ISO/IEC 11889-3:2015
(Main)Information technology — Trusted Platform Module Library — Part 3: Commands
Information technology — Trusted Platform Module Library — Part 3: Commands
ISO/IEC 11889 contains the definitions of the Trusted Platform Module (TPM) commands. These commands make use of the constants, flags, structures, and union definitions defined in ISO/IEC 11889-2. The detailed description of the operation of the commands is written in the C language with extensive comments. The behavior of the C code in this ISO/IEC 11889-3:2015 is normative but does not fully describe the behavior of a TPM. The combination of this ISO/IEC 11889-3:2015 and ISO/IEC 11889-4 is sufficient to fully describe the required behavior of a TPM. ISO/IEC 11889-3:2015 and ISO/IEC 11889-4 is written to define the behavior of a compliant TPM. In some cases it is not possible to provide a compliant implementation. In those cases, any implementation provided by the vendor that meets the general description of the function provided in this part of ISO/IEC 11889 would be compliant.
Technologies de l'information — Bibliothèque de module de plate-forme de confiance — Partie 3: Commandes
General Information
Relations
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 11889-3
Second edition
2015-12-15
Information technology — Trusted
Platform Module Library —
Part 3:
Commands
Technologies de l’information — Bibliothèque de module
de plate-forme de con�iance �
Partie 3: Commandes
Reference number
ISO/IEC 11889-3:2015(E)
©
ISO/IEC 2015
---------------------- Page: 1 ----------------------
ISO/IEC 11889-3:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
���������������������������������������������������������������������������������������������������������������������������������
����������������������������������������������������������������������������������������������������������������������������
����������������������������������������������������������������������������������������������������������������������������
the requester.
��������������������
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
�����������������
www.iso.org
ii © ISO/IEC 2015 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 11889-3:2015(E)
CONTENTS
Foreword . xxiv
Introduction . xxv
1 Scope . 1
2 Normative references . 2
3 Terms and Definitions . 2
4 Symbols and abbreviated terms . 2
5 Notation . 2
5.1 Introduction . 2
5.2 Table Decorations . 2
5.3 Handle and Parameter Demarcation . 4
5.4 AuthorizationSize and ParameterSize . 4
6 Command Processing . 5
6.1 Introduction . 5
6.2 Command Header Validation . 5
6.3 Mode Checks . 5
6.4 Handle Area Validation . 6
6.5 Session Area Validation . 7
6.6 Authorization Checks . 8
6.7 Parameter Decryption . 10
6.8 Parameter Unmarshaling . 10
6.8.1 Introduction . 10
6.8.2 Unmarshaling Errors . 10
6.9 Command Post Processing . 11
7 Response Values . 13
7.1 Tag . 13
7.2 Response Codes . 13
8 Implementation Dependent . 16
9 Detailed Actions Assumptions . 17
9.1 Introduction . 17
9.2 Pre-processing . 17
9.3 Post Processing . 17
10 Start-up . 18
10.1 Introduction . 18
10.2 _TPM_Init . 18
10.2.1 General Description . 18
10.2.2 Detailed Actions . 19
10.3 TPM2_Startup . 20
10.3.1 General Description . 20
10.3.2 Command and Response . 23
10.3.3 Detailed Actions . 24
10.4 TPM2_Shutdown . 27
10.4.1 General Description . 27
– All rights reserved iii
© ISO/IEC 2015
---------------------- Page: 3 ----------------------
ISO/IEC 11889-3:2015(E)
10.4.2 Command and Response . 28
10.4.3 Detailed Actions . 29
11 Testing . 31
11.1 Introduction . 31
11.2 TPM2_SelfTest . 32
11.2.1 General Description . 32
11.2.2 Command and Response . 33
11.2.3 Detailed Actions . 34
11.3 TPM2_IncrementalSelfTest . 35
11.3.1 General Description . 35
11.3.2 Command and Response . 36
11.3.3 Detailed Actions . 37
11.4 TPM2_GetTestResult . 38
11.4.1 General Description . 38
11.4.2 Command and Response . 39
11.4.3 Detailed Actions . 40
12 Session Commands . 41
12.1 TPM2_StartAuthSession . 41
12.1.1 General Description . 41
12.1.2 Command and Response . 43
12.1.3 Detailed Actions . 44
12.2 TPM2_PolicyRestart . 46
12.2.1 General Description . 46
12.2.2 Command and Response . 47
12.2.3 Detailed Actions . 48
13 Object Commands . 49
13.1 TPM2_Create. 49
13.1.1 General Description . 49
13.1.2 Command and Response . 52
13.1.3 Detailed Actions . 53
13.2 TPM2_Load . 55
13.2.1 General Description . 55
13.2.2 Command and Response . 56
13.2.3 Detailed Actions . 57
13.3 TPM2_LoadExternal . 59
13.3.1 General Description . 59
13.3.2 Command and Response . 61
13.3.3 Detailed Actions . 62
13.4 TPM2_ReadPublic . 64
13.4.1 General Description . 64
13.4.2 Command and Response . 65
© ISO/IEC 2015 – All rights reserved
iv
---------------------- Page: 4 ----------------------
ISO/IEC 11889-3:2015(E)
13.4.3 Detailed Actions . 66
13.5 TPM2_ActivateCredential . 67
13.5.1 General Description . 67
13.5.2 Command and Response . 68
13.5.3 Detailed Actions . 69
13.6 TPM2_MakeCredential . 71
13.6.1 General Description . 71
13.6.2 Command and Response . 72
13.6.3 Detailed Actions . 73
13.7 TPM2_Unseal . 74
13.7.1 General Description . 74
13.7.2 Command and Response . 75
13.7.3 Detailed Actions . 76
13.8 TPM2_ObjectChangeAuth . 77
13.8.1 General Description . 77
13.8.2 Command and Response . 78
13.8.3 Detailed Actions . 79
14 Duplication Commands . 81
14.1 TPM2_Duplicate . 81
14.1.1 General Description . 81
14.1.2 Command and Response . 82
14.1.3 Detailed Actions . 83
14.2 TPM2_Rewrap . 85
14.2.1 General Description . 85
14.2.2 Command and Response . 86
14.2.3 Detailed Actions . 87
14.3 TPM2_Import . 90
14.3.1 General Description . 90
14.3.2 Command and Response . 92
14.3.3 Detailed Actions . 93
15 Asymmetric Primitives . 97
15.1 Introduction . 97
15.2 TPM2_RSA_Encrypt . 97
15.2.1 General Description . 97
15.2.2 Command and Response . 99
15.2.3 Detailed Actions . 100
15.3 TPM2_RSA_Decrypt . 102
15.3.1 General Description . 102
15.3.2 Command and Response . 103
15.3.3 Detailed Actions . 104
15.4 TPM2_ECDH_KeyGen . 106
– All rights reserved v
© ISO/IEC 2015
---------------------- Page: 5 ----------------------
ISO/IEC 11889-3:2015(E)
15.4.1 General Description . 106
15.4.2 Command and Response . 107
15.4.3 Detailed Actions . 108
15.5 TPM2_ECDH_ZGen . 110
15.5.1 General Description . 110
15.5.2 Command and Response . 111
15.5.3 Detailed Actions . 112
15.6 TPM2_ECC_Parameters . 113
15.6.1 General Description . 113
15.6.2 Command and Response . 113
15.6.3 Detailed Actions . 114
15.7 TPM2_ZGen_2Phase . 114
15.7.1 General Description . 114
15.7.2 Command and Response . 116
15.7.3 Detailed Actions . 117
16 Symmetric Primitives . 119
16.1 Introduction . 119
16.2 TPM2_EncryptDecrypt . 121
16.2.1 General Description . 121
16.2.2 Command and Response . 122
16.2.3 Detailed Actions . 123
16.3 TPM2_Hash . 125
16.3.1 General Description . 125
16.3.2 Command and Response . 126
16.3.3 Detailed Actions . 127
16.4 TPM2_HMAC . 128
16.4.1 General Description . 128
16.4.2 Command and Response . 129
16.4.3 Detailed Actions . 130
17 Random Number Generator . 132
17.1 TPM2_GetRandom . 132
17.1.1 General Description . 132
17.1.2 Command and Response . 133
17.1.3 Detailed Actions . 134
17.2 TPM2_StirRandom . 135
17.2.1 General Description . 135
17.2.2 Command and Response . 136
17.2.3 Detailed Actions . 137
18 Hash/HMAC/Event Sequences . 138
18.1 Introduction . 138
18.2 TPM2_HMAC_Start . 138
© ISO/IEC 2015 – All rights reserved
vi
---------------------- Page: 6 ----------------------
ISO/IEC 11889-3:2015(E)
18.2.1 General Description . 138
18.2.2 Command and Response . 140
18.2.3 Detailed Actions . 141
18.3 TPM2_HashSequenceStart . 143
18.3.1 General Description . 143
18.3.2 Command and Response . 144
18.3.3 Detailed Actions . 145
18.4 TPM2_SequenceUpdate . 146
18.4.1 General Description . 146
18.4.2 Command and Response . 147
18.4.3 Detailed Actions . 148
18.5 TPM2_SequenceComplete . 150
18.5.1 General Description . 150
18.5.2 Command and Response . 151
18.5.3 Detailed Actions . 152
18.6 TPM2_EventSequenceComplete . 154
18.6.1 General Description . 154
18.6.2 Command and Response . 155
18.6.3 Detailed Actions . 156
19 Attestation Commands . 158
19.1 Introduction . 158
19.2 TPM2_Certify . 160
19.2.1 General Description . 160
19.2.2 Command and Response . 161
19.2.3 Detailed Actions . 162
19.3 TPM2_CertifyCreation . 164
19.3.1 General Description . 164
19.3.2 Command and Response . 165
19.3.3 Detailed Actions . 166
19.4 TPM2_Quote . 168
19.4.1 General Description . 168
19.4.2 Command and Response . 169
19.4.3 Detailed Actions . 170
19.5 TPM2_GetSessionAuditDigest .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.