/**
* Tcg2Dxe.h -- Type definitions and structures for the TCG2 (TPM 2.0) DXE driver.
*
* Source: Lenovo HR650X BIOS, AMI Module Package
* Module: AmiModulePkg/TCG2/Common/TcgDxe/Tcg2Dxe.c
* SHA256: 20a1dc1fde42e15349d92fb451ae3f9e482594cb4537979c43b6fb3639da64de
*
* GUID references and protocol definitions for EFI_TCG2_PROTOCOL
* and AMI's TrEE (Trusted Execution Environment) extensions.
*/
#ifndef __TCG2DXE_H__
#define __TCG2DXE_H__
#include <Uefi.h>
#include <Protocol/Tcg2Protocol.h>
#include <Protocol/AcpiSupport.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/DxeServicesTableLib.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
// ---------------------------------------------------------------------------
// TPM2 Command Tags
// ---------------------------------------------------------------------------
#define TPM2_ST_NO_SESSIONS 0x8001
#define TPM2_ST_SESSIONS 0x8002
// ---------------------------------------------------------------------------
// TPM2 Command Codes
// ---------------------------------------------------------------------------
#define TPM2_CC_PCR_Extend 0x00000182
#define TPM2_CC_HashSequenceStart 0x00000186
#define TPM2_CC_SequenceUpdate 0x00000193
#define TPM2_CC_SequenceComplete 0x0000017E
#define TPM2_CC_PCR_Allocate 0x0000018A
#define TPM2_CC_GetCapability 0x0000017A
// ---------------------------------------------------------------------------
// TPM2 Response Codes
// ---------------------------------------------------------------------------
#define TPM2_RC_SUCCESS 0x00000000
#define TPM2_RC_SIZE 0x000000D5 // max response size
// ---------------------------------------------------------------------------
// Hash Algorithm IDs (TPM2_ALG_ID)
// ---------------------------------------------------------------------------
#define TPM2_ALG_SHA1 0x0004
#define TPM2_ALG_SHA256 0x000B
#define TPM2_ALG_SHA384 0x000C
#define TPM2_ALG_SHA512 0x000D
#define TPM2_ALG_SM3_256 0x0012
// ---------------------------------------------------------------------------
// Hash digest sizes (in bytes)
// ---------------------------------------------------------------------------
#define SHA1_DIGEST_SIZE 20
#define SHA256_DIGEST_SIZE 32
#define SHA384_DIGEST_SIZE 48
#define SHA512_DIGEST_SIZE 64
#define SM3_256_DIGEST_SIZE 32
// ---------------------------------------------------------------------------
// TPM2 command header size (fixed 10 bytes + handle size)
// ---------------------------------------------------------------------------
#define TPM2_COMMAND_HEADER_SIZE 10
#define TPM2_RESPONSE_HEADER_SIZE 10
// ---------------------------------------------------------------------------
// Capability-related constants
// ---------------------------------------------------------------------------
#define EFI_TCG2_PROTOCOL_SPEC_TCG_1_2 1
#define EFI_TCG2_PROTOCOL_SPEC_TCG_2 2
#define EFI_TCG2_PROTOCOL_CAPABILITY_SIZE_1_2 28
#define EFI_TCG2_PROTOCOL_CAPABILITY_SIZE_2_0 36
// ---------------------------------------------------------------------------
// TPM2 buffer size limit for sequence update
// ---------------------------------------------------------------------------
#define TPM2_SEQUENCE_CHUNK_SIZE 1024
// ---------------------------------------------------------------------------
// Event log constants
// ---------------------------------------------------------------------------
#define TREE_EVENT_LOG_HEADER_SIZE 40
#define BOOT_HASH_ALG_SHA1 1
#define BOOT_HASH_ALG_SHA256 2
#define BOOT_HASH_ALG_SHA384 4
#define BOOT_HASH_ALG_SHA512 8
#define BOOT_HASH_ALG_SM3 0x10
// ---------------------------------------------------------------------------
// Debug print level masks
// ---------------------------------------------------------------------------
#define DEBUG_PRINT_MASK 0x40
#define DEBUG_ASSERT_MASK 0x80000000
// ---------------------------------------------------------------------------
// Hash context sizes for each algorithm (bytes)
// ---------------------------------------------------------------------------
#define SHA1_CTX_SIZE 92 // offset in hash structs
#define SHA256_CTX_SIZE 112
#define SHA384_CTX_SIZE 208
#define SHA512_CTX_SIZE 208
// ---------------------------------------------------------------------------
// TPM2 command/response packet layout
// ---------------------------------------------------------------------------
#pragma pack(1)
typedef struct {
UINT16 Tag; // TPM2_ST_NO_SESSIONS or TPM2_ST_SESSIONS
UINT32 ParamSize; // total packet size (big-endian in wire)
UINT32 CommandCode; // TPM2_CC_* value (big-endian in wire)
} TPM2_COMMAND_HEADER;
typedef struct {
UINT16 Tag;
UINT32 ParamSize;
UINT32 ResponseCode;
} TPM2_RESPONSE_HEADER;
// ---------------------------------------------------------------------------
// EFI_TCG2_PROTOCOL capability structure (as used by AMI TrEE)
// ---------------------------------------------------------------------------
typedef struct {
UINT8 Size; // Structure size
UINT8 StructureVersion; // 1 for TCG 1.2, 1 for TCG 2
UINT8 ProtocolSpecVersion; // 2 for TCG 2
UINT8 SupportedEventLogs; // Bitmap
UINT8 HashMask; // Bitmap of supported hash algs
UINT8 NumberOfPcrBanks; // Number of supported PCR banks
UINT8 ActivePcrBanks; // Currently active banks
UINT8 PcrCount; // Number of PCR registers
UINT8 TpmPresentFlag; // 1 if TPM present
UINT8 CommandSupport; // Supported command set
UINT8 Capabilities; // Capability flags
UINT8 Reserved[18];
// TCG 2.0 extension:
UINT32 ActivePcrBanksExt; // Extended active PCR banks bitmap
UINT32 SupportedPcrBanksExt; // Extended supported PCR banks bitmap
} TREE_PROTOCOL_CAPABILITY;
// ---------------------------------------------------------------------------
// TPM2 Hash Sequence state (per-algorithm context)
// ---------------------------------------------------------------------------
typedef struct {
UINT32 Ctx[64]; // Algorithm-specific state
} TPM2_HASH_CTX;
// ---------------------------------------------------------------------------
// Event log structures
// ---------------------------------------------------------------------------
typedef struct {
UINT32 TableMaxSize;
UINT32 TableSize; // Actual log size
UINT8 Data[]; // Event log entries
} TCG2_EVENT_LOG_HEADER;
// ---------------------------------------------------------------------------
// TPM2 PCR allocation structure
// ---------------------------------------------------------------------------
typedef struct {
UINT16 HashAlg; // TPM2_ALG_* in big-endian
UINT8 SelectSize; // Size of pcrSelection bitmap
UINT8 PcrSelection[3]; // PCR bitmap (up to 24 bits)
} TPMS_PCR_SELECTION;
typedef struct {
UINT16 Count; // Number of selections
TPMS_PCR_SELECTION PcrSelections[/*Count*/];
} TPML_PCR_SELECTION;
// ---------------------------------------------------------------------------
// TPM2 digest structure used by firmware
// ---------------------------------------------------------------------------
typedef struct {
UINT32 Count; // Number of digests
struct {
UINT16 HashAlg; // TPM2_ALG_* in big-endian
UINT8 Digest[SHA512_DIGEST_SIZE]; // 66-byte stride
} Digests[/*Count*/];
} TPMT_HA_LIST;
#pragma pack()
// ---------------------------------------------------------------------------
// Protocol GUIDs used by this module
// ---------------------------------------------------------------------------
// TrEE (TCG2) protocol GUID: {607F766C-7455-42BE-93BA-3B0716F6B718}
#define TREE_PROTOCOL_GUID \
{ 0x607F766C, 0x7455, 0x42BE, \
{ 0x93, 0xBA, 0x3B, 0x07, 0x16, 0xF6, 0xB7, 0x18 } }
// ---------------------------------------------------------------------------
// Variable names used by the driver
// ---------------------------------------------------------------------------
#define VAR_AMITCGPPIVAR L"AMITCGPPIVAR"
#define VAR_AMITCGPPIVAR2 L"AMITCGPPIVAR2"
#define VAR_SECUREBOOTSETUP L"SecureBootSetup"
#define VAR_SETUPMODE L"SetupMode"
#define VAR_TPMSERVFLAGS L"TpmServFlags"
#define VAR_MOR_CONTROL L"MemoryOverwriteRequestControl"
#define VAR_TPM20_PCR_ALLOC L"Tpm20PCRallocateReset"
#define VAR_TCG2_FINALS_TABLE L"TCG2 Finals Configuration table"
#endif /* __TCG2DXE_H__ */
Ajax Dong