diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm12.h b/src/include/ipxe/efi/IndustryStandard/Tpm12.h
new file mode 100644
index 00000000..509425cc
--- /dev/null
+++ b/src/include/ipxe/efi/IndustryStandard/Tpm12.h
@@ -0,0 +1,2175 @@
+/** @file
+ TPM Specification data structures (TCG TPM Specification Version 1.2 Revision 103)
+ See http://trustedcomputinggroup.org for latest specification updates
+
+ Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+**/
+
+
+#ifndef _TPM12_H_
+#define _TPM12_H_
+
+FILE_LICENCE ( BSD3 );
+
+///
+/// The start of TPM return codes
+///
+#define TPM_BASE 0
+
+//
+// All structures MUST be packed on a byte boundary.
+//
+
+#pragma pack (1)
+
+//
+// Part 2, section 2.2.3: Helper redefinitions
+//
+///
+/// Indicates the conditions where it is required that authorization be presented
+///
+typedef UINT8 TPM_AUTH_DATA_USAGE;
+///
+/// The information as to what the payload is in an encrypted structure
+///
+typedef UINT8 TPM_PAYLOAD_TYPE;
+///
+/// The version info breakdown
+///
+typedef UINT8 TPM_VERSION_BYTE;
+///
+/// The state of the dictionary attack mitigation logic
+///
+typedef UINT8 TPM_DA_STATE;
+///
+/// The request or response authorization type
+///
+typedef UINT16 TPM_TAG;
+///
+/// The protocol in use
+///
+typedef UINT16 TPM_PROTOCOL_ID;
+///
+/// Indicates the start state
+///
+typedef UINT16 TPM_STARTUP_TYPE;
+///
+/// The definition of the encryption scheme
+///
+typedef UINT16 TPM_ENC_SCHEME;
+///
+/// The definition of the signature scheme
+///
+typedef UINT16 TPM_SIG_SCHEME;
+///
+/// The definition of the migration scheme
+///
+typedef UINT16 TPM_MIGRATE_SCHEME;
+///
+/// Sets the state of the physical presence mechanism
+///
+typedef UINT16 TPM_PHYSICAL_PRESENCE;
+///
+/// Indicates the types of entity that are supported by the TPM
+///
+typedef UINT16 TPM_ENTITY_TYPE;
+///
+/// Indicates the permitted usage of the key
+///
+typedef UINT16 TPM_KEY_USAGE;
+///
+/// The type of asymmetric encrypted structure in use by the endorsement key
+///
+typedef UINT16 TPM_EK_TYPE;
+///
+/// The tag for the structure
+///
+typedef UINT16 TPM_STRUCTURE_TAG;
+///
+/// The platform specific spec to which the information relates to
+///
+typedef UINT16 TPM_PLATFORM_SPECIFIC;
+///
+/// The command ordinal
+///
+typedef UINT32 TPM_COMMAND_CODE;
+///
+/// Identifies a TPM capability area
+///
+typedef UINT32 TPM_CAPABILITY_AREA;
+///
+/// Indicates information regarding a key
+///
+typedef UINT32 TPM_KEY_FLAGS;
+///
+/// Indicates the type of algorithm
+///
+typedef UINT32 TPM_ALGORITHM_ID;
+///
+/// The locality modifier
+///
+typedef UINT32 TPM_MODIFIER_INDICATOR;
+///
+/// The actual number of a counter
+///
+typedef UINT32 TPM_ACTUAL_COUNT;
+///
+/// Attributes that define what options are in use for a transport session
+///
+typedef UINT32 TPM_TRANSPORT_ATTRIBUTES;
+///
+/// Handle to an authorization session
+///
+typedef UINT32 TPM_AUTHHANDLE;
+///
+/// Index to a DIR register
+///
+typedef UINT32 TPM_DIRINDEX;
+///
+/// The area where a key is held assigned by the TPM
+///
+typedef UINT32 TPM_KEY_HANDLE;
+///
+/// Index to a PCR register
+///
+typedef UINT32 TPM_PCRINDEX;
+///
+/// The return code from a function
+///
+typedef UINT32 TPM_RESULT;
+///
+/// The types of resources that a TPM may have using internal resources
+///
+typedef UINT32 TPM_RESOURCE_TYPE;
+///
+/// Allows for controlling of the key when loaded and how to handle TPM_Startup issues
+///
+typedef UINT32 TPM_KEY_CONTROL;
+///
+/// The index into the NV storage area
+///
+typedef UINT32 TPM_NV_INDEX;
+///
+/// The family ID. Family IDs are automatically assigned a sequence number by the TPM.
+/// A trusted process can set the FamilyID value in an individual row to NULL, which
+/// invalidates that row. The family ID resets to NULL on each change of TPM Owner.
+///
+typedef UINT32 TPM_FAMILY_ID;
+///
+/// IA value used as a label for the most recent verification of this family. Set to zero when not in use.
+///
+typedef UINT32 TPM_FAMILY_VERIFICATION;
+///
+/// How the TPM handles var
+///
+typedef UINT32 TPM_STARTUP_EFFECTS;
+///
+/// The mode of a symmetric encryption
+///
+typedef UINT32 TPM_SYM_MODE;
+///
+/// The family flags
+///
+typedef UINT32 TPM_FAMILY_FLAGS;
+///
+/// The index value for the delegate NV table
+///
+typedef UINT32 TPM_DELEGATE_INDEX;
+///
+/// The restrictions placed on delegation of CMK commands
+///
+typedef UINT32 TPM_CMK_DELEGATE;
+///
+/// The ID value of a monotonic counter
+///
+typedef UINT32 TPM_COUNT_ID;
+///
+/// A command to execute
+///
+typedef UINT32 TPM_REDIT_COMMAND;
+///
+/// A transport session handle
+///
+typedef UINT32 TPM_TRANSHANDLE;
+///
+/// A generic handle could be key, transport etc
+///
+typedef UINT32 TPM_HANDLE;
+///
+/// What operation is happening
+///
+typedef UINT32 TPM_FAMILY_OPERATION;
+
+//
+// Part 2, section 2.2.4: Vendor specific
+// The following defines allow for the quick specification of a
+// vendor specific item.
+//
+#define TPM_Vendor_Specific32 ((UINT32) 0x00000400)
+#define TPM_Vendor_Specific8 ((UINT8) 0x80)
+
+//
+// Part 2, section 3.1: TPM_STRUCTURE_TAG
+//
+#define TPM_TAG_CONTEXTBLOB ((TPM_STRUCTURE_TAG) 0x0001)
+#define TPM_TAG_CONTEXT_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0002)
+#define TPM_TAG_CONTEXTPOINTER ((TPM_STRUCTURE_TAG) 0x0003)
+#define TPM_TAG_CONTEXTLIST ((TPM_STRUCTURE_TAG) 0x0004)
+#define TPM_TAG_SIGNINFO ((TPM_STRUCTURE_TAG) 0x0005)
+#define TPM_TAG_PCR_INFO_LONG ((TPM_STRUCTURE_TAG) 0x0006)
+#define TPM_TAG_PERSISTENT_FLAGS ((TPM_STRUCTURE_TAG) 0x0007)
+#define TPM_TAG_VOLATILE_FLAGS ((TPM_STRUCTURE_TAG) 0x0008)
+#define TPM_TAG_PERSISTENT_DATA ((TPM_STRUCTURE_TAG) 0x0009)
+#define TPM_TAG_VOLATILE_DATA ((TPM_STRUCTURE_TAG) 0x000A)
+#define TPM_TAG_SV_DATA ((TPM_STRUCTURE_TAG) 0x000B)
+#define TPM_TAG_EK_BLOB ((TPM_STRUCTURE_TAG) 0x000C)
+#define TPM_TAG_EK_BLOB_AUTH ((TPM_STRUCTURE_TAG) 0x000D)
+#define TPM_TAG_COUNTER_VALUE ((TPM_STRUCTURE_TAG) 0x000E)
+#define TPM_TAG_TRANSPORT_INTERNAL ((TPM_STRUCTURE_TAG) 0x000F)
+#define TPM_TAG_TRANSPORT_LOG_IN ((TPM_STRUCTURE_TAG) 0x0010)
+#define TPM_TAG_TRANSPORT_LOG_OUT ((TPM_STRUCTURE_TAG) 0x0011)
+#define TPM_TAG_AUDIT_EVENT_IN ((TPM_STRUCTURE_TAG) 0x0012)
+#define TPM_TAG_AUDIT_EVENT_OUT ((TPM_STRUCTURE_TAG) 0x0013)
+#define TPM_TAG_CURRENT_TICKS ((TPM_STRUCTURE_TAG) 0x0014)
+#define TPM_TAG_KEY ((TPM_STRUCTURE_TAG) 0x0015)
+#define TPM_TAG_STORED_DATA12 ((TPM_STRUCTURE_TAG) 0x0016)
+#define TPM_TAG_NV_ATTRIBUTES ((TPM_STRUCTURE_TAG) 0x0017)
+#define TPM_TAG_NV_DATA_PUBLIC ((TPM_STRUCTURE_TAG) 0x0018)
+#define TPM_TAG_NV_DATA_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0019)
+#define TPM_TAG_DELEGATIONS ((TPM_STRUCTURE_TAG) 0x001A)
+#define TPM_TAG_DELEGATE_PUBLIC ((TPM_STRUCTURE_TAG) 0x001B)
+#define TPM_TAG_DELEGATE_TABLE_ROW ((TPM_STRUCTURE_TAG) 0x001C)
+#define TPM_TAG_TRANSPORT_AUTH ((TPM_STRUCTURE_TAG) 0x001D)
+#define TPM_TAG_TRANSPORT_PUBLIC ((TPM_STRUCTURE_TAG) 0x001E)
+#define TPM_TAG_PERMANENT_FLAGS ((TPM_STRUCTURE_TAG) 0x001F)
+#define TPM_TAG_STCLEAR_FLAGS ((TPM_STRUCTURE_TAG) 0x0020)
+#define TPM_TAG_STANY_FLAGS ((TPM_STRUCTURE_TAG) 0x0021)
+#define TPM_TAG_PERMANENT_DATA ((TPM_STRUCTURE_TAG) 0x0022)
+#define TPM_TAG_STCLEAR_DATA ((TPM_STRUCTURE_TAG) 0x0023)
+#define TPM_TAG_STANY_DATA ((TPM_STRUCTURE_TAG) 0x0024)
+#define TPM_TAG_FAMILY_TABLE_ENTRY ((TPM_STRUCTURE_TAG) 0x0025)
+#define TPM_TAG_DELEGATE_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0026)
+#define TPM_TAG_DELG_KEY_BLOB ((TPM_STRUCTURE_TAG) 0x0027)
+#define TPM_TAG_KEY12 ((TPM_STRUCTURE_TAG) 0x0028)
+#define TPM_TAG_CERTIFY_INFO2 ((TPM_STRUCTURE_TAG) 0x0029)
+#define TPM_TAG_DELEGATE_OWNER_BLOB ((TPM_STRUCTURE_TAG) 0x002A)
+#define TPM_TAG_EK_BLOB_ACTIVATE ((TPM_STRUCTURE_TAG) 0x002B)
+#define TPM_TAG_DAA_BLOB ((TPM_STRUCTURE_TAG) 0x002C)
+#define TPM_TAG_DAA_CONTEXT ((TPM_STRUCTURE_TAG) 0x002D)
+#define TPM_TAG_DAA_ENFORCE ((TPM_STRUCTURE_TAG) 0x002E)
+#define TPM_TAG_DAA_ISSUER ((TPM_STRUCTURE_TAG) 0x002F)
+#define TPM_TAG_CAP_VERSION_INFO ((TPM_STRUCTURE_TAG) 0x0030)
+#define TPM_TAG_DAA_SENSITIVE ((TPM_STRUCTURE_TAG) 0x0031)
+#define TPM_TAG_DAA_TPM ((TPM_STRUCTURE_TAG) 0x0032)
+#define TPM_TAG_CMK_MIGAUTH ((TPM_STRUCTURE_TAG) 0x0033)
+#define TPM_TAG_CMK_SIGTICKET ((TPM_STRUCTURE_TAG) 0x0034)
+#define TPM_TAG_CMK_MA_APPROVAL ((TPM_STRUCTURE_TAG) 0x0035)
+#define TPM_TAG_QUOTE_INFO2 ((TPM_STRUCTURE_TAG) 0x0036)
+#define TPM_TAG_DA_INFO ((TPM_STRUCTURE_TAG) 0x0037)
+#define TPM_TAG_DA_LIMITED ((TPM_STRUCTURE_TAG) 0x0038)
+#define TPM_TAG_DA_ACTION_TYPE ((TPM_STRUCTURE_TAG) 0x0039)
+
+//
+// Part 2, section 4: TPM Types
+//
+
+//
+// Part 2, section 4.1: TPM_RESOURCE_TYPE
+//
+#define TPM_RT_KEY ((TPM_RESOURCE_TYPE) 0x00000001) ///< The handle is a key handle and is the result of a LoadKey type operation
+#define TPM_RT_AUTH ((TPM_RESOURCE_TYPE) 0x00000002) ///< The handle is an authorization handle. Auth handles come from TPM_OIAP, TPM_OSAP and TPM_DSAP
+#define TPM_RT_HASH ((TPM_RESOURCE_TYPE) 0x00000003) ///< Reserved for hashes
+#define TPM_RT_TRANS ((TPM_RESOURCE_TYPE) 0x00000004) ///< The handle is for a transport session. Transport handles come from TPM_EstablishTransport
+#define TPM_RT_CONTEXT ((TPM_RESOURCE_TYPE) 0x00000005) ///< Resource wrapped and held outside the TPM using the context save/restore commands
+#define TPM_RT_COUNTER ((TPM_RESOURCE_TYPE) 0x00000006) ///< Reserved for counters
+#define TPM_RT_DELEGATE ((TPM_RESOURCE_TYPE) 0x00000007) ///< The handle is for a delegate row. These are the internal rows held in NV storage by the TPM
+#define TPM_RT_DAA_TPM ((TPM_RESOURCE_TYPE) 0x00000008) ///< The value is a DAA TPM specific blob
+#define TPM_RT_DAA_V0 ((TPM_RESOURCE_TYPE) 0x00000009) ///< The value is a DAA V0 parameter
+#define TPM_RT_DAA_V1 ((TPM_RESOURCE_TYPE) 0x0000000A) ///< The value is a DAA V1 parameter
+
+//
+// Part 2, section 4.2: TPM_PAYLOAD_TYPE
+//
+#define TPM_PT_ASYM ((TPM_PAYLOAD_TYPE) 0x01) ///< The entity is an asymmetric key
+#define TPM_PT_BIND ((TPM_PAYLOAD_TYPE) 0x02) ///< The entity is bound data
+#define TPM_PT_MIGRATE ((TPM_PAYLOAD_TYPE) 0x03) ///< The entity is a migration blob
+#define TPM_PT_MAINT ((TPM_PAYLOAD_TYPE) 0x04) ///< The entity is a maintenance blob
+#define TPM_PT_SEAL ((TPM_PAYLOAD_TYPE) 0x05) ///< The entity is sealed data
+#define TPM_PT_MIGRATE_RESTRICTED ((TPM_PAYLOAD_TYPE) 0x06) ///< The entity is a restricted-migration asymmetric key
+#define TPM_PT_MIGRATE_EXTERNAL ((TPM_PAYLOAD_TYPE) 0x07) ///< The entity is a external migratable key
+#define TPM_PT_CMK_MIGRATE ((TPM_PAYLOAD_TYPE) 0x08) ///< The entity is a CMK migratable blob
+#define TPM_PT_VENDOR_SPECIFIC ((TPM_PAYLOAD_TYPE) 0x80) ///< 0x80 - 0xFF Vendor specific payloads
+
+//
+// Part 2, section 4.3: TPM_ENTITY_TYPE
+//
+#define TPM_ET_KEYHANDLE ((UINT16) 0x0001) ///< The entity is a keyHandle or key
+#define TPM_ET_OWNER ((UINT16) 0x0002) ///< The entity is the TPM Owner
+#define TPM_ET_DATA ((UINT16) 0x0003) ///< The entity is some data
+#define TPM_ET_SRK ((UINT16) 0x0004) ///< The entity is the SRK
+#define TPM_ET_KEY ((UINT16) 0x0005) ///< The entity is a key or keyHandle
+#define TPM_ET_REVOKE ((UINT16) 0x0006) ///< The entity is the RevokeTrust value
+#define TPM_ET_DEL_OWNER_BLOB ((UINT16) 0x0007) ///< The entity is a delegate owner blob
+#define TPM_ET_DEL_ROW ((UINT16) 0x0008) ///< The entity is a delegate row
+#define TPM_ET_DEL_KEY_BLOB ((UINT16) 0x0009) ///< The entity is a delegate key blob
+#define TPM_ET_COUNTER ((UINT16) 0x000A) ///< The entity is a counter
+#define TPM_ET_NV ((UINT16) 0x000B) ///< The entity is a NV index
+#define TPM_ET_OPERATOR ((UINT16) 0x000C) ///< The entity is the operator
+#define TPM_ET_RESERVED_HANDLE ((UINT16) 0x0040) ///< Reserved. This value avoids collisions with the handle MSB setting.
+//
+// TPM_ENTITY_TYPE MSB Values: The MSB is used to indicate the ADIP encryption sheme when applicable
+//
+#define TPM_ET_XOR ((UINT16) 0x0000) ///< ADIP encryption scheme: XOR
+#define TPM_ET_AES128 ((UINT16) 0x0006) ///< ADIP encryption scheme: AES 128 bits
+
+//
+// Part 2, section 4.4.1: Reserved Key Handles
+//
+#define TPM_KH_SRK ((TPM_KEY_HANDLE) 0x40000000) ///< The handle points to the SRK
+#define TPM_KH_OWNER ((TPM_KEY_HANDLE) 0x40000001) ///< The handle points to the TPM Owner
+#define TPM_KH_REVOKE ((TPM_KEY_HANDLE) 0x40000002) ///< The handle points to the RevokeTrust value
+#define TPM_KH_TRANSPORT ((TPM_KEY_HANDLE) 0x40000003) ///< The handle points to the EstablishTransport static authorization
+#define TPM_KH_OPERATOR ((TPM_KEY_HANDLE) 0x40000004) ///< The handle points to the Operator auth
+#define TPM_KH_ADMIN ((TPM_KEY_HANDLE) 0x40000005) ///< The handle points to the delegation administration auth
+#define TPM_KH_EK ((TPM_KEY_HANDLE) 0x40000006) ///< The handle points to the PUBEK, only usable with TPM_OwnerReadInternalPub
+
+//
+// Part 2, section 4.5: TPM_STARTUP_TYPE
+//
+#define TPM_ST_CLEAR ((TPM_STARTUP_TYPE) 0x0001) ///< The TPM is starting up from a clean state
+#define TPM_ST_STATE ((TPM_STARTUP_TYPE) 0x0002) ///< The TPM is starting up from a saved state
+#define TPM_ST_DEACTIVATED ((TPM_STARTUP_TYPE) 0x0003) ///< The TPM is to startup and set the deactivated flag to TRUE
+
+//
+// Part 2, section 4.6: TPM_STATUP_EFFECTS
+// The table makeup is still an open issue.
+//
+
+//
+// Part 2, section 4.7: TPM_PROTOCOL_ID
+//
+#define TPM_PID_OIAP ((TPM_PROTOCOL_ID) 0x0001) ///< The OIAP protocol.
+#define TPM_PID_OSAP ((TPM_PROTOCOL_ID) 0x0002) ///< The OSAP protocol.
+#define TPM_PID_ADIP ((TPM_PROTOCOL_ID) 0x0003) ///< The ADIP protocol.
+#define TPM_PID_ADCP ((TPM_PROTOCOL_ID) 0x0004) ///< The ADCP protocol.
+#define TPM_PID_OWNER ((TPM_PROTOCOL_ID) 0x0005) ///< The protocol for taking ownership of a TPM.
+#define TPM_PID_DSAP ((TPM_PROTOCOL_ID) 0x0006) ///< The DSAP protocol
+#define TPM_PID_TRANSPORT ((TPM_PROTOCOL_ID) 0x0007) ///< The transport protocol
+
+//
+// Part 2, section 4.8: TPM_ALGORITHM_ID
+// The TPM MUST support the algorithms TPM_ALG_RSA, TPM_ALG_SHA, TPM_ALG_HMAC,
+// TPM_ALG_MGF1
+//
+#define TPM_ALG_RSA ((TPM_ALGORITHM_ID) 0x00000001) ///< The RSA algorithm.
+#define TPM_ALG_DES ((TPM_ALGORITHM_ID) 0x00000002) ///< The DES algorithm
+#define TPM_ALG_3DES ((TPM_ALGORITHM_ID) 0x00000003) ///< The 3DES algorithm in EDE mode
+#define TPM_ALG_SHA ((TPM_ALGORITHM_ID) 0x00000004) ///< The SHA1 algorithm
+#define TPM_ALG_HMAC ((TPM_ALGORITHM_ID) 0x00000005) ///< The RFC 2104 HMAC algorithm
+#define TPM_ALG_AES128 ((TPM_ALGORITHM_ID) 0x00000006) ///< The AES algorithm, key size 128
+#define TPM_ALG_MGF1 ((TPM_ALGORITHM_ID) 0x00000007) ///< The XOR algorithm using MGF1 to create a string the size of the encrypted block
+#define TPM_ALG_AES192 ((TPM_ALGORITHM_ID) 0x00000008) ///< AES, key size 192
+#define TPM_ALG_AES256 ((TPM_ALGORITHM_ID) 0x00000009) ///< AES, key size 256
+#define TPM_ALG_XOR ((TPM_ALGORITHM_ID) 0x0000000A) ///< XOR using the rolling nonces
+
+//
+// Part 2, section 4.9: TPM_PHYSICAL_PRESENCE
+//
+#define TPM_PHYSICAL_PRESENCE_HW_DISABLE ((TPM_PHYSICAL_PRESENCE) 0x0200) ///< Sets the physicalPresenceHWEnable to FALSE
+#define TPM_PHYSICAL_PRESENCE_CMD_DISABLE ((TPM_PHYSICAL_PRESENCE) 0x0100) ///< Sets the physicalPresenceCMDEnable to FALSE
+#define TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK ((TPM_PHYSICAL_PRESENCE) 0x0080) ///< Sets the physicalPresenceLifetimeLock to TRUE
+#define TPM_PHYSICAL_PRESENCE_HW_ENABLE ((TPM_PHYSICAL_PRESENCE) 0x0040) ///< Sets the physicalPresenceHWEnable to TRUE
+#define TPM_PHYSICAL_PRESENCE_CMD_ENABLE ((TPM_PHYSICAL_PRESENCE) 0x0020) ///< Sets the physicalPresenceCMDEnable to TRUE
+#define TPM_PHYSICAL_PRESENCE_NOTPRESENT ((TPM_PHYSICAL_PRESENCE) 0x0010) ///< Sets PhysicalPresence = FALSE
+#define TPM_PHYSICAL_PRESENCE_PRESENT ((TPM_PHYSICAL_PRESENCE) 0x0008) ///< Sets PhysicalPresence = TRUE
+#define TPM_PHYSICAL_PRESENCE_LOCK ((TPM_PHYSICAL_PRESENCE) 0x0004) ///< Sets PhysicalPresenceLock = TRUE
+
+//
+// Part 2, section 4.10: TPM_MIGRATE_SCHEME
+//
+#define TPM_MS_MIGRATE ((TPM_MIGRATE_SCHEME) 0x0001) ///< A public key that can be used with all TPM migration commands other than 'ReWrap' mode.
+#define TPM_MS_REWRAP ((TPM_MIGRATE_SCHEME) 0x0002) ///< A public key that can be used for the ReWrap mode of TPM_CreateMigrationBlob.
+#define TPM_MS_MAINT ((TPM_MIGRATE_SCHEME) 0x0003) ///< A public key that can be used for the Maintenance commands
+#define TPM_MS_RESTRICT_MIGRATE ((TPM_MIGRATE_SCHEME) 0x0004) ///< The key is to be migrated to a Migration Authority.
+#define TPM_MS_RESTRICT_APPROVE_DOUBLE ((TPM_MIGRATE_SCHEME) 0x0005) ///< The key is to be migrated to an entity approved by a Migration Authority using double wrapping
+
+//
+// Part 2, section 4.11: TPM_EK_TYPE
+//
+#define TPM_EK_TYPE_ACTIVATE ((TPM_EK_TYPE) 0x0001) ///< The blob MUST be TPM_EK_BLOB_ACTIVATE
+#define TPM_EK_TYPE_AUTH ((TPM_EK_TYPE) 0x0002) ///< The blob MUST be TPM_EK_BLOB_AUTH
+
+//
+// Part 2, section 4.12: TPM_PLATFORM_SPECIFIC
+//
+#define TPM_PS_PC_11 ((TPM_PLATFORM_SPECIFIC) 0x0001) ///< PC Specific version 1.1
+#define TPM_PS_PC_12 ((TPM_PLATFORM_SPECIFIC) 0x0002) ///< PC Specific version 1.2
+#define TPM_PS_PDA_12 ((TPM_PLATFORM_SPECIFIC) 0x0003) ///< PDA Specific version 1.2
+#define TPM_PS_Server_12 ((TPM_PLATFORM_SPECIFIC) 0x0004) ///< Server Specific version 1.2
+#define TPM_PS_Mobile_12 ((TPM_PLATFORM_SPECIFIC) 0x0005) ///< Mobil Specific version 1.2
+
+//
+// Part 2, section 5: Basic Structures
+//
+
+///
+/// Part 2, section 5.1: TPM_STRUCT_VER
+///
+typedef struct tdTPM_STRUCT_VER {
+ UINT8 major;
+ UINT8 minor;
+ UINT8 revMajor;
+ UINT8 revMinor;
+} TPM_STRUCT_VER;
+
+///
+/// Part 2, section 5.3: TPM_VERSION
+///
+typedef struct tdTPM_VERSION {
+ TPM_VERSION_BYTE major;
+ TPM_VERSION_BYTE minor;
+ UINT8 revMajor;
+ UINT8 revMinor;
+} TPM_VERSION;
+
+
+#define TPM_SHA1_160_HASH_LEN 0x14
+#define TPM_SHA1BASED_NONCE_LEN TPM_SHA1_160_HASH_LEN
+
+///
+/// Part 2, section 5.4: TPM_DIGEST
+///
+typedef struct tdTPM_DIGEST{
+ UINT8 digest[TPM_SHA1_160_HASH_LEN];
+} TPM_DIGEST;
+
+///
+/// This SHALL be the digest of the chosen identityLabel and privacyCA for a new TPM identity
+///
+typedef TPM_DIGEST TPM_CHOSENID_HASH;
+///
+/// This SHALL be the hash of a list of PCR indexes and PCR values that a key or data is bound to
+///
+typedef TPM_DIGEST TPM_COMPOSITE_HASH;
+///
+/// This SHALL be the value of a DIR register
+///
+typedef TPM_DIGEST TPM_DIRVALUE;
+
+typedef TPM_DIGEST TPM_HMAC;
+///
+/// The value inside of the PCR
+///
+typedef TPM_DIGEST TPM_PCRVALUE;
+///
+/// This SHALL be the value of the current internal audit state
+///
+typedef TPM_DIGEST TPM_AUDITDIGEST;
+
+///
+/// Part 2, section 5.5: TPM_NONCE
+///
+typedef struct tdTPM_NONCE{
+ UINT8 nonce[20];
+} TPM_NONCE;
+
+///
+/// This SHALL be a random value generated by a TPM immediately after the EK is installed
+/// in that TPM, whenever an EK is installed in that TPM
+///
+typedef TPM_NONCE TPM_DAA_TPM_SEED;
+///
+/// This SHALL be a random value
+///
+typedef TPM_NONCE TPM_DAA_CONTEXT_SEED;
+
+//
+// Part 2, section 5.6: TPM_AUTHDATA
+//
+///
+/// The AuthData data is the information that is saved or passed to provide proof of ownership
+/// 296 of an entity
+///
+typedef UINT8 tdTPM_AUTHDATA[20];
+
+typedef tdTPM_AUTHDATA TPM_AUTHDATA;
+///
+/// A secret plaintext value used in the authorization process
+///
+typedef TPM_AUTHDATA TPM_SECRET;
+///
+/// A ciphertext (encrypted) version of AuthData data. The encryption mechanism depends on the context
+///
+typedef TPM_AUTHDATA TPM_ENCAUTH;
+
+///
+/// Part 2, section 5.7: TPM_KEY_HANDLE_LIST
+/// Size of handle is loaded * sizeof(TPM_KEY_HANDLE)
+///
+typedef struct tdTPM_KEY_HANDLE_LIST {
+ UINT16 loaded;
+ TPM_KEY_HANDLE handle[1];
+} TPM_KEY_HANDLE_LIST;
+
+//
+// Part 2, section 5.8: TPM_KEY_USAGE values
+//
+///
+/// TPM_KEY_SIGNING SHALL indicate a signing key. The [private] key SHALL be
+/// used for signing operations, only. This means that it MUST be a leaf of the
+/// Protected Storage key hierarchy.
+///
+#define TPM_KEY_SIGNING ((UINT16) 0x0010)
+///
+/// TPM_KEY_STORAGE SHALL indicate a storage key. The key SHALL be used to wrap
+/// and unwrap other keys in the Protected Storage hierarchy
+///
+#define TPM_KEY_STORAGE ((UINT16) 0x0011)
+///
+/// TPM_KEY_IDENTITY SHALL indicate an identity key. The key SHALL be used for
+/// operations that require a TPM identity, only.
+///
+#define TPM_KEY_IDENTITY ((UINT16) 0x0012)
+///
+/// TPM_KEY_AUTHCHANGE SHALL indicate an ephemeral key that is in use during
+/// the ChangeAuthAsym process, only.
+///
+#define TPM_KEY_AUTHCHANGE ((UINT16) 0x0013)
+///
+/// TPM_KEY_BIND SHALL indicate a key that can be used for TPM_Bind and
+/// TPM_Unbind operations only.
+///
+#define TPM_KEY_BIND ((UINT16) 0x0014)
+///
+/// TPM_KEY_LEGACY SHALL indicate a key that can perform signing and binding
+/// operations. The key MAY be used for both signing and binding operations.
+/// The TPM_KEY_LEGACY key type is to allow for use by applications where both
+/// signing and encryption operations occur with the same key. The use of this
+/// key type is not recommended TPM_KEY_MIGRATE 0x0016 This SHALL indicate a
+/// key in use for TPM_MigrateKey
+///
+#define TPM_KEY_LEGACY ((UINT16) 0x0015)
+///
+/// TPM_KEY_MIGRAGE SHALL indicate a key in use for TPM_MigrateKey
+///
+#define TPM_KEY_MIGRATE ((UINT16) 0x0016)
+
+//
+// Part 2, section 5.8.1: Mandatory Key Usage Schemes
+//
+
+#define TPM_ES_NONE ((TPM_ENC_SCHEME) 0x0001)
+#define TPM_ES_RSAESPKCSv15 ((TPM_ENC_SCHEME) 0x0002)
+#define TPM_ES_RSAESOAEP_SHA1_MGF1 ((TPM_ENC_SCHEME) 0x0003)
+#define TPM_ES_SYM_CNT ((TPM_ENC_SCHEME) 0x0004) ///< rev94 defined
+#define TPM_ES_SYM_CTR ((TPM_ENC_SCHEME) 0x0004)
+#define TPM_ES_SYM_OFB ((TPM_ENC_SCHEME) 0x0005)
+
+#define TPM_SS_NONE ((TPM_SIG_SCHEME) 0x0001)
+#define TPM_SS_RSASSAPKCS1v15_SHA1 ((TPM_SIG_SCHEME) 0x0002)
+#define TPM_SS_RSASSAPKCS1v15_DER ((TPM_SIG_SCHEME) 0x0003)
+#define TPM_SS_RSASSAPKCS1v15_INFO ((TPM_SIG_SCHEME) 0x0004)
+
+//
+// Part 2, section 5.9: TPM_AUTH_DATA_USAGE values
+//
+#define TPM_AUTH_NEVER ((TPM_AUTH_DATA_USAGE) 0x00)
+#define TPM_AUTH_ALWAYS ((TPM_AUTH_DATA_USAGE) 0x01)
+#define TPM_AUTH_PRIV_USE_ONLY ((TPM_AUTH_DATA_USAGE) 0x03)
+
+///
+/// Part 2, section 5.10: TPM_KEY_FLAGS
+///
+typedef enum tdTPM_KEY_FLAGS {
+ redirection = 0x00000001,
+ migratable = 0x00000002,
+ isVolatile = 0x00000004,
+ pcrIgnoredOnRead = 0x00000008,
+ migrateAuthority = 0x00000010
+} TPM_KEY_FLAGS_BITS;
+
+///
+/// Part 2, section 5.11: TPM_CHANGEAUTH_VALIDATE
+///
+typedef struct tdTPM_CHANGEAUTH_VALIDATE {
+ TPM_SECRET newAuthSecret;
+ TPM_NONCE n1;
+} TPM_CHANGEAUTH_VALIDATE;
+
+///
+/// Part 2, section 5.12: TPM_MIGRATIONKEYAUTH
+/// decalared after section 10 to catch declaration of TPM_PUBKEY
+///
+/// Part 2 section 10.1: TPM_KEY_PARMS
+/// [size_is(parmSize)] BYTE* parms;
+///
+typedef struct tdTPM_KEY_PARMS {
+ TPM_ALGORITHM_ID algorithmID;
+ TPM_ENC_SCHEME encScheme;
+ TPM_SIG_SCHEME sigScheme;
+ UINT32 parmSize;
+ UINT8 *parms;
+} TPM_KEY_PARMS;
+
+///
+/// Part 2, section 10.4: TPM_STORE_PUBKEY
+///
+typedef struct tdTPM_STORE_PUBKEY {
+ UINT32 keyLength;
+ UINT8 key[1];
+} TPM_STORE_PUBKEY;
+
+///
+/// Part 2, section 10.5: TPM_PUBKEY
+///
+typedef struct tdTPM_PUBKEY{
+ TPM_KEY_PARMS algorithmParms;
+ TPM_STORE_PUBKEY pubKey;
+} TPM_PUBKEY;
+
+///
+/// Part 2, section 5.12: TPM_MIGRATIONKEYAUTH
+///
+typedef struct tdTPM_MIGRATIONKEYAUTH{
+ TPM_PUBKEY migrationKey;
+ TPM_MIGRATE_SCHEME migrationScheme;
+ TPM_DIGEST digest;
+} TPM_MIGRATIONKEYAUTH;
+
+///
+/// Part 2, section 5.13: TPM_COUNTER_VALUE
+///
+typedef struct tdTPM_COUNTER_VALUE{
+ TPM_STRUCTURE_TAG tag;
+ UINT8 label[4];
+ TPM_ACTUAL_COUNT counter;
+} TPM_COUNTER_VALUE;
+
+///
+/// Part 2, section 5.14: TPM_SIGN_INFO
+/// Size of data indicated by dataLen
+///
+typedef struct tdTPM_SIGN_INFO {
+ TPM_STRUCTURE_TAG tag;
+ UINT8 fixed[4];
+ TPM_NONCE replay;
+ UINT32 dataLen;
+ UINT8 *data;
+} TPM_SIGN_INFO;
+
+///
+/// Part 2, section 5.15: TPM_MSA_COMPOSITE
+/// Number of migAuthDigest indicated by MSAlist
+///
+typedef struct tdTPM_MSA_COMPOSITE {
+ UINT32 MSAlist;
+ TPM_DIGEST migAuthDigest[1];
+} TPM_MSA_COMPOSITE;
+
+///
+/// Part 2, section 5.16: TPM_CMK_AUTH
+///
+typedef struct tdTPM_CMK_AUTH{
+ TPM_DIGEST migrationAuthorityDigest;
+ TPM_DIGEST destinationKeyDigest;
+ TPM_DIGEST sourceKeyDigest;
+} TPM_CMK_AUTH;
+
+//
+// Part 2, section 5.17: TPM_CMK_DELEGATE
+//
+#define TPM_CMK_DELEGATE_SIGNING ((TPM_CMK_DELEGATE) BIT31)
+#define TPM_CMK_DELEGATE_STORAGE ((TPM_CMK_DELEGATE) BIT30)
+#define TPM_CMK_DELEGATE_BIND ((TPM_CMK_DELEGATE) BIT29)
+#define TPM_CMK_DELEGATE_LEGACY ((TPM_CMK_DELEGATE) BIT28)
+#define TPM_CMK_DELEGATE_MIGRATE ((TPM_CMK_DELEGATE) BIT27)
+
+///
+/// Part 2, section 5.18: TPM_SELECT_SIZE
+///
+typedef struct tdTPM_SELECT_SIZE {
+ UINT8 major;
+ UINT8 minor;
+ UINT16 reqSize;
+} TPM_SELECT_SIZE;
+
+///
+/// Part 2, section 5,19: TPM_CMK_MIGAUTH
+///
+typedef struct tdTPM_CMK_MIGAUTH{
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST msaDigest;
+ TPM_DIGEST pubKeyDigest;
+} TPM_CMK_MIGAUTH;
+
+///
+/// Part 2, section 5.20: TPM_CMK_SIGTICKET
+///
+typedef struct tdTPM_CMK_SIGTICKET{
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST verKeyDigest;
+ TPM_DIGEST signedData;
+} TPM_CMK_SIGTICKET;
+
+///
+/// Part 2, section 5.21: TPM_CMK_MA_APPROVAL
+///
+typedef struct tdTPM_CMK_MA_APPROVAL{
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST migrationAuthorityDigest;
+} TPM_CMK_MA_APPROVAL;
+
+//
+// Part 2, section 6: Command Tags
+//
+#define TPM_TAG_RQU_COMMAND ((TPM_STRUCTURE_TAG) 0x00C1)
+#define TPM_TAG_RQU_AUTH1_COMMAND ((TPM_STRUCTURE_TAG) 0x00C2)
+#define TPM_TAG_RQU_AUTH2_COMMAND ((TPM_STRUCTURE_TAG) 0x00C3)
+#define TPM_TAG_RSP_COMMAND ((TPM_STRUCTURE_TAG) 0x00C4)
+#define TPM_TAG_RSP_AUTH1_COMMAND ((TPM_STRUCTURE_TAG) 0x00C5)
+#define TPM_TAG_RSP_AUTH2_COMMAND ((TPM_STRUCTURE_TAG) 0x00C6)
+
+///
+/// Part 2, section 7.1: TPM_PERMANENT_FLAGS
+///
+typedef struct tdTPM_PERMANENT_FLAGS{
+ TPM_STRUCTURE_TAG tag;
+ BOOLEAN disable;
+ BOOLEAN ownership;
+ BOOLEAN deactivated;
+ BOOLEAN readPubek;
+ BOOLEAN disableOwnerClear;
+ BOOLEAN allowMaintenance;
+ BOOLEAN physicalPresenceLifetimeLock;
+ BOOLEAN physicalPresenceHWEnable;
+ BOOLEAN physicalPresenceCMDEnable;
+ BOOLEAN CEKPUsed;
+ BOOLEAN TPMpost;
+ BOOLEAN TPMpostLock;
+ BOOLEAN FIPS;
+ BOOLEAN operator;
+ BOOLEAN enableRevokeEK;
+ BOOLEAN nvLocked;
+ BOOLEAN readSRKPub;
+ BOOLEAN tpmEstablished;
+ BOOLEAN maintenanceDone;
+ BOOLEAN disableFullDALogicInfo;
+} TPM_PERMANENT_FLAGS;
+
+//
+// Part 2, section 7.1.1: Flag Restrictions (of TPM_PERMANENT_FLAGS)
+//
+#define TPM_PF_DISABLE ((TPM_CAPABILITY_AREA) 1)
+#define TPM_PF_OWNERSHIP ((TPM_CAPABILITY_AREA) 2)
+#define TPM_PF_DEACTIVATED ((TPM_CAPABILITY_AREA) 3)
+#define TPM_PF_READPUBEK ((TPM_CAPABILITY_AREA) 4)
+#define TPM_PF_DISABLEOWNERCLEAR ((TPM_CAPABILITY_AREA) 5)
+#define TPM_PF_ALLOWMAINTENANCE ((TPM_CAPABILITY_AREA) 6)
+#define TPM_PF_PHYSICALPRESENCELIFETIMELOCK ((TPM_CAPABILITY_AREA) 7)
+#define TPM_PF_PHYSICALPRESENCEHWENABLE ((TPM_CAPABILITY_AREA) 8)
+#define TPM_PF_PHYSICALPRESENCECMDENABLE ((TPM_CAPABILITY_AREA) 9)
+#define TPM_PF_CEKPUSED ((TPM_CAPABILITY_AREA) 10)
+#define TPM_PF_TPMPOST ((TPM_CAPABILITY_AREA) 11)
+#define TPM_PF_TPMPOSTLOCK ((TPM_CAPABILITY_AREA) 12)
+#define TPM_PF_FIPS ((TPM_CAPABILITY_AREA) 13)
+#define TPM_PF_OPERATOR ((TPM_CAPABILITY_AREA) 14)
+#define TPM_PF_ENABLEREVOKEEK ((TPM_CAPABILITY_AREA) 15)
+#define TPM_PF_NV_LOCKED ((TPM_CAPABILITY_AREA) 16)
+#define TPM_PF_READSRKPUB ((TPM_CAPABILITY_AREA) 17)
+#define TPM_PF_TPMESTABLISHED ((TPM_CAPABILITY_AREA) 18)
+#define TPM_PF_MAINTENANCEDONE ((TPM_CAPABILITY_AREA) 19)
+#define TPM_PF_DISABLEFULLDALOGICINFO ((TPM_CAPABILITY_AREA) 20)
+
+///
+/// Part 2, section 7.2: TPM_STCLEAR_FLAGS
+///
+typedef struct tdTPM_STCLEAR_FLAGS{
+ TPM_STRUCTURE_TAG tag;
+ BOOLEAN deactivated;
+ BOOLEAN disableForceClear;
+ BOOLEAN physicalPresence;
+ BOOLEAN physicalPresenceLock;
+ BOOLEAN bGlobalLock;
+} TPM_STCLEAR_FLAGS;
+
+//
+// Part 2, section 7.2.1: Flag Restrictions (of TPM_STCLEAR_FLAGS)
+//
+#define TPM_SF_DEACTIVATED ((TPM_CAPABILITY_AREA) 1)
+#define TPM_SF_DISABLEFORCECLEAR ((TPM_CAPABILITY_AREA) 2)
+#define TPM_SF_PHYSICALPRESENCE ((TPM_CAPABILITY_AREA) 3)
+#define TPM_SF_PHYSICALPRESENCELOCK ((TPM_CAPABILITY_AREA) 4)
+#define TPM_SF_BGLOBALLOCK ((TPM_CAPABILITY_AREA) 5)
+
+///
+/// Part 2, section 7.3: TPM_STANY_FLAGS
+///
+typedef struct tdTPM_STANY_FLAGS{
+ TPM_STRUCTURE_TAG tag;
+ BOOLEAN postInitialise;
+ TPM_MODIFIER_INDICATOR localityModifier;
+ BOOLEAN transportExclusive;
+ BOOLEAN TOSPresent;
+} TPM_STANY_FLAGS;
+
+//
+// Part 2, section 7.3.1: Flag Restrictions (of TPM_STANY_FLAGS)
+//
+#define TPM_AF_POSTINITIALISE ((TPM_CAPABILITY_AREA) 1)
+#define TPM_AF_LOCALITYMODIFIER ((TPM_CAPABILITY_AREA) 2)
+#define TPM_AF_TRANSPORTEXCLUSIVE ((TPM_CAPABILITY_AREA) 3)
+#define TPM_AF_TOSPRESENT ((TPM_CAPABILITY_AREA) 4)
+
+//
+// All those structures defined in section 7.4, 7.5, 7.6 are not normative and
+// thus no definitions here
+//
+// Part 2, section 7.4: TPM_PERMANENT_DATA
+//
+#define TPM_MIN_COUNTERS 4 ///< the minimum number of counters is 4
+#define TPM_DELEGATE_KEY TPM_KEY
+#define TPM_NUM_PCR 16
+#define TPM_MAX_NV_WRITE_NOOWNER 64
+
+//
+// Part 2, section 7.4.1: PERMANENT_DATA Subcap for SetCapability
+//
+#define TPM_PD_REVMAJOR ((TPM_CAPABILITY_AREA) 1)
+#define TPM_PD_REVMINOR ((TPM_CAPABILITY_AREA) 2)
+#define TPM_PD_TPMPROOF ((TPM_CAPABILITY_AREA) 3)
+#define TPM_PD_OWNERAUTH ((TPM_CAPABILITY_AREA) 4)
+#define TPM_PD_OPERATORAUTH ((TPM_CAPABILITY_AREA) 5)
+#define TPM_PD_MANUMAINTPUB ((TPM_CAPABILITY_AREA) 6)
+#define TPM_PD_ENDORSEMENTKEY ((TPM_CAPABILITY_AREA) 7)
+#define TPM_PD_SRK ((TPM_CAPABILITY_AREA) 8)
+#define TPM_PD_DELEGATEKEY ((TPM_CAPABILITY_AREA) 9)
+#define TPM_PD_CONTEXTKEY ((TPM_CAPABILITY_AREA) 10)
+#define TPM_PD_AUDITMONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 11)
+#define TPM_PD_MONOTONICCOUNTER ((TPM_CAPABILITY_AREA) 12)
+#define TPM_PD_PCRATTRIB ((TPM_CAPABILITY_AREA) 13)
+#define TPM_PD_ORDINALAUDITSTATUS ((TPM_CAPABILITY_AREA) 14)
+#define TPM_PD_AUTHDIR ((TPM_CAPABILITY_AREA) 15)
+#define TPM_PD_RNGSTATE ((TPM_CAPABILITY_AREA) 16)
+#define TPM_PD_FAMILYTABLE ((TPM_CAPABILITY_AREA) 17)
+#define TPM_DELEGATETABLE ((TPM_CAPABILITY_AREA) 18)
+#define TPM_PD_EKRESET ((TPM_CAPABILITY_AREA) 19)
+#define TPM_PD_MAXNVBUFSIZE ((TPM_CAPABILITY_AREA) 20)
+#define TPM_PD_LASTFAMILYID ((TPM_CAPABILITY_AREA) 21)
+#define TPM_PD_NOOWNERNVWRITE ((TPM_CAPABILITY_AREA) 22)
+#define TPM_PD_RESTRICTDELEGATE ((TPM_CAPABILITY_AREA) 23)
+#define TPM_PD_TPMDAASEED ((TPM_CAPABILITY_AREA) 24)
+#define TPM_PD_DAAPROOF ((TPM_CAPABILITY_AREA) 25)
+
+///
+/// Part 2, section 7.5: TPM_STCLEAR_DATA
+/// available inside TPM only
+///
+ typedef struct tdTPM_STCLEAR_DATA{
+ TPM_STRUCTURE_TAG tag;
+ TPM_NONCE contextNonceKey;
+ TPM_COUNT_ID countID;
+ UINT32 ownerReference;
+ BOOLEAN disableResetLock;
+ TPM_PCRVALUE PCR[TPM_NUM_PCR];
+ UINT32 deferredPhysicalPresence;
+ }TPM_STCLEAR_DATA;
+
+//
+// Part 2, section 7.5.1: STCLEAR_DATA Subcap for SetCapability
+//
+#define TPM_SD_CONTEXTNONCEKEY ((TPM_CAPABILITY_AREA)0x00000001)
+#define TPM_SD_COUNTID ((TPM_CAPABILITY_AREA)0x00000002)
+#define TPM_SD_OWNERREFERENCE ((TPM_CAPABILITY_AREA)0x00000003)
+#define TPM_SD_DISABLERESETLOCK ((TPM_CAPABILITY_AREA)0x00000004)
+#define TPM_SD_PCR ((TPM_CAPABILITY_AREA)0x00000005)
+#define TPM_SD_DEFERREDPHYSICALPRESENCE ((TPM_CAPABILITY_AREA)0x00000006)
+
+//
+// Part 2, section 7.6.1: STANY_DATA Subcap for SetCapability
+//
+#define TPM_AD_CONTEXTNONCESESSION ((TPM_CAPABILITY_AREA) 1)
+#define TPM_AD_AUDITDIGEST ((TPM_CAPABILITY_AREA) 2)
+#define TPM_AD_CURRENTTICKS ((TPM_CAPABILITY_AREA) 3)
+#define TPM_AD_CONTEXTCOUNT ((TPM_CAPABILITY_AREA) 4)
+#define TPM_AD_CONTEXTLIST ((TPM_CAPABILITY_AREA) 5)
+#define TPM_AD_SESSIONS ((TPM_CAPABILITY_AREA) 6)
+
+//
+// Part 2, section 8: PCR Structures
+//
+
+///
+/// Part 2, section 8.1: TPM_PCR_SELECTION
+/// Size of pcrSelect[] indicated by sizeOfSelect
+///
+typedef struct tdTPM_PCR_SELECTION {
+ UINT16 sizeOfSelect;
+ UINT8 pcrSelect[1];
+} TPM_PCR_SELECTION;
+
+///
+/// Part 2, section 8.2: TPM_PCR_COMPOSITE
+/// Size of pcrValue[] indicated by valueSize
+///
+typedef struct tdTPM_PCR_COMPOSITE {
+ TPM_PCR_SELECTION select;
+ UINT32 valueSize;
+ TPM_PCRVALUE pcrValue[1];
+} TPM_PCR_COMPOSITE;
+
+///
+/// Part 2, section 8.3: TPM_PCR_INFO
+///
+typedef struct tdTPM_PCR_INFO {
+ TPM_PCR_SELECTION pcrSelection;
+ TPM_COMPOSITE_HASH digestAtRelease;
+ TPM_COMPOSITE_HASH digestAtCreation;
+} TPM_PCR_INFO;
+
+///
+/// Part 2, section 8.6: TPM_LOCALITY_SELECTION
+///
+typedef UINT8 TPM_LOCALITY_SELECTION;
+
+#define TPM_LOC_FOUR ((UINT8) 0x10)
+#define TPM_LOC_THREE ((UINT8) 0x08)
+#define TPM_LOC_TWO ((UINT8) 0x04)
+#define TPM_LOC_ONE ((UINT8) 0x02)
+#define TPM_LOC_ZERO ((UINT8) 0x01)
+
+///
+/// Part 2, section 8.4: TPM_PCR_INFO_LONG
+///
+typedef struct tdTPM_PCR_INFO_LONG {
+ TPM_STRUCTURE_TAG tag;
+ TPM_LOCALITY_SELECTION localityAtCreation;
+ TPM_LOCALITY_SELECTION localityAtRelease;
+ TPM_PCR_SELECTION creationPCRSelection;
+ TPM_PCR_SELECTION releasePCRSelection;
+ TPM_COMPOSITE_HASH digestAtCreation;
+ TPM_COMPOSITE_HASH digestAtRelease;
+} TPM_PCR_INFO_LONG;
+
+///
+/// Part 2, section 8.5: TPM_PCR_INFO_SHORT
+///
+typedef struct tdTPM_PCR_INFO_SHORT{
+ TPM_PCR_SELECTION pcrSelection;
+ TPM_LOCALITY_SELECTION localityAtRelease;
+ TPM_COMPOSITE_HASH digestAtRelease;
+} TPM_PCR_INFO_SHORT;
+
+///
+/// Part 2, section 8.8: TPM_PCR_ATTRIBUTES
+///
+typedef struct tdTPM_PCR_ATTRIBUTES{
+ BOOLEAN pcrReset;
+ TPM_LOCALITY_SELECTION pcrExtendLocal;
+ TPM_LOCALITY_SELECTION pcrResetLocal;
+} TPM_PCR_ATTRIBUTES;
+
+//
+// Part 2, section 9: Storage Structures
+//
+
+///
+/// Part 2, section 9.1: TPM_STORED_DATA
+/// [size_is(sealInfoSize)] BYTE* sealInfo;
+/// [size_is(encDataSize)] BYTE* encData;
+///
+typedef struct tdTPM_STORED_DATA {
+ TPM_STRUCT_VER ver;
+ UINT32 sealInfoSize;
+ UINT8 *sealInfo;
+ UINT32 encDataSize;
+ UINT8 *encData;
+} TPM_STORED_DATA;
+
+///
+/// Part 2, section 9.2: TPM_STORED_DATA12
+/// [size_is(sealInfoSize)] BYTE* sealInfo;
+/// [size_is(encDataSize)] BYTE* encData;
+///
+typedef struct tdTPM_STORED_DATA12 {
+ TPM_STRUCTURE_TAG tag;
+ TPM_ENTITY_TYPE et;
+ UINT32 sealInfoSize;
+ UINT8 *sealInfo;
+ UINT32 encDataSize;
+ UINT8 *encData;
+} TPM_STORED_DATA12;
+
+///
+/// Part 2, section 9.3: TPM_SEALED_DATA
+/// [size_is(dataSize)] BYTE* data;
+///
+typedef struct tdTPM_SEALED_DATA {
+ TPM_PAYLOAD_TYPE payload;
+ TPM_SECRET authData;
+ TPM_NONCE tpmProof;
+ TPM_DIGEST storedDigest;
+ UINT32 dataSize;
+ UINT8 *data;
+} TPM_SEALED_DATA;
+
+///
+/// Part 2, section 9.4: TPM_SYMMETRIC_KEY
+/// [size_is(size)] BYTE* data;
+///
+typedef struct tdTPM_SYMMETRIC_KEY {
+ TPM_ALGORITHM_ID algId;
+ TPM_ENC_SCHEME encScheme;
+ UINT16 dataSize;
+ UINT8 *data;
+} TPM_SYMMETRIC_KEY;
+
+///
+/// Part 2, section 9.5: TPM_BOUND_DATA
+///
+typedef struct tdTPM_BOUND_DATA {
+ TPM_STRUCT_VER ver;
+ TPM_PAYLOAD_TYPE payload;
+ UINT8 payloadData[1];
+} TPM_BOUND_DATA;
+
+//
+// Part 2 section 10: TPM_KEY complex
+//
+
+//
+// Section 10.1, 10.4, and 10.5 have been defined previously
+//
+
+///
+/// Part 2, section 10.2: TPM_KEY
+/// [size_is(encDataSize)] BYTE* encData;
+///
+typedef struct tdTPM_KEY{
+ TPM_STRUCT_VER ver;
+ TPM_KEY_USAGE keyUsage;
+ TPM_KEY_FLAGS keyFlags;
+ TPM_AUTH_DATA_USAGE authDataUsage;
+ TPM_KEY_PARMS algorithmParms;
+ UINT32 PCRInfoSize;
+ UINT8 *PCRInfo;
+ TPM_STORE_PUBKEY pubKey;
+ UINT32 encDataSize;
+ UINT8 *encData;
+} TPM_KEY;
+
+///
+/// Part 2, section 10.3: TPM_KEY12
+/// [size_is(encDataSize)] BYTE* encData;
+///
+typedef struct tdTPM_KEY12{
+ TPM_STRUCTURE_TAG tag;
+ UINT16 fill;
+ TPM_KEY_USAGE keyUsage;
+ TPM_KEY_FLAGS keyFlags;
+ TPM_AUTH_DATA_USAGE authDataUsage;
+ TPM_KEY_PARMS algorithmParms;
+ UINT32 PCRInfoSize;
+ UINT8 *PCRInfo;
+ TPM_STORE_PUBKEY pubKey;
+ UINT32 encDataSize;
+ UINT8 *encData;
+} TPM_KEY12;
+
+///
+/// Part 2, section 10.7: TPM_STORE_PRIVKEY
+/// [size_is(keyLength)] BYTE* key;
+///
+typedef struct tdTPM_STORE_PRIVKEY {
+ UINT32 keyLength;
+ UINT8 *key;
+} TPM_STORE_PRIVKEY;
+
+///
+/// Part 2, section 10.6: TPM_STORE_ASYMKEY
+///
+typedef struct tdTPM_STORE_ASYMKEY { // pos len total
+ TPM_PAYLOAD_TYPE payload; // 0 1 1
+ TPM_SECRET usageAuth; // 1 20 21
+ TPM_SECRET migrationAuth; // 21 20 41
+ TPM_DIGEST pubDataDigest; // 41 20 61
+ TPM_STORE_PRIVKEY privKey; // 61 132-151 193-214
+} TPM_STORE_ASYMKEY;
+
+///
+/// Part 2, section 10.8: TPM_MIGRATE_ASYMKEY
+/// [size_is(partPrivKeyLen)] BYTE* partPrivKey;
+///
+typedef struct tdTPM_MIGRATE_ASYMKEY { // pos len total
+ TPM_PAYLOAD_TYPE payload; // 0 1 1
+ TPM_SECRET usageAuth; // 1 20 21
+ TPM_DIGEST pubDataDigest; // 21 20 41
+ UINT32 partPrivKeyLen; // 41 4 45
+ UINT8 *partPrivKey; // 45 112-127 157-172
+} TPM_MIGRATE_ASYMKEY;
+
+///
+/// Part 2, section 10.9: TPM_KEY_CONTROL
+///
+#define TPM_KEY_CONTROL_OWNER_EVICT ((UINT32) 0x00000001)
+
+//
+// Part 2, section 11: Signed Structures
+//
+
+///
+/// Part 2, section 11.1: TPM_CERTIFY_INFO Structure
+///
+typedef struct tdTPM_CERTIFY_INFO {
+ TPM_STRUCT_VER version;
+ TPM_KEY_USAGE keyUsage;
+ TPM_KEY_FLAGS keyFlags;
+ TPM_AUTH_DATA_USAGE authDataUsage;
+ TPM_KEY_PARMS algorithmParms;
+ TPM_DIGEST pubkeyDigest;
+ TPM_NONCE data;
+ BOOLEAN parentPCRStatus;
+ UINT32 PCRInfoSize;
+ UINT8 *PCRInfo;
+} TPM_CERTIFY_INFO;
+
+///
+/// Part 2, section 11.2: TPM_CERTIFY_INFO2 Structure
+///
+typedef struct tdTPM_CERTIFY_INFO2 {
+ TPM_STRUCTURE_TAG tag;
+ UINT8 fill;
+ TPM_PAYLOAD_TYPE payloadType;
+ TPM_KEY_USAGE keyUsage;
+ TPM_KEY_FLAGS keyFlags;
+ TPM_AUTH_DATA_USAGE authDataUsage;
+ TPM_KEY_PARMS algorithmParms;
+ TPM_DIGEST pubkeyDigest;
+ TPM_NONCE data;
+ BOOLEAN parentPCRStatus;
+ UINT32 PCRInfoSize;
+ UINT8 *PCRInfo;
+ UINT32 migrationAuthoritySize;
+ UINT8 *migrationAuthority;
+} TPM_CERTIFY_INFO2;
+
+///
+/// Part 2, section 11.3 TPM_QUOTE_INFO Structure
+///
+typedef struct tdTPM_QUOTE_INFO {
+ TPM_STRUCT_VER version;
+ UINT8 fixed[4];
+ TPM_COMPOSITE_HASH digestValue;
+ TPM_NONCE externalData;
+} TPM_QUOTE_INFO;
+
+///
+/// Part 2, section 11.4 TPM_QUOTE_INFO2 Structure
+///
+typedef struct tdTPM_QUOTE_INFO2 {
+ TPM_STRUCTURE_TAG tag;
+ UINT8 fixed[4];
+ TPM_NONCE externalData;
+ TPM_PCR_INFO_SHORT infoShort;
+} TPM_QUOTE_INFO2;
+
+//
+// Part 2, section 12: Identity Structures
+//
+
+///
+/// Part 2, section 12.1 TPM_EK_BLOB
+///
+typedef struct tdTPM_EK_BLOB {
+ TPM_STRUCTURE_TAG tag;
+ TPM_EK_TYPE ekType;
+ UINT32 blobSize;
+ UINT8 *blob;
+} TPM_EK_BLOB;
+
+///
+/// Part 2, section 12.2 TPM_EK_BLOB_ACTIVATE
+///
+typedef struct tdTPM_EK_BLOB_ACTIVATE {
+ TPM_STRUCTURE_TAG tag;
+ TPM_SYMMETRIC_KEY sessionKey;
+ TPM_DIGEST idDigest;
+ TPM_PCR_INFO_SHORT pcrInfo;
+} TPM_EK_BLOB_ACTIVATE;
+
+///
+/// Part 2, section 12.3 TPM_EK_BLOB_AUTH
+///
+typedef struct tdTPM_EK_BLOB_AUTH {
+ TPM_STRUCTURE_TAG tag;
+ TPM_SECRET authValue;
+} TPM_EK_BLOB_AUTH;
+
+
+///
+/// Part 2, section 12.5 TPM_IDENTITY_CONTENTS
+///
+typedef struct tdTPM_IDENTITY_CONTENTS {
+ TPM_STRUCT_VER ver;
+ UINT32 ordinal;
+ TPM_CHOSENID_HASH labelPrivCADigest;
+ TPM_PUBKEY identityPubKey;
+} TPM_IDENTITY_CONTENTS;
+
+///
+/// Part 2, section 12.6 TPM_IDENTITY_REQ
+///
+typedef struct tdTPM_IDENTITY_REQ {
+ UINT32 asymSize;
+ UINT32 symSize;
+ TPM_KEY_PARMS asymAlgorithm;
+ TPM_KEY_PARMS symAlgorithm;
+ UINT8 *asymBlob;
+ UINT8 *symBlob;
+} TPM_IDENTITY_REQ;
+
+///
+/// Part 2, section 12.7 TPM_IDENTITY_PROOF
+///
+typedef struct tdTPM_IDENTITY_PROOF {
+ TPM_STRUCT_VER ver;
+ UINT32 labelSize;
+ UINT32 identityBindingSize;
+ UINT32 endorsementSize;
+ UINT32 platformSize;
+ UINT32 conformanceSize;
+ TPM_PUBKEY identityKey;
+ UINT8 *labelArea;
+ UINT8 *identityBinding;
+ UINT8 *endorsementCredential;
+ UINT8 *platformCredential;
+ UINT8 *conformanceCredential;
+} TPM_IDENTITY_PROOF;
+
+///
+/// Part 2, section 12.8 TPM_ASYM_CA_CONTENTS
+///
+typedef struct tdTPM_ASYM_CA_CONTENTS {
+ TPM_SYMMETRIC_KEY sessionKey;
+ TPM_DIGEST idDigest;
+} TPM_ASYM_CA_CONTENTS;
+
+///
+/// Part 2, section 12.9 TPM_SYM_CA_ATTESTATION
+///
+typedef struct tdTPM_SYM_CA_ATTESTATION {
+ UINT32 credSize;
+ TPM_KEY_PARMS algorithm;
+ UINT8 *credential;
+} TPM_SYM_CA_ATTESTATION;
+
+///
+/// Part 2, section 15: Tick Structures
+/// Placed here out of order because definitions are used in section 13.
+///
+typedef struct tdTPM_CURRENT_TICKS {
+ TPM_STRUCTURE_TAG tag;
+ UINT64 currentTicks;
+ UINT16 tickRate;
+ TPM_NONCE tickNonce;
+} TPM_CURRENT_TICKS;
+
+///
+/// Part 2, section 13: Transport structures
+///
+
+///
+/// Part 2, section 13.1: TPM _TRANSPORT_PUBLIC
+///
+typedef struct tdTPM_TRANSPORT_PUBLIC {
+ TPM_STRUCTURE_TAG tag;
+ TPM_TRANSPORT_ATTRIBUTES transAttributes;
+ TPM_ALGORITHM_ID algId;
+ TPM_ENC_SCHEME encScheme;
+} TPM_TRANSPORT_PUBLIC;
+
+//
+// Part 2, section 13.1.1 TPM_TRANSPORT_ATTRIBUTES Definitions
+//
+#define TPM_TRANSPORT_ENCRYPT ((UINT32)BIT0)
+#define TPM_TRANSPORT_LOG ((UINT32)BIT1)
+#define TPM_TRANSPORT_EXCLUSIVE ((UINT32)BIT2)
+
+///
+/// Part 2, section 13.2 TPM_TRANSPORT_INTERNAL
+///
+typedef struct tdTPM_TRANSPORT_INTERNAL {
+ TPM_STRUCTURE_TAG tag;
+ TPM_AUTHDATA authData;
+ TPM_TRANSPORT_PUBLIC transPublic;
+ TPM_TRANSHANDLE transHandle;
+ TPM_NONCE transNonceEven;
+ TPM_DIGEST transDigest;
+} TPM_TRANSPORT_INTERNAL;
+
+///
+/// Part 2, section 13.3 TPM_TRANSPORT_LOG_IN structure
+///
+typedef struct tdTPM_TRANSPORT_LOG_IN {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST parameters;
+ TPM_DIGEST pubKeyHash;
+} TPM_TRANSPORT_LOG_IN;
+
+///
+/// Part 2, section 13.4 TPM_TRANSPORT_LOG_OUT structure
+///
+typedef struct tdTPM_TRANSPORT_LOG_OUT {
+ TPM_STRUCTURE_TAG tag;
+ TPM_CURRENT_TICKS currentTicks;
+ TPM_DIGEST parameters;
+ TPM_MODIFIER_INDICATOR locality;
+} TPM_TRANSPORT_LOG_OUT;
+
+///
+/// Part 2, section 13.5 TPM_TRANSPORT_AUTH structure
+///
+typedef struct tdTPM_TRANSPORT_AUTH {
+ TPM_STRUCTURE_TAG tag;
+ TPM_AUTHDATA authData;
+} TPM_TRANSPORT_AUTH;
+
+//
+// Part 2, section 14: Audit Structures
+//
+
+///
+/// Part 2, section 14.1 TPM_AUDIT_EVENT_IN structure
+///
+typedef struct tdTPM_AUDIT_EVENT_IN {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST inputParms;
+ TPM_COUNTER_VALUE auditCount;
+} TPM_AUDIT_EVENT_IN;
+
+///
+/// Part 2, section 14.2 TPM_AUDIT_EVENT_OUT structure
+///
+typedef struct tdTPM_AUDIT_EVENT_OUT {
+ TPM_STRUCTURE_TAG tag;
+ TPM_COMMAND_CODE ordinal;
+ TPM_DIGEST outputParms;
+ TPM_COUNTER_VALUE auditCount;
+ TPM_RESULT returnCode;
+} TPM_AUDIT_EVENT_OUT;
+
+//
+// Part 2, section 16: Return Codes
+//
+
+#define TPM_VENDOR_ERROR TPM_Vendor_Specific32
+#define TPM_NON_FATAL 0x00000800
+
+#define TPM_SUCCESS ((TPM_RESULT) TPM_BASE)
+#define TPM_AUTHFAIL ((TPM_RESULT) (TPM_BASE + 1))
+#define TPM_BADINDEX ((TPM_RESULT) (TPM_BASE + 2))
+#define TPM_BAD_PARAMETER ((TPM_RESULT) (TPM_BASE + 3))
+#define TPM_AUDITFAILURE ((TPM_RESULT) (TPM_BASE + 4))
+#define TPM_CLEAR_DISABLED ((TPM_RESULT) (TPM_BASE + 5))
+#define TPM_DEACTIVATED ((TPM_RESULT) (TPM_BASE + 6))
+#define TPM_DISABLED ((TPM_RESULT) (TPM_BASE + 7))
+#define TPM_DISABLED_CMD ((TPM_RESULT) (TPM_BASE + 8))
+#define TPM_FAIL ((TPM_RESULT) (TPM_BASE + 9))
+#define TPM_BAD_ORDINAL ((TPM_RESULT) (TPM_BASE + 10))
+#define TPM_INSTALL_DISABLED ((TPM_RESULT) (TPM_BASE + 11))
+#define TPM_INVALID_KEYHANDLE ((TPM_RESULT) (TPM_BASE + 12))
+#define TPM_KEYNOTFOUND ((TPM_RESULT) (TPM_BASE + 13))
+#define TPM_INAPPROPRIATE_ENC ((TPM_RESULT) (TPM_BASE + 14))
+#define TPM_MIGRATEFAIL ((TPM_RESULT) (TPM_BASE + 15))
+#define TPM_INVALID_PCR_INFO ((TPM_RESULT) (TPM_BASE + 16))
+#define TPM_NOSPACE ((TPM_RESULT) (TPM_BASE + 17))
+#define TPM_NOSRK ((TPM_RESULT) (TPM_BASE + 18))
+#define TPM_NOTSEALED_BLOB ((TPM_RESULT) (TPM_BASE + 19))
+#define TPM_OWNER_SET ((TPM_RESULT) (TPM_BASE + 20))
+#define TPM_RESOURCES ((TPM_RESULT) (TPM_BASE + 21))
+#define TPM_SHORTRANDOM ((TPM_RESULT) (TPM_BASE + 22))
+#define TPM_SIZE ((TPM_RESULT) (TPM_BASE + 23))
+#define TPM_WRONGPCRVAL ((TPM_RESULT) (TPM_BASE + 24))
+#define TPM_BAD_PARAM_SIZE ((TPM_RESULT) (TPM_BASE + 25))
+#define TPM_SHA_THREAD ((TPM_RESULT) (TPM_BASE + 26))
+#define TPM_SHA_ERROR ((TPM_RESULT) (TPM_BASE + 27))
+#define TPM_FAILEDSELFTEST ((TPM_RESULT) (TPM_BASE + 28))
+#define TPM_AUTH2FAIL ((TPM_RESULT) (TPM_BASE + 29))
+#define TPM_BADTAG ((TPM_RESULT) (TPM_BASE + 30))
+#define TPM_IOERROR ((TPM_RESULT) (TPM_BASE + 31))
+#define TPM_ENCRYPT_ERROR ((TPM_RESULT) (TPM_BASE + 32))
+#define TPM_DECRYPT_ERROR ((TPM_RESULT) (TPM_BASE + 33))
+#define TPM_INVALID_AUTHHANDLE ((TPM_RESULT) (TPM_BASE + 34))
+#define TPM_NO_ENDORSEMENT ((TPM_RESULT) (TPM_BASE + 35))
+#define TPM_INVALID_KEYUSAGE ((TPM_RESULT) (TPM_BASE + 36))
+#define TPM_WRONG_ENTITYTYPE ((TPM_RESULT) (TPM_BASE + 37))
+#define TPM_INVALID_POSTINIT ((TPM_RESULT) (TPM_BASE + 38))
+#define TPM_INAPPROPRIATE_SIG ((TPM_RESULT) (TPM_BASE + 39))
+#define TPM_BAD_KEY_PROPERTY ((TPM_RESULT) (TPM_BASE + 40))
+#define TPM_BAD_MIGRATION ((TPM_RESULT) (TPM_BASE + 41))
+#define TPM_BAD_SCHEME ((TPM_RESULT) (TPM_BASE + 42))
+#define TPM_BAD_DATASIZE ((TPM_RESULT) (TPM_BASE + 43))
+#define TPM_BAD_MODE ((TPM_RESULT) (TPM_BASE + 44))
+#define TPM_BAD_PRESENCE ((TPM_RESULT) (TPM_BASE + 45))
+#define TPM_BAD_VERSION ((TPM_RESULT) (TPM_BASE + 46))
+#define TPM_NO_WRAP_TRANSPORT ((TPM_RESULT) (TPM_BASE + 47))
+#define TPM_AUDITFAIL_UNSUCCESSFUL ((TPM_RESULT) (TPM_BASE + 48))
+#define TPM_AUDITFAIL_SUCCESSFUL ((TPM_RESULT) (TPM_BASE + 49))
+#define TPM_NOTRESETABLE ((TPM_RESULT) (TPM_BASE + 50))
+#define TPM_NOTLOCAL ((TPM_RESULT) (TPM_BASE + 51))
+#define TPM_BAD_TYPE ((TPM_RESULT) (TPM_BASE + 52))
+#define TPM_INVALID_RESOURCE ((TPM_RESULT) (TPM_BASE + 53))
+#define TPM_NOTFIPS ((TPM_RESULT) (TPM_BASE + 54))
+#define TPM_INVALID_FAMILY ((TPM_RESULT) (TPM_BASE + 55))
+#define TPM_NO_NV_PERMISSION ((TPM_RESULT) (TPM_BASE + 56))
+#define TPM_REQUIRES_SIGN ((TPM_RESULT) (TPM_BASE + 57))
+#define TPM_KEY_NOTSUPPORTED ((TPM_RESULT) (TPM_BASE + 58))
+#define TPM_AUTH_CONFLICT ((TPM_RESULT) (TPM_BASE + 59))
+#define TPM_AREA_LOCKED ((TPM_RESULT) (TPM_BASE + 60))
+#define TPM_BAD_LOCALITY ((TPM_RESULT) (TPM_BASE + 61))
+#define TPM_READ_ONLY ((TPM_RESULT) (TPM_BASE + 62))
+#define TPM_PER_NOWRITE ((TPM_RESULT) (TPM_BASE + 63))
+#define TPM_FAMILYCOUNT ((TPM_RESULT) (TPM_BASE + 64))
+#define TPM_WRITE_LOCKED ((TPM_RESULT) (TPM_BASE + 65))
+#define TPM_BAD_ATTRIBUTES ((TPM_RESULT) (TPM_BASE + 66))
+#define TPM_INVALID_STRUCTURE ((TPM_RESULT) (TPM_BASE + 67))
+#define TPM_KEY_OWNER_CONTROL ((TPM_RESULT) (TPM_BASE + 68))
+#define TPM_BAD_COUNTER ((TPM_RESULT) (TPM_BASE + 69))
+#define TPM_NOT_FULLWRITE ((TPM_RESULT) (TPM_BASE + 70))
+#define TPM_CONTEXT_GAP ((TPM_RESULT) (TPM_BASE + 71))
+#define TPM_MAXNVWRITES ((TPM_RESULT) (TPM_BASE + 72))
+#define TPM_NOOPERATOR ((TPM_RESULT) (TPM_BASE + 73))
+#define TPM_RESOURCEMISSING ((TPM_RESULT) (TPM_BASE + 74))
+#define TPM_DELEGATE_LOCK ((TPM_RESULT) (TPM_BASE + 75))
+#define TPM_DELEGATE_FAMILY ((TPM_RESULT) (TPM_BASE + 76))
+#define TPM_DELEGATE_ADMIN ((TPM_RESULT) (TPM_BASE + 77))
+#define TPM_TRANSPORT_NOTEXCLUSIVE ((TPM_RESULT) (TPM_BASE + 78))
+#define TPM_OWNER_CONTROL ((TPM_RESULT) (TPM_BASE + 79))
+#define TPM_DAA_RESOURCES ((TPM_RESULT) (TPM_BASE + 80))
+#define TPM_DAA_INPUT_DATA0 ((TPM_RESULT) (TPM_BASE + 81))
+#define TPM_DAA_INPUT_DATA1 ((TPM_RESULT) (TPM_BASE + 82))
+#define TPM_DAA_ISSUER_SETTINGS ((TPM_RESULT) (TPM_BASE + 83))
+#define TPM_DAA_TPM_SETTINGS ((TPM_RESULT) (TPM_BASE + 84))
+#define TPM_DAA_STAGE ((TPM_RESULT) (TPM_BASE + 85))
+#define TPM_DAA_ISSUER_VALIDITY ((TPM_RESULT) (TPM_BASE + 86))
+#define TPM_DAA_WRONG_W ((TPM_RESULT) (TPM_BASE + 87))
+#define TPM_BAD_HANDLE ((TPM_RESULT) (TPM_BASE + 88))
+#define TPM_BAD_DELEGATE ((TPM_RESULT) (TPM_BASE + 89))
+#define TPM_BADCONTEXT ((TPM_RESULT) (TPM_BASE + 90))
+#define TPM_TOOMANYCONTEXTS ((TPM_RESULT) (TPM_BASE + 91))
+#define TPM_MA_TICKET_SIGNATURE ((TPM_RESULT) (TPM_BASE + 92))
+#define TPM_MA_DESTINATION ((TPM_RESULT) (TPM_BASE + 93))
+#define TPM_MA_SOURCE ((TPM_RESULT) (TPM_BASE + 94))
+#define TPM_MA_AUTHORITY ((TPM_RESULT) (TPM_BASE + 95))
+#define TPM_PERMANENTEK ((TPM_RESULT) (TPM_BASE + 97))
+#define TPM_BAD_SIGNATURE ((TPM_RESULT) (TPM_BASE + 98))
+#define TPM_NOCONTEXTSPACE ((TPM_RESULT) (TPM_BASE + 99))
+
+#define TPM_RETRY ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL))
+#define TPM_NEEDS_SELFTEST ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 1))
+#define TPM_DOING_SELFTEST ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 2))
+#define TPM_DEFEND_LOCK_RUNNING ((TPM_RESULT) (TPM_BASE + TPM_NON_FATAL + 3))
+
+//
+// Part 2, section 17: Ordinals
+//
+// Ordinals are 32 bit values. The upper byte contains values that serve as
+// flag indicators, the next byte contains values indicating what committee
+// designated the ordinal, and the final two bytes contain the Command
+// Ordinal Index.
+// 3 2 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+// |P|C|V| Reserved| Purview | Command Ordinal Index |
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//
+// Where:
+//
+// * P is Protected/Unprotected command. When 0 the command is a Protected
+// command, when 1 the command is an Unprotected command.
+//
+// * C is Non-Connection/Connection related command. When 0 this command
+// passes through to either the protected (TPM) or unprotected (TSS)
+// components.
+//
+// * V is TPM/Vendor command. When 0 the command is TPM defined, when 1 the
+// command is vendor defined.
+//
+// * All reserved area bits are set to 0.
+//
+
+#define TPM_ORD_ActivateIdentity ((TPM_COMMAND_CODE) 0x0000007A)
+#define TPM_ORD_AuthorizeMigrationKey ((TPM_COMMAND_CODE) 0x0000002B)
+#define TPM_ORD_CertifyKey ((TPM_COMMAND_CODE) 0x00000032)
+#define TPM_ORD_CertifyKey2 ((TPM_COMMAND_CODE) 0x00000033)
+#define TPM_ORD_CertifySelfTest ((TPM_COMMAND_CODE) 0x00000052)
+#define TPM_ORD_ChangeAuth ((TPM_COMMAND_CODE) 0x0000000C)
+#define TPM_ORD_ChangeAuthAsymFinish ((TPM_COMMAND_CODE) 0x0000000F)
+#define TPM_ORD_ChangeAuthAsymStart ((TPM_COMMAND_CODE) 0x0000000E)
+#define TPM_ORD_ChangeAuthOwner ((TPM_COMMAND_CODE) 0x00000010)
+#define TPM_ORD_CMK_ApproveMA ((TPM_COMMAND_CODE) 0x0000001D)
+#define TPM_ORD_CMK_ConvertMigration ((TPM_COMMAND_CODE) 0x00000024)
+#define TPM_ORD_CMK_CreateBlob ((TPM_COMMAND_CODE) 0x0000001B)
+#define TPM_ORD_CMK_CreateKey ((TPM_COMMAND_CODE) 0x00000013)
+#define TPM_ORD_CMK_CreateTicket ((TPM_COMMAND_CODE) 0x00000012)
+#define TPM_ORD_CMK_SetRestrictions ((TPM_COMMAND_CODE) 0x0000001C)
+#define TPM_ORD_ContinueSelfTest ((TPM_COMMAND_CODE) 0x00000053)
+#define TPM_ORD_ConvertMigrationBlob ((TPM_COMMAND_CODE) 0x0000002A)
+#define TPM_ORD_CreateCounter ((TPM_COMMAND_CODE) 0x000000DC)
+#define TPM_ORD_CreateEndorsementKeyPair ((TPM_COMMAND_CODE) 0x00000078)
+#define TPM_ORD_CreateMaintenanceArchive ((TPM_COMMAND_CODE) 0x0000002C)
+#define TPM_ORD_CreateMigrationBlob ((TPM_COMMAND_CODE) 0x00000028)
+#define TPM_ORD_CreateRevocableEK ((TPM_COMMAND_CODE) 0x0000007F)
+#define TPM_ORD_CreateWrapKey ((TPM_COMMAND_CODE) 0x0000001F)
+#define TPM_ORD_DAA_JOIN ((TPM_COMMAND_CODE) 0x00000029)
+#define TPM_ORD_DAA_SIGN ((TPM_COMMAND_CODE) 0x00000031)
+#define TPM_ORD_Delegate_CreateKeyDelegation ((TPM_COMMAND_CODE) 0x000000D4)
+#define TPM_ORD_Delegate_CreateOwnerDelegation ((TPM_COMMAND_CODE) 0x000000D5)
+#define TPM_ORD_Delegate_LoadOwnerDelegation ((TPM_COMMAND_CODE) 0x000000D8)
+#define TPM_ORD_Delegate_Manage ((TPM_COMMAND_CODE) 0x000000D2)
+#define TPM_ORD_Delegate_ReadTable ((TPM_COMMAND_CODE) 0x000000DB)
+#define TPM_ORD_Delegate_UpdateVerification ((TPM_COMMAND_CODE) 0x000000D1)
+#define TPM_ORD_Delegate_VerifyDelegation ((TPM_COMMAND_CODE) 0x000000D6)
+#define TPM_ORD_DirRead ((TPM_COMMAND_CODE) 0x0000001A)
+#define TPM_ORD_DirWriteAuth ((TPM_COMMAND_CODE) 0x00000019)
+#define TPM_ORD_DisableForceClear ((TPM_COMMAND_CODE) 0x0000005E)
+#define TPM_ORD_DisableOwnerClear ((TPM_COMMAND_CODE) 0x0000005C)
+#define TPM_ORD_DisablePubekRead ((TPM_COMMAND_CODE) 0x0000007E)
+#define TPM_ORD_DSAP ((TPM_COMMAND_CODE) 0x00000011)
+#define TPM_ORD_EstablishTransport ((TPM_COMMAND_CODE) 0x000000E6)
+#define TPM_ORD_EvictKey ((TPM_COMMAND_CODE) 0x00000022)
+#define TPM_ORD_ExecuteTransport ((TPM_COMMAND_CODE) 0x000000E7)
+#define TPM_ORD_Extend ((TPM_COMMAND_CODE) 0x00000014)
+#define TPM_ORD_FieldUpgrade ((TPM_COMMAND_CODE) 0x000000AA)
+#define TPM_ORD_FlushSpecific ((TPM_COMMAND_CODE) 0x000000BA)
+#define TPM_ORD_ForceClear ((TPM_COMMAND_CODE) 0x0000005D)
+#define TPM_ORD_GetAuditDigest ((TPM_COMMAND_CODE) 0x00000085)
+#define TPM_ORD_GetAuditDigestSigned ((TPM_COMMAND_CODE) 0x00000086)
+#define TPM_ORD_GetAuditEvent ((TPM_COMMAND_CODE) 0x00000082)
+#define TPM_ORD_GetAuditEventSigned ((TPM_COMMAND_CODE) 0x00000083)
+#define TPM_ORD_GetCapability ((TPM_COMMAND_CODE) 0x00000065)
+#define TPM_ORD_GetCapabilityOwner ((TPM_COMMAND_CODE) 0x00000066)
+#define TPM_ORD_GetCapabilitySigned ((TPM_COMMAND_CODE) 0x00000064)
+#define TPM_ORD_GetOrdinalAuditStatus ((TPM_COMMAND_CODE) 0x0000008C)
+#define TPM_ORD_GetPubKey ((TPM_COMMAND_CODE) 0x00000021)
+#define TPM_ORD_GetRandom ((TPM_COMMAND_CODE) 0x00000046)
+#define TPM_ORD_GetTestResult ((TPM_COMMAND_CODE) 0x00000054)
+#define TPM_ORD_GetTicks ((TPM_COMMAND_CODE) 0x000000F1)
+#define TPM_ORD_IncrementCounter ((TPM_COMMAND_CODE) 0x000000DD)
+#define TPM_ORD_Init ((TPM_COMMAND_CODE) 0x00000097)
+#define TPM_ORD_KeyControlOwner ((TPM_COMMAND_CODE) 0x00000023)
+#define TPM_ORD_KillMaintenanceFeature ((TPM_COMMAND_CODE) 0x0000002E)
+#define TPM_ORD_LoadAuthContext ((TPM_COMMAND_CODE) 0x000000B7)
+#define TPM_ORD_LoadContext ((TPM_COMMAND_CODE) 0x000000B9)
+#define TPM_ORD_LoadKey ((TPM_COMMAND_CODE) 0x00000020)
+#define TPM_ORD_LoadKey2 ((TPM_COMMAND_CODE) 0x00000041)
+#define TPM_ORD_LoadKeyContext ((TPM_COMMAND_CODE) 0x000000B5)
+#define TPM_ORD_LoadMaintenanceArchive ((TPM_COMMAND_CODE) 0x0000002D)
+#define TPM_ORD_LoadManuMaintPub ((TPM_COMMAND_CODE) 0x0000002F)
+#define TPM_ORD_MakeIdentity ((TPM_COMMAND_CODE) 0x00000079)
+#define TPM_ORD_MigrateKey ((TPM_COMMAND_CODE) 0x00000025)
+#define TPM_ORD_NV_DefineSpace ((TPM_COMMAND_CODE) 0x000000CC)
+#define TPM_ORD_NV_ReadValue ((TPM_COMMAND_CODE) 0x000000CF)
+#define TPM_ORD_NV_ReadValueAuth ((TPM_COMMAND_CODE) 0x000000D0)
+#define TPM_ORD_NV_WriteValue ((TPM_COMMAND_CODE) 0x000000CD)
+#define TPM_ORD_NV_WriteValueAuth ((TPM_COMMAND_CODE) 0x000000CE)
+#define TPM_ORD_OIAP ((TPM_COMMAND_CODE) 0x0000000A)
+#define TPM_ORD_OSAP ((TPM_COMMAND_CODE) 0x0000000B)
+#define TPM_ORD_OwnerClear ((TPM_COMMAND_CODE) 0x0000005B)
+#define TPM_ORD_OwnerReadInternalPub ((TPM_COMMAND_CODE) 0x00000081)
+#define TPM_ORD_OwnerReadPubek ((TPM_COMMAND_CODE) 0x0000007D)
+#define TPM_ORD_OwnerSetDisable ((TPM_COMMAND_CODE) 0x0000006E)
+#define TPM_ORD_PCR_Reset ((TPM_COMMAND_CODE) 0x000000C8)
+#define TPM_ORD_PcrRead ((TPM_COMMAND_CODE) 0x00000015)
+#define TPM_ORD_PhysicalDisable ((TPM_COMMAND_CODE) 0x00000070)
+#define TPM_ORD_PhysicalEnable ((TPM_COMMAND_CODE) 0x0000006F)
+#define TPM_ORD_PhysicalSetDeactivated ((TPM_COMMAND_CODE) 0x00000072)
+#define TPM_ORD_Quote ((TPM_COMMAND_CODE) 0x00000016)
+#define TPM_ORD_Quote2 ((TPM_COMMAND_CODE) 0x0000003E)
+#define TPM_ORD_ReadCounter ((TPM_COMMAND_CODE) 0x000000DE)
+#define TPM_ORD_ReadManuMaintPub ((TPM_COMMAND_CODE) 0x00000030)
+#define TPM_ORD_ReadPubek ((TPM_COMMAND_CODE) 0x0000007C)
+#define TPM_ORD_ReleaseCounter ((TPM_COMMAND_CODE) 0x000000DF)
+#define TPM_ORD_ReleaseCounterOwner ((TPM_COMMAND_CODE) 0x000000E0)
+#define TPM_ORD_ReleaseTransportSigned ((TPM_COMMAND_CODE) 0x000000E8)
+#define TPM_ORD_Reset ((TPM_COMMAND_CODE) 0x0000005A)
+#define TPM_ORD_ResetLockValue ((TPM_COMMAND_CODE) 0x00000040)
+#define TPM_ORD_RevokeTrust ((TPM_COMMAND_CODE) 0x00000080)
+#define TPM_ORD_SaveAuthContext ((TPM_COMMAND_CODE) 0x000000B6)
+#define TPM_ORD_SaveContext ((TPM_COMMAND_CODE) 0x000000B8)
+#define TPM_ORD_SaveKeyContext ((TPM_COMMAND_CODE) 0x000000B4)
+#define TPM_ORD_SaveState ((TPM_COMMAND_CODE) 0x00000098)
+#define TPM_ORD_Seal ((TPM_COMMAND_CODE) 0x00000017)
+#define TPM_ORD_Sealx ((TPM_COMMAND_CODE) 0x0000003D)
+#define TPM_ORD_SelfTestFull ((TPM_COMMAND_CODE) 0x00000050)
+#define TPM_ORD_SetCapability ((TPM_COMMAND_CODE) 0x0000003F)
+#define TPM_ORD_SetOperatorAuth ((TPM_COMMAND_CODE) 0x00000074)
+#define TPM_ORD_SetOrdinalAuditStatus ((TPM_COMMAND_CODE) 0x0000008D)
+#define TPM_ORD_SetOwnerInstall ((TPM_COMMAND_CODE) 0x00000071)
+#define TPM_ORD_SetOwnerPointer ((TPM_COMMAND_CODE) 0x00000075)
+#define TPM_ORD_SetRedirection ((TPM_COMMAND_CODE) 0x0000009A)
+#define TPM_ORD_SetTempDeactivated ((TPM_COMMAND_CODE) 0x00000073)
+#define TPM_ORD_SHA1Complete ((TPM_COMMAND_CODE) 0x000000A2)
+#define TPM_ORD_SHA1CompleteExtend ((TPM_COMMAND_CODE) 0x000000A3)
+#define TPM_ORD_SHA1Start ((TPM_COMMAND_CODE) 0x000000A0)
+#define TPM_ORD_SHA1Update ((TPM_COMMAND_CODE) 0x000000A1)
+#define TPM_ORD_Sign ((TPM_COMMAND_CODE) 0x0000003C)
+#define TPM_ORD_Startup ((TPM_COMMAND_CODE) 0x00000099)
+#define TPM_ORD_StirRandom ((TPM_COMMAND_CODE) 0x00000047)
+#define TPM_ORD_TakeOwnership ((TPM_COMMAND_CODE) 0x0000000D)
+#define TPM_ORD_Terminate_Handle ((TPM_COMMAND_CODE) 0x00000096)
+#define TPM_ORD_TickStampBlob ((TPM_COMMAND_CODE) 0x000000F2)
+#define TPM_ORD_UnBind ((TPM_COMMAND_CODE) 0x0000001E)
+#define TPM_ORD_Unseal ((TPM_COMMAND_CODE) 0x00000018)
+#define TSC_ORD_PhysicalPresence ((TPM_COMMAND_CODE) 0x4000000A)
+#define TSC_ORD_ResetEstablishmentBit ((TPM_COMMAND_CODE) 0x4000000B)
+
+//
+// Part 2, section 18: Context structures
+//
+
+///
+/// Part 2, section 18.1: TPM_CONTEXT_BLOB
+///
+typedef struct tdTPM_CONTEXT_BLOB {
+ TPM_STRUCTURE_TAG tag;
+ TPM_RESOURCE_TYPE resourceType;
+ TPM_HANDLE handle;
+ UINT8 label[16];
+ UINT32 contextCount;
+ TPM_DIGEST integrityDigest;
+ UINT32 additionalSize;
+ UINT8 *additionalData;
+ UINT32 sensitiveSize;
+ UINT8 *sensitiveData;
+} TPM_CONTEXT_BLOB;
+
+///
+/// Part 2, section 18.2 TPM_CONTEXT_SENSITIVE
+///
+typedef struct tdTPM_CONTEXT_SENSITIVE {
+ TPM_STRUCTURE_TAG tag;
+ TPM_NONCE contextNonce;
+ UINT32 internalSize;
+ UINT8 *internalData;
+} TPM_CONTEXT_SENSITIVE;
+
+//
+// Part 2, section 19: NV Structures
+//
+
+//
+// Part 2, section 19.1.1: Required TPM_NV_INDEX values
+//
+#define TPM_NV_INDEX_LOCK ((UINT32)0xffffffff)
+#define TPM_NV_INDEX0 ((UINT32)0x00000000)
+#define TPM_NV_INDEX_DIR ((UINT32)0x10000001)
+#define TPM_NV_INDEX_EKCert ((UINT32)0x0000f000)
+#define TPM_NV_INDEX_TPM_CC ((UINT32)0x0000f001)
+#define TPM_NV_INDEX_PlatformCert ((UINT32)0x0000f002)
+#define TPM_NV_INDEX_Platform_CC ((UINT32)0x0000f003)
+//
+// Part 2, section 19.1.2: Reserved Index values
+//
+#define TPM_NV_INDEX_TSS_BASE ((UINT32)0x00011100)
+#define TPM_NV_INDEX_PC_BASE ((UINT32)0x00011200)
+#define TPM_NV_INDEX_SERVER_BASE ((UINT32)0x00011300)
+#define TPM_NV_INDEX_MOBILE_BASE ((UINT32)0x00011400)
+#define TPM_NV_INDEX_PERIPHERAL_BASE ((UINT32)0x00011500)
+#define TPM_NV_INDEX_GROUP_RESV_BASE ((UINT32)0x00010000)
+
+///
+/// Part 2, section 19.2: TPM_NV_ATTRIBUTES
+///
+typedef struct tdTPM_NV_ATTRIBUTES {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 attributes;
+} TPM_NV_ATTRIBUTES;
+
+#define TPM_NV_PER_READ_STCLEAR (BIT31)
+#define TPM_NV_PER_AUTHREAD (BIT18)
+#define TPM_NV_PER_OWNERREAD (BIT17)
+#define TPM_NV_PER_PPREAD (BIT16)
+#define TPM_NV_PER_GLOBALLOCK (BIT15)
+#define TPM_NV_PER_WRITE_STCLEAR (BIT14)
+#define TPM_NV_PER_WRITEDEFINE (BIT13)
+#define TPM_NV_PER_WRITEALL (BIT12)
+#define TPM_NV_PER_AUTHWRITE (BIT2)
+#define TPM_NV_PER_OWNERWRITE (BIT1)
+#define TPM_NV_PER_PPWRITE (BIT0)
+
+///
+/// Part 2, section 19.3: TPM_NV_DATA_PUBLIC
+///
+typedef struct tdTPM_NV_DATA_PUBLIC {
+ TPM_STRUCTURE_TAG tag;
+ TPM_NV_INDEX nvIndex;
+ TPM_PCR_INFO_SHORT pcrInfoRead;
+ TPM_PCR_INFO_SHORT pcrInfoWrite;
+ TPM_NV_ATTRIBUTES permission;
+ BOOLEAN bReadSTClear;
+ BOOLEAN bWriteSTClear;
+ BOOLEAN bWriteDefine;
+ UINT32 dataSize;
+} TPM_NV_DATA_PUBLIC;
+
+//
+// Part 2, section 20: Delegate Structures
+//
+
+#define TPM_DEL_OWNER_BITS ((UINT32)0x00000001)
+#define TPM_DEL_KEY_BITS ((UINT32)0x00000002)
+///
+/// Part 2, section 20.2: Delegate Definitions
+///
+typedef struct tdTPM_DELEGATIONS {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 delegateType;
+ UINT32 per1;
+ UINT32 per2;
+} TPM_DELEGATIONS;
+
+//
+// Part 2, section 20.2.1: Owner Permission Settings
+//
+#define TPM_DELEGATE_SetOrdinalAuditStatus (BIT30)
+#define TPM_DELEGATE_DirWriteAuth (BIT29)
+#define TPM_DELEGATE_CMK_ApproveMA (BIT28)
+#define TPM_DELEGATE_NV_WriteValue (BIT27)
+#define TPM_DELEGATE_CMK_CreateTicket (BIT26)
+#define TPM_DELEGATE_NV_ReadValue (BIT25)
+#define TPM_DELEGATE_Delegate_LoadOwnerDelegation (BIT24)
+#define TPM_DELEGATE_DAA_Join (BIT23)
+#define TPM_DELEGATE_AuthorizeMigrationKey (BIT22)
+#define TPM_DELEGATE_CreateMaintenanceArchive (BIT21)
+#define TPM_DELEGATE_LoadMaintenanceArchive (BIT20)
+#define TPM_DELEGATE_KillMaintenanceFeature (BIT19)
+#define TPM_DELEGATE_OwnerReadInteralPub (BIT18)
+#define TPM_DELEGATE_ResetLockValue (BIT17)
+#define TPM_DELEGATE_OwnerClear (BIT16)
+#define TPM_DELEGATE_DisableOwnerClear (BIT15)
+#define TPM_DELEGATE_NV_DefineSpace (BIT14)
+#define TPM_DELEGATE_OwnerSetDisable (BIT13)
+#define TPM_DELEGATE_SetCapability (BIT12)
+#define TPM_DELEGATE_MakeIdentity (BIT11)
+#define TPM_DELEGATE_ActivateIdentity (BIT10)
+#define TPM_DELEGATE_OwnerReadPubek (BIT9)
+#define TPM_DELEGATE_DisablePubekRead (BIT8)
+#define TPM_DELEGATE_SetRedirection (BIT7)
+#define TPM_DELEGATE_FieldUpgrade (BIT6)
+#define TPM_DELEGATE_Delegate_UpdateVerification (BIT5)
+#define TPM_DELEGATE_CreateCounter (BIT4)
+#define TPM_DELEGATE_ReleaseCounterOwner (BIT3)
+#define TPM_DELEGATE_DelegateManage (BIT2)
+#define TPM_DELEGATE_Delegate_CreateOwnerDelegation (BIT1)
+#define TPM_DELEGATE_DAA_Sign (BIT0)
+
+//
+// Part 2, section 20.2.3: Key Permission settings
+//
+#define TPM_KEY_DELEGATE_CMK_ConvertMigration (BIT28)
+#define TPM_KEY_DELEGATE_TickStampBlob (BIT27)
+#define TPM_KEY_DELEGATE_ChangeAuthAsymStart (BIT26)
+#define TPM_KEY_DELEGATE_ChangeAuthAsymFinish (BIT25)
+#define TPM_KEY_DELEGATE_CMK_CreateKey (BIT24)
+#define TPM_KEY_DELEGATE_MigrateKey (BIT23)
+#define TPM_KEY_DELEGATE_LoadKey2 (BIT22)
+#define TPM_KEY_DELEGATE_EstablishTransport (BIT21)
+#define TPM_KEY_DELEGATE_ReleaseTransportSigned (BIT20)
+#define TPM_KEY_DELEGATE_Quote2 (BIT19)
+#define TPM_KEY_DELEGATE_Sealx (BIT18)
+#define TPM_KEY_DELEGATE_MakeIdentity (BIT17)
+#define TPM_KEY_DELEGATE_ActivateIdentity (BIT16)
+#define TPM_KEY_DELEGATE_GetAuditDigestSigned (BIT15)
+#define TPM_KEY_DELEGATE_Sign (BIT14)
+#define TPM_KEY_DELEGATE_CertifyKey2 (BIT13)
+#define TPM_KEY_DELEGATE_CertifyKey (BIT12)
+#define TPM_KEY_DELEGATE_CreateWrapKey (BIT11)
+#define TPM_KEY_DELEGATE_CMK_CreateBlob (BIT10)
+#define TPM_KEY_DELEGATE_CreateMigrationBlob (BIT9)
+#define TPM_KEY_DELEGATE_ConvertMigrationBlob (BIT8)
+#define TPM_KEY_DELEGATE_CreateKeyDelegation (BIT7)
+#define TPM_KEY_DELEGATE_ChangeAuth (BIT6)
+#define TPM_KEY_DELEGATE_GetPubKey (BIT5)
+#define TPM_KEY_DELEGATE_UnBind (BIT4)
+#define TPM_KEY_DELEGATE_Quote (BIT3)
+#define TPM_KEY_DELEGATE_Unseal (BIT2)
+#define TPM_KEY_DELEGATE_Seal (BIT1)
+#define TPM_KEY_DELEGATE_LoadKey (BIT0)
+
+//
+// Part 2, section 20.3: TPM_FAMILY_FLAGS
+//
+#define TPM_DELEGATE_ADMIN_LOCK (BIT1)
+#define TPM_FAMFLAG_ENABLE (BIT0)
+
+///
+/// Part 2, section 20.4: TPM_FAMILY_LABEL
+///
+typedef struct tdTPM_FAMILY_LABEL {
+ UINT8 label;
+} TPM_FAMILY_LABEL;
+
+///
+/// Part 2, section 20.5: TPM_FAMILY_TABLE_ENTRY
+///
+typedef struct tdTPM_FAMILY_TABLE_ENTRY {
+ TPM_STRUCTURE_TAG tag;
+ TPM_FAMILY_LABEL label;
+ TPM_FAMILY_ID familyID;
+ TPM_FAMILY_VERIFICATION verificationCount;
+ TPM_FAMILY_FLAGS flags;
+} TPM_FAMILY_TABLE_ENTRY;
+
+//
+// Part 2, section 20.6: TPM_FAMILY_TABLE
+//
+#define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 8
+
+typedef struct tdTPM_FAMILY_TABLE{
+ TPM_FAMILY_TABLE_ENTRY famTableRow[TPM_NUM_FAMILY_TABLE_ENTRY_MIN];
+} TPM_FAMILY_TABLE;
+
+///
+/// Part 2, section 20.7: TPM_DELEGATE_LABEL
+///
+typedef struct tdTPM_DELEGATE_LABEL {
+ UINT8 label;
+} TPM_DELEGATE_LABEL;
+
+///
+/// Part 2, section 20.8: TPM_DELEGATE_PUBLIC
+///
+typedef struct tdTPM_DELEGATE_PUBLIC {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DELEGATE_LABEL label;
+ TPM_PCR_INFO_SHORT pcrInfo;
+ TPM_DELEGATIONS permissions;
+ TPM_FAMILY_ID familyID;
+ TPM_FAMILY_VERIFICATION verificationCount;
+} TPM_DELEGATE_PUBLIC;
+
+///
+/// Part 2, section 20.9: TPM_DELEGATE_TABLE_ROW
+///
+typedef struct tdTPM_DELEGATE_TABLE_ROW {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DELEGATE_PUBLIC pub;
+ TPM_SECRET authValue;
+} TPM_DELEGATE_TABLE_ROW;
+
+//
+// Part 2, section 20.10: TPM_DELEGATE_TABLE
+//
+#define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 2
+
+typedef struct tdTPM_DELEGATE_TABLE{
+ TPM_DELEGATE_TABLE_ROW delRow[TPM_NUM_DELEGATE_TABLE_ENTRY_MIN];
+} TPM_DELEGATE_TABLE;
+
+///
+/// Part 2, section 20.11: TPM_DELEGATE_SENSITIVE
+///
+typedef struct tdTPM_DELEGATE_SENSITIVE {
+ TPM_STRUCTURE_TAG tag;
+ TPM_SECRET authValue;
+} TPM_DELEGATE_SENSITIVE;
+
+///
+/// Part 2, section 20.12: TPM_DELEGATE_OWNER_BLOB
+///
+typedef struct tdTPM_DELEGATE_OWNER_BLOB {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DELEGATE_PUBLIC pub;
+ TPM_DIGEST integrityDigest;
+ UINT32 additionalSize;
+ UINT8 *additionalArea;
+ UINT32 sensitiveSize;
+ UINT8 *sensitiveArea;
+} TPM_DELEGATE_OWNER_BLOB;
+
+///
+/// Part 2, section 20.13: TTPM_DELEGATE_KEY_BLOB
+///
+typedef struct tdTPM_DELEGATE_KEY_BLOB {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DELEGATE_PUBLIC pub;
+ TPM_DIGEST integrityDigest;
+ TPM_DIGEST pubKeyDigest;
+ UINT32 additionalSize;
+ UINT8 *additionalArea;
+ UINT32 sensitiveSize;
+ UINT8 *sensitiveArea;
+} TPM_DELEGATE_KEY_BLOB;
+
+//
+// Part 2, section 20.14: TPM_FAMILY_OPERATION Values
+//
+#define TPM_FAMILY_CREATE ((UINT32)0x00000001)
+#define TPM_FAMILY_ENABLE ((UINT32)0x00000002)
+#define TPM_FAMILY_ADMIN ((UINT32)0x00000003)
+#define TPM_FAMILY_INVALIDATE ((UINT32)0x00000004)
+
+//
+// Part 2, section 21.1: TPM_CAPABILITY_AREA for GetCapability
+//
+#define TPM_CAP_ORD ((TPM_CAPABILITY_AREA) 0x00000001)
+#define TPM_CAP_ALG ((TPM_CAPABILITY_AREA) 0x00000002)
+#define TPM_CAP_PID ((TPM_CAPABILITY_AREA) 0x00000003)
+#define TPM_CAP_FLAG ((TPM_CAPABILITY_AREA) 0x00000004)
+#define TPM_CAP_PROPERTY ((TPM_CAPABILITY_AREA) 0x00000005)
+#define TPM_CAP_VERSION ((TPM_CAPABILITY_AREA) 0x00000006)
+#define TPM_CAP_KEY_HANDLE ((TPM_CAPABILITY_AREA) 0x00000007)
+#define TPM_CAP_CHECK_LOADED ((TPM_CAPABILITY_AREA) 0x00000008)
+#define TPM_CAP_SYM_MODE ((TPM_CAPABILITY_AREA) 0x00000009)
+#define TPM_CAP_KEY_STATUS ((TPM_CAPABILITY_AREA) 0x0000000C)
+#define TPM_CAP_NV_LIST ((TPM_CAPABILITY_AREA) 0x0000000D)
+#define TPM_CAP_MFR ((TPM_CAPABILITY_AREA) 0x00000010)
+#define TPM_CAP_NV_INDEX ((TPM_CAPABILITY_AREA) 0x00000011)
+#define TPM_CAP_TRANS_ALG ((TPM_CAPABILITY_AREA) 0x00000012)
+#define TPM_CAP_HANDLE ((TPM_CAPABILITY_AREA) 0x00000014)
+#define TPM_CAP_TRANS_ES ((TPM_CAPABILITY_AREA) 0x00000015)
+#define TPM_CAP_AUTH_ENCRYPT ((TPM_CAPABILITY_AREA) 0x00000017)
+#define TPM_CAP_SELECT_SIZE ((TPM_CAPABILITY_AREA) 0x00000018)
+#define TPM_CAP_VERSION_VAL ((TPM_CAPABILITY_AREA) 0x0000001A)
+
+#define TPM_CAP_FLAG_PERMANENT ((TPM_CAPABILITY_AREA) 0x00000108)
+#define TPM_CAP_FLAG_VOLATILE ((TPM_CAPABILITY_AREA) 0x00000109)
+
+//
+// Part 2, section 21.2: CAP_PROPERTY Subcap values for GetCapability
+//
+#define TPM_CAP_PROP_PCR ((TPM_CAPABILITY_AREA) 0x00000101)
+#define TPM_CAP_PROP_DIR ((TPM_CAPABILITY_AREA) 0x00000102)
+#define TPM_CAP_PROP_MANUFACTURER ((TPM_CAPABILITY_AREA) 0x00000103)
+#define TPM_CAP_PROP_KEYS ((TPM_CAPABILITY_AREA) 0x00000104)
+#define TPM_CAP_PROP_MIN_COUNTER ((TPM_CAPABILITY_AREA) 0x00000107)
+#define TPM_CAP_PROP_AUTHSESS ((TPM_CAPABILITY_AREA) 0x0000010A)
+#define TPM_CAP_PROP_TRANSESS ((TPM_CAPABILITY_AREA) 0x0000010B)
+#define TPM_CAP_PROP_COUNTERS ((TPM_CAPABILITY_AREA) 0x0000010C)
+#define TPM_CAP_PROP_MAX_AUTHSESS ((TPM_CAPABILITY_AREA) 0x0000010D)
+#define TPM_CAP_PROP_MAX_TRANSESS ((TPM_CAPABILITY_AREA) 0x0000010E)
+#define TPM_CAP_PROP_MAX_COUNTERS ((TPM_CAPABILITY_AREA) 0x0000010F)
+#define TPM_CAP_PROP_MAX_KEYS ((TPM_CAPABILITY_AREA) 0x00000110)
+#define TPM_CAP_PROP_OWNER ((TPM_CAPABILITY_AREA) 0x00000111)
+#define TPM_CAP_PROP_CONTEXT ((TPM_CAPABILITY_AREA) 0x00000112)
+#define TPM_CAP_PROP_MAX_CONTEXT ((TPM_CAPABILITY_AREA) 0x00000113)
+#define TPM_CAP_PROP_FAMILYROWS ((TPM_CAPABILITY_AREA) 0x00000114)
+#define TPM_CAP_PROP_TIS_TIMEOUT ((TPM_CAPABILITY_AREA) 0x00000115)
+#define TPM_CAP_PROP_STARTUP_EFFECT ((TPM_CAPABILITY_AREA) 0x00000116)
+#define TPM_CAP_PROP_DELEGATE_ROW ((TPM_CAPABILITY_AREA) 0x00000117)
+#define TPM_CAP_PROP_DAA_MAX ((TPM_CAPABILITY_AREA) 0x00000119)
+#define CAP_PROP_SESSION_DAA ((TPM_CAPABILITY_AREA) 0x0000011A)
+#define TPM_CAP_PROP_CONTEXT_DIST ((TPM_CAPABILITY_AREA) 0x0000011B)
+#define TPM_CAP_PROP_DAA_INTERRUPT ((TPM_CAPABILITY_AREA) 0x0000011C)
+#define TPM_CAP_PROP_SESSIONS ((TPM_CAPABILITY_AREA) 0x0000011D)
+#define TPM_CAP_PROP_MAX_SESSIONS ((TPM_CAPABILITY_AREA) 0x0000011E)
+#define TPM_CAP_PROP_CMK_RESTRICTION ((TPM_CAPABILITY_AREA) 0x0000011F)
+#define TPM_CAP_PROP_DURATION ((TPM_CAPABILITY_AREA) 0x00000120)
+#define TPM_CAP_PROP_ACTIVE_COUNTER ((TPM_CAPABILITY_AREA) 0x00000122)
+#define TPM_CAP_PROP_MAX_NV_AVAILABLE ((TPM_CAPABILITY_AREA) 0x00000123)
+#define TPM_CAP_PROP_INPUT_BUFFER ((TPM_CAPABILITY_AREA) 0x00000124)
+
+//
+// Part 2, section 21.4: TPM_CAPABILITY_AREA for SetCapability
+//
+#define TPM_SET_PERM_FLAGS ((TPM_CAPABILITY_AREA) 0x00000001)
+#define TPM_SET_PERM_DATA ((TPM_CAPABILITY_AREA) 0x00000002)
+#define TPM_SET_STCLEAR_FLAGS ((TPM_CAPABILITY_AREA) 0x00000003)
+#define TPM_SET_STCLEAR_DATA ((TPM_CAPABILITY_AREA) 0x00000004)
+#define TPM_SET_STANY_FLAGS ((TPM_CAPABILITY_AREA) 0x00000005)
+#define TPM_SET_STANY_DATA ((TPM_CAPABILITY_AREA) 0x00000006)
+
+///
+/// Part 2, section 21.6: TPM_CAP_VERSION_INFO
+/// [size_is(vendorSpecificSize)] BYTE* vendorSpecific;
+///
+typedef struct tdTPM_CAP_VERSION_INFO {
+ TPM_STRUCTURE_TAG tag;
+ TPM_VERSION version;
+ UINT16 specLevel;
+ UINT8 errataRev;
+ UINT8 tpmVendorID[4];
+ UINT16 vendorSpecificSize;
+ UINT8 *vendorSpecific;
+} TPM_CAP_VERSION_INFO;
+
+///
+/// Part 2, section 21.10: TPM_DA_ACTION_TYPE
+///
+typedef struct tdTPM_DA_ACTION_TYPE {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 actions;
+} TPM_DA_ACTION_TYPE;
+
+#define TPM_DA_ACTION_FAILURE_MODE (((UINT32)1)<<3)
+#define TPM_DA_ACTION_DEACTIVATE (((UINT32)1)<<2)
+#define TPM_DA_ACTION_DISABLE (((UINT32)1)<<1)
+#define TPM_DA_ACTION_TIMEOUT (((UINT32)1)<<0)
+
+///
+/// Part 2, section 21.7: TPM_DA_INFO
+///
+typedef struct tdTPM_DA_INFO {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DA_STATE state;
+ UINT16 currentCount;
+ UINT16 thresholdCount;
+ TPM_DA_ACTION_TYPE actionAtThreshold;
+ UINT32 actionDependValue;
+ UINT32 vendorDataSize;
+ UINT8 *vendorData;
+} TPM_DA_INFO;
+
+///
+/// Part 2, section 21.8: TPM_DA_INFO_LIMITED
+///
+typedef struct tdTPM_DA_INFO_LIMITED {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DA_STATE state;
+ TPM_DA_ACTION_TYPE actionAtThreshold;
+ UINT32 vendorDataSize;
+ UINT8 *vendorData;
+} TPM_DA_INFO_LIMITED;
+
+//
+// Part 2, section 21.9: CAP_PROPERTY Subcap values for GetCapability
+//
+#define TPM_DA_STATE_INACTIVE ((UINT8)0x00)
+#define TPM_DA_STATE_ACTIVE ((UINT8)0x01)
+
+//
+// Part 2, section 22: DAA Structures
+//
+
+//
+// Part 2, section 22.1: Size definitions
+//
+#define TPM_DAA_SIZE_r0 (43)
+#define TPM_DAA_SIZE_r1 (43)
+#define TPM_DAA_SIZE_r2 (128)
+#define TPM_DAA_SIZE_r3 (168)
+#define TPM_DAA_SIZE_r4 (219)
+#define TPM_DAA_SIZE_NT (20)
+#define TPM_DAA_SIZE_v0 (128)
+#define TPM_DAA_SIZE_v1 (192)
+#define TPM_DAA_SIZE_NE (256)
+#define TPM_DAA_SIZE_w (256)
+#define TPM_DAA_SIZE_issuerModulus (256)
+//
+// Part 2, section 22.2: Constant definitions
+//
+#define TPM_DAA_power0 (104)
+#define TPM_DAA_power1 (1024)
+
+///
+/// Part 2, section 22.3: TPM_DAA_ISSUER
+///
+typedef struct tdTPM_DAA_ISSUER {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST DAA_digest_R0;
+ TPM_DIGEST DAA_digest_R1;
+ TPM_DIGEST DAA_digest_S0;
+ TPM_DIGEST DAA_digest_S1;
+ TPM_DIGEST DAA_digest_n;
+ TPM_DIGEST DAA_digest_gamma;
+ UINT8 DAA_generic_q[26];
+} TPM_DAA_ISSUER;
+
+///
+/// Part 2, section 22.4: TPM_DAA_TPM
+///
+typedef struct tdTPM_DAA_TPM {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST DAA_digestIssuer;
+ TPM_DIGEST DAA_digest_v0;
+ TPM_DIGEST DAA_digest_v1;
+ TPM_DIGEST DAA_rekey;
+ UINT32 DAA_count;
+} TPM_DAA_TPM;
+
+///
+/// Part 2, section 22.5: TPM_DAA_CONTEXT
+///
+typedef struct tdTPM_DAA_CONTEXT {
+ TPM_STRUCTURE_TAG tag;
+ TPM_DIGEST DAA_digestContext;
+ TPM_DIGEST DAA_digest;
+ TPM_DAA_CONTEXT_SEED DAA_contextSeed;
+ UINT8 DAA_scratch[256];
+ UINT8 DAA_stage;
+} TPM_DAA_CONTEXT;
+
+///
+/// Part 2, section 22.6: TPM_DAA_JOINDATA
+///
+typedef struct tdTPM_DAA_JOINDATA {
+ UINT8 DAA_join_u0[128];
+ UINT8 DAA_join_u1[138];
+ TPM_DIGEST DAA_digest_n0;
+} TPM_DAA_JOINDATA;
+
+///
+/// Part 2, section 22.8: TPM_DAA_BLOB
+///
+typedef struct tdTPM_DAA_BLOB {
+ TPM_STRUCTURE_TAG tag;
+ TPM_RESOURCE_TYPE resourceType;
+ UINT8 label[16];
+ TPM_DIGEST blobIntegrity;
+ UINT32 additionalSize;
+ UINT8 *additionalData;
+ UINT32 sensitiveSize;
+ UINT8 *sensitiveData;
+} TPM_DAA_BLOB;
+
+///
+/// Part 2, section 22.9: TPM_DAA_SENSITIVE
+///
+typedef struct tdTPM_DAA_SENSITIVE {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 internalSize;
+ UINT8 *internalData;
+} TPM_DAA_SENSITIVE;
+
+
+//
+// Part 2, section 23: Redirection
+//
+
+///
+/// Part 2 section 23.1: TPM_REDIR_COMMAND
+/// This section defines exactly one value but does not
+/// give it a name. The definition of TPM_SetRedirection in Part3
+/// refers to exactly one name but does not give its value. We join
+/// them here.
+///
+#define TPM_REDIR_GPIO (0x00000001)
+
+///
+/// TPM Command Headers defined in Part 3
+///
+typedef struct tdTPM_RQU_COMMAND_HDR {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 paramSize;
+ TPM_COMMAND_CODE ordinal;
+} TPM_RQU_COMMAND_HDR;
+
+///
+/// TPM Response Headers defined in Part 3
+///
+typedef struct tdTPM_RSP_COMMAND_HDR {
+ TPM_STRUCTURE_TAG tag;
+ UINT32 paramSize;
+ TPM_RESULT returnCode;
+} TPM_RSP_COMMAND_HDR;
+
+#pragma pack ()
+
+#endif
diff --git a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h
new file mode 100644
index 00000000..8bb7ea38
--- /dev/null
+++ b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h
@@ -0,0 +1,172 @@
+/** @file
+ TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final
+
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __UEFI_TCG_PLATFORM_H__
+#define __UEFI_TCG_PLATFORM_H__
+
+FILE_LICENCE ( BSD3 );
+
+#include
+#include
+
+//
+// Standard event types
+//
+#define EV_POST_CODE ((TCG_EVENTTYPE) 0x00000001)
+#define EV_SEPARATOR ((TCG_EVENTTYPE) 0x00000004)
+#define EV_S_CRTM_CONTENTS ((TCG_EVENTTYPE) 0x00000007)
+#define EV_S_CRTM_VERSION ((TCG_EVENTTYPE) 0x00000008)
+#define EV_CPU_MICROCODE ((TCG_EVENTTYPE) 0x00000009)
+#define EV_TABLE_OF_DEVICES ((TCG_EVENTTYPE) 0x0000000B)
+
+//
+// EFI specific event types
+//
+#define EV_EFI_EVENT_BASE ((TCG_EVENTTYPE) 0x80000000)
+#define EV_EFI_VARIABLE_DRIVER_CONFIG (EV_EFI_EVENT_BASE + 1)
+#define EV_EFI_VARIABLE_BOOT (EV_EFI_EVENT_BASE + 2)
+#define EV_EFI_BOOT_SERVICES_APPLICATION (EV_EFI_EVENT_BASE + 3)
+#define EV_EFI_BOOT_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 4)
+#define EV_EFI_RUNTIME_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 5)
+#define EV_EFI_GPT_EVENT (EV_EFI_EVENT_BASE + 6)
+#define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7)
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8)
+#define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9)
+
+#define EFI_CALLING_EFI_APPLICATION \
+ "Calling EFI Application from Boot Option"
+#define EFI_RETURNING_FROM_EFI_APPLICATOIN \
+ "Returning from EFI Application from Boot Option"
+#define EFI_EXIT_BOOT_SERVICES_INVOCATION \
+ "Exit Boot Services Invocation"
+#define EFI_EXIT_BOOT_SERVICES_FAILED \
+ "Exit Boot Services Returned with Failure"
+#define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \
+ "Exit Boot Services Returned with Success"
+
+
+#define EV_POSTCODE_INFO_POST_CODE "POST CODE"
+#define POST_CODE_STR_LEN (sizeof(EV_POSTCODE_INFO_POST_CODE) - 1)
+
+#define EV_POSTCODE_INFO_SMM_CODE "SMM CODE"
+#define SMM_CODE_STR_LEN (sizeof(EV_POSTCODE_INFO_SMM_CODE) - 1)
+
+#define EV_POSTCODE_INFO_ACPI_DATA "ACPI DATA"
+#define ACPI_DATA_LEN (sizeof(EV_POSTCODE_INFO_ACPI_DATA) - 1)
+
+#define EV_POSTCODE_INFO_BIS_CODE "BIS CODE"
+#define BIS_CODE_LEN (sizeof(EV_POSTCODE_INFO_BIS_CODE) - 1)
+
+#define EV_POSTCODE_INFO_UEFI_PI "UEFI PI"
+#define UEFI_PI_LEN (sizeof(EV_POSTCODE_INFO_UEFI_PI) - 1)
+
+#define EV_POSTCODE_INFO_OPROM "Embedded Option ROM"
+#define OPROM_LEN (sizeof(EV_POSTCODE_INFO_OPROM) - 1)
+
+//
+// Set structure alignment to 1-byte
+//
+#pragma pack (1)
+
+typedef UINT32 TCG_EVENTTYPE;
+typedef TPM_PCRINDEX TCG_PCRINDEX;
+typedef TPM_DIGEST TCG_DIGEST;
+///
+/// Event Log Entry Structure Definition
+///
+typedef struct tdTCG_PCR_EVENT {
+ TCG_PCRINDEX PCRIndex; ///< PCRIndex event extended to
+ TCG_EVENTTYPE EventType; ///< TCG EFI event type
+ TCG_DIGEST Digest; ///< Value extended into PCRIndex
+ UINT32 EventSize; ///< Size of the event data
+ UINT8 Event[1]; ///< The event data
+} TCG_PCR_EVENT;
+
+#define TSS_EVENT_DATA_MAX_SIZE 256
+
+///
+/// TCG_PCR_EVENT_HDR
+///
+typedef struct tdTCG_PCR_EVENT_HDR {
+ TCG_PCRINDEX PCRIndex;
+ TCG_EVENTTYPE EventType;
+ TCG_DIGEST Digest;
+ UINT32 EventSize;
+} TCG_PCR_EVENT_HDR;
+
+///
+/// EFI_PLATFORM_FIRMWARE_BLOB
+///
+/// BlobLength should be of type UINTN but we use UINT64 here
+/// because PEI is 32-bit while DXE is 64-bit on x64 platforms
+///
+typedef struct tdEFI_PLATFORM_FIRMWARE_BLOB {
+ EFI_PHYSICAL_ADDRESS BlobBase;
+ UINT64 BlobLength;
+} EFI_PLATFORM_FIRMWARE_BLOB;
+
+///
+/// EFI_IMAGE_LOAD_EVENT
+///
+/// This structure is used in EV_EFI_BOOT_SERVICES_APPLICATION,
+/// EV_EFI_BOOT_SERVICES_DRIVER and EV_EFI_RUNTIME_SERVICES_DRIVER
+///
+typedef struct tdEFI_IMAGE_LOAD_EVENT {
+ EFI_PHYSICAL_ADDRESS ImageLocationInMemory;
+ UINTN ImageLengthInMemory;
+ UINTN ImageLinkTimeAddress;
+ UINTN LengthOfDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL DevicePath[1];
+} EFI_IMAGE_LOAD_EVENT;
+
+///
+/// EFI_HANDOFF_TABLE_POINTERS
+///
+/// This structure is used in EV_EFI_HANDOFF_TABLES event to facilitate
+/// the measurement of given configuration tables.
+///
+typedef struct tdEFI_HANDOFF_TABLE_POINTERS {
+ UINTN NumberOfTables;
+ EFI_CONFIGURATION_TABLE TableEntry[1];
+} EFI_HANDOFF_TABLE_POINTERS;
+
+///
+/// EFI_VARIABLE_DATA
+///
+/// This structure serves as the header for measuring variables. The name of the
+/// variable (in Unicode format) should immediately follow, then the variable
+/// data.
+///
+typedef struct tdEFI_VARIABLE_DATA {
+ EFI_GUID VariableName;
+ UINTN UnicodeNameLength;
+ UINTN VariableDataLength;
+ CHAR16 UnicodeName[1];
+ INT8 VariableData[1]; ///< Driver or platform-specific data
+} EFI_VARIABLE_DATA;
+
+typedef struct tdEFI_GPT_DATA {
+ EFI_PARTITION_TABLE_HEADER EfiPartitionHeader;
+ UINTN NumberOfPartitions;
+ EFI_PARTITION_ENTRY Partitions[1];
+} EFI_GPT_DATA;
+
+//
+// Restore original structure alignment
+//
+#pragma pack ()
+
+#endif
+
+
diff --git a/src/include/ipxe/efi/Protocol/GraphicsOutput.h b/src/include/ipxe/efi/Protocol/GraphicsOutput.h
new file mode 100644
index 00000000..98ca8c9c
--- /dev/null
+++ b/src/include/ipxe/efi/Protocol/GraphicsOutput.h
@@ -0,0 +1,278 @@
+/** @file
+ Graphics Output Protocol from the UEFI 2.0 specification.
+
+ Abstraction of a very simple graphics device.
+
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __GRAPHICS_OUTPUT_H__
+#define __GRAPHICS_OUTPUT_H__
+
+FILE_LICENCE ( BSD3 );
+
+#define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID \
+ { \
+ 0x9042a9de, 0x23dc, 0x4a38, {0x96, 0xfb, 0x7a, 0xde, 0xd0, 0x80, 0x51, 0x6a } \
+ }
+
+typedef struct _EFI_GRAPHICS_OUTPUT_PROTOCOL EFI_GRAPHICS_OUTPUT_PROTOCOL;
+
+typedef struct {
+ UINT32 RedMask;
+ UINT32 GreenMask;
+ UINT32 BlueMask;
+ UINT32 ReservedMask;
+} EFI_PIXEL_BITMASK;
+
+typedef enum {
+ ///
+ /// A pixel is 32-bits and byte zero represents red, byte one represents green,
+ /// byte two represents blue, and byte three is reserved. This is the definition
+ /// for the physical frame buffer. The byte values for the red, green, and blue
+ /// components represent the color intensity. This color intensity value range
+ /// from a minimum intensity of 0 to maximum intensity of 255.
+ ///
+ PixelRedGreenBlueReserved8BitPerColor,
+ ///
+ /// A pixel is 32-bits and byte zero represents blue, byte one represents green,
+ /// byte two represents red, and byte three is reserved. This is the definition
+ /// for the physical frame buffer. The byte values for the red, green, and blue
+ /// components represent the color intensity. This color intensity value range
+ /// from a minimum intensity of 0 to maximum intensity of 255.
+ ///
+ PixelBlueGreenRedReserved8BitPerColor,
+ ///
+ /// The Pixel definition of the physical frame buffer.
+ ///
+ PixelBitMask,
+ ///
+ /// This mode does not support a physical frame buffer.
+ ///
+ PixelBltOnly,
+ ///
+ /// Valid EFI_GRAPHICS_PIXEL_FORMAT enum values are less than this value.
+ ///
+ PixelFormatMax
+} EFI_GRAPHICS_PIXEL_FORMAT;
+
+typedef struct {
+ ///
+ /// The version of this data structure. A value of zero represents the
+ /// EFI_GRAPHICS_OUTPUT_MODE_INFORMATION structure as defined in this specification.
+ ///
+ UINT32 Version;
+ ///
+ /// The size of video screen in pixels in the X dimension.
+ ///
+ UINT32 HorizontalResolution;
+ ///
+ /// The size of video screen in pixels in the Y dimension.
+ ///
+ UINT32 VerticalResolution;
+ ///
+ /// Enumeration that defines the physical format of the pixel. A value of PixelBltOnly
+ /// implies that a linear frame buffer is not available for this mode.
+ ///
+ EFI_GRAPHICS_PIXEL_FORMAT PixelFormat;
+ ///
+ /// This bit-mask is only valid if PixelFormat is set to PixelPixelBitMask.
+ /// A bit being set defines what bits are used for what purpose such as Red, Green, Blue, or Reserved.
+ ///
+ EFI_PIXEL_BITMASK PixelInformation;
+ ///
+ /// Defines the number of pixel elements per video memory line.
+ ///
+ UINT32 PixelsPerScanLine;
+} EFI_GRAPHICS_OUTPUT_MODE_INFORMATION;
+
+/**
+ Returns information for an available graphics mode that the graphics device
+ and the set of active video output devices supports.
+
+ @param This The EFI_GRAPHICS_OUTPUT_PROTOCOL instance.
+ @param ModeNumber The mode number to return information on.
+ @param SizeOfInfo A pointer to the size, in bytes, of the Info buffer.
+ @param Info A pointer to callee allocated buffer that returns information about ModeNumber.
+
+ @retval EFI_SUCCESS Valid mode information was returned.
+ @retval EFI_DEVICE_ERROR A hardware error occurred trying to retrieve the video mode.
+ @retval EFI_INVALID_PARAMETER ModeNumber is not valid.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_GRAPHICS_OUTPUT_PROTOCOL_QUERY_MODE)(
+ IN EFI_GRAPHICS_OUTPUT_PROTOCOL *This,
+ IN UINT32 ModeNumber,
+ OUT UINTN *SizeOfInfo,
+ OUT EFI_GRAPHICS_OUTPUT_MODE_INFORMATION **Info
+ );
+
+/**
+ Set the video device into the specified mode and clears the visible portions of
+ the output display to black.
+
+ @param This The EFI_GRAPHICS_OUTPUT_PROTOCOL instance.
+ @param ModeNumber Abstraction that defines the current video mode.
+
+ @retval EFI_SUCCESS The graphics mode specified by ModeNumber was selected.
+ @retval EFI_DEVICE_ERROR The device had an error and could not complete the request.
+ @retval EFI_UNSUPPORTED ModeNumber is not supported by this device.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_GRAPHICS_OUTPUT_PROTOCOL_SET_MODE)(
+ IN EFI_GRAPHICS_OUTPUT_PROTOCOL *This,
+ IN UINT32 ModeNumber
+ );
+
+typedef struct {
+ UINT8 Blue;
+ UINT8 Green;
+ UINT8 Red;
+ UINT8 Reserved;
+} EFI_GRAPHICS_OUTPUT_BLT_PIXEL;
+
+typedef union {
+ EFI_GRAPHICS_OUTPUT_BLT_PIXEL Pixel;
+ UINT32 Raw;
+} EFI_GRAPHICS_OUTPUT_BLT_PIXEL_UNION;
+
+///
+/// actions for BltOperations
+///
+typedef enum {
+ ///
+ /// Write data from the BltBuffer pixel (0, 0)
+ /// directly to every pixel of the video display rectangle
+ /// (DestinationX, DestinationY) (DestinationX + Width, DestinationY + Height).
+ /// Only one pixel will be used from the BltBuffer. Delta is NOT used.
+ ///
+ EfiBltVideoFill,
+
+ ///
+ /// Read data from the video display rectangle
+ /// (SourceX, SourceY) (SourceX + Width, SourceY + Height) and place it in
+ /// the BltBuffer rectangle (DestinationX, DestinationY )
+ /// (DestinationX + Width, DestinationY + Height). If DestinationX or
+ /// DestinationY is not zero then Delta must be set to the length in bytes
+ /// of a row in the BltBuffer.
+ ///
+ EfiBltVideoToBltBuffer,
+
+ ///
+ /// Write data from the BltBuffer rectangle
+ /// (SourceX, SourceY) (SourceX + Width, SourceY + Height) directly to the
+ /// video display rectangle (DestinationX, DestinationY)
+ /// (DestinationX + Width, DestinationY + Height). If SourceX or SourceY is
+ /// not zero then Delta must be set to the length in bytes of a row in the
+ /// BltBuffer.
+ ///
+ EfiBltBufferToVideo,
+
+ ///
+ /// Copy from the video display rectangle (SourceX, SourceY)
+ /// (SourceX + Width, SourceY + Height) to the video display rectangle
+ /// (DestinationX, DestinationY) (DestinationX + Width, DestinationY + Height).
+ /// The BltBuffer and Delta are not used in this mode.
+ ///
+ EfiBltVideoToVideo,
+
+ EfiGraphicsOutputBltOperationMax
+} EFI_GRAPHICS_OUTPUT_BLT_OPERATION;
+
+/**
+ Blt a rectangle of pixels on the graphics screen. Blt stands for BLock Transfer.
+
+ @param This Protocol instance pointer.
+ @param BltBuffer The data to transfer to the graphics screen.
+ Size is at least Width*Height*sizeof(EFI_GRAPHICS_OUTPUT_BLT_PIXEL).
+ @param BltOperation The operation to perform when copying BltBuffer on to the graphics screen.
+ @param SourceX The X coordinate of source for the BltOperation.
+ @param SourceY The Y coordinate of source for the BltOperation.
+ @param DestinationX The X coordinate of destination for the BltOperation.
+ @param DestinationY The Y coordinate of destination for the BltOperation.
+ @param Width The width of a rectangle in the blt rectangle in pixels.
+ @param Height The height of a rectangle in the blt rectangle in pixels.
+ @param Delta Not used for EfiBltVideoFill or the EfiBltVideoToVideo operation.
+ If a Delta of zero is used, the entire BltBuffer is being operated on.
+ If a subrectangle of the BltBuffer is being used then Delta
+ represents the number of bytes in a row of the BltBuffer.
+
+ @retval EFI_SUCCESS BltBuffer was drawn to the graphics screen.
+ @retval EFI_INVALID_PARAMETER BltOperation is not valid.
+ @retval EFI_DEVICE_ERROR The device had an error and could not complete the request.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_GRAPHICS_OUTPUT_PROTOCOL_BLT)(
+ IN EFI_GRAPHICS_OUTPUT_PROTOCOL *This,
+ IN EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer, OPTIONAL
+ IN EFI_GRAPHICS_OUTPUT_BLT_OPERATION BltOperation,
+ IN UINTN SourceX,
+ IN UINTN SourceY,
+ IN UINTN DestinationX,
+ IN UINTN DestinationY,
+ IN UINTN Width,
+ IN UINTN Height,
+ IN UINTN Delta OPTIONAL
+ );
+
+typedef struct {
+ ///
+ /// The number of modes supported by QueryMode() and SetMode().
+ ///
+ UINT32 MaxMode;
+ ///
+ /// Current Mode of the graphics device. Valid mode numbers are 0 to MaxMode -1.
+ ///
+ UINT32 Mode;
+ ///
+ /// Pointer to read-only EFI_GRAPHICS_OUTPUT_MODE_INFORMATION data.
+ ///
+ EFI_GRAPHICS_OUTPUT_MODE_INFORMATION *Info;
+ ///
+ /// Size of Info structure in bytes.
+ ///
+ UINTN SizeOfInfo;
+ ///
+ /// Base address of graphics linear frame buffer.
+ /// Offset zero in FrameBufferBase represents the upper left pixel of the display.
+ ///
+ EFI_PHYSICAL_ADDRESS FrameBufferBase;
+ ///
+ /// Amount of frame buffer needed to support the active mode as defined by
+ /// PixelsPerScanLine xVerticalResolution x PixelElementSize.
+ ///
+ UINTN FrameBufferSize;
+} EFI_GRAPHICS_OUTPUT_PROTOCOL_MODE;
+
+///
+/// Provides a basic abstraction to set video modes and copy pixels to and from
+/// the graphics controller's frame buffer. The linear address of the hardware
+/// frame buffer is also exposed so software can write directly to the video hardware.
+///
+struct _EFI_GRAPHICS_OUTPUT_PROTOCOL {
+ EFI_GRAPHICS_OUTPUT_PROTOCOL_QUERY_MODE QueryMode;
+ EFI_GRAPHICS_OUTPUT_PROTOCOL_SET_MODE SetMode;
+ EFI_GRAPHICS_OUTPUT_PROTOCOL_BLT Blt;
+ ///
+ /// Pointer to EFI_GRAPHICS_OUTPUT_PROTOCOL_MODE data.
+ ///
+ EFI_GRAPHICS_OUTPUT_PROTOCOL_MODE *Mode;
+};
+
+extern EFI_GUID gEfiGraphicsOutputProtocolGuid;
+
+#endif
diff --git a/src/include/ipxe/efi/Protocol/PxeBaseCode.h b/src/include/ipxe/efi/Protocol/PxeBaseCode.h
new file mode 100644
index 00000000..26447987
--- /dev/null
+++ b/src/include/ipxe/efi/Protocol/PxeBaseCode.h
@@ -0,0 +1,936 @@
+/** @file
+ EFI PXE Base Code Protocol definitions, which is used to access PXE-compatible
+ devices for network access and network booting.
+
+Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ @par Revision Reference:
+ This Protocol is introduced in EFI Specification 1.10.
+
+**/
+#ifndef __PXE_BASE_CODE_PROTOCOL_H__
+#define __PXE_BASE_CODE_PROTOCOL_H__
+
+FILE_LICENCE ( BSD3 );
+
+///
+/// PXE Base Code protocol.
+///
+#define EFI_PXE_BASE_CODE_PROTOCOL_GUID \
+ { \
+ 0x03c4e603, 0xac28, 0x11d3, {0x9a, 0x2d, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \
+ }
+
+typedef struct _EFI_PXE_BASE_CODE_PROTOCOL EFI_PXE_BASE_CODE_PROTOCOL;
+
+///
+/// Protocol defined in EFI1.1.
+///
+typedef EFI_PXE_BASE_CODE_PROTOCOL EFI_PXE_BASE_CODE;
+
+///
+/// Default IP TTL and ToS.
+///
+#define DEFAULT_TTL 16
+#define DEFAULT_ToS 0
+
+///
+/// ICMP error format.
+///
+typedef struct {
+ UINT8 Type;
+ UINT8 Code;
+ UINT16 Checksum;
+ union {
+ UINT32 reserved;
+ UINT32 Mtu;
+ UINT32 Pointer;
+ struct {
+ UINT16 Identifier;
+ UINT16 Sequence;
+ } Echo;
+ } u;
+ UINT8 Data[494];
+} EFI_PXE_BASE_CODE_ICMP_ERROR;
+
+///
+/// TFTP error format.
+///
+typedef struct {
+ UINT8 ErrorCode;
+ CHAR8 ErrorString[127];
+} EFI_PXE_BASE_CODE_TFTP_ERROR;
+
+///
+/// IP Receive Filter definitions.
+///
+#define EFI_PXE_BASE_CODE_MAX_IPCNT 8
+
+///
+/// IP Receive Filter structure.
+///
+typedef struct {
+ UINT8 Filters;
+ UINT8 IpCnt;
+ UINT16 reserved;
+ EFI_IP_ADDRESS IpList[EFI_PXE_BASE_CODE_MAX_IPCNT];
+} EFI_PXE_BASE_CODE_IP_FILTER;
+
+#define EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP 0x0001
+#define EFI_PXE_BASE_CODE_IP_FILTER_BROADCAST 0x0002
+#define EFI_PXE_BASE_CODE_IP_FILTER_PROMISCUOUS 0x0004
+#define EFI_PXE_BASE_CODE_IP_FILTER_PROMISCUOUS_MULTICAST 0x0008
+
+///
+/// ARP cache entries.
+///
+typedef struct {
+ EFI_IP_ADDRESS IpAddr;
+ EFI_MAC_ADDRESS MacAddr;
+} EFI_PXE_BASE_CODE_ARP_ENTRY;
+
+///
+/// ARP route table entries.
+///
+typedef struct {
+ EFI_IP_ADDRESS IpAddr;
+ EFI_IP_ADDRESS SubnetMask;
+ EFI_IP_ADDRESS GwAddr;
+} EFI_PXE_BASE_CODE_ROUTE_ENTRY;
+
+//
+// UDP definitions
+//
+typedef UINT16 EFI_PXE_BASE_CODE_UDP_PORT;
+
+#define EFI_PXE_BASE_CODE_UDP_OPFLAGS_ANY_SRC_IP 0x0001
+#define EFI_PXE_BASE_CODE_UDP_OPFLAGS_ANY_SRC_PORT 0x0002
+#define EFI_PXE_BASE_CODE_UDP_OPFLAGS_ANY_DEST_IP 0x0004
+#define EFI_PXE_BASE_CODE_UDP_OPFLAGS_ANY_DEST_PORT 0x0008
+#define EFI_PXE_BASE_CODE_UDP_OPFLAGS_USE_FILTER 0x0010
+#define EFI_PXE_BASE_CODE_UDP_OPFLAGS_MAY_FRAGMENT 0x0020
+
+//
+// Discover() definitions
+//
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_BOOTSTRAP 0
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_MS_WINNT_RIS 1
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_INTEL_LCM 2
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_DOSUNDI 3
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_NEC_ESMPRO 4
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_IBM_WSoD 5
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_IBM_LCCM 6
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_CA_UNICENTER_TNG 7
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_HP_OPENVIEW 8
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_ALTIRIS_9 9
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_ALTIRIS_10 10
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_ALTIRIS_11 11
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_NOT_USED_12 12
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_REDHAT_INSTALL 13
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_REDHAT_BOOT 14
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_REMBO 15
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_BEOBOOT 16
+//
+// 17 through 32767 are reserved
+// 32768 through 65279 are for vendor use
+// 65280 through 65534 are reserved
+//
+#define EFI_PXE_BASE_CODE_BOOT_TYPE_PXETEST 65535
+
+#define EFI_PXE_BASE_CODE_BOOT_LAYER_MASK 0x7FFF
+#define EFI_PXE_BASE_CODE_BOOT_LAYER_INITIAL 0x0000
+
+//
+// PXE Tag definition that identifies the processor
+// and programming environment of the client system.
+// These identifiers are defined by IETF:
+// http://www.ietf.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xml
+//
+#if defined (MDE_CPU_IA32)
+#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0006
+#elif defined (MDE_CPU_IPF)
+#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0002
+#elif defined (MDE_CPU_X64)
+#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0007
+#elif defined (MDE_CPU_ARM)
+#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000A
+#elif defined (MDE_CPU_AARCH64)
+#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000B
+#endif
+
+
+///
+/// Discover() server list structure.
+///
+typedef struct {
+ UINT16 Type;
+ BOOLEAN AcceptAnyResponse;
+ UINT8 Reserved;
+ EFI_IP_ADDRESS IpAddr;
+} EFI_PXE_BASE_CODE_SRVLIST;
+
+///
+/// Discover() information override structure.
+///
+typedef struct {
+ BOOLEAN UseMCast;
+ BOOLEAN UseBCast;
+ BOOLEAN UseUCast;
+ BOOLEAN MustUseList;
+ EFI_IP_ADDRESS ServerMCastIp;
+ UINT16 IpCnt;
+ EFI_PXE_BASE_CODE_SRVLIST SrvList[1];
+} EFI_PXE_BASE_CODE_DISCOVER_INFO;
+
+///
+/// TFTP opcode definitions.
+///
+typedef enum {
+ EFI_PXE_BASE_CODE_TFTP_FIRST,
+ EFI_PXE_BASE_CODE_TFTP_GET_FILE_SIZE,
+ EFI_PXE_BASE_CODE_TFTP_READ_FILE,
+ EFI_PXE_BASE_CODE_TFTP_WRITE_FILE,
+ EFI_PXE_BASE_CODE_TFTP_READ_DIRECTORY,
+ EFI_PXE_BASE_CODE_MTFTP_GET_FILE_SIZE,
+ EFI_PXE_BASE_CODE_MTFTP_READ_FILE,
+ EFI_PXE_BASE_CODE_MTFTP_READ_DIRECTORY,
+ EFI_PXE_BASE_CODE_MTFTP_LAST
+} EFI_PXE_BASE_CODE_TFTP_OPCODE;
+
+///
+/// MTFTP information. This information is required
+/// to start or join a multicast TFTP session. It is also required to
+/// perform the "get file size" and "read directory" operations of MTFTP.
+///
+typedef struct {
+ EFI_IP_ADDRESS MCastIp;
+ EFI_PXE_BASE_CODE_UDP_PORT CPort;
+ EFI_PXE_BASE_CODE_UDP_PORT SPort;
+ UINT16 ListenTimeout;
+ UINT16 TransmitTimeout;
+} EFI_PXE_BASE_CODE_MTFTP_INFO;
+
+///
+/// DHCPV4 Packet structure.
+///
+typedef struct {
+ UINT8 BootpOpcode;
+ UINT8 BootpHwType;
+ UINT8 BootpHwAddrLen;
+ UINT8 BootpGateHops;
+ UINT32 BootpIdent;
+ UINT16 BootpSeconds;
+ UINT16 BootpFlags;
+ UINT8 BootpCiAddr[4];
+ UINT8 BootpYiAddr[4];
+ UINT8 BootpSiAddr[4];
+ UINT8 BootpGiAddr[4];
+ UINT8 BootpHwAddr[16];
+ UINT8 BootpSrvName[64];
+ UINT8 BootpBootFile[128];
+ UINT32 DhcpMagik;
+ UINT8 DhcpOptions[56];
+} EFI_PXE_BASE_CODE_DHCPV4_PACKET;
+
+///
+/// DHCPV6 Packet structure.
+///
+typedef struct {
+ UINT32 MessageType:8;
+ UINT32 TransactionId:24;
+ UINT8 DhcpOptions[1024];
+} EFI_PXE_BASE_CODE_DHCPV6_PACKET;
+
+///
+/// Packet structure.
+///
+typedef union {
+ UINT8 Raw[1472];
+ EFI_PXE_BASE_CODE_DHCPV4_PACKET Dhcpv4;
+ EFI_PXE_BASE_CODE_DHCPV6_PACKET Dhcpv6;
+} EFI_PXE_BASE_CODE_PACKET;
+
+//
+// PXE Base Code Mode structure
+//
+#define EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES 8
+#define EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES 8
+
+///
+/// EFI_PXE_BASE_CODE_MODE.
+/// The data values in this structure are read-only and
+/// are updated by the code that produces the
+/// EFI_PXE_BASE_CODE_PROTOCOL functions.
+///
+typedef struct {
+ BOOLEAN Started;
+ BOOLEAN Ipv6Available;
+ BOOLEAN Ipv6Supported;
+ BOOLEAN UsingIpv6;
+ BOOLEAN BisSupported;
+ BOOLEAN BisDetected;
+ BOOLEAN AutoArp;
+ BOOLEAN SendGUID;
+ BOOLEAN DhcpDiscoverValid;
+ BOOLEAN DhcpAckReceived;
+ BOOLEAN ProxyOfferReceived;
+ BOOLEAN PxeDiscoverValid;
+ BOOLEAN PxeReplyReceived;
+ BOOLEAN PxeBisReplyReceived;
+ BOOLEAN IcmpErrorReceived;
+ BOOLEAN TftpErrorReceived;
+ BOOLEAN MakeCallbacks;
+ UINT8 TTL;
+ UINT8 ToS;
+ EFI_IP_ADDRESS StationIp;
+ EFI_IP_ADDRESS SubnetMask;
+ EFI_PXE_BASE_CODE_PACKET DhcpDiscover;
+ EFI_PXE_BASE_CODE_PACKET DhcpAck;
+ EFI_PXE_BASE_CODE_PACKET ProxyOffer;
+ EFI_PXE_BASE_CODE_PACKET PxeDiscover;
+ EFI_PXE_BASE_CODE_PACKET PxeReply;
+ EFI_PXE_BASE_CODE_PACKET PxeBisReply;
+ EFI_PXE_BASE_CODE_IP_FILTER IpFilter;
+ UINT32 ArpCacheEntries;
+ EFI_PXE_BASE_CODE_ARP_ENTRY ArpCache[EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES];
+ UINT32 RouteTableEntries;
+ EFI_PXE_BASE_CODE_ROUTE_ENTRY RouteTable[EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES];
+ EFI_PXE_BASE_CODE_ICMP_ERROR IcmpError;
+ EFI_PXE_BASE_CODE_TFTP_ERROR TftpError;
+} EFI_PXE_BASE_CODE_MODE;
+
+//
+// PXE Base Code Interface Function definitions
+//
+
+/**
+ Enables the use of the PXE Base Code Protocol functions.
+
+ This function enables the use of the PXE Base Code Protocol functions. If the
+ Started field of the EFI_PXE_BASE_CODE_MODE structure is already TRUE, then
+ EFI_ALREADY_STARTED will be returned. If UseIpv6 is TRUE, then IPv6 formatted
+ addresses will be used in this session. If UseIpv6 is FALSE, then IPv4 formatted
+ addresses will be used in this session. If UseIpv6 is TRUE, and the Ipv6Supported
+ field of the EFI_PXE_BASE_CODE_MODE structure is FALSE, then EFI_UNSUPPORTED will
+ be returned. If there is not enough memory or other resources to start the PXE
+ Base Code Protocol, then EFI_OUT_OF_RESOURCES will be returned. Otherwise, the
+ PXE Base Code Protocol will be started, and all of the fields of the EFI_PXE_BASE_CODE_MODE
+ structure will be initialized as follows:
+ StartedSet to TRUE.
+ Ipv6SupportedUnchanged.
+ Ipv6AvailableUnchanged.
+ UsingIpv6Set to UseIpv6.
+ BisSupportedUnchanged.
+ BisDetectedUnchanged.
+ AutoArpSet to TRUE.
+ SendGUIDSet to FALSE.
+ TTLSet to DEFAULT_TTL.
+ ToSSet to DEFAULT_ToS.
+ DhcpCompletedSet to FALSE.
+ ProxyOfferReceivedSet to FALSE.
+ StationIpSet to an address of all zeros.
+ SubnetMaskSet to a subnet mask of all zeros.
+ DhcpDiscoverZero-filled.
+ DhcpAckZero-filled.
+ ProxyOfferZero-filled.
+ PxeDiscoverValidSet to FALSE.
+ PxeDiscoverZero-filled.
+ PxeReplyValidSet to FALSE.
+ PxeReplyZero-filled.
+ PxeBisReplyValidSet to FALSE.
+ PxeBisReplyZero-filled.
+ IpFilterSet the Filters field to 0 and the IpCnt field to 0.
+ ArpCacheEntriesSet to 0.
+ ArpCacheZero-filled.
+ RouteTableEntriesSet to 0.
+ RouteTableZero-filled.
+ IcmpErrorReceivedSet to FALSE.
+ IcmpErrorZero-filled.
+ TftpErroReceivedSet to FALSE.
+ TftpErrorZero-filled.
+ MakeCallbacksSet to TRUE if the PXE Base Code Callback Protocol is available.
+ Set to FALSE if the PXE Base Code Callback Protocol is not available.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param UseIpv6 Specifies the type of IP addresses that are to be used during the session
+ that is being started. Set to TRUE for IPv6 addresses, and FALSE for
+ IPv4 addresses.
+
+ @retval EFI_SUCCESS The PXE Base Code Protocol was started.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this oper
+ @retval EFI_UNSUPPORTED UseIpv6 is TRUE, but the Ipv6Supported field of the
+ EFI_PXE_BASE_CODE_MODE structure is FALSE.
+ @retval EFI_ALREADY_STARTED The PXE Base Code Protocol is already in the started state.
+ @retval EFI_INVALID_PARAMETER The This parameter is NULL or does not point to a valid
+ EFI_PXE_BASE_CODE_PROTOCOL structure.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate enough memory or other resources to start the
+ PXE Base Code Protocol.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_START)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN BOOLEAN UseIpv6
+ );
+
+/**
+ Disables the use of the PXE Base Code Protocol functions.
+
+ This function stops all activity on the network device. All the resources allocated
+ in Start() are released, the Started field of the EFI_PXE_BASE_CODE_MODE structure is
+ set to FALSE and EFI_SUCCESS is returned. If the Started field of the EFI_PXE_BASE_CODE_MODE
+ structure is already FALSE, then EFI_NOT_STARTED will be returned.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+
+ @retval EFI_SUCCESS The PXE Base Code Protocol was stopped.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is already in the stopped state.
+ @retval EFI_INVALID_PARAMETER The This parameter is NULL or does not point to a valid
+ EFI_PXE_BASE_CODE_PROTOCOL structure.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this operation.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_STOP)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This
+ );
+
+/**
+ Attempts to complete a DHCPv4 D.O.R.A. (discover / offer / request / acknowledge) or DHCPv6
+ S.A.R.R (solicit / advertise / request / reply) sequence.
+
+ This function attempts to complete the DHCP sequence. If this sequence is completed,
+ then EFI_SUCCESS is returned, and the DhcpCompleted, ProxyOfferReceived, StationIp,
+ SubnetMask, DhcpDiscover, DhcpAck, and ProxyOffer fields of the EFI_PXE_BASE_CODE_MODE
+ structure are filled in.
+ If SortOffers is TRUE, then the cached DHCP offer packets will be sorted before
+ they are tried. If SortOffers is FALSE, then the cached DHCP offer packets will
+ be tried in the order in which they are received. Please see the Preboot Execution
+ Environment (PXE) Specification for additional details on the implementation of DHCP.
+ This function can take at least 31 seconds to timeout and return control to the
+ caller. If the DHCP sequence does not complete, then EFI_TIMEOUT will be returned.
+ If the Callback Protocol does not return EFI_PXE_BASE_CODE_CALLBACK_STATUS_CONTINUE,
+ then the DHCP sequence will be stopped and EFI_ABORTED will be returned.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param SortOffers TRUE if the offers received should be sorted. Set to FALSE to try the
+ offers in the order that they are received.
+
+ @retval EFI_SUCCESS Valid DHCP has completed.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER The This parameter is NULL or does not point to a valid
+ EFI_PXE_BASE_CODE_PROTOCOL structure.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this operation.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate enough memory to complete the DHCP Protocol.
+ @retval EFI_ABORTED The callback function aborted the DHCP Protocol.
+ @retval EFI_TIMEOUT The DHCP Protocol timed out.
+ @retval EFI_ICMP_ERROR An ICMP error packet was received during the DHCP session.
+ @retval EFI_NO_RESPONSE Valid PXE offer was not received.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_DHCP)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN BOOLEAN SortOffers
+ );
+
+/**
+ Attempts to complete the PXE Boot Server and/or boot image discovery sequence.
+
+ This function attempts to complete the PXE Boot Server and/or boot image discovery
+ sequence. If this sequence is completed, then EFI_SUCCESS is returned, and the
+ PxeDiscoverValid, PxeDiscover, PxeReplyReceived, and PxeReply fields of the
+ EFI_PXE_BASE_CODE_MODE structure are filled in. If UseBis is TRUE, then the
+ PxeBisReplyReceived and PxeBisReply fields of the EFI_PXE_BASE_CODE_MODE structure
+ will also be filled in. If UseBis is FALSE, then PxeBisReplyValid will be set to FALSE.
+ In the structure referenced by parameter Info, the PXE Boot Server list, SrvList[],
+ has two uses: It is the Boot Server IP address list used for unicast discovery
+ (if the UseUCast field is TRUE), and it is the list used for Boot Server verification
+ (if the MustUseList field is TRUE). Also, if the MustUseList field in that structure
+ is TRUE and the AcceptAnyResponse field in the SrvList[] array is TRUE, any Boot
+ Server reply of that type will be accepted. If the AcceptAnyResponse field is
+ FALSE, only responses from Boot Servers with matching IP addresses will be accepted.
+ This function can take at least 10 seconds to timeout and return control to the
+ caller. If the Discovery sequence does not complete, then EFI_TIMEOUT will be
+ returned. Please see the Preboot Execution Environment (PXE) Specification for
+ additional details on the implementation of the Discovery sequence.
+ If the Callback Protocol does not return EFI_PXE_BASE_CODE_CALLBACK_STATUS_CONTINUE,
+ then the Discovery sequence is stopped and EFI_ABORTED will be returned.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param Type The type of bootstrap to perform.
+ @param Layer The pointer to the boot server layer number to discover, which must be
+ PXE_BOOT_LAYER_INITIAL when a new server type is being
+ discovered.
+ @param UseBis TRUE if Boot Integrity Services are to be used. FALSE otherwise.
+ @param Info The pointer to a data structure that contains additional information on the
+ type of discovery operation that is to be performed.
+
+ @retval EFI_SUCCESS The Discovery sequence has been completed.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this operation.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate enough memory to complete Discovery.
+ @retval EFI_ABORTED The callback function aborted the Discovery sequence.
+ @retval EFI_TIMEOUT The Discovery sequence timed out.
+ @retval EFI_ICMP_ERROR An ICMP error packet was received during the PXE discovery
+ session.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_DISCOVER)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN UINT16 Type,
+ IN UINT16 *Layer,
+ IN BOOLEAN UseBis,
+ IN EFI_PXE_BASE_CODE_DISCOVER_INFO *Info OPTIONAL
+ );
+
+/**
+ Used to perform TFTP and MTFTP services.
+
+ This function is used to perform TFTP and MTFTP services. This includes the
+ TFTP operations to get the size of a file, read a directory, read a file, and
+ write a file. It also includes the MTFTP operations to get the size of a file,
+ read a directory, and read a file. The type of operation is specified by Operation.
+ If the callback function that is invoked during the TFTP/MTFTP operation does
+ not return EFI_PXE_BASE_CODE_CALLBACK_STATUS_CONTINUE, then EFI_ABORTED will
+ be returned.
+ For read operations, the return data will be placed in the buffer specified by
+ BufferPtr. If BufferSize is too small to contain the entire downloaded file,
+ then EFI_BUFFER_TOO_SMALL will be returned and BufferSize will be set to zero
+ or the size of the requested file (the size of the requested file is only returned
+ if the TFTP server supports TFTP options). If BufferSize is large enough for the
+ read operation, then BufferSize will be set to the size of the downloaded file,
+ and EFI_SUCCESS will be returned. Applications using the PxeBc.Mtftp() services
+ should use the get-file-size operations to determine the size of the downloaded
+ file prior to using the read-file operations--especially when downloading large
+ (greater than 64 MB) files--instead of making two calls to the read-file operation.
+ Following this recommendation will save time if the file is larger than expected
+ and the TFTP server does not support TFTP option extensions. Without TFTP option
+ extension support, the client has to download the entire file, counting and discarding
+ the received packets, to determine the file size.
+ For write operations, the data to be sent is in the buffer specified by BufferPtr.
+ BufferSize specifies the number of bytes to send. If the write operation completes
+ successfully, then EFI_SUCCESS will be returned.
+ For TFTP "get file size" operations, the size of the requested file or directory
+ is returned in BufferSize, and EFI_SUCCESS will be returned. If the TFTP server
+ does not support options, the file will be downloaded into a bit bucket and the
+ length of the downloaded file will be returned. For MTFTP "get file size" operations,
+ if the MTFTP server does not support the "get file size" option, EFI_UNSUPPORTED
+ will be returned.
+ This function can take up to 10 seconds to timeout and return control to the caller.
+ If the TFTP sequence does not complete, EFI_TIMEOUT will be returned.
+ If the Callback Protocol does not return EFI_PXE_BASE_CODE_CALLBACK_STATUS_CONTINUE,
+ then the TFTP sequence is stopped and EFI_ABORTED will be returned.
+ The format of the data returned from a TFTP read directory operation is a null-terminated
+ filename followed by a null-terminated information string, of the form
+ "size year-month-day hour:minute:second" (i.e. %d %d-%d-%d %d:%d:%f - note that
+ the seconds field can be a decimal number), where the date and time are UTC. For
+ an MTFTP read directory command, there is additionally a null-terminated multicast
+ IP address preceding the filename of the form %d.%d.%d.%d for IP v4. The final
+ entry is itself null-terminated, so that the final information string is terminated
+ with two null octets.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param Operation The type of operation to perform.
+ @param BufferPtr A pointer to the data buffer.
+ @param Overwrite Only used on write file operations. TRUE if a file on a remote server can
+ be overwritten.
+ @param BufferSize For get-file-size operations, *BufferSize returns the size of the
+ requested file.
+ @param BlockSize The requested block size to be used during a TFTP transfer.
+ @param ServerIp The TFTP / MTFTP server IP address.
+ @param Filename A Null-terminated ASCII string that specifies a directory name or a file
+ name.
+ @param Info The pointer to the MTFTP information.
+ @param DontUseBuffer Set to FALSE for normal TFTP and MTFTP read file operation.
+
+ @retval EFI_SUCCESS The TFTP/MTFTP operation was completed.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this operation.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is not large enough to complete the read operation.
+ @retval EFI_ABORTED The callback function aborted the TFTP/MTFTP operation.
+ @retval EFI_TIMEOUT The TFTP/MTFTP operation timed out.
+ @retval EFI_ICMP_ERROR An ICMP error packet was received during the MTFTP session.
+ @retval EFI_TFTP_ERROR A TFTP error packet was received during the MTFTP session.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_MTFTP)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN EFI_PXE_BASE_CODE_TFTP_OPCODE Operation,
+ IN OUT VOID *BufferPtr OPTIONAL,
+ IN BOOLEAN Overwrite,
+ IN OUT UINT64 *BufferSize,
+ IN UINTN *BlockSize OPTIONAL,
+ IN EFI_IP_ADDRESS *ServerIp,
+ IN UINT8 *Filename OPTIONAL,
+ IN EFI_PXE_BASE_CODE_MTFTP_INFO *Info OPTIONAL,
+ IN BOOLEAN DontUseBuffer
+ );
+
+/**
+ Writes a UDP packet to the network interface.
+
+ This function writes a UDP packet specified by the (optional HeaderPtr and)
+ BufferPtr parameters to the network interface. The UDP header is automatically
+ built by this routine. It uses the parameters OpFlags, DestIp, DestPort, GatewayIp,
+ SrcIp, and SrcPort to build this header. If the packet is successfully built and
+ transmitted through the network interface, then EFI_SUCCESS will be returned.
+ If a timeout occurs during the transmission of the packet, then EFI_TIMEOUT will
+ be returned. If an ICMP error occurs during the transmission of the packet, then
+ the IcmpErrorReceived field is set to TRUE, the IcmpError field is filled in and
+ EFI_ICMP_ERROR will be returned. If the Callback Protocol does not return
+ EFI_PXE_BASE_CODE_CALLBACK_STATUS_CONTINUE, then EFI_ABORTED will be returned.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param OpFlags The UDP operation flags.
+ @param DestIp The destination IP address.
+ @param DestPort The destination UDP port number.
+ @param GatewayIp The gateway IP address.
+ @param SrcIp The source IP address.
+ @param SrcPort The source UDP port number.
+ @param HeaderSize An optional field which may be set to the length of a header at
+ HeaderPtr to be prefixed to the data at BufferPtr.
+ @param HeaderPtr If HeaderSize is not NULL, a pointer to a header to be prefixed to the
+ data at BufferPtr.
+ @param BufferSize A pointer to the size of the data at BufferPtr.
+ @param BufferPtr A pointer to the data to be written.
+
+ @retval EFI_SUCCESS The UDP Write operation was completed.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ @retval EFI_BAD_BUFFER_SIZE The buffer is too long to be transmitted.
+ @retval EFI_ABORTED The callback function aborted the UDP Write operation.
+ @retval EFI_TIMEOUT The UDP Write operation timed out.
+ @retval EFI_ICMP_ERROR An ICMP error packet was received during the UDP write session.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_UDP_WRITE)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN UINT16 OpFlags,
+ IN EFI_IP_ADDRESS *DestIp,
+ IN EFI_PXE_BASE_CODE_UDP_PORT *DestPort,
+ IN EFI_IP_ADDRESS *GatewayIp, OPTIONAL
+ IN EFI_IP_ADDRESS *SrcIp, OPTIONAL
+ IN OUT EFI_PXE_BASE_CODE_UDP_PORT *SrcPort, OPTIONAL
+ IN UINTN *HeaderSize, OPTIONAL
+ IN VOID *HeaderPtr, OPTIONAL
+ IN UINTN *BufferSize,
+ IN VOID *BufferPtr
+ );
+
+/**
+ Reads a UDP packet from the network interface.
+
+ This function reads a UDP packet from a network interface. The data contents
+ are returned in (the optional HeaderPtr and) BufferPtr, and the size of the
+ buffer received is returned in BufferSize. If the input BufferSize is smaller
+ than the UDP packet received (less optional HeaderSize), it will be set to the
+ required size, and EFI_BUFFER_TOO_SMALL will be returned. In this case, the
+ contents of BufferPtr are undefined, and the packet is lost. If a UDP packet is
+ successfully received, then EFI_SUCCESS will be returned, and the information
+ from the UDP header will be returned in DestIp, DestPort, SrcIp, and SrcPort if
+ they are not NULL.
+ Depending on the values of OpFlags and the DestIp, DestPort, SrcIp, and SrcPort
+ input values, different types of UDP packet receive filtering will be performed.
+ The following tables summarize these receive filter operations.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param OpFlags The UDP operation flags.
+ @param DestIp The destination IP address.
+ @param DestPort The destination UDP port number.
+ @param SrcIp The source IP address.
+ @param SrcPort The source UDP port number.
+ @param HeaderSize An optional field which may be set to the length of a header at
+ HeaderPtr to be prefixed to the data at BufferPtr.
+ @param HeaderPtr If HeaderSize is not NULL, a pointer to a header to be prefixed to the
+ data at BufferPtr.
+ @param BufferSize A pointer to the size of the data at BufferPtr.
+ @param BufferPtr A pointer to the data to be read.
+
+ @retval EFI_SUCCESS The UDP Read operation was completed.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this operation.
+ @retval EFI_BUFFER_TOO_SMALL The packet is larger than Buffer can hold.
+ @retval EFI_ABORTED The callback function aborted the UDP Read operation.
+ @retval EFI_TIMEOUT The UDP Read operation timed out.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_UDP_READ)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN UINT16 OpFlags,
+ IN OUT EFI_IP_ADDRESS *DestIp, OPTIONAL
+ IN OUT EFI_PXE_BASE_CODE_UDP_PORT *DestPort, OPTIONAL
+ IN OUT EFI_IP_ADDRESS *SrcIp, OPTIONAL
+ IN OUT EFI_PXE_BASE_CODE_UDP_PORT *SrcPort, OPTIONAL
+ IN UINTN *HeaderSize, OPTIONAL
+ IN VOID *HeaderPtr, OPTIONAL
+ IN OUT UINTN *BufferSize,
+ IN VOID *BufferPtr
+ );
+
+/**
+ Updates the IP receive filters of a network device and enables software filtering.
+
+ The NewFilter field is used to modify the network device's current IP receive
+ filter settings and to enable a software filter. This function updates the IpFilter
+ field of the EFI_PXE_BASE_CODE_MODE structure with the contents of NewIpFilter.
+ The software filter is used when the USE_FILTER in OpFlags is set to UdpRead().
+ The current hardware filter remains in effect no matter what the settings of OpFlags
+ are, so that the meaning of ANY_DEST_IP set in OpFlags to UdpRead() is from those
+ packets whose reception is enabled in hardware - physical NIC address (unicast),
+ broadcast address, logical address or addresses (multicast), or all (promiscuous).
+ UdpRead() does not modify the IP filter settings.
+ Dhcp(), Discover(), and Mtftp() set the IP filter, and return with the IP receive
+ filter list emptied and the filter set to EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP.
+ If an application or driver wishes to preserve the IP receive filter settings,
+ it will have to preserve the IP receive filter settings before these calls, and
+ use SetIpFilter() to restore them after the calls. If incompatible filtering is
+ requested (for example, PROMISCUOUS with anything else), or if the device does not
+ support a requested filter setting and it cannot be accommodated in software
+ (for example, PROMISCUOUS not supported), EFI_INVALID_PARAMETER will be returned.
+ The IPlist field is used to enable IPs other than the StationIP. They may be
+ multicast or unicast. If IPcnt is set as well as EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP,
+ then both the StationIP and the IPs from the IPlist will be used.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param NewFilter The pointer to the new set of IP receive filters.
+
+ @retval EFI_SUCCESS The IP receive filter settings were updated.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_SET_IP_FILTER)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN EFI_PXE_BASE_CODE_IP_FILTER *NewFilter
+ );
+
+/**
+ Uses the ARP protocol to resolve a MAC address.
+
+ This function uses the ARP protocol to resolve a MAC address. The UsingIpv6 field
+ of the EFI_PXE_BASE_CODE_MODE structure is used to determine if IPv4 or IPv6
+ addresses are being used. The IP address specified by IpAddr is used to resolve
+ a MAC address. If the ARP protocol succeeds in resolving the specified address,
+ then the ArpCacheEntries and ArpCache fields of the EFI_PXE_BASE_CODE_MODE structure
+ are updated, and EFI_SUCCESS is returned. If MacAddr is not NULL, the resolved
+ MAC address is placed there as well.
+ If the PXE Base Code protocol is in the stopped state, then EFI_NOT_STARTED is
+ returned. If the ARP protocol encounters a timeout condition while attempting
+ to resolve an address, then EFI_TIMEOUT is returned. If the Callback Protocol
+ does not return EFI_PXE_BASE_CODE_CALLBACK_STATUS_CONTINUE, then EFI_ABORTED is
+ returned.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param IpAddr The pointer to the IP address that is used to resolve a MAC address.
+ @param MacAddr If not NULL, a pointer to the MAC address that was resolved with the
+ ARP protocol.
+
+ @retval EFI_SUCCESS The IP or MAC address was resolved.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+ @retval EFI_DEVICE_ERROR The network device encountered an error during this operation.
+ @retval EFI_ABORTED The callback function aborted the ARP Protocol.
+ @retval EFI_TIMEOUT The ARP Protocol encountered a timeout condition.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_ARP)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN EFI_IP_ADDRESS *IpAddr,
+ IN EFI_MAC_ADDRESS *MacAddr OPTIONAL
+ );
+
+/**
+ Updates the parameters that affect the operation of the PXE Base Code Protocol.
+
+ This function sets parameters that affect the operation of the PXE Base Code Protocol.
+ The parameter specified by NewAutoArp is used to control the generation of ARP
+ protocol packets. If NewAutoArp is TRUE, then ARP Protocol packets will be generated
+ as required by the PXE Base Code Protocol. If NewAutoArp is FALSE, then no ARP
+ Protocol packets will be generated. In this case, the only mappings that are
+ available are those stored in the ArpCache of the EFI_PXE_BASE_CODE_MODE structure.
+ If there are not enough mappings in the ArpCache to perform a PXE Base Code Protocol
+ service, then the service will fail. This function updates the AutoArp field of
+ the EFI_PXE_BASE_CODE_MODE structure to NewAutoArp.
+ The SetParameters() call must be invoked after a Callback Protocol is installed
+ to enable the use of callbacks.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param NewAutoArp If not NULL, a pointer to a value that specifies whether to replace the
+ current value of AutoARP.
+ @param NewSendGUID If not NULL, a pointer to a value that specifies whether to replace the
+ current value of SendGUID.
+ @param NewTTL If not NULL, a pointer to be used in place of the current value of TTL,
+ the "time to live" field of the IP header.
+ @param NewToS If not NULL, a pointer to be used in place of the current value of ToS,
+ the "type of service" field of the IP header.
+ @param NewMakeCallback If not NULL, a pointer to a value that specifies whether to replace the
+ current value of the MakeCallback field of the Mode structure.
+
+ @retval EFI_SUCCESS The new parameters values were updated.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_SET_PARAMETERS)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN BOOLEAN *NewAutoArp, OPTIONAL
+ IN BOOLEAN *NewSendGUID, OPTIONAL
+ IN UINT8 *NewTTL, OPTIONAL
+ IN UINT8 *NewToS, OPTIONAL
+ IN BOOLEAN *NewMakeCallback OPTIONAL
+ );
+
+/**
+ Updates the station IP address and/or subnet mask values of a network device.
+
+ This function updates the station IP address and/or subnet mask values of a network
+ device.
+ The NewStationIp field is used to modify the network device's current IP address.
+ If NewStationIP is NULL, then the current IP address will not be modified. Otherwise,
+ this function updates the StationIp field of the EFI_PXE_BASE_CODE_MODE structure
+ with NewStationIp.
+ The NewSubnetMask field is used to modify the network device's current subnet
+ mask. If NewSubnetMask is NULL, then the current subnet mask will not be modified.
+ Otherwise, this function updates the SubnetMask field of the EFI_PXE_BASE_CODE_MODE
+ structure with NewSubnetMask.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param NewStationIp The pointer to the new IP address to be used by the network device.
+ @param NewSubnetMask The pointer to the new subnet mask to be used by the network device.
+
+ @retval EFI_SUCCESS The new station IP address and/or subnet mask were updated.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_SET_STATION_IP)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ IN EFI_IP_ADDRESS *NewStationIp, OPTIONAL
+ IN EFI_IP_ADDRESS *NewSubnetMask OPTIONAL
+ );
+
+/**
+ Updates the contents of the cached DHCP and Discover packets.
+
+ The pointers to the new packets are used to update the contents of the cached
+ packets in the EFI_PXE_BASE_CODE_MODE structure.
+
+ @param This The pointer to the EFI_PXE_BASE_CODE_PROTOCOL instance.
+ @param NewDhcpDiscoverValid The pointer to a value that will replace the current
+ DhcpDiscoverValid field.
+ @param NewDhcpAckReceived The pointer to a value that will replace the current
+ DhcpAckReceived field.
+ @param NewProxyOfferReceived The pointer to a value that will replace the current
+ ProxyOfferReceived field.
+ @param NewPxeDiscoverValid The pointer to a value that will replace the current
+ ProxyOfferReceived field.
+ @param NewPxeReplyReceived The pointer to a value that will replace the current
+ PxeReplyReceived field.
+ @param NewPxeBisReplyReceived The pointer to a value that will replace the current
+ PxeBisReplyReceived field.
+ @param NewDhcpDiscover The pointer to the new cached DHCP Discover packet contents.
+ @param NewDhcpAck The pointer to the new cached DHCP Ack packet contents.
+ @param NewProxyOffer The pointer to the new cached Proxy Offer packet contents.
+ @param NewPxeDiscover The pointer to the new cached PXE Discover packet contents.
+ @param NewPxeReply The pointer to the new cached PXE Reply packet contents.
+ @param NewPxeBisReply The pointer to the new cached PXE BIS Reply packet contents.
+
+ @retval EFI_SUCCESS The cached packet contents were updated.
+ @retval EFI_NOT_STARTED The PXE Base Code Protocol is in the stopped state.
+ @retval EFI_INVALID_PARAMETER This is NULL or not point to a valid EFI_PXE_BASE_CODE_PROTOCOL structure.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PXE_BASE_CODE_SET_PACKETS)(
+ IN EFI_PXE_BASE_CODE_PROTOCOL *This,
+ BOOLEAN *NewDhcpDiscoverValid, OPTIONAL
+ BOOLEAN *NewDhcpAckReceived, OPTIONAL
+ BOOLEAN *NewProxyOfferReceived, OPTIONAL
+ BOOLEAN *NewPxeDiscoverValid, OPTIONAL
+ BOOLEAN *NewPxeReplyReceived, OPTIONAL
+ BOOLEAN *NewPxeBisReplyReceived, OPTIONAL
+ IN EFI_PXE_BASE_CODE_PACKET *NewDhcpDiscover, OPTIONAL
+ IN EFI_PXE_BASE_CODE_PACKET *NewDhcpAck, OPTIONAL
+ IN EFI_PXE_BASE_CODE_PACKET *NewProxyOffer, OPTIONAL
+ IN EFI_PXE_BASE_CODE_PACKET *NewPxeDiscover, OPTIONAL
+ IN EFI_PXE_BASE_CODE_PACKET *NewPxeReply, OPTIONAL
+ IN EFI_PXE_BASE_CODE_PACKET *NewPxeBisReply OPTIONAL
+ );
+
+//
+// PXE Base Code Protocol structure
+//
+#define EFI_PXE_BASE_CODE_PROTOCOL_REVISION 0x00010000
+
+//
+// Revision defined in EFI1.1
+//
+#define EFI_PXE_BASE_CODE_INTERFACE_REVISION EFI_PXE_BASE_CODE_PROTOCOL_REVISION
+
+///
+/// The EFI_PXE_BASE_CODE_PROTOCOL is used to control PXE-compatible devices.
+/// An EFI_PXE_BASE_CODE_PROTOCOL will be layered on top of an
+/// EFI_MANAGED_NETWORK_PROTOCOL protocol in order to perform packet level transactions.
+/// The EFI_PXE_BASE_CODE_PROTOCOL handle also supports the
+/// EFI_LOAD_FILE_PROTOCOL protocol. This provides a clean way to obtain control from the
+/// boot manager if the boot path is from the remote device.
+///
+struct _EFI_PXE_BASE_CODE_PROTOCOL {
+ ///
+ /// The revision of the EFI_PXE_BASE_CODE_PROTOCOL. All future revisions must
+ /// be backwards compatible. If a future version is not backwards compatible
+ /// it is not the same GUID.
+ ///
+ UINT64 Revision;
+ EFI_PXE_BASE_CODE_START Start;
+ EFI_PXE_BASE_CODE_STOP Stop;
+ EFI_PXE_BASE_CODE_DHCP Dhcp;
+ EFI_PXE_BASE_CODE_DISCOVER Discover;
+ EFI_PXE_BASE_CODE_MTFTP Mtftp;
+ EFI_PXE_BASE_CODE_UDP_WRITE UdpWrite;
+ EFI_PXE_BASE_CODE_UDP_READ UdpRead;
+ EFI_PXE_BASE_CODE_SET_IP_FILTER SetIpFilter;
+ EFI_PXE_BASE_CODE_ARP Arp;
+ EFI_PXE_BASE_CODE_SET_PARAMETERS SetParameters;
+ EFI_PXE_BASE_CODE_SET_STATION_IP SetStationIp;
+ EFI_PXE_BASE_CODE_SET_PACKETS SetPackets;
+ ///
+ /// The pointer to the EFI_PXE_BASE_CODE_MODE data for this device.
+ ///
+ EFI_PXE_BASE_CODE_MODE *Mode;
+};
+
+extern EFI_GUID gEfiPxeBaseCodeProtocolGuid;
+
+#endif
diff --git a/src/include/ipxe/efi/Protocol/TcgService.h b/src/include/ipxe/efi/Protocol/TcgService.h
new file mode 100644
index 00000000..1068448f
--- /dev/null
+++ b/src/include/ipxe/efi/Protocol/TcgService.h
@@ -0,0 +1,209 @@
+/** @file
+ TCG Service Protocol as defined in TCG_EFI_Protocol_1_20_Final
+ See http://trustedcomputinggroup.org for the latest specification
+
+Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_SERVICE_PROTOCOL_H_
+#define _TCG_SERVICE_PROTOCOL_H_
+
+FILE_LICENCE ( BSD3 );
+
+#include
+
+#define EFI_TCG_PROTOCOL_GUID \
+ {0xf541796d, 0xa62e, 0x4954, { 0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } }
+
+typedef struct _EFI_TCG_PROTOCOL EFI_TCG_PROTOCOL;
+
+typedef struct {
+ UINT8 Major;
+ UINT8 Minor;
+ UINT8 RevMajor;
+ UINT8 RevMinor;
+} TCG_VERSION;
+
+typedef struct _TCG_EFI_BOOT_SERVICE_CAPABILITY {
+ UINT8 Size; /// Size of this structure.
+ TCG_VERSION StructureVersion;
+ TCG_VERSION ProtocolSpecVersion;
+ UINT8 HashAlgorithmBitmap; /// Hash algorithms .
+ /// This protocol is capable of : 01=SHA-1.
+ BOOLEAN TPMPresentFlag; /// 00h = TPM not present.
+ BOOLEAN TPMDeactivatedFlag; /// 01h = TPM currently deactivated.
+} TCG_EFI_BOOT_SERVICE_CAPABILITY;
+
+typedef UINT32 TCG_ALGORITHM_ID;
+
+///
+/// Note:
+/// Status codes returned for functions of EFI_TCG_PROTOCOL do not exactly match
+/// those defined in the TCG EFI Protocol 1.20 Final Specification.
+///
+
+/**
+ This service provides EFI protocol capability information, state information
+ about the TPM, and Event Log state information.
+
+ @param This Indicates the calling context
+ @param ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY
+ structure and fills in the fields with the EFI protocol
+ capability information and the current TPM state information.
+ @param TCGFeatureFlags This is a pointer to the feature flags. No feature
+ flags are currently defined so this parameter
+ MUST be set to 0. However, in the future,
+ feature flags may be defined that, for example,
+ enable hash algorithm agility.
+ @param EventLogLocation This is a pointer to the address of the event log in memory.
+ @param EventLogLastEntry If the Event Log contains more than one entry,
+ this is a pointer to the address of the start of
+ the last entry in the event log in memory.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_INVALID_PARAMETER ProtocolCapability does not match TCG capability.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG_STATUS_CHECK)(
+ IN EFI_TCG_PROTOCOL *This,
+ OUT TCG_EFI_BOOT_SERVICE_CAPABILITY
+ *ProtocolCapability,
+ OUT UINT32 *TCGFeatureFlags,
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
+ );
+
+/**
+ This service abstracts the capability to do a hash operation on a data buffer.
+
+ @param This Indicates the calling context.
+ @param HashData The pointer to the data buffer to be hashed.
+ @param HashDataLen The length of the data buffer to be hashed.
+ @param AlgorithmId Identification of the Algorithm to use for the hashing operation.
+ @param HashedDataLen Resultant length of the hashed data.
+ @param HashedDataResult Resultant buffer of the hashed data.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_INVALID_PARAMETER HashDataLen is NULL.
+ @retval EFI_INVALID_PARAMETER HashDataLenResult is NULL.
+ @retval EFI_OUT_OF_RESOURCES Cannot allocate buffer of size *HashedDataLen.
+ @retval EFI_UNSUPPORTED AlgorithmId not supported.
+ @retval EFI_BUFFER_TOO_SMALL *HashedDataLen < sizeof (TCG_DIGEST).
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG_HASH_ALL)(
+ IN EFI_TCG_PROTOCOL *This,
+ IN UINT8 *HashData,
+ IN UINT64 HashDataLen,
+ IN TCG_ALGORITHM_ID AlgorithmId,
+ IN OUT UINT64 *HashedDataLen,
+ IN OUT UINT8 **HashedDataResult
+ );
+
+/**
+ This service abstracts the capability to add an entry to the Event Log.
+
+ @param This Indicates the calling context
+ @param TCGLogData The pointer to the start of the data buffer containing
+ the TCG_PCR_EVENT data structure. All fields in
+ this structure are properly filled by the caller.
+ @param EventNumber The event number of the event just logged.
+ @param Flags Indicates additional flags. Only one flag has been
+ defined at this time, which is 0x01 and means the
+ extend operation should not be performed. All
+ other bits are reserved.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Insufficient memory in the event log to complete this action.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG_LOG_EVENT)(
+ IN EFI_TCG_PROTOCOL *This,
+ IN TCG_PCR_EVENT *TCGLogData,
+ IN OUT UINT32 *EventNumber,
+ IN UINT32 Flags
+ );
+
+/**
+ This service is a proxy for commands to the TPM.
+
+ @param This Indicates the calling context.
+ @param TpmInputParameterBlockSize Size of the TPM input parameter block.
+ @param TpmInputParameterBlock The pointer to the TPM input parameter block.
+ @param TpmOutputParameterBlockSize Size of the TPM output parameter block.
+ @param TpmOutputParameterBlock The pointer to the TPM output parameter block.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_INVALID_PARAMETER Invalid ordinal.
+ @retval EFI_UNSUPPORTED Current Task Priority Level >= EFI_TPL_CALLBACK.
+ @retval EFI_TIMEOUT The TIS timed-out.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG_PASS_THROUGH_TO_TPM)(
+ IN EFI_TCG_PROTOCOL *This,
+ IN UINT32 TpmInputParameterBlockSize,
+ IN UINT8 *TpmInputParameterBlock,
+ IN UINT32 TpmOutputParameterBlockSize,
+ IN UINT8 *TpmOutputParameterBlock
+ );
+
+/**
+ This service abstracts the capability to do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, and add an entry to the Event Log
+
+ @param This Indicates the calling context
+ @param HashData The physical address of the start of the data buffer
+ to be hashed, extended, and logged.
+ @param HashDataLen The length, in bytes, of the buffer referenced by HashData
+ @param AlgorithmId Identification of the Algorithm to use for the hashing operation
+ @param TCGLogData The physical address of the start of the data
+ buffer containing the TCG_PCR_EVENT data structure.
+ @param EventNumber The event number of the event just logged.
+ @param EventLogLastEntry The physical address of the first byte of the entry
+ just placed in the Event Log. If the Event Log was
+ empty when this function was called then this physical
+ address will be the same as the physical address of
+ the start of the Event Log.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_UNSUPPORTED AlgorithmId != TPM_ALG_SHA.
+ @retval EFI_UNSUPPORTED Current TPL >= EFI_TPL_CALLBACK.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG_HASH_LOG_EXTEND_EVENT)(
+ IN EFI_TCG_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS HashData,
+ IN UINT64 HashDataLen,
+ IN TCG_ALGORITHM_ID AlgorithmId,
+ IN OUT TCG_PCR_EVENT *TCGLogData,
+ IN OUT UINT32 *EventNumber,
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
+ );
+
+///
+/// The EFI_TCG Protocol abstracts TCG activity.
+///
+struct _EFI_TCG_PROTOCOL {
+ EFI_TCG_STATUS_CHECK StatusCheck;
+ EFI_TCG_HASH_ALL HashAll;
+ EFI_TCG_LOG_EVENT LogEvent;
+ EFI_TCG_PASS_THROUGH_TO_TPM PassThroughToTpm;
+ EFI_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
+};
+
+extern EFI_GUID gEfiTcgProtocolGuid;
+
+#endif
diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h
index e04bca7e..b16b998a 100644
--- a/src/include/ipxe/efi/efi.h
+++ b/src/include/ipxe/efi/efi.h
@@ -160,14 +160,17 @@ extern EFI_GUID efi_component_name2_protocol_guid;
extern EFI_GUID efi_device_path_protocol_guid;
extern EFI_GUID efi_disk_io_protocol_guid;
extern EFI_GUID efi_driver_binding_protocol_guid;
+extern EFI_GUID efi_graphics_output_protocol_guid;
extern EFI_GUID efi_load_file_protocol_guid;
extern EFI_GUID efi_load_file2_protocol_guid;
extern EFI_GUID efi_loaded_image_protocol_guid;
extern EFI_GUID efi_loaded_image_device_path_protocol_guid;
extern EFI_GUID efi_pci_io_protocol_guid;
extern EFI_GUID efi_pci_root_bridge_io_protocol_guid;
+extern EFI_GUID efi_pxe_base_code_protocol_guid;
extern EFI_GUID efi_simple_file_system_protocol_guid;
extern EFI_GUID efi_simple_network_protocol_guid;
+extern EFI_GUID efi_tcg_protocol_guid;
extern EFI_HANDLE efi_image_handle;
extern EFI_LOADED_IMAGE_PROTOCOL *efi_loaded_image;
diff --git a/src/interface/efi/efi_debug.c b/src/interface/efi/efi_debug.c
index 4b8448cb..b6e33491 100644
--- a/src/interface/efi/efi_debug.c
+++ b/src/interface/efi/efi_debug.c
@@ -66,6 +66,8 @@ static struct efi_well_known_guid efi_well_known_guids[] = {
"DriverBinding" },
{ &efi_disk_io_protocol_guid,
"DiskIo" },
+ { &efi_graphics_output_protocol_guid,
+ "GraphicsOutput" },
{ &efi_load_file_protocol_guid,
"LoadFile" },
{ &efi_load_file2_protocol_guid,
@@ -78,10 +80,14 @@ static struct efi_well_known_guid efi_well_known_guids[] = {
"PciIo" },
{ &efi_pci_root_bridge_io_protocol_guid,
"PciRootBridgeIo" },
+ { &efi_pxe_base_code_protocol_guid,
+ "PxeBaseCode" },
{ &efi_simple_file_system_protocol_guid,
"SimpleFileSystem" },
{ &efi_simple_network_protocol_guid,
"SimpleNetwork" },
+ { &efi_tcg_protocol_guid,
+ "Tcg" },
};
/**
diff --git a/src/interface/efi/efi_guid.c b/src/interface/efi/efi_guid.c
index 57d8497d..cde28541 100644
--- a/src/interface/efi/efi_guid.c
+++ b/src/interface/efi/efi_guid.c
@@ -28,13 +28,16 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include
#include
#include
+#include
#include
#include
#include
#include
#include
+#include
#include
#include
+#include
/** @file
*
@@ -70,6 +73,10 @@ EFI_GUID efi_disk_io_protocol_guid
EFI_GUID efi_driver_binding_protocol_guid
= EFI_DRIVER_BINDING_PROTOCOL_GUID;
+/** Graphics output protocol GUID */
+EFI_GUID efi_graphics_output_protocol_guid
+ = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
+
/** Load file protocol GUID */
EFI_GUID efi_load_file_protocol_guid
= EFI_LOAD_FILE_PROTOCOL_GUID;
@@ -94,10 +101,18 @@ EFI_GUID efi_pci_io_protocol_guid
EFI_GUID efi_pci_root_bridge_io_protocol_guid
= EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_GUID;
+/** PXE base code protocol GUID */
+EFI_GUID efi_pxe_base_code_protocol_guid
+ = EFI_PXE_BASE_CODE_PROTOCOL_GUID;
+
/** Simple file system protocol GUID */
EFI_GUID efi_simple_file_system_protocol_guid
= EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID;
-/** Simple network protocol guid */
+/** Simple network protocol GUID */
EFI_GUID efi_simple_network_protocol_guid
= EFI_SIMPLE_NETWORK_PROTOCOL_GUID;
+
+/** TCG protocol GUID */
+EFI_GUID efi_tcg_protocol_guid
+ = EFI_TCG_PROTOCOL_GUID;