Fapi_Provision

Functions
TSS2_RC	Fapi_Provision (FAPI_CONTEXT *context, char const *authValueEh, char const *authValueSh, char const *authValueLockout)
TSS2_RC	Fapi_Provision_Async (FAPI_CONTEXT *context, char const *authValueEh, char const *authValueSh, char const *authValueLockout)
TSS2_RC	Fapi_Provision_Finish (FAPI_CONTEXT *context)

Detailed Description

FAPI functions to invoke Provision either as one-call or in an asynchronous manner.

Function Documentation

Fapi_Provision()

Fapi_Provision	(	FAPI_CONTEXT *	context,
		char const *	authValueEh,
		char const *	authValueSh,
		char const *	authValueLockout
	)

One-Call function for the initial FAPI provisioning.

Provisions a TSS with its TPM. This includes the setting of important passwords and policy settings as well as the readout of the EK and its certificate and the initialization of the system-wide keystore.

Parameters

[in,out]	context	The FAPI_CONTEXT.
[in]	authValueEh	The authorization value for the endorsement hierarchy. May be NULL
[in]	authValueSh	The authorization value for the storage hierarchy. Should be NULL
[in]	authValueLockout	The authorization value for lockout.

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	if context is NULL.
TSS2_FAPI_RC_BAD_CONTEXT	if context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_NO_CERT	if no certificate was found for the computed EK.
TSS2_FAPI_RC_BAD_KEY	if public key of the EK does not match the configured certificate or the configured fingerprint does not match the computed EK.
TSS2_FAPI_RC_IO_ERROR	if the data cannot be saved.
TSS2_FAPI_RC_MEMORY	if the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_NO_TPM	if FAPI was initialized in no-TPM-mode via its config file.
TSS2_FAPI_RC_TRY_AGAIN	if an I/O operation is not finished yet and this function needs to be called again.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN	if a required authorization callback is not set.
TSS2_FAPI_RC_AUTHORIZATION_FAILED	if the authorization attempt fails.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_POLICY_UNKNOWN	if policy search for a certain policy digest was not successful.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_KEY_NOT_FOUND	if a key was not found.
TSS2_ESYS_RC_*	possible error codes of ESAPI.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.
TSS2_FAPI_RC_PATH_ALREADY_EXISTS	if the object already exists in object store.

Fapi_Provision_Async()

Fapi_Provision_Async	(	FAPI_CONTEXT *	context,
		char const *	authValueEh,
		char const *	authValueSh,
		char const *	authValueLockout
	)

Asynchronous function for the initial FAPI provisioning.

Provisions a TSS with its TPM. This includes the setting of important passwords and policy settings as well as the readout of the EK and its certificate and the initialization of the system-wide keystore.

Call Fapi_Provision_Finish to finish the execution of this command.

Parameters

[in,out]	context	The FAPI_CONTEXT.
[in]	authValueEh	The authorization value for the endorsement hierarchy. May be NULL
[in]	authValueSh	The authorization value for the storage hierarchy. Should be NULL
[in]	authValueLockout	The authorization value for lockout.

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	if context is NULL.
TSS2_FAPI_RC_BAD_CONTEXT	if context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_IO_ERROR	if the data cannot be saved.
TSS2_FAPI_RC_MEMORY	if the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_NO_TPM	if FAPI was initialized in no-TPM-mode via its config file.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.

Fapi_Provision_Finish()

Fapi_Provision_Finish

(

FAPI_CONTEXT *

context

)

Asynchronous finish function for Fapi_Provision

This function should be called after a previous Fapi_Provision_Async.

Parameters

[in,out]

context

The FAPI_CONTEXT

Return values

TSS2_RC_SUCCESS	if the function call was a success.
TSS2_FAPI_RC_BAD_REFERENCE	if context is NULL.
TSS2_FAPI_RC_BAD_CONTEXT	if context corruption is detected.
TSS2_FAPI_RC_BAD_SEQUENCE	if the context has an asynchronous operation already pending.
TSS2_FAPI_RC_NO_CERT	if no certificate was found for the computed EK.
TSS2_FAPI_RC_BAD_KEY	if public key of the EK does not match the configured certificate or the configured fingerprint does not match the computed EK.
TSS2_FAPI_RC_IO_ERROR	if the data cannot be saved.
TSS2_FAPI_RC_MEMORY	if the FAPI cannot allocate enough memory for internal operations or return parameters.
TSS2_FAPI_RC_TRY_AGAIN	if the asynchronous operation is not yet complete. Call this function again later.
TSS2_FAPI_RC_BAD_VALUE	if an invalid value was passed into the function.
TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN	if a required authorization callback is not set.
TSS2_FAPI_RC_AUTHORIZATION_FAILED	if the authorization attempt fails.
TSS2_FAPI_RC_GENERAL_FAILURE	if an internal error occurred.
TSS2_FAPI_RC_POLICY_UNKNOWN	if policy search for a certain policy digest was not successful.
TSS2_FAPI_RC_PATH_NOT_FOUND	if a FAPI object path was not found during authorization.
TSS2_FAPI_RC_KEY_NOT_FOUND	if a key was not found.
TSS2_ESYS_RC_*	possible error codes of ESAPI.
TSS2_FAPI_RC_NOT_PROVISIONED	FAPI was not provisioned.
TSS2_FAPI_RC_BAD_PATH	if the path is used in inappropriate context or contains illegal characters.
TSS2_FAPI_RC_PATH_ALREADY_EXISTS	if the object already exists in object store.

< Certificates will be stored at even address

< RSA template

< ECC template