TPMI_SH_AUTH_SESSION - Attribute Structures

8 Attribute Structures

9.7 TPMI_SH_AUTH_SESSION

The TPMI_SH_AUTH_SESSION interface type is TPM-defined values that are used to indicate that the handle refers to an authorization session.

Table 44 — Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type <IN/OUT>

Values Comments

{HMAC_SESSION_FIRST : HMAC_SESSION_LAST} range of HMAC authorization session handles

{POLICY_SESSION_FIRST: POLICY_SESSION_LAST} range of policy authorization session handles

+TPM_RS_PW a password authorization

#TPM_RC_VALUE error returned if the handle is out of range

9.8 TPMI_SH_HMAC

This interface type is used for an authorization handle when the authorization session uses an HMAC.

Table 45 — Definition of (TPM_HANDLE) TPMI_SH_HMAC Type <IN/OUT>

Values Comments

{HMAC_SESSION_FIRST: HMAC_SESSION_LAST} range of HMAC authorization session handles

#TPM_RC_VALUE error returned if the handle is out of range

9.9 TPMI_SH_POLICY

This interface type is used for a policy handle when it appears in a policy command.

Table 46 — Definition of (TPM_HANDLE) TPMI_SH_POLICY Type <IN/OUT>

Values Comments

{POLICY_SESSION_FIRST: POLICY_SESSION_LAST} range of policy authorization session handles

#TPM_RC_VALUE error returned if the handle is out of range

9.10 TPMI_DH_CONTEXT

This type defines the handle values that may be used in TPM2_ContextSave() or TPM2_Flush().

Table 47 — Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type

Values Comments

{HMAC_SESSION_FIRST : HMAC_SESSION_LAST} {POLICY_SESSION_FIRST:POLICY_SESSION_LAST} {TRANSIENT_FIRST:TRANSIENT_LAST}

9.11 TPMI_RH_HIERARCHY

The TPMI_RH_HIERARCHY interface type is used as the type of a handle in a command when the handle is required to be one of the hierarchy selectors.

Table 48 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type

Values Comments

TPM_RH_OWNER Storage hierarchy

TPM_RH_PLATFORM Platform hierarchy

TPM_RH_ENDORSEMENT Endorsement hierarchy

+TPM_RH_NULL no hierarchy

#TPM_RC_VALUE response code returned when the unmarshaling of this type fails

9.12 TPMI_RH_ENABLES

The TPMI_RH_ENABLES interface type is used as the type of a handle in a command when the handle is required to be one of the hierarchy or NV enables.

Table 49 — Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type

Values Comments

TPM_RH_OWNER Storage hierarchy

TPM_RH_PLATFORM Platform hierarchy

TPM_RH_ENDORSEMENT Endorsement hierarchy

TPM_RH_PLATFORM_NV Platform NV

+TPM_RH_NULL no hierarchy

9.13 TPMI_RH_HIERARCHY_AUTH

This interface type is used as the type of a handle in a command when the handle is required to be one of the hierarchy selectors or the Lockout Authorization.

Table 50 — Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type <IN>

Values Comments

TPM_RH_OWNER Storage hierarchy

TPM_RH_PLATFORM Platform hierarchy

TPM_RH_ENDORSEMENT Endorsement hierarchy

TPM_RH_LOCKOUT Lockout Authorization

#TPM_RC_VALUE response code returned when the unmarshaling of this type fails

9.14 TPMI_RH_PLATFORM

The TPMI_RH_PLATFORM interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_PLATFORM indicating that Platform Authorization is required.

Table 51 — Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type <IN>

Values Comments

TPM_RH_PLATFORM Platform hierarchy

#TPM_RC_VALUE response code returned when the unmarshaling of this type fails

9.15 TPMI_RH_OWNER

This interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_OWNER indicating that Owner Authorization is required.

Table 52 — Definition of (TPM_HANDLE) TPMI_RH_OWNER Type <IN>

Values Comments

TPM_RH_OWNER Owner hierarchy

+TPM_RH_NULL may allow the null handle

9.16 TPMI_RH_ENDORSEMENT

This interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_ENDORSEMENT indicating that Endorsement Authorization is required.

Table 53 — Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type <IN>

Values Comments

TPM_RH_ENDORSEMENT Endorsement hierarchy

+TPM_RH_NULL may allow the null handle

#TPM_RC_VALUE response code returned when the unmarshaling of this type fails

9.17 TPMI_RH_PROVISION

The TPMI_RH_PROVISION interface type is used as the type of the handle in a command when the only allowed handles are either TPM_RH_OWNER or TPM_RH_PLATFORM indicating that either Platform Authorization or Owner Authorization are allowed.

In most cases, either Platform Authorization or Owner Authorization may be used to authorize the commands used for management of the resources of the TPM and this interface type will be used.

Table 54 — Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type <IN>

Value Comments

TPM_RH_OWNER handle for Owner Authorization

TPM_RH_PLATFORM handle for Platform Authorization

#TPM_RC_VALUE response code returned when the unmarshaling of this type fails

9.18 TPMI_RH_CLEAR

The TPMI_RH_CLEAR interface type is used as the type of the handle in a command when the only allowed handles are either TPM_RH_LOCKOUT or TPM_RH_PLATFORM indicating that either Platform Authorization or Lockout Authorization are allowed.

This interface type is normally used for performing or controlling TPM2_Clear().

Table 55 — Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type <IN>

Value Comments

TPM_RH_LOCKOUT handle for Lockout Authorization

TPM_RH_PLATFORM handle for Platform Authorization

9.19 TPMI_RH_NV_AUTH

This interface type is used to identify the source of the authorization for access to an NV location. The handle value of a TPMI_RH_NV_AUTH shall indicate that the authorization value is either Platform Authorization, Owner Authorization, or the authValue. This type is used in the commands that access an NV Index (commands of the form TPM2_NV_xxx) other than TPM2_NV_DefineSpace() and TPM2_NV_UndefineSpace().

Table 56 — Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type <IN>

Value Comments

TPM_RH_PLATFORM Platform Authorization is allowed

TPM_RH_OWNER Owner Authorization is allowed

{NV_INDEX_FIRST:NV_INDEX_LAST} range for NV locations

#TPM_RC_VALUE response code returned when unmarshaling of this type fails

9.20 TPMI_RH_LOCKOUT

The TPMI_RH_LOCKOUT interface type is used as the type of a handle in a command when the only allowed handle is TPM_RH_LOCKOUT indicating that Lockout Authorization is required.

Table 57 — Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type <IN>

Value Comments

TPM_RH_LOCKOUT handle for Lockout Authorization

#TPM_RC_VALUE response code returned when the unmarshaling of this type fails

9.21 TPMI_RH_NV_INDEX

This interface type is used to identify an NV location. This type is used in the NV commands.

Table 58 — Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type <IN/OUT>

Value Comments

{NV_INDEX_FIRST:NV_INDEX_LAST} Range of NV Indexes

9.22 TPMI_ALG_HASH

A TPMI_ALG_HASH is an interface type of all the hash algorithms implemented on a specific TPM. The selector in Table 59 indicates all of the hash algorithms that have an algorithm ID assigned by the TCG and does not indicate the algorithms that will be accepted by a TPM.

NOTE When implemented, each of the algorithm entries is delimted by #ifdef and #endif so that, if the algorithm is not implemented in a specific TPM, that algorithm is not included in the interface type.

Table 59 — Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type

Values Comments

TPM_ALG_!ALG.H all hash algorithms defined by the TCG

+TPM_ALG_NULL #TPM_RC_HASH

In document TCG. Trusted Platform Module Library Part 2: Structures. TCG Published. Family 2.0. Level 00 Revision October 30, 2014. (Page 94-99)