TPM Main Part 3 Commands TCG © Copyright
Specification Version 1.2
Change History
Version Date Description
Rev 50 Jul 2003 Started 01 Jul 2003 by David Grawrock
Breakup into parts and the merge of 1.1 commands
Rev 63 Oct 2003 Change history tied to part 1 and kept in part 1 (DP)
Rev 71 Mar 2004 Change in terms from authorization data to AuthData.
Rev 91 Sept 2005 The following modifications were made by Tasneem Brutch:
Update to section 6.2 informative, for TPM_OwnerClear.
Addtion of action item 15, to section 6.2, for TPM_OwnerClear.
Addition of “MAY” to section 20.1, TPM_NV_DefineSpace, Action 1(a).
Addition of a new Action (4) to Section 20.2, TPM_NV_WriteValue
Addtion of a new Action (3) to Section 20.4, TPM_NV_ReadValue.
Typo corrected in Section 21.1
Moved TPM_GetCapabilityOwner from Section the Deleted Commands (section 28.1) to section 7.3. Added
information on operands, command description and actions from Rev. 67.
Rev 92
Sept 2005
Section 7.3 TPM_GetCapabilityOwner
Ordinal was added to the outgoing params, which is not returned but is typically included in outParamDigest.
Rev 92 Sept 2005
Corrected a copy and paste error:
Part 3 20.2 TPM_NV_WriteValue
Removed the Action
"3. If D1 -> TPM_NV_PER_AUTHREAD is TRUE return TPM_AUTH_CONFLICT"
Rev 93 Sept. 2005
Moved TPM_CertifySelfTest command to the deleted section.
Rev 100 May 2006
Added deferredPhysicalPresence and its use in TPM_FieldUpgrade, clarified CTR mode, added TPM_NV_INDEX_TRIAL and
use in TPM_NV_DefineSpace
Rev 101 Aug 2006
Changed “set to NULL” to “set to all zeros” in many places. TPM_OwnerClear must affect disableFullDALogicInfo. Clarified
that _INFO keys may be used where _SHA1 keys are used. Clarified that a global secret can be used for field upgrade
confidentiality. Added TPM_CMK_CreateBlob actions for the migrationType parameter. Added TPM_CertifyKey action to
check payload. Clarified that TPM_Delegate_LoadOwnerDelegation returns an error if there is no owner and owner
authorization is present. Clarified that TPM_NV_DefineSpace cannot define the DIR index. Clarified that the TPM does not
have to clean up the effects of a wrapped command upon failure of a transport response. Clarified that TPM_ReleaseCounter
does not ignore the continueAuthSession parameter.
Rev 102 Sept 2006
Reworked TPM_GetPubkey to always check authorization data if present and allow no-authorization for
TPM_AUTH_PRIV_USE_ONLY or TPM_AUTH_NEVER. Fixed TPM_LoadContext typo, Action 6.e. returns error if the
HMAC does NOT match.
Rev 103 Oct 2006
Added warning notes where excluding key handle from HMAC can allow an attack. Added warning that delegating
TPM_ChangeAuth allows elevation of privilege.
Rev 104 Nov 2006
Owner clear sets allowMaintenance and readSRKPub to default state. TPM_Unseal can use DSAP.
TPM_CreateEndorsementKeyPair uses TPM_ES_RSAESOAEP_SHA1_MGF1.
Rev 105 Feb 2007
TPM_Seal, TPM_CreateWrapKey informative that they lack an identifier. TPM_NV_DefineSpace should check inputs before
changing state. TPM_NV_DefineSpace, TPM_NV_WriteValue, TPM_NV_ReadValue ignore disabled and deactivated when
nvLocked is FALSE, MAY always check HMAC. TPM_NV_WriteValue must not return error for DIR data size of 0.
TPM_NV_ReadValue partial DIR reads are allowed. Informative that audit occurs twice for transport wrapped command.
TPM_Reset must invalidate OSAP and DSAP sessions, must not invalidate sessions saved by TPM_SaveContext.
Rev 106 April 2007
Removed tpmProof check for non-migratable parent keys.
Rev 107 July 2007
Removed unused maxNVBufSize. Increment the auditMonotonicCounter before audit response if digest is zero. State should
not change on field upgrade authorization failure. PCR values for a key are validated at use, not at load. TPM_StirRandom is
not required to check for data < 256 bytes. TPM_ChangeAuth must validate usageAuth. Entity PCRs must be validated each
time an OIAP session is used. TPM_ExecuteTransport MUST log public key logs.
Rev 108 Sept 2007
TPM_ForceClear succeeds even with no owner (informative). Audit only occurs when the commands executes successfully.
Field upgrade should not change shielded locations. Reordered TPM_NV_DefineSpace, TPM_NV_WriteValue so the NV
write cound is not incremented if there is an authorization error.
Rev 109 Oct 2007
Added PCR index check to TPM_SHA1CompleteExtend, TPM_Extend, TPM_PCRRead.
Rev 110 May 2008
Minor typo corrections.
Level 2 Revision 116 28 February 2011 TCG Published iii
TCG Published
10
11
58
12
13
