1、BS ISO/IEC 11889-4:2009 Incorporating Corrigendum August 2009 ICS 35.040 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BRITISH STANDARD Information technology Part 4: Commands Trusted Platform Module This British Standard was published under the authority of the Standards Po
2、licy and Strategy Committee on 30 June 2009. BSI 2009 ISBN 978 0 580 68274 2 Amendments/corrigenda issued since publication Date Comments BS ISO/IEC 11889-4:2009 National foreword This British Standard is the UK implementation of ISO/IEC 11889-4:2009. The UK participation in its preparation was entr
3、usted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application
4、. Compliance with a British Standard cannot confer immunity from legal obligations. 31 August 2009 Correction to BS idenitifer Reference number ISO/IEC 11889-4:2009(E) ISO/IEC 2009INTERNATIONAL STANDARD ISO/IEC 11889-4 First edition 2009-05-15 Information technology Trusted Platform Module Part 4: C
5、ommands Technologies de linformation Module de plate-forme de confiance Partie 4: Commandes ISO/IEC 11889-4:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces
6、 which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe System
7、s Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely ev
8、ent that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic o
9、r mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web
10、www.iso.org Published in Switzerland ii ISO/IEC 2009 All rights reservedBS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) ISO/IEC 2009 All rights reserved iiiTable of Contents 1. Scope 1 1.1 Key words 1 1.2 Statement Type 1 2. Normative references 2 3. Abbreviated Terms 3 4. Admin Startup and State 5 4
11、.1 TPM_Init 5 4.2 TPM_Startup 6 4.3 TPM_SaveState 8 5. Admin Testing 10 5.1 TPM_SelfTestFull 10 5.2 TPM_ContinueSelfTest 10 5.3 TPM_GetTestResult 12 6. Admin Opt-in 13 6.1 TPM_SetOwnerInstall 13 6.2 TPM_OwnerSetDisable 13 6.3 TPM_PhysicalEnable 14 6.4 TPM_PhysicalDisable 15 6.5 TPM_PhysicalSetDeacti
12、vated 15 6.6 TPM_SetTempDeactivated 16 6.7 TPM_SetOperatorAuth 17 7. Admin Ownership 18 7.1 TPM_TakeOwnership 18 7.2 TPM_OwnerClear 20 7.3 TPM_ForceClear 22 7.4 TPM_DisableOwnerClear 23 7.5 TPM_DisableForceClear 24 7.6 TSC_PhysicalPresence 24 7.7 TSC_ResetEstablishmentBit 26 8. The Capability Comman
13、ds 28 8.1 TPM_GetCapability 28 8.2 TPM_SetCapability 29 8.3 TPM_GetCapabilityOwner 30 9. Auditing 32 9.1 Audit Generation 32 9.2 Effect of audit failing 33 9.3 TPM_GetAuditDigest 34 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) iv ISO/IEC 2009 All rights reserved9.4 TPM_GetAuditDigestSigned 35 9.5
14、TPM_SetOrdinalAuditStatus 37 10. Administrative Functions - Management 38 10.1 TPM_FieldUpgrade 38 10.2 TPM_SetRedirection 40 10.3 TPM_ResetLockValue 41 11. Storage functions 43 11.1 TPM_Seal 43 11.2 TPM_Unseal 46 11.3 TPM_UnBind 49 11.4 TPM_CreateWrapKey 51 11.5 TPM_LoadKey2 53 11.6 TPM_GetPubKey 5
15、6 11.7 TPM_Sealx 57 12. Migration 60 12.1 TPM_CreateMigrationBlob 60 12.2 TPM_ConvertMigrationBlob 63 12.3 TPM_AuthorizeMigrationKey 64 12.4 TPM_MigrateKey 66 12.5 TPM_CMK_SetRestrictions 67 12.6 TPM_CMK_ApproveMA 69 12.7 TPM_CMK_CreateKey 70 12.8 TPM_CMK_CreateTicket 72 12.9 TPM_CMK_CreateBlob 74 1
16、2.10 TPM_CMK_ConvertMigration 77 13. Maintenance Functions (optional) 80 13.1 TPM_CreateMaintenanceArchive 81 13.2 TPM_LoadMaintenanceArchive 83 13.3 TPM_KillMaintenanceFeature 85 13.4 TPM_LoadManuMaintPub 86 13.5 TPM_ReadManuMaintPub 87 14. Cryptographic Functions 88 14.1 TPM_SHA1Start 88 14.2 TPM_
17、SHA1Update 89 14.3 TPM_SHA1Complete 89 14.4 TPM_SHA1CompleteExtend 90 14.5 TPM_Sign 91 14.6 TPM_GetRandom 93 14.7 TPM_StirRandom 93 14.8 TPM_CertifyKey 94 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) ISO/IEC 2009 All rights reserved v14.9 TPM_CertifyKey2 98 15. Endorsement Key Handling 101 15.1 TP
18、M_CreateEndorsementKeyPair 101 15.2 TPM_CreateRevocableEK 102 15.3 TPM_RevokeTrust 104 15.4 TPM_ReadPubek 105 15.5 TPM_OwnerReadInternalPub 106 16. Identity Creation and Activation 107 16.1 TPM_MakeIdentity 107 16.2 TPM_ActivateIdentity 110 17. Integrity Collection and Reporting 113 17.1 TPM_Extend
19、113 17.2 TPM_PCRRead 114 17.3 TPM_Quote 115 17.4 TPM_PCR_Reset 116 17.5 TPM_Quote2 118 18. Changing AuthData 120 18.1 TPM_ChangeAuth 120 18.2 TPM_ChangeAuthOwner 122 19. Authorization Sessions 123 19.1 TPM_OIAP 123 19.1.1 Actions to validate an OIAP session 124 19.2 TPM_OSAP 125 19.2.1 Actions to va
20、lidate an OSAP session 128 19.3 TPM_DSAP 129 19.4 TPM_SetOwnerPointer 132 20. Delegation Commands 134 20.1 TPM_Delegate_Manage 134 20.2 TPM_Delegate_CreateKeyDelegation 137 20.3 TPM_Delegate_CreateOwnerDelegation 139 20.4 TPM_Delegate_LoadOwnerDelegation 142 20.5 TPM_Delegate_ReadTable 144 20.6 TPM_
21、Delegate_UpdateVerification 145 20.7 TPM_Delegate_VerifyDelegation 147 21. Non-volatile Storage 148 21.1 TPM_NV_DefineSpace 149 21.2 TPM_NV_WriteValue 152 21.3 TPM_NV_WriteValueAuth 154 21.4 TPM_NV_ReadValue 156 21.5 TPM_NV_ReadValueAuth 158 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) vi ISO/IEC
22、2009 All rights reserved22. Session Management 160 22.1 TPM_KeyControlOwner 160 22.2 TPM_SaveContext 162 22.3 TPM_LoadContext 164 23. Eviction 167 23.1 TPM_FlushSpecific 167 24. Timing Ticks 169 24.1 TPM_GetTicks 169 24.2 TPM_TickStampBlob 170 25. Transport Sessions 172 25.1 TPM_EstablishTransport 1
23、72 25.2 TPM_ExecuteTransport 175 25.3 TPM_ReleaseTransportSigned 181 26. Monotonic Counter 184 26.1 TPM_CreateCounter 184 26.2 TPM_IncrementCounter 185 26.3 TPM_ReadCounter 186 26.4 TPM_ReleaseCounter 187 26.5 TPM_ReleaseCounterOwner 188 27. DAA commands 190 27.1 TPM_DAA_Join 190 27.2 TPM_DAA_Sign 2
24、05 28. Deprecated commands 215 28.1 Key commands 215 28.1.1 TPM_EvictKey 215 28.1.2 TPM_Terminate_Handle 216 28.2 Context management 217 28.2.1 TPM_SaveKeyContext 217 28.2.2 TPM_LoadKeyContext 218 28.2.3 TPM_SaveAuthContext 219 28.2.4 TPM_LoadAuthContext 220 28.3 DIR commands 220 28.3.1 TPM_DirWrite
25、Auth 221 28.3.2 TPM_DirRead 222 28.4 Change Auth 222 28.4.1 TPM_ChangeAuthAsymStart 223 28.4.2 TPM_ChangeAuthAsymFinish 226 28.5 TPM_Reset 228 28.6 TPM_OwnerReadPubek 229 28.7 TPM_DisablePubekRead 230 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) ISO/IEC 2009 All rights reserved vii28.8 TPM_LoadKey
26、 231 29. Deleted Commands 234 29.1 TPM_GetCapabilitySigned 234 29.2 TPM_GetOrdinalAuditStatus 234 29.3 TPM_CertifySelfTest 235 30. Bibliography 237 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) viii ISO/IEC 2009 All rights reservedList of Tables Table 1. TPM_Init Incoming Parameters and Sizes 6 Tab
27、le 2. TPM_Init Outgoing Parameters and Sizes 6 Table 3. TPM_SaveState Incoming Parameters and Sizes 9 Table 4. TPM_SaveState Outgoing Parameters and Sizes 9 Table 5. TPM_SelfTestFull Incoming Operands and Sizes 10 Table 6. TPM_SelfTestFull Outgoing Operands and Sizes 10 Table 7. TPM_ContinueSelfTest
28、 Incoming Operands and Sizes 10 Table 8. TPM_ContinueSelfTest Outgoing Operands and Sizes 11 Table 9. TPM_GetTestResult Incoming Operands and Sizes 12 Table 10. TPM_GetTestResult Outgoing Operands and Sizes 12 Table 11. TPM_SetOwnerInstall Incoming Operands and Sizes 13 Table 12. TPM_SetOwnerInstall
29、 Outgoing Operands and Sizes 13 Table 13. TPM_OwnerSetDisable Incoming Operands and Sizes 13 Table 14. TPM_OwnerSetDisable Outgoing Operands and Sizes 14 Table 15. TPM_PhysicalEnable Incoming Operands and Sizes 14 Table 16. TPM_PhysicalEnable Outgoing Operands and Sizes 14 Table 17. TPM_PhysicalDisa
30、ble Incoming Operands and Sizes 15 Table 18. TPM_PhysicalEnable Outgoing Operands and Sizes 15 Table 19. TPM_PhysicalSetDeactivated Incoming Operands and Sizes 15 Table 20. TPM_PhysicalSetDeactivated Outgoing Operands and Sizes 15 Table 21. TPM_SetTemp Deactivated Incoming Operands and Sizes 16 Tabl
31、e 22. TPM_SetTemp Deactivated Outgoing Operands and Sizes 16 Table 23. TPM_SetOperatorAuth Incoming Operands and Sizes 17 Table 24. TPM_SetOperatorAuth Outgoing Operands and Sizes 17 Table 25. TPM_TakeOwnership Incoming Operands and Sizes 18 Table 26. TPM_TakeOwnership Outgoing Operands and Sizes 19
32、 Table 27. TPM_OwnerClear Incoming Operands and Sizes 20 Table 28. TPM_OwnerClear Outgoing Operands and Sizes 20 Table 29. TPM_ForceClear Incoming Operands and Sizes 22 Table 30. TPM_ForceClear Outgoing Operands and Sizes 23 Table 31. TPM_DisableOwnerClear Incoming Operands and Sizes 23 Table 32. TP
33、M_DisableOwnerClear Outgoing Operands and Sizes 23 Table 33. TPM_DisableForceClear Incoming Operands and Sizes 24 Table 34. TPM_DisableForceClear Outgoing Operands and Sizes 24 Table 35. TSC_PhysicalPresence Incoming Operands and Sizes 25 Table 36. TSC_PhysicalPresence Outgoing Operands and Sizes 25
34、 Table 37. TCG_ResetEstablishmentBit Incoming Operands and Sizes 27 Table 38. TCG_ResetEstablishmentBit Outgoing Operands and Sizes 27 Table 39. TPM_GetCapability Incoming Parameters and Sizes 28 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) ISO/IEC 2009 All rights reserved ixTable 40. TPM_GetCapab
35、ility Outgoing Parameters and Sizes 28 Table 41. TPM_SetCapability Incoming Parameters and Sizes 29 Table 42. TPM_SetCapability Outgoing Parameters and Sizes 30 Table 43. TPM_GetCapabilityOwner Incoming Operands and Sizes 30 Table 44. TPM_GetCapabilityOwner Outgoing Operands and Sizes 31 Table 45. T
36、PM_GetAuditDigest Incoming Parameters and Sizes 34 Table 46. TPM_GetAuditDigest Outgoing Parameters and Sizes 34 Table 47. TPM_GetAuditDigestSigned Incoming Parameters and Sizes 35 Table 48. TPM_GetAuditDigestSigned Outgoing Parameters and Sizes 36 Table 49. TPM_SetOrdinalAuditStatus Incoming Parame
37、ters and Sizes 37 Table 50. TPM_SetOrdinalAuditStatus Outgoing Parameters and Sizes 37 Table 51. TPM_FieldUpgrade Parameters 38 Table 52. TPM_SetRedirection Incoming Operands and Sizes 40 Table 53. TPM_SetRedirection Outgoing Operands and Sizes 40 Table 54. TPM_ResetLockValue Incoming Operands and S
38、izes 41 Table 55. TPM_ResetLockValue Outgoing Operands and Sizes 42 Table 56. TPM_Seal Incoming Operands and Sizes 44 Table 57. TPM_Seal Outgoing Operands and Sizes 44 Table 58. TPM_Unseal Incoming Operands and Sizes 46 Table 59. TPM_Unseal Outgoing Operands and Sizes 47 Table 60. TPM_UnBind Incomin
39、g Operands and Sizes 49 Table 61. TPM_UnBind Outgoing Operands and Sizes 50 Table 62. TPM_CreateWrapKey Incoming Operands and Sizes 51 Table 63. TPM_CreateWrapKey Outgoing Operands and Sizes 51 Table 64. TPM_WrapKey Incoming Operands and Sizes 54 Table 65. TPM_WrapKey Outgoing Operands and Sizes 54
40、Table 66. TPM_GetPubKey Incoming Operands and Sizes 56 Table 67. TPM_GetPubKey Outgoing Operands and Sizes 56 Table 68. TPM_Sealx Incoming Operands and Sizes 57 Table 69. TPM_Sealx Outgoing Operands and Sizes 58 Table 70. TPM_CreateMigrationBlob Incoming Operands and Sizes 61 Table 71. TPM_CreateMig
41、rationBlob Outgoing Operands and Sizes 62 Table 72. TPM_ConvertMigrationBlob Incoming Operands and Sizes 63 Table 73. TPM_ConvertMigrationBlob Outgoing Operands and Sizes 64 Table 74. TPM_AuthorizeMigrationKey Incoming Operands and Sizes 65 Table 75. TPM_AuthorizeMigrationKey Outgoing Operands and S
42、izes 65 Table 76. TPM_MigrateKey Incoming Operands and Sizes 66 Table 77. TPM_MigrateKey Outgoing Operands and Sizes 67 Table 78. TPM_CMK_SetRestrictions Incoming Operands and Sizes 67 Table 79. TPM_CMK_SetRestrictions Outgoing Operands and Sizes 68 BS ISO/IEC 11889-4:2009ISO/IEC 11889-4:2009(E) x I
43、SO/IEC 2009 All rights reservedTable 80. TPM_CMK_ApproveMA Incoming Operands and Sizes 69 Table 81. TPM_CMK_ApproveMA Outgoing Operands and Sizes 69 Table 82. TPM_CMK_CreateKey Incoming Operands and Sizes 70 Table 83. TPM_CMK_CreateKey Outgoing Operands and Sizes 71 Table 84. TPM_CMK_CreateTicket In
44、coming Operands and Sizes 73 Table 85. TPM_CMK_CreateTicket Outgoing Operands and Sizes 73 Table 86. TPM_CMK_CreateBlob Incoming Operands and Sizes 74 Table 87. TPM_CMK_CreateBlob Outgoing Operands and Sizes 75 Table 88. TPM_CMK_ConvertMigration Incoming Operands and Sizes 77 Table 89. TPM_CMK_Conve
45、rtMigration Outgoing Operands and Sizes 78 Table 90. TPM_CreateMaintenanceArchive Incoming Operands and Sizes 81 Table 91. TPM_CreateMaintenanceArchive Outgoing Operands and Sizes 81 Table 92. TPM_LoadMaintenanceArchive Incoming Operands and Sizes 83 Table 93. TPM_LoadMaintenanceArchive Outgoing Ope
46、rands and Sizes 83 Table 94. TPM_KillMaintenanceFeature Incoming Operands and Sizes 85 Table 95. TPM_KillMaintenanceFeature Outgoing Operands and Sizes 85 Table 96. TPM_LoadManuMaintPub Incoming Operands and Sizes 86 Table 97. TPM_LoadManuMaintPub Outgoing Operands and Sizes 86 Table 98. TPM_ReadMan
47、uMaintPub Incoming Operands and Sizes 87 Table 99. TPM_ReadManuMaintPub Outgoing Operands and Sizes 87 Table 100. TPM_SHA1Start Incoming Operands and Sizes 88 Table 101. TPM_SHA1Start Outgoing Operands and Sizes 88 Table 102. TPM_SHA1Update Incoming Operands and Sizes 89 Table 103. TPM_SHA1Update Ou
48、tgoing Operands and Sizes 89 Table 104. TPM_SHA1Complete Incoming Operands and Sizes 89 Table 105. TPM_SHA1Complete Outgoing Operands and Sizes 90 Table 106. TPM_SHA1CompleteExtend Incoming Operands and Sizes 90 Table 107. TPM_SHA1CompleteExtend Outgoing Operands and Sizes 90 Table 108. TPM_Sign Inc
49、oming Operands and Sizes 91 Table 109. TPM_Sign Outgoing Operands and Sizes 91 Table 110. TPM_GetRandom Incoming Operands and Sizes 93 Table 111. TPM_GetRandom Outgoing Operands and Sizes 93 Table 112. TPM_StirRandom Incoming Operands and Sizes 93 Table 113. TPM_StirRandom Outgoing Operands and Sizes 94 Table 114. TPM_CertifyKey Incoming Operands and Sizes 95 Table 115. TPM_CertifyKey Outgoing Operands and Sizes 95 Table 116. TPM_CertifyKey2 Incoming Operands and Sizes 98 Table 117. TPM_CertifyKey2
