| Package | Description |
|---|---|
| tss | |
| tss.tpm |
| Modifier and Type | Field and Description |
|---|---|
TPM_HANDLE |
TpmBase._EndorsementHandle
Admin handles (and associated auth values) can be associated with a TPM object
|
TPM_HANDLE |
TpmBase._LockoutHandle
Admin handles (and associated auth values) can be associated with a TPM object
|
TPM_HANDLE |
TpmBase._OwnerHandle
Admin handles (and associated auth values) can be associated with a TPM object
|
TPM_HANDLE |
TpmBase._PlatformHandle
Admin handles (and associated auth values) can be associated with a TPM object
|
| Modifier and Type | Method and Description |
|---|---|
TPM_HANDLE |
Tpm.ContextLoad(TPMS_CONTEXT context)
This command is used to reload a context that has been saved by TPM2_ContextSave().
|
TPM_HANDLE |
Tpm.HashSequenceStart(byte[] auth,
TPM_ALG_ID hashAlg)
This command starts a hash or an Event Sequence.
|
TPM_HANDLE |
Tpm.HMAC_Start(TPM_HANDLE handle,
byte[] auth,
TPM_ALG_ID hashAlg)
This command starts an HMAC sequence.
|
TPM_HANDLE |
Tpm.Load(TPM_HANDLE parentHandle,
TPM2B_PRIVATE inPrivate,
TPMT_PUBLIC inPublic)
This command is used to load objects into the TPM.
|
TPM_HANDLE |
Tpm.LoadExternal(TPMT_SENSITIVE inPrivate,
TPMT_PUBLIC inPublic,
TPM_HANDLE hierarchy)
This command is used to load an object that is not a Protected Object into the TPM.
|
TPM_HANDLE |
Tpm.MAC_Start(TPM_HANDLE handle,
byte[] auth,
TPM_ALG_ID inScheme)
This command starts a MAC sequence.
|
| Modifier and Type | Method and Description |
|---|---|
Tpm |
TpmBase._withSession(TPM_HANDLE h)
Specifies a single session handle to use with the next command
|
Tpm |
TpmBase._withSessions(TPM_HANDLE... hh)
Specifies the session handles to use with the next command
|
AC_GetCapabilityResponse |
Tpm.AC_GetCapability(TPM_HANDLE ac,
TPM_AT capability,
int count)
The purpose of this command is to obtain information about an Attached Component referenced by an AC handle.
|
TPMS_AC_OUTPUT |
Tpm.AC_Send(TPM_HANDLE sendObject,
TPM_HANDLE authHandle,
TPM_HANDLE ac,
byte[] acDataIn)
The purpose of this command is to send (copy) a loaded object from the TPM to an Attached Component.
|
byte[] |
Tpm.ActivateCredential(TPM_HANDLE activateHandle,
TPM_HANDLE keyHandle,
TPMS_ID_OBJECT credentialBlob,
byte[] secret)
This command enables the association of a credential with an object in a way that ensures that the TPM has validated the parameters of the credentialed object.
|
CertifyResponse |
Tpm.Certify(TPM_HANDLE objectHandle,
TPM_HANDLE signHandle,
byte[] qualifyingData,
TPMU_SIG_SCHEME inScheme)
The purpose of this command is to prove that an object with a specific Name is loaded in the TPM.
|
CertifyCreationResponse |
Tpm.CertifyCreation(TPM_HANDLE signHandle,
TPM_HANDLE objectHandle,
byte[] qualifyingData,
byte[] creationHash,
TPMU_SIG_SCHEME inScheme,
TPMT_TK_CREATION creationTicket)
This command is used to prove the association between an object and its creation data.
|
void |
Tpm.ChangeEPS(TPM_HANDLE authHandle)
This replaces the current endorsement primary seed (EPS) with a value from the RNG and sets the Endorsement hierarchy controls to their default initialization values: ehEnable is SET, endorsementAuth and endorsementPolicy are both set to the Empty Buffer.
|
void |
Tpm.ChangePPS(TPM_HANDLE authHandle)
This replaces the current platform primary seed (PPS) with a value from the RNG and sets platformPolicy to the default initialization value (the Empty Buffer).
|
void |
Tpm.Clear(TPM_HANDLE authHandle)
This command removes all TPM context associated with a specific Owner.
|
void |
Tpm.ClearControl(TPM_HANDLE auth,
byte disable)
TPM2_ClearControl() disables and enables the execution of TPM2_Clear().
|
void |
Tpm.ClockRateAdjust(TPM_HANDLE auth,
TPM_CLOCK_ADJUST rateAdjust)
This command adjusts the rate of advance of Clock and Time to provide a better approximation to real time.
|
void |
Tpm.ClockSet(TPM_HANDLE auth,
long newTime)
This command is used to advance the value of the TPMs Clock.
|
CommitResponse |
Tpm.Commit(TPM_HANDLE signHandle,
TPMS_ECC_POINT P1,
byte[] s2,
byte[] y2)
TPM2_Commit() performs the first part of an ECC anonymous signing operation.
|
TPMS_CONTEXT |
Tpm.ContextSave(TPM_HANDLE saveHandle)
This command saves a session context, object context, or sequence object context outside the TPM.
|
CreateResponse |
Tpm.Create(TPM_HANDLE parentHandle,
TPMS_SENSITIVE_CREATE inSensitive,
TPMT_PUBLIC inPublic,
byte[] outsideInfo,
TPMS_PCR_SELECTION[] creationPCR)
This command is used to create an object that can be loaded into a TPM using TPM2_Load().
|
CreateLoadedResponse |
Tpm.CreateLoaded(TPM_HANDLE parentHandle,
TPMS_SENSITIVE_CREATE inSensitive,
byte[] inPublic)
This command creates an object and loads it in the TPM.
|
CreatePrimaryResponse |
Tpm.CreatePrimary(TPM_HANDLE primaryHandle,
TPMS_SENSITIVE_CREATE inSensitive,
TPMT_PUBLIC inPublic,
byte[] outsideInfo,
TPMS_PCR_SELECTION[] creationPCR)
This command is used to create a Primary Object under one of the Primary Seeds or a Temporary Object under TPM_RH_NULL.
|
void |
Tpm.DictionaryAttackLockReset(TPM_HANDLE lockHandle)
This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
|
void |
Tpm.DictionaryAttackParameters(TPM_HANDLE lockHandle,
int newMaxTries,
int newRecoveryTime,
int lockoutRecovery)
This command changes the lockout parameters.
|
protected void |
TpmBase.DispatchCommand(TPM_CC command,
TPM_HANDLE[] inHandles,
int authHandleCount,
int outHandleCount,
TpmStructure inParms,
TpmStructure outParms)
Send a command to the underlying TPM
|
DuplicateResponse |
Tpm.Duplicate(TPM_HANDLE objectHandle,
TPM_HANDLE newParentHandle,
byte[] encryptionKeyIn,
TPMT_SYM_DEF_OBJECT symmetricAlg)
This command duplicates a loaded object so that it may be used in a different hierarchy.
|
ECDH_KeyGenResponse |
Tpm.ECDH_KeyGen(TPM_HANDLE keyHandle)
This command uses the TPM to generate an ephemeral key pair (de, Qe where Qe [de]G).
|
TPMS_ECC_POINT |
Tpm.ECDH_ZGen(TPM_HANDLE keyHandle,
TPMS_ECC_POINT inPoint)
This command uses the TPM to recover the Z value from a public point (QB) and a private key (ds).
|
EncryptDecryptResponse |
Tpm.EncryptDecrypt(TPM_HANDLE keyHandle,
byte decrypt,
TPM_ALG_ID mode,
byte[] ivIn,
byte[] inData)
NOTE 1 This command is deprecated, and TPM2_EncryptDecrypt2() is preferred.
|
EncryptDecrypt2Response |
Tpm.EncryptDecrypt2(TPM_HANDLE keyHandle,
byte[] inData,
byte decrypt,
TPM_ALG_ID mode,
byte[] ivIn)
This command is identical to TPM2_EncryptDecrypt(), except that the inData parameter is the first parameter.
|
TPMT_HA[] |
Tpm.EventSequenceComplete(TPM_HANDLE pcrHandle,
TPM_HANDLE sequenceHandle,
byte[] buffer)
This command adds the last part of data, if any, to an Event Sequence and returns the result in a digest list.
|
void |
Tpm.EvictControl(TPM_HANDLE auth,
TPM_HANDLE objectHandle,
TPM_HANDLE persistentHandle)
This command allows certain Transient Objects to be made persistent or a persistent object to be evicted.
|
void |
Tpm.FieldUpgradeStart(TPM_HANDLE authorization,
TPM_HANDLE keyHandle,
byte[] fuDigest,
TPMU_SIGNATURE manifestSignature)
This command uses platformPolicy and a TPM Vendor Authorization Key to authorize a Field Upgrade Manifest.
|
void |
Tpm.FlushContext(TPM_HANDLE flushHandle)
This command causes all context associated with a loaded object, sequence object, or session to be removed from TPM memory.
|
GetCommandAuditDigestResponse |
Tpm.GetCommandAuditDigest(TPM_HANDLE privacyHandle,
TPM_HANDLE signHandle,
byte[] qualifyingData,
TPMU_SIG_SCHEME inScheme)
This command returns the current value of the command audit digest, a digest of the commands being audited, and the audit hash algorithm.
|
GetSessionAuditDigestResponse |
Tpm.GetSessionAuditDigest(TPM_HANDLE privacyAdminHandle,
TPM_HANDLE signHandle,
TPM_HANDLE sessionHandle,
byte[] qualifyingData,
TPMU_SIG_SCHEME inScheme)
This command returns a digital signature of the audit session digest.
|
GetTimeResponse |
Tpm.GetTime(TPM_HANDLE privacyAdminHandle,
TPM_HANDLE signHandle,
byte[] qualifyingData,
TPMU_SIG_SCHEME inScheme)
This command returns the current values of Time and Clock.
|
HashResponse |
Tpm.Hash(byte[] data,
TPM_ALG_ID hashAlg,
TPM_HANDLE hierarchy)
This command performs a hash operation on a data buffer and returns the results.
|
void |
Tpm.HierarchyChangeAuth(TPM_HANDLE authHandle,
byte[] newAuth)
This command allows the authorization secret for a hierarchy or lockout to be changed using the current authorization value as the command authorization.
|
void |
Tpm.HierarchyControl(TPM_HANDLE authHandle,
TPM_HANDLE enable,
byte state)
This command enables and disables use of a hierarchy and its associated NV storage.
|
TPM_HANDLE |
Tpm.HMAC_Start(TPM_HANDLE handle,
byte[] auth,
TPM_ALG_ID hashAlg)
This command starts an HMAC sequence.
|
byte[] |
Tpm.HMAC(TPM_HANDLE handle,
byte[] buffer,
TPM_ALG_ID hashAlg)
This command performs an HMAC on the supplied data using the indicated hash algorithm.
|
TPM2B_PRIVATE |
Tpm.Import(TPM_HANDLE parentHandle,
byte[] encryptionKey,
TPMT_PUBLIC objectPublic,
TPM2B_PRIVATE duplicate,
byte[] inSymSeed,
TPMT_SYM_DEF_OBJECT symmetricAlg)
This command allows an object to be encrypted using the symmetric encryption values of a Storage Key.
|
TPM_HANDLE |
Tpm.Load(TPM_HANDLE parentHandle,
TPM2B_PRIVATE inPrivate,
TPMT_PUBLIC inPublic)
This command is used to load objects into the TPM.
|
TPM_HANDLE |
Tpm.LoadExternal(TPMT_SENSITIVE inPrivate,
TPMT_PUBLIC inPublic,
TPM_HANDLE hierarchy)
This command is used to load an object that is not a Protected Object into the TPM.
|
TPM_HANDLE |
Tpm.MAC_Start(TPM_HANDLE handle,
byte[] auth,
TPM_ALG_ID inScheme)
This command starts a MAC sequence.
|
byte[] |
Tpm.MAC(TPM_HANDLE handle,
byte[] buffer,
TPM_ALG_ID inScheme)
This command performs an HMAC or a block cipher MAC on the supplied data using the indicated algorithm.
|
MakeCredentialResponse |
Tpm.MakeCredential(TPM_HANDLE handle,
byte[] credential,
byte[] objectName)
This command allows the TPM to perform the actions required of a Certificate Authority (CA) in creating a TPM2B_ID_OBJECT containing an activation credential.
|
NV_CertifyResponse |
Tpm.NV_Certify(TPM_HANDLE signHandle,
TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
byte[] qualifyingData,
TPMU_SIG_SCHEME inScheme,
int size,
int offset)
The purpose of this command is to certify the contents of an NV Index or portion of an NV Index.
|
void |
Tpm.NV_ChangeAuth(TPM_HANDLE nvIndex,
byte[] newAuth)
This command allows the authorization secret for an NV Index to be changed.
|
void |
Tpm.NV_DefineSpace(TPM_HANDLE authHandle,
byte[] auth,
TPMS_NV_PUBLIC publicInfo)
This command defines the attributes of an NV Index and causes the TPM to reserve space to hold the data associated with the NV Index.
|
void |
Tpm.NV_Extend(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
byte[] data)
This command extends a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace.
|
void |
Tpm.NV_GlobalWriteLock(TPM_HANDLE authHandle)
The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
|
void |
Tpm.NV_Increment(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex)
This command is used to increment the value in an NV Index that has the TPM_NT_COUNTER attribute.
|
byte[] |
Tpm.NV_Read(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
int size,
int offset)
This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
|
void |
Tpm.NV_ReadLock(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex)
If TPMA_NV_READ_STCLEAR is SET in an Index, then this command may be used to prevent further reads of the NV Index until the next TPM2_Startup (TPM_SU_CLEAR).
|
NV_ReadPublicResponse |
Tpm.NV_ReadPublic(TPM_HANDLE nvIndex)
This command is used to read the public area and Name of an NV Index.
|
void |
Tpm.NV_SetBits(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
long bits)
This command is used to SET bits in an NV Index that was created as a bit field.
|
void |
Tpm.NV_UndefineSpace(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex)
This command removes an Index from the TPM.
|
void |
Tpm.NV_UndefineSpaceSpecial(TPM_HANDLE nvIndex,
TPM_HANDLE platform)
This command allows removal of a platform-created NV Index that has TPMA_NV_POLICY_DELETE SET.
|
void |
Tpm.NV_Write(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
byte[] data,
int offset)
This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
|
void |
Tpm.NV_WriteLock(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex)
If the TPMA_NV_WRITEDEFINE or TPMA_NV_WRITE_STCLEAR attributes of an NV location are SET, then this command may be used to inhibit further writes of the NV Index.
|
TPM2B_PRIVATE |
Tpm.ObjectChangeAuth(TPM_HANDLE objectHandle,
TPM_HANDLE parentHandle,
byte[] newAuth)
This command is used to change the authorization secret for a TPM-resident object.
|
PCR_AllocateResponse |
Tpm.PCR_Allocate(TPM_HANDLE authHandle,
TPMS_PCR_SELECTION[] pcrAllocation)
This command is used to set the desired PCR allocation of PCR and algorithms.
|
TPMT_HA[] |
Tpm.PCR_Event(TPM_HANDLE pcrHandle,
byte[] eventData)
This command is used to cause an update to the indicated PCR.
|
void |
Tpm.PCR_Extend(TPM_HANDLE pcrHandle,
TPMT_HA[] digests)
This command is used to cause an update to the indicated PCR.
|
void |
Tpm.PCR_Reset(TPM_HANDLE pcrHandle)
If the attribute of a PCR allows the PCR to be reset and proper authorization is provided, then this command may be used to set the PCR in all banks to zero.
|
void |
Tpm.PCR_SetAuthPolicy(TPM_HANDLE authHandle,
byte[] authPolicy,
TPM_ALG_ID hashAlg,
TPM_HANDLE pcrNum)
This command is used to associate a policy with a PCR or group of PCR.
|
void |
Tpm.PCR_SetAuthValue(TPM_HANDLE pcrHandle,
byte[] auth)
This command changes the authValue of a PCR or group of PCR.
|
void |
Tpm.Policy_AC_SendSelect(TPM_HANDLE policySession,
byte[] objectName,
byte[] authHandleName,
byte[] acName,
byte includeObject)
This command allows qualification of the sending (copying) of an Object to an Attached Component (AC).
|
void |
Tpm.PolicyAuthorize(TPM_HANDLE policySession,
byte[] approvedPolicy,
byte[] policyRef,
byte[] keySign,
TPMT_TK_VERIFIED checkTicket)
This command allows policies to change.
|
void |
Tpm.PolicyAuthorizeNV(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
TPM_HANDLE policySession)
This command provides a capability that is the equivalent of a revocable policy.
|
void |
Tpm.PolicyAuthValue(TPM_HANDLE policySession)
This command allows a policy to be bound to the authorization value of the authorized entity.
|
void |
Tpm.PolicyCommandCode(TPM_HANDLE policySession,
TPM_CC code)
This command indicates that the authorization will be limited to a specific command code.
|
void |
Tpm.PolicyCounterTimer(TPM_HANDLE policySession,
byte[] operandB,
int offset,
TPM_EO operation)
This command is used to cause conditional gating of a policy based on the contents of the TPMS_TIME_INFO structure.
|
void |
Tpm.PolicyCpHash(TPM_HANDLE policySession,
byte[] cpHashA)
This command is used to allow a policy to be bound to a specific command and command parameters.
|
void |
Tpm.PolicyDuplicationSelect(TPM_HANDLE policySession,
byte[] objectName,
byte[] newParentName,
byte includeObject)
This command allows qualification of duplication to allow duplication to a selected new parent.
|
byte[] |
Tpm.PolicyGetDigest(TPM_HANDLE policySession)
This command returns the current policyDigest of the session.
|
void |
Tpm.PolicyLocality(TPM_HANDLE policySession,
TPMA_LOCALITY locality)
This command indicates that the authorization will be limited to a specific locality.
|
void |
Tpm.PolicyNameHash(TPM_HANDLE policySession,
byte[] nameHash)
This command allows a policy to be bound to a specific set of TPM entities without being bound to the parameters of the command.
|
void |
Tpm.PolicyNV(TPM_HANDLE authHandle,
TPM_HANDLE nvIndex,
TPM_HANDLE policySession,
byte[] operandB,
int offset,
TPM_EO operation)
This command is used to cause conditional gating of a policy based on the contents of an NV Index.
|
void |
Tpm.PolicyNvWritten(TPM_HANDLE policySession,
byte writtenSet)
This command allows a policy to be bound to the TPMA_NV_WRITTEN attributes.
|
void |
Tpm.PolicyOR(TPM_HANDLE policySession,
TPM2B_DIGEST[] pHashList)
This command allows options in authorizations without requiring that the TPM evaluate all of the options.
|
void |
Tpm.PolicyPassword(TPM_HANDLE policySession)
This command allows a policy to be bound to the authorization value of the authorized object.
|
void |
Tpm.PolicyPCR(TPM_HANDLE policySession,
byte[] pcrDigest,
TPMS_PCR_SELECTION[] pcrs)
This command is used to cause conditional gating of a policy based on PCR.
|
void |
Tpm.PolicyPhysicalPresence(TPM_HANDLE policySession)
This command indicates that physical presence will need to be asserted at the time the authorization is performed.
|
void |
Tpm.PolicyRestart(TPM_HANDLE sessionHandle)
This command allows a policy authorization session to be returned to its initial state.
|
PolicySecretResponse |
Tpm.PolicySecret(TPM_HANDLE authHandle,
TPM_HANDLE policySession,
byte[] nonceTPM,
byte[] cpHashA,
byte[] policyRef,
int expiration)
This command includes a secret-based authorization to a policy.
|
PolicySignedResponse |
Tpm.PolicySigned(TPM_HANDLE authObject,
TPM_HANDLE policySession,
byte[] nonceTPM,
byte[] cpHashA,
byte[] policyRef,
int expiration,
TPMU_SIGNATURE auth)
This command includes a signed authorization in a policy.
|
void |
Tpm.PolicyTemplate(TPM_HANDLE policySession,
byte[] templateHash)
This command allows a policy to be bound to a specific creation template.
|
void |
Tpm.PolicyTicket(TPM_HANDLE policySession,
byte[] timeout,
byte[] cpHashA,
byte[] policyRef,
byte[] authName,
TPMT_TK_AUTH ticket)
This command is similar to TPM2_PolicySigned() except that it takes a ticket instead of a signed authorization.
|
void |
Tpm.PP_Commands(TPM_HANDLE auth,
TPM_CC[] setList,
TPM_CC[] clearList)
This command is used to determine which commands require assertion of Physical Presence (PP) in addition to platformAuth/platformPolicy.
|
QuoteResponse |
Tpm.Quote(TPM_HANDLE signHandle,
byte[] qualifyingData,
TPMU_SIG_SCHEME inScheme,
TPMS_PCR_SELECTION[] PCRselect)
This command is used to quote PCR values.
|
ReadPublicResponse |
Tpm.ReadPublic(TPM_HANDLE objectHandle)
This command allows access to the public area of a loaded object.
|
RewrapResponse |
Tpm.Rewrap(TPM_HANDLE oldParent,
TPM_HANDLE newParent,
TPM2B_PRIVATE inDuplicate,
byte[] name,
byte[] inSymSeed)
This command allows the TPM to serve in the role as a Duplication Authority.
|
byte[] |
Tpm.RSA_Decrypt(TPM_HANDLE keyHandle,
byte[] cipherText,
TPMU_ASYM_SCHEME inScheme,
byte[] label)
This command performs RSA decryption using the indicated padding scheme according to IETF RFC 3447 ((PKCS#1).
|
byte[] |
Tpm.RSA_Encrypt(TPM_HANDLE keyHandle,
byte[] message,
TPMU_ASYM_SCHEME inScheme,
byte[] label)
This command performs RSA encryption using the indicated padding scheme according to IETF RFC 3447.
|
SequenceCompleteResponse |
Tpm.SequenceComplete(TPM_HANDLE sequenceHandle,
byte[] buffer,
TPM_HANDLE hierarchy)
This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.
|
void |
Tpm.SequenceUpdate(TPM_HANDLE sequenceHandle,
byte[] buffer)
This command is used to add data to a hash or HMAC sequence.
|
void |
Tpm.SetAlgorithmSet(TPM_HANDLE authHandle,
int algorithmSet)
This command allows the platform to change the set of algorithms that are used by the TPM.
|
void |
Tpm.SetCommandCodeAuditStatus(TPM_HANDLE auth,
TPM_ALG_ID auditAlg,
TPM_CC[] setList,
TPM_CC[] clearList)
This command may be used by the Privacy Administrator or platform to change the audit status of a command or to set the hash algorithm used for the audit digest, but not both at the same time.
|
void |
Tpm.SetPrimaryPolicy(TPM_HANDLE authHandle,
byte[] authPolicy,
TPM_ALG_ID hashAlg)
This command allows setting of the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement hierarchy (endorsementPolicy).
|
TPMU_SIGNATURE |
Tpm.Sign(TPM_HANDLE keyHandle,
byte[] digest,
TPMU_SIG_SCHEME inScheme,
TPMT_TK_HASHCHECK validation)
This command causes the TPM to sign an externally provided hash with the specified symmetric or asymmetric signing key.
|
StartAuthSessionResponse |
Tpm.StartAuthSession(TPM_HANDLE tpmKey,
TPM_HANDLE bind,
byte[] nonceCaller,
byte[] encryptedSalt,
TPM_SE sessionType,
TPMT_SYM_DEF symmetric,
TPM_ALG_ID authHash)
This command is used to start an authorization session using alternative methods of establishing the session key (sessionKey).
|
byte[] |
Tpm.Unseal(TPM_HANDLE itemHandle)
This command returns the data in a loaded Sealed Data Object.
|
TPMT_TK_VERIFIED |
Tpm.VerifySignature(TPM_HANDLE keyHandle,
byte[] digest,
TPMU_SIGNATURE signature)
This command uses loaded keys to validate a signature on a message with the message digest passed to the TPM.
|
ZGen_2PhaseResponse |
Tpm.ZGen_2Phase(TPM_HANDLE keyA,
TPMS_ECC_POINT inQsB,
TPMS_ECC_POINT inQeB,
TPM_ALG_ID inScheme,
int counter)
This command supports two-phase key exchange protocols.
|
| Modifier and Type | Field and Description |
|---|---|
TPM_HANDLE |
TPM2_AC_Send_REQUEST.ac
handle indicating the Attached Component to which the object will be sent Auth Index: None
|
TPM_HANDLE |
TPM2_AC_GetCapability_REQUEST.ac
handle indicating the Attached Component Auth Index: None
|
TPM_HANDLE |
TPM2_ActivateCredential_REQUEST.activateHandle
handle of the object associated with certificate in credentialBlob Auth Index: 1 Auth Role: ADMIN
|
TPM_HANDLE |
TPM2_SetCommandCodeAuditStatus_REQUEST.auth
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PP_Commands_REQUEST.auth
TPM_RH_PLATFORM+PP Auth Index: 1 Auth Role: USER + Physical Presence
|
TPM_HANDLE |
TPM2_EvictControl_REQUEST.auth
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ClockSet_REQUEST.auth
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ClockRateAdjust_REQUEST.auth
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ClearControl_REQUEST.auth
TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_SetPrimaryPolicy_REQUEST.authHandle
TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_SetAlgorithmSet_REQUEST.authHandle
TPM_RH_PLATFORM Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PolicySecret_REQUEST.authHandle
handle for an entity providing the authorization Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PolicyNV_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PolicyAuthorizeNV_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_SetAuthPolicy_REQUEST.authHandle
TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_Allocate_REQUEST.authHandle
TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_Write_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_WriteLock_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_UndefineSpace_REQUEST.authHandle
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_SetBits_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_Read_REQUEST.authHandle
the handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_ReadLock_REQUEST.authHandle
the handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_Increment_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_GlobalWriteLock_REQUEST.authHandle
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_Extend_REQUEST.authHandle
handle indicating the source of the authorization value Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_DefineSpace_REQUEST.authHandle
TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_Certify_REQUEST.authHandle
handle indicating the source of the authorization value for the NV Index Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_HierarchyControl_REQUEST.authHandle
TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_HierarchyChangeAuth_REQUEST.authHandle
TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_Clear_REQUEST.authHandle
TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ChangePPS_REQUEST.authHandle
TPM_RH_PLATFORM+{PP} Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ChangeEPS_REQUEST.authHandle
TPM_RH_PLATFORM+{PP} Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_AC_Send_REQUEST.authHandle
the handle indicating the source of the authorization value Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_PolicySigned_REQUEST.authObject
handle for a key that will validate the signature Auth Index: None
|
TPM_HANDLE |
TPM2_FieldUpgradeStart_REQUEST.authorization
TPM_RH_PLATFORM+{PP} Auth Index:1 Auth Role: ADMIN
|
TPM_HANDLE |
TPM2_StartAuthSession_REQUEST.bind
entity providing the authValue may be TPM_RH_NULL Auth Index: None
|
TPM_HANDLE |
TPM2_HierarchyControl_REQUEST.enable
the enable being modified TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM, or TPM_RH_PLATFORM_NV
|
TPM_HANDLE |
TPM2_FlushContext_REQUEST.flushHandle
the handle of the item to flush NOTE This is a use of a handle as a parameter.
|
TPM_HANDLE |
TPMS_TAGGED_POLICY.handle
a permanent handle
|
TPM_HANDLE[] |
TPML_HANDLE.handle
an array of handles
|
TPM_HANDLE |
TPM2_MakeCredential_REQUEST.handle
loaded public area, used to encrypt the sensitive area containing the credential key Auth Index: None
|
TPM_HANDLE |
TPM2_MAC_Start_REQUEST.handle
handle of a MAC key Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_MAC_REQUEST.handle
handle for the symmetric signing key providing the MAC key Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_HMAC_Start_REQUEST.handle
handle of an HMAC key Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_HMAC_REQUEST.handle
handle for the symmetric signing key providing the HMAC key Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
StartAuthSessionResponse.handle
handle for the newly created session
|
TPM_HANDLE |
SessionIn.handle
Session handle
|
TPM_HANDLE |
MAC_StartResponse.handle
a handle to reference the sequence
|
TPM_HANDLE |
LoadResponse.handle
handle of type TPM_HT_TRANSIENT for the loaded object
|
TPM_HANDLE |
LoadExternalResponse.handle
handle of type TPM_HT_TRANSIENT for the loaded object
|
TPM_HANDLE |
HMAC_StartResponse.handle
a handle to reference the sequence
|
TPM_HANDLE |
HashSequenceStartResponse.handle
a handle to reference the sequence
|
TPM_HANDLE |
CreatePrimaryResponse.handle
handle of type TPM_HT_TRANSIENT for created Primary Object
|
TPM_HANDLE |
CreateLoadedResponse.handle
handle of type TPM_HT_TRANSIENT for created object
|
TPM_HANDLE |
ContextLoadResponse.handle
the handle assigned to the resource after it has been successfully loaded
|
TPM_HANDLE |
TPMT_TK_VERIFIED.hierarchy
the hierarchy containing keyName
|
TPM_HANDLE |
TPMT_TK_HASHCHECK.hierarchy
the hierarchy
|
TPM_HANDLE |
TPMT_TK_CREATION.hierarchy
the hierarchy containing name
|
TPM_HANDLE |
TPMT_TK_AUTH.hierarchy
the hierarchy of the object used to produce the ticket
|
TPM_HANDLE |
TPMS_CONTEXT.hierarchy
the hierarchy of the context
|
TPM_HANDLE |
TPM2_SequenceComplete_REQUEST.hierarchy
hierarchy of the ticket for a hash
|
TPM_HANDLE |
TPM2_LoadExternal_REQUEST.hierarchy
hierarchy with which the object area is associated
|
TPM_HANDLE |
TPM2_Hash_REQUEST.hierarchy
hierarchy to use for the ticket (TPM_RH_NULL allowed)
|
TPM_HANDLE |
TPM2_Unseal_REQUEST.itemHandle
handle of a loaded data object Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ZGen_2Phase_REQUEST.keyA
handle of an unrestricted decryption key ECC The private key referenced by this handle is used as dS,A Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_VerifySignature_REQUEST.keyHandle
handle of public key that will be used in the validation Auth Index: None
|
TPM_HANDLE |
TPM2_Sign_REQUEST.keyHandle
Handle of key that will perform signing Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_RSA_Encrypt_REQUEST.keyHandle
reference to public portion of RSA key to use for encryption Auth Index: None
|
TPM_HANDLE |
TPM2_RSA_Decrypt_REQUEST.keyHandle
RSA key to use for decryption Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_FieldUpgradeStart_REQUEST.keyHandle
handle of a public area that contains the TPM Vendor Authorization Key that will be used to validate manifestSignature Auth Index: None
|
TPM_HANDLE |
TPM2_EncryptDecrypt_REQUEST.keyHandle
the symmetric key used for the operation Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_EncryptDecrypt2_REQUEST.keyHandle
the symmetric key used for the operation Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ECDH_ZGen_REQUEST.keyHandle
handle of a loaded ECC key Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_ECDH_KeyGen_REQUEST.keyHandle
Handle of a loaded ECC key public area.
|
TPM_HANDLE |
TPM2_ActivateCredential_REQUEST.keyHandle
loaded key used to decrypt the TPMS_SENSITIVE in credentialBlob Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_DictionaryAttackParameters_REQUEST.lockHandle
TPM_RH_LOCKOUT Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_DictionaryAttackLockReset_REQUEST.lockHandle
TPM_RH_LOCKOUT Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_Rewrap_REQUEST.newParent
new parent of the object Auth Index: None
|
TPM_HANDLE |
TPM2_Duplicate_REQUEST.newParentHandle
shall reference the public area of an asymmetric key Auth Index: None
|
static TPM_HANDLE |
TPM_HANDLE.NULL
Represents TPM_RH.NULL handle constant
|
TPM_HANDLE |
TPMS_NV_PUBLIC.nvIndex
the handle of the data area
|
TPM_HANDLE |
TPM2_PolicyNV_REQUEST.nvIndex
the NV Index of the area to read Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyAuthorizeNV_REQUEST.nvIndex
the NV Index of the area to read Auth Index: None
|
TPM_HANDLE |
TPM2_NV_Write_REQUEST.nvIndex
the NV Index of the area to write Auth Index: None
|
TPM_HANDLE |
TPM2_NV_WriteLock_REQUEST.nvIndex
the NV Index of the area to lock Auth Index: None
|
TPM_HANDLE |
TPM2_NV_UndefineSpace_REQUEST.nvIndex
the NV Index to remove from NV space Auth Index: None
|
TPM_HANDLE |
TPM2_NV_UndefineSpaceSpecial_REQUEST.nvIndex
Index to be deleted Auth Index: 1 Auth Role: ADMIN
|
TPM_HANDLE |
TPM2_NV_SetBits_REQUEST.nvIndex
NV Index of the area in which the bit is to be set Auth Index: None
|
TPM_HANDLE |
TPM2_NV_Read_REQUEST.nvIndex
the NV Index to be read Auth Index: None
|
TPM_HANDLE |
TPM2_NV_ReadPublic_REQUEST.nvIndex
the NV Index Auth Index: None
|
TPM_HANDLE |
TPM2_NV_ReadLock_REQUEST.nvIndex
the NV Index to be locked Auth Index: None
|
TPM_HANDLE |
TPM2_NV_Increment_REQUEST.nvIndex
the NV Index to increment Auth Index: None
|
TPM_HANDLE |
TPM2_NV_Extend_REQUEST.nvIndex
the NV Index to extend Auth Index: None
|
TPM_HANDLE |
TPM2_NV_ChangeAuth_REQUEST.nvIndex
handle of the entity Auth Index: 1 Auth Role: ADMIN
|
TPM_HANDLE |
TPM2_NV_Certify_REQUEST.nvIndex
Index for the area to be certified Auth Index: None
|
TPM_HANDLE |
TPM2_ReadPublic_REQUEST.objectHandle
TPM handle of an object Auth Index: None
|
TPM_HANDLE |
TPM2_ObjectChangeAuth_REQUEST.objectHandle
handle of the object Auth Index: 1 Auth Role: ADMIN
|
TPM_HANDLE |
TPM2_EvictControl_REQUEST.objectHandle
the handle of a loaded object Auth Index: None
|
TPM_HANDLE |
TPM2_Duplicate_REQUEST.objectHandle
loaded object to duplicate Auth Index: 1 Auth Role: DUP
|
TPM_HANDLE |
TPM2_Certify_REQUEST.objectHandle
handle of the object to be certified Auth Index: 1 Auth Role: ADMIN
|
TPM_HANDLE |
TPM2_CertifyCreation_REQUEST.objectHandle
the object associated with the creation data Auth Index: None
|
TPM_HANDLE |
TPM2_Rewrap_REQUEST.oldParent
parent of object Auth Index: 1 Auth Role: User
|
TPM_HANDLE |
TPM2_ObjectChangeAuth_REQUEST.parentHandle
handle of the parent Auth Index: None
|
TPM_HANDLE |
TPM2_Load_REQUEST.parentHandle
TPM handle of parent key; shall not be a reserved handle Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_Import_REQUEST.parentHandle
the handle of the new parent for the object Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_Create_REQUEST.parentHandle
handle of parent for new object Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_CreateLoaded_REQUEST.parentHandle
Handle of a transient storage key, a persistent storage key, TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, or TPM_RH_NULL Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_SetAuthValue_REQUEST.pcrHandle
handle for a PCR that may have an authorization value set Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_Reset_REQUEST.pcrHandle
the PCR to reset Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_Extend_REQUEST.pcrHandle
handle of the PCR Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_Event_REQUEST.pcrHandle
Handle of the PCR Auth Handle: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_EventSequenceComplete_REQUEST.pcrHandle
PCR to be extended with the Event data Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_PCR_SetAuthPolicy_REQUEST.pcrNum
the PCR for which the policy is to be set
|
TPM_HANDLE |
TPM2_EvictControl_REQUEST.persistentHandle
if objectHandle is a transient object handle, then this is the persistent handle for the object if objectHandle is a persistent object handle, then it shall be the same value as persistentHandle
|
TPM_HANDLE |
TPM2_NV_UndefineSpaceSpecial_REQUEST.platform
TPM_RH_PLATFORM + {PP} Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_Policy_AC_SendSelect_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyTicket_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyTemplate_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicySigned_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicySecret_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyPhysicalPresence_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyPCR_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyPassword_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyOR_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyNV_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyNvWritten_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyNameHash_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyLocality_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyGetDigest_REQUEST.policySession
handle for the policy session Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyDuplicationSelect_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyCpHash_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyCounterTimer_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyCommandCode_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyAuthValue_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyAuthorize_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_PolicyAuthorizeNV_REQUEST.policySession
handle for the policy session being extended Auth Index: None
|
TPM_HANDLE |
TPM2_CreatePrimary_REQUEST.primaryHandle
TPM_RH_ENDORSEMENT, TPM_RH_OWNER, TPM_RH_PLATFORM+{PP}, or TPM_RH_NULL Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_GetTime_REQUEST.privacyAdminHandle
handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_GetSessionAuditDigest_REQUEST.privacyAdminHandle
handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_GetCommandAuditDigest_REQUEST.privacyHandle
handle of the privacy administrator (TPM_RH_ENDORSEMENT) Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPMS_CONTEXT.savedHandle
a handle indicating if the context is a session, object, or sequence object See Table 212 Context Handle Values
|
TPM_HANDLE |
TPM2_ContextSave_REQUEST.saveHandle
handle of the resource to save Auth Index: None
|
TPM_HANDLE |
TPM2_AC_Send_REQUEST.sendObject
handle of the object being sent to ac Auth Index: 1 Auth Role: DUP
|
TPM_HANDLE |
TPM2_SequenceUpdate_REQUEST.sequenceHandle
handle for the sequence object Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_SequenceComplete_REQUEST.sequenceHandle
authorization for the sequence Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_EventSequenceComplete_REQUEST.sequenceHandle
authorization for the sequence Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPMS_AUTH_COMMAND.sessionHandle
the session handle
|
TPM_HANDLE |
TPM2_PolicyRestart_REQUEST.sessionHandle
the handle for the policy session
|
TPM_HANDLE |
TPM2_GetSessionAuditDigest_REQUEST.sessionHandle
handle of the audit session Auth Index: None
|
TPM_HANDLE |
TPM2_Quote_REQUEST.signHandle
handle of key that will perform signature Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_NV_Certify_REQUEST.signHandle
handle of the key used to sign the attestation structure Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_GetTime_REQUEST.signHandle
the keyHandle identifier of a loaded key that can perform digital signatures Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_GetSessionAuditDigest_REQUEST.signHandle
handle of the signing key Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_GetCommandAuditDigest_REQUEST.signHandle
the handle of the signing key Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_Commit_REQUEST.signHandle
handle of the key that will be used in the signing operation Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_Certify_REQUEST.signHandle
handle of the key used to sign the attestation structure Auth Index: 2 Auth Role: USER
|
TPM_HANDLE |
TPM2_CertifyCreation_REQUEST.signHandle
handle of the key that will sign the attestation block Auth Index: 1 Auth Role: USER
|
TPM_HANDLE |
TPM2_StartAuthSession_REQUEST.tpmKey
handle of a loaded decrypt key used to encrypt salt may be TPM_RH_NULL Auth Index: None
|
| Modifier and Type | Method and Description |
|---|---|
static TPM_HANDLE |
TPM_HANDLE.from(int val)
Creates a TPM handle from an arbitrary int value
|
static TPM_HANDLE |
TPM_HANDLE.from(TPM_RH _handle)
Creates a TPM handle from a reserved handle constant
|
static TPM_HANDLE |
TPM_HANDLE.fromTpm(byte[] x) |
static TPM_HANDLE |
TPM_HANDLE.fromTpm(InByteBuf buf) |
static TPM_HANDLE |
TPM_HANDLE.NV(int NvSlot)
Creates a TPM_HANDLE for an NV slot
|
static TPM_HANDLE |
TPM_HANDLE.pcr(int PcrIndex)
Creates a TPM_HANDLE for a PCR
|
static TPM_HANDLE |
TPM_HANDLE.persistent(int handleOffset)
Creates a TPM_HANDLE from an offset into the reserved handle space
|
static TPM_HANDLE |
TPM_HANDLE.pwSession(byte[] authValue)
Creates a password session handle with the associated authorization value
|
| Constructor and Description |
|---|
ContextLoadResponse(TPM_HANDLE _handle)
This command is used to reload a context that has been saved by TPM2_ContextSave().
|
CreateLoadedResponse(TPM_HANDLE _handle,
TPM2B_PRIVATE _outPrivate,
TPMT_PUBLIC _outPublic,
byte[] _name)
This command creates an object and loads it in the TPM.
|
CreatePrimaryResponse(TPM_HANDLE _handle,
TPMT_PUBLIC _outPublic,
TPMS_CREATION_DATA _creationData,
byte[] _creationHash,
TPMT_TK_CREATION _creationTicket,
byte[] _name)
This command is used to create a Primary Object under one of the Primary Seeds or a Temporary Object under TPM_RH_NULL.
|
HashSequenceStartResponse(TPM_HANDLE _handle)
This command starts a hash or an Event Sequence.
|
HMAC_StartResponse(TPM_HANDLE _handle)
This command starts an HMAC sequence.
|
LoadExternalResponse(TPM_HANDLE _handle,
byte[] _name)
This command is used to load an object that is not a Protected Object into the TPM.
|
LoadResponse(TPM_HANDLE _handle,
byte[] _name)
This command is used to load objects into the TPM.
|
MAC_StartResponse(TPM_HANDLE _handle)
This command starts a MAC sequence.
|
SessionIn(TPM_HANDLE _handle,
byte[] _nonceCaller,
TPMA_SESSION _attributes,
byte[] _auth)
Structure representing a session block in a command buffer [tss]
|
StartAuthSessionResponse(TPM_HANDLE _handle,
byte[] _nonceTPM)
This command is used to start an authorization session using alternative methods of establishing the session key (sessionKey).
|
TPM2_AC_GetCapability_REQUEST(TPM_HANDLE _ac,
TPM_AT _capability,
int _count)
The purpose of this command is to obtain information about an Attached Component referenced by an AC handle.
|
TPM2_AC_Send_REQUEST(TPM_HANDLE _sendObject,
TPM_HANDLE _authHandle,
TPM_HANDLE _ac,
byte[] _acDataIn)
The purpose of this command is to send (copy) a loaded object from the TPM to an Attached Component.
|
TPM2_ActivateCredential_REQUEST(TPM_HANDLE _activateHandle,
TPM_HANDLE _keyHandle,
TPMS_ID_OBJECT _credentialBlob,
byte[] _secret)
This command enables the association of a credential with an object in a way that ensures that the TPM has validated the parameters of the credentialed object.
|
TPM2_Certify_REQUEST(TPM_HANDLE _objectHandle,
TPM_HANDLE _signHandle,
byte[] _qualifyingData,
TPMU_SIG_SCHEME _inScheme)
The purpose of this command is to prove that an object with a specific Name is loaded in the TPM.
|
TPM2_CertifyCreation_REQUEST(TPM_HANDLE _signHandle,
TPM_HANDLE _objectHandle,
byte[] _qualifyingData,
byte[] _creationHash,
TPMU_SIG_SCHEME _inScheme,
TPMT_TK_CREATION _creationTicket)
This command is used to prove the association between an object and its creation data.
|
TPM2_ChangeEPS_REQUEST(TPM_HANDLE _authHandle)
This replaces the current endorsement primary seed (EPS) with a value from the RNG and sets the Endorsement hierarchy controls to their default initialization values: ehEnable is SET, endorsementAuth and endorsementPolicy are both set to the Empty Buffer.
|
TPM2_ChangePPS_REQUEST(TPM_HANDLE _authHandle)
This replaces the current platform primary seed (PPS) with a value from the RNG and sets platformPolicy to the default initialization value (the Empty Buffer).
|
TPM2_Clear_REQUEST(TPM_HANDLE _authHandle)
This command removes all TPM context associated with a specific Owner.
|
TPM2_ClearControl_REQUEST(TPM_HANDLE _auth,
byte _disable)
TPM2_ClearControl() disables and enables the execution of TPM2_Clear().
|
TPM2_ClockRateAdjust_REQUEST(TPM_HANDLE _auth,
TPM_CLOCK_ADJUST _rateAdjust)
This command adjusts the rate of advance of Clock and Time to provide a better approximation to real time.
|
TPM2_ClockSet_REQUEST(TPM_HANDLE _auth,
long _newTime)
This command is used to advance the value of the TPMs Clock.
|
TPM2_Commit_REQUEST(TPM_HANDLE _signHandle,
TPMS_ECC_POINT _P1,
byte[] _s2,
byte[] _y2)
TPM2_Commit() performs the first part of an ECC anonymous signing operation.
|
TPM2_ContextSave_REQUEST(TPM_HANDLE _saveHandle)
This command saves a session context, object context, or sequence object context outside the TPM.
|
TPM2_Create_REQUEST(TPM_HANDLE _parentHandle,
TPMS_SENSITIVE_CREATE _inSensitive,
TPMT_PUBLIC _inPublic,
byte[] _outsideInfo,
TPMS_PCR_SELECTION[] _creationPCR)
This command is used to create an object that can be loaded into a TPM using TPM2_Load().
|
TPM2_CreateLoaded_REQUEST(TPM_HANDLE _parentHandle,
TPMS_SENSITIVE_CREATE _inSensitive,
byte[] _inPublic)
This command creates an object and loads it in the TPM.
|
TPM2_CreatePrimary_REQUEST(TPM_HANDLE _primaryHandle,
TPMS_SENSITIVE_CREATE _inSensitive,
TPMT_PUBLIC _inPublic,
byte[] _outsideInfo,
TPMS_PCR_SELECTION[] _creationPCR)
This command is used to create a Primary Object under one of the Primary Seeds or a Temporary Object under TPM_RH_NULL.
|
TPM2_DictionaryAttackLockReset_REQUEST(TPM_HANDLE _lockHandle)
This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
|
TPM2_DictionaryAttackParameters_REQUEST(TPM_HANDLE _lockHandle,
int _newMaxTries,
int _newRecoveryTime,
int _lockoutRecovery)
This command changes the lockout parameters.
|
TPM2_Duplicate_REQUEST(TPM_HANDLE _objectHandle,
TPM_HANDLE _newParentHandle,
byte[] _encryptionKeyIn,
TPMT_SYM_DEF_OBJECT _symmetricAlg)
This command duplicates a loaded object so that it may be used in a different hierarchy.
|
TPM2_ECDH_KeyGen_REQUEST(TPM_HANDLE _keyHandle)
This command uses the TPM to generate an ephemeral key pair (de, Qe where Qe [de]G).
|
TPM2_ECDH_ZGen_REQUEST(TPM_HANDLE _keyHandle,
TPMS_ECC_POINT _inPoint)
This command uses the TPM to recover the Z value from a public point (QB) and a private key (ds).
|
TPM2_EncryptDecrypt_REQUEST(TPM_HANDLE _keyHandle,
byte _decrypt,
TPM_ALG_ID _mode,
byte[] _ivIn,
byte[] _inData)
NOTE 1 This command is deprecated, and TPM2_EncryptDecrypt2() is preferred.
|
TPM2_EncryptDecrypt2_REQUEST(TPM_HANDLE _keyHandle,
byte[] _inData,
byte _decrypt,
TPM_ALG_ID _mode,
byte[] _ivIn)
This command is identical to TPM2_EncryptDecrypt(), except that the inData parameter is the first parameter.
|
TPM2_EventSequenceComplete_REQUEST(TPM_HANDLE _pcrHandle,
TPM_HANDLE _sequenceHandle,
byte[] _buffer)
This command adds the last part of data, if any, to an Event Sequence and returns the result in a digest list.
|
TPM2_EvictControl_REQUEST(TPM_HANDLE _auth,
TPM_HANDLE _objectHandle,
TPM_HANDLE _persistentHandle)
This command allows certain Transient Objects to be made persistent or a persistent object to be evicted.
|
TPM2_FieldUpgradeStart_REQUEST(TPM_HANDLE _authorization,
TPM_HANDLE _keyHandle,
byte[] _fuDigest,
TPMU_SIGNATURE _manifestSignature)
This command uses platformPolicy and a TPM Vendor Authorization Key to authorize a Field Upgrade Manifest.
|
TPM2_FlushContext_REQUEST(TPM_HANDLE _flushHandle)
This command causes all context associated with a loaded object, sequence object, or session to be removed from TPM memory.
|
TPM2_GetCommandAuditDigest_REQUEST(TPM_HANDLE _privacyHandle,
TPM_HANDLE _signHandle,
byte[] _qualifyingData,
TPMU_SIG_SCHEME _inScheme)
This command returns the current value of the command audit digest, a digest of the commands being audited, and the audit hash algorithm.
|
TPM2_GetSessionAuditDigest_REQUEST(TPM_HANDLE _privacyAdminHandle,
TPM_HANDLE _signHandle,
TPM_HANDLE _sessionHandle,
byte[] _qualifyingData,
TPMU_SIG_SCHEME _inScheme)
This command returns a digital signature of the audit session digest.
|
TPM2_GetTime_REQUEST(TPM_HANDLE _privacyAdminHandle,
TPM_HANDLE _signHandle,
byte[] _qualifyingData,
TPMU_SIG_SCHEME _inScheme)
This command returns the current values of Time and Clock.
|
TPM2_Hash_REQUEST(byte[] _data,
TPM_ALG_ID _hashAlg,
TPM_HANDLE _hierarchy)
This command performs a hash operation on a data buffer and returns the results.
|
TPM2_HierarchyChangeAuth_REQUEST(TPM_HANDLE _authHandle,
byte[] _newAuth)
This command allows the authorization secret for a hierarchy or lockout to be changed using the current authorization value as the command authorization.
|
TPM2_HierarchyControl_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _enable,
byte _state)
This command enables and disables use of a hierarchy and its associated NV storage.
|
TPM2_HMAC_REQUEST(TPM_HANDLE _handle,
byte[] _buffer,
TPM_ALG_ID _hashAlg)
This command performs an HMAC on the supplied data using the indicated hash algorithm.
|
TPM2_HMAC_Start_REQUEST(TPM_HANDLE _handle,
byte[] _auth,
TPM_ALG_ID _hashAlg)
This command starts an HMAC sequence.
|
TPM2_Import_REQUEST(TPM_HANDLE _parentHandle,
byte[] _encryptionKey,
TPMT_PUBLIC _objectPublic,
TPM2B_PRIVATE _duplicate,
byte[] _inSymSeed,
TPMT_SYM_DEF_OBJECT _symmetricAlg)
This command allows an object to be encrypted using the symmetric encryption values of a Storage Key.
|
TPM2_Load_REQUEST(TPM_HANDLE _parentHandle,
TPM2B_PRIVATE _inPrivate,
TPMT_PUBLIC _inPublic)
This command is used to load objects into the TPM.
|
TPM2_LoadExternal_REQUEST(TPMT_SENSITIVE _inPrivate,
TPMT_PUBLIC _inPublic,
TPM_HANDLE _hierarchy)
This command is used to load an object that is not a Protected Object into the TPM.
|
TPM2_MAC_REQUEST(TPM_HANDLE _handle,
byte[] _buffer,
TPM_ALG_ID _inScheme)
This command performs an HMAC or a block cipher MAC on the supplied data using the indicated algorithm.
|
TPM2_MAC_Start_REQUEST(TPM_HANDLE _handle,
byte[] _auth,
TPM_ALG_ID _inScheme)
This command starts a MAC sequence.
|
TPM2_MakeCredential_REQUEST(TPM_HANDLE _handle,
byte[] _credential,
byte[] _objectName)
This command allows the TPM to perform the actions required of a Certificate Authority (CA) in creating a TPM2B_ID_OBJECT containing an activation credential.
|
TPM2_NV_Certify_REQUEST(TPM_HANDLE _signHandle,
TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
byte[] _qualifyingData,
TPMU_SIG_SCHEME _inScheme,
int _size,
int _offset)
The purpose of this command is to certify the contents of an NV Index or portion of an NV Index.
|
TPM2_NV_ChangeAuth_REQUEST(TPM_HANDLE _nvIndex,
byte[] _newAuth)
This command allows the authorization secret for an NV Index to be changed.
|
TPM2_NV_DefineSpace_REQUEST(TPM_HANDLE _authHandle,
byte[] _auth,
TPMS_NV_PUBLIC _publicInfo)
This command defines the attributes of an NV Index and causes the TPM to reserve space to hold the data associated with the NV Index.
|
TPM2_NV_Extend_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
byte[] _data)
This command extends a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace.
|
TPM2_NV_GlobalWriteLock_REQUEST(TPM_HANDLE _authHandle)
The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET.
|
TPM2_NV_Increment_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex)
This command is used to increment the value in an NV Index that has the TPM_NT_COUNTER attribute.
|
TPM2_NV_Read_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
int _size,
int _offset)
This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
|
TPM2_NV_ReadLock_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex)
If TPMA_NV_READ_STCLEAR is SET in an Index, then this command may be used to prevent further reads of the NV Index until the next TPM2_Startup (TPM_SU_CLEAR).
|
TPM2_NV_ReadPublic_REQUEST(TPM_HANDLE _nvIndex)
This command is used to read the public area and Name of an NV Index.
|
TPM2_NV_SetBits_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
long _bits)
This command is used to SET bits in an NV Index that was created as a bit field.
|
TPM2_NV_UndefineSpace_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex)
This command removes an Index from the TPM.
|
TPM2_NV_UndefineSpaceSpecial_REQUEST(TPM_HANDLE _nvIndex,
TPM_HANDLE _platform)
This command allows removal of a platform-created NV Index that has TPMA_NV_POLICY_DELETE SET.
|
TPM2_NV_Write_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
byte[] _data,
int _offset)
This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace().
|
TPM2_NV_WriteLock_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex)
If the TPMA_NV_WRITEDEFINE or TPMA_NV_WRITE_STCLEAR attributes of an NV location are SET, then this command may be used to inhibit further writes of the NV Index.
|
TPM2_ObjectChangeAuth_REQUEST(TPM_HANDLE _objectHandle,
TPM_HANDLE _parentHandle,
byte[] _newAuth)
This command is used to change the authorization secret for a TPM-resident object.
|
TPM2_PCR_Allocate_REQUEST(TPM_HANDLE _authHandle,
TPMS_PCR_SELECTION[] _pcrAllocation)
This command is used to set the desired PCR allocation of PCR and algorithms.
|
TPM2_PCR_Event_REQUEST(TPM_HANDLE _pcrHandle,
byte[] _eventData)
This command is used to cause an update to the indicated PCR.
|
TPM2_PCR_Extend_REQUEST(TPM_HANDLE _pcrHandle,
TPMT_HA[] _digests)
This command is used to cause an update to the indicated PCR.
|
TPM2_PCR_Reset_REQUEST(TPM_HANDLE _pcrHandle)
If the attribute of a PCR allows the PCR to be reset and proper authorization is provided, then this command may be used to set the PCR in all banks to zero.
|
TPM2_PCR_SetAuthPolicy_REQUEST(TPM_HANDLE _authHandle,
byte[] _authPolicy,
TPM_ALG_ID _hashAlg,
TPM_HANDLE _pcrNum)
This command is used to associate a policy with a PCR or group of PCR.
|
TPM2_PCR_SetAuthValue_REQUEST(TPM_HANDLE _pcrHandle,
byte[] _auth)
This command changes the authValue of a PCR or group of PCR.
|
TPM2_Policy_AC_SendSelect_REQUEST(TPM_HANDLE _policySession,
byte[] _objectName,
byte[] _authHandleName,
byte[] _acName,
byte _includeObject)
This command allows qualification of the sending (copying) of an Object to an Attached Component (AC).
|
TPM2_PolicyAuthorize_REQUEST(TPM_HANDLE _policySession,
byte[] _approvedPolicy,
byte[] _policyRef,
byte[] _keySign,
TPMT_TK_VERIFIED _checkTicket)
This command allows policies to change.
|
TPM2_PolicyAuthorizeNV_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
TPM_HANDLE _policySession)
This command provides a capability that is the equivalent of a revocable policy.
|
TPM2_PolicyAuthValue_REQUEST(TPM_HANDLE _policySession)
This command allows a policy to be bound to the authorization value of the authorized entity.
|
TPM2_PolicyCommandCode_REQUEST(TPM_HANDLE _policySession,
TPM_CC _code)
This command indicates that the authorization will be limited to a specific command code.
|
TPM2_PolicyCounterTimer_REQUEST(TPM_HANDLE _policySession,
byte[] _operandB,
int _offset,
TPM_EO _operation)
This command is used to cause conditional gating of a policy based on the contents of the TPMS_TIME_INFO structure.
|
TPM2_PolicyCpHash_REQUEST(TPM_HANDLE _policySession,
byte[] _cpHashA)
This command is used to allow a policy to be bound to a specific command and command parameters.
|
TPM2_PolicyDuplicationSelect_REQUEST(TPM_HANDLE _policySession,
byte[] _objectName,
byte[] _newParentName,
byte _includeObject)
This command allows qualification of duplication to allow duplication to a selected new parent.
|
TPM2_PolicyGetDigest_REQUEST(TPM_HANDLE _policySession)
This command returns the current policyDigest of the session.
|
TPM2_PolicyLocality_REQUEST(TPM_HANDLE _policySession,
TPMA_LOCALITY _locality)
This command indicates that the authorization will be limited to a specific locality.
|
TPM2_PolicyNameHash_REQUEST(TPM_HANDLE _policySession,
byte[] _nameHash)
This command allows a policy to be bound to a specific set of TPM entities without being bound to the parameters of the command.
|
TPM2_PolicyNV_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _nvIndex,
TPM_HANDLE _policySession,
byte[] _operandB,
int _offset,
TPM_EO _operation)
This command is used to cause conditional gating of a policy based on the contents of an NV Index.
|
TPM2_PolicyNvWritten_REQUEST(TPM_HANDLE _policySession,
byte _writtenSet)
This command allows a policy to be bound to the TPMA_NV_WRITTEN attributes.
|
TPM2_PolicyOR_REQUEST(TPM_HANDLE _policySession,
TPM2B_DIGEST[] _pHashList)
This command allows options in authorizations without requiring that the TPM evaluate all of the options.
|
TPM2_PolicyPassword_REQUEST(TPM_HANDLE _policySession)
This command allows a policy to be bound to the authorization value of the authorized object.
|
TPM2_PolicyPCR_REQUEST(TPM_HANDLE _policySession,
byte[] _pcrDigest,
TPMS_PCR_SELECTION[] _pcrs)
This command is used to cause conditional gating of a policy based on PCR.
|
TPM2_PolicyPhysicalPresence_REQUEST(TPM_HANDLE _policySession)
This command indicates that physical presence will need to be asserted at the time the authorization is performed.
|
TPM2_PolicyRestart_REQUEST(TPM_HANDLE _sessionHandle)
This command allows a policy authorization session to be returned to its initial state.
|
TPM2_PolicySecret_REQUEST(TPM_HANDLE _authHandle,
TPM_HANDLE _policySession,
byte[] _nonceTPM,
byte[] _cpHashA,
byte[] _policyRef,
int _expiration)
This command includes a secret-based authorization to a policy.
|
TPM2_PolicySigned_REQUEST(TPM_HANDLE _authObject,
TPM_HANDLE _policySession,
byte[] _nonceTPM,
byte[] _cpHashA,
byte[] _policyRef,
int _expiration,
TPMU_SIGNATURE _auth)
This command includes a signed authorization in a policy.
|
TPM2_PolicyTemplate_REQUEST(TPM_HANDLE _policySession,
byte[] _templateHash)
This command allows a policy to be bound to a specific creation template.
|
TPM2_PolicyTicket_REQUEST(TPM_HANDLE _policySession,
byte[] _timeout,
byte[] _cpHashA,
byte[] _policyRef,
byte[] _authName,
TPMT_TK_AUTH _ticket)
This command is similar to TPM2_PolicySigned() except that it takes a ticket instead of a signed authorization.
|
TPM2_PP_Commands_REQUEST(TPM_HANDLE _auth,
TPM_CC[] _setList,
TPM_CC[] _clearList)
This command is used to determine which commands require assertion of Physical Presence (PP) in addition to platformAuth/platformPolicy.
|
TPM2_Quote_REQUEST(TPM_HANDLE _signHandle,
byte[] _qualifyingData,
TPMU_SIG_SCHEME _inScheme,
TPMS_PCR_SELECTION[] _PCRselect)
This command is used to quote PCR values.
|
TPM2_ReadPublic_REQUEST(TPM_HANDLE _objectHandle)
This command allows access to the public area of a loaded object.
|
TPM2_Rewrap_REQUEST(TPM_HANDLE _oldParent,
TPM_HANDLE _newParent,
TPM2B_PRIVATE _inDuplicate,
byte[] _name,
byte[] _inSymSeed)
This command allows the TPM to serve in the role as a Duplication Authority.
|
TPM2_RSA_Decrypt_REQUEST(TPM_HANDLE _keyHandle,
byte[] _cipherText,
TPMU_ASYM_SCHEME _inScheme,
byte[] _label)
This command performs RSA decryption using the indicated padding scheme according to IETF RFC 3447 ((PKCS#1).
|
TPM2_RSA_Encrypt_REQUEST(TPM_HANDLE _keyHandle,
byte[] _message,
TPMU_ASYM_SCHEME _inScheme,
byte[] _label)
This command performs RSA encryption using the indicated padding scheme according to IETF RFC 3447.
|
TPM2_SequenceComplete_REQUEST(TPM_HANDLE _sequenceHandle,
byte[] _buffer,
TPM_HANDLE _hierarchy)
This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result.
|
TPM2_SequenceUpdate_REQUEST(TPM_HANDLE _sequenceHandle,
byte[] _buffer)
This command is used to add data to a hash or HMAC sequence.
|
TPM2_SetAlgorithmSet_REQUEST(TPM_HANDLE _authHandle,
int _algorithmSet)
This command allows the platform to change the set of algorithms that are used by the TPM.
|
TPM2_SetCommandCodeAuditStatus_REQUEST(TPM_HANDLE _auth,
TPM_ALG_ID _auditAlg,
TPM_CC[] _setList,
TPM_CC[] _clearList)
This command may be used by the Privacy Administrator or platform to change the audit status of a command or to set the hash algorithm used for the audit digest, but not both at the same time.
|
TPM2_SetPrimaryPolicy_REQUEST(TPM_HANDLE _authHandle,
byte[] _authPolicy,
TPM_ALG_ID _hashAlg)
This command allows setting of the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement hierarchy (endorsementPolicy).
|
TPM2_Sign_REQUEST(TPM_HANDLE _keyHandle,
byte[] _digest,
TPMU_SIG_SCHEME _inScheme,
TPMT_TK_HASHCHECK _validation)
This command causes the TPM to sign an externally provided hash with the specified symmetric or asymmetric signing key.
|
TPM2_StartAuthSession_REQUEST(TPM_HANDLE _tpmKey,
TPM_HANDLE _bind,
byte[] _nonceCaller,
byte[] _encryptedSalt,
TPM_SE _sessionType,
TPMT_SYM_DEF _symmetric,
TPM_ALG_ID _authHash)
This command is used to start an authorization session using alternative methods of establishing the session key (sessionKey).
|
TPM2_Unseal_REQUEST(TPM_HANDLE _itemHandle)
This command returns the data in a loaded Sealed Data Object.
|
TPM2_VerifySignature_REQUEST(TPM_HANDLE _keyHandle,
byte[] _digest,
TPMU_SIGNATURE _signature)
This command uses loaded keys to validate a signature on a message with the message digest passed to the TPM.
|
TPM2_ZGen_2Phase_REQUEST(TPM_HANDLE _keyA,
TPMS_ECC_POINT _inQsB,
TPMS_ECC_POINT _inQeB,
TPM_ALG_ID _inScheme,
int _counter)
This command supports two-phase key exchange protocols.
|
TPML_HANDLE(TPM_HANDLE[] _handle)
This structure is used when the TPM returns a list of loaded handles when the capability in TPM2_GetCapability() is TPM_CAP_HANDLE.
|
TPMS_AUTH_COMMAND(TPM_HANDLE _sessionHandle,
byte[] _nonce,
TPMA_SESSION _sessionAttributes,
byte[] _hmac)
This is the format used for each of the authorizations in the session area of a command.
|
TPMS_CONTEXT(long _sequence,
TPM_HANDLE _savedHandle,
TPM_HANDLE _hierarchy,
TPMS_CONTEXT_DATA _contextBlob)
This structure is used in TPM2_ContextLoad() and TPM2_ContextSave().
|
TPMS_NV_PUBLIC(TPM_HANDLE _nvIndex,
TPM_ALG_ID _nameAlg,
TPMA_NV _attributes,
byte[] _authPolicy,
int _dataSize)
This structure describes an NV Index.
|
TPMS_TAGGED_POLICY(TPM_HANDLE _handle,
TPMT_HA _policyHash)
This structure is used in TPM2_GetCapability() to return the policy associated with a permanent handle.
|
TPMT_TK_AUTH(TPM_ST _tag,
TPM_HANDLE _hierarchy,
byte[] _digest)
This ticket is produced by TPM2_PolicySigned() and TPM2_PolicySecret() when the authorization has an expiration time.
|
TPMT_TK_CREATION(TPM_ST _tag,
TPM_HANDLE _hierarchy,
byte[] _digest)
This ticket is produced by TPM2_Create() or TPM2_CreatePrimary().
|
TPMT_TK_HASHCHECK(TPM_ST _tag,
TPM_HANDLE _hierarchy,
byte[] _digest)
This ticket is produced by TPM2_SequenceComplete() when the message that was digested did not start with TPM_GENERATED_VALUE.
|
TPMT_TK_VERIFIED(TPM_ST _tag,
TPM_HANDLE _hierarchy,
byte[] _digest)
This ticket is produced by TPM2_VerifySignature().
|
Copyright © 2017. All rights reserved.