From: Jarkko Sakkinen <jarkko@kernel.org>
To: Ross Philipson <ross.philipson@gmail.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux.dev,
dpsmith@apertussolutions.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com,
peterhuewe@gmx.de, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, daniel.kiper@oracle.com,
andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v16 03/38] tpm: Move TPM2 specific definitions to the command header
Date: Sat, 16 May 2026 02:15:56 +0300 [thread overview]
Message-ID: <agepLKST0x6Pq_U7@kernel.org> (raw)
In-Reply-To: <20260515211410.31440-4-ross.philipson@gmail.com>
On Fri, May 15, 2026 at 02:13:35PM -0700, Ross Philipson wrote:
> Gather all the TPM2 definitions and structures in the internal header
> file drivers/char/tpm/tpm.h into the command header, including:
> - Command codes, return codes and definitions from the public and
> internal tpm.h files.
> - Structures defined in numerous TPM driver C modules.
>
> The definitions moved to these files correspond to the TCG specification
> for TPM 2 family:
>
> TPM 2.0 Library
> - https://trustedcomputinggroup.org/resource/tpm-library-specification/
>
> Co-developed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Co-developed-by: Alec Brown <alec.r.brown@oracle.com>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> Signed-off-by: Ross Philipson <ross.philipson@gmail.com>
> ---
> drivers/char/tpm/tpm.h | 77 ----------
> drivers/char/tpm/tpm2-cmd.c | 30 ----
> drivers/char/tpm/tpm2-space.c | 13 --
> include/linux/tpm.h | 145 ------------------
> include/linux/tpm_command.h | 271 ++++++++++++++++++++++++++++++++++
> 5 files changed, 271 insertions(+), 265 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 043d78a9617a..680f89d9c9f9 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -52,83 +52,6 @@ enum tpm_addr {
> TPM_ADDR = 0x4E,
> };
>
> -/* TPM2 specific constants. */
> -#define TPM2_SPACE_BUFFER_SIZE 16384 /* 16 kB */
> -
> -enum tpm2_pt_props {
> - TPM2_PT_NONE = 0x00000000,
> - TPM2_PT_GROUP = 0x00000100,
> - TPM2_PT_FIXED = TPM2_PT_GROUP * 1,
> - TPM2_PT_FAMILY_INDICATOR = TPM2_PT_FIXED + 0,
> - TPM2_PT_LEVEL = TPM2_PT_FIXED + 1,
> - TPM2_PT_REVISION = TPM2_PT_FIXED + 2,
> - TPM2_PT_DAY_OF_YEAR = TPM2_PT_FIXED + 3,
> - TPM2_PT_YEAR = TPM2_PT_FIXED + 4,
> - TPM2_PT_MANUFACTURER = TPM2_PT_FIXED + 5,
> - TPM2_PT_VENDOR_STRING_1 = TPM2_PT_FIXED + 6,
> - TPM2_PT_VENDOR_STRING_2 = TPM2_PT_FIXED + 7,
> - TPM2_PT_VENDOR_STRING_3 = TPM2_PT_FIXED + 8,
> - TPM2_PT_VENDOR_STRING_4 = TPM2_PT_FIXED + 9,
> - TPM2_PT_VENDOR_TPM_TYPE = TPM2_PT_FIXED + 10,
> - TPM2_PT_FIRMWARE_VERSION_1 = TPM2_PT_FIXED + 11,
> - TPM2_PT_FIRMWARE_VERSION_2 = TPM2_PT_FIXED + 12,
> - TPM2_PT_INPUT_BUFFER = TPM2_PT_FIXED + 13,
> - TPM2_PT_HR_TRANSIENT_MIN = TPM2_PT_FIXED + 14,
> - TPM2_PT_HR_PERSISTENT_MIN = TPM2_PT_FIXED + 15,
> - TPM2_PT_HR_LOADED_MIN = TPM2_PT_FIXED + 16,
> - TPM2_PT_ACTIVE_SESSIONS_MAX = TPM2_PT_FIXED + 17,
> - TPM2_PT_PCR_COUNT = TPM2_PT_FIXED + 18,
> - TPM2_PT_PCR_SELECT_MIN = TPM2_PT_FIXED + 19,
> - TPM2_PT_CONTEXT_GAP_MAX = TPM2_PT_FIXED + 20,
> - TPM2_PT_NV_COUNTERS_MAX = TPM2_PT_FIXED + 22,
> - TPM2_PT_NV_INDEX_MAX = TPM2_PT_FIXED + 23,
> - TPM2_PT_MEMORY = TPM2_PT_FIXED + 24,
> - TPM2_PT_CLOCK_UPDATE = TPM2_PT_FIXED + 25,
> - TPM2_PT_CONTEXT_HASH = TPM2_PT_FIXED + 26,
> - TPM2_PT_CONTEXT_SYM = TPM2_PT_FIXED + 27,
> - TPM2_PT_CONTEXT_SYM_SIZE = TPM2_PT_FIXED + 28,
> - TPM2_PT_ORDERLY_COUNT = TPM2_PT_FIXED + 29,
> - TPM2_PT_MAX_COMMAND_SIZE = TPM2_PT_FIXED + 30,
> - TPM2_PT_MAX_RESPONSE_SIZE = TPM2_PT_FIXED + 31,
> - TPM2_PT_MAX_DIGEST = TPM2_PT_FIXED + 32,
> - TPM2_PT_MAX_OBJECT_CONTEXT = TPM2_PT_FIXED + 33,
> - TPM2_PT_MAX_SESSION_CONTEXT = TPM2_PT_FIXED + 34,
> - TPM2_PT_PS_FAMILY_INDICATOR = TPM2_PT_FIXED + 35,
> - TPM2_PT_PS_LEVEL = TPM2_PT_FIXED + 36,
> - TPM2_PT_PS_REVISION = TPM2_PT_FIXED + 37,
> - TPM2_PT_PS_DAY_OF_YEAR = TPM2_PT_FIXED + 38,
> - TPM2_PT_PS_YEAR = TPM2_PT_FIXED + 39,
> - TPM2_PT_SPLIT_MAX = TPM2_PT_FIXED + 40,
> - TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41,
> - TPM2_PT_LIBRARY_COMMANDS = TPM2_PT_FIXED + 42,
> - TPM2_PT_VENDOR_COMMANDS = TPM2_PT_FIXED + 43,
> - TPM2_PT_NV_BUFFER_MAX = TPM2_PT_FIXED + 44,
> - TPM2_PT_MODES = TPM2_PT_FIXED + 45,
> - TPM2_PT_MAX_CAP_BUFFER = TPM2_PT_FIXED + 46,
> - TPM2_PT_VAR = TPM2_PT_GROUP * 2,
> - TPM2_PT_PERMANENT = TPM2_PT_VAR + 0,
> - TPM2_PT_STARTUP_CLEAR = TPM2_PT_VAR + 1,
> - TPM2_PT_HR_NV_INDEX = TPM2_PT_VAR + 2,
> - TPM2_PT_HR_LOADED = TPM2_PT_VAR + 3,
> - TPM2_PT_HR_LOADED_AVAIL = TPM2_PT_VAR + 4,
> - TPM2_PT_HR_ACTIVE = TPM2_PT_VAR + 5,
> - TPM2_PT_HR_ACTIVE_AVAIL = TPM2_PT_VAR + 6,
> - TPM2_PT_HR_TRANSIENT_AVAIL = TPM2_PT_VAR + 7,
> - TPM2_PT_HR_PERSISTENT = TPM2_PT_VAR + 8,
> - TPM2_PT_HR_PERSISTENT_AVAIL = TPM2_PT_VAR + 9,
> - TPM2_PT_NV_COUNTERS = TPM2_PT_VAR + 10,
> - TPM2_PT_NV_COUNTERS_AVAIL = TPM2_PT_VAR + 11,
> - TPM2_PT_ALGORITHM_SET = TPM2_PT_VAR + 12,
> - TPM2_PT_LOADED_CURVES = TPM2_PT_VAR + 13,
> - TPM2_PT_LOCKOUT_COUNTER = TPM2_PT_VAR + 14,
> - TPM2_PT_MAX_AUTH_FAIL = TPM2_PT_VAR + 15,
> - TPM2_PT_LOCKOUT_INTERVAL = TPM2_PT_VAR + 16,
> - TPM2_PT_LOCKOUT_RECOVERY = TPM2_PT_VAR + 17,
> - TPM2_PT_NV_WRITE_RECOVERY = TPM2_PT_VAR + 18,
> - TPM2_PT_AUDIT_COUNTER_0 = TPM2_PT_VAR + 19,
> - TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
> -};
> -
> extern const struct class tpm_class;
> extern const struct class tpmrm_class;
> extern dev_t tpm_devt;
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 3a77be7ebf4a..1fa3e8a43c79 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -94,17 +94,6 @@ unsigned long tpm2_calc_ordinal_duration(u32 ordinal)
> return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
> }
>
> -struct tpm2_pcr_read_out {
> - __be32 update_cnt;
> - __be32 pcr_selects_cnt;
> - __be16 hash_alg;
> - u8 pcr_select_size;
> - u8 pcr_select[TPM2_PCR_SELECT_MIN];
> - __be32 digests_cnt;
> - __be16 digest_size;
> - u8 digest[];
> -} __packed;
> -
> /**
> * tpm2_pcr_read() - read a PCR value
> * @chip: TPM chip to use.
> @@ -238,11 +227,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> return rc;
> }
>
> -struct tpm2_get_random_out {
> - __be16 size;
> - u8 buffer[TPM_MAX_RNG_DATA];
> -} __packed;
> -
> /**
> * tpm2_get_random() - get random bytes from the TPM RNG
> *
> @@ -366,14 +350,6 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
> }
> EXPORT_SYMBOL_GPL(tpm2_flush_context);
>
> -struct tpm2_get_cap_out {
> - u8 more_data;
> - __be32 subcap_id;
> - __be32 property_cnt;
> - __be32 property_id;
> - __be32 value;
> -} __packed;
> -
> /**
> * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
> * @chip: a &tpm_chip instance
> @@ -541,12 +517,6 @@ static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
> return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
> }
>
> -struct tpm2_pcr_selection {
> - __be16 hash_alg;
> - u8 size_of_select;
> - u8 pcr_select[3];
> -} __packed;
> -
> ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
> {
> struct tpm2_pcr_selection pcr_selection;
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 60354cd53b5c..7c1c0a174a2b 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -15,19 +15,6 @@
> #include <linux/unaligned.h>
> #include "tpm.h"
>
> -enum tpm2_handle_types {
> - TPM2_HT_HMAC_SESSION = 0x02000000,
> - TPM2_HT_POLICY_SESSION = 0x03000000,
> - TPM2_HT_TRANSIENT = 0x80000000,
> -};
> -
> -struct tpm2_context {
> - __be64 sequence;
> - __be32 saved_handle;
> - __be32 hierarchy;
> - __be16 blob_size;
> -} __packed;
> -
> static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space)
> {
> int i;
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 1846d5485a2c..8551b24c2bff 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -38,12 +38,6 @@ struct trusted_key_options;
> /* opaque structure, holds auth session parameters like the session key */
> struct tpm2_auth;
>
> -enum tpm2_session_types {
> - TPM2_SE_HMAC = 0x00,
> - TPM2_SE_POLICY = 0x01,
> - TPM2_SE_TRIAL = 0x02,
> -};
> -
> /* if you add a new hash to this, increment TPM_MAX_HASHES below */
> enum tpm_algorithms {
> TPM_ALG_ERROR = 0x0000,
> @@ -65,11 +59,6 @@ enum tpm_algorithms {
> */
> #define TPM_MAX_HASHES 5
>
> -enum tpm2_curves {
> - TPM2_ECC_NONE = 0x0000,
> - TPM2_ECC_NIST_P256 = 0x0003,
> -};
> -
> struct tpm_digest {
> u16 alg_id;
> u8 digest[TPM2_MAX_DIGEST_SIZE];
> @@ -222,122 +211,11 @@ struct tpm_chip {
>
> #define TPM_HEADER_SIZE 10
>
> -enum tpm2_const {
> - TPM2_PLATFORM_PCR = 24,
> - TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8),
> -};
> -
> -enum tpm2_timeouts {
> - TPM2_TIMEOUT_A = 750,
> - TPM2_TIMEOUT_B = 4000,
> - TPM2_TIMEOUT_C = 200,
> - TPM2_TIMEOUT_D = 30,
> -};
> -
> -enum tpm2_durations {
> - TPM2_DURATION_SHORT = 20,
> - TPM2_DURATION_LONG = 2000,
> - TPM2_DURATION_DEFAULT = 120000,
> -};
> -
> -enum tpm2_structures {
> - TPM2_ST_NO_SESSIONS = 0x8001,
> - TPM2_ST_SESSIONS = 0x8002,
> - TPM2_ST_CREATION = 0x8021,
> -};
> -
> -/* Indicates from what layer of the software stack the error comes from */
> -#define TSS2_RC_LAYER_SHIFT 16
> -#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
> -
> -enum tpm2_return_codes {
> - TPM2_RC_SUCCESS = 0x0000,
> - TPM2_RC_HASH = 0x0083, /* RC_FMT1 */
> - TPM2_RC_HANDLE = 0x008B,
> - TPM2_RC_INTEGRITY = 0x009F,
> - TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
> - TPM2_RC_FAILURE = 0x0101,
> - TPM2_RC_DISABLED = 0x0120,
> - TPM2_RC_UPGRADE = 0x012D,
> - TPM2_RC_COMMAND_CODE = 0x0143,
> - TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> - TPM2_RC_REFERENCE_H0 = 0x0910,
> - TPM2_RC_RETRY = 0x0922,
> - TPM2_RC_SESSION_MEMORY = 0x0903,
> -};
> -
> -enum tpm2_command_codes {
> - TPM2_CC_FIRST = 0x011F,
> - TPM2_CC_HIERARCHY_CONTROL = 0x0121,
> - TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129,
> - TPM2_CC_CREATE_PRIMARY = 0x0131,
> - TPM2_CC_SEQUENCE_COMPLETE = 0x013E,
> - TPM2_CC_SELF_TEST = 0x0143,
> - TPM2_CC_STARTUP = 0x0144,
> - TPM2_CC_SHUTDOWN = 0x0145,
> - TPM2_CC_NV_READ = 0x014E,
> - TPM2_CC_CREATE = 0x0153,
> - TPM2_CC_LOAD = 0x0157,
> - TPM2_CC_SEQUENCE_UPDATE = 0x015C,
> - TPM2_CC_UNSEAL = 0x015E,
> - TPM2_CC_CONTEXT_LOAD = 0x0161,
> - TPM2_CC_CONTEXT_SAVE = 0x0162,
> - TPM2_CC_FLUSH_CONTEXT = 0x0165,
> - TPM2_CC_READ_PUBLIC = 0x0173,
> - TPM2_CC_START_AUTH_SESS = 0x0176,
> - TPM2_CC_VERIFY_SIGNATURE = 0x0177,
> - TPM2_CC_GET_CAPABILITY = 0x017A,
> - TPM2_CC_GET_RANDOM = 0x017B,
> - TPM2_CC_PCR_READ = 0x017E,
> - TPM2_CC_PCR_EXTEND = 0x0182,
> - TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
> - TPM2_CC_HASH_SEQUENCE_START = 0x0186,
> - TPM2_CC_CREATE_LOADED = 0x0191,
> - TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
> -};
> -
> -enum tpm2_permanent_handles {
> - TPM2_RH_NULL = 0x40000007,
> - TPM2_RS_PW = 0x40000009,
> -};
> -
> -/* Most Significant Octet for key types */
> -enum tpm2_mso_type {
> - TPM2_MSO_NVRAM = 0x01,
> - TPM2_MSO_SESSION = 0x02,
> - TPM2_MSO_POLICY = 0x03,
> - TPM2_MSO_PERMANENT = 0x40,
> - TPM2_MSO_VOLATILE = 0x80,
> - TPM2_MSO_PERSISTENT = 0x81,
> -};
> -
> static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
> {
> return handle >> 24;
> }
>
> -enum tpm2_capabilities {
> - TPM2_CAP_HANDLES = 1,
> - TPM2_CAP_COMMANDS = 2,
> - TPM2_CAP_PCRS = 5,
> - TPM2_CAP_TPM_PROPERTIES = 6,
> -};
> -
> -enum tpm2_properties {
> - TPM_PT_TOTAL_COMMANDS = 0x0129,
> -};
> -
> -enum tpm2_startup_types {
> - TPM2_SU_CLEAR = 0x0000,
> - TPM2_SU_STATE = 0x0001,
> -};
> -
> -enum tpm2_cc_attrs {
> - TPM2_CC_ATTR_CHANDLES = 25,
> - TPM2_CC_ATTR_RHANDLE = 28,
> - TPM2_CC_ATTR_VENDOR = 29,
> -};
> -
> #define TPM_VID_INTEL 0x8086
> #define TPM_VID_WINBOND 0x1050
> #define TPM_VID_STM 0x104A
> @@ -389,29 +267,6 @@ struct tpm_buf {
> u8 handles;
> };
>
> -enum tpm2_object_attributes {
> - TPM2_OA_FIXED_TPM = BIT(1),
> - TPM2_OA_ST_CLEAR = BIT(2),
> - TPM2_OA_FIXED_PARENT = BIT(4),
> - TPM2_OA_SENSITIVE_DATA_ORIGIN = BIT(5),
> - TPM2_OA_USER_WITH_AUTH = BIT(6),
> - TPM2_OA_ADMIN_WITH_POLICY = BIT(7),
> - TPM2_OA_NO_DA = BIT(10),
> - TPM2_OA_ENCRYPTED_DUPLICATION = BIT(11),
> - TPM2_OA_RESTRICTED = BIT(16),
> - TPM2_OA_DECRYPT = BIT(17),
> - TPM2_OA_SIGN = BIT(18),
> -};
> -
> -enum tpm2_session_attributes {
> - TPM2_SA_CONTINUE_SESSION = BIT(0),
> - TPM2_SA_AUDIT_EXCLUSIVE = BIT(1),
> - TPM2_SA_AUDIT_RESET = BIT(3),
> - TPM2_SA_DECRYPT = BIT(5),
> - TPM2_SA_ENCRYPT = BIT(6),
> - TPM2_SA_AUDIT = BIT(7),
> -};
> -
> struct tpm2_hash {
> unsigned int crypto_id;
> unsigned int tpm_id;
> diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
> index 30d01953a6f8..9dd903dd6b5c 100644
> --- a/include/linux/tpm_command.h
> +++ b/include/linux/tpm_command.h
> @@ -156,4 +156,275 @@ struct tpm1_get_random_out {
> #define TPM_NONCE_SIZE 20
> #define TPM_ST_CLEAR 1
>
> +/*
> + * == TPM 2 Family Chips ==
> + *
> + * TPM 2.0 Library
> + * https://trustedcomputinggroup.org/resource/tpm-library-specification/
> + */
> +
> +/* TPM2 specific constants. */
> +#define TPM2_SPACE_BUFFER_SIZE 16384 /* 16 kB */
> +
> +enum tpm2_session_types {
> + TPM2_SE_HMAC = 0x00,
> + TPM2_SE_POLICY = 0x01,
> + TPM2_SE_TRIAL = 0x02,
> +};
> +
> +enum tpm2_timeouts {
> + TPM2_TIMEOUT_A = 750,
> + TPM2_TIMEOUT_B = 4000,
> + TPM2_TIMEOUT_C = 200,
> + TPM2_TIMEOUT_D = 30,
> + TPM2_DURATION_SHORT = 20,
> + TPM2_DURATION_MEDIUM = 750,
> + TPM2_DURATION_LONG = 2000,
> + TPM2_DURATION_LONG_LONG = 300000,
> + TPM2_DURATION_DEFAULT = 120000,
> +};
> +
> +enum tpm2_structures {
> + TPM2_ST_NO_SESSIONS = 0x8001,
> + TPM2_ST_SESSIONS = 0x8002,
> + TPM2_ST_CREATION = 0x8021,
> +};
> +
> +/* Indicates from what layer of the software stack the error comes from */
> +#define TSS2_RC_LAYER_SHIFT 16
> +#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
> +
> +enum tpm2_return_codes {
> + TPM2_RC_SUCCESS = 0x0000,
> + TPM2_RC_HASH = 0x0083, /* RC_FMT1 */
> + TPM2_RC_HANDLE = 0x008B,
> + TPM2_RC_INTEGRITY = 0x009F,
> + TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
> + TPM2_RC_FAILURE = 0x0101,
> + TPM2_RC_DISABLED = 0x0120,
> + TPM2_RC_UPGRADE = 0x012D,
> + TPM2_RC_COMMAND_CODE = 0x0143,
> + TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> + TPM2_RC_REFERENCE_H0 = 0x0910,
> + TPM2_RC_RETRY = 0x0922,
> + TPM2_RC_SESSION_MEMORY = 0x0903,
> +};
> +
> +enum tpm2_command_codes {
> + TPM2_CC_FIRST = 0x011F,
> + TPM2_CC_HIERARCHY_CONTROL = 0x0121,
> + TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129,
> + TPM2_CC_CREATE_PRIMARY = 0x0131,
> + TPM2_CC_SEQUENCE_COMPLETE = 0x013E,
> + TPM2_CC_SELF_TEST = 0x0143,
> + TPM2_CC_STARTUP = 0x0144,
> + TPM2_CC_SHUTDOWN = 0x0145,
> + TPM2_CC_NV_READ = 0x014E,
> + TPM2_CC_CREATE = 0x0153,
> + TPM2_CC_LOAD = 0x0157,
> + TPM2_CC_SEQUENCE_UPDATE = 0x015C,
> + TPM2_CC_UNSEAL = 0x015E,
> + TPM2_CC_CONTEXT_LOAD = 0x0161,
> + TPM2_CC_CONTEXT_SAVE = 0x0162,
> + TPM2_CC_FLUSH_CONTEXT = 0x0165,
> + TPM2_CC_READ_PUBLIC = 0x0173,
> + TPM2_CC_START_AUTH_SESS = 0x0176,
> + TPM2_CC_VERIFY_SIGNATURE = 0x0177,
> + TPM2_CC_GET_CAPABILITY = 0x017A,
> + TPM2_CC_GET_RANDOM = 0x017B,
> + TPM2_CC_PCR_READ = 0x017E,
> + TPM2_CC_PCR_EXTEND = 0x0182,
> + TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
> + TPM2_CC_HASH_SEQUENCE_START = 0x0186,
> + TPM2_CC_CREATE_LOADED = 0x0191,
> + TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
> +};
> +
> +enum tpm2_capabilities {
> + TPM2_CAP_HANDLES = 1,
> + TPM2_CAP_COMMANDS = 2,
> + TPM2_CAP_PCRS = 5,
> + TPM2_CAP_TPM_PROPERTIES = 6,
> +};
> +
> +enum tpm2_properties {
> + TPM_PT_TOTAL_COMMANDS = 0x0129,
> +};
> +
> +enum tpm2_startup_types {
> + TPM2_SU_CLEAR = 0x0000,
> + TPM2_SU_STATE = 0x0001,
> +};
> +
> +enum tpm2_cc_attrs {
> + TPM2_CC_ATTR_CHANDLES = 25,
> + TPM2_CC_ATTR_RHANDLE = 28,
> + TPM2_CC_ATTR_VENDOR = 29,
> +};
> +
> +enum tpm2_permanent_handles {
> + TPM2_RH_NULL = 0x40000007,
> + TPM2_RS_PW = 0x40000009,
> +};
> +
> +/* Most Significant Octet for key types */
> +enum tpm2_mso_type {
> + TPM2_MSO_NVRAM = 0x01,
> + TPM2_MSO_SESSION = 0x02,
> + TPM2_MSO_POLICY = 0x03,
> + TPM2_MSO_PERMANENT = 0x40,
> + TPM2_MSO_VOLATILE = 0x80,
> + TPM2_MSO_PERSISTENT = 0x81,
> +};
> +
> +enum tpm2_curves {
> + TPM2_ECC_NONE = 0x0000,
> + TPM2_ECC_NIST_P256 = 0x0003,
> +};
> +
> +enum tpm2_object_attributes {
> + TPM2_OA_FIXED_TPM = BIT(1),
> + TPM2_OA_ST_CLEAR = BIT(2),
> + TPM2_OA_FIXED_PARENT = BIT(4),
> + TPM2_OA_SENSITIVE_DATA_ORIGIN = BIT(5),
> + TPM2_OA_USER_WITH_AUTH = BIT(6),
> + TPM2_OA_ADMIN_WITH_POLICY = BIT(7),
> + TPM2_OA_NO_DA = BIT(10),
> + TPM2_OA_ENCRYPTED_DUPLICATION = BIT(11),
> + TPM2_OA_RESTRICTED = BIT(16),
> + TPM2_OA_DECRYPT = BIT(17),
> + TPM2_OA_SIGN = BIT(18),
> +};
> +
> +enum tpm2_session_attributes {
> + TPM2_SA_CONTINUE_SESSION = BIT(0),
> + TPM2_SA_AUDIT_EXCLUSIVE = BIT(1),
> + TPM2_SA_AUDIT_RESET = BIT(3),
> + TPM2_SA_DECRYPT = BIT(5),
> + TPM2_SA_ENCRYPT = BIT(6),
> + TPM2_SA_AUDIT = BIT(7),
> +};
> +
> +enum tpm2_pcr_select {
> + TPM2_PLATFORM_PCR = 24,
> + TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8),
> +};
> +
> +enum tpm2_handle_types {
> + TPM2_HT_HMAC_SESSION = 0x02000000,
> + TPM2_HT_POLICY_SESSION = 0x03000000,
> + TPM2_HT_TRANSIENT = 0x80000000,
> +};
> +
> +enum tpm2_pt_props {
> + TPM2_PT_NONE = 0x00000000,
> + TPM2_PT_GROUP = 0x00000100,
> + TPM2_PT_FIXED = TPM2_PT_GROUP * 1,
> + TPM2_PT_FAMILY_INDICATOR = TPM2_PT_FIXED + 0,
> + TPM2_PT_LEVEL = TPM2_PT_FIXED + 1,
> + TPM2_PT_REVISION = TPM2_PT_FIXED + 2,
> + TPM2_PT_DAY_OF_YEAR = TPM2_PT_FIXED + 3,
> + TPM2_PT_YEAR = TPM2_PT_FIXED + 4,
> + TPM2_PT_MANUFACTURER = TPM2_PT_FIXED + 5,
> + TPM2_PT_VENDOR_STRING_1 = TPM2_PT_FIXED + 6,
> + TPM2_PT_VENDOR_STRING_2 = TPM2_PT_FIXED + 7,
> + TPM2_PT_VENDOR_STRING_3 = TPM2_PT_FIXED + 8,
> + TPM2_PT_VENDOR_STRING_4 = TPM2_PT_FIXED + 9,
> + TPM2_PT_VENDOR_TPM_TYPE = TPM2_PT_FIXED + 10,
> + TPM2_PT_FIRMWARE_VERSION_1 = TPM2_PT_FIXED + 11,
> + TPM2_PT_FIRMWARE_VERSION_2 = TPM2_PT_FIXED + 12,
> + TPM2_PT_INPUT_BUFFER = TPM2_PT_FIXED + 13,
> + TPM2_PT_HR_TRANSIENT_MIN = TPM2_PT_FIXED + 14,
> + TPM2_PT_HR_PERSISTENT_MIN = TPM2_PT_FIXED + 15,
> + TPM2_PT_HR_LOADED_MIN = TPM2_PT_FIXED + 16,
> + TPM2_PT_ACTIVE_SESSIONS_MAX = TPM2_PT_FIXED + 17,
> + TPM2_PT_PCR_COUNT = TPM2_PT_FIXED + 18,
> + TPM2_PT_PCR_SELECT_MIN = TPM2_PT_FIXED + 19,
> + TPM2_PT_CONTEXT_GAP_MAX = TPM2_PT_FIXED + 20,
> + TPM2_PT_NV_COUNTERS_MAX = TPM2_PT_FIXED + 22,
> + TPM2_PT_NV_INDEX_MAX = TPM2_PT_FIXED + 23,
> + TPM2_PT_MEMORY = TPM2_PT_FIXED + 24,
> + TPM2_PT_CLOCK_UPDATE = TPM2_PT_FIXED + 25,
> + TPM2_PT_CONTEXT_HASH = TPM2_PT_FIXED + 26,
> + TPM2_PT_CONTEXT_SYM = TPM2_PT_FIXED + 27,
> + TPM2_PT_CONTEXT_SYM_SIZE = TPM2_PT_FIXED + 28,
> + TPM2_PT_ORDERLY_COUNT = TPM2_PT_FIXED + 29,
> + TPM2_PT_MAX_COMMAND_SIZE = TPM2_PT_FIXED + 30,
> + TPM2_PT_MAX_RESPONSE_SIZE = TPM2_PT_FIXED + 31,
> + TPM2_PT_MAX_DIGEST = TPM2_PT_FIXED + 32,
> + TPM2_PT_MAX_OBJECT_CONTEXT = TPM2_PT_FIXED + 33,
> + TPM2_PT_MAX_SESSION_CONTEXT = TPM2_PT_FIXED + 34,
> + TPM2_PT_PS_FAMILY_INDICATOR = TPM2_PT_FIXED + 35,
> + TPM2_PT_PS_LEVEL = TPM2_PT_FIXED + 36,
> + TPM2_PT_PS_REVISION = TPM2_PT_FIXED + 37,
> + TPM2_PT_PS_DAY_OF_YEAR = TPM2_PT_FIXED + 38,
> + TPM2_PT_PS_YEAR = TPM2_PT_FIXED + 39,
> + TPM2_PT_SPLIT_MAX = TPM2_PT_FIXED + 40,
> + TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41,
> + TPM2_PT_LIBRARY_COMMANDS = TPM2_PT_FIXED + 42,
> + TPM2_PT_VENDOR_COMMANDS = TPM2_PT_FIXED + 43,
> + TPM2_PT_NV_BUFFER_MAX = TPM2_PT_FIXED + 44,
> + TPM2_PT_MODES = TPM2_PT_FIXED + 45,
> + TPM2_PT_MAX_CAP_BUFFER = TPM2_PT_FIXED + 46,
> + TPM2_PT_VAR = TPM2_PT_GROUP * 2,
> + TPM2_PT_PERMANENT = TPM2_PT_VAR + 0,
> + TPM2_PT_STARTUP_CLEAR = TPM2_PT_VAR + 1,
> + TPM2_PT_HR_NV_INDEX = TPM2_PT_VAR + 2,
> + TPM2_PT_HR_LOADED = TPM2_PT_VAR + 3,
> + TPM2_PT_HR_LOADED_AVAIL = TPM2_PT_VAR + 4,
> + TPM2_PT_HR_ACTIVE = TPM2_PT_VAR + 5,
> + TPM2_PT_HR_ACTIVE_AVAIL = TPM2_PT_VAR + 6,
> + TPM2_PT_HR_TRANSIENT_AVAIL = TPM2_PT_VAR + 7,
> + TPM2_PT_HR_PERSISTENT = TPM2_PT_VAR + 8,
> + TPM2_PT_HR_PERSISTENT_AVAIL = TPM2_PT_VAR + 9,
> + TPM2_PT_NV_COUNTERS = TPM2_PT_VAR + 10,
> + TPM2_PT_NV_COUNTERS_AVAIL = TPM2_PT_VAR + 11,
> + TPM2_PT_ALGORITHM_SET = TPM2_PT_VAR + 12,
> + TPM2_PT_LOADED_CURVES = TPM2_PT_VAR + 13,
> + TPM2_PT_LOCKOUT_COUNTER = TPM2_PT_VAR + 14,
> + TPM2_PT_MAX_AUTH_FAIL = TPM2_PT_VAR + 15,
> + TPM2_PT_LOCKOUT_INTERVAL = TPM2_PT_VAR + 16,
> + TPM2_PT_LOCKOUT_RECOVERY = TPM2_PT_VAR + 17,
> + TPM2_PT_NV_WRITE_RECOVERY = TPM2_PT_VAR + 18,
> + TPM2_PT_AUDIT_COUNTER_0 = TPM2_PT_VAR + 19,
> + TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
> +};
> +
> +struct tpm2_pcr_read_out {
> + __be32 update_cnt;
> + __be32 pcr_selects_cnt;
> + __be16 hash_alg;
> + u8 pcr_select_size;
> + u8 pcr_select[TPM2_PCR_SELECT_MIN];
> + __be32 digests_cnt;
> + __be16 digest_size;
> + u8 digest[];
> +} __packed;
> +
> +struct tpm2_get_random_out {
> + __be16 size;
> + u8 buffer[TPM_MAX_RNG_DATA];
> +} __packed;
> +
> +struct tpm2_get_cap_out {
> + u8 more_data;
> + __be32 subcap_id;
> + __be32 property_cnt;
> + __be32 property_id;
> + __be32 value;
> +} __packed;
> +
> +struct tpm2_pcr_selection {
> + __be16 hash_alg;
> + u8 size_of_select;
> + u8 pcr_select[3];
> +} __packed;
> +
> +struct tpm2_context {
> + __be64 sequence;
> + __be32 saved_handle;
> + __be32 hierarchy;
> + __be16 blob_size;
> +} __packed;
> +
> #endif
> --
> 2.47.3
>
LGTM
BR, Jarkko
next prev parent reply other threads:[~2026-05-15 23:16 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 21:13 [PATCH v16 00/38] x86: Secure Launch support for Intel TXT Ross Philipson
2026-05-15 21:13 ` [PATCH v16 01/38] tpm: Initial step to reorganize TPM public headers Ross Philipson
2026-05-15 23:03 ` Jarkko Sakkinen
2026-05-15 23:05 ` Jason Gunthorpe
2026-05-15 23:10 ` Dave Hansen
2026-05-15 23:51 ` Jarkko Sakkinen
2026-05-15 21:13 ` [PATCH v16 02/38] tpm: Move TPM1 specific definitions to the command header Ross Philipson
2026-05-15 23:14 ` Jarkko Sakkinen
2026-05-15 21:13 ` [PATCH v16 03/38] tpm: Move TPM2 " Ross Philipson
2026-05-15 23:15 ` Jarkko Sakkinen [this message]
2026-05-15 21:13 ` [PATCH v16 04/38] tpm: Move TPM common base " Ross Philipson
2026-05-15 23:22 ` Jarkko Sakkinen
2026-05-15 21:13 ` [PATCH v16 05/38] tpm: Move platform specific definitions to the new PTP header Ross Philipson
2026-05-15 21:13 ` [PATCH v16 06/38] tpm: Remove main TPM header from TPM event log header Ross Philipson
2026-05-15 21:13 ` [PATCH v16 07/38] tpm-buf: Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW Ross Philipson
2026-05-15 21:13 ` [PATCH v16 08/38] tpm-buf: Remove chip parameter from tpm_buf_append_handle() Ross Philipson
2026-05-15 21:13 ` [PATCH v16 09/38] tpm-buf: Implement managed allocations Ross Philipson
2026-05-15 21:13 ` [PATCH v16 10/38] tpm-buf: Add TPM buffer support header for standalone reuse Ross Philipson
2026-05-15 21:13 ` [PATCH v16 11/38] tpm/tpm_tis: Close all localities Ross Philipson
2026-05-15 21:13 ` [PATCH v16 12/38] tpm/tpm_tis: Address positive localities in tpm_tis_request_locality() Ross Philipson
2026-05-15 21:13 ` [PATCH v16 13/38] tpm/tpm_tis: Allow locality to be set to a different value Ross Philipson
2026-05-15 21:13 ` [PATCH v16 14/38] tpm/sysfs: Show locality used by kernel Ross Philipson
2026-05-15 21:13 ` [PATCH v16 15/38] Documentation/security: Secure Launch kernel documentation Ross Philipson
2026-05-15 22:02 ` Randy Dunlap
2026-05-15 21:13 ` [PATCH v16 16/38] x86: Secure Launch Kconfig Ross Philipson
2026-05-15 21:13 ` [PATCH v16 17/38] x86: Secure Launch Resource Table header file Ross Philipson
2026-05-15 21:13 ` [PATCH v16 18/38] x86/efi: Secure Launch Resource Table EFI definitions " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 19/38] x86: Secure Launch main " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 20/38] x86/txt: Intel Trusted eXecution Technology (TXT) definitions Ross Philipson
2026-05-15 21:13 ` [PATCH v16 21/38] lib/crypto: Add SHA1 support for pre-boot environments Ross Philipson
2026-05-15 21:13 ` [PATCH v16 22/38] lib/crypto: Add SHA512 " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 23/38] x86: Allow WARN_trap() macro to be included in " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 24/38] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2026-05-15 21:13 ` [PATCH v16 25/38] x86/boot: Slight refactor of the 5 level paging logic Ross Philipson
2026-05-15 21:13 ` [PATCH v16 26/38] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2026-05-15 21:13 ` [PATCH v16 27/38] x86: Add early SHA-256 " Ross Philipson
2026-05-15 21:14 ` [PATCH v16 28/38] x86: Add early SHA-384/512 " Ross Philipson
2026-05-15 21:14 ` [PATCH v16 29/38] x86/tpm: Early startup TPM PCR extending driver Ross Philipson
2026-05-15 22:32 ` Dave Hansen
2026-05-15 21:14 ` [PATCH v16 30/38] x86/slaunch: Add MLE header and Secure Launch entrypoint to the core kernel Ross Philipson
2026-05-15 21:14 ` [PATCH v16 31/38] x86/slaunch: Secure Launch kernel early boot initialization Ross Philipson
2026-05-15 21:14 ` [PATCH v16 32/38] x86/slaunch: Secure Launch kernel late " Ross Philipson
2026-05-15 21:14 ` [PATCH v16 33/38] x86/slaunch: Secure Launch SMP bringup support Ross Philipson
2026-05-15 21:14 ` [PATCH v16 34/38] kexec/slaunch: Secure Launch kexec SEXIT support Ross Philipson
2026-05-15 21:14 ` [PATCH v16 35/38] reboot/slaunch: Secure Launch SEXIT support on reboot paths Ross Philipson
2026-05-15 21:14 ` [PATCH v16 36/38] x86/slaunch: Secure Launch late initcall platform module Ross Philipson
2026-05-15 21:14 ` [PATCH v16 37/38] x86/efistub: EFI stub DRTM support for Secure Launch Ross Philipson
2026-05-15 21:14 ` [PATCH v16 38/38] x86/boot: Legacy boot " Ross Philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agepLKST0x6Pq_U7@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=daniel.kiper@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@gmail.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.