VirtualBox

source: vbox/trunk/src/libs/libtpms-0.9.6/include/libtpms/tpm_error.h@ 101094

Last change on this file since 101094 was 91612, checked in by vboxsync, 3 years ago

src/libs: Export libtpms-0.9.0, bugref:10078
File size: 18.2 KB
Line 
1/********************************************************************************/
2/* */
3/* Error Response */
4/* Written by Ken Goldman */
5/* IBM Thomas J. Watson Research Center */
6/* $Id: tpm_error.h 4071 2010-04-29 19:26:45Z kgoldman $ */
7/* */
8/* (c) Copyright IBM Corporation 2006, 2010. */
9/* */
10/* All rights reserved. */
11/* */
12/* Redistribution and use in source and binary forms, with or without */
13/* modification, are permitted provided that the following conditions are */
14/* met: */
15/* */
16/* Redistributions of source code must retain the above copyright notice, */
17/* this list of conditions and the following disclaimer. */
18/* */
19/* Redistributions in binary form must reproduce the above copyright */
20/* notice, this list of conditions and the following disclaimer in the */
21/* documentation and/or other materials provided with the distribution. */
22/* */
23/* Neither the names of the IBM Corporation nor the names of its */
24/* contributors may be used to endorse or promote products derived from */
25/* this software without specific prior written permission. */
26/* */
27/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
28/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
29/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
30/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
31/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
32/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
33/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
34/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
35/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
36/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
37/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
38/********************************************************************************/
39
40#ifndef TPM_ERROR_H
41#define TPM_ERROR_H
42
43/* 16. Return codes rev 99
44
45 The TPM has five types of return code. One indicates successful operation and four indicate
46 failure. TPM_SUCCESS (00000000) indicates successful execution. The failure reports are:
47 TPM defined fatal errors (00000001 to 000003FF), vendor defined fatal errors (00000400 to
48 000007FF), TPM defined non-fatal errors (00000800 to 00000BFF), and vendor defined
49 non-fatal errors (00000C00 to 00000FFF).
50
51 The range of vendor defined non-fatal errors was determined by the TSS-WG, which defined
52 XXXX YCCC with XXXX as OS specific and Y defining the TSS SW stack layer (0: TPM layer)
53
54 All failure cases return only a non-authenticated fixed set of information. This is because
55 the failure may have been due to authentication or other factors, and there is no possibility
56 of producing an authenticated response.
57
58 Fatal errors also terminate any authorization sessions. This is a result of returning only the
59 error code, as there is no way to return the nonces necessary to maintain an authorization
60 session. Non-fatal errors do not terminate authorization sessions.
61
62 The return code MUST use the following base. The return code MAY be TCG defined or vendor
63 defined. */
64
65#define TPM_BASE 0x0 /* The start of TPM return codes */
66#define TPM_SUCCESS TPM_BASE /* Successful completion of the operation */
67#define TPM_VENDOR_ERROR TPM_Vendor_Specific32 /* Mask to indicate that the error code is
68 vendor specific for vendor specific
69 commands. */
70#define TPM_NON_FATAL 0x00000800 /* Mask to indicate that the error code is a non-fatal
71 failure. */
72
73/* TPM-defined fatal error codes */
74
75#define TPM_AUTHFAIL TPM_BASE + 1 /* Authentication failed */
76#define TPM_BADINDEX TPM_BASE + 2 /* The index to a PCR, DIR or other register is
77 incorrect */
78#define TPM_BAD_PARAMETER TPM_BASE + 3 /* One or more parameter is bad */
79#define TPM_AUDITFAILURE TPM_BASE + 4 /* An operation completed successfully but the auditing
80 of that operation failed. */
81#define TPM_CLEAR_DISABLED TPM_BASE + 5 /* The clear disable flag is set and all clear
82 operations now require physical access */
83#define TPM_DEACTIVATED TPM_BASE + 6 /* The TPM is deactivated */
84#define TPM_DISABLED TPM_BASE + 7 /* The TPM is disabled */
85#define TPM_DISABLED_CMD TPM_BASE + 8 /* The target command has been disabled */
86#define TPM_FAIL TPM_BASE + 9 /* The operation failed */
87#define TPM_BAD_ORDINAL TPM_BASE + 10 /* The ordinal was unknown or inconsistent */
88#define TPM_INSTALL_DISABLED TPM_BASE + 11 /* The ability to install an owner is disabled */
89#define TPM_INVALID_KEYHANDLE TPM_BASE + 12 /* The key handle presented was invalid */
90#define TPM_KEYNOTFOUND TPM_BASE + 13 /* The target key was not found */
91#define TPM_INAPPROPRIATE_ENC TPM_BASE + 14 /* Unacceptable encryption scheme */
92#define TPM_MIGRATEFAIL TPM_BASE + 15 /* Migration authorization failed */
93#define TPM_INVALID_PCR_INFO TPM_BASE + 16 /* PCR information could not be interpreted */
94#define TPM_NOSPACE TPM_BASE + 17 /* No room to load key. */
95#define TPM_NOSRK TPM_BASE + 18 /* There is no SRK set */
96#define TPM_NOTSEALED_BLOB TPM_BASE + 19 /* An encrypted blob is invalid or was not created by
97 this TPM */
98#define TPM_OWNER_SET TPM_BASE + 20 /* There is already an Owner */
99#define TPM_RESOURCES TPM_BASE + 21 /* The TPM has insufficient internal resources to
100 perform the requested action. */
101#define TPM_SHORTRANDOM TPM_BASE + 22 /* A random string was too short */
102#define TPM_SIZE TPM_BASE + 23 /* The TPM does not have the space to perform the
103 operation. */
104#define TPM_WRONGPCRVAL TPM_BASE + 24 /* The named PCR value does not match the current PCR
105 value. */
106#define TPM_BAD_PARAM_SIZE TPM_BASE + 25 /* The paramSize argument to the command has the
107 incorrect value */
108#define TPM_SHA_THREAD TPM_BASE + 26 /* There is no existing SHA-1 thread. */
109#define TPM_SHA_ERROR TPM_BASE + 27 /* The calculation is unable to proceed because the
110 existing SHA-1 thread has already encountered an
111 error. */
112#define TPM_FAILEDSELFTEST TPM_BASE + 28 /* Self-test has failed and the TPM has shutdown. */
113#define TPM_AUTH2FAIL TPM_BASE + 29 /* The authorization for the second key in a 2 key
114 function failed authorization */
115#define TPM_BADTAG TPM_BASE + 30 /* The tag value sent to for a command is invalid */
116#define TPM_IOERROR TPM_BASE + 31 /* An IO error occurred transmitting information to
117 the TPM */
118#define TPM_ENCRYPT_ERROR TPM_BASE + 32 /* The encryption process had a problem. */
119#define TPM_DECRYPT_ERROR TPM_BASE + 33 /* The decryption process did not complete. */
120#define TPM_INVALID_AUTHHANDLE TPM_BASE + 34 /* An invalid handle was used. */
121#define TPM_NO_ENDORSEMENT TPM_BASE + 35 /* The TPM does not a EK installed */
122#define TPM_INVALID_KEYUSAGE TPM_BASE + 36 /* The usage of a key is not allowed */
123#define TPM_WRONG_ENTITYTYPE TPM_BASE + 37 /* The submitted entity type is not allowed */
124#define TPM_INVALID_POSTINIT TPM_BASE + 38 /* The command was received in the wrong sequence
125 relative to TPM_Init and a subsequent TPM_Startup
126 */
127#define TPM_INAPPROPRIATE_SIG TPM_BASE + 39 /* Signed data cannot include additional DER
128 information */
129#define TPM_BAD_KEY_PROPERTY TPM_BASE + 40 /* The key properties in TPM_KEY_PARMs are not
130 supported by this TPM */
131#define TPM_BAD_MIGRATION TPM_BASE + 41 /* The migration properties of this key are incorrect.
132 */
133#define TPM_BAD_SCHEME TPM_BASE + 42 /* The signature or encryption scheme for this key is
134 incorrect or not permitted in this situation. */
135#define TPM_BAD_DATASIZE TPM_BASE + 43 /* The size of the data (or blob) parameter is bad or
136 inconsistent with the referenced key */
137#define TPM_BAD_MODE TPM_BASE + 44 /* A mode parameter is bad, such as capArea or
138 subCapArea for TPM_GetCapability, physicalPresence
139 parameter for TPM_PhysicalPresence, or
140 migrationType for TPM_CreateMigrationBlob. */
141#define TPM_BAD_PRESENCE TPM_BASE + 45 /* Either the physicalPresence or physicalPresenceLock
142 bits have the wrong value */
143#define TPM_BAD_VERSION TPM_BASE + 46 /* The TPM cannot perform this version of the
144 capability */
145#define TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 /* The TPM does not allow for wrapped transport
146 sessions */
147#define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 /* TPM audit construction failed and the
148 underlying command was returning a failure
149 code also */
150#define TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 /* TPM audit construction failed and the underlying
151 command was returning success */
152#define TPM_NOTRESETABLE TPM_BASE + 50 /* Attempt to reset a PCR register that does not have
153 the resettable attribute */
154#define TPM_NOTLOCAL TPM_BASE + 51 /* Attempt to reset a PCR register that requires
155 locality and locality modifier not part of command
156 transport */
157#define TPM_BAD_TYPE TPM_BASE + 52 /* Make identity blob not properly typed */
158#define TPM_INVALID_RESOURCE TPM_BASE + 53 /* When saving context identified resource type does
159 not match actual resource */
160#define TPM_NOTFIPS TPM_BASE + 54 /* The TPM is attempting to execute a command only
161 available when in FIPS mode */
162#define TPM_INVALID_FAMILY TPM_BASE + 55 /* The command is attempting to use an invalid family
163 ID */
164#define TPM_NO_NV_PERMISSION TPM_BASE + 56 /* The permission to manipulate the NV storage is not
165 available */
166#define TPM_REQUIRES_SIGN TPM_BASE + 57 /* The operation requires a signed command */
167#define TPM_KEY_NOTSUPPORTED TPM_BASE + 58 /* Wrong operation to load an NV key */
168#define TPM_AUTH_CONFLICT TPM_BASE + 59 /* NV_LoadKey blob requires both owner and blob
169 authorization */
170#define TPM_AREA_LOCKED TPM_BASE + 60 /* The NV area is locked and not writable */
171#define TPM_BAD_LOCALITY TPM_BASE + 61 /* The locality is incorrect for the attempted
172 operation */
173#define TPM_READ_ONLY TPM_BASE + 62 /* The NV area is read only and can't be written to
174 */
175#define TPM_PER_NOWRITE TPM_BASE + 63 /* There is no protection on the write to the NV area
176 */
177#define TPM_FAMILYCOUNT TPM_BASE + 64 /* The family count value does not match */
178#define TPM_WRITE_LOCKED TPM_BASE + 65 /* The NV area has already been written to */
179#define TPM_BAD_ATTRIBUTES TPM_BASE + 66 /* The NV area attributes conflict */
180#define TPM_INVALID_STRUCTURE TPM_BASE + 67 /* The structure tag and version are invalid or
181 inconsistent */
182#define TPM_KEY_OWNER_CONTROL TPM_BASE + 68 /* The key is under control of the TPM Owner and can
183 only be evicted by the TPM Owner. */
184#define TPM_BAD_COUNTER TPM_BASE + 69 /* The counter handle is incorrect */
185#define TPM_NOT_FULLWRITE TPM_BASE + 70 /* The write is not a complete write of the area */
186#define TPM_CONTEXT_GAP TPM_BASE + 71 /* The gap between saved context counts is too large
187 */
188#define TPM_MAXNVWRITES TPM_BASE + 72 /* The maximum number of NV writes without an owner
189 has been exceeded */
190#define TPM_NOOPERATOR TPM_BASE + 73 /* No operator authorization value is set */
191#define TPM_RESOURCEMISSING TPM_BASE + 74 /* The resource pointed to by context is not loaded
192 */
193#define TPM_DELEGATE_LOCK TPM_BASE + 75 /* The delegate administration is locked */
194#define TPM_DELEGATE_FAMILY TPM_BASE + 76 /* Attempt to manage a family other then the delegated
195 family */
196#define TPM_DELEGATE_ADMIN TPM_BASE + 77 /* Delegation table management not enabled */
197#define TPM_TRANSPORT_NOTEXCLUSIVE TPM_BASE + 78 /* There was a command executed outside of an
198 exclusive transport session */
199#define TPM_OWNER_CONTROL TPM_BASE + 79 /* Attempt to context save a owner evict controlled
200 key */
201#define TPM_DAA_RESOURCES TPM_BASE + 80 /* The DAA command has no resources available to
202 execute the command */
203#define TPM_DAA_INPUT_DATA0 TPM_BASE + 81 /* The consistency check on DAA parameter inputData0
204 has failed. */
205#define TPM_DAA_INPUT_DATA1 TPM_BASE + 82 /* The consistency check on DAA parameter inputData1
206 has failed. */
207#define TPM_DAA_ISSUER_SETTINGS TPM_BASE + 83 /* The consistency check on DAA_issuerSettings has
208 failed. */
209#define TPM_DAA_TPM_SETTINGS TPM_BASE + 84 /* The consistency check on DAA_tpmSpecific has
210 failed. */
211#define TPM_DAA_STAGE TPM_BASE + 85 /* The atomic process indicated by the submitted DAA
212 command is not the expected process. */
213#define TPM_DAA_ISSUER_VALIDITY TPM_BASE + 86 /* The issuer's validity check has detected an
214 inconsistency */
215#define TPM_DAA_WRONG_W TPM_BASE + 87 /* The consistency check on w has failed. */
216#define TPM_BAD_HANDLE TPM_BASE + 88 /* The handle is incorrect */
217#define TPM_BAD_DELEGATE TPM_BASE + 89 /* Delegation is not correct */
218#define TPM_BADCONTEXT TPM_BASE + 90 /* The context blob is invalid */
219#define TPM_TOOMANYCONTEXTS TPM_BASE + 91 /* Too many contexts held by the TPM */
220#define TPM_MA_TICKET_SIGNATURE TPM_BASE + 92 /* Migration authority signature validation failure
221 */
222#define TPM_MA_DESTINATION TPM_BASE + 93 /* Migration destination not authenticated */
223#define TPM_MA_SOURCE TPM_BASE + 94 /* Migration source incorrect */
224#define TPM_MA_AUTHORITY TPM_BASE + 95 /* Incorrect migration authority */
225#define TPM_PERMANENTEK TPM_BASE + 97 /* Attempt to revoke the EK and the EK is not revocable */
226#define TPM_BAD_SIGNATURE TPM_BASE + 98 /* Bad signature of CMK ticket */
227#define TPM_NOCONTEXTSPACE TPM_BASE + 99 /* There is no room in the context list for additional
228 contexts */
229
230/* As error codes are added here, they should also be added to lib/miscfunc.c */
231
232/* TPM-defined non-fatal errors */
233
234#define TPM_RETRY TPM_BASE + TPM_NON_FATAL /* The TPM is too busy to respond to the
235 command immediately, but the command
236 could be submitted at a later time */
237#define TPM_NEEDS_SELFTEST TPM_BASE + TPM_NON_FATAL + 1 /* TPM_ContinueSelfTest has has not
238 been run*/
239#define TPM_DOING_SELFTEST TPM_BASE + TPM_NON_FATAL + 2 /* The TPM is currently executing the
240 actions of TPM_ContinueSelfTest
241 because the ordinal required
242 resources that have not been
243 tested. */
244#define TPM_DEFEND_LOCK_RUNNING TPM_BASE + TPM_NON_FATAL + 3
245 /* The TPM is defending against dictionary
246 attacks and is in some time-out
247 period. */
248
249#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette