_RC_SCHEME
response code when a key exchange scheme is not correct
9.30 TPMI_ST_COMMAND_TAG
This interface type is used for the command tags.
The response code for a bad command tag has the same value as the TPM 1.2 response code
(TPM_BAD_TAG). This value is used in case the software is not compatible with this specification and an
unexpected response code might have unexpected side effects.
Table 65 — Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type
Values
Comments
TPM_ST_NO_SESSIONS
TPM_ST_SESSIONS
#TPM_RC_BAD_TAG
Page 80
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10 Structure Definitions
10.1 TPMS_ALGORITHM_DESCRIPTION
This structure is a return value for a TPM2_GetCapability() that reads the installed algorithms.
Table 66 — Definition of TPMS_ALGORITHM_DESCRIPTION Structure <OUT>
Parameter
Type
Description
alg
TPM_ALG_ID
an algorithm
attributes
TPMA_ALGORITHM
the attributes of the algorithm
10.2 Hash/Digest Structures
10.2.1 TPMU_HA (Hash)
A TPMU_HA is a union of all the hash algorithms implemented on a TPM. Table 67 is exemplary and
would change based on the algorithms implemented in a TPM.
NOTE
If processed by an automated tool, each entry of the table should be qualified (with #ifdef/#endif) so that if
the hash algorithm is not implemented on the TPM, the parameter associated with that hash is not
present. This will keep the union from being larger than the largest digest of a hash implemented on that
TPM.
Table 67 — Definition of TPMU_HA Union <IN/OUT, S>
Parameter
Type
Selector
sha1 [SHA1_DIGEST_SIZE]
BYTE
TPM_ALG_SHA1
sha256 [SHA256_DIGEST_SIZE]
BYTE
TPM_ALG_SHA256
sm3_256 [SM3_256_DIGEST_SIZE]
BYTE
TPM_ALG_SM3_256
sha384 [SHA384_DIGEST_SIZE]
BYTE
TPM_ALG_SHA384
sha512 [SHA512_DIGEST_SIZE]
BYTE
TPM_ALG_SHA512
null
Family “2.0”
Level 00 Revision 00.99
Description
TPM_ALG_NULL
Published
Copyright © TCG 2006-2013
Page 81
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.2.2 TPMT_HA
Table 68 shows the basic hash-agile structure used in this specification. To handle hash agility, this
structure uses the hashAlg parameter to indicate the algorithm used to compute the digest and, by
implication, the size of the digest.
When transmitted, only the number of octets indicated by hashAlg is sent.
NOTE
In the exemplary code, when a TPMT_HA is allocated, the digest field is large enough to support the
largest hash algorithm in the TPMU_HA union.
Table 68 — Definition of TPMT_HA Structure <IN/OUT>
Parameter
Type
Description
hashAlg
+TPMI_ALG_HASH
selector of the hash contained in the digest that implies the
size of the digest
NOTE
[hashAlg] digest
TPMU_HA
The leading “+” on the type indicates that this structure
should pass an indication to the unmarshaling function for
TPMI_ALG_HASH so that TPM_ALG_NULL will be
allowed if a use of a TPMT_HA allows TPM_ALG_NULL.
the digest data
10.3 Sized Buffers
10.3.1 Introduction
The “TPM2B_” prefix is used for a structure that has a size field followed by a data buffer with the
indicated number of octets. The size field is 16 bits.
When the type of the second parameter in a TPM2B_ structure is BYTE, the TPM shall unmarshal the
indicated number of octets, which may be zero.
When the type of the second parameter in the TPM2B_ structure is not BYTE, the value of the size field
shall either be zero indicating that no structure is to be unmarshaled; or it shall be identical to the number
of octets unmarshaled for the second parameter.
NOTE 1
If the TPM2B_ defines a structure and not an array of octets, then the structure is self-describing and the
TPM will be able to determine how many octets are in the structure when it is unmarshaled. If that number
of octets is not equal to the size parameter, then it is an error.
NOTE 2
The reason that a structure may be put into a TPM2B_ is that the parts of the structure may be handled
as separate opaque blocks by the application/system software. Rather than require that all of the
structures in a command or response be marshaled or unmarshaled sequentially, the size field allows the
structure to be manipulated as an opaque block. Placing a structure in a TPM2B_ also makes it possible
to use parameter encryption on the structure.
If a TPM2B_ is encrypted, the TPM will encrypt/decrypt the data field of the TPM2B_ but not the size
parameter. The TPM will encrypt/decrypt the number of octets indicated by the size field.
NOTE 3
In the reference implementation, a TPM2B type is defined that is a 16-bit size field followed by a single
byte of data. The TPM2B_ is then defined as a union that contains a TPM2B (union member ‘b’) and the
structure in the definition table (union member ‘t’). This union is used for internally generated structures
so that there is a way to define a structure of the correct size (forced by the ‘t’ member) while giving a way
to pass the structure generically as a ‘b’. Most function calls use the 't' member so that the compiler will
generate a warning if there is a type error (a TPM2B_ of the wrong type). Having the type checked helps
avoid many issues with buffer overflow caused by a too small buffer being passed to a function.
Page 82
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.3.2 TPM2B_DIGEST
This structure is used for a sized buffer that cannot be larger than the largest digest produced by any
hash algorithm implemented on the TPM.
As with all sized buffers, the size is checked to see if it is within the prescribed range. If not, the response
code is TPM_RC_SIZE.
NOTE
For any structure, like the one below, that contains an implied size check, it is implied that TPM_RC_SIZE
is a possible response code and the response code will not be listed in the table.
Table 69 — Definition of TPM2B_DIGEST Structure
Parameter
Type
Description
size
UINT16
size in octets of the buffer field; may be 0
buffer[size]{:sizeof(TPMU_HA)}
BYTE
the buffer area that can be no larger than a digest
10.3.3 TPM2B_DATA
This structure is used for a data buffer that is required to be no larger than the size of the Name of an
object. This size limit includes the algorithm ID of the hash and the hash data.
Table 70 — Definition of TPM2B_DATA Structure
Parameter
Type
Description
size
UINT16
size in octets of the buffer field; may be 0
buffer[size]{:sizeof(TPMT_HA)}
BYTE
the buffer area that contains the algorithm ID and the
digest
10.3.4 TPM2B_NONCE
Table 71 — Definition of Types for TPM2B_NONCE
Type
Name
Description
TPM2B_DIGEST
TPM2B_NONCE
size limited to the same as the digest structure
10.3.5 TPM2B_AUTH
This structure is used for an authorization value and limits an authValue to being no larger than the
largest digest produced by a TPM. In order to ensure consistency within an object, the authValue may be
no larger than the size of the digest produced by the object’s nameAlg. This ensures that any TPM that
can load the object will be able to handle the authValue of the object.
Table 72 — Definition of Types for TPM2B_AUTH
Type
Name
Description
TPM2B_DIGEST
TPM2B_AUTH
size limited to the same as the digest structure
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 83
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.3.6 TPM2B_OPERAND
This type is a sized buffer that can hold an operand for a comparison with an NV Index location. The
maximum size of the operand is implementation dependent but a TPM is required to support an operand
size that is at least as big as the digest produced by any of the hash algorithms implemented on the TPM.
Table 73 — Definition of Types for TPM2B_OPERAND
Type
Name
Description
TPM2B_DIGEST
TPM2B_OPERAND
size limited to the same as the digest structure
10.3.7 TPM2B_EVENT
This type is a sized buffer that can hold event data.
Table 74 — Definition of TPM2B_EVENT Structure
Parameter
Type
Description
size
UINT16
size of the operand buffer
buffer [size] {:1024}
BYTE
the operand
10.3.8 TPM2B_MAX_BUFFER
This type is a sized buffer that can hold a maximally sized buffer for commands that use a large data
buffer
such
as
TPM2_PCR_Event(),
TPM2_Hash(),
TPM2_SequenceUpdate(),
or
TPM2_FieldUpgradeData().
NOTE
The above list is not comprehensive and other commands may use this buffer type.
Table 75 — Definition of TPM2B_MAX_BUFFER Structure
Parameter
Type
Description
size
UINT16
size of the buffer
buffer [size] {:MAX_DIGEST_BUFFER}
BYTE
the operand
NOTE
MAX_DIGEST_BUFFER
is
TPMdependent but is required to be at least 1,024.
10.3.9 TPM2B_MAX_NV_BUFFER
This type is a sized buffer that can hold a maximally sized buffer for NV data commands such as
TPM2_NV_Read(), TPM2_NV_Write(), and TPM2_NV_Certify().
Table 76 — Definition of TPM2B_MAX_NV_BUFFER Structure
Parameter
Type
Description
size
UINT16
size of the buffer
buffer [size] {:MAX_NV_BUFFER_SIZE}
BYTE
the operand
NOTE
MAX_NV_BUFFER_SIZE
dependent
Page 84
October 31, 2013
Published
Copyright © TCG 2006-2013
is
TPM-
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.3.10 TPM2B_TIMEOUT
This TPM-dependent structure is used to provide the timeout value for an authorization.
Table 77 — Definition of TPM2B_TIMEOUT Structure <IN/OUT>
Parameter
Type
Description
size
UINT16
size of the timeout value
This value is fixed for a TPM implementation.
buffer [size] {:sizeof(UINT64)}
BYTE
the timeout value
10.3.11 TPM2B_IV
This structure is used for passing an initial value for a symmetric block cipher to or from the TPM. The
size is set to be the largest block size of any implemented symmetric cipher implemented on the TPM.
Table 78 — Definition of TPM2B_IV Structure <IN/OUT>
Parameter
Type
Description
size
UINT16
size of the timeout value
This value is fixed for a TPM implementation.
buffer [size] {:MAX_SYM_BLOCK_SIZE}
BYTE
the timeout value
10.4 Names
10.4.1 Introduction
The Name of an entity is used in place of the handle in authorization computations. The substitution
occurs in cpHash and policyHash computations.
For an entity that is defined by a public area (objects and NV Indexes), the Name is the hash of the public
structure that defines the entity. The hash is done using the nameAlg of the entity.
NOTE
For an object, a TPMT_PUBLIC defines the entity. For an NV Index, a TPMS_NV_PUBLIC defines the
entity.
For entities not defined by a public area, the Name is the handle that is used to refer to the entity.
10.4.2 TPMU_NAME
Table 79 — Definition of TPMU_NAME Union <>
Parameter
Type
digest
TPMT_HA
when the Name is a digest
handle
TPM_HANDLE
when the Name is a handle
Family “2.0”
Level 00 Revision 00.99
Selector
Description
Published
Copyright © TCG 2006-2013
Page 85
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.4.3 TPM2B_NAME
This buffer holds a Name for any entity type.
The type of Name in the structure is determined by context and the size parameter. If size is four, then
the Name is a handle. If size is zero, then no Name is present. Otherwise, the size shall be the size of a
TPM_ALG_ID plus the size of the digest produced by the indicated hash algorithm.
Table 80 — Definition of TPM2B_NAME Structure
Parameter
Type
Description
size
UINT16
size of the Name structure
name[size]{:sizeof(TPMU_NAME)}
BYTE
the Name structure
10.5 PCR Structures
10.5.1 TPMS_PCR_SELECT
This structure provides a standard method of specifying a list of PCR.
PCR numbering starts at zero.
PcrSelect is an array of octets. The octet containing the bit corresponding to a specific PCR is found by
dividing the PCR number by 8.
EXAMPLE 1
The bit in pcrSelect corresponding to PCR 19 is in pcrSelect [2] (19/8 = 2).
The least significant bit in a octet is bit number 0. The bit in the octet associated with a PCR is the
remainder after division by 8.
EXAMPLE 2
The bit in pcrSelect [2] corresponding to PCR 19 is bit 3 (19 mod 8). If sizeofSelect is 3, then the
pcrSelect array that would specify PCR 19 and no other PCR is 00 00 08 16.
Each bit in pcrSelect indicates whether the corresponding PCR is selected (1) or not (0). If the pcrSelect
is all zero bits, then no PCR is selected.
SizeofSelect indicates the number of octets in pcrSelect. The allowable values for sizeofSelect is
determined by the number of PCR required by the applicable platform-specific specification and the
number of PCR implemented in the TPM. The minimum value for sizeofSelect is:
PCR_SELECT_MIN ≔ (PLATFORM_PCR + 7) / 8
(1)
where
PLATFORM_PCR
the number of PCR required by the platform-specific specification
The maximum value for sizeofSelect is:
PCR_SELECT_MAX ≔ (IMPLEMENTATION_PCR + 7) / 8
(2)
where
IMPLEMENTATION_PCR
Page 86
October 31, 2013
the number of PCR implemented on the TPM
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
If the TPM implements more PCR than there are bits in pcrSelect, the additional PCR are not selected.
EXAMPLE 3
If the applicable platform-specific specification requires that the TPM have a minimum of 24 PCR but the
TPM implements 32, then a PCR select of 3 octets would imply that PCR 24-31 are not selected.
Table 81 — Definition of TPMS_PCR_SELECT Structure
Parameter
Type
Description
sizeofSelect {PCR_SELECT_MIN:}
UINT8
the size in octets of the pcrSelect array
pcrSelect [sizeofSelect] {:PCR_SELECT_MAX}
BYTE
the bit map of selected PCR
#TPM_RC_VALUE
10.5.2 TPMS_PCR_SELECTION
Table 82 — Definition of TPMS_PCR_SELECTION Structure
Parameter
Type
Description
hash
TPMI_ALG_HASH
the hash algorithm associated with the
selection
sizeofSelect {PCR_SELECT_MIN:}
UINT8
the size in octets of the pcrSelect array
pcrSelect [sizeofSelect] {:PCR_SELECT_MAX}
BYTE
the bit map of selected PCR
#TPM_RC_VALUE
10.6 Tickets
10.6.1 Introduction
Tickets are evidence that the TPM has previously processed some information. A ticket is an HMAC over
the data using a secret key known only to the TPM. A ticket is a way to expand the state memory of the
TPM. A ticket is only usable by the TPM that produced it.
The formulations for tickets shown in this clause are to be used by a TPM that is compliant with this
specification.
The method of creating the ticket data is:
HMACcontexAlg(proof, (ticketType || param { || param {…}))
(3)
where
HMACcontexAlg()
an HMAC using the hash used for context integrity
proof
a TPM secret value (depends on hierarchy)
ticketType
a value to differentiate the tickets
param
one or more values that were checked by the TPM
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 87
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
The proof value used for each hierarchy is shown in Table 83.
Table 83 — Values for proof Used in Tickets
Hierarchy
proof
Description
None
Empty Buffer
Platform
phProof
a value that changes with each change of the PPS
Owner
shProof
a value that changes with each change of the SPS
Endorsement
ehProof
a value that changes with each change of either the EPS or SPS
The format for a ticket is shown in Table 84. This is a template for the tickets shown in the remainder of
this clause.
Table 84 — General Format of a Ticket
Parameter
Type
Description
tag
TPM_ST
structure tag indicating the type of the ticket
hierarchy
TPMI_RH_HIERARCHY+
the hierarchy of the proof value
digest
TPM2B_DIGEST
the HMAC over the ticket-specific data
10.6.2 A NULL Ticket
When a command requires a ticket and no ticket is available, the caller is required to provide a structure
with a ticket tag that is correct for the context. The hierarchy shall be set to TPM_RH_NULL, and digest
shall be the Empty Buffer (a buffer with a size field of zero). This construct is the NULL Ticket. When a
response indicates that a ticket is returned, the TPM may return a NULL Ticket.
NOTE
Because each use of a ticket requires that the structure tag for the ticket be appropriate for the use, t here
is no single representation of a NULL Ticket that will work in all circumstances. Minimally, a NULL ticket
will have a structure type that is appropriate for the context.
Page 88
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.6.3 TPMT_TK_CREATION
This ticket is produced by TPM2_Create() or TPM2_CreatePrimary(). It is used to bind the creation data
to the object to which it applies. The ticket is computed by
HMACcontextAlg(proof, (TPM_ST_CREATION || name || HnameAlg(TPMS_CREATION_DATA)))
(4)
where
HMACcontextAlg()
an HMAC using the context integrity hash algorithm
proof
a TPM secret value associated with the hierarchy associated with name
TPM_ST_CREATION
a value used to ensure that the ticket is properly used
name
the Name of the object to which the creation data is to be associated
HnameAlg()
hash using the nameAlg of the created object
TPMS_CREATION_DATA the creation data structure associated with name
Table 85 — Definition of TPMT_TK_CREATION Structure
Parameter
Type
Description
tag {TPM_ST_CREATION}
TPM_ST
ticket structure tag
error returned when tag is not TPM_ST_CREATION
#TPM_RC_TAG
hierarchy
TPMI_RH_HIERARCHY+
the hierarchy containing name
digest
TPM2B_DIGEST
This shall be the HMAC produced using a proof value
of hierarchy.
EXAMPLE
A NULL Creation Ticket is the tuple <TPM_ST_CREATION, TPM_RH_NULL, 0x0000>.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 89
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.6.4 TPMT_TK_VERIFIED
This ticket is produced by TPM2_VerifySignature(). This formulation is used for multiple ticket uses. The
ticket provides evidence that the TPM has validated that a digest was signed by a key with the Name of
keyName. The ticket is computed by
HMACcontextAlg(proof, (TPM_ST_VERIFIED || digest || keyName))
(5)
where
HMACcontextAlg()
an HMAC using the context integrity hash
proof
a TPM secret value associated with the hierarchy associated with
TPM_ST_VERIFIED
a value used to ensure that the ticket is properly used
digest
the signed digest
keyName
Name of the key that signed digest
keyName
Table 86 — Definition of TPMT_TK_VERIFIED Structure
Parameter
Type
Description
tag {TPM_ST_VERIFIED}
TPM_ST
ticket structure tag
error returned when tag is not TPM_ST_VERIFIED
#TPM_RC_TAG
hierarchy
TPMI_RH_HIERARCHY+
the hierarchy containing keyName
digest
TPM2B_DIGEST
This shall be the HMAC produced using a proof value
of hierarchy.
EXAMPLE
A NULL Verified Ticket is the tuple <TPM_ST_VERIFIED, TPM_RH_NULL, 0x0000>.
Page 90
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.6.5 TPMT_TK_AUTH
This ticket is produced by TPM2_PolicySigned() and TPM2_PolicySecret() when the authorization has an
expiration time. The ticket is computed by
HMACcontextAlg(proof, (TPM_ST_AUTH_xxx || timeout || cpHash || policyRef || keyName))
(6)
where
HMACcontextAlg()
an HMAC using the context integrity hash
proof
a TPM secret value associated with the hierarchy of the key associated
with keyName
TPM_ST_AUTH_xxx
either TPM_ST_AUTH_SIGNED or TPM_ST_AUTH_SECRET; used to
ensure that the ticket is properly used
timeout
implementation-specific value indicating when the authorization expires
cpHash
optional hash of the authorized command
policyRef
optional reference to a policy value
keyName
Name of the key that signed the authorization
Table 87 — Definition of TPMT_TK_AUTH Structure
Parameter
Type
Description
tag {TPM_ST_AUTH_SIGNED, TPM_ST_AUTH_SECRET} TPM_ST
ticket structure tag
#TPM_RC_TAG
error returned when tag is
not TPM_ST_AUTH
hierarchy
TPMI_RH_HIERARCHY+
the hierarchy of the object
used to produce the ticket
digest
TPM2B_DIGEST
This shall be the HMAC
produced using a proof
value of hierarchy.
EXAMPLE
A NULL Auth Ticket is the tuple <TPM_ST_AUTH_SIGNED, TPM_RH_NULL, 0x0000> or the tuple
<TPM_ST_AUTH_SIGNED, TPM_RH_NULL, 0x0000>
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 91
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.6.6 TPMT_TK_HASHCHECK
This ticket is produced by TPM2_SequenceComplete() when the message that was digested did not start
with TPM_GENERATED_VALUE. The ticket is computed by
HMACcontexAlg(proof, (TPM_ST_HASHCHECK || digest))
(7)
where
HMACcontexAlg ()
an HMAC using the context integrity hash
proof
a TPM secret value associated with the hierarchy indicated by the
command
TPM_ST_HASHCHECK
a value used to ensure that the ticket is properly used
digest
the digest of the data
Table 88 — Definition of TPMT_TK_HASHCHECK Structure
Parameter
Type
Description
tag {TPM_ST_HASHCHECK}
TPM_ST
ticket structure tag
#TPM_RC_TAG
error returned when is not TPM_ST_HASHCHECK
hierarchy
TPMI_RH_HIERARCHY+
the hierarchy
digest
TPM2B_DIGEST
This shall be the HMAC produced using a proof value
of hierarchy.
10.7 Property Structures
10.7.1 TPMS_ALG_PROPERTY
This structure is used to report the properties of an algorithm identifier. It is returned in response to a
TPM2_GetCapability() with capability = TPM_CAP_ALG.
Table 89 — Definition of TPMS_ALG_PROPERTY Structure <OUT>
Parameter
Type
Description
alg
TPM_ALG_ID
an algorithm identifier
algProperties
TPMA_ALGORITHM
the attributes of the algorithm
10.7.2 TPMS_TAGGED_PROPERTY
This structure is used to report the properties that are UINT32 values. It is returned in response to a
TPM2_GetCapability().
Table 90 — Definition of TPMS_TAGGED_PROPERTY Structure <OUT>
Parameter
Type
Description
property
TPM_PT
a property identifier
value
UINT32
the value of the property
Page 92
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.7.3 TPMS_TAGGED_PCR_SELECT
This structure is used in TPM2_GetCapability() to return the attributes of the PCR.
Table 91 — Definition of TPMS_TAGGED_PCR_SELECT Structure <OUT>
Parameter
Type
Description
tag
TPM_PT
the property identifier
sizeofSelect {PCR_SELECT_MIN:}
UINT8
the size in octets of the pcrSelect array
pcrSelect [sizeofSelect] {:PCR_SELECT_MAX}
BYTE
the bit map of PCR with the identified property
10.8 Lists
10.8.1 TPML_CC
A list of command codes may be input to the TPM or returned by the TPM depending on the command.
Table 92 — Definition of TPML_CC Structure
Parameter
Type
Description
count
UINT32
number of commands in the commandCode list;
may be 0
commandCodes[count]{:MAX_CAP_CC}
TPM_CC
a list of command codes
The maximum only applies to a command code
list in a command. The response size is limited
only by the size of the parameter buffer.
#TPM_RC_SIZE
Family “2.0”
Level 00 Revision 00.99
response code when count is greater than the
maximum allowed list size
Published
Copyright © TCG 2006-2013
Page 93
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.8.2 TPML_CCA
This list is only used in TPM2_GetCapability(capability = TPM_CAP_COMMANDS).
The values in the list are returned in commandIndex order with vendor-specific commands returned after
other commands. Because of the other attributes, the commands may not be returned in strict numerical
order. They will be in commandIndex order.
Table 93 — Definition of TPML_CCA Structure <OUT>
Parameter
Type
Description
count
UINT32
number of values in the commandAttributes list;
may be 0
commandAttributes[count]{:MAX_CAP_CC}
TPMA_CC
a list of command codes attributes
10.8.3 TPML_ALG
This list is returned by TPM2_IncrementalSelfTest().
Table 94 — Definition of TPML_ALG Structure
Parameter
Type
Description
count
UINT32
number of algorithms in the algorithms list; may be 0
algorithms[count]{:MAX_ALG_LIST_SIZE}
TPM_ALG_ID a list of algorithm IDs
The maximum only applies to an algorithm list in a
command. The response size is limited only by the
size of the parameter buffer.
response code when count is greater than the
maximum allowed list size
#TPM_RC_SIZE
10.8.4 TPML_HANDLE
This structure is used when the TPM returns a list of loaded handles when the capability in
TPM2_GetCapability() is TPM_CAP_HANDLE.
NOTE
This list is not used as input to the TPM.
Table 95 — Definition of TPML_HANDLE Structure <OUT>
Name
Type
Description
count
UINT32
the number of handles in the list
may have a value of 0
handle[count]{: MAX_CAP_HANDLES}
TPM_HANDLE
an array of handles
#TPM_RC_SIZE
Page 94
October 31, 2013
response code when count is greater than the
maximum allowed list size
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.8.5 TPML_DIGEST
This list is used to convey a list of digest values. This type is used in TPM2_PolicyOR() and in
TPM2_PCR_Read().
Table 96 — Definition of TPML_DIGEST Structure
Parameter
Type
Description
count {2:}
UINT32
number of digests in the list, minimum is two for
TPM2_PolicyOR().
digests[count]{:8}
TPM2B_DIGEST a list of digests
For TPM2_PolicyOR(), all digests will have been
computed using the digest of the policy session. For
TPM2_PCR_Read(), each digest will be the size of the
digest for the bank containing the PCR.
#TPM_RC_SIZE
response code when count is not at least two or is
greater than eight
10.8.6 TPML_DIGEST_VALUES
This list is used to convey a list of digest values. This type is returned by TPM2_Event() and
TPM2_SequenceComplete() and is an input for TPM2_PCR_Extend().
NOTE 1
This construct limits the number of hashes in the list to the number of digests implemented in the TPM
rather than the number of PCR banks. This allows extra values to appear in a call t o
TPM2_PCR_Extend().
NOTE 2
The digest for an unimplemented hash algorithm may not be in a list because the TPM may not recognize
the algorithm as being a hash and it may not know the digest size.
Table 97 — Definition of TPML_DIGEST_VALUES Structure
Parameter
Type
Description
count
UINT32
number of digests in the list
digests[count]{:HASH_COUNT}
TPMT_HA
a list of tagged digests
response code when count is greater than the possible
number of banks
#TPM_RC_SIZE
10.8.7 TPM2B_DIGEST_VALUES
Digest list in a sized buffer. This list is returned by TPM2_PCR_SequenceComplete().
Table 98 — Definition of TPM2B_DIGEST_VALUES Structure
Parameter
Type
Description
size
UINT16
size of the operand buffer
buffer [size] {:sizeof(TPML_DIGEST_VALUES)}
BYTE
the operand
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 95
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.8.8 TPML_PCR_SELECTION
This list is used to indicate the PCR that are included in a selection when more than one PCR value may
be selected.
This structure is an input parameter to TPM2_PolicyPCR() to indicate the PCR that will be included in the
digest of PCR for the authorization. The structure is used in TPM2_PCR_Read() command to indicate the
PCR values to be returned and in the response to indicate which PCR are included in the list of returned
digests. The structure is an output parameter from TPM2_Create() and indicates the PCR used in the
digest of the PCR state when the object was created. The structure is also contained in the attestation
structure of TPM2_Quote().
When this structure is used to select PCR to be included in a digest, the selected PCR are concatenated
to create a “message” containing all of the PCR, and then the message is hashed using the contextspecific hash algorithm.
Table 99 — Definition of TPML_PCR_SELECTION Structure
Parameter
Type
Description
count
UINT32
number of selection structures
A value of zero is allowed.
pcrSelections[count]{:HASH_COUNT}
TPMS_PCR_SELECTION
list of selections
response code when count is greater
than the possible number of banks
#TPM_RC_SIZE
10.8.9 TPML_ALG_PROPERTY
This list is used to report on a list of algorithm attributes. It is returned in a TPM2_GetCapability().
Table 100 — Definition of TPML_ALG_PROPERTY Structure <OUT>
Parameter
Type
Description
count
UINT32
number of algorithm properties structures
A value of zero is allowed.
algProperties[count]{:MAX_CAP_ALGS}
TPMS_ALG_PROPERTY
list of properties
10.8.10 TPML_TAGGED_TPM_PROPERTY
This list is used to report on a list of properties that are TPMS_TAGGED_PROPERTY values. It is
returned by a TPM2_GetCapability().
Table 101 — Definition of TPML_TAGGED_TPM_PROPERTY Structure <OUT>
Parameter
Type
Description
count
UINT32
number of properties
A value of zero is allowed.
tpmProperty[count]{:MAX_TPM_PROPERTIES} TPMS_TAGGED_PROPERTY
Page 96
October 31, 2013
Published
Copyright © TCG 2006-2013
an array of tagged properties
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.8.11 TPML_TAGGED_PCR_PROPERTY
This list is used to report on a list of properties that are TPMS_PCR_SELECT values. It is returned by a
TPM2_GetCapability().
Table 102 — Definition of TPML_TAGGED_PCR_PROPERTY Structure <OUT>
Parameter
Type
Description
count
UINT32
number of properties
A value of zero is allowed.
pcrProperty[count]{:MAX_PCR_PROPERTIES}
TPMS_TAGGED_PCR_SELECT a tagged PCR selection
10.8.12 TPML_ECC_CURVE
This list is used to report the ECC curve ID values supported by the TPM. It is returned by a
TPM2_GetCapability().
Table 103 — Definition of {ECC} TPML_ECC_CURVE Structure <OUT>
Parameter
Type
Description
count
UINT32
number of curves
A value of zero is allowed.
eccCurves[count]{:MAX_ECC_CURVES}
TPM_ECC_CURVE
array of ECC curve identifiers
10.9 Capabilities Structures
10.9.1 TPMU_CAPABILITIES
Table 104 — Definition of TPMU_CAPABILITIES Union <OUT>
Parameter
Type
Selector
algorithms
TPML_ALG_PROPERTY
TPM_CAP_ALGS
handles
TPML_HANDLE
TPM_CAP_HANDLES
command
TPML_CCA
TPM_CAP_COMMANDS
ppCommands
TPML_CC
TPM_CAP_PP_COMMANDS
auditCommands
TPML_CC
TPM_CAP_AUDIT_COMMANDS
assignedPCR
TPML_PCR_SELECTION
TPM_CAP_PCRS
tpmProperties
TPML_TAGGED_TPM_PROPERTY
TPM_CAP_TPM_PROPERTIES
pcrProperties
TPML_TAGGED_PCR_PROPERTY
TPM_CAP_PCR_PROPERTIES
eccCurves
TPML_ECC_CURVE
TPM_CAP_ECC_CURVES
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Description
TPM_ALG_ECC
Page 97
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.9.2 TPMS_CAPABILITY_DATA
This data area is returned in response to a TPM2_GetCapability().
Table 105 — Definition of TPMS_CAPABILITY_DATA Structure <OUT>
Parameter
Type
Description
capability
TPM_CAP
the capability
[capability]data
TPMU_CAPABILITIES
the capability data
10.10 Clock/Counter Structures
10.10.1 TPMS_CLOCK_INFO
This structure is used in each of the attestation commands.
Table 106 — Definition of TPMS_CLOCK_INFO Structure
Parameter
Type
Description
clock
UINT64
time in milliseconds during which the TPM has been powered
This structure element is used to report on the TPM's Clock value.
The value of Clock shall be recorded in non-volatile memory no
22
less often than once per 2 milliseconds (~69.9 minutes) of TPM
operation. The reference for the millisecond timer is the TPM
oscillator.
This value is reset to zero when the Storage Primary Seed is
changed (TPM2_Clear()).
This value may be advanced by TPM2_AdvanceClock().
resetCount
UINT32
number of occurrences of TPM Reset since the last TPM2_Clear()
restartCount
UINT32
number of times that TPM2_Shutdown() or _TPM_Hash_Start have
occurred since the last TPM Reset or TPM2_Clear().
safe
TPMI_YES_NO
no value of Clock greater than the current value of Clock has been
previously reported by the TPM. Set to YES on TPM2_Clear().
10.10.2 Clock
Clock is a monotonically increasing counter that advances whenever power is applied to the TPM. The
value of Clock may be set forward with TPM2_ClockSet() if ownerAuth or platformAuth is provided. The
value of Clock is incremented each millisecond.
TPM2_Clear() will set Clock to zero.
Clock will be non-volatile but may have a volatile component that is updated every millisecond with the
non-volatile component updated at a lower rate. If the implementation uses a volatile component, the non22
volatile component shall be updated no less frequently than every 2 milliseconds (~69.9 minutes). The
update rate of the non-volatile portion of Clock shall be reported by a TPM2_GetCapability() with
capability = TPM_CAP_TPM_PROPERTIES and property = TPM_PT_CLOCK_UPDATE.
10.10.3 ResetCount
This counter shall increment on each TPM Reset. This counter shall be reset to zero by TPM2_Clear().
Page 98
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.10.4 RestartCount
This counter shall increment by one for each TPM Restart or TPM Resume. The restartCount shall be
reset to zero on a TPM Reset or TPM2_Clear().
10.10.5 Safe
This parameter is set to YES when the value reported in Clock is guaranteed to be unique for the current
Owner. It is set to NO when the value of Clock may have been reported in a previous attestation or
access.
This parameter will be YES if a TPM2_Startup() was preceded by TPM2_Shutdown() with no intervening
commands. It will also be YES after an update of the non-volatile bits of Clock have been updated at the
end of an update interval.
If a TPM implementation does not implement
TPMS_CLOCK_INFO.clock shall always be zero.
Clock,
Safe
shall
always
be
NO
and
This parameter will be set to YES by TPM2_Clear().
10.10.6 TPMS_TIME_INFO
This structure is used in the TPM2_TICK attestation.
The Time value reported in this structure is reset whenever the TPM is reset. An implementation may
reset the value of Time any time after _TPM_Init and before the TPM returns after TPM2_Start(). The
value of Time shall increment continuously while power is applied to the TPM.
Table 107 — Definition of TPMS_TIME_INFO Structure
Parameter
Type
Description
time
UINT64
time in milliseconds since the last _TPM_Init() or TPM2_Startup()
This structure element is used to report on the TPM's Time value.
clockInfo
TPMS_CLOCK_INFO
a structure containing the clock information
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 99
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.11 TPM Attestation Structures
10.11.1 Introduction
This clause describes the structures that are used when a TPM creates a structure to be signed. The
signing structures follow a standard format TPM2B_ATTEST with case-specific information embedded.
10.11.2 TPMS_TIME_ATTEST_INFO
This structure is used when the TPM performs TPM2_GetClock.
Table 108 — Definition of TPMS_TIME_ATTEST_INFO Structure <OUT>
Parameter
Type
Description
time
TPMS_TIME_INFO
the Time, clock, resetCount, restartCount, and Safe indicator
firmwareVersion
UINT64
a vendor-specific value indicating the version number of the
firmware
10.11.3 TPMS_CERTIFY_INFO
This is the attested data for TPM2_Certify().
Table 109 — Definition of TPMS_CERTIFY_INFO Structure <OUT>
Parameter
Type
Description
name
TPM2B_NAME
Name of the certified object
qualifiedName
TPM2B_NAME
Qualified Name of the certified object
10.11.1 TPMS_QUOTE_INFO
This is the attested data for TPM2_Quote().
Table 110 — Definition of TPMS_QUOTE_INFO Structure <OUT>
Parameter
Type
Description
pcrSelect
TPML_PCR_SELECTION
information on algID, PCR selected and digest
pcrDigest
TPM2B_DIGEST
digest of the selected PCR using the hash of the signing key
Page 100
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.11.2 TPMS_COMMAND_AUDIT_INFO
This is the attested data for TPM2_GetCommandAuditDigest().
Table 111 — Definition of TPMS_COMMAND_AUDIT_INFO Structure <OUT>
Parameter
Type
Description
auditCounter
UINT64
the monotonic audit counter
digestAlg
TPM_ALG_ID
hash algorithm used for the command audit
auditDigest
TPM2B_DIGEST
the current value of the audit digest
commandDigest
TPM2B_DIGEST
digest of the command codes being audited using digestAlg
10.11.3 TPMS_SESSION_AUDIT_INFO
This is the attested data for TPM2_GetSessionAuditDigest().
Table 112 — Definition of TPMS_SESSION_AUDIT_INFO Structure <OUT>
Parameter
Type
Description
exclusiveSession
TPMI_YES_NO
current exclusive status of the session
TRUE if all of the commands recorded in the sessionDigest were
executed without any intervening TPM command that did not use
this transport session
sessionDigest
TPM2B_DIGEST
the current value of the session audit digest
10.11.4 TPMS_CREATION_INFO
This is the attested data for TPM2_CertifyCreation().
Table 113 — Definition of TPMS_CREATION_INFO Structure <OUT>
Parameter
Type
Description
objectName
TPM2B_NAME
Name of the object
creationHash
TPM2B_DIGEST
creationHash
10.11.5 TPMS_NV_CERTIFY_INFO
This structure contains the Name and contents of the selected NV Index that is certified by
TPM2_NV_Certify().
Table 114 — Definition of TPMS_NV_CERTIFY_INFO Structure <OUT>
Parameter
Type
Description
indexName
TPM2B_NAME
Name of the NV Index
offset
UINT16
the offset parameter of TPM2_NV_Certify()
nvContents
TPM2B_MAX_NV_BUFFER
contents of the NV Index
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 101
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.11.6 TPMI_ST_ATTEST
Table 115 — Definition of (TPM_ST) TPMI_ST_ATTEST Type <OUT>
Value
Description
TPM_ST_ATTEST_CERTIFY
generated by TPM2_Certify()
TPM_ST_ATTEST_QUOTE
generated by TPM2_Quote()
TPM_ST_ATTEST_SESSION_AUDIT
generated by TPM2_GetSessionAuditDigest()
TPM_ST_ATTEST_COMMAND_AUDIT
generated by TPM2_GetCommandAuditDigest()
TPM_ST_ATTEST_TIME
generated by TPM2_GetTime()
TPM_ST_ATTEST_CREATION
generated by TPM2_CertifyCreation()
TPM_ST_ATTEST_NV
generated by TPM2_NV_Certify()
10.11.7 TPMU_ATTEST
Table 116 — Definition of TPMU_ATTEST Union <OUT>
Parameter
Type
Selector
certify
TPMS_CERTIFY_INFO
TPM_ST_ATTEST_CERTIFY
creation
TPMS_CREATION_INFO
TPM_ST_ATTEST_CREATION
quote
TPMS_QUOTE_INFO
TPM_ST_ATTEST_QUOTE
commandAudit
TPMS_COMMAND_AUDIT_INFO TPM_ST_ATTEST_COMMAND_AUDIT
sessionAudit
TPMS_SESSION_AUDIT_INFO
TPM_ST_ATTEST_SESSION_AUDIT
time
TPMS_TIME_ATTEST_INFO
TPM_ST_ATTEST_TIME
nv
TPMS_NV_CERTIFY_INFO
TPM_ST_ATTEST_NV
Page 102
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
10.11.8 TPMS_ATTEST
This structure is used on each TPM-generated signed structure. The signature is over this structure.
When the structure is signed by a key in the Storage hierarchy, the values of clockInfo.resetCount,
clockInfo.restartCount, and firmwareVersion are obfuscated with a per-key obfuscation value.
Table 117 — Definition of TPMS_ATTEST Structure <OUT>
Parameter
Type
Description
magic
TPM_GENERATED
the indication that this structure was created by a TPM (always
TPM_GENERATED_VALUE)
type
TPMI_ST_ATTEST
type of the attestation structure
qualifiedSigner
TPM2B_NAME
Qualified Name of the signing key
extraData
TPM2B_DATA
external information supplied by caller
NOTE
A TPM2B_DATA structure provides room for a digest and a
method indicator to indicate the components of the digest.
The definition of this method indicator is outside the scope
of this specification.
clockInfo
TPMS_CLOCK_INFO
Clock, resetCount, restartCount, and Safe
firmwareVersion
UINT64
TPM-vendor-specific field identifying the firmware on the TPM
[type]attested
TPMU_ATTEST
the type-specific attestation information
10.11.9 TPM2B_ATTEST
This sized buffer to contain the signed structure. The attestationData is the signed portion of the structure.
The size parameter is not signed.
Table 118 — Definition of TPM2B_ATTEST Structure <OUT>
Parameter
Type
Description
size
UINT16
size of the attestationData structure
attestationData[size]{:sizeof(TPMS_ATTEST)}
BYTE
the signed structure
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 103
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
10.12 Authorization Structures
The structures in this clause are used for all authorizations. One or more of these structures will be
present in a command or response that has a tag of TPM_ST_SESSIONS.
10.12.1 TPMS_AUTH_COMMAND
This is the format used for each of the authorizations in the session area of a command.
Table 119 — Definition of TPMS_AUTH_COMMAND Structure <IN>
Parameter
Type
Description
sessionHandle
TPMI_SH_AUTH_SESSION+
the session handle
nonce
TPM2B_NONCE
the session nonce, may be the Empty Buffer
sessionAttributes
TPMA_SESSION
the session attributes
hmac
TPM2B_AUTH
either an HMAC, a password, or an EmptyAuth
10.12.2 TPMS_AUTH_RESPONSE
This is the format for each of the authorizations in the session area of the response. If the TPM returns
TPM_RC_SUCCESS, then the session area of the response contains the same number of authorizations
as the command and the authorizations are in the same order.
Table 120 — Definition of TPMS_AUTH_RESPONSE Structure <OUT>
Parameter
Type
Description
nonce
TPM2B_NONCE
the session nonce, may be the Empty Buffer
sessionAttributes
TPMA_SESSION
the session attributes
hmac
TPM2B_AUTH
either an HMAC, a password, or an EmptyAuth
Page 104
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11 Algorithm Parameters and Structures
11.1 Symmetric
11.1.1 Introduction
This clause defines the parameters and structures for describing symmetric algorithms.
11.1.2 TPMI_AES_KEY_BITS
This interface type defines the supported sizes for an AES key. This type is used to allow the
unmarshaling routine to generate the proper validation code for the supported key sizes. An
implementation that supports different key sizes would have a different set of selections.
When used in TPM2_StartAuthSession(), the mode parameter shall be TPM_ALG_CFB.
NOTE 1
Key size is expressed in bits.
NOTE 2
The definition for AES_KEY_SIZES_BITS used in the reference implementation is found in Annex B
Table 121 — Definition of {AES} (TPM_KEY_BITS) TPMI_AES_KEY_BITS Type
Parameter
Description
$AES_KEY_SIZES_BITS
number of bits in the key
#TPM_RC_VALUE
error when key size is not supported
11.1.3 TPMI_SM4_KEY_BITS
This interface type defines the supported sizes for an SM4 key. This type is used to allow the
unmarshaling routine to generate the proper validation code for the supported key sizes. An
implementation that supports different key sizes would have a different set of selections.
NOTE
SM4 only supports a key size of 128 bits.
Table 122 — Definition of {SM4} (TPM_KEY_BITS) TPMI_SM4_KEY_BITS Type
Parameter
Description
$SM4_KEY_SIZES_BITS
number of bits in the key
#TPM_RC_VALUE
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 105
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.1.4 TPMU_SYM_KEY_BITS
This union is used to collect the symmetric encryption key sizes.
The xor entry is a hash algorithms selector and not a key size in bits. This overload is used in order to
avoid an additional level of indirection with another union and another set of selectors.
The xor entry is only selected in a TPMT_SYM_DEF, which is used to select the parameter encryption
value.
Table 123 — Definition of TPMU_SYM_KEY_BITS Union
Parameter
Type
Selector
aes
TPMI_AES_KEY_BITS
TPM_ALG_AES
SM4
TPMI_SM4_KEY_BITS
TPM_ALG_SM4
sym
TPM_KEY_BITS
xor
TPMI_ALG_HASH
Description
when selector may be any of the
symmetric block ciphers
TPM_ALG_XOR
overload for using xor
NOTE
null
TPM_ALG_NULL
allowed
is
not
TPM_ALG_NULL
11.1.5 TPMU_SYM_MODE
This union allows the mode value in a TPMT_SYM_DEF or TPMT_SYM_DEF_OBJECT to be empty.
Table 124 — Definition of TPMU_SYM_MODE Union
Parameter
Type
Selector
Description
aes
TPMI_ALG_SYM_MODE
TPM_ALG_AES
NOTE
TPM_ALG_NULL
allowed
is
not
SM4
TPMI_ALG_SYM_MODE
TPM_ALG_SM4
NOTE
TPM_ALG_NULL
allowed
is
not
sym
TPMI_ALG_SYM_MODE
when selector may be any of the
symmetric block ciphers
xor
TPM_ALG_XOR
no mode selector
null
TPM_ALG_NULL
no mode selector
Page 106
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11.1.6 TPMU_SYM_DETAILS
This union allows additional parameters to be added for a symmetric cipher. Currently, no additional
parameters are required for any of the symmetric algorithms.
NOTE
The “x” character in the table title will suppress generation of this type as the parser is not, at this time,
able to generate the proper values (a union of all empty data types). When an algorithm is added that
requires additional parameterization, the Type column will contain a value and the “x” may be removed.
Table 125 — xDefinition of TPMU_SYM_DETAILS Union
Parameter
Type
Selector
aes
TPM_ALG_AES
SM4
Description
TPM_ALG_SM4
sym
when selector may be any of the
symmetric block ciphers
xor
TPM_ALG_XOR
null
TPM_ALG_NULL
11.1.7 TPMT_SYM_DEF
The TPMT_SYM_DEF structure is used to select an algorithm to be used for parameter encryption in
those cases when different symmetric algorithms may be selected.
Table 126 — Definition of TPMT_SYM_DEF Structure
Parameter
Type
Description
algorithm
+TPMI_ALG_SYM
indicates a symmetric algorithm
[algorithm]keyBits
TPMU_SYM_KEY_BITS
a supported key size
[algorithm]mode
TPMU_SYM_MODE
the mode for the key
//[algorithm]details
TPMU_SYM_DETAILS
contains additional algorithm details
NOTE
This is commented out at this time as the parser
may not produce the proper code for a union if
none of the selectors produces any data.
11.1.8 TPMT_SYM_DEF_OBJECT
This structure is used when different symmetric block cipher (not XOR) algorithms may be selected.
Table 127 — Definition of TPMT_SYM_DEF_OBJECT Structure
Parameter
Type
Description
algorithm
+TPMI_ALG_SYM_OBJECT
selects a symmetric block cipher
[algorithm]keyBits
TPMU_SYM_KEY_BITS
the key size
[algorithm]mode
TPMU_SYM_MODE
default mode
//[algorithm]details
TPMU_SYM_DETAILS
contains the additional algorithm details, if any
NOTE
Family “2.0”
Level 00 Revision 00.99
This is commented out at this time as the parser
may not produce the proper code for a union if
none of the selectors produces any data.
Published
Copyright © TCG 2006-2013
Page 107
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.1.9 TPM2B_SYM_KEY
This structure is used to hold a symmetric key in the sensitive area of an asymmetric object.
The number of bits in the key is in keyBits in the public area. When keyBits is not an even multiple of 8
bits, the unused bits of buffer will be the most significant bits of buffer[0] and size will be rounded up to
the number of octets required to hold all bits of the key.
Table 128 — Definition of TPM2B_SYM_KEY Structure
Parameter
Type
Description
size
UINT16
size, in octets, of the buffer containing the key; may be
zero
buffer [size] {:MAX_SYM_KEY_BYTES}
BYTE
the key
11.1.10 TPMS_SYMCIPHER_PARMS
This structure contains the parameters for a symmetric block cipher object.
Table 129 — Definition of TPMS_SYMCIPHER_PARMS Structure
Parameter
Type
Description
sym
TPMT_SYM_DEF_OBJECT
a symmetric block cipher
11.1.11 TPM2B_SENSITIVE_DATA
This buffer holds the secret data of a data object. It can hold as much as 128 octets of data.
MAX_SYM_DATA shall be 128.
NOTE
A named value rather than a numeric is used to make coding clearer. A numeric value does not indicate
the reason that it has the specific value that is has.
Table 130 — Definition of TPM2B_SENSITIVE_DATA Structure
Parameter
Type
size
UINT16
buffer[size]{: MAX_SYM_DATA}
BYTE
Page 108
October 31, 2013
Description
the keyed hash private data structure
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11.1.12 TPMS_SENSITIVE_CREATE
This structure defines the values to be placed in the sensitive area of a created object. This structure is
only used within a TPM2B_SENSITIVE_CREATE structure.
NOTE
When sent to the TPM or unsealed, data is usually encrypted using parameter encryption.
If data.size is not zero, and the object is not a keyedHash, data.size must match the size indicated in the
keySize of public.parameters. If the object is a keyedHash, data.size may be any value up to the
maximum allowed in a TPM2B_SENSITIVE_DATA.
For an asymmetric object, data shall be an Empty Buffer and sensitiveDataOrigin shall be SET.
Table 131 — Definition of TPMS_SENSITIVE_CREATE Structure <IN>
Parameter
Type
Description
userAuth
TPM2B_AUTH
the USER auth secret value
data
TPM2B_SENSITIVE_DATA
data to be sealed
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 109
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.1.13 TPM2B_SENSITIVE_CREATE
This structure contains the sensitive creation data in a sized buffer. This structure is defined so that both
the userAuth and data values of the TPMS_SENSITIVE_CREATE may be passed as a single parameter
for parameter encryption purposes.
Table 132 — Definition of TPM2B_SENSITIVE_CREATE Structure <IN, S>
Parameter
Type
Description
size=
UINT16
size of sensitive in octets (may not be zero)
NOTE
sensitive
TPMS_SENSITIVE_CREATE
The userAuth and data parameters in this buffer
may both be zero length but the minimum size of
this parameter will be the sum of the size fields of
the
two
parameters
of
the
TPMS_SENSITIVE_CREATE.
data to be sealed or a symmetric key value.
11.1.14 TPMS_SCHEME_SIGHASH
This structure is the scheme data for schemes that only require a hash to complete the scheme definition.
Table 133 — Definition of TPMS_SCHEME_SIGHASH Structure
Parameter
Type
Description
hashAlg
TPMI_ALG_HASH
the hash algorithm used to digest the message
11.1.15 TPMI_ALG_HASH_SCHEME
This is the list of values that may appear in a keyedHash as the scheme parameter.
Table 134 — Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type
Values
Comments
TPM_ALG_HMAC
the "signing" scheme
TPM_ALG_XOR
the "obfuscation" scheme
+TPM_ALG_NULL
#TPM_RC_VALUE
11.1.16 HMAC_SIG_SCHEME
Table 135 — Definition of Types for HMAC_SIG_SCHEME
Type
Name
TPMS_SCHEME_SIGHASH
TPMS_SCHEME_HMAC
Page 110
October 31, 2013
Description
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11.1.17 TPMS_SCHEME_XOR
This structure is for the XOR encryption scheme.
Table 136 — Definition of TPMS_SCHEME_XOR Structure
Parameter
Type
Description
hashAlg
+TPMI_ALG_HASH
the hash algorithm used to digest the message
kdf
TPMI_ALG_KDF
the key derivation function
11.1.18 TPMU_SCHEME_HMAC
Table 137 — Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S>
Parameter
Type
Selector
Description
hmac
TPMS_SCHEME_HMAC
TPM_ALG_HMAC
the "signing" scheme
xor
TPMS_SCHEME_XOR
TPM_ALG_XOR
the "obfuscation" scheme
null
TPM_ALG_NULL
11.1.19 TPMT_KEYEDHASH_SCHEME
This structure is used for a hash signing object.
Table 138 — Definition of TPMT_KEYEDHASH_SCHEME Structure
Parameter
Type
Description
scheme
+TPMI_ALG_KEYEDHASH_SCHEME
selects the scheme
[scheme]details
TPMU_SCHEME_KEYEDHASH
the scheme parameters
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 111
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.2 Asymmetric
11.2.1 Signing Schemes
11.2.1.1
Introduction
These structures are used to define the method in which the signature is to be created. These schemes
would appear in an object’s public area and in commands where the signing scheme is variable.
Every scheme is required to indicate a hash that is used in digesting the message.
11.2.1.2
RSA_SIG_SCHEMES
These are the RSA schemes that only need a hash algorithm as a scheme parameter.
For the TPM_ALG_RSAPSS signing scheme, the same hash algorithm is used for digesting TPMgenerated data (an attestation structure) and in the KDF used for the masking operation. The salt size is
always the largest salt value that will fit into the available space.
Table 139 — Definition of {RSA} Types for RSA_SIG_SCHEMES
Type
Name
Description
TPMS_SCHEME_SIGHASH TPMS_SCHEME_RSASSA
TPMS_SCHEME_SIGHASH TPMS_SCHEME_RSAPSS
11.2.1.3
ECC_SIG_SCHEMES
These are the ECC schemes that only need a hash algorithm as a controlling parameter.
Table 140 — Definition of {ECC} Types for ECC_SIG_SCHEMES
Type
Name
Description
TPMS_SCHEME_SIGHASH TPMS_SCHEME_ECDSA
TPMS_SCHEME_SIGHASH TPMS_SCHEME_SM2
TPMS_SCHEME_SIGHASH TPMS_SCHEME_ECSCHNORR
11.2.1.4 TPMS_SCHEME_ECDAA
Table 141 — Definition of {ECC} TPMS_SCHEME_ECDAA Structure
Parameter
Type
Description
hashAlg
TPMI_ALG_HASH
the hash algorithm used to digest the message
count
UINT16
the counter value that is used between TPM2_Commit() and the sign
operation
Page 112
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
11.2.1.5
Part 2: Structures
TPMU_SIG_SCHEME
Table 142 — Definition of TPMU_SIG_SCHEME Union <IN/OUT, S>
Parameter
Type
Selector
Description
rsassa
TPMS_SCHEME_RSASSA
TPM_ALG_RSASSA
the PKCS#1v1.5 scheme
rsapss
TPMS_SCHEME_RSAPSS
TPM_ALG_RSAPSS
the PKCS#1v2.1 PSS scheme
ecdsa
TPMS_SCHEME_ECDSA
TPM_ALG_ECDSA
the ECDSA scheme
sm2
TPMS_SCHEME_SM2
TPM_ALG_SM2
ECDSA from SM2
ecdaa
TPMS_SCHEME_ECDAA
TPM_ALG_ECDAA
the ECDAA scheme
ecSchnorr
TPMS_SCHEME_ECSCHNORR
TPM_ALG_ECSCHNORR
the EC Schnorr
hmac
TPMS_SCHEME_HMAC
TPM_ALG_HMAC
the HMAC scheme
any
TPMS_SCHEME_SIGHASH
null
11.2.1.6
selector that allows access to
digest for any signing scheme
TPM_ALG_NULL
no scheme or default
TPMT_SIG_SCHEME
Table 143 — Definition of TPMT_SIG_SCHEME Structure
Parameter
Type
Description
scheme
+TPMI_ALG_SIG_SCHEME
scheme selector
[scheme]details
TPMU_SIG_SCHEME
scheme parameters
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 113
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.2.2 Encryption Schemes
11.2.2.1
Introduction
These structures are used to indicate the hash algorithm used for the encrypting process. These
schemes would appear in an object’s public area.
11.2.2.2
TPMS_SCHEME_OAEP
Table 144 — Definition of {RSA} TPMS_SCHEME_OAEP Structure
Parameter
Type
Description
hashAlg
+TPMI_ALG_HASH
the hash algorithm used to digest the message
11.2.2.3
TPMS_SCHEME_ECDH
For ECDH, KDFe is used for the key derivation function that only a hash algorithm is needed to complete
the definition.
Table 145 — Definition of {ECC} TPMS_SCHEME_ECDH Structure
Parameter
Type
Description
hashAlg
+TPMI_ALG_HASH
the hash algorithm used in the KDF
11.2.3 Key Derivation Schemes
11.2.3.1
Introduction
These structures are used to define the key derivation for symmetric secret sharing using asymmetric
methods. A secret shareing scheme is required in any asymmetric key with the decrypt attribute SET.
These schemes would appear in an object’s public area and in commands where the secret sharing
scheme is variable.
Each scheme includes a symmetric algorithm and a KDF selection.
11.2.3.2
TPMS_SCHEME_MGF1
Table 146 — Definition of TPMS_SCHEME_MGF1 Structure
Parameter
Type
Description
hashAlg
TPMI_ALG_HASH
the hash algorithm used in the KDF
11.2.3.3
TPMS_SCHEME_KDF1_SP800_56a
Table 147 — Definition of {ECC} TPMS_SCHEME_KDF1_SP800_56a Structure
Parameter
Type
Description
hashAlg
TPMI_ALG_HASH
the hash algorithm used in the KDF
Page 114
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
11.2.3.4
Part 2: Structures
TPMS_SCHEME_KDF2
Table 148 — Definition of TPMS_SCHEME_KDF2 Structure
Parameter
Type
Description
hashAlg
TPMI_ALG_HASH
the hash algorithm used in the KDF
11.2.3.5
TPMS_SCHEME_KDF1_SP800_108
Table 149 — Definition of TPMS_SCHEME_KDF1_SP800_108 Structure
Parameter
Type
Description
hashAlg
TPMI_ALG_HASH
the hash algorithm used in the KDF
11.2.3.6
TPMU_KDF_SCHEME
Table 150 — Definition of TPMU_KDF_SCHEME Union <IN/OUT, S>
Parameter
Type
Selector
mgf1
TPMS_SCHEME_MGF1
TPM_ALG_MGF1
kdf1_SP800_56a TPMS_SCHEME_KDF1_SP800_56a
TPM_ALG_KDF1_SP800_56a
kdf2
TPMS_SCHEME_KDF2
TPM_ALG_KDF2
kdf1_sp800_108
TPMS_SCHEME_KDF1_SP800_108
Description
TPM_ALG_KDF1_SP800_108
null
11.2.3.7
TPM_ALG_NULL
TPMT_KDF_SCHEME
Table 151 — Definition of TPMT_KDF_SCHEME Structure
Parameter
Type
Description
scheme
+TPMI_ALG_KDF
scheme selector
[scheme]details
TPMU_KDF_SCHEME
scheme parameters
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 115
October 31, 2013
�Part 2: Structures
11.2.3.8
Trusted Platform Module Library
TPMI_ALG_ASYM_SCHEME
List of all of the scheme types for any asymmetric algorithm. This is used to define the
TPMT_ASYM_SCHEME.
Table 152 — Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <>
Values
Comments
TPM_ALG_RSASSA
list of the allowed values
TPM_ALG_RSAPSS
TPM_ALG_RSAES
TPM_ALG_OAEP
TPM_ALG_ECDSA
TPM_ALG_SM2
TPM_ALG_ECDAA
TPM_ALG_ECDH
+TPM_ALG_NULL
#TPM_RC_VALUE
11.2.3.9
TPMU_ASYM_SCHEME
This union of all asymmetric schemes is used in each of the asymmetric scheme structures. The actual
scheme structure is defined by the interface type used for the selector.
EXAMPLE
The TPMT_RSA_SCHEME structure uses the TPMU_ASYM_SCHEME union but the selector type is
TPMI_ALG_RSA_SCHEME. This means that the only elements of the union that can be selected for th e
TPMT_RSA_SCHEME are those that are in TPMI_RSA_SCHEME.
Table 153 — Definition of TPMU_ASYM_SCHEME Union
Parameter
Type
Selector
Description
rsassa
TPMS_SCHEME_RSASSA
TPM_ALG_RSASSA
the PKCS#1v1.5 scheme
rsapss
TPMS_SCHEME_RSAPSS
TPM_ALG_RSAPSS
the PKCS#1v2.1 PSS scheme
TPM_ALG_RSAES
the PKCS#1v2.1 RSAES scheme
rsaes
oaep
TPMS_SCHEME_OAEP
TPM_ALG_OAEP
the PKSC#1v2.1 OAEP scheme
ecdsa
TPMS_SCHEME_ECDSA
TPM_ALG_ECDSA
an ECDSA scheme
sm2
TPMS_SCHEME_SM2
TPM_ALG_SM2
sign or key exchange from SM2
ecdaa
TPMS_SCHEME_ECDAA
TPM_ALG_ECDAA
an ECDAA scheme
ecSchnorr
TPMS_SCHEME_ECSCHNORR
TPM_ALG_ECSCHNORR elliptic curve Schnorr signature
ecdh
anySig
TPM_ALG_ECDH
TPMS_SCHEME_SIGHASH
null
Page 116
October 31, 2013
TPM_ALG_NULL
Published
Copyright © TCG 2006-2013
no scheme or default
This selects the NULL Signature.
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11.2.3.10 TPMT_ASYM_SCHEME
This structure is defined to allow overlay of all of the schemes for any asymmetric object. This structure is
not sent on the interface.
Table 154 — Definition of TPMT_ASYM_SCHEME Structure <>
Parameter
Type
Description
scheme
+TPMI_ALG_ASYM_SCHEME
scheme selector
[scheme]details
TPMU_ASYM_SCHEME
scheme parameters
11.2.4 RSA
11.2.4.1
TPMI_ALG_RSA_SCHEME
The list of values that may appear in the scheme parameter of a TPMS_RSA_PARMS structure.
Table 155 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type
Values
Comments
TPM_ALG_RSASSA
list of the allowed values
TPM_ALG_RSAPSS
TPM_ALG_RSAES
TPM_ALG_OAEP
+TPM_ALG_NULL
#TPM_RC_VALUE
11.2.4.2
TPMT_RSA_SCHEME
Table 156 — Definition of {RSA} TPMT_RSA_SCHEME Structure
Parameter
Type
Description
scheme
+TPMI_ALG_RSA_SCHEME
scheme selector
[scheme]details
TPMU_ASYM_SCHEME
scheme parameters
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 117
October 31, 2013
�Part 2: Structures
11.2.4.3
Trusted Platform Module Library
TPMI_ALG_RSA_DECRYPT
The list of values that are allowed in a decryption scheme selection as used in TPM2_RSA_Encrypt() and
TPM2_RSA_Decrypt().
Table 157 — Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type
Values
Comments
TPM_ALG_RSAES
TPM_ALG_OAEP
+TPM_ALG_NULL
#TPM_RC_VALUE
11.2.4.4
TPMT_RSA_DECRYPT
Table 158 — Definition of {RSA} TPMT_RSA_DECRYPT Structure
Parameter
Type
Description
scheme
+TPMI_ALG_RSA_DECRYPT
scheme selector
[scheme]details
TPMU_ASYM_SCHEME
scheme parameters
11.2.4.5
TPM2B_PUBLIC_KEY_RSA
This sized buffer holds the largest RSA public key supported by the TPM.
NOTE
The reference implementation only supports key sizes of 1,024 and 2,048 bits.
Table 159 — Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure
Parameter
Type
Description
size
UINT16
size of the buffer
The value of zero is only valid for create.
buffer[size] {: MAX_RSA_KEY_BYTES}
BYTE
Value
11.2.4.6
TPMI_RSA_KEY_BITS
This holds the value that is the maximum size allowed for an RSA key.
NOTE 1
An implementation is allowed to provide limited support for smaller RSA key sizes. That is, a TPM may be
able to accept a smaller RSA key size in TPM2_LoadExternal() when only the public area is loaded but
not accept that smaller key size in any command that loads both the public and private portions of an RSA
key. This would allow the TPM to validate signatures using the smaller key but would prevent the TPM
from using the smaller key size for any other purpose.
NOTE 2
The definition for RSA_KEY_SIZES_BITS used in the reference implementation is found in Annex B
Page 118
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 160 — Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type
Parameter
Description
$RSA_KEY_SIZES_BITS
the number of bits in the supported key
#TPM_RC_VALUE
error when key size is not supported
11.2.4.7
TPM2B_PRIVATE_KEY_RSA
This sized buffer holds the largest RSA prime number supported by the TPM.
NOTE
All primes are required to have exactly half the number of significant bits as the public modulus , and the
square of each prime is required to have the same number of significant bits as the public modulus.
Table 161 — Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure
Parameter
Type
size
UINT16
buffer[size]{:MAX_RSA_KEY_BYTES/2}
BYTE
Family “2.0”
Level 00 Revision 00.99
Description
Published
Copyright © TCG 2006-2013
Page 119
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.2.5 ECC
11.2.5.1
TPM2B_ECC_PARAMETER
This sized buffer holds the largest ECC parameter (coordinate) supported by the TPM.
Table 162 — Definition of {ECC} TPM2B_ECC_PARAMETER Structure
Parameter
Type
Description
size
UINT16
size of buffer
buffer[size] {:MAX_ECC_KEY_BYTES}
BYTE
the parameter data
11.2.5.2
TPMS_ECC_POINT
This structure holds two ECC coordinates that, together, make up an ECC point.
Table 163 — Definition of {ECC} TPMS_ECC_POINT Structure
Parameter
Type
Description
x
TPM2B_ECC_PARAMETER
X coordinate
y
TPM2B_ECC_PARAMETER
Y coordinate
11.2.5.3
TPM2B_ECC_POINT
This structure is defined to allow a point to be a single sized parameter so that it may be encrypted.
NOTE
If the point is to be omitted, the X and Y coordinates need to be individual ly set to Empty Buffers. The
minimum value for size will be four. It is checked indirectly by unmarshaling of the TPMS_ECC_POINT. If
the type of point were BYTE, then size could have been zero. However, this would complicate the process
of marshaling the structure.
Table 164 — Definition of {ECC} TPM2B_ECC_POINT Structure
Parameter
Type
Description
size=
UINT16
size of the remainder of this structure
point
TPMS_ECC_POINT
coordinates
error returned if the unmarshaled size of point is
not exactly equal to size
#TPM_RC_SIZE
Page 120
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
11.2.5.4
Part 2: Structures
TPMI_ALG_ECC_SCHEME
Table 165 — Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type
Values
Comments
TPM_ALG_ECDSA
these are the selections allowed for an ECC key
TPM_ALG_SM2
TPM_ALG_ECDAA
TPM_ALG_ECSCHNORR
TPM_ALG_ECDH
+TPM_ALG_NULL
#TPM_RC_SCHEME
11.2.5.5
TPMI_ECC_CURVE
The ECC curves implemented by the TPM.
NOTE
The definition of ECC_CURVES used in the reference implementation is found in Annex B
Table 166 — Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type
Parameter
Description
$ECC_CURVES
the list of implemented curves
#TPM_RC_CURVE
error when curve is not supported
11.2.5.6
TPMT_ECC_SCHEME
Table 167 — Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure
Parameter
Type
Description
scheme
+TPMI_ALG_ECC_SCHEME
scheme selector
[scheme]details
TPMU_SIG_SCHEME
scheme parameters
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 121
October 31, 2013
�Part 2: Structures
11.2.5.7
Trusted Platform Module Library
TPMS_ALGORITHM_DETAIL_ECC
This structure is used to report on the curve parameters of an ECC curve. It is returned by
TPM2_ECC_Parameters().
Table 168 — Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure <OUT>
Parameter
Type
Description
curveID
TPM_ECC_CURVE
identifier for the curve
keySize
UINT16
Size in bits of the key
kdf
TPMT_KDF_SCHEME
the default KDF and hash algorithm used in secret sharing
operations
sign
TPMT_ECC_SCHEME+
If not TPM_ALG_NULL, this is the mandatory signature
scheme that is required to be used with this curve.
p
TPM2B_ECC_PARAMETER
Fp (the modulus)
a
TPM2B_ECC_PARAMETER
coefficient of the linear term in the curve equation
b
TPM2B_ECC_PARAMETER
constant term for curve equation
gX
TPM2B_ECC_PARAMETER
x coordinate of base point G
gY
TPM2B_ECC_PARAMETER
y coordinate of base point G
n
TPM2B_ECC_PARAMETER
order of G
h
TPM2B_ECC_PARAMETER
cofactor (a size of zero indicates a cofactor of 1)
11.3 Signatures
11.3.1 TPMS_SIGNATURE_RSASSA
Table 169 — Definition of {RSA} TPMS_SIGNATURE_RSASSA Structure
Parameter
Type
Description
hash
TPMI_ALG_HASH
the hash algorithm used to digest the message
TPM_ALG_NULL is not allowed.
sig
TPM2B_PUBLIC_KEY_RSA
The signature is the size of a public key.
11.3.2 TPMS_SIGNATURE_RSAPSS
When the TPM generates a PSS signature, the salt size is the largest size allowed by the key and hash
combination.
EXAMPLE
For a 2,048-bit public modulus key and SHA1 hash, the salt size is 256 – 20 – 2 = 234 octets.
NOTE
While this is significantly larger than required from a securit y perspective, it avoids issues of whether a
particular size of salt value is sufficient.
Page 122
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 170 — Definition of {RSA} TPMS_SIGNATURE_RSAPSS Structure
Parameter
Type
Description
hash
TPMI_ALG_HASH
the hash algorithm used in the signature process
TPM_ALG_NULL is not allowed.
sig
TPM2B_PUBLIC_KEY_RSA
The signature is the size of a public key.
11.3.3 TPMS_SIGNATURE_ECDSA
Table 171 — Definition of {ECC} TPMS_SIGNATURE_ECDSA Structure
Parameter
Type
Description
hash
TPMI_ALG_HASH
the hash algorithm used in the signature process
TPM_ALG_NULL is not allowed.
signatureR
TPM2B_ECC_PARAMETER
signatureS
TPM2B_ECC_PARAMETER
11.3.4 TPMU_SIGNATURE
A TPMU_SIGNATURE_COMPOSITE is a union of the various signatures that is supported by a particular
TPM implementation. The union allows substitution of any signature algorithm wherever a signature is
required in a structure. Table 172 is an illustration of a TPMU_SIGNATURE for a TPM that implements
both RSA and ECC signing.
NOTE 1
All TPM are required to support a hash algorithm and the HMAC algorithm.
When a symmetric algorithm is used for signing, the signing algorithm is assumed to be an HMAC based
on the indicated hash algorithm. The HMAC key will either be referenced as part of the usage or will be
implied by context.
NOTE 2
The table below is illustrative. It would be modified to reflect the signatures produced by the TPM.
Table 172 — Definition of TPMU_SIGNATURE Union <IN/OUT, S>
Parameter
Type
Selector
Description
rsassa
TPMS_SIGNATURE_RSASSA
TPM_ALG_RSASSA
a PKCS#1v1.5 signature
rsapss
TPMS_SIGNATURE_RSAPSS
TPM_ALG_RSAPSS
a PKCS#1v2.1PSS signature
ecdsa
TPMS_SIGNATURE_ECDSA
TPM_ALG_ECDSA
an ECDSA signature
sm2
TPMS_SIGNATURE_ECDSA
TPM_ALG_SM2
same format as ECDSA
ecdaa
TPMS_SIGNATURE_ECDSA
TPM_ALG_ECDAA
same format as ECDSA
ecschnorr
TPMS_SIGNATURE_ECDSA
TPM_ALG_ECSCHNORR
same format as ECDSA
hmac
TPMT_HA
TPM_ALG_HMAC
HMAC signature (required to
be supported)
any
TPMS_SCHEME_SIGHASH
null
Family “2.0”
Level 00 Revision 00.99
used to access the hash
TPM_ALG_NULL
Published
Copyright © TCG 2006-2013
the NULL signature
Page 123
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
11.3.5 TPMT_SIGNATURE
Table 173 shows the basic algorithm-agile structure when a symmetric or asymmetric signature is
indicated. The sigAlg parameter indicates the algorithm used for the signature. This structure is output
from the attestation commands and is an input to TPM2_VerifySignature(), TPM2_PolicySigned(), and
TPM2_FieldUpgradeStart().
Table 173 — Definition of TPMT_SIGNATURE Structure
Parameter
Type
Description
sigAlg
+TPMI_ALG_SIG_SCHEME
selector of the algorithm used to construct the signature
[sigAlg]signature
TPMU_SIGNATURE
This shall be the actual signature information.
11.4 Key/Secret Exchange
11.4.1 Introduction
The structures in this clause are used when a key or secret is being exchanged. The exchange may be in
TPM2_StartAuthSession() where the secret is injected for salting the session,
TPM2_Duplicate(), TPM2_Import, or TPM2_Rewrap() where the secret is the symmetric encryption
key for the outer wrapper of a duplication blob, or
TPM2_ActivateIdentity() or TPM2_CreateIdentity() where the secret is the symmetric encryption key
for the credential blob.
Particulars are described in Part 1.
11.4.2 TPMU_ENCRYPTED_SECRET
This structure is used to hold either an ephemeral public point for ECDH, an OAEP-encrypted block for
RSA, or a symmetrically encrypted value. This structure is defined for the limited purpose of determining
the size of a TPM2B_ENCRYPTED_SECRET.
The symmetrically encrypted value may use either CFB or XOR encryption.
NOTE
Table 174 is illustrative. It would be modified depending on the algorithms supported in the TPM.
Table 174 — Definition of TPMU_ENCRYPTED_SECRET Union <S>
Parameter
Type
Selector
ecc[sizeof(TPMS_ECC_POINT)]
BYTE
TPM_ALG_ECC
rsa[MAX_RSA_KEY_BYTES]
BYTE
TPM_ALG_RSA
symmetric[sizeof(TPM2B_DIGEST)]
BYTE
TPM_ALG_SYMCIPHER
keyedHash[sizeof(TPM2B_DIGEST)]
BYTE
TPM_ALG_KEYEDHASH
Page 124
October 31, 2013
Published
Copyright © TCG 2006-2013
Description
Any symmetrically encrypted
secret value will be limited to
be no larger than a digest.
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
11.4.3 TPM2B_ENCRYPTED_SECRET
Table 175 — Definition of TPM2B_ENCRYPTED_SECRET Structure
Parameter
Type
Description
size
UINT16
size of the secret value
secret[size] {:sizeof(TPMU_ENCRYPTED_SECRET)}
BYTE
secret
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 125
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
12 Key/Object Complex
12.1 Introduction
An object description requires a TPM2B_PUBLIC structure and may require a TPMT_SENSITIVE
structure. When the structure is stored off the TPM, the TPMT_SENSITIVE structure is encrypted within a
TPM2B_PRIVATE structure.
When the object requires two components for its description, those components are loaded as separate
parameters in the TPM2_Load() command. When the TPM creates an object that requires both
components, the TPM will return them as separate parameters from the TPM2_Create() operation.
The TPM may produce multiple different TPM2B_PRIVATE structures for a single TPM2B_PUBLIC
structure. Creation of a modified TPM2B_PRIVATE structure requires that the full structure be loaded with
the TPM2_Load() command, modification of the TPMT_SENSITIVE data, and output of a new
TPM2B_PRIVATE structure.
12.2 Public Area Structures
12.2.1 Description
This clause defines the TPM2B_PUBLIC structure and the higher-level substructure that may be
contained in a TPM2B_PUBLIC. The higher-level structures that are currently defined for inclusion in a
TPM2B_PUBLIC are the
structures for asymmetric keys,
structures for symmetric keys, and
structures for sealed data.
12.2.2 TPMI_ALG_PUBLIC
Table 176 — Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type
Values
Comments
TPM_ALG_KEYEDHASH
required of all TPM
TPM_ALG_SYMCIPHER
required of all TPM
TPM_ALG_RSA
At least one asymmetric algorithm shall be implemented.
TPM_ALG_ECC
At least one asymmetric algorithm shall be implemented.
#TPM_RC_TYPE
response code when a public type is not supported
12.2.3 Type-Specific Parameters
12.2.3.1
Description
The public area contains two fields (parameters and unique) that vary by object type. The parameters
field varies according to the type of the object but the contents may be the same across multiple
instances of a particular type. The unique field format also varies according to the type of the object and
will also be unique for each instance.
Page 126
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
For a symmetric key (type == TPM_ALG_SYMCIPHER), HMAC key (type == TPM_ALG_KEYEDHASH)
or data object (also, type == TPM_ALG_KEYEDHASH), the contents of unique shall be computed from
components of the sensitive area of the object as follows:
unique ≔ HnameAlg(seedValue || sensitive)
(8)
where
HnameAlg()
the hash algorithm used to compute the Name of the object
seedValue
the digest-sized obfuscation value in the sensitive area of a symmetric
key
or
symmetric
data
object
found
in
a
TPMT_SENSITIVE.seedValue.buffer
sensitive
the
secret
key/data
of
TPMT_SENSITIVE.sensitive.any.buffer
12.2.3.2
the
object
in
the
TPMU_PUBLIC_ID
Table 177 — Definition of TPMU_PUBLIC_ID Union <IN/OUT, S>
Parameter
Type
Selector
keyedHash
TPM2B_DIGEST
TPM_ALG_KEYEDHASH
sym
TPM2B_DIGEST
TPM_ALG_SYMCIPHER
rsa
TPM2B_PUBLIC_KEY_RSA
TPM_ALG_RSA
ecc
TPMS_ECC_POINT
TPM_ALG_ECC
12.2.3.3
Description
TPMS_KEYEDHASH_PARMS
This structure describes the parameters that would appear in the public area of a KEYEDHASH object.
Note
Although the names are the same, the types of the structures are not the same as for asymmetric
parameter lists.
Table 178 — Definition of TPMS_KEYEDHASH_PARMS Structure
Parameter
Type
Description
scheme
TPMT_KEYEDHASH_SCHEME+
Indicates the signing method used for a keyedHash signing
object. This field also determines the size of the data field for a
data object created with TPM2_Create(). This field shall not be set
to TPM_ALG_NULL in a template if either sign or encrypt is SET.
12.2.3.4
TPMS_ASYM_PARMS
This structure contains the common public area parameters for an asymmetric key. The first two
parameters of the parameter definition structures of an asymmetric key shall have the same two first
components.
NOTE
The sign parameter may have a different type in order to allow different schemes to be selected for each
asymmetric type but the first parameter of each scheme definition shall be a TPM_ALG_ID for a valid
signing scheme.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 127
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Table 179 — Definition of TPMS_ASYM_PARMS Structure <>
Parameter
Type
Description
symmetric
TPMT_SYM_DEF_OBJECT+
the companion symmetric algorithm for a restricted
decryption key and shall be set to a supported symmetric
algorithm
This field is optional for keys that are not decryption keys
and shall be set to TPM_ALG_NULL if not used.
scheme
TPMT_ASYM_SCHEME+
for a key with the sign attribute SET, a valid signing
scheme for the key type
for a key with the decrypt attribute SET, a valid key
exchange protocol
for a key with sign and decrypt attributes, shall be
TPM_ALG_NULL
12.2.3.5
TPMS_RSA_PARMS
A TPM compatible with this specification and supporting RSA shall support numPrimes of two and an
exponent of zero. Support for other values is optional. Use of other exponents in duplicated keys is not
recommended because the resulting keys would not be interoperable with other TPMs.
NOTE 1
Implementations are not required to check that exponent is the default exponent. They may fail to load the
key if exponent is not zero. The reference implementation allows the values listed in the table.
Table 180 — Definition of {RSA} TPMS_RSA_PARMS Structure
Parameter
Type
Description
symmetric
TPMT_SYM_DEF_OBJECT+ for a restricted decryption key, shall be set to a
supported symmetric algorithm, key size, and mode.
if the key is not a restricted decryption key, this field
shall be set to TPM_ALG_NULL.
scheme
TPMT_RSA_SCHEME+
for a signing key, shall be either TPM_ALG_RSAPSS
TPM_ALG_RSASSA or TPM_ALG_NULL
for an unrestricted decryption key, shall be
TPM_ALG_RSAES,
TPM_ALG_OAEP,
or
TPM_ALG_NULL unless the object also has the sign
attribute
for a restricted decryption key, this field shall be
TPM_ALG_NULL
NOTE
keyBits
When both sign and decrypt are SET, restricted
shall be CLEAR and scheme shall be
TPM_ALG_NULL.
TPMI_RSA_KEY_BITS
number of bits in the public modulus
UINT32
the public exponent
A prime number greater than 2.
When zero, indicates that the exponent is the default
16
of 2 + 1
#TPM_RC_KEY_SIZE
exponent
#TPM_RC_VALUE
Page 128
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
12.2.3.6
Part 2: Structures
TPMS_ECC_PARMS
This structure contains the parameters for prime modulus ECC.
Table 181 — Definition of {ECC} TPMS_ECC_PARMS Structure
Parameter
Type
Description
symmetric
TPMT_SYM_DEF_OBJECT+
for a restricted decryption key, shall be set to a supported
symmetric algorithm, key size. and mode.
if the key is not a restricted decryption key, this field shall be
set to TPM_ALG_NULL.
scheme
TPMT_ECC_SCHEME+
If the sign attribute of the key is SET, then this shall be a valid
signing scheme.
NOTE
If the sign parameter in curveID indicates a mandatory
scheme, then this field shall have the same value.
If the decrypt attribute of the key is SET, then this shall be a
valid key exchange scheme or TPM_ALG_NULL.
If the key is a Storage Key, then this field shall be
TPM_ALG_NULL.
curveID
TPMI_ECC_CURVE
ECC curve ID
kdf
TPMT_KDF_SCHEME+
an optional key derivation scheme for generating a symmetric
key from a Z value
If the kdf
parameter associated with curveID is not
TPM_ALG_NULL then this is required to be NULL.
NOTE
12.2.3.7
There are currently no commands where this parameter
has effect and, in the reference code, this field needs to
be set to TPM_ALG_NULL.
TPMU_PUBLIC_PARMS
Table 182 defines the possible parameter definition structures that may be contained in the public portion
of a key.
Table 182 — Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S>
Parameter
Type
(1)
Selector
Description
keyedHashDetail TPMS_KEYEDHASH_PARMS
TPM_ALG_KEYEDHASH
sign | encrypt | neither
symDetail
TPMS_SYMCIPHER_PARMS
TPM_ALG_SYMCIPHER
a symmetric block cipher
rsaDetail
TPMS_RSA_PARMS
TPM_ALG_RSA
decrypt + sign
(2)
eccDetail
TPMS_ECC_PARMS
TPM_ALG_ECC
decrypt + sign
(2)
asymDetail
TPMS_ASYM_PARMS
common scheme structure
for RSA and ECC keys
NOTES
1)
Description column indicates which of TPMA_OBJECT.decrypt or TPMA_OBJECT.sign may be set.
2)
“+” indicates that both may be set but one shall be set. “|” indicates the optional settings.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 129
October 31, 2013
�Part 2: Structures
12.2.3.8
Trusted Platform Module Library
TPMT_PUBLIC_PARMS
This structure is used in TPM2_TestParms() to validate that a set of algorithm parameters is supported by
the TPM.
Table 183 — Definition of TPMT_PUBLIC_PARMS Structure
Parameter
Type
Description
type
TPMI_ALG_PUBLIC
the algorithm to be tested
[type]parameters
TPMU_PUBLIC_PARMS the algorithm details
12.2.4 TPMT_PUBLIC
Table 184 defines the public area structure. The Name of the object is nameAlg concatenated with the
digest of this structure using nameAlg.
Table 184 — Definition of TPMT_PUBLIC Structure
Parameter
Type
Description
type
TPMI_ALG_PUBLIC
“algorithm” associated with this object
nameAlg
+TPMI_ALG_HASH
algorithm used for computing the Name of the object
NOTE
The "+" indicates that the instance of a TPMT_PUBLIC may have
a "+" to indicate that the nameAlg may be TPM_ALG_NULL.
objectAttributes
TPMA_OBJECT
attributes that, along with type, determine the manipulations of this
object
authPolicy
TPM2B_DIGEST
optional policy for using this key
The policy is computed using the nameAlg of the object.
NOTE
Shall be the Empty Buffer if no authorization policy is present.
[type]parameters
TPMU_PUBLIC_PARMS the algorithm or structure details
[type]unique
TPMU_PUBLIC_ID
Page 130
October 31, 2013
the unique identifier of the structure
For an asymmetric key, this would be the public key.
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
12.2.5 TPM2B_PUBLIC
This sized buffer is used to embed a TPMT_PUBLIC in a command.
Table 185 — Definition of TPM2B_PUBLIC Structure
Parameter
Type
Description
size=
UINT16
size of publicArea
NOTE
publicArea
+TPMT_PUBLIC
The “=” will force the TPM to try to unmarshal a
TPMT_PUBLIC and check that the unmarshaled size
matches the value of size. If all the required fields of
a TPMT_PUBLIC are not present, the TPM will return
an error (generally TPM_RC_SIZE) when attempting
to unmarshal the TPMT_PUBLIC.
the public area
NOTE
The “+” indicates that the caller may specify that use
of TPM_ALG_NULL is allowed for nameAlg.
12.3 Private Area Structures
12.3.1 Introduction
The structures in 12.3 define the contents and construction of the private portion of a TPM object. A
TPM2B_PRIVATE along with a TPM2B_PUBLIC are needed to describe a TPM object.
A TPM2B_PRIVATE area may be encrypted by different symmetric algorithms or, in some cases, not
encrypted at all.
12.3.2 Sensitive Data Structures
12.3.2.1
Introduction
The structures in 12.3.2 define the presumptive internal representations of the sensitive areas of the
various entities. A TPM may store the sensitive information in any desired format but when constructing a
TPM_PRIVATE, the formats in this clause shall be used.
12.3.2.2
TPM2B_PRIVATE_VENDOR_SPECIFIC
This structure is defined for coding purposes. For IO to the TPM, the sensitive portion of the key will be in
a canonical form. For an RSA key, this will be one of the prime factors of the public modulus. After
loading, it is typical that other values will be computed so that computations using the private key will not
need to start with just one prime factor. This structure allows the vendor-specific structure to use the
space of the
The value for RSA_VENDOR_SPECIFIC is determined by the vendor.
Table 186 — Definition of {RSA} TPM2B_PRIVATE_VENDOR_SPECIFIC Structure<>
Parameter
Type
size
UINT16
buffer[size]{:PRIVATE_VENDOR_SPECIFIC_BYTES}
BYTE
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Description
Page 131
October 31, 2013
�Part 2: Structures
12.3.2.3
Trusted Platform Module Library
TPMU_SENSITIVE_COMPOSITE
Table 187 — Definition of TPMU_SENSITIVE_COMPOSITE Union <IN/OUT, S>
Parameter
Type
Selector
Description
rsa
TPM2B_PRIVATE_KEY_RSA
TPM_ALG_RSA
a prime factor of the public
key
ecc
TPM2B_ECC_PARAMETER
TPM_ALG_ECC
the integer private key
bits
TPM2B_SENSITIVE_DATA
TPM_ALG_KEYEDHASH
the private data
sym
TPM2B_SYM_KEY
TPM_ALG_SYMCIPHER
the symmetric key
any
TPM2B_PRIVATE_VENDOR_SPECIFIC
12.3.2.4
vendor-specific size for key
storage
TPMT_SENSITIVE
Table 188 — Definition of TPMT_SENSITIVE Structure
Parameter
Type
Description
sensitiveType
TPMI_ALG_PUBLIC
identifier for the sensitive area
This shall be the same as the type parameter of the
associated public area.
authValue
TPM2B_AUTH
user authorization data
The authValue may be a zero-length string.
This value shall not be larger than the size of the
digest produced by the nameAlg of the object.
seedValue
TPM2B_DIGEST
for asymmetric key object, the optional protection
seed; for other objects, the obfuscation value
This value shall not be larger than the size of the
digest produced by nameAlg of the object.
[sensitiveType]sensitive
TPMU_SENSITIVE_COMPOSITE
the type-specific private data
12.3.3 TPM2B_SENSITIVE
The TPM2B_SENSITIVE structure is used as a parameter in TPM2_LoadExternal(). It is an unencrypted
sensitive area but it may be encrypted using parameter encryption.
NOTE
When this structure is unmarshaled, the size of the sensitiveType determines what type of value is
unmarshaled. Each value of sensitiveType is associated with a TPM2B. It is the maximum size for each of
the TPM2B values will determine if the unmarshal operation is successful . Since there is no selector for
the any or vendor options for the union, the maximum input and output sizes for a TMP2B_SENSITIVE
are not affected by the sizes of those parameters.
Table 189 — Definition of TPM2B_SENSITIVE Structure <IN/OUT>
Parameter
Type
Description
size
UINT16
size of the private structure
sensitiveArea
TPMT_SENSITIVE
an unencrypted sensitive area
Page 132
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
12.3.4 Encryption
A TPMS_SENSITIVE is the input to the encryption process. All TPMS_ENCRYPT structures are CFBencrypted using a key and Initialization Vector (IV) that are derived from a seed value.
The method of generating the key and IV is described in “Protected Storage” subclause “Symmetric
Encryption.” in Part 1.
12.3.5 Integrity
The integrity computation is used to ensure that a protected object is modified when stored in memory
outside of the TPM.
The method of protecting the integrity of the sensitive area is described in “Protected Storage” subclause
“Integrity” in Part 1.
12.3.6 _PRIVATE
This structure is defined to size the contents of a TPM2B_PRIVATE. This structure is not directly
marshaled or unmarshaled.
For TPM2_Duplicate() and TPM2_Import(), the TPM2B_PRIVATE may contain multiply encrypted data
and two integrity values. In some cases, the sensitive data is not encrypted and the integrity value is not
present.
For TPM2_Load() and TPM2_Create(), integrityInner is always present.
If integrityInner is present, it and sensitive are encrypted as a single block.
When an integrity value is not needed, it is not present and it is not represented by an Empty Buffer.
Table 190 — Definition of _PRIVATE Structure <>
Parameter
Type
Description
integrityOuter
TPM2B_DIGEST
integrityInner
TPM2B_DIGEST
could also be a TPM2B_IV
sensitive
TPMT_SENSITIVE
the sensitive area
12.3.7 TPM2B_PRIVATE
The TPM2B_PRIVATE structure is used as a parameter in multiple commands that create, load, and
modify the sensitive area of an object.
Table 191 — Definition of TPM2B_PRIVATE Structure <IN/OUT, S>
Parameter
Type
Description
size
UINT16
size of the private structure
buffer[size] {:sizeof(_PRIVATE)}
BYTE
an encrypted private area
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 133
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
12.4 Identity Object
12.4.1 Description
An identity object is used to convey credential protection value (CV) to a TPM that can load the object
associated with the object. The CV is encrypted to a storage key on the target TPM, and if the credential
integrity checks and the proper object is loaded in the TPM, then the TPM will return the CV.
12.4.2 _ID_OBJECT
This structure is used for sizing the TPM2_ID_OBJECT.
Table 192 — Definition of _ID_OBJECT Structure <>
Parameter
Type
Description
integrityHMAC
TPM2B_DIGEST
HMAC using the nameAlg of the storage key on the target
TPM
encIdentity
TPM2B_DIGEST
credential protector information returned if name matches the
referenced object
All of the encIdentity is encrypted, including the size field.
NOTE
The TPM is not required to check that the size is not larger
than the digest of the nameAlg. However, if the size is
larger, the ID object may not be usable on a TPM that has
no digest larger than produced by nameAlg.
12.4.3 TPM2B_ID_OBJECT
This structure is an output from TPM2_MakeCredential() and is an input to TPM2_ActivateCredential().
Table 193 — Definition of TPM2B_ID_OBJECT Structure <IN/OUT>
Parameter
Type
Description
size
UINT16
size of the credential structure
credential[size]{:sizeof(_ID_OBJECT)}
BYTE
an encrypted credential area
Page 134
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
13 NV Storage Structures
13.1 TPM_NV_INDEX
A TPM_NV_INDEX is used to reference a defined location in NV memory. The format of the Index is
changed from TPM 1.2 in order to include the Index in the reserved handle space. Handles in this range
use the digest of the public area of the Index as the Name of the entity in authorization computations
The 32-bit TPM 1.2 NV Index format is shown in Figure 4. In order to allow the Index to fit into the 24 bits
available in the reserved handle space, the Index value format is changed as shown in Figure 5.
3 3 2 2 2 2 2 2 2
1 0 9 8 7 6 5 4 3
1 1
6 5
T P U D reserved
0
0
Purview
Index
Figure 4 — TPM 1.2 TPM_NV_INDEX
3
1
2 2
4 3
0
0
TPM_HT_NV_INDEX
Index
Figure 5 — TPM 2.0 TPM_NV_INDEX
NOTE
This TPM_NV_INDEX format does not retain the Purview field and the D bit is not a part of an Index
handle as in TPM 1.2. The TPMA_NV_PLATFORMCREATE attribute is a property of an Index that
provides functionality similar to the D bit.
A valid Index handle will have an MSO of TPM_HT_NV_INDEX.
NOTE
This structure is not used. It is defined here to indicate how the fields of the handle are assigned. The
exemplary unmarshaling code unmarshals a TPM_HANDLE and validates that it is in the range for a
TPM_NV_INDEX.
Table 194 — Definition of (UINT32) TPM_NV_INDEX Bits <>
Bit
Name
Definition
23:0
index
The index of the NV location
31:24
RH_NV
constant value of TPM_HT_NV_INDEX indicating the NV Index range
#TPM_RC_VALUE
response code returned if unmarshaling of this type fails because the handle
value is incorrect
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 135
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Table 195 — Options for space Field of TPM_NV_INDEX
Some prior versions of this specification contained a table here that assigned subsets of the index field to
different entities. Since this assignment was a convention and not an architectural element of the TPM,
the table was removed and the information is now contained in a registry document that is maintained by
the TCG.
13.2 TPMA_NV (NV Index Attributes)
This structure allows the TPM to keep track of the data and permissions to manipulate an NV Index.
The platform controls (TPMA_NV_PPWRITE and TPMA_NV_PPREAD) and owner controls
(TPMA_NV_OWNERWRITE and TPMA_NV_OWNERREAD) give the platform and owner access to NV
Indexes using platformAuth or ownerAuth rather than the authValue or authPolicy of the Index.
If access to an NV Index is to be restricted based on PCR, then an appropriate authPolicy shall be
provided.
NOTE
platformAuth or ownerAuth can be provided in any type of authorization session or as a password.
If TPMA_NV_AUTHREAD is SET, then the Index may be read if the Index authValue is provided. If
TPMA_NV_POLICYREAD is SET, then the Index may be read if the Index authPolicy is satisfied.
At least one of TPMA_NV_PPREAD,
TPMA_NV_POLICYREAD shall be SET.
TPMA_NV_OWNERREAD,
TPMA_NV_AUTHREAD,
or
If TPMA_NV_AUTHWRITE is SET, then the Index may be written if the Index authValue is provided. If
TPMA_NV_POLICYWRITE is SET, then the Index may be written if the Index authPolicy is satisfied.
At least one of TPMA_NV_PPWRITE, TPMA_NV_OWNERWRITE TPMA_NV_AUTHWRITE, or
TPMA_NV_POLICYWRITE shall be SET.
If TPMA_NV_WRITELOCKED is SET, then the Index may not be written. If TPMA_NV_WRITEDEFINE is
SET, TPMA_NV_WRITELOCKED may not be CLEAR except by deleting and redefining the Index. If
TPMA_NV_WRITEDEFINE is CLEAR, then TPMA_NV_WRITELOCK will be CLEAR on the next
TPM2_Startup(TPM_SU_CLEAR).
If TPMA_NV_READLOCKED is SET, then the Index may not be read. TPMA_NV_READLOCK will be
CLEAR on the next TPM2_Startup(TPM_SU_CLEAR).
NOTE
The TPM is expected to maintain indicators to indicate that the Index is temporarily locked. The state of
these indicators is reported in the TPMA_NV_READLOCKED and TPMA_NV_WRITELOCKED attributes.
If TPMA_NV_EXTEND is SET, then writes to the Index will cause an update of the Index using the extend
operation with the nameAlg used to create the digest.
Only one of TPMA_NV_EXTEND, TPMA_NV_COUNTER, or TPMA_NV_BITS may be set.
When
the
Index
is
created
(TPM2_NV_DefineSpace()),
TPMA_NV_WRITELOCKED,
TPMA_NV_READLOCKED, TPMA_NV_WRITTEN shall all be CLEAR in the parameter that defines the
attributes of the created Index.
Page 136
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Table 196 — Definition of (UINT32) TPMA_NV Bits
Bit
Name
Description
0
TPMA_NV_PPWRITE
SET (1): The Index data can be written if platformAuth is provided.
CLEAR (0): Writing of the Index data cannot be authorized with
platformAuth.
1
TPMA_NV_OWNERWRITE
SET (1): The Index data can be written if ownerAuth is provided.
CLEAR (0): Writing of the Index data cannot be authorized with
ownerAuth.
2
TPMA_NV_AUTHWRITE
SET (1): Authorizations to change the Index contents that require
USER role may be provided with an HMAC session or password.
CLEAR (0): Authorizations to change the Index contents that require
USER role may not be provided with an HMAC session or password.
3
TPMA_NV_POLICYWRITE
SET (1): Authorizations to change the Index contents that require
USER role may be provided with a policy session.
CLEAR (0): Authorizations to change the Index contents that require
USER role may not be provided with a policy session.
NOTE
TPM2_NV_ChangeAuth() always requires that authorization be
provided in a policy session.
4
TPMA_NV_COUNTER
SET (1): Index contains an 8-octet value that is to be used as a
counter and can only be modified with TPM2_NV_Increment().
CLEAR (0): The Index is not a counter.
5
TPMA_NV_BITS
SET (1): Index contains an 8-octet value to be used as a bit field and
can only be modified with TPM2_NV_SetBits().
CLEAR (0): The Index is not a bit field.
6
TPMA_NV_EXTEND
SET (1): Index contains a digest-sized value used like a PCR. The
Index may only be modified using TPM2_NV_Extend. The extend will
use the nameAlg of the Index.
CLEAR (0): Index is not a PCR.
9:7
Reserved
shall be zero
reserved for use in defining additional write controls
10
TPMA_NV_POLICY_DELETE
SET (1): Index may not be deleted unless the authPolicy is satisfied.
CLEAR (0): Index may be deleted with proper platform or owner
authorization.
11
TPMA_NV_WRITELOCKED
SET (1): Index cannot be written.
CLEAR (0): Index can be written.
12
TPMA_NV_WRITEALL
SET (1): A partial write of the Index data is not allowed. The write
size shall match the defined space size.
CLEAR (0): Partial writes are allowed. This setting is required if
TPMA_NV_BITS is SET.
13
TPMA_NV_WRITEDEFINE
SET (1): TPM2_NV_WriteLock() may be used to prevent further
writes to this location.
CLEAR (0): TPM2_NV_WriteLock() does not block subsequent
writes.
14
TPMA_NV_WRITE_STCLEAR
SET (1): TPM2_NV_WriteLock() may be used to prevent further
writes to this location until the next TPM Reset or TPM Restart.
CLEAR (0): A write to this Index with a data size of zero does not
change the write access.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 137
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Bit
Name
Description
15
TPMA_NV_GLOBALLOCK
SET (1): If TPM2_NV_GlobalWriteLock() is successful, then further
writes to this location are not permitted until the next TPM Reset or
TPM Restart.
CLEAR (0): TPM2_NV_GlobalWriteLock() has no effect on the
writing of the data at this Index.
16
TPMA_NV_PPREAD
SET (1): The Index data can be read if platformAuth is provided.
CLEAR (0): Reading of the Index data cannot be authorized with
platformAuth.
17
TPMA_NV_OWNERREAD
SET (1): The Index data can be read if ownerAuth is provided.
CLEAR (0): Reading of the Index data cannot be authorized with
ownerAuth.
18
TPMA_NV_AUTHREAD
SET (1): The Index data may be read if the authValue is provided.
CLEAR (0): Reading of the Index data cannot be authorized with the
Index authValue.
19
TPMA_NV_POLICYREAD
SET (1): The Index data may be read if the authPolicy is satisfied.
CLEAR (0): Reading of the Index data cannot be authorized with the
Index authPolicy.
Reserved
shall be zero
reserved for use in defining additional read controls
25
TPMA_NV_NO_DA
SET (1): Authorization failures of the Index do not affect the DA logic
and authorization of the Index is not blocked when the TPM is in
Lockout mode.
CLEAR (0): Authorization failures of the Index will increment the
authorization failure counter and authorizations of this Index are not
allowed when the TPM is in Lockout mode.
26
TPMA_NV_ORDERLY
SET (1): NV Index state is only required to be saved when the TPM
performs an orderly shutdown (TPM2_Shutdown()). Only an Index
with TPMA_NV_COUNTER SET may have this setting.
CLEAR (0): NV Index state is required to be persistent after the
command to update the Index completes successfully (that is, the NV
update is synchronous with the update command).
27
TPMA_NV_CLEAR_STCLEAR
SET (1): TPMA_NV_WRITTEN for the Index is CLEAR by TPM
Reset or TPM Restart.
CLEAR (0): TPMA_NV_WRITTEN is not changed by TPM Restart.
24:20
NOTE
This attribute may only be SET if TPMA_NV_COUNTER is not
SET.
NOTE
If the TPMA_NV_ORDERLY is SET, TPMA_NV_WRITTEN will
be CLEAR by TPM Reset.
28
TPMA_NV_READLOCKED
SET (1): Reads of the Index are blocked until the next TPM Reset or
TPM Restart.
CLEAR (0): Reads of the Index are allowed if proper authorization is
provided.
29
TPMA_NV_WRITTEN
SET (1): Index has been written.
CLEAR (0): Index has not been written.
30
TPMA_NV_PLATFORMCREATE
SET (1): This Index may be undefined with platformAuth but not with
ownerAuth.
CLEAR (0): This Index may be undefined using ownerAuth but not
with platformAuth.
The TPM will validate that this attribute is SET when the Index is
defined using platformAuth and will validate that this attribute is
CLEAR when the Index is defined using ownerAuth.
Page 138
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Bit
Name
Description
31
TPMA_NV_READ_STCLEAR
SET (1): TPM2_NV_ReadLock() may be used to SET
TPMA_NV_READLOCKED for this Index.
CLEAR (0): TPM2_NV_ReadLock() has no effect on this Index.
13.3 TPMS_NV_PUBLIC
This structure describes an NV Index.
Table 197 — Definition of TPMS_NV_PUBLIC Structure
Name
Type
Description
nvIndex
TPMI_RH_NV_INDEX
the handle of the data area
nameAlg
TPMI_ALG_HASH
hash algorithm used to compute the name of the
Index and used for the authPolicy
attributes
TPMA_NV
the Index attributes
authPolicy
TPM2B_DIGEST
the access policy for the Index
dataSize{:MAX_NV_INDEX_SIZE}
UINT16
the size of the data area
The
maximum
size is implementationdependent. The minimum maximum size is
platform-specific.
#TPM_RC_SIZE
response code returned when the requested size
is too large for the implementation
13.4 TPM2B_NV_PUBLIC
This structure is used when a TPMS_NV_PUBLIC is sent on the TPM interface.
Table 198 — Definition of TPM2B_NV_PUBLIC Structure
Name
Type
Description
size=
UINT16
size of nvPublic
nvPublic
TPMS_NV_PUBLIC
the public area
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 139
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
14 Context Data
14.1 Introduction
This clause defines the contents of the
TPM2_ContextLoad() command parameters.
TPM2_ContextSave()
response
parameters
and
If the parameters provided by the caller in TPM2_ContextLoad() do not match the values returned by the
TPM when the context was saved, the integrity check of the TPM2B_CONTEXT will fail and the object or
session will not be loaded.
14.2 TPM2B_CONTEXT_SENSITIVE
This structure holds the object or session context data. When saved, the full structure is encrypted.
Table 199 — Definition of TPM2B_CONTEXT_SENSITIVE Structure <IN/OUT>
Parameter
Type
size
Description
UINT16
buffer[size]{:MAX_CONTEXT_SIZE} BYTE
the sensitive data
14.3 TPMS_CONTEXT_DATA
This structure holds the integrity value and the encrypted data for a context.
Table 200 — Definition of TPMS_CONTEXT_DATA Structure <IN/OUT, S>
Parameter
Type
Description
integrity
TPM2B_DIGEST
the integrity value
encrypted
TPM2B_CONTEXT_SENSITIVE
the sensitive area
14.4 TPM2B_CONTEXT_DATA
This structure is used in a TPMS_CONTEXT.
Table 201 — Definition of TPM2B_CONTEXT_DATA Structure <IN/OUT>
Parameter
Type
size
Description
UINT16
buffer[size] {:sizeof(TPMS_CONTEXT_DATA)} BYTE
Page 140
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
14.5 TPMS_CONTEXT
This structure is used in TPM2_ContextLoad() and TPM2_ContextSave(). If the values of the
TPMS_CONTEXT structure in TPM2_ContextLoad() are not the same as the values when the context
was saved (TPM2_ContextSave()), then the TPM shall not load the context.
Saved object contexts shall not be loaded as long as the associated hierarchy is disabled.
Saved object contexts are invalidated when the Primary Seed of their hierarchy changes. Objects in the
Endorsement hierarchy are invalidated when either the EPS or SPS is changed.
When an object has the stClear attribute, it shall not be possible to reload the context or any descendant
object after a TPM Reset or TPM Restart.
NOTE 1
The reference implementation prevents reloads after TPM Restart by including the curre nt value of a
clearCount in the saved object context. When an object is loaded, this value is compared with the current
value of the clearCount if the object has the stClear attribute. If the values are not the same, then the
object cannot be loaded.
A sequence value is contained within the integrity-protected part of the saved context. The sequence
value is repeated in the sequence parameter of the TPMS_CONTEXT of the context. The sequence
parameter, along with other values, is used in the generation the protection values of the context.
If the integrity value of the context is valid, but the sequence value of the decrypted context does not
match the value in the sequence parameter, then TPM shall enter the failure mode because this is
indicative of a specific type of attack on the context values.
NOTE 2
If the integrity value is correct, but the decryption fails and produces the wrong value for sequence, this
implies that either the TPM is faulty or an external entity is able to forge an integrity val ue for the context
but they have insufficient information to know what the encryption key of the context. Since the TPM
generated the valid context, then there is no reason for the sequence value in the context to be decrypted
incorrectly other than the TPM is faulty or the TPM is under attack. In either case, it is appropriate for the
TPM to enter failure more.
Table 202 — Definition of TPMS_CONTEXT Structure
Name
Type
Description
sequence
UINT64
the sequence number of the context
NOTE
Transient object contexts and
contexts used different counters.
session
savedHandle
TPMI_DH_CONTEXT
the handle of the session, object or sequence
hierarchy
TPMI_RH_HIERARCHY+
the hierarchy of the context
contextBlob
TPM2B_CONTEXT_DATA
the context data and integrity HMAC
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 141
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
14.6 Parameters of TPMS_CONTEXT
14.6.1 sequence
The sequence parameter is used to differentiate the contexts and to allow the TPM to create a different
encryption key for each context. Objects and sessions use different sequence counters. The sequence
counter for objects (transient and sequence) is incremented when an object context is saved, and the
sequence counter for sessions increments when a session is created or when it is loaded
(TPM2_ContextLoad()). The session sequence number is the contextID counter.
For a session, the sequence number also allows the TRM to find the “older” contexts so that they may be
refreshed if the contextID are too widely separated.
If an input value for sequence is larger than the value used in any saved context, the TPM shall return an
error (TPM_RC_VALUE) and do no additional processing of the context.
If the context is a session context and the input value for sequence is less than the current value of
contextID minus the maximum range for sessions, the TPM shall return an error (TPM_RC_VALUE) and
do no additional processing of the context.
14.6.2 savedHandle
For a session, this is the handle that was assigned to the session when it was saved. For a transient
object, the handle will have one of the values shown in Table 203.
If the handle type for savedHandle is TPM_HT_TRANSIENT, then the low order bits are used to
differentiate static objects from sequence objects.
If an input value for handle is outside of the range of values used by the TPM, the TPM shall return an
error (TPM_RC_VALUE) and do no additional processing of the context.
Table 203 — Context Handle Values
Value
Description
0x02xxxxxx
an HMAC session context
0x03xxxxxx
a policy session context
0x80000000
an ordinary transient object
0x80000001
a sequence object
0x80000002
a transient object with the stClear attribute SET
Page 142
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
14.6.3 hierarchy
This is the hierarchy (TPMI_RH_HIERARCHY) for the saved context and determines the proof value used
in the construction of the encryption and integrity values for the context. For session and sequence
contexts, the hierarchy is TPM_RC_NULL. The hierarchy for a transient object may be TPM_RH_NULL
but it is not required.
14.7 Context Protection
14.7.1 Context Integrity
The integrity of the context blob is protected by an HMAC. The integrity value is constructed such that
changes to the component values will invalidate the context and prevent it from being loaded.
Previously saved contexts for objects in the Platform hierarchy shall not be loadable after the PPS is
changed.
Previously saved contexts for objects in the Storage hierarchy shall not be loadable after the SPS is
changed.
Previously saved contexts for objects in the Endorsement hierarchy shall not be loadable after either the
EPS or SPS is changed.
Previously saved sessions shall not be loadable after the SPS changes.
Previously saved contexts for objects that have their stClear attribute SET shall not be loadable after a
TPM Restart. If a Storage Key has its stClear attribute SET, the descendants of this key shall not be
loadable after TPM Restart.
Previously saved contexts for a session and objects shall not be loadable after a TPM Reset.
A saved context shall not be loaded if its HMAC is not valid. The equation for computing the HMAC for a
context is found in “Context Integrity Protection” in Part 1.
14.7.2 Context Confidentiality
The context data of sessions and objects shall be protected by symmetric encryption using CFB. The
method for computing the IV and encryption key is found in “Context Confidentiality Protection” in Part 1.
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 143
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
15 Creation Data
15.1 TPMS_CREATION_DATA
This structure provides information relating to the creation environment for the object. The creation data
includes the parent Name, parent Qualified Name, and the digest of selected PCR. These values
represent the environment in which the object was created. Creation data allows a relying party to
determine if an object was created when some appropriate protections were present.
When the object is created, the structure shown in Table 204 is generated and a ticket is computed over
this data.
If
the
parent
is
a
permanent
handle
(TPM_RH_OWNER,
TPM_RH_PLATFORM,
TPM_RH_ENDORSEMENT, or TPM_RH_NULL), then parentName and parentQualifiedName will be set
to the parent handle value and parentNameAlg will be TPM_ALG_NULL.
Table 204 — Definition of TPMS_CREATION_DATA Structure <OUT>
Parameter
Type
Description
pcrSelect
TPML_PCR_SELECTION
list indicating the PCR included in pcrDigest
pcrDigest
TPM2B_DIGEST
digest of the selected PCR using nameAlg of the object for
which this structure is being created
pcrDigest.size shall be zero if the pcrSelect list is empty.
locality
TPMA_LOCALITY
the locality at which the object was created
parentNameAlg
TPM_ALG_ID
nameAlg of the parent
parentName
TPM2B_NAME
Name of the parent at time of creation
The size will match digest size associated with parentNameAlg
unless it is TPM_ALG_NULL, in which case the size will be 4
and parentName will be the hierarchy handle.
parentQualifiedName
TPM2B_NAME
Qualified Name of the parent at the time of creation
Size is the same as parentName.
outsideInfo
TPM2B_DATA
association with additional information added by the key
creator
This will be the contents of the outsideInfo parameter in
TPM2_Create() or TPM2_CreatePrimary().
15.2 TPM2B_CREATION_DATA
This structure is created by TPM2_Create() and TPM2_CreatePrimary(). It is never entered into the TPM
and never has a size of zero.
Table 205 — Definition of TPM2B_CREATION_DATA Structure <OUT>
Parameter
Type
Description
size=
UINT16
size of the creation data
creationData
TPMS_CREATION_DATA
Page 144
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Annex A
(informative)
Algorithm Constants
A.1
Introduction
This annex contains constants that are defined by algorithms.
A.2
A.2.1
Allowed Hash Algorithms
SHA1
Table 206 — Defines for SHA1 Hash Values
Name
Value
SHA1_DIGEST_SIZE
20
SHA1_BLOCK_SIZE
64
SHA1_DER_SIZE
Description
15
SHA1_DER
A.2.2
Values are in octets.
{0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,
0x03,0x02,0x1A,0x05,0x00,0x04,0x14}
SHA256
Table 207 — Defines for SHA256 Hash Values
Name
Value
SHA256_DIGEST_SIZE
32
SHA256_BLOCK_SIZE
64
SHA256_DER_SIZE
Description
19
SHA256_DER
A.2.3
Values are in octets.
{0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,
0x00,0x04,0x20}
SHA384
Table 208 — Defines for SHA384 Hash Values
Name
Value
SHA384_DIGEST_SIZE
48
SHA384_BLOCK_SIZE
128
SHA384_DER_SIZE
Description
19
SHA384_DER
Family “2.0”
Level 00 Revision 00.99
Values are in octets.
{0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,
0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,
0x00,0x04,0x30}
Published
Copyright © TCG 2006-2013
Page 145
October 31, 2013
�Part 2: Structures
A.2.4
Trusted Platform Module Library
SHA512
Table 209 — Defines for SHA512 Hash Values
Name
Value
SHA512_DIGEST_SIZE
64
SHA512_BLOCK_SIZE
128
SHA512_DER_SIZE
Description
19
SHA512_DER
A.2.5
Values are in octets.
{0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,
0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,
0x00,0x04,0x40}
SM3_256
Table 210 — Defines for SM3_256 Hash Values
Name
Value
Description
SM3_256_DIGEST_SIZE
32
Values are in octets.
SM3_256_BLOCK_SIZE
64
??
SM3_256_DER_SIZE
18
SM3_256_DER
A.3
{0x30,0x30,0x30,0x0c,0x06,0x08,0x2a,0x81,
0x1c,0x81,0x45,0x01,0x83,0x11,0x05,0x00,
0x04,0x20}
Unknown
Architectural Limits
Table 211 — Defines for Architectural Limits Values
Name
MAX_SESSION_NUMBER
Page 146
October 31, 2013
Value
3
Description
the maximum number of authorization sessions that may be in a
command
This value may be increased if new commands require more than
two authorization handles.
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Annex B
(informative)
Implementation Definitions
B.1
Introduction
This annex contains some of the tables that are used to define the desired implementation for the
automated tools.
NOTE
B.2
The reference implementation assumes that stdint.h is used.
Logic Values
The values in this clause are used to see the generation of the subsequent tables. These values should
not be changed.
Table 212 — Defines for Logic Values
Name
Value
YES
1
NO
0
TRUE
1
FALSE
0
SET
1
CLEAR
Description
0
B.3
Processor Values
These values are used to control generation of octet-swapping routines. The canonical octet ordering for
the TPM input/output buffer is “big endian” with the most significant octet of any datum at the lowest
address.
NOTE
The setting for the exemplar is for the x86 family of processor.
Table 213 — Defines for Processor Values
Name
Value
Description
BIG_ENDIAN_TPM
NO
set to YES or NO according to the processor
LITTLE_ENDIAN_TPM
YES
set to YES or NO according to the processor
NOTE
NO_AUTO_ALIGN
NO
set to YES if the processor does not allow unaligned accesses
NOTE
Family “2.0”
Level 00 Revision 00.99
BIG_ENDIAN and LITTLE_ENDIAN shall be set to opposite values.
If LITTLE_ENDIAN is YES, then the setting of this value has no effect.
Published
Copyright © TCG 2006-2013
Page 147
October 31, 2013
�Part 2: Structures
B.4
Trusted Platform Module Library
Implemented Algorithms
Table 214 is used to indicate the algorithms that are implemented in a TPM. The selections in the Value
column may be changed to reflect the implementation. The values shown are illustrative.
The "Implemented" column contains a "Y", "YES", or blank to indicate that the command is present in the
implementation, an "N" or "NO" to indicate that the command is not implemented.
The leading and trailing “_” characters are to avoid name space collisions with some crypto libraries.
NOTE
Table 214 — Defines for Implemented Algorithms
Algorithm Name
Implemented
RSA
YES
SHA1
YES
HMAC
YES
AES
YES
MGF1
YES
XOR
YES
KEYEDHASH
YES
SHA256
YES
SHA384
NO
SHA512
NO
SM3_256
YES
SM4
Comments
YES
REQUIRED, do not change this value
REQUIRED, do not change this value
RSASSA
(YES * RSA)
requires RSA
RSAES
(YES * RSA)
requires RSA
RSAPSS
(YES * RSA)
requires RSA
OAEP
(YES * RSA)
requires RSA
ECC
YES
ECDH
(YES * ECC)
requires ECC
ECDSA
(YES * ECC)
requires ECC
ECDAA
(YES * ECC)
requires ECC
SM2
(YES * ECC)
requires ECC
ECSCHNORR
(YES * ECC)
requires ECC
ECMQV
(NO * ECC)
requires ECC
SYMCIPHER
KDF1_SP800_56a
YES
REQUIRED, at least one symmetric algorithm shall be implemented
(YES * ECC)
KDF2
NO
KDF1_SP800_108
YES
CTR
YES
OFB
YES
CBC
YES
CFB
YES
ECB
requires ECC
YES
B.5
REQUIRED, do not change this value
Implemented Commands
Page 148
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
This table is used to indicate which of the commands are implemented. In the reference implementation,
this table determines which commands can be called and drives the generation of various commanddependent switch statements.
The "Implemented or Dependent" column contains a "Y", "YES", or blank to indicate that the command is
present in the implementation; an "N" or "NO" to indicate that the command is not implemented; and an
algorithm value if implementation of the command is dependent on a setting in Table 214. Linkage to
Table 214 is not required and is provide as a convenience.
To indicate that the command is implemented, only "Y", "N", blank, or a value from Table 214 is allowed.
Table 215 — Defines for Implemented Commands
Name
ActivateCredential
Implemented
or Dependent
Comments
YES
Certify
Y
CertifyCreation
Y
ChangeEPS
Y
ChangePPS
Y
Clear
Y
ClearControl
Y
ClockRateAdjust
Y
ClockSet
Y
Commit
ECC
ContextLoad
Y
Context
ContextSave
Y
Context
Create
Y
CreatePrimary
Y
DictionaryAttackLockReset
Y
DictionaryAttackParameters
Y
Duplicate
Y
ECC_Parameters
ECC
ECDH_KeyGen
ECC
ECDH_ZGen
ECC
EncryptDecrypt
Y
EventSequenceComplete
Y
EvictControl
Y
FieldUpgradeData
N
FieldUpgradeStart
N
FirmwareRead
N
FlushContext
Y
GetCapability
Y
GetCommandAuditDigest
Y
GetRandom
Y
GetSessionAuditDigest
Y
Family “2.0”
Level 00 Revision 00.99
Context
Published
Copyright © TCG 2006-2013
Page 149
October 31, 2013
�Part 2: Structures
Name
Trusted Platform Module Library
Implemented
or Dependent
Comments
GetTestResult
Y
GetTime
Y
Hash
Y
HashSequenceStart
Y
HierarchyChangeAuth
Y
HierarchyControl
Y
HMAC
Y
HMAC_Start
Y
Import
Y
IncrementalSelfTest
Y
Load
Y
LoadExternal
Y
MakeCredential
Y
NV_Certify
Y
NV_ChangeAuth
Y
NV_DefineSpace
Y
NV_Extend
Y
NV_GlobalWriteLock
Y
NV_Increment
Y
NV_Read
Y
NV_ReadLock
Y
NV_ReadPublic
Y
NV_SetBits
Y
NV_UndefineSpace
Y
NV_UndefineSpaceSpecial
Y
NV_Write
Y
NV_WriteLock
Y
ObjectChangeAuth
Y
PCR_Allocate
Y
PCR_Event
Y
PCR_Extend
Y
PCR_Read
Y
PCR
PCR_Reset
Y
PCR
PCR_SetAuthPolicy
Y
PCR_SetAuthValue
Y
PolicyAuthorize
Y
Policy
PolicyAuthValue
Y
Policy
PolicyCommandCode
Y
Policy
PolicyCounterTimer
Y
Policy
PolicyCpHash
Y
Policy
Page 150
October 31, 2013
NV
PCR
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Implemented
or Dependent
Name
Comments
PolicyDuplicationSelect
Y
Policy
PolicyGetDigest
Y
Policy
PolicyLocality
Y
Policy
PolicyNameHash
Y
Policy
PolicyNV
Y
Policy
PolicyOR
Y
Policy
PolicyPassword
Y
Policy
PolicyPCR
Y
Policy
PolicyPhysicalPresence
Y
Policy
PolicyRestart
Y
PolicySecret
Y
Policy
PolicySigned
Y
Policy
PolicyTicket
Y
Policy
PP_Commands
Y
Quote
Y
ReadClock
Y
ReadPublic
Y
Rewrap
Y
RSA_Decrypt
RSA
RSA_Encrypt
RSA
SelfTest
Y
SequenceComplete
Y
SequenceUpdate
Y
SetAlgorithmSet
Y
SetCommandCodeAuditStatus
Y
SetPrimaryPolicy
Y
Shutdown
Y
Sign
Y
StartAuthSession
Y
Startup
Y
StirRandom
Y
TestParms
Y
Unseal
Y
VerifySignature
Y
ZGen_2Phase
Y
EC_Ephemeral
Y
PolicyNvWritten
Y
B.6
Algorithm Constants
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 151
October 31, 2013
�Part 2: Structures
B.6.1
Trusted Platform Module Library
RSA
Table 216 — Defines for RSA Algorithm Constants
Name
Value
Comments
RSA_KEY_SIZES_BITS
{1024, 2048}
braces because this is a
list value
MAX_RSA_KEY_BITS
2048
MAX_RSA_KEY_BYTES
((MAX_RSA_KEY_BITS + 7) / 8)
B.6.2
ECC
Table 217 — Defines for ECC Algorithm Constants
Name
Value
ECC_CURVES
{TPM_ECC_NIST_P256, TPM_ECC_BN_P256,
TPM_ECC_SM2_P256}
ECC_KEY_SIZES_BITS
{256}
MAX_ECC_KEY_BITS
256
MAX_ECC_KEY_BYTES
((MAX_ECC_KEY_BITS + 7) / 8)
B.6.3
Comments
this is a list value with
length of one
AES
Table 218 — Defines for AES Algorithm Constants
Name
Value
AES_KEY_SIZES_BITS
{128}
MAX_AES_KEY_BITS
128
MAX_AES_BLOCK_SIZE_BYTES
16
MAX_AES_KEY_BYTES
((MAX_AES_KEY_BITS + 7) / 8)
B.6.4
Comments
SM4
Table 219 — Defines for SM4 Algorithm Constants
Name
Value
SM4_KEY_SIZES_BITS
{128}
MAX_SM4_KEY_BITS
128
MAX_SM4_BLOCK_SIZE_BYTES
16
MAX_SM4_KEY_BYTES
((MAX_SM4_KEY_BITS + 7) / 8)
Page 152
October 31, 2013
Comments
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
B.6.5
Part 2: Structures
Symmetric
The definitions in this table are derived from the implemented symmetric algorithms.
Table 220 — Defines for Symmetric Algorithm Constants
Name
Value
MAX_SYM_KEY_BITS
MAX_AES_KEY_BITS
MAX_SYM_KEY_BYTES
MAX_AES_KEY_BYTES
MAX_SYM_BLOCK_SIZE
MAX_AES_BLOCK_SIZE_BYTES
Family “2.0”
Level 00 Revision 00.99
Comments
Published
Copyright © TCG 2006-2013
Page 153
October 31, 2013
�Part 2: Structures
B.7
Trusted Platform Module Library
Implementation Specific Values
The values listed in Table 221 are defined for a specific TPM implementation. The numbers in the Value
column may be changed to reflect the implementation. The values shown are illustrative.
Table 221 — Defines for Implementation Values
Name
Value
Description
FIELD_UPGRADE_IMPLEMENTED
NO
temporary define
BSIZE
UINT16
size used for internal storage of
the size field of a TPM2B
This is the definition used for
the reference design.
Compilation with this value
changed may cause warnings
about conversions.
BUFFER_ALIGNMENT
4
sets the size granularity for the
buffers in a TPM2B structure
TPMxB buffers will be assigned
a space that is a multiple of this
value. This does not set the size
limits for IO. Those are set by
the canonical form of the
TPMxB
IMPLEMENTATION_PCR
24
the number of PCR in the TPM
PLATFORM_PCR
24
the number of PCR required by
the relevant platform
specification
DRTM_PCR
17
the DRTM PCR
HCRTM_PCR
0
the PCR that will receive the HCRTM value at TPM2_Startup
NUM_LOCALITIES
5
the number of localities
supported by the TPM
This is expected to be either 5
for a PC, or 1 for just about
everything else.
MAX_HANDLE_NUM
3
the maximum number of
handles in the handle area
This should be produced by the
Part 3 parser but is here for
now.
MAX_ACTIVE_SESSIONS
64
the number of simultaneously
active sessions that are
supported by the TPM
implementation
CONTEXT_SLOT
UINT16
the type of an entry in the array
of saved contexts
CONTEXT_COUNTER
UINT64
the type of the saved session
counter
MAX_LOADED_SESSIONS
3
the number of sessions that the
TPM may have in memory
MAX_SESSION_NUM
3
this is the current maximum
value
Page 154
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�Trusted Platform Module Library
Part 2: Structures
Name
Value
Description
MAX_LOADED_OBJECTS
3
the number of simultaneously
loaded objects that are
supported by the TPM; this
number does not include the
objects that may be placed in
NV memory by
TPM2_EvictControl().
MIN_EVICT_OBJECTS
2
the minimum number of evict
objects supported by the TPM
PCR_SELECT_MIN
((PLATFORM_PCR+7)/8)
PCR_SELECT_MAX
((IMPLEMENTATION_PCR+7)/8)
NUM_POLICY_PCR_GROUP
1
number of PCR groups that
have individual policies
NUM_AUTHVALUE_PCR_GROUP
1
number of PCR groups that
have individual authorization
values
MAX_CONTEXT_SIZE
4000
This may be larger than
necessary
MAX_DIGEST_BUFFER
1024
MAX_NV_INDEX_SIZE
2048
maximum data size allowed in
an NV Index
MAX_NV_BUFFER_SIZE
1024
maximum data size in one NV
read or write command
MAX_CAP_BUFFER
1024
NV_MEMORY_SIZE
16384
NUM_STATIC_PCR
16
MAX_ALG_LIST_SIZE
64
number of algorithms that can
be in a list
TIMER_PRESCALE
100000
nominal value for the pre-scale
value of Clock (the number of
cycles of the TPM's oscillator for
each increment of Clock)
PRIMARY_SEED_SIZE
32
size of the Primary Seed in
octets
CONTEXT_ENCRYPT_ALG
TPM_ALG_AES
context encryption algorithm
CONTEXT_ENCRYPT_KEY_BITS
MAX_SYM_KEY_BITS
context encryption key size in
bits
CONTEXT_ENCRYPT_KEY_BYTES
((CONTEXT_ENCRYPT_KEY_BITS+7
)/8)
CONTEXT_INTEGRITY_HASH_ALG
TPM_ALG_SHA256
context integrity hash algorithm
CONTEXT_INTEGRITY_HASH_SIZE
SHA256_DIGEST_SIZE
number of byes in the context
integrity digest
PROOF_SIZE
CONTEXT_INTEGRITY_HASH_SIZE
size of proof value in octets
This size of the proof should be
consistent with the digest size
used for context integrity.
NV_CLOCK_UPDATE_INTERVAL
12
the update interval expressed
as a power of 2 seconds
size of NV memory in octets
A value of 12 is 4,096 seconds
(~68 minutes).
Family “2.0”
Level 00 Revision 00.99
Published
Copyright © TCG 2006-2013
Page 155
October 31, 2013
�Part 2: Structures
Trusted Platform Module Library
Name
Value
Description
NUM_POLICY_PCR
1
number of PCR that allow
policy/auth
MAX_COMMAND_SIZE
4096
maximum size of a command
MAX_RESPONSE_SIZE
4096
maximum size of a response
ORDERLY_BITS
8
number between 1 and 32
inclusive
MAX_ORDERLY_COUNT
((1 << ORDERLY_BITS) - 1)
maximum count of orderly
counter before NV is updated
This must be of the form 2N – 1
where 1 ≤ N ≤ 32.
ALG_ID_FIRST
TPM_ALG_FIRST
used by GetCapability()
processing to bound the
algorithm search
ALG_ID_LAST
TPM_ALG_LAST
used by GetCapability()
processing to bound the
algorithm search
MAX_SYM_DATA
128
this is the maximum number of
octets that may be in a sealed
blob.
MAX_RNG_ENTROPY_SIZE
64
RAM_INDEX_SPACE
512
RSA_DEFAULT_PUBLIC_EXPONENT
0x00010001
216 + 1
ENABLE_PCR_NO_INCREMENT
YES
indicates if the
TPM_PT_PCR_NO_INCREME
NT group is implemented
CRT_FORMAT_RSA
YES
PRIVATE_VENDOR_SPECIFIC_BYTES
((MAX_RSA_KEY_BYTES/2) * (3 +
CRT_FORMAT_RSA * 2))
Page 156
October 31, 2013
Published
Copyright © TCG 2006-2013
Family “2.0”
Level 00 Revision 00.99
�