From: Jarkko Sakkinen <jarkko@kernel.org>
To: Ross Philipson <ross.philipson@gmail.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux.dev,
dpsmith@apertussolutions.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com,
peterhuewe@gmx.de, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, daniel.kiper@oracle.com,
andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v16 03/38] tpm: Move TPM2 specific definitions to the command header
Date: Sat, 16 May 2026 02:15:56 +0300 [thread overview]
Message-ID: <agepLKST0x6Pq_U7@kernel.org> (raw)
In-Reply-To: <20260515211410.31440-4-ross.philipson@gmail.com>
On Fri, May 15, 2026 at 02:13:35PM -0700, Ross Philipson wrote:
> Gather all the TPM2 definitions and structures in the internal header
> file drivers/char/tpm/tpm.h into the command header, including:
> - Command codes, return codes and definitions from the public and
> internal tpm.h files.
> - Structures defined in numerous TPM driver C modules.
>
> The definitions moved to these files correspond to the TCG specification
> for TPM 2 family:
>
> TPM 2.0 Library
> - https://trustedcomputinggroup.org/resource/tpm-library-specification/
>
> Co-developed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Co-developed-by: Alec Brown <alec.r.brown@oracle.com>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> Signed-off-by: Ross Philipson <ross.philipson@gmail.com>
> ---
> drivers/char/tpm/tpm.h | 77 ----------
> drivers/char/tpm/tpm2-cmd.c | 30 ----
> drivers/char/tpm/tpm2-space.c | 13 --
> include/linux/tpm.h | 145 ------------------
> include/linux/tpm_command.h | 271 ++++++++++++++++++++++++++++++++++
> 5 files changed, 271 insertions(+), 265 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 043d78a9617a..680f89d9c9f9 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -52,83 +52,6 @@ enum tpm_addr {
> TPM_ADDR = 0x4E,
> };
>
> -/* TPM2 specific constants. */
> -#define TPM2_SPACE_BUFFER_SIZE 16384 /* 16 kB */
> -
> -enum tpm2_pt_props {
> - TPM2_PT_NONE = 0x00000000,
> - TPM2_PT_GROUP = 0x00000100,
> - TPM2_PT_FIXED = TPM2_PT_GROUP * 1,
> - TPM2_PT_FAMILY_INDICATOR = TPM2_PT_FIXED + 0,
> - TPM2_PT_LEVEL = TPM2_PT_FIXED + 1,
> - TPM2_PT_REVISION = TPM2_PT_FIXED + 2,
> - TPM2_PT_DAY_OF_YEAR = TPM2_PT_FIXED + 3,
> - TPM2_PT_YEAR = TPM2_PT_FIXED + 4,
> - TPM2_PT_MANUFACTURER = TPM2_PT_FIXED + 5,
> - TPM2_PT_VENDOR_STRING_1 = TPM2_PT_FIXED + 6,
> - TPM2_PT_VENDOR_STRING_2 = TPM2_PT_FIXED + 7,
> - TPM2_PT_VENDOR_STRING_3 = TPM2_PT_FIXED + 8,
> - TPM2_PT_VENDOR_STRING_4 = TPM2_PT_FIXED + 9,
> - TPM2_PT_VENDOR_TPM_TYPE = TPM2_PT_FIXED + 10,
> - TPM2_PT_FIRMWARE_VERSION_1 = TPM2_PT_FIXED + 11,
> - TPM2_PT_FIRMWARE_VERSION_2 = TPM2_PT_FIXED + 12,
> - TPM2_PT_INPUT_BUFFER = TPM2_PT_FIXED + 13,
> - TPM2_PT_HR_TRANSIENT_MIN = TPM2_PT_FIXED + 14,
> - TPM2_PT_HR_PERSISTENT_MIN = TPM2_PT_FIXED + 15,
> - TPM2_PT_HR_LOADED_MIN = TPM2_PT_FIXED + 16,
> - TPM2_PT_ACTIVE_SESSIONS_MAX = TPM2_PT_FIXED + 17,
> - TPM2_PT_PCR_COUNT = TPM2_PT_FIXED + 18,
> - TPM2_PT_PCR_SELECT_MIN = TPM2_PT_FIXED + 19,
> - TPM2_PT_CONTEXT_GAP_MAX = TPM2_PT_FIXED + 20,
> - TPM2_PT_NV_COUNTERS_MAX = TPM2_PT_FIXED + 22,
> - TPM2_PT_NV_INDEX_MAX = TPM2_PT_FIXED + 23,
> - TPM2_PT_MEMORY = TPM2_PT_FIXED + 24,
> - TPM2_PT_CLOCK_UPDATE = TPM2_PT_FIXED + 25,
> - TPM2_PT_CONTEXT_HASH = TPM2_PT_FIXED + 26,
> - TPM2_PT_CONTEXT_SYM = TPM2_PT_FIXED + 27,
> - TPM2_PT_CONTEXT_SYM_SIZE = TPM2_PT_FIXED + 28,
> - TPM2_PT_ORDERLY_COUNT = TPM2_PT_FIXED + 29,
> - TPM2_PT_MAX_COMMAND_SIZE = TPM2_PT_FIXED + 30,
> - TPM2_PT_MAX_RESPONSE_SIZE = TPM2_PT_FIXED + 31,
> - TPM2_PT_MAX_DIGEST = TPM2_PT_FIXED + 32,
> - TPM2_PT_MAX_OBJECT_CONTEXT = TPM2_PT_FIXED + 33,
> - TPM2_PT_MAX_SESSION_CONTEXT = TPM2_PT_FIXED + 34,
> - TPM2_PT_PS_FAMILY_INDICATOR = TPM2_PT_FIXED + 35,
> - TPM2_PT_PS_LEVEL = TPM2_PT_FIXED + 36,
> - TPM2_PT_PS_REVISION = TPM2_PT_FIXED + 37,
> - TPM2_PT_PS_DAY_OF_YEAR = TPM2_PT_FIXED + 38,
> - TPM2_PT_PS_YEAR = TPM2_PT_FIXED + 39,
> - TPM2_PT_SPLIT_MAX = TPM2_PT_FIXED + 40,
> - TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41,
> - TPM2_PT_LIBRARY_COMMANDS = TPM2_PT_FIXED + 42,
> - TPM2_PT_VENDOR_COMMANDS = TPM2_PT_FIXED + 43,
> - TPM2_PT_NV_BUFFER_MAX = TPM2_PT_FIXED + 44,
> - TPM2_PT_MODES = TPM2_PT_FIXED + 45,
> - TPM2_PT_MAX_CAP_BUFFER = TPM2_PT_FIXED + 46,
> - TPM2_PT_VAR = TPM2_PT_GROUP * 2,
> - TPM2_PT_PERMANENT = TPM2_PT_VAR + 0,
> - TPM2_PT_STARTUP_CLEAR = TPM2_PT_VAR + 1,
> - TPM2_PT_HR_NV_INDEX = TPM2_PT_VAR + 2,
> - TPM2_PT_HR_LOADED = TPM2_PT_VAR + 3,
> - TPM2_PT_HR_LOADED_AVAIL = TPM2_PT_VAR + 4,
> - TPM2_PT_HR_ACTIVE = TPM2_PT_VAR + 5,
> - TPM2_PT_HR_ACTIVE_AVAIL = TPM2_PT_VAR + 6,
> - TPM2_PT_HR_TRANSIENT_AVAIL = TPM2_PT_VAR + 7,
> - TPM2_PT_HR_PERSISTENT = TPM2_PT_VAR + 8,
> - TPM2_PT_HR_PERSISTENT_AVAIL = TPM2_PT_VAR + 9,
> - TPM2_PT_NV_COUNTERS = TPM2_PT_VAR + 10,
> - TPM2_PT_NV_COUNTERS_AVAIL = TPM2_PT_VAR + 11,
> - TPM2_PT_ALGORITHM_SET = TPM2_PT_VAR + 12,
> - TPM2_PT_LOADED_CURVES = TPM2_PT_VAR + 13,
> - TPM2_PT_LOCKOUT_COUNTER = TPM2_PT_VAR + 14,
> - TPM2_PT_MAX_AUTH_FAIL = TPM2_PT_VAR + 15,
> - TPM2_PT_LOCKOUT_INTERVAL = TPM2_PT_VAR + 16,
> - TPM2_PT_LOCKOUT_RECOVERY = TPM2_PT_VAR + 17,
> - TPM2_PT_NV_WRITE_RECOVERY = TPM2_PT_VAR + 18,
> - TPM2_PT_AUDIT_COUNTER_0 = TPM2_PT_VAR + 19,
> - TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
> -};
> -
> extern const struct class tpm_class;
> extern const struct class tpmrm_class;
> extern dev_t tpm_devt;
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 3a77be7ebf4a..1fa3e8a43c79 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -94,17 +94,6 @@ unsigned long tpm2_calc_ordinal_duration(u32 ordinal)
> return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
> }
>
> -struct tpm2_pcr_read_out {
> - __be32 update_cnt;
> - __be32 pcr_selects_cnt;
> - __be16 hash_alg;
> - u8 pcr_select_size;
> - u8 pcr_select[TPM2_PCR_SELECT_MIN];
> - __be32 digests_cnt;
> - __be16 digest_size;
> - u8 digest[];
> -} __packed;
> -
> /**
> * tpm2_pcr_read() - read a PCR value
> * @chip: TPM chip to use.
> @@ -238,11 +227,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> return rc;
> }
>
> -struct tpm2_get_random_out {
> - __be16 size;
> - u8 buffer[TPM_MAX_RNG_DATA];
> -} __packed;
> -
> /**
> * tpm2_get_random() - get random bytes from the TPM RNG
> *
> @@ -366,14 +350,6 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
> }
> EXPORT_SYMBOL_GPL(tpm2_flush_context);
>
> -struct tpm2_get_cap_out {
> - u8 more_data;
> - __be32 subcap_id;
> - __be32 property_cnt;
> - __be32 property_id;
> - __be32 value;
> -} __packed;
> -
> /**
> * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
> * @chip: a &tpm_chip instance
> @@ -541,12 +517,6 @@ static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
> return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
> }
>
> -struct tpm2_pcr_selection {
> - __be16 hash_alg;
> - u8 size_of_select;
> - u8 pcr_select[3];
> -} __packed;
> -
> ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
> {
> struct tpm2_pcr_selection pcr_selection;
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 60354cd53b5c..7c1c0a174a2b 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -15,19 +15,6 @@
> #include <linux/unaligned.h>
> #include "tpm.h"
>
> -enum tpm2_handle_types {
> - TPM2_HT_HMAC_SESSION = 0x02000000,
> - TPM2_HT_POLICY_SESSION = 0x03000000,
> - TPM2_HT_TRANSIENT = 0x80000000,
> -};
> -
> -struct tpm2_context {
> - __be64 sequence;
> - __be32 saved_handle;
> - __be32 hierarchy;
> - __be16 blob_size;
> -} __packed;
> -
> static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space)
> {
> int i;
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 1846d5485a2c..8551b24c2bff 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -38,12 +38,6 @@ struct trusted_key_options;
> /* opaque structure, holds auth session parameters like the session key */
> struct tpm2_auth;
>
> -enum tpm2_session_types {
> - TPM2_SE_HMAC = 0x00,
> - TPM2_SE_POLICY = 0x01,
> - TPM2_SE_TRIAL = 0x02,
> -};
> -
> /* if you add a new hash to this, increment TPM_MAX_HASHES below */
> enum tpm_algorithms {
> TPM_ALG_ERROR = 0x0000,
> @@ -65,11 +59,6 @@ enum tpm_algorithms {
> */
> #define TPM_MAX_HASHES 5
>
> -enum tpm2_curves {
> - TPM2_ECC_NONE = 0x0000,
> - TPM2_ECC_NIST_P256 = 0x0003,
> -};
> -
> struct tpm_digest {
> u16 alg_id;
> u8 digest[TPM2_MAX_DIGEST_SIZE];
> @@ -222,122 +211,11 @@ struct tpm_chip {
>
> #define TPM_HEADER_SIZE 10
>
> -enum tpm2_const {
> - TPM2_PLATFORM_PCR = 24,
> - TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8),
> -};
> -
> -enum tpm2_timeouts {
> - TPM2_TIMEOUT_A = 750,
> - TPM2_TIMEOUT_B = 4000,
> - TPM2_TIMEOUT_C = 200,
> - TPM2_TIMEOUT_D = 30,
> -};
> -
> -enum tpm2_durations {
> - TPM2_DURATION_SHORT = 20,
> - TPM2_DURATION_LONG = 2000,
> - TPM2_DURATION_DEFAULT = 120000,
> -};
> -
> -enum tpm2_structures {
> - TPM2_ST_NO_SESSIONS = 0x8001,
> - TPM2_ST_SESSIONS = 0x8002,
> - TPM2_ST_CREATION = 0x8021,
> -};
> -
> -/* Indicates from what layer of the software stack the error comes from */
> -#define TSS2_RC_LAYER_SHIFT 16
> -#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
> -
> -enum tpm2_return_codes {
> - TPM2_RC_SUCCESS = 0x0000,
> - TPM2_RC_HASH = 0x0083, /* RC_FMT1 */
> - TPM2_RC_HANDLE = 0x008B,
> - TPM2_RC_INTEGRITY = 0x009F,
> - TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
> - TPM2_RC_FAILURE = 0x0101,
> - TPM2_RC_DISABLED = 0x0120,
> - TPM2_RC_UPGRADE = 0x012D,
> - TPM2_RC_COMMAND_CODE = 0x0143,
> - TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> - TPM2_RC_REFERENCE_H0 = 0x0910,
> - TPM2_RC_RETRY = 0x0922,
> - TPM2_RC_SESSION_MEMORY = 0x0903,
> -};
> -
> -enum tpm2_command_codes {
> - TPM2_CC_FIRST = 0x011F,
> - TPM2_CC_HIERARCHY_CONTROL = 0x0121,
> - TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129,
> - TPM2_CC_CREATE_PRIMARY = 0x0131,
> - TPM2_CC_SEQUENCE_COMPLETE = 0x013E,
> - TPM2_CC_SELF_TEST = 0x0143,
> - TPM2_CC_STARTUP = 0x0144,
> - TPM2_CC_SHUTDOWN = 0x0145,
> - TPM2_CC_NV_READ = 0x014E,
> - TPM2_CC_CREATE = 0x0153,
> - TPM2_CC_LOAD = 0x0157,
> - TPM2_CC_SEQUENCE_UPDATE = 0x015C,
> - TPM2_CC_UNSEAL = 0x015E,
> - TPM2_CC_CONTEXT_LOAD = 0x0161,
> - TPM2_CC_CONTEXT_SAVE = 0x0162,
> - TPM2_CC_FLUSH_CONTEXT = 0x0165,
> - TPM2_CC_READ_PUBLIC = 0x0173,
> - TPM2_CC_START_AUTH_SESS = 0x0176,
> - TPM2_CC_VERIFY_SIGNATURE = 0x0177,
> - TPM2_CC_GET_CAPABILITY = 0x017A,
> - TPM2_CC_GET_RANDOM = 0x017B,
> - TPM2_CC_PCR_READ = 0x017E,
> - TPM2_CC_PCR_EXTEND = 0x0182,
> - TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
> - TPM2_CC_HASH_SEQUENCE_START = 0x0186,
> - TPM2_CC_CREATE_LOADED = 0x0191,
> - TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
> -};
> -
> -enum tpm2_permanent_handles {
> - TPM2_RH_NULL = 0x40000007,
> - TPM2_RS_PW = 0x40000009,
> -};
> -
> -/* Most Significant Octet for key types */
> -enum tpm2_mso_type {
> - TPM2_MSO_NVRAM = 0x01,
> - TPM2_MSO_SESSION = 0x02,
> - TPM2_MSO_POLICY = 0x03,
> - TPM2_MSO_PERMANENT = 0x40,
> - TPM2_MSO_VOLATILE = 0x80,
> - TPM2_MSO_PERSISTENT = 0x81,
> -};
> -
> static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
> {
> return handle >> 24;
> }
>
> -enum tpm2_capabilities {
> - TPM2_CAP_HANDLES = 1,
> - TPM2_CAP_COMMANDS = 2,
> - TPM2_CAP_PCRS = 5,
> - TPM2_CAP_TPM_PROPERTIES = 6,
> -};
> -
> -enum tpm2_properties {
> - TPM_PT_TOTAL_COMMANDS = 0x0129,
> -};
> -
> -enum tpm2_startup_types {
> - TPM2_SU_CLEAR = 0x0000,
> - TPM2_SU_STATE = 0x0001,
> -};
> -
> -enum tpm2_cc_attrs {
> - TPM2_CC_ATTR_CHANDLES = 25,
> - TPM2_CC_ATTR_RHANDLE = 28,
> - TPM2_CC_ATTR_VENDOR = 29,
> -};
> -
> #define TPM_VID_INTEL 0x8086
> #define TPM_VID_WINBOND 0x1050
> #define TPM_VID_STM 0x104A
> @@ -389,29 +267,6 @@ struct tpm_buf {
> u8 handles;
> };
>
> -enum tpm2_object_attributes {
> - TPM2_OA_FIXED_TPM = BIT(1),
> - TPM2_OA_ST_CLEAR = BIT(2),
> - TPM2_OA_FIXED_PARENT = BIT(4),
> - TPM2_OA_SENSITIVE_DATA_ORIGIN = BIT(5),
> - TPM2_OA_USER_WITH_AUTH = BIT(6),
> - TPM2_OA_ADMIN_WITH_POLICY = BIT(7),
> - TPM2_OA_NO_DA = BIT(10),
> - TPM2_OA_ENCRYPTED_DUPLICATION = BIT(11),
> - TPM2_OA_RESTRICTED = BIT(16),
> - TPM2_OA_DECRYPT = BIT(17),
> - TPM2_OA_SIGN = BIT(18),
> -};
> -
> -enum tpm2_session_attributes {
> - TPM2_SA_CONTINUE_SESSION = BIT(0),
> - TPM2_SA_AUDIT_EXCLUSIVE = BIT(1),
> - TPM2_SA_AUDIT_RESET = BIT(3),
> - TPM2_SA_DECRYPT = BIT(5),
> - TPM2_SA_ENCRYPT = BIT(6),
> - TPM2_SA_AUDIT = BIT(7),
> -};
> -
> struct tpm2_hash {
> unsigned int crypto_id;
> unsigned int tpm_id;
> diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
> index 30d01953a6f8..9dd903dd6b5c 100644
> --- a/include/linux/tpm_command.h
> +++ b/include/linux/tpm_command.h
> @@ -156,4 +156,275 @@ struct tpm1_get_random_out {
> #define TPM_NONCE_SIZE 20
> #define TPM_ST_CLEAR 1
>
> +/*
> + * == TPM 2 Family Chips ==
> + *
> + * TPM 2.0 Library
> + * https://trustedcomputinggroup.org/resource/tpm-library-specification/
> + */
> +
> +/* TPM2 specific constants. */
> +#define TPM2_SPACE_BUFFER_SIZE 16384 /* 16 kB */
> +
> +enum tpm2_session_types {
> + TPM2_SE_HMAC = 0x00,
> + TPM2_SE_POLICY = 0x01,
> + TPM2_SE_TRIAL = 0x02,
> +};
> +
> +enum tpm2_timeouts {
> + TPM2_TIMEOUT_A = 750,
> + TPM2_TIMEOUT_B = 4000,
> + TPM2_TIMEOUT_C = 200,
> + TPM2_TIMEOUT_D = 30,
> + TPM2_DURATION_SHORT = 20,
> + TPM2_DURATION_MEDIUM = 750,
> + TPM2_DURATION_LONG = 2000,
> + TPM2_DURATION_LONG_LONG = 300000,
> + TPM2_DURATION_DEFAULT = 120000,
> +};
> +
> +enum tpm2_structures {
> + TPM2_ST_NO_SESSIONS = 0x8001,
> + TPM2_ST_SESSIONS = 0x8002,
> + TPM2_ST_CREATION = 0x8021,
> +};
> +
> +/* Indicates from what layer of the software stack the error comes from */
> +#define TSS2_RC_LAYER_SHIFT 16
> +#define TSS2_RESMGR_TPM_RC_LAYER (11 << TSS2_RC_LAYER_SHIFT)
> +
> +enum tpm2_return_codes {
> + TPM2_RC_SUCCESS = 0x0000,
> + TPM2_RC_HASH = 0x0083, /* RC_FMT1 */
> + TPM2_RC_HANDLE = 0x008B,
> + TPM2_RC_INTEGRITY = 0x009F,
> + TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
> + TPM2_RC_FAILURE = 0x0101,
> + TPM2_RC_DISABLED = 0x0120,
> + TPM2_RC_UPGRADE = 0x012D,
> + TPM2_RC_COMMAND_CODE = 0x0143,
> + TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> + TPM2_RC_REFERENCE_H0 = 0x0910,
> + TPM2_RC_RETRY = 0x0922,
> + TPM2_RC_SESSION_MEMORY = 0x0903,
> +};
> +
> +enum tpm2_command_codes {
> + TPM2_CC_FIRST = 0x011F,
> + TPM2_CC_HIERARCHY_CONTROL = 0x0121,
> + TPM2_CC_HIERARCHY_CHANGE_AUTH = 0x0129,
> + TPM2_CC_CREATE_PRIMARY = 0x0131,
> + TPM2_CC_SEQUENCE_COMPLETE = 0x013E,
> + TPM2_CC_SELF_TEST = 0x0143,
> + TPM2_CC_STARTUP = 0x0144,
> + TPM2_CC_SHUTDOWN = 0x0145,
> + TPM2_CC_NV_READ = 0x014E,
> + TPM2_CC_CREATE = 0x0153,
> + TPM2_CC_LOAD = 0x0157,
> + TPM2_CC_SEQUENCE_UPDATE = 0x015C,
> + TPM2_CC_UNSEAL = 0x015E,
> + TPM2_CC_CONTEXT_LOAD = 0x0161,
> + TPM2_CC_CONTEXT_SAVE = 0x0162,
> + TPM2_CC_FLUSH_CONTEXT = 0x0165,
> + TPM2_CC_READ_PUBLIC = 0x0173,
> + TPM2_CC_START_AUTH_SESS = 0x0176,
> + TPM2_CC_VERIFY_SIGNATURE = 0x0177,
> + TPM2_CC_GET_CAPABILITY = 0x017A,
> + TPM2_CC_GET_RANDOM = 0x017B,
> + TPM2_CC_PCR_READ = 0x017E,
> + TPM2_CC_PCR_EXTEND = 0x0182,
> + TPM2_CC_EVENT_SEQUENCE_COMPLETE = 0x0185,
> + TPM2_CC_HASH_SEQUENCE_START = 0x0186,
> + TPM2_CC_CREATE_LOADED = 0x0191,
> + TPM2_CC_LAST = 0x0193, /* Spec 1.36 */
> +};
> +
> +enum tpm2_capabilities {
> + TPM2_CAP_HANDLES = 1,
> + TPM2_CAP_COMMANDS = 2,
> + TPM2_CAP_PCRS = 5,
> + TPM2_CAP_TPM_PROPERTIES = 6,
> +};
> +
> +enum tpm2_properties {
> + TPM_PT_TOTAL_COMMANDS = 0x0129,
> +};
> +
> +enum tpm2_startup_types {
> + TPM2_SU_CLEAR = 0x0000,
> + TPM2_SU_STATE = 0x0001,
> +};
> +
> +enum tpm2_cc_attrs {
> + TPM2_CC_ATTR_CHANDLES = 25,
> + TPM2_CC_ATTR_RHANDLE = 28,
> + TPM2_CC_ATTR_VENDOR = 29,
> +};
> +
> +enum tpm2_permanent_handles {
> + TPM2_RH_NULL = 0x40000007,
> + TPM2_RS_PW = 0x40000009,
> +};
> +
> +/* Most Significant Octet for key types */
> +enum tpm2_mso_type {
> + TPM2_MSO_NVRAM = 0x01,
> + TPM2_MSO_SESSION = 0x02,
> + TPM2_MSO_POLICY = 0x03,
> + TPM2_MSO_PERMANENT = 0x40,
> + TPM2_MSO_VOLATILE = 0x80,
> + TPM2_MSO_PERSISTENT = 0x81,
> +};
> +
> +enum tpm2_curves {
> + TPM2_ECC_NONE = 0x0000,
> + TPM2_ECC_NIST_P256 = 0x0003,
> +};
> +
> +enum tpm2_object_attributes {
> + TPM2_OA_FIXED_TPM = BIT(1),
> + TPM2_OA_ST_CLEAR = BIT(2),
> + TPM2_OA_FIXED_PARENT = BIT(4),
> + TPM2_OA_SENSITIVE_DATA_ORIGIN = BIT(5),
> + TPM2_OA_USER_WITH_AUTH = BIT(6),
> + TPM2_OA_ADMIN_WITH_POLICY = BIT(7),
> + TPM2_OA_NO_DA = BIT(10),
> + TPM2_OA_ENCRYPTED_DUPLICATION = BIT(11),
> + TPM2_OA_RESTRICTED = BIT(16),
> + TPM2_OA_DECRYPT = BIT(17),
> + TPM2_OA_SIGN = BIT(18),
> +};
> +
> +enum tpm2_session_attributes {
> + TPM2_SA_CONTINUE_SESSION = BIT(0),
> + TPM2_SA_AUDIT_EXCLUSIVE = BIT(1),
> + TPM2_SA_AUDIT_RESET = BIT(3),
> + TPM2_SA_DECRYPT = BIT(5),
> + TPM2_SA_ENCRYPT = BIT(6),
> + TPM2_SA_AUDIT = BIT(7),
> +};
> +
> +enum tpm2_pcr_select {
> + TPM2_PLATFORM_PCR = 24,
> + TPM2_PCR_SELECT_MIN = ((TPM2_PLATFORM_PCR + 7) / 8),
> +};
> +
> +enum tpm2_handle_types {
> + TPM2_HT_HMAC_SESSION = 0x02000000,
> + TPM2_HT_POLICY_SESSION = 0x03000000,
> + TPM2_HT_TRANSIENT = 0x80000000,
> +};
> +
> +enum tpm2_pt_props {
> + TPM2_PT_NONE = 0x00000000,
> + TPM2_PT_GROUP = 0x00000100,
> + TPM2_PT_FIXED = TPM2_PT_GROUP * 1,
> + TPM2_PT_FAMILY_INDICATOR = TPM2_PT_FIXED + 0,
> + TPM2_PT_LEVEL = TPM2_PT_FIXED + 1,
> + TPM2_PT_REVISION = TPM2_PT_FIXED + 2,
> + TPM2_PT_DAY_OF_YEAR = TPM2_PT_FIXED + 3,
> + TPM2_PT_YEAR = TPM2_PT_FIXED + 4,
> + TPM2_PT_MANUFACTURER = TPM2_PT_FIXED + 5,
> + TPM2_PT_VENDOR_STRING_1 = TPM2_PT_FIXED + 6,
> + TPM2_PT_VENDOR_STRING_2 = TPM2_PT_FIXED + 7,
> + TPM2_PT_VENDOR_STRING_3 = TPM2_PT_FIXED + 8,
> + TPM2_PT_VENDOR_STRING_4 = TPM2_PT_FIXED + 9,
> + TPM2_PT_VENDOR_TPM_TYPE = TPM2_PT_FIXED + 10,
> + TPM2_PT_FIRMWARE_VERSION_1 = TPM2_PT_FIXED + 11,
> + TPM2_PT_FIRMWARE_VERSION_2 = TPM2_PT_FIXED + 12,
> + TPM2_PT_INPUT_BUFFER = TPM2_PT_FIXED + 13,
> + TPM2_PT_HR_TRANSIENT_MIN = TPM2_PT_FIXED + 14,
> + TPM2_PT_HR_PERSISTENT_MIN = TPM2_PT_FIXED + 15,
> + TPM2_PT_HR_LOADED_MIN = TPM2_PT_FIXED + 16,
> + TPM2_PT_ACTIVE_SESSIONS_MAX = TPM2_PT_FIXED + 17,
> + TPM2_PT_PCR_COUNT = TPM2_PT_FIXED + 18,
> + TPM2_PT_PCR_SELECT_MIN = TPM2_PT_FIXED + 19,
> + TPM2_PT_CONTEXT_GAP_MAX = TPM2_PT_FIXED + 20,
> + TPM2_PT_NV_COUNTERS_MAX = TPM2_PT_FIXED + 22,
> + TPM2_PT_NV_INDEX_MAX = TPM2_PT_FIXED + 23,
> + TPM2_PT_MEMORY = TPM2_PT_FIXED + 24,
> + TPM2_PT_CLOCK_UPDATE = TPM2_PT_FIXED + 25,
> + TPM2_PT_CONTEXT_HASH = TPM2_PT_FIXED + 26,
> + TPM2_PT_CONTEXT_SYM = TPM2_PT_FIXED + 27,
> + TPM2_PT_CONTEXT_SYM_SIZE = TPM2_PT_FIXED + 28,
> + TPM2_PT_ORDERLY_COUNT = TPM2_PT_FIXED + 29,
> + TPM2_PT_MAX_COMMAND_SIZE = TPM2_PT_FIXED + 30,
> + TPM2_PT_MAX_RESPONSE_SIZE = TPM2_PT_FIXED + 31,
> + TPM2_PT_MAX_DIGEST = TPM2_PT_FIXED + 32,
> + TPM2_PT_MAX_OBJECT_CONTEXT = TPM2_PT_FIXED + 33,
> + TPM2_PT_MAX_SESSION_CONTEXT = TPM2_PT_FIXED + 34,
> + TPM2_PT_PS_FAMILY_INDICATOR = TPM2_PT_FIXED + 35,
> + TPM2_PT_PS_LEVEL = TPM2_PT_FIXED + 36,
> + TPM2_PT_PS_REVISION = TPM2_PT_FIXED + 37,
> + TPM2_PT_PS_DAY_OF_YEAR = TPM2_PT_FIXED + 38,
> + TPM2_PT_PS_YEAR = TPM2_PT_FIXED + 39,
> + TPM2_PT_SPLIT_MAX = TPM2_PT_FIXED + 40,
> + TPM2_PT_TOTAL_COMMANDS = TPM2_PT_FIXED + 41,
> + TPM2_PT_LIBRARY_COMMANDS = TPM2_PT_FIXED + 42,
> + TPM2_PT_VENDOR_COMMANDS = TPM2_PT_FIXED + 43,
> + TPM2_PT_NV_BUFFER_MAX = TPM2_PT_FIXED + 44,
> + TPM2_PT_MODES = TPM2_PT_FIXED + 45,
> + TPM2_PT_MAX_CAP_BUFFER = TPM2_PT_FIXED + 46,
> + TPM2_PT_VAR = TPM2_PT_GROUP * 2,
> + TPM2_PT_PERMANENT = TPM2_PT_VAR + 0,
> + TPM2_PT_STARTUP_CLEAR = TPM2_PT_VAR + 1,
> + TPM2_PT_HR_NV_INDEX = TPM2_PT_VAR + 2,
> + TPM2_PT_HR_LOADED = TPM2_PT_VAR + 3,
> + TPM2_PT_HR_LOADED_AVAIL = TPM2_PT_VAR + 4,
> + TPM2_PT_HR_ACTIVE = TPM2_PT_VAR + 5,
> + TPM2_PT_HR_ACTIVE_AVAIL = TPM2_PT_VAR + 6,
> + TPM2_PT_HR_TRANSIENT_AVAIL = TPM2_PT_VAR + 7,
> + TPM2_PT_HR_PERSISTENT = TPM2_PT_VAR + 8,
> + TPM2_PT_HR_PERSISTENT_AVAIL = TPM2_PT_VAR + 9,
> + TPM2_PT_NV_COUNTERS = TPM2_PT_VAR + 10,
> + TPM2_PT_NV_COUNTERS_AVAIL = TPM2_PT_VAR + 11,
> + TPM2_PT_ALGORITHM_SET = TPM2_PT_VAR + 12,
> + TPM2_PT_LOADED_CURVES = TPM2_PT_VAR + 13,
> + TPM2_PT_LOCKOUT_COUNTER = TPM2_PT_VAR + 14,
> + TPM2_PT_MAX_AUTH_FAIL = TPM2_PT_VAR + 15,
> + TPM2_PT_LOCKOUT_INTERVAL = TPM2_PT_VAR + 16,
> + TPM2_PT_LOCKOUT_RECOVERY = TPM2_PT_VAR + 17,
> + TPM2_PT_NV_WRITE_RECOVERY = TPM2_PT_VAR + 18,
> + TPM2_PT_AUDIT_COUNTER_0 = TPM2_PT_VAR + 19,
> + TPM2_PT_AUDIT_COUNTER_1 = TPM2_PT_VAR + 20,
> +};
> +
> +struct tpm2_pcr_read_out {
> + __be32 update_cnt;
> + __be32 pcr_selects_cnt;
> + __be16 hash_alg;
> + u8 pcr_select_size;
> + u8 pcr_select[TPM2_PCR_SELECT_MIN];
> + __be32 digests_cnt;
> + __be16 digest_size;
> + u8 digest[];
> +} __packed;
> +
> +struct tpm2_get_random_out {
> + __be16 size;
> + u8 buffer[TPM_MAX_RNG_DATA];
> +} __packed;
> +
> +struct tpm2_get_cap_out {
> + u8 more_data;
> + __be32 subcap_id;
> + __be32 property_cnt;
> + __be32 property_id;
> + __be32 value;
> +} __packed;
> +
> +struct tpm2_pcr_selection {
> + __be16 hash_alg;
> + u8 size_of_select;
> + u8 pcr_select[3];
> +} __packed;
> +
> +struct tpm2_context {
> + __be64 sequence;
> + __be32 saved_handle;
> + __be32 hierarchy;
> + __be16 blob_size;
> +} __packed;
> +
> #endif
> --
> 2.47.3
>
LGTM
BR, Jarkko
next prev parent reply other threads:[~2026-05-15 23:16 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 21:13 [PATCH v16 00/38] x86: Secure Launch support for Intel TXT Ross Philipson
2026-05-15 21:13 ` [PATCH v16 01/38] tpm: Initial step to reorganize TPM public headers Ross Philipson
2026-05-15 23:03 ` Jarkko Sakkinen
2026-05-15 23:05 ` Jason Gunthorpe
2026-05-15 23:10 ` Dave Hansen
2026-05-15 23:51 ` Jarkko Sakkinen
2026-05-15 21:13 ` [PATCH v16 02/38] tpm: Move TPM1 specific definitions to the command header Ross Philipson
2026-05-15 23:14 ` Jarkko Sakkinen
2026-05-15 21:13 ` [PATCH v16 03/38] tpm: Move TPM2 " Ross Philipson
2026-05-15 23:15 ` Jarkko Sakkinen [this message]
2026-05-15 21:13 ` [PATCH v16 04/38] tpm: Move TPM common base " Ross Philipson
2026-05-15 23:22 ` Jarkko Sakkinen
2026-05-15 21:13 ` [PATCH v16 05/38] tpm: Move platform specific definitions to the new PTP header Ross Philipson
2026-05-15 21:13 ` [PATCH v16 06/38] tpm: Remove main TPM header from TPM event log header Ross Philipson
2026-05-15 21:13 ` [PATCH v16 07/38] tpm-buf: Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW Ross Philipson
2026-05-15 21:13 ` [PATCH v16 08/38] tpm-buf: Remove chip parameter from tpm_buf_append_handle() Ross Philipson
2026-05-15 21:13 ` [PATCH v16 09/38] tpm-buf: Implement managed allocations Ross Philipson
2026-05-15 21:13 ` [PATCH v16 10/38] tpm-buf: Add TPM buffer support header for standalone reuse Ross Philipson
2026-05-15 21:13 ` [PATCH v16 11/38] tpm/tpm_tis: Close all localities Ross Philipson
2026-05-15 21:13 ` [PATCH v16 12/38] tpm/tpm_tis: Address positive localities in tpm_tis_request_locality() Ross Philipson
2026-05-15 21:13 ` [PATCH v16 13/38] tpm/tpm_tis: Allow locality to be set to a different value Ross Philipson
2026-05-15 21:13 ` [PATCH v16 14/38] tpm/sysfs: Show locality used by kernel Ross Philipson
2026-05-15 21:13 ` [PATCH v16 15/38] Documentation/security: Secure Launch kernel documentation Ross Philipson
2026-05-15 22:02 ` Randy Dunlap
2026-05-15 21:13 ` [PATCH v16 16/38] x86: Secure Launch Kconfig Ross Philipson
2026-05-15 21:13 ` [PATCH v16 17/38] x86: Secure Launch Resource Table header file Ross Philipson
2026-05-15 21:13 ` [PATCH v16 18/38] x86/efi: Secure Launch Resource Table EFI definitions " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 19/38] x86: Secure Launch main " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 20/38] x86/txt: Intel Trusted eXecution Technology (TXT) definitions Ross Philipson
2026-05-15 21:13 ` [PATCH v16 21/38] lib/crypto: Add SHA1 support for pre-boot environments Ross Philipson
2026-05-15 21:13 ` [PATCH v16 22/38] lib/crypto: Add SHA512 " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 23/38] x86: Allow WARN_trap() macro to be included in " Ross Philipson
2026-05-15 21:13 ` [PATCH v16 24/38] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2026-05-15 21:13 ` [PATCH v16 25/38] x86/boot: Slight refactor of the 5 level paging logic Ross Philipson
2026-05-15 21:13 ` [PATCH v16 26/38] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2026-05-15 21:13 ` [PATCH v16 27/38] x86: Add early SHA-256 " Ross Philipson
2026-05-15 21:14 ` [PATCH v16 28/38] x86: Add early SHA-384/512 " Ross Philipson
2026-05-15 21:14 ` [PATCH v16 29/38] x86/tpm: Early startup TPM PCR extending driver Ross Philipson
2026-05-15 22:32 ` Dave Hansen
2026-05-15 21:14 ` [PATCH v16 30/38] x86/slaunch: Add MLE header and Secure Launch entrypoint to the core kernel Ross Philipson
2026-05-15 21:14 ` [PATCH v16 31/38] x86/slaunch: Secure Launch kernel early boot initialization Ross Philipson
2026-05-15 21:14 ` [PATCH v16 32/38] x86/slaunch: Secure Launch kernel late " Ross Philipson
2026-05-15 21:14 ` [PATCH v16 33/38] x86/slaunch: Secure Launch SMP bringup support Ross Philipson
2026-05-15 21:14 ` [PATCH v16 34/38] kexec/slaunch: Secure Launch kexec SEXIT support Ross Philipson
2026-05-15 21:14 ` [PATCH v16 35/38] reboot/slaunch: Secure Launch SEXIT support on reboot paths Ross Philipson
2026-05-15 21:14 ` [PATCH v16 36/38] x86/slaunch: Secure Launch late initcall platform module Ross Philipson
2026-05-15 21:14 ` [PATCH v16 37/38] x86/efistub: EFI stub DRTM support for Secure Launch Ross Philipson
2026-05-15 21:14 ` [PATCH v16 38/38] x86/boot: Legacy boot " Ross Philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agepLKST0x6Pq_U7@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=daniel.kiper@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@gmail.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox