iaik.tc.tss.impl.java.tcs.pbg
Class TcTpmCmdAdminOwnership

java.lang.Object
  extended by iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon
      extended by iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdAdminOwnership

public class TcTpmCmdAdminOwnership
extends TcTpmCmdCommon


Constructor Summary
TcTpmCmdAdminOwnership()
           
 
Method Summary
static java.lang.Object[] TpmDisableForceClear(TcIStreamDest dest)
          The TPM_DisableForceClear command disables the execution of the TPM_ForceClear command until the next startup cycle.
static java.lang.Object[] TpmDisableOwnerClear(TcIStreamDest dest, TcTcsAuth inAuth1)
          The TpmDisableOwnerClear command disables the ability to execute the TpmOwnerClear command permanently.
static java.lang.Object[] TpmForceClear(TcIStreamDest dest)
          The TpmForceClear command performs the clear operation under physical presence.
static java.lang.Object[] TpmOwnerClear(TcIStreamDest dest, TcTcsAuth inAuth1)
          The TPM_OwnerClear command performs the clear operation under owner authentication.
static java.lang.Object[] TpmTakeOwnership(TcIStreamDest dest, int protocolID, TcBlobData encOwnerAuth, TcBlobData encSrkAuth, TcITpmKeyNew srkParams, TcTcsAuth inAuth1)
          This command inserts the TPM ownership value into the TPM.
static java.lang.Object[] TscPhysicalPresence(TcIStreamDest dest, int physicalPresence)
          Some TPM operations require the indication of a human's physical presence at the platform.
static java.lang.Object[] TscResetEstablishmentBit(TcIStreamDest dest)
          The PC TPM Interface Specification (TIS) specifies setting tpmEstablished to TRUE upon execution of the HASH_START sequence.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TcTpmCmdAdminOwnership

public TcTpmCmdAdminOwnership()
Method Detail

TpmTakeOwnership

public static java.lang.Object[] TpmTakeOwnership(TcIStreamDest dest,
                                                  int protocolID,
                                                  TcBlobData encOwnerAuth,
                                                  TcBlobData encSrkAuth,
                                                  TcITpmKeyNew srkParams,
                                                  TcTcsAuth inAuth1)
                                           throws TcTddlException,
                                                  TcTpmException
This command inserts the TPM ownership value into the TPM. There must be no mechanism to recover this owner secret from the TPM. Recovery would mean removing the old value and setting a new one. To take ownership, the TPM must be enabled, activated and the pFlags.OwnershipDisabled flag must be FALSE.

Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
protocolID - The ownership protocol in use.
encOwnerAuth - The owner AuthData encrypted with PUBEK
encSrkAuth - The SRK AuthData encrypted with PUBEK
srkParams - Structure containing all parameters of new SRK. pubKey.keyLength & encSize are both 0. This structure may be TcTpmKey or TcTpmKey12.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
  • 2 ... Structure containing all parameters of new SRK. srkPub.encData is set to 0.
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
23

TpmOwnerClear

public static java.lang.Object[] TpmOwnerClear(TcIStreamDest dest,
                                               TcTcsAuth inAuth1)
                                        throws TcTddlException,
                                               TcTpmException
The TPM_OwnerClear command performs the clear operation under owner authentication. This command is available until the owner executes the TpmDisableOwnerClear, at which time any further invocation of this command returns TPM_CLEAR_DISABLED.

Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
26

TpmForceClear

public static java.lang.Object[] TpmForceClear(TcIStreamDest dest)
                                        throws TcTddlException,
                                               TcTpmException
The TpmForceClear command performs the clear operation under physical presence. This command is available until the execution of the TpmDisableForceClear, at which time any further invocation of this command returns TPM_CLEAR_DISABLED.

Parameters:
dest - The destination where the byte stream is written to.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
29

TpmDisableOwnerClear

public static java.lang.Object[] TpmDisableOwnerClear(TcIStreamDest dest,
                                                      TcTcsAuth inAuth1)
                                               throws TcTddlException,
                                                      TcTpmException
The TpmDisableOwnerClear command disables the ability to execute the TpmOwnerClear command permanently. Once invoked the only method of clearing the TPM will require physical access to the TPM. After the execution of TPM_ForceClear, ownerClear is re-enabled and must be explicitly disabled again by the new TPM Owner.

Parameters:
dest - The destination where the byte stream is written to.
inAuth1 - Authorization values for first authorization session.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
  • 1 ... outgoing authorization for session containing new nonceEven (TcTpmAuth)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
30

TpmDisableForceClear

public static java.lang.Object[] TpmDisableForceClear(TcIStreamDest dest)
                                               throws TcTddlException,
                                                      TcTpmException
The TPM_DisableForceClear command disables the execution of the TPM_ForceClear command until the next startup cycle. Once this command is executed, the TPM_ForceClear is disabled until another startup cycle is run.

Parameters:
dest - The destination where the byte stream is written to.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
31

TscPhysicalPresence

public static java.lang.Object[] TscPhysicalPresence(TcIStreamDest dest,
                                                     int physicalPresence)
                                              throws TcTddlException,
                                                     TcTpmException
Some TPM operations require the indication of a human's physical presence at the platform. The presence of the human either provides another indication of platform ownership or a mechanism to ensure that the execution of the command is not the result of a remote software process. This command allows a process on the platform to indicate the assertion of physical presence. As this command is executable by software there must be protections against the improper invocation of this command. The physicalPresenceHWEnable and physicalPresenceCMDEnable indicate the ability for either SW or HW to indicate physical presence. These flags can be reset until the physicalPresenceLifetimeLock is set. The platform manufacturer should set these flags to indicate the capabilities of the platform the TPM is bound to. The command provides two sets of functionality. The first is to enable, permanently, either the HW or the SW ability to assert physical presence. The second is to allow SW, if enabled, to assert physical presence.

Parameters:
dest - The destination where the byte stream is written to.
physicalPresence - The state to set the TPM's PhysicalPresence flags.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
35

TscResetEstablishmentBit

public static java.lang.Object[] TscResetEstablishmentBit(TcIStreamDest dest)
                                                   throws TcTddlException,
                                                          TcTpmException
The PC TPM Interface Specification (TIS) specifies setting tpmEstablished to TRUE upon execution of the HASH_START sequence. The setting implies the creation of a Trusted Operating System on the platform. Platforms will use the value of tpmEstablished to determine if operations necessary to maintain the security perimeter are necessary. The tpmEstablished bit provides a non-volatile, secure reporting that a HASH_START was previously run on the platform. When a platform makes use of the tpmEstablished bit, the platform can reset tpmEstablished as the operation is no longer necessary. For example, a platform could use tpmEstablished to ensure that, if HASH_START had ever been, executed the platform could use the value to invoke special processing. Once the processing is complete the platform will wish to reset tpmEstablished to avoid invoking the special process again. The TPM_PERMANENT_FLAGS -> tpmEstablished bit described in the TPM specifications uses positive logic. The TPM_ACCESS register uses negative logic, so that TRUE is reflected as a 0.

Parameters:
dest - The destination where the byte stream is written to.
Returns:
The returned Object[] holds the following elements:
  • 0 ... TPM return code (Long)
Throws:
TcTpmException - This exception indicates that a TPM error has occurred. The specific error code id held by the exception.
TcTddlException
TPM 1.2 Spec, page number:
36