tpm2-tss  master
TPM Software stack 2.0 TCG spec compliant implementation
Fapi_Provision

Functions

TSS2_RC Fapi_Provision (FAPI_CONTEXT *context, char const *authValueEh, char const *authValueSh, char const *authValueLockout)
 
TSS2_RC Fapi_Provision_Async (FAPI_CONTEXT *context, char const *authValueEh, char const *authValueSh, char const *authValueLockout)
 
TSS2_RC Fapi_Provision_Finish (FAPI_CONTEXT *context)
 

Detailed Description

FAPI functions to invoke Provision either as one-call or in an asynchronous manner.

Function Documentation

◆ Fapi_Provision()

Fapi_Provision ( FAPI_CONTEXT context,
char const *  authValueEh,
char const *  authValueSh,
char const *  authValueLockout 
)

One-Call function for the initial FAPI provisioning.

Provisions a TSS with its TPM. This includes the setting of important passwords and policy settings as well as the readout of the EK and its certificate and the initialization of the system-wide keystore.

Parameters
[in,out]contextThe FAPI_CONTEXT.
[in]authValueEhThe authorization value for the endorsement hierarchy. May be NULL
[in]authValueShThe authorization value for the storage hierarchy. Should be NULL
[in]authValueLockoutThe authorization value for lockout.
Return values
TSS2_RC_SUCCESSif the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCEif context is NULL.
TSS2_FAPI_RC_BAD_CONTEXTif context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCEif the context has an asynchronous operation already pending.
TSS2_FAPI_RC_NO_CERTif no certificate was found for the computed EK.
TSS2_FAPI_RC_BAD_KEYif public key of the EK does not match the configured certificate or the configured fingerprint does not match the computed EK.
TSS2_FAPI_RC_IO_ERRORif the data cannot be saved.
TSS2_FAPI_RC_MEMORYif the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_NO_TPMif FAPI was initialized in no-TPM-mode via its config file.
TSS2_FAPI_RC_TRY_AGAINif an I/O operation is not finished yet and this function needs to be called again.
TSS2_FAPI_RC_BAD_VALUEif an invalid value was passed into the function.
TSS2_FAPI_RC_AUTHORIZATION_UNKNOWNif a required authorization callback is not set.
TSS2_FAPI_RC_AUTHORIZATION_FAILEDif the authorization attempt fails.
TSS2_FAPI_RC_GENERAL_FAILUREif an internal error occurred.
TSS2_FAPI_RC_POLICY_UNKNOWNif policy search for a certain policy digest was not successful.
TSS2_FAPI_RC_PATH_NOT_FOUNDif a FAPI object path was not found during authorization.
TSS2_FAPI_RC_KEY_NOT_FOUNDif a key was not found.
TSS2_ESYS_RC_*possible error codes of ESAPI.
TSS2_FAPI_RC_BAD_PATHif the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_NOT_PROVISIONEDFAPI was not provisioned.
TSS2_FAPI_RC_PATH_ALREADY_EXISTSif the object already exists in object store.

◆ Fapi_Provision_Async()

Fapi_Provision_Async ( FAPI_CONTEXT context,
char const *  authValueEh,
char const *  authValueSh,
char const *  authValueLockout 
)

Asynchronous function for the initial FAPI provisioning.

Provisions a TSS with its TPM. This includes the setting of important passwords and policy settings as well as the readout of the EK and its certificate and the initialization of the system-wide keystore.

Call Fapi_Provision_Finish to finish the execution of this command.

Parameters
[in,out]contextThe FAPI_CONTEXT.
[in]authValueEhThe authorization value for the endorsement hierarchy. May be NULL
[in]authValueShThe authorization value for the storage hierarchy. Should be NULL
[in]authValueLockoutThe authorization value for lockout.
Return values
TSS2_RC_SUCCESSif the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCEif context is NULL.
TSS2_FAPI_RC_BAD_CONTEXTif context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCEif the context has an asynchronous operation already pending.
TSS2_FAPI_RC_IO_ERRORif the data cannot be saved.
TSS2_FAPI_RC_MEMORYif the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_NO_TPMif FAPI was initialized in no-TPM-mode via its config file.
TSS2_FAPI_RC_BAD_VALUEif an invalid value was passed into the function.
TSS2_FAPI_RC_BAD_PATHif the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_NOT_FOUNDif a FAPI object path was not found during authorization.

◆ Fapi_Provision_Finish()

Fapi_Provision_Finish ( FAPI_CONTEXT context)

Asynchronous finish function for Fapi_Provision

This function should be called after a previous Fapi_Provision_Async.

Parameters
[in,out]contextThe FAPI_CONTEXT
Return values
TSS2_RC_SUCCESSif the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCEif context is NULL.
TSS2_FAPI_RC_BAD_CONTEXTif context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCEif the context has an asynchronous operation already pending.
TSS2_FAPI_RC_NO_CERTif no certificate was found for the computed EK.
TSS2_FAPI_RC_BAD_KEYif public key of the EK does not match the configured certificate or the configured fingerprint does not match the computed EK.
TSS2_FAPI_RC_IO_ERRORif the data cannot be saved.
TSS2_FAPI_RC_MEMORYif the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_TRY_AGAINif the asynchronous operation is not yet complete. Call this function again later.
TSS2_FAPI_RC_BAD_VALUEif an invalid value was passed into the function.
TSS2_FAPI_RC_AUTHORIZATION_UNKNOWNif a required authorization callback is not set.
TSS2_FAPI_RC_AUTHORIZATION_FAILEDif the authorization attempt fails.
TSS2_FAPI_RC_GENERAL_FAILUREif an internal error occurred.
TSS2_FAPI_RC_POLICY_UNKNOWNif policy search for a certain policy digest was not successful.
TSS2_FAPI_RC_PATH_NOT_FOUNDif a FAPI object path was not found during authorization.
TSS2_FAPI_RC_KEY_NOT_FOUNDif a key was not found.
TSS2_ESYS_RC_*possible error codes of ESAPI.
TSS2_FAPI_RC_NOT_PROVISIONEDFAPI was not provisioned.
TSS2_FAPI_RC_BAD_PATHif the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_ALREADY_EXISTSif the object already exists in object store.

< Certificates will be stored at even address

< RSA template

< ECC template