Поделиться через


TPM V2.0 Command and Signal Profile

This document specifies the TPM signaling interface supported by Windows 8 and lists TPM 2.0 commands that:

  1. Are used by Windows 8 and hence required to be implemented for Windows Hardware Certification;

  2. Are not used by Windows 8 but are recommended to implement for other reasons (e.g. TPM management, expected 3rd party app usage and OEM usage.); and

  3. Are not used by Windows 8 but are optional to implement.

No other signaling interface is supported but additional TPM 2.0 commands that are not used by Windows may be implemented in a TPM 2.0 device that is compliant with this specification. Please contact Microsoft for more information about vendor-specific command ranges.

Command and Signal Profile

Requirements

This profile requires that a TPM 2.0 implemented to support Windows 8:

  • Implements the TCG TPM 2.0 Library Specification including critical security patches (for compatibility with later version of the specification, please contact Microsoft. For certifying TPMs in 2015, requirement is to implement v0.99 along with required security patches. For information about the required security patches, please contact Microsoft.)

  • Is always active; i.e. no need for programmatic or user-driven activation.

  • Is provisioned with a primary seed for Endorsement and Storage.

Requirements Matrix

Signals and Indications Included Optional Notes

_TPM_Init

X

_TPM_Hash_Start

X

_TPM_Hash_Data

X

_TPM_Hash_End

X

 

Commands Included Optional Notes

Start Up Commands

TPM2_Startup

X

Used by the firmware only

TPM2_Shutdown

X

Testing Commands

TPM2_SelfTest

X

TPM2_IncrementalSelfTest

X

TPM2_GetTestResult

X

Session Commands

TPM2_StartAuthSession

X

TPM2_PolicyRestart

X

Object Commands

TPM2_Create

X

TPM2_Load

X

TPM2_LoadExternal

X

Recommended

TPM2_ReadPublic

X

TPM2_ActivateCredential

X

TPM2_MakeCredential

X

Recommended

TPM2_Unseal

X

TPM2_ObjectChangeAuth

X

Duplication Commands

TPM2_Duplicate

X

TPM2_Rewrap

X

TPM2_Import

X

Asymmetric Primitives

TPM2_RSA_Encrypt

X

TPM2_RSA_Decrypt

X

TPM2_ECDH_KeyGen

X

TPM2_ECDH_ZGen

X

TPM2_ECC_Parameters

X

Symmetric Primitives

TPM2_EncryptDecrypt

X

TPM2_Hash

X

TPM2_HMAC

X

Random Number Generator

TPM2_GetRandom

X

TPM2_StirRandom

X

Hash/HMAC/Event Sequences

TPM2_HMAC_Start

X

TPM2_HashSequenceStart

X

Recommended

TPM2_SequenceUpdate

X

Recommended

TPM2_SequenceComplete

X

Recommended

TPM2_EventSequenceComplete

X

Recommended

Attestation Commands

TPM2_Certify

X

TPM2_CertifyCreation

X

TPM2_Quote

X

TPM2_GetSessionAuditDigest

X

TPM2_GetCommandAuditDigest

X

TPM2_GetTime

X

Anonymous Attestation Commands

TPM2_Commit

X

Signature Verification Commands

TPM2_VerifySignature

X

Recommended

TPM2_Sign

X

Command Audit

TPM2_SetCommandCodeAuditStatus

X

Integrity Collection

TPM2_PCR_Extend

X

TPM2_PCR_Event

X

TPM2_PCR_Read

X

TPM2_PCR_Allocate

X

TPM2_PCR_SetAuthPolicy

X

TPM2_PCR_SetAuthValue

X

TPM2_PCR_Reset

X

Enhanced Authorization Commands

TPM2_PolicySigned

X

Recommended

TPM2_PolicySecret

X

TPM2_PolicyTicket

X

Recommended

TPM2_PolicyOR

X

TPM2_PolicyPCR

X

TPM2_PolicyLocality

X

TPM2_PolicyNV

X

TPM2_PolicyCounterTimer

X

Recommended

TPM2_PolicyCommandCode

X

TPM2_PolicyPhysicalPresence

X

TPM2_PolicyCpHash

X

Recommended

TPM2_PolicyNameHash

X

Recommended

TPM2_PolicyDuplicationSelect

X

Recommended

TPM2_PolicyAuthorize

X

Recommended

TPM2_PolicyAuthValue

X

TPM2_PolicyPassword

X

Recommended

TPM2_PolicyGetDigest

X

Hierarchy Commands

TPM2_CreatePrimary

X

TPM2_HierarchyControl

X

TPM2_SetPrimaryPolicy

X

TPM2_ChangePPS

X

TPM2_ChangeEPS

X

TPM2_Clear

X

TPM2_ClearControl

X

TPM2_HierarchyChangeAuth

X

Dictionary Attack Functions

TPM2_DictionaryAttackLockReset

X

TPM2_DictionaryAttackParameters

X

Miscellaneous Management Functions

TPM2_PP_Commands

X

TPM2_SetAlgorithmSet

X

Field Upgrade

TPM2_FieldUpgradeStart

X

Microsoft strongly recommends some update mechanism is provided

TPM2_FieldUpgradeData

X

TPM2_FirmwareRead

X

Context Management

TPM2_ContextSave

X

TPM2_ContextLoad

X

TPM2_FlushContext

X

TPM2_EvictControl

X

Clocks and Timers

TPM2_ReadClock

X

Used to read the boot counter

TPM2_ClockSet

X

Likely used by firmware only

TPM2_ClockRateAdjust

X

Capability Commands

TPM2_GetCapability

X

TPM2_TestParms

X

Non-volatile Storage

TPM2_NV_DefineSpace

X

TPM2_NV_UndefineSpace

X

Win 8 may use Clear instead

TPM2_NV_UndefineSpaceSpecial

X

TPM2_NV_ReadPublic

X

TPM2_NV_Write

X

Likely used by OEM only

TPM2_NV_Increment

X

TPM2_NV_Extend

X

TPM2_NV_SetBits

X

TPM2_NV_WriteLock

X

TPM2_NV_GlobalWriteLock

X

TPM2_NV_Read

X

TPM2_NV_ReadLock

X

TPM2_NV_ChangeAuth

X

TPM2_NV_Certify

X

 

 

 

Send comments about this topic to Microsoft