grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v19 20/33] tss2: Add TPM2 types and Marshal/Unmarshal functions


From: Gary Lin
Subject: [PATCH v19 20/33] tss2: Add TPM2 types and Marshal/Unmarshal functions
Date: Fri, 6 Sep 2024 17:11:12 +0800

This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.

Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/lib/tss2/tss2_mu.c      | 1174 +++++++++++++++++++++++++++++
 grub-core/lib/tss2/tss2_mu.h      |  397 ++++++++++
 grub-core/lib/tss2/tss2_structs.h |  773 +++++++++++++++++++
 grub-core/lib/tss2/tss2_types.h   |  404 ++++++++++
 4 files changed, 2748 insertions(+)
 create mode 100644 grub-core/lib/tss2/tss2_mu.c
 create mode 100644 grub-core/lib/tss2/tss2_mu.h
 create mode 100644 grub-core/lib/tss2/tss2_structs.h
 create mode 100644 grub-core/lib/tss2/tss2_types.h

diff --git a/grub-core/lib/tss2/tss2_mu.c b/grub-core/lib/tss2/tss2_mu.c
new file mode 100644
index 000000000..86134cc0a
--- /dev/null
+++ b/grub-core/lib/tss2/tss2_mu.c
@@ -0,0 +1,1174 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2022 Microsoft Corporation
+ *  Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/misc.h>
+
+#include <tss2_mu.h>
+
+void
+grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMS_AUTH_COMMAND_t *authCommand)
+{
+  grub_uint32_t start;
+  grub_uint32_t tmp;
+
+  grub_tpm2_buffer_pack_u32 (buffer, 0);
+  start = buffer->size;
+
+  grub_tpm2_buffer_pack_u32 (buffer, authCommand->sessionHandle);
+
+  grub_tpm2_buffer_pack_u16 (buffer, authCommand->nonce.size);
+  grub_tpm2_buffer_pack (buffer, authCommand->nonce.buffer, 
authCommand->nonce.size);
+
+  grub_tpm2_buffer_pack_u8 (buffer, *((const grub_uint8_t *) 
&authCommand->sessionAttributes));
+
+  grub_tpm2_buffer_pack_u16 (buffer, authCommand->hmac.size);
+  grub_tpm2_buffer_pack (buffer, authCommand->hmac.buffer, 
authCommand->hmac.size);
+
+  tmp = grub_cpu_to_be32 (buffer->size - start);
+  grub_memcpy (&buffer->data[start - sizeof (grub_uint32_t)], &tmp, sizeof 
(tmp));
+}
+
+void
+grub_Tss2_MU_TPM2B_Marshal (grub_tpm2_buffer_t buffer,
+                           const grub_uint16_t size,
+                           const grub_uint8_t *b)
+{
+  grub_uint16_t i;
+
+  grub_tpm2_buffer_pack_u16 (buffer, size);
+
+  for (i = 0; i < size; i++)
+    grub_tpm2_buffer_pack_u8 (buffer, b[i]);
+}
+
+void
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMI_ALG_SYM_OBJECT_t algorithm,
+                                       const TPMU_SYM_KEY_BITS_t *p)
+{
+  switch (algorithm)
+    {
+    case TPM_ALG_AES:
+    case TPM_ALG_SM4:
+    case TPM_ALG_CAMELLIA:
+    case TPM_ALG_XOR:
+      grub_tpm2_buffer_pack_u16 (buffer, *((const grub_uint16_t *) p));
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMU_SYM_MODE_Marshal (grub_tpm2_buffer_t buffer,
+                                   const TPMI_ALG_SYM_OBJECT_t algorithm,
+                                   const TPMU_SYM_MODE_t *p)
+{
+  switch (algorithm)
+    {
+    case TPM_ALG_AES:
+    case TPM_ALG_SM4:
+    case TPM_ALG_CAMELLIA:
+      grub_tpm2_buffer_pack_u16 (buffer, *((const grub_uint16_t *) p));
+      break;
+    case TPM_ALG_XOR:
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_SYM_DEF_Marshal (grub_tpm2_buffer_t buffer,
+                                  const TPMT_SYM_DEF_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->algorithm);
+  grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (buffer, p->algorithm, &p->keyBits);
+  grub_Tss2_MU_TPMU_SYM_MODE_Marshal (buffer, p->algorithm, &p->mode);
+}
+
+void
+grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
+                                        const TPMS_PCR_SELECTION_t 
*pcrSelection)
+{
+  grub_uint32_t i;
+
+  grub_tpm2_buffer_pack_u16 (buffer, pcrSelection->hash);
+  grub_tpm2_buffer_pack_u8 (buffer, pcrSelection->sizeOfSelect);
+
+  for (i = 0; i < pcrSelection->sizeOfSelect; i++)
+    grub_tpm2_buffer_pack_u8 (buffer, pcrSelection->pcrSelect[i]);
+}
+
+void
+grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
+                                        const TPML_PCR_SELECTION_t 
*pcrSelection)
+{
+  grub_uint32_t i;
+
+  grub_tpm2_buffer_pack_u32 (buffer, pcrSelection->count);
+
+  for (i = 0; i < pcrSelection->count; i++)
+    grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (buffer, 
&pcrSelection->pcrSelections[i]);
+}
+
+void
+grub_Tss2_MU_TPMA_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
+                                 const TPMA_OBJECT_t *p)
+{
+  grub_tpm2_buffer_pack_u32 (buffer, *((const grub_uint32_t *) p));
+}
+
+void
+grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMS_SCHEME_XOR_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg);
+  grub_tpm2_buffer_pack_u16 (buffer, p->kdf);
+}
+
+void
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (grub_tpm2_buffer_t buffer,
+                                      const TPMS_SCHEME_HMAC_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg);
+}
+
+void
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (grub_tpm2_buffer_t buffer,
+                                           const TPMI_ALG_KEYEDHASH_SCHEME_t 
scheme,
+                                           const TPMU_SCHEME_KEYEDHASH_t *p)
+{
+  switch (scheme)
+    {
+    case TPM_ALG_HMAC:
+      grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (buffer, &p->hmac);
+      break;
+    case TPM_ALG_XOR:
+      grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (buffer, &p->exclusiveOr);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                           const TPMT_KEYEDHASH_SCHEME_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
+  grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                          const TPMS_KEYEDHASH_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (buffer, &p->scheme);
+}
+
+void
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
+                                         const TPMT_SYM_DEF_OBJECT_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->algorithm);
+  grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (buffer, p->algorithm, &p->keyBits);
+  grub_Tss2_MU_TPMU_SYM_MODE_Marshal (buffer, p->algorithm, &p->mode);
+}
+
+void
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                      const TPMI_ALG_RSA_DECRYPT_t scheme,
+                                      const TPMU_ASYM_SCHEME_t *p 
__attribute__ ((unused)))
+{
+  switch (scheme)
+    {
+    case TPM_ALG_NULL:
+      break;
+    default:
+      /* Unsupported */
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_RSA_SCHEME_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
+  grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMS_RSA_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->symmetric);
+  grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (buffer, &p->scheme);
+  grub_tpm2_buffer_pack_u16 (buffer, p->keyBits);
+  grub_tpm2_buffer_pack_u32 (buffer, p->exponent);
+}
+
+void
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                          const TPMS_SYMCIPHER_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->sym);
+}
+
+void
+grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_ECC_SCHEME_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
+  grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMI_ALG_KDF_t scheme,
+                                     const TPMU_KDF_SCHEME_t *p)
+{
+  switch (scheme)
+    {
+    case TPM_ALG_MGF1:
+      grub_tpm2_buffer_pack_u16 (buffer, p->mgf1.hashAlg);
+      break;
+    case TPM_ALG_KDF1_SP800_56A:
+      grub_tpm2_buffer_pack_u16 (buffer, p->kdf1_sp800_56a.hashAlg);
+      break;
+    case TPM_ALG_KDF2:
+      grub_tpm2_buffer_pack_u16 (buffer, p->kdf2.hashAlg);
+      break;
+    case TPM_ALG_KDF1_SP800_108:
+      grub_tpm2_buffer_pack_u16 (buffer, p->kdf1_sp800_108.hashAlg);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_KDF_SCHEME_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->scheme);
+  grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMS_ECC_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->symmetric);
+  grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (buffer, &p->scheme);
+  grub_tpm2_buffer_pack_u16 (buffer, p->curveID);
+  grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (buffer, &p->kdf);
+}
+
+void
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                       const grub_uint32_t type,
+                                       const TPMU_PUBLIC_PARMS_t *p)
+{
+  switch (type)
+    {
+    case TPM_ALG_KEYEDHASH:
+      grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (buffer, &p->keyedHashDetail);
+      break;
+    case TPM_ALG_SYMCIPHER:
+      grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (buffer, &p->symDetail);
+      break;
+    case TPM_ALG_RSA:
+      grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (buffer, &p->rsaDetail);
+      break;
+    case TPM_ALG_ECC:
+      grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (buffer, &p->eccDetail);
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMS_ECC_POINT_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMS_ECC_POINT_t *p)
+{
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->x.size, p->x.buffer);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->y.size, p->y.buffer);
+}
+
+void
+grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMI_ALG_PUBLIC_t type,
+                                    const TPMU_PUBLIC_ID_t *p)
+{
+  switch(type)
+    {
+    case TPM_ALG_KEYEDHASH:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->keyedHash.size, 
p->keyedHash.buffer);
+      break;
+    case TPM_ALG_SYMCIPHER:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer);
+      break;
+    case TPM_ALG_RSA:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer);
+      break;
+    case TPM_ALG_ECC:
+      grub_Tss2_MU_TPMS_ECC_POINT_Marshal (buffer, &p->ecc);
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMT_PUBLIC_PARMS_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->type);
+  grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (buffer, p->type, &p->parameters);
+}
+
+void
+grub_Tss2_MU_TPMT_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
+                                 const TPMT_PUBLIC_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->type);
+  grub_tpm2_buffer_pack_u16 (buffer, p->nameAlg);
+  grub_Tss2_MU_TPMA_OBJECT_Marshal (buffer, &p->objectAttributes);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->authPolicy.size, 
p->authPolicy.buffer);
+  grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (buffer, p->type, &p->parameters);
+  grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (buffer, p->type, &p->unique);
+}
+
+void
+grub_Tss2_MU_TPM2B_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
+                                  const TPM2B_PUBLIC_t *p)
+{
+  grub_uint32_t start;
+  grub_uint16_t size;
+
+  if (p)
+    {
+      grub_tpm2_buffer_pack_u16 (buffer, p->size);
+
+      start = buffer->size;
+      grub_Tss2_MU_TPMT_PUBLIC_Marshal (buffer, &p->publicArea);
+      size = grub_cpu_to_be16 (buffer->size - start);
+      grub_memcpy (&buffer->data[start - sizeof (grub_uint16_t)], &size, 
sizeof (size));
+    }
+  else
+    grub_tpm2_buffer_pack_u16 (buffer, 0);
+}
+
+void
+grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
+                                           const TPMS_SENSITIVE_CREATE_t *p)
+{
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->userAuth.size, p->userAuth.buffer);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->data.size, p->data.buffer);
+}
+
+void
+grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer,
+                                               const TPMI_ALG_PUBLIC_t type,
+                                               const 
TPMU_SENSITIVE_COMPOSITE_t *p)
+{
+  switch(type)
+    {
+    case TPM_ALG_RSA:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer);
+      break;
+    case TPM_ALG_ECC:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->ecc.size, p->ecc.buffer);
+      break;
+    case TPM_ALG_KEYEDHASH:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->bits.size, p->bits.buffer);
+      break;
+    case TPM_ALG_SYMCIPHER:
+      grub_Tss2_MU_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer);
+      break;
+    default:
+      buffer->error = 1;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_SENSITIVE_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->sensitiveType);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->authValue.size, p->authValue.buffer);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->seedValue.size, p->seedValue.buffer);
+  grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (buffer, p->sensitiveType, 
&p->sensitive);
+}
+
+void
+grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
+                                      const TPM2B_SENSITIVE_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->size);
+  grub_Tss2_MU_TPMT_SENSITIVE_Marshal (buffer, &p->sensitiveArea);
+}
+
+void
+grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
+                                            const TPM2B_SENSITIVE_CREATE_t 
*sensitiveCreate)
+{
+  grub_uint32_t start;
+  grub_uint16_t size;
+
+  if (sensitiveCreate)
+    {
+      grub_tpm2_buffer_pack_u16 (buffer, sensitiveCreate->size);
+      start = buffer->size;
+      grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (buffer, 
&sensitiveCreate->sensitive);
+      size = grub_cpu_to_be16 (buffer->size - start);
+
+      grub_memcpy (&buffer->data[start - sizeof (grub_uint16_t)], &size, 
sizeof (size));
+    }
+  else
+    grub_tpm2_buffer_pack_u16 (buffer, 0);
+}
+
+void
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer,
+                                         const TPMS_SIGNATURE_RSA_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->hash);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->sig.size, p->sig.buffer);
+}
+
+void
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer,
+                                         const TPMS_SIGNATURE_ECC_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->hash);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->signatureR.size, 
p->signatureR.buffer);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->signatureS.size, 
p->signatureS.buffer);
+}
+
+void
+grub_Tss2_MU_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer,
+                              const TPMI_ALG_HASH_t hashAlg,
+                              const TPMU_HA_t *p)
+{
+  grub_uint16_t i;
+
+  switch (hashAlg)
+    {
+    case TPM_ALG_SHA1:
+      for (i = 0; i < TPM_SHA1_DIGEST_SIZE; i++)
+        grub_tpm2_buffer_pack_u8 (buffer, p->sha1[i]);
+      break;
+    case TPM_ALG_SHA256:
+      for (i = 0; i < TPM_SHA256_DIGEST_SIZE; i++)
+        grub_tpm2_buffer_pack_u8 (buffer, p->sha256[i]);
+      break;
+    case TPM_ALG_SHA384:
+      for (i = 0; i < TPM_SHA384_DIGEST_SIZE; i++)
+        grub_tpm2_buffer_pack_u8 (buffer, p->sha384[i]);
+      break;
+    case TPM_ALG_SHA512:
+      for (i = 0; i < TPM_SHA512_DIGEST_SIZE; i++)
+        grub_tpm2_buffer_pack_u8 (buffer, p->sha512[i]);
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer,
+                              const TPMT_HA_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg);
+  grub_Tss2_MU_TPMU_HA_Marshal (buffer, p->hashAlg, &p->digest);
+}
+
+void
+grub_Tss2_MU_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMI_ALG_SIG_SCHEME_t sigAlg,
+                                     const TPMU_SIGNATURE_t *p)
+{
+  switch (sigAlg)
+    {
+    case TPM_ALG_RSASSA:
+      grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA_t 
*) &p->rsassa);
+      break;
+    case TPM_ALG_RSAPSS:
+      grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA_t 
*) &p->rsapss);
+      break;
+    case TPM_ALG_ECDSA:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t 
*) &p->ecdsa);
+      break;
+    case TPM_ALG_ECDAA:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t 
*) &p->ecdaa);
+      break;
+    case TPM_ALG_SM2:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t 
*) &p->sm2);
+      break;
+    case TPM_ALG_ECSCHNORR:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t 
*) &p->ecschnorr);
+      break;
+    case TPM_ALG_HMAC:
+      grub_Tss2_MU_TPMT_HA_Marshal (buffer, &p->hmac);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_SIGNATURE_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->sigAlg);
+  grub_Tss2_MU_TPMU_SIGNATURE_Marshal (buffer, p->sigAlg, &p->signature);
+}
+
+void
+grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMT_TK_VERIFIED_t *p)
+{
+  grub_tpm2_buffer_pack_u16 (buffer, p->tag);
+  grub_tpm2_buffer_pack_u32 (buffer, p->hierarchy);
+  grub_Tss2_MU_TPM2B_Marshal (buffer, p->digest.size, p->digest.buffer);
+}
+
+static void
+__Tss2_MU_TPM2B_BUFFER_Unmarshal (grub_tpm2_buffer_t buffer,
+                                 TPM2B_t *p, grub_uint16_t bound)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
+
+  if (p->size > bound)
+    {
+      buffer->error = 1;
+      return;
+    }
+
+  grub_tpm2_buffer_unpack (buffer, &p->buffer, p->size);
+}
+
+#define TPM2B_BUFFER_UNMARSHAL(buffer, type, data) \
+  __Tss2_MU_TPM2B_BUFFER_Unmarshal(buffer, (TPM2B_t *)data, sizeof(type) - 
sizeof(grub_uint16_t))
+
+void
+grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMS_AUTH_RESPONSE_t *p)
+{
+  grub_uint8_t tmp;
+  grub_uint32_t tmp32;
+
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->nonce.size);
+
+  if (p->nonce.size)
+    grub_tpm2_buffer_unpack (buffer, &p->nonce.buffer, p->nonce.size);
+
+  grub_tpm2_buffer_unpack_u8 (buffer, &tmp);
+  tmp32 = tmp;
+  grub_memcpy (&p->sessionAttributes, &tmp32, sizeof (grub_uint32_t));
+
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->hmac.size);
+
+  if (p->hmac.size)
+    grub_tpm2_buffer_unpack (buffer, &p->hmac.buffer, p->hmac.size);
+}
+
+void
+grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
+                                    TPM2B_DIGEST_t *digest)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DIGEST_t, digest);
+}
+
+void
+grub_Tss2_MU_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPM2B_NONCE_t *nonce)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NONCE_t, nonce);
+}
+
+void
+grub_Tss2_MU_TPM2B_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                  TPM2B_DATA_t *data)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DATA_t, data);
+}
+
+void
+grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMS_CREATION_DATA_t *data)
+{
+  grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (buffer, &data->pcrSelect);
+  grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &data->pcrDigest);
+  grub_tpm2_buffer_unpack_u8 (buffer, (grub_uint8_t *)&data->locality);
+  grub_tpm2_buffer_unpack_u16 (buffer, &data->parentNameAlg);
+  grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &data->parentName);
+  grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &data->parentQualifiedName);
+  grub_Tss2_MU_TPM2B_DATA_Unmarshal (buffer, &data->outsideInfo);
+}
+
+void
+grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPM2B_CREATION_DATA_t *data)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &data->size);
+  grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (buffer, &data->creationData);
+}
+
+void
+grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                     TPM2B_PRIVATE_t *private)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_PRIVATE_t, private);
+}
+
+void
+grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPM2B_SENSITIVE_DATA_t *data)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_SENSITIVE_DATA_t, data);
+}
+
+void
+grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPM2B_PUBLIC_KEY_RSA_t *rsa)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_PUBLIC_KEY_RSA_t, rsa);
+}
+
+void
+grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPM2B_ECC_PARAMETER_t *param)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_ECC_PARAMETER_t, param);
+}
+
+void
+grub_Tss2_MU_TPMA_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPMA_OBJECT_t *p)
+{
+  grub_tpm2_buffer_unpack_u32 (buffer, (grub_uint32_t *) p);
+}
+
+void
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                        TPMS_SCHEME_HMAC_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg);
+}
+
+void
+grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMS_SCHEME_XOR_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg);
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf);
+}
+
+void
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (grub_tpm2_buffer_t buffer,
+                                             TPMI_ALG_KEYEDHASH_SCHEME_t 
scheme,
+                                             TPMU_SCHEME_KEYEDHASH_t *p)
+{
+  switch (scheme)
+    {
+    case TPM_ALG_HMAC:
+      grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (buffer, &p->hmac);
+      break;
+    case TPM_ALG_XOR:
+      grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (buffer, &p->exclusiveOr);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                             TPMT_KEYEDHASH_SCHEME_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
+  grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (buffer, p->scheme, 
&p->details);
+}
+
+void
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPMS_KEYEDHASH_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (buffer, &p->scheme);
+}
+
+void
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                         TPMI_ALG_SYM_OBJECT_t algorithm,
+                                         TPMU_SYM_KEY_BITS_t *p)
+{
+  switch (algorithm)
+    {
+    case TPM_ALG_AES:
+    case TPM_ALG_SM4:
+    case TPM_ALG_CAMELLIA:
+    case TPM_ALG_XOR:
+      grub_tpm2_buffer_unpack_u16 (buffer, (grub_uint16_t *) p);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                     TPMI_ALG_SYM_OBJECT_t algorithm,
+                                     TPMU_SYM_MODE_t *p)
+{
+  switch (algorithm)
+    {
+    case TPM_ALG_AES:
+    case TPM_ALG_SM4:
+    case TPM_ALG_CAMELLIA:
+      grub_tpm2_buffer_unpack_u16 (buffer, (grub_uint16_t *) p);
+      break;
+    case TPM_ALG_XOR:
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPMT_SYM_DEF_OBJECT_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->algorithm);
+  grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (buffer, p->algorithm, &p->keyBits);
+  grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (buffer, p->algorithm, &p->mode);
+}
+
+void
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPMS_SYMCIPHER_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->sym);
+}
+
+void
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                        TPMI_ALG_RSA_DECRYPT_t scheme,
+                                        TPMU_ASYM_SCHEME_t *p 
__attribute__((unused)))
+{
+  switch (scheme)
+    {
+    case TPM_ALG_NULL:
+      break;
+    default:
+      /* Unsupported */
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_RSA_SCHEME_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
+  grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_RSA_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->symmetric);
+  grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (buffer, &p->scheme);
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->keyBits);
+  grub_tpm2_buffer_unpack_u32 (buffer, &p->exponent);
+}
+
+void
+grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_ECC_SCHEME_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
+  grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMI_ALG_KDF_t scheme,
+                                       TPMU_KDF_SCHEME_t *p)
+{
+  switch (scheme)
+    {
+    case TPM_ALG_MGF1:
+      grub_tpm2_buffer_unpack_u16 (buffer, &p->mgf1.hashAlg);
+      break;
+    case TPM_ALG_KDF1_SP800_56A:
+      grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf1_sp800_56a.hashAlg);
+      break;
+    case TPM_ALG_KDF2:
+      grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf2.hashAlg);
+      break;
+    case TPM_ALG_KDF1_SP800_108:
+      grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf1_sp800_108.hashAlg);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_KDF_SCHEME_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme);
+  grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (buffer, p->scheme, &p->details);
+}
+
+void
+grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_ECC_PARMS_t *p)
+{
+  grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->symmetric);
+  grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (buffer, &p->scheme );
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->curveID);
+  grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (buffer, &p->kdf);
+}
+
+void
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                         grub_uint32_t type,
+                                         TPMU_PUBLIC_PARMS_t *p)
+{
+  switch (type)
+    {
+    case TPM_ALG_KEYEDHASH:
+      grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (buffer, 
&p->keyedHashDetail);
+      break;
+    case TPM_ALG_SYMCIPHER:
+      grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (buffer, &p->symDetail);
+      break;
+    case TPM_ALG_RSA:
+      grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (buffer, &p->rsaDetail);
+      break;
+    case TPM_ALG_ECC:
+      grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (buffer, &p->eccDetail);
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_ECC_POINT_t *p)
+{
+  grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &p->x);
+  grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &p->y);
+}
+
+void
+grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMI_ALG_PUBLIC_t type,
+                                      TPMU_PUBLIC_ID_t *p)
+{
+  switch(type)
+    {
+    case TPM_ALG_KEYEDHASH:
+      grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->keyedHash);
+      break;
+    case TPM_ALG_SYMCIPHER:
+      grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->sym);
+      break;
+    case TPM_ALG_RSA:
+      grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (buffer, &p->rsa);
+      break;
+    case TPM_ALG_ECC:
+      grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (buffer, &p->ecc);
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPMT_PUBLIC_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->type);
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->nameAlg);
+  grub_Tss2_MU_TPMA_OBJECT_Unmarshal (buffer, &p->objectAttributes);
+  grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->authPolicy);
+  grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (buffer, p->type, &p->parameters);
+  grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (buffer, p->type, &p->unique);
+}
+
+void
+grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                    TPM2B_PUBLIC_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
+  grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (buffer, &p->publicArea);
+}
+
+void
+grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_NV_PUBLIC_t *p)
+{
+  grub_tpm2_buffer_unpack_u32 (buffer, &p->nvIndex);
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->nameAlg);
+  grub_tpm2_buffer_unpack_u32 (buffer, &p->attributes);
+  grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->authPolicy);
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->dataSize);
+}
+
+void
+grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPM2B_NV_PUBLIC_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->size);
+  grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (buffer, &p->nvPublic);
+}
+
+void
+grub_Tss2_MU_TPM2B_NAME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                  TPM2B_NAME_t *n)
+{
+  TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NAME_t, n);
+}
+
+void
+grub_Tss2_MU_TPMS_TAGGED_PROPERTY_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPMS_TAGGED_PROPERTY_t *property)
+{
+  grub_tpm2_buffer_unpack_u32 (buffer, &property->property);
+  grub_tpm2_buffer_unpack_u32 (buffer, &property->value);
+}
+
+void
+grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer,
+                                        TPMT_TK_CREATION_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->tag);
+  grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy);
+  grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest);
+}
+
+void
+grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMT_TK_HASHCHECK_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->tag);
+  grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy);
+  grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest);
+}
+
+void
+grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer,
+                                         TPMT_TK_VERIFIED_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->tag);
+  grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy);
+  grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest);
+}
+
+void
+grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMS_PCR_SELECTION_t *pcrSelection)
+{
+  grub_uint32_t i;
+
+  grub_tpm2_buffer_unpack_u16 (buffer, &pcrSelection->hash);
+  grub_tpm2_buffer_unpack_u8 (buffer, &pcrSelection->sizeOfSelect);
+
+  if (pcrSelection->sizeOfSelect > TPM_PCR_SELECT_MAX)
+    {
+      buffer->error = 1;
+      return;
+    }
+
+  for (i = 0; i < pcrSelection->sizeOfSelect; i++)
+    grub_tpm2_buffer_unpack_u8 (buffer, &pcrSelection->pcrSelect[i]);
+}
+
+void
+grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPML_PCR_SELECTION_t *pcrSelection)
+{
+  grub_uint32_t i;
+
+  grub_tpm2_buffer_unpack_u32 (buffer, &pcrSelection->count);
+
+  if (pcrSelection->count > TPM_NUM_PCR_BANKS)
+    {
+      buffer->error = 1;
+      return;
+    }
+
+  for (i = 0; i < pcrSelection->count; i++)
+    grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (buffer, 
&pcrSelection->pcrSelections[i]);
+}
+
+void
+grub_Tss2_MU_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPML_DIGEST_t *digest)
+{
+  grub_uint32_t i;
+
+  grub_tpm2_buffer_unpack_u32 (buffer, &digest->count);
+
+  if (digest->count > 8)
+    {
+      buffer->error = 1;
+      return;
+    }
+
+  for (i = 0; i < digest->count; i++)
+    grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &digest->digests[i]);
+}
+
+void
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPMS_SIGNATURE_RSA_t *rsa)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &rsa->hash);
+  grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (buffer, &rsa->sig);
+}
+
+void
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPMS_SIGNATURE_ECC_t *ecc)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &ecc->hash);
+  grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &ecc->signatureR);
+  grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &ecc->signatureS);
+}
+
+void
+grub_Tss2_MU_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                TPMI_ALG_HASH_t hashAlg,
+                                TPMU_HA_t *p)
+{
+  switch (hashAlg)
+    {
+    case TPM_ALG_SHA1:
+      grub_tpm2_buffer_unpack (buffer, &p->sha1, TPM_SHA1_DIGEST_SIZE);
+      break;
+    case TPM_ALG_SHA256:
+      grub_tpm2_buffer_unpack (buffer, &p->sha256, TPM_SHA256_DIGEST_SIZE);
+      break;
+    case TPM_ALG_SHA384:
+      grub_tpm2_buffer_unpack (buffer, &p->sha384, TPM_SHA384_DIGEST_SIZE);
+      break;
+    case TPM_ALG_SHA512:
+      grub_tpm2_buffer_unpack (buffer, &p->sha512, TPM_SHA512_DIGEST_SIZE);
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                TPMT_HA_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg);
+  grub_Tss2_MU_TPMU_HA_Unmarshal (buffer, p->hashAlg, &p->digest);
+}
+
+void
+grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMI_ALG_SIG_SCHEME_t sigAlg,
+                                       TPMU_SIGNATURE_t *p)
+{
+  switch (sigAlg)
+    {
+    case TPM_ALG_RSASSA:
+      grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA_t 
*)&p->rsassa);
+      break;
+    case TPM_ALG_RSAPSS:
+      grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA_t 
*)&p->rsapss);
+      break;
+    case TPM_ALG_ECDSA:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t 
*)&p->ecdsa);
+      break;
+    case TPM_ALG_ECDAA:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t 
*)&p->ecdaa);
+      break;
+    case TPM_ALG_SM2:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t 
*)&p->sm2);
+      break;
+    case TPM_ALG_ECSCHNORR:
+      grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t 
*)&p->ecschnorr);
+      break;
+    case TPM_ALG_HMAC:
+      grub_Tss2_MU_TPMT_HA_Unmarshal (buffer, &p->hmac);
+      break;
+    case TPM_ALG_NULL:
+      break;
+    default:
+      buffer->error = 1;
+      break;
+    }
+}
+
+void
+grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_SIGNATURE_t *p)
+{
+  grub_tpm2_buffer_unpack_u16 (buffer, &p->sigAlg);
+  grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (buffer, p->sigAlg, &p->signature);
+}
diff --git a/grub-core/lib/tss2/tss2_mu.h b/grub-core/lib/tss2/tss2_mu.h
new file mode 100644
index 000000000..8f82126e1
--- /dev/null
+++ b/grub-core/lib/tss2/tss2_mu.h
@@ -0,0 +1,397 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2022 Microsoft Corporation
+ *  Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_TPM2_MU_HEADER
+#define GRUB_TPM2_MU_HEADER 1
+
+#include <tss2_buffer.h>
+#include <tss2_structs.h>
+
+extern void
+grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMS_AUTH_COMMAND_t *authCommand);
+
+extern void
+grub_Tss2_MU_TPM2B_Marshal (grub_tpm2_buffer_t buffer,
+                           const grub_uint16_t size,
+                           const grub_uint8_t *b);
+
+extern void
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMI_ALG_SYM_OBJECT_t algorithm,
+                                       const TPMU_SYM_KEY_BITS_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SYM_MODE_Marshal (grub_tpm2_buffer_t buffer,
+                                   const TPMI_ALG_SYM_OBJECT_t algorithm,
+                                   const TPMU_SYM_MODE_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_SYM_DEF_Marshal (grub_tpm2_buffer_t buffer,
+                                  const TPMT_SYM_DEF_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
+                                        const TPMS_PCR_SELECTION_t 
*pcrSelection);
+
+extern void
+grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer,
+                                        const TPML_PCR_SELECTION_t 
*pcrSelection);
+
+extern void
+grub_Tss2_MU_TPMA_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
+                                 const TPMA_OBJECT_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMS_SCHEME_XOR_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (grub_tpm2_buffer_t buffer,
+                                      const TPMS_SCHEME_HMAC_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (grub_tpm2_buffer_t buffer,
+                                           const TPMI_ALG_KEYEDHASH_SCHEME_t 
scheme,
+                                           const TPMU_SCHEME_KEYEDHASH_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                           const TPMT_KEYEDHASH_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                          const TPMS_KEYEDHASH_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (grub_tpm2_buffer_t buffer,
+                                         const TPMT_SYM_DEF_OBJECT_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                      const TPMI_ALG_RSA_DECRYPT_t scheme,
+                                      const TPMU_ASYM_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_RSA_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMS_RSA_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                          const TPMS_SYMCIPHER_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_ECC_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMI_ALG_KDF_t scheme,
+                                     const TPMU_KDF_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_KDF_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMS_ECC_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                       const grub_uint32_t type,
+                                       const TPMU_PUBLIC_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_ECC_POINT_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMS_ECC_POINT_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (grub_tpm2_buffer_t buffer,
+                                    const TPMI_ALG_PUBLIC_t type,
+                                    const TPMU_PUBLIC_ID_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMT_PUBLIC_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
+                                 const TPMT_PUBLIC_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
+                                  const TPM2B_PUBLIC_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
+                                           const TPMS_SENSITIVE_CREATE_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer,
+                                            const TPM2B_SENSITIVE_CREATE_t 
*sensitiveCreate);
+
+extern void
+grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer,
+                                               const TPMI_ALG_PUBLIC_t type,
+                                               const 
TPMU_SENSITIVE_COMPOSITE_t *p);
+extern void
+grub_Tss2_MU_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_SENSITIVE_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer,
+                                      const TPM2B_SENSITIVE_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer,
+                                         const TPMS_SIGNATURE_RSA_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer,
+                                         const TPMS_SIGNATURE_ECC_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer,
+                              const TPMI_ALG_HASH_t hashAlg,
+                              const TPMU_HA_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer,
+                              const TPMT_HA_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMI_ALG_SIG_SCHEME_t sigAlg,
+                                     const TPMU_SIGNATURE_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer,
+                                     const TPMT_SIGNATURE_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer,
+                                       const TPMT_TK_VERIFIED_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMS_AUTH_RESPONSE_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
+                                    TPM2B_DIGEST_t *digest);
+
+extern void
+grub_Tss2_MU_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPM2B_NONCE_t *nonce);
+
+extern void
+grub_Tss2_MU_TPM2B_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                  TPM2B_DATA_t *data);
+
+extern void
+grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMS_CREATION_DATA_t *data);
+
+extern void
+grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPM2B_CREATION_DATA_t *data);
+
+extern void
+grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                     TPM2B_PRIVATE_t *private);
+
+extern void
+grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPM2B_SENSITIVE_DATA_t *data);
+
+extern void
+grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPM2B_PUBLIC_KEY_RSA_t *rsa);
+
+extern void
+grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPM2B_ECC_PARAMETER_t *param);
+
+extern void
+grub_Tss2_MU_TPMA_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPMA_OBJECT_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                        TPMS_SCHEME_HMAC_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMS_SCHEME_XOR_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (grub_tpm2_buffer_t buffer,
+                                             TPMI_ALG_KEYEDHASH_SCHEME_t 
scheme,
+                                             TPMU_SCHEME_KEYEDHASH_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                             TPMT_KEYEDHASH_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPMS_KEYEDHASH_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                         TPMI_ALG_SYM_OBJECT_t algorithm,
+                                         TPMU_SYM_KEY_BITS_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                     TPMI_ALG_SYM_OBJECT_t algorithm,
+                                     TPMU_SYM_MODE_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPMT_SYM_DEF_OBJECT_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPMS_SYMCIPHER_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                        TPMI_ALG_RSA_DECRYPT_t scheme,
+                                        TPMU_ASYM_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_RSA_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_RSA_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_ECC_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMI_ALG_KDF_t scheme,
+                                       TPMU_KDF_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_KDF_SCHEME_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_ECC_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer,
+                                         grub_uint32_t type,
+                                         TPMU_PUBLIC_PARMS_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_ECC_POINT_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMI_ALG_PUBLIC_t type,
+                                      TPMU_PUBLIC_ID_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPMT_PUBLIC_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                    TPM2B_PUBLIC_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                      TPMS_NV_PUBLIC_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPM2B_NV_PUBLIC_t *p);
+
+extern void
+grub_Tss2_MU_TPM2B_NAME_Unmarshal (grub_tpm2_buffer_t buffer,
+                                  TPM2B_NAME_t *n);
+
+extern void
+grub_Tss2_MU_TPMS_TAGGED_PROPERTY_Unmarshal (grub_tpm2_buffer_t buffer,
+                                            TPMS_TAGGED_PROPERTY_t *property);
+
+extern void
+grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer,
+                                        TPMT_TK_CREATION_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMT_TK_HASHCHECK_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer,
+                                         TPMT_TK_VERIFIED_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPMS_PCR_SELECTION_t *pcrSelection);
+
+extern void
+grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer,
+                                          TPML_PCR_SELECTION_t *pcrSelection);
+
+extern void
+grub_Tss2_MU_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer,
+                                   TPML_DIGEST_t *digest);
+
+extern void
+grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPMS_SIGNATURE_RSA_t *p);
+
+extern void
+grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer,
+                                           TPMS_SIGNATURE_ECC_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                TPMI_ALG_HASH_t hashAlg,
+                                TPMU_HA_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer,
+                                TPMT_HA_t *p);
+
+extern void
+grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMI_ALG_SIG_SCHEME_t sigAlg,
+                                       TPMU_SIGNATURE_t *p);
+
+extern void
+grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer,
+                                       TPMT_SIGNATURE_t *p);
+
+#endif /* ! GRUB_TPM2_MU_HEADER */
diff --git a/grub-core/lib/tss2/tss2_structs.h 
b/grub-core/lib/tss2/tss2_structs.h
new file mode 100644
index 000000000..3f6ace3f9
--- /dev/null
+++ b/grub-core/lib/tss2/tss2_structs.h
@@ -0,0 +1,773 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2022 Microsoft Corporation
+ *  Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_TPM2_INTERNAL_STRUCTS_HEADER
+#define GRUB_TPM2_INTERNAL_STRUCTS_HEADER 1
+
+#include <tss2_types.h>
+
+/* TPMS_TAGGED_PROPERTY Structure */
+struct TPMS_TAGGED_PROPERTY
+{
+  TPM_PT_t property;
+  grub_uint32_t value;
+};
+typedef struct TPMS_TAGGED_PROPERTY TPMS_TAGGED_PROPERTY_t;
+
+/* TPML_TAGGED_TPM_PROPERTY Structure */
+struct TPML_TAGGED_TPM_PROPERTY
+{
+  grub_uint32_t count;
+  TPMS_TAGGED_PROPERTY_t tpmProperty[TPM_MAX_TPM_PROPERTIES];
+};
+typedef struct TPML_TAGGED_TPM_PROPERTY TPML_TAGGED_TPM_PROPERTY_t;
+
+/* TPMU_CAPABILITIES Structure */
+union TPMU_CAPABILITIES
+{
+  TPML_TAGGED_TPM_PROPERTY_t tpmProperties;
+};
+typedef union TPMU_CAPABILITIES TPMU_CAPABILITIES_t;
+
+/* TPMS_CAPABILITY_DATA Structure */
+struct TPMS_CAPABILITY_DATA
+{
+  TPM_CAP_t capability;
+  TPMU_CAPABILITIES_t data;
+};
+typedef struct TPMS_CAPABILITY_DATA TPMS_CAPABILITY_DATA_t;
+
+/* TPMS_PCR_SELECT Structure */
+struct TPMS_PCR_SELECT
+{
+  grub_uint8_t sizeOfSelect;
+  grub_uint8_t pcrSelect[TPM_PCR_SELECT_MAX];
+};
+typedef struct TPMS_PCR_SELECT TPMS_PCR_SELECT_t;
+
+/* TPMS_PCR_SELECTION Structure */
+struct TPMS_PCR_SELECTION
+{
+  TPMI_ALG_HASH_t hash;
+  grub_uint8_t sizeOfSelect;
+  grub_uint8_t pcrSelect[TPM_PCR_SELECT_MAX];
+};
+typedef struct TPMS_PCR_SELECTION TPMS_PCR_SELECTION_t;
+
+static inline void TPMS_PCR_SELECTION_SelectPCR(TPMS_PCR_SELECTION_t *self, 
grub_uint32_t n)
+{
+  self->pcrSelect[(n / 8)] |= (1 << (n % 8));
+}
+
+/* TPML_PCR_SELECTION Structure */
+struct TPML_PCR_SELECTION
+{
+  grub_uint32_t count;
+  TPMS_PCR_SELECTION_t pcrSelections[TPM_NUM_PCR_BANKS];
+};
+typedef struct TPML_PCR_SELECTION TPML_PCR_SELECTION_t;
+
+/* TPMU_HA Structure */
+union TPMU_HA
+{
+  grub_uint8_t sha1[TPM_SHA1_DIGEST_SIZE];
+  grub_uint8_t sha256[TPM_SHA256_DIGEST_SIZE];
+  grub_uint8_t sha384[TPM_SHA384_DIGEST_SIZE];
+  grub_uint8_t sha512[TPM_SHA512_DIGEST_SIZE];
+  grub_uint8_t sm3_256[TPM_SM3_256_DIGEST_SIZE];
+};
+typedef union TPMU_HA TPMU_HA_t;
+
+/* TPM2B Structure */
+struct TPM2B
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[1];
+};
+typedef struct TPM2B TPM2B_t;
+
+/* TPM2B_DIGEST Structure */
+struct TPM2B_DIGEST
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[sizeof(TPMU_HA_t)];
+};
+typedef struct TPM2B_DIGEST TPM2B_DIGEST_t;
+
+/* TPML_DIGEST Structure */
+struct TPML_DIGEST
+{
+  grub_uint32_t count;
+  TPM2B_DIGEST_t digests[8];
+};
+typedef struct TPML_DIGEST TPML_DIGEST_t;
+
+/* TPM2B_NONCE Type */
+typedef TPM2B_DIGEST_t TPM2B_NONCE_t;
+
+/* TPMA_SESSION Structure */
+struct TPMA_SESSION
+{
+  grub_uint8_t continueSession:1;
+  grub_uint8_t auditExclusive:1;
+  grub_uint8_t auditReset:1;
+  grub_uint8_t reserved:2;
+  grub_uint8_t decrypt:1;
+  grub_uint8_t encrypt:1;
+  grub_uint8_t audit:1;
+};
+typedef struct TPMA_SESSION TPMA_SESSION_t;
+
+/* TPM2B_AUTH Type */
+typedef TPM2B_DIGEST_t TPM2B_AUTH_t;
+
+/* TPMS_AUTH_COMMAND Structure */
+struct TPMS_AUTH_COMMAND
+{
+  TPMI_SH_AUTH_SESSION_t sessionHandle;
+  TPM2B_NONCE_t nonce;
+  TPMA_SESSION_t sessionAttributes;
+  TPM2B_AUTH_t hmac;
+};
+typedef struct TPMS_AUTH_COMMAND TPMS_AUTH_COMMAND_t;
+
+/* TPMS_AUTH_RESPONSE Structure */
+struct TPMS_AUTH_RESPONSE
+{
+  TPM2B_NONCE_t nonce;
+  TPMA_SESSION_t sessionAttributes;
+  TPM2B_AUTH_t hmac;
+};
+typedef struct TPMS_AUTH_RESPONSE TPMS_AUTH_RESPONSE_t;
+
+/* TPM2B_SENSITIVE_DATA Structure */
+struct TPM2B_SENSITIVE_DATA
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_SYM_DATA];
+};
+typedef struct TPM2B_SENSITIVE_DATA TPM2B_SENSITIVE_DATA_t;
+
+/* TPMS_SENSITIVE_CREATE Structure */
+struct TPMS_SENSITIVE_CREATE
+{
+  TPM2B_AUTH_t userAuth;
+  TPM2B_SENSITIVE_DATA_t data;
+};
+typedef struct TPMS_SENSITIVE_CREATE TPMS_SENSITIVE_CREATE_t;
+
+/* TPM2B_SENSITIVE_CREATE Structure */
+struct TPM2B_SENSITIVE_CREATE
+{
+  grub_uint16_t size;
+  TPMS_SENSITIVE_CREATE_t sensitive;
+};
+typedef struct TPM2B_SENSITIVE_CREATE TPM2B_SENSITIVE_CREATE_t;
+
+/* TPMA_OBJECT Structure */
+struct TPMA_OBJECT
+{
+  grub_uint32_t reserved1:1;
+  grub_uint32_t fixedTPM:1;
+  grub_uint32_t stClear:1;
+  grub_uint32_t reserved2:1;
+  grub_uint32_t fixedParent:1;
+  grub_uint32_t sensitiveDataOrigin:1;
+  grub_uint32_t userWithAuth:1;
+  grub_uint32_t adminWithPolicy:1;
+  grub_uint32_t reserved3:2;
+  grub_uint32_t noDA:1;
+  grub_uint32_t encryptedDuplication:1;
+  grub_uint32_t reserved4:4;
+  grub_uint32_t restricted:1;
+  grub_uint32_t decrypt:1;
+  grub_uint32_t sign:1;
+  grub_uint32_t reserved5:13;
+};
+typedef struct TPMA_OBJECT TPMA_OBJECT_t;
+
+/* TPMS_SCHEME_HASH Structure */
+struct TPMS_SCHEME_HASH
+{
+  TPMI_ALG_HASH_t hashAlg;
+};
+typedef struct TPMS_SCHEME_HASH TPMS_SCHEME_HASH_t;
+
+/* TPMS_SCHEME_HASH Types */
+typedef TPMS_SCHEME_HASH_t TPMS_KEY_SCHEME_ECDH_t;
+typedef TPMS_SCHEME_HASH_t TPMS_KEY_SCHEME_ECMQV_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_RSASSA_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_RSAPSS_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECDSA_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECDAA_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_SM2_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECSCHNORR_t;
+typedef TPMS_SCHEME_HASH_t TPMS_ENC_SCHEME_RSAES_t;
+typedef TPMS_SCHEME_HASH_t TPMS_ENC_SCHEME_OAEP_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_MGF1_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF1_SP800_56A_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t;
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF1_SP800_108_t;
+
+/* TPMS_SCHEME_HMAC Type */
+typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_HMAC_t;
+
+/* TPMS_SCHEME_XOR Structure */
+struct TPMS_SCHEME_XOR
+{
+  TPMI_ALG_HASH_t hashAlg;
+  TPMI_ALG_KDF_t kdf;
+};
+typedef struct TPMS_SCHEME_XOR TPMS_SCHEME_XOR_t;
+
+/* TPMU_SCHEME_KEYEDHASH Union */
+union TPMU_SCHEME_KEYEDHASH
+{
+  TPMS_SCHEME_HMAC_t hmac;
+  TPMS_SCHEME_XOR_t exclusiveOr;
+};
+typedef union TPMU_SCHEME_KEYEDHASH TPMU_SCHEME_KEYEDHASH_t;
+
+/* TPMT_KEYEDHASH_SCHEME Structure */
+struct TPMT_KEYEDHASH_SCHEME
+{
+  TPMI_ALG_KEYEDHASH_SCHEME_t scheme;
+  TPMU_SCHEME_KEYEDHASH_t details;
+};
+typedef struct TPMT_KEYEDHASH_SCHEME TPMT_KEYEDHASH_SCHEME_t;
+
+/* TPMS_KEYEDHASH_PARMS Structure */
+struct TPMS_KEYEDHASH_PARMS
+{
+  TPMT_KEYEDHASH_SCHEME_t scheme;
+};
+typedef struct TPMS_KEYEDHASH_PARMS TPMS_KEYEDHASH_PARMS_t;
+
+/* TPMU_SYM_KEY_BITS Union */
+union TPMU_SYM_KEY_BITS
+{
+  TPM_KEY_BITS_t aes;
+  TPM_KEY_BITS_t exclusiveOr;
+  TPM_KEY_BITS_t sm4;
+  TPM_KEY_BITS_t camellia;
+};
+typedef union TPMU_SYM_KEY_BITS TPMU_SYM_KEY_BITS_t;
+
+/* TPMU_SYM_MODE Union */
+union TPMU_SYM_MODE
+{
+  TPMI_ALG_SYM_MODE_t aes;
+  TPMI_ALG_SYM_MODE_t sm4;
+  TPMI_ALG_SYM_MODE_t camellia;
+  TPMI_ALG_SYM_MODE_t sym;
+};
+typedef union TPMU_SYM_MODE TPMU_SYM_MODE_t;
+
+/* TPMT_SYM_DEF_OBJECT Structure */
+struct TPMT_SYM_DEF_OBJECT
+{
+  TPMI_ALG_SYM_OBJECT_t algorithm;
+  TPMU_SYM_KEY_BITS_t keyBits;
+  TPMU_SYM_MODE_t mode;
+};
+typedef struct TPMT_SYM_DEF_OBJECT TPMT_SYM_DEF_OBJECT_t;
+
+/* TPMS_SYMCIPHER_PARMS Structure */
+struct TPMS_SYMCIPHER_PARMS
+{
+  TPMT_SYM_DEF_OBJECT_t sym;
+};
+typedef struct TPMS_SYMCIPHER_PARMS TPMS_SYMCIPHER_PARMS_t;
+
+/* TPMU_ASYM_SCHEME Union */
+union TPMU_ASYM_SCHEME
+{
+  TPMS_KEY_SCHEME_ECDH_t ecdh;
+  TPMS_KEY_SCHEME_ECMQV_t ecmqv;
+  TPMS_SIG_SCHEME_RSASSA_t rsassa;
+  TPMS_SIG_SCHEME_RSAPSS_t rsapss;
+  TPMS_SIG_SCHEME_ECDSA_t ecdsa;
+  TPMS_SIG_SCHEME_ECDAA_t ecdaa;
+  TPMS_SIG_SCHEME_SM2_t sm2;
+  TPMS_SIG_SCHEME_ECSCHNORR_t ecschnorr;
+  TPMS_ENC_SCHEME_RSAES_t rsaes;
+  TPMS_ENC_SCHEME_OAEP_t oaep;
+  TPMS_SCHEME_HASH_t anySig;
+  unsigned char padding[4];
+};
+typedef union TPMU_ASYM_SCHEME TPMU_ASYM_SCHEME_t;
+
+/* TPMT_RSA_SCHEME Structure */
+struct TPMT_RSA_SCHEME
+{
+  TPMI_ALG_RSA_SCHEME_t scheme;
+  TPMU_ASYM_SCHEME_t details;
+};
+typedef struct TPMT_RSA_SCHEME TPMT_RSA_SCHEME_t;
+
+/* TPMS_RSA_PARMS Structure */
+struct TPMS_RSA_PARMS
+{
+  TPMT_SYM_DEF_OBJECT_t symmetric;
+  TPMT_RSA_SCHEME_t scheme;
+  TPM_KEY_BITS_t keyBits;
+  grub_uint32_t exponent;
+};
+typedef struct TPMS_RSA_PARMS TPMS_RSA_PARMS_t;
+
+/* TPMT_ECC_SCHEME Structure */
+struct TPMT_ECC_SCHEME
+{
+  TPMI_ALG_ECC_SCHEME_t scheme;
+  TPMU_ASYM_SCHEME_t details;
+};
+typedef struct TPMT_ECC_SCHEME TPMT_ECC_SCHEME_t;
+
+/* TPMU_KDF_SCHEME Union */
+union TPMU_KDF_SCHEME
+{
+  TPMS_SCHEME_MGF1_t mgf1;
+  TPMS_SCHEME_KDF1_SP800_56A_t kdf1_sp800_56a;
+  TPMS_SCHEME_KDF2_t kdf2;
+  TPMS_SCHEME_KDF1_SP800_108_t kdf1_sp800_108;
+};
+typedef union TPMU_KDF_SCHEME TPMU_KDF_SCHEME_t;
+
+/* TPMT_KDF_SCHEME Structure */
+struct TPMT_KDF_SCHEME
+{
+  TPMI_ALG_KDF_t scheme;
+  TPMU_KDF_SCHEME_t details;
+};
+typedef struct TPMT_KDF_SCHEME TPMT_KDF_SCHEME_t;
+
+/* TPMS_ECC_PARMS Structure */
+struct TPMS_ECC_PARMS
+{
+  TPMT_SYM_DEF_OBJECT_t symmetric;
+  TPMT_ECC_SCHEME_t scheme;
+  TPMI_ECC_CURVE_t curveID;
+  TPMT_KDF_SCHEME_t kdf;
+};
+typedef struct TPMS_ECC_PARMS TPMS_ECC_PARMS_t;
+
+/* TPMT_ASYM_SCHEME Structure */
+struct TPMT_ASYM_SCHEME
+{
+  TPMI_ALG_ASYM_SCHEME_t scheme;
+  TPMU_ASYM_SCHEME_t details;
+};
+typedef struct TPMT_ASYM_SCHEME TPMT_ASYM_SCHEME_t;
+
+/* TPMS_ASYM_PARMS Structure */
+struct TPMS_ASYM_PARMS
+{
+  TPMT_SYM_DEF_OBJECT_t symmetric;
+  TPMT_ASYM_SCHEME_t scheme;
+};
+typedef struct TPMS_ASYM_PARMS TPMS_ASYM_PARMS_t;
+
+/* TPMU_PUBLIC_PARMS Union */
+union TPMU_PUBLIC_PARMS
+{
+  TPMS_KEYEDHASH_PARMS_t keyedHashDetail;
+  TPMS_SYMCIPHER_PARMS_t symDetail;
+  TPMS_RSA_PARMS_t rsaDetail;
+  TPMS_ECC_PARMS_t eccDetail;
+  TPMS_ASYM_PARMS_t asymDetail;
+};
+typedef union TPMU_PUBLIC_PARMS TPMU_PUBLIC_PARMS_t;
+
+/* TPMT_PUBLIC_PARMS Structure */
+struct TPMT_PUBLIC_PARMS {
+    TPMI_ALG_PUBLIC_t type;
+    TPMU_PUBLIC_PARMS_t parameters;
+};
+typedef struct TPMT_PUBLIC_PARMS TPMT_PUBLIC_PARMS_t;
+
+/* TPM2B_PUBLIC_KEY_RSA Structure */
+struct TPM2B_PUBLIC_KEY_RSA
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_RSA_KEY_BYTES];
+};
+typedef struct TPM2B_PUBLIC_KEY_RSA TPM2B_PUBLIC_KEY_RSA_t;
+
+/* TPM2B_ECC_PARAMETER Structure */
+struct TPM2B_ECC_PARAMETER
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_ECC_KEY_BYTES];
+};
+typedef struct TPM2B_ECC_PARAMETER TPM2B_ECC_PARAMETER_t;
+
+/* TPMS_ECC_POINT Structure */
+struct TPMS_ECC_POINT
+{
+  TPM2B_ECC_PARAMETER_t x;
+  TPM2B_ECC_PARAMETER_t y;
+};
+typedef struct TPMS_ECC_POINT TPMS_ECC_POINT_t;
+
+/* TPMU_ENCRYPTED_SECRET Union */
+union TPMU_ENCRYPTED_SECRET
+{
+  grub_uint8_t ecc[sizeof(TPMS_ECC_POINT_t)];
+  grub_uint8_t rsa[TPM_MAX_RSA_KEY_BYTES];
+  grub_uint8_t symmetric[sizeof(TPM2B_DIGEST_t)];
+  grub_uint8_t keyedHash[sizeof(TPM2B_DIGEST_t)];
+};
+typedef union TPMU_ENCRYPTED_SECRET TPMU_ENCRYPTED_SECRET_t;
+
+/* TPM2B_ENCRYPTED_SECRET Structure */
+struct TPM2B_ENCRYPTED_SECRET
+{
+  grub_uint16_t size;
+  grub_uint8_t secret[sizeof(TPMU_ENCRYPTED_SECRET_t)];
+};
+typedef struct TPM2B_ENCRYPTED_SECRET TPM2B_ENCRYPTED_SECRET_t;
+
+/* TPMU_PUBLIC_ID Union */
+union TPMU_PUBLIC_ID
+{
+  TPM2B_DIGEST_t keyedHash;
+  TPM2B_DIGEST_t sym;
+  TPM2B_PUBLIC_KEY_RSA_t rsa;
+  TPMS_ECC_POINT_t ecc;
+};
+typedef union TPMU_PUBLIC_ID TPMU_PUBLIC_ID_t;
+
+/* TPMT_PUBLIC Structure */
+struct TPMT_PUBLIC
+{
+  TPMI_ALG_PUBLIC_t type;
+  TPMI_ALG_HASH_t nameAlg;
+  TPMA_OBJECT_t objectAttributes;
+  TPM2B_DIGEST_t authPolicy;
+  TPMU_PUBLIC_PARMS_t parameters;
+  TPMU_PUBLIC_ID_t unique;
+};
+typedef struct TPMT_PUBLIC TPMT_PUBLIC_t;
+
+/* TPM2B_PUBLIC Structure */
+struct TPM2B_PUBLIC
+{
+  grub_uint16_t size;
+  TPMT_PUBLIC_t publicArea;
+};
+typedef struct TPM2B_PUBLIC TPM2B_PUBLIC_t;
+
+/* TPMT_HA Structure */
+struct TPMT_HA
+{
+  TPMI_ALG_HASH_t hashAlg;
+  TPMU_HA_t digest;
+};
+typedef struct TPMT_HA TPMT_HA_t;
+
+/* TPM2B_DATA Structure */
+struct TPM2B_DATA
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[sizeof(TPMT_HA_t)];
+};
+typedef struct TPM2B_DATA TPM2B_DATA_t;
+
+/* TPMA_LOCALITY Structure */
+struct TPMA_LOCALITY
+{
+  grub_uint8_t TPM_LOC_ZERO:1;
+  grub_uint8_t TPM_LOC_ONE:1;
+  grub_uint8_t TPM_LOC_TWO:1;
+  grub_uint8_t TPM_LOC_THREE:1;
+  grub_uint8_t TPM_LOC_FOUR:1;
+  grub_uint8_t Extended:3;
+};
+typedef struct TPMA_LOCALITY TPMA_LOCALITY_t;
+
+/* TPMU_NAME Union */
+union TPMU_NAME
+{
+  TPMT_HA_t digest;
+  TPM_HANDLE_t handle;
+};
+typedef union TPMU_NAME TPMU_NAME_t;
+
+/* TPM2B_NAME Structure */
+struct TPM2B_NAME
+{
+  grub_uint16_t size;
+  grub_uint8_t name[sizeof(TPMU_NAME_t)];
+};
+typedef struct TPM2B_NAME TPM2B_NAME_t;
+
+/* TPMS_CREATION_DATA Structure */
+struct TPMS_CREATION_DATA
+{
+  TPML_PCR_SELECTION_t pcrSelect;
+  TPM2B_DIGEST_t pcrDigest;
+  TPMA_LOCALITY_t locality;
+  TPM_ALG_ID_t parentNameAlg;
+  TPM2B_NAME_t parentName;
+  TPM2B_NAME_t parentQualifiedName;
+  TPM2B_DATA_t outsideInfo;
+};
+typedef struct TPMS_CREATION_DATA TPMS_CREATION_DATA_t;
+
+/* TPM2B_CREATION_DATA Structure */
+struct TPM2B_CREATION_DATA
+{
+  grub_uint16_t size;
+  TPMS_CREATION_DATA_t creationData;
+};
+typedef struct TPM2B_CREATION_DATA TPM2B_CREATION_DATA_t;
+
+/* TPMT_SYM_DEF Structure */
+struct TPMT_SYM_DEF
+{
+  TPMI_ALG_SYM_t algorithm;
+  TPMU_SYM_KEY_BITS_t keyBits;
+  TPMU_SYM_MODE_t mode;
+};
+typedef struct TPMT_SYM_DEF TPMT_SYM_DEF_t;
+
+/* TPM2B_MAX_BUFFER Structure */
+struct TPM2B_MAX_BUFFER
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_DIGEST_BUFFER];
+};
+typedef struct TPM2B_MAX_BUFFER TPM2B_MAX_BUFFER_t;
+
+/* TPMT_TK_HASHCHECK Structure */
+struct TPMT_TK_HASHCHECK
+{
+  TPM_ST_t tag;
+  TPMI_RH_HIERARCHY_t hierarchy;
+  TPM2B_DIGEST_t digest;
+};
+typedef struct TPMT_TK_HASHCHECK TPMT_TK_HASHCHECK_t;
+
+/* TPM2B_SYM_KEY Structure */
+struct TPM2B_SYM_KEY
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_SYM_KEY_BYTES];
+};
+typedef struct TPM2B_SYM_KEY TPM2B_SYM_KEY_t;
+
+/* TPM2B_PRIVATE_KEY_RSA Structure */
+struct TPM2B_PRIVATE_KEY_RSA
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_RSA_KEY_BYTES/2];
+};
+typedef struct TPM2B_PRIVATE_KEY_RSA TPM2B_PRIVATE_KEY_RSA_t;
+
+/* TPM2B_PRIVATE_VENDOR_SPECIFIC Structure */
+struct TPM2B_PRIVATE_VENDOR_SPECIFIC
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_PRIVATE_VENDOR_SPECIFIC_BYTES];
+};
+typedef struct TPM2B_PRIVATE_VENDOR_SPECIFIC TPM2B_PRIVATE_VENDOR_SPECIFIC_t;
+
+/* TPM2B_PRIVATE_VENDOR_SPECIFIC Union */
+union TPMU_SENSITIVE_COMPOSITE
+{
+  TPM2B_PRIVATE_KEY_RSA_t rsa;
+  TPM2B_ECC_PARAMETER_t ecc;
+  TPM2B_SENSITIVE_DATA_t bits;
+  TPM2B_SYM_KEY_t sym;
+  TPM2B_PRIVATE_VENDOR_SPECIFIC_t any;
+};
+typedef union TPMU_SENSITIVE_COMPOSITE TPMU_SENSITIVE_COMPOSITE_t;
+
+/* TPMT_SENSITIVE Structure */
+struct TPMT_SENSITIVE
+{
+  TPMI_ALG_PUBLIC_t sensitiveType;
+  TPM2B_AUTH_t authValue;
+  TPM2B_DIGEST_t seedValue;
+  TPMU_SENSITIVE_COMPOSITE_t sensitive;
+};
+typedef struct TPMT_SENSITIVE TPMT_SENSITIVE_t;
+
+/* TPM2B_SENSITIVE Structure */
+struct TPM2B_SENSITIVE
+{
+  grub_uint16_t size;
+  TPMT_SENSITIVE_t sensitiveArea;
+};
+typedef struct TPM2B_SENSITIVE TPM2B_SENSITIVE_t;
+
+/*
+ * _PRIVATE Structure
+ *
+ * Although '_PRIVATE' is the name defined in the TPM2 SPEC, it is too generic,
+ * so here we add the '__TPM2B' prefix to make the struct specific for 
'TPM2B_PRIVATE'.
+ */
+struct __TPM2B_PRIVATE
+{
+  TPM2B_DIGEST_t integrityOuter;
+  TPM2B_DIGEST_t integrityInner;
+  TPM2B_SENSITIVE_t sensitive;
+};
+typedef struct __TPM2B_PRIVATE __TPM2B_PRIVATE_t;
+
+/* TPM2B_PRIVATE Structure */
+struct TPM2B_PRIVATE
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[sizeof(__TPM2B_PRIVATE_t)];
+};
+typedef struct TPM2B_PRIVATE TPM2B_PRIVATE_t;
+
+/* TPML_DIGEST_VALUES Structure */
+struct TPML_DIGEST_VALUES
+{
+  grub_uint16_t count;
+  TPMT_HA_t digests[TPM_NUM_PCR_BANKS];
+};
+typedef struct TPML_DIGEST_VALUES TPML_DIGEST_VALUES_t;
+
+/* TPM2B_MAX_NV_BUFFER Structure */
+struct TPM2B_MAX_NV_BUFFER
+{
+  grub_uint16_t size;
+  grub_uint8_t buffer[TPM_MAX_NV_BUFFER_SIZE];
+};
+typedef struct TPM2B_MAX_NV_BUFFER TPM2B_MAX_NV_BUFFER_t;
+
+/* TPMS_NV_PUBLIC Structure */
+struct TPMS_NV_PUBLIC
+{
+    TPMI_RH_NV_INDEX_t nvIndex;
+    TPMI_ALG_HASH_t nameAlg;
+    TPMA_NV_t attributes;
+    TPM2B_DIGEST_t authPolicy;
+    grub_uint16_t dataSize;
+};
+typedef struct TPMS_NV_PUBLIC TPMS_NV_PUBLIC_t;
+
+/* TPM2B_NV_PUBLIC Structure */
+struct TPM2B_NV_PUBLIC
+{
+    grub_uint16_t size;
+    TPMS_NV_PUBLIC_t nvPublic;
+};
+typedef struct TPM2B_NV_PUBLIC TPM2B_NV_PUBLIC_t;
+
+/* TPMT_TK_CREATION Structure */
+struct TPMT_TK_CREATION
+{
+    TPM_ST_t tag;
+    TPMI_RH_HIERARCHY_t hierarchy;
+    TPM2B_DIGEST_t digest;
+};
+typedef struct TPMT_TK_CREATION TPMT_TK_CREATION_t;
+
+/* TPMS_EMPTY Structure */
+struct TPMS_EMPTY {
+  grub_uint8_t empty[1]; /* a structure with no member */
+};
+typedef struct TPMS_EMPTY TPMS_EMPTY_t;
+
+/* TPMS_SIGNATURE_RSA Structure */
+struct TPMS_SIGNATURE_RSA {
+  TPMI_ALG_HASH_t hash;
+  TPM2B_PUBLIC_KEY_RSA_t sig;
+};
+typedef struct TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSA_t;
+
+/* Definition of Types for RSA Signature */
+typedef TPMS_SIGNATURE_RSA_t TPMS_SIGNATURE_RSASSA_t;
+typedef TPMS_SIGNATURE_RSA_t TPMS_SIGNATURE_RSAPSS_t;
+
+/* TPMS_SIGNATURE_ECC Structure */
+struct TPMS_SIGNATURE_ECC {
+  TPMI_ALG_HASH_t hash;
+  TPM2B_ECC_PARAMETER_t signatureR;
+  TPM2B_ECC_PARAMETER_t signatureS;
+};
+typedef struct TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECC_t;
+
+/* Definition of Types for ECC TPMS_SIGNATURE_ECC */
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECDSA_t;
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECDAA_t;
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_SM2_t;
+typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECSCHNORR_t;
+
+/* TPMU_SIGNATURE Structure */
+union TPMU_SIGNATURE {
+  TPMS_SIGNATURE_RSASSA_t rsassa;
+  TPMS_SIGNATURE_RSAPSS_t rsapss;
+  TPMS_SIGNATURE_ECDSA_t ecdsa;
+  TPMS_SIGNATURE_ECDAA_t ecdaa;
+  TPMS_SIGNATURE_SM2_t sm2;
+  TPMS_SIGNATURE_ECSCHNORR_t ecschnorr;
+  TPMT_HA_t hmac;
+  TPMS_SCHEME_HASH_t any;
+  TPMS_EMPTY_t null;
+};
+typedef union TPMU_SIGNATURE TPMU_SIGNATURE_t;
+
+/* TPMT_SIGNATURE Structure */
+struct TPMT_SIGNATURE {
+  TPMI_ALG_SIG_SCHEME_t sigAlg;
+  TPMU_SIGNATURE_t signature;
+};
+typedef struct TPMT_SIGNATURE TPMT_SIGNATURE_t;
+
+static inline TPMI_ALG_HASH_t
+TPMT_SIGNATURE_get_hash_alg (TPMT_SIGNATURE_t *sig)
+{
+  switch (sig->sigAlg)
+    {
+    case TPM_ALG_RSASSA:
+      return sig->signature.rsassa.hash;
+    case TPM_ALG_RSAPSS:
+      return sig->signature.rsapss.hash;
+    case TPM_ALG_ECDSA:
+      return sig->signature.ecdsa.hash;
+    case TPM_ALG_ECDAA:
+      return sig->signature.ecdaa.hash;
+    case TPM_ALG_SM2:
+      return sig->signature.sm2.hash;
+    case TPM_ALG_ECSCHNORR:
+      return sig->signature.ecschnorr.hash;
+    case TPM_ALG_HMAC:
+      return sig->signature.hmac.hashAlg;
+    default:
+      break;
+    }
+
+  return TPM_ALG_NULL;
+}
+
+/* TPMT_TK_VERIFIED Structure */
+struct TPMT_TK_VERIFIED {
+  TPM_ST_t tag;
+  TPMI_RH_HIERARCHY_t hierarchy;
+  TPM2B_DIGEST_t digest;
+};
+typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED_t;
+
+#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */
diff --git a/grub-core/lib/tss2/tss2_types.h b/grub-core/lib/tss2/tss2_types.h
new file mode 100644
index 000000000..a8f040b29
--- /dev/null
+++ b/grub-core/lib/tss2/tss2_types.h
@@ -0,0 +1,404 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2022 Microsoft Corporation
+ *  Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_TPM2_INTERNAL_TYPES_HEADER
+#define GRUB_TPM2_INTERNAL_TYPES_HEADER 1
+
+#include <grub/types.h>
+
+/* TPM2_RC Constants */
+typedef grub_uint32_t TPM_RC_t;
+
+#define TPM_RC_1                 ((TPM_RC_t) 0x100)
+#define TPM_RC_2                 ((TPM_RC_t) 0x200)
+#define TPM_RC_3                 ((TPM_RC_t) 0x300)
+#define TPM_RC_4                 ((TPM_RC_t) 0x400)
+#define TPM_RC_5                 ((TPM_RC_t) 0x500)
+#define TPM_RC_6                 ((TPM_RC_t) 0x600)
+#define TPM_RC_7                 ((TPM_RC_t) 0x700)
+#define TPM_RC_8                 ((TPM_RC_t) 0x800)
+#define TPM_RC_9                 ((TPM_RC_t) 0x900)
+#define TPM_RC_A                 ((TPM_RC_t) 0xA00)
+#define TPM_RC_ASYMMETRIC        ((TPM_RC_t) 0x081)
+#define TPM_RC_ATTRIBUTES        ((TPM_RC_t) 0x082)
+#define TPM_RC_AUTH_CONTEXT      ((TPM_RC_t) 0x145)
+#define TPM_RC_AUTH_FAIL         ((TPM_RC_t) 0x08E)
+#define TPM_RC_AUTH_MISSING      ((TPM_RC_t) 0x125)
+#define TPM_RC_AUTHSIZE          ((TPM_RC_t) 0x144)
+#define TPM_RC_AUTH_TYPE         ((TPM_RC_t) 0x124)
+#define TPM_RC_AUTH_UNAVAILABLE  ((TPM_RC_t) 0x12F)
+#define TPM_RC_B                 ((TPM_RC_t) 0xB00)
+#define TPM_RC_BAD_AUTH          ((TPM_RC_t) 0x0A2)
+#define TPM_RC_BAD_CONTEXT       ((TPM_RC_t) 0x150)
+#define TPM_RC_BAD_TAG           ((TPM_RC_t) 0x01E)
+#define TPM_RC_BINDING           ((TPM_RC_t) 0x0A5)
+#define TPM_RC_C                 ((TPM_RC_t) 0xC00)
+#define TPM_RC_CANCELED          ((TPM_RC_t) 0x909)
+#define TPM_RC_COMMAND_CODE      ((TPM_RC_t) 0x143)
+#define TPM_RC_COMMAND_SIZE      ((TPM_RC_t) 0x142)
+#define TPM_RC_CONTEXT_GAP       ((TPM_RC_t) 0x901)
+#define TPM_RC_CPHASH            ((TPM_RC_t) 0x151)
+#define TPM_RC_CURVE             ((TPM_RC_t) 0x0A6)
+#define TPM_RC_D                 ((TPM_RC_t) 0xD00)
+#define TPM_RC_DISABLED          ((TPM_RC_t) 0x120)
+#define TPM_RC_E                 ((TPM_RC_t) 0xE00)
+#define TPM_RC_ECC_POINT         ((TPM_RC_t) 0x0A7)
+#define TPM_RC_EXCLUSIVE         ((TPM_RC_t) 0x121)
+#define TPM_RC_EXPIRED           ((TPM_RC_t) 0x0A3)
+#define TPM_RC_F                 ((TPM_RC_t) 0xF00)
+#define TPM_RC_FAILURE           ((TPM_RC_t) 0x101)
+#define TPM_RC_H                 ((TPM_RC_t) 0x000)
+#define TPM_RC_HANDLE            ((TPM_RC_t) 0x08B)
+#define TPM_RC_HASH              ((TPM_RC_t) 0x083)
+#define TPM_RC_HIERARCHY         ((TPM_RC_t) 0x085)
+#define TPM_RC_HMAC              ((TPM_RC_t) 0x119)
+#define TPM_RC_INITIALIZE        ((TPM_RC_t) 0x100)
+#define TPM_RC_INSUFFICIENT      ((TPM_RC_t) 0x09A)
+#define TPM_RC_INTEGRITY         ((TPM_RC_t) 0x09F)
+#define TPM_RC_KDF               ((TPM_RC_t) 0x08C)
+#define TPM_RC_KEY               ((TPM_RC_t) 0x09C)
+#define TPM_RC_KEY_SIZE          ((TPM_RC_t) 0x087)
+#define TPM_RC_LOCALITY          ((TPM_RC_t) 0x907)
+#define TPM_RC_LOCKOUT           ((TPM_RC_t) 0x921)
+#define TPM_RC_MEMORY            ((TPM_RC_t) 0x904)
+#define TPM_RC_MGF               ((TPM_RC_t) 0x088)
+#define TPM_RC_MODE              ((TPM_RC_t) 0x089)
+#define TPM_RC_NEEDS_TEST        ((TPM_RC_t) 0x153)
+#define TPM_RC_N_MASK            ((TPM_RC_t) 0xF00)
+#define TPM_RC_NONCE             ((TPM_RC_t) 0x08F)
+#define TPM_RC_NO_RESULT         ((TPM_RC_t) 0x154)
+#define TPM_RC_NOT_USED          ((TPM_RC_t) 0x97F)
+#define TPM_RC_NV_AUTHORIZATION  ((TPM_RC_t) 0x149)
+#define TPM_RC_NV_DEFINED        ((TPM_RC_t) 0x14C)
+#define TPM_RC_NV_LOCKED         ((TPM_RC_t) 0x148)
+#define TPM_RC_NV_RANGE          ((TPM_RC_t) 0x146)
+#define TPM_RC_NV_RATE           ((TPM_RC_t) 0x920)
+#define TPM_RC_NV_SIZE           ((TPM_RC_t) 0x147)
+#define TPM_RC_NV_SPACE          ((TPM_RC_t) 0x14B)
+#define TPM_RC_NV_UNAVAILABLE    ((TPM_RC_t) 0x923)
+#define TPM_RC_NV_UNINITIALIZED  ((TPM_RC_t) 0x14A)
+#define TPM_RC_OBJECT_HANDLES    ((TPM_RC_t) 0x906)
+#define TPM_RC_OBJECT_MEMORY     ((TPM_RC_t) 0x902)
+#define TPM_RC_P                 ((TPM_RC_t) 0x040)
+#define TPM_RC_PARENT            ((TPM_RC_t) 0x152)
+#define TPM_RC_PCR               ((TPM_RC_t) 0x127)
+#define TPM_RC_PCR_CHANGED       ((TPM_RC_t) 0x128)
+#define TPM_RC_POLICY            ((TPM_RC_t) 0x126)
+#define TPM_RC_POLICY_CC         ((TPM_RC_t) 0x0A4)
+#define TPM_RC_POLICY_FAIL       ((TPM_RC_t) 0x09D)
+#define TPM_RC_PP                ((TPM_RC_t) 0x090)
+#define TPM_RC_PRIVATE           ((TPM_RC_t) 0x10B)
+#define TPM_RC_RANGE             ((TPM_RC_t) 0x08D)
+#define TPM_RC_REBOOT            ((TPM_RC_t) 0x130)
+#define TPM_RC_REFERENCE_H0      ((TPM_RC_t) 0x910)
+#define TPM_RC_REFERENCE_H1      ((TPM_RC_t) 0x911)
+#define TPM_RC_REFERENCE_H2      ((TPM_RC_t) 0x912)
+#define TPM_RC_REFERENCE_H3      ((TPM_RC_t) 0x913)
+#define TPM_RC_REFERENCE_H4      ((TPM_RC_t) 0x914)
+#define TPM_RC_REFERENCE_H5      ((TPM_RC_t) 0x915)
+#define TPM_RC_REFERENCE_H6      ((TPM_RC_t) 0x916)
+#define TPM_RC_REFERENCE_S0      ((TPM_RC_t) 0x918)
+#define TPM_RC_REFERENCE_S1      ((TPM_RC_t) 0x919)
+#define TPM_RC_REFERENCE_S2      ((TPM_RC_t) 0x91A)
+#define TPM_RC_REFERENCE_S3      ((TPM_RC_t) 0x91B)
+#define TPM_RC_REFERENCE_S4      ((TPM_RC_t) 0x91C)
+#define TPM_RC_REFERENCE_S5      ((TPM_RC_t) 0x91D)
+#define TPM_RC_REFERENCE_S6      ((TPM_RC_t) 0x91E)
+#define TPM_RC_RESERVED_BITS     ((TPM_RC_t) 0x0A1)
+#define TPM_RC_RETRY             ((TPM_RC_t) 0x922)
+#define TPM_RC_S                 ((TPM_RC_t) 0x800)
+#define TPM_RC_SCHEME            ((TPM_RC_t) 0x092)
+#define TPM_RC_SELECTOR          ((TPM_RC_t) 0x098)
+#define TPM_RC_SENSITIVE         ((TPM_RC_t) 0x155)
+#define TPM_RC_SEQUENCE          ((TPM_RC_t) 0x103)
+#define TPM_RC_SESSION_HANDLES   ((TPM_RC_t) 0x905)
+#define TPM_RC_SESSION_MEMORY    ((TPM_RC_t) 0x903)
+#define TPM_RC_SIGNATURE         ((TPM_RC_t) 0x09B)
+#define TPM_RC_SIZE              ((TPM_RC_t) 0x095)
+#define TPM_RC_SUCCESS           ((TPM_RC_t) 0x000)
+#define TPM_RC_SYMMETRIC         ((TPM_RC_t) 0x096)
+#define TPM_RC_TAG               ((TPM_RC_t) 0x097)
+#define TPM_RC_TESTING           ((TPM_RC_t) 0x90A)
+#define TPM_RC_TICKET            ((TPM_RC_t) 0x0A0)
+#define TPM_RC_TOO_MANY_CONTEXTS ((TPM_RC_t) 0x12E)
+#define TPM_RC_TYPE              ((TPM_RC_t) 0x08A)
+#define TPM_RC_UNBALANCED        ((TPM_RC_t) 0x131)
+#define TPM_RC_UPGRADE           ((TPM_RC_t) 0x12D)
+#define TPM_RC_VALUE             ((TPM_RC_t) 0x084)
+#define TPM_RC_YIELDED           ((TPM_RC_t) 0x908)
+
+/* TPMA_NV_t Constants */
+typedef grub_uint32_t TPMA_NV_t;
+
+#define TPMA_NV_PPWRITE        ((TPMA_NV_t) 0x00000001)
+#define TPMA_NV_OWNERWRITE     ((TPMA_NV_t) 0x00000002)
+#define TPMA_NV_AUTHWRITE      ((TPMA_NV_t) 0x00000004)
+#define TPMA_NV_POLICYWRITE    ((TPMA_NV_t) 0x00000008)
+#define TPMA_NV_TPM2_NT_MASK   ((TPMA_NV_t) 0x000000F0)
+#define TPMA_NV_TPM2_NT_SHIFT  (4)
+#define TPMA_NV_RESERVED1_MASK ((TPMA_NV_t) 0x00000300)
+#define TPMA_NV_POLICY_DELETE  ((TPMA_NV_t) 0x00000400)
+#define TPMA_NV_WRITELOCKED    ((TPMA_NV_t) 0x00000800)
+#define TPMA_NV_WRITEALL       ((TPMA_NV_t) 0x00001000)
+#define TPMA_NV_WRITEDEFINE    ((TPMA_NV_t) 0x00002000)
+#define TPMA_NV_WRITE_STCLEAR  ((TPMA_NV_t) 0x00004000)
+#define TPMA_NV_GLOBALLOCK     ((TPMA_NV_t) 0x00008000)
+#define TPMA_NV_PPREAD         ((TPMA_NV_t) 0x00010000)
+#define TPMA_NV_OWNERREAD      ((TPMA_NV_t) 0x00020000)
+#define TPMA_NV_AUTHREAD       ((TPMA_NV_t) 0x00040000)
+#define TPMA_NV_POLICYREAD     ((TPMA_NV_t) 0x00080000)
+#define TPMA_NV_RESERVED2_MASK ((TPMA_NV_t) 0x01F00000)
+#define TPMA_NV_NO_DA          ((TPMA_NV_t) 0x02000000)
+#define TPMA_NV_ORDERLY        ((TPMA_NV_t) 0x04000000)
+#define TPMA_NV_CLEAR_STCLEAR  ((TPMA_NV_t) 0x08000000)
+#define TPMA_NV_READLOCKED     ((TPMA_NV_t) 0x10000000)
+#define TPMA_NV_WRITTEN        ((TPMA_NV_t) 0x20000000)
+#define TPMA_NV_PLATFORMCREATE ((TPMA_NV_t) 0x40000000)
+#define TPMA_NV_READ_STCLEAR   ((TPMA_NV_t) 0x80000000)
+
+/* TPM_ALG_ID_t Constants */
+typedef grub_uint16_t TPM_ALG_ID_t;
+
+#define TPM_ALG_ERROR          ((TPM_ALG_ID_t) 0x0000)
+#define TPM_ALG_AES            ((TPM_ALG_ID_t) 0x0006)
+#define TPM_ALG_CAMELLIA       ((TPM_ALG_ID_t) 0x0026)
+#define TPM_ALG_CBC            ((TPM_ALG_ID_t) 0x0042)
+#define TPM_ALG_CFB            ((TPM_ALG_ID_t) 0x0043)
+#define TPM_ALG_ECB            ((TPM_ALG_ID_t) 0x0044)
+#define TPM_ALG_ECC            ((TPM_ALG_ID_t) 0x0023)
+#define TPM_ALG_ECDAA          ((TPM_ALG_ID_t) 0x001A)
+#define TPM_ALG_ECDSA          ((TPM_ALG_ID_t) 0x0018)
+#define TPM_ALG_ECSCHNORR      ((TPM_ALG_ID_t) 0x001C)
+#define TPM_ALG_HMAC           ((TPM_ALG_ID_t) 0x0005)
+#define TPM_ALG_KDF1_SP800_108 ((TPM_ALG_ID_t) 0x0022)
+#define TPM_ALG_KDF1_SP800_56A ((TPM_ALG_ID_t) 0x0020)
+#define TPM_ALG_KDF2           ((TPM_ALG_ID_t) 0x0021)
+#define TPM_ALG_KEYEDHASH      ((TPM_ALG_ID_t) 0x0008)
+#define TPM_ALG_MGF1           ((TPM_ALG_ID_t) 0x0007)
+#define TPM_ALG_NULL           ((TPM_ALG_ID_t) 0x0010)
+#define TPM_ALG_RSA            ((TPM_ALG_ID_t) 0x0001)
+#define TPM_ALG_RSASSA         ((TPM_ALG_ID_t) 0x0014)
+#define TPM_ALG_RSAPSS         ((TPM_ALG_ID_t) 0x0016)
+#define TPM_ALG_SHA1           ((TPM_ALG_ID_t) 0x0004)
+#define TPM_ALG_SHA256         ((TPM_ALG_ID_t) 0x000B)
+#define TPM_ALG_SHA384         ((TPM_ALG_ID_t) 0x000C)
+#define TPM_ALG_SHA512         ((TPM_ALG_ID_t) 0x000D)
+#define TPM_ALG_SM2            ((TPM_ALG_ID_t) 0x001B)
+#define TPM_ALG_SM3_256        ((TPM_ALG_ID_t) 0x0012)
+#define TPM_ALG_SM4            ((TPM_ALG_ID_t) 0x0013)
+#define TPM_ALG_SYMCIPHER      ((TPM_ALG_ID_t) 0x0025)
+#define TPM_ALG_XOR            ((TPM_ALG_ID_t) 0x000A)
+
+/* TPM_CAP_t Constants */
+typedef grub_uint32_t TPM_CAP_t;
+
+#define TPM_CAP_FIRST           ((TPM_CAP_t) 0x00000000)
+#define TPM_CAP_ALGS            ((TPM_CAP_t) 0x00000000)
+#define TPM_CAP_HANDLES         ((TPM_CAP_t) 0x00000001)
+#define TPM_CAP_COMMANDS        ((TPM_CAP_t) 0x00000002)
+#define TPM_CAP_PP_COMMANDS     ((TPM_CAP_t) 0x00000003)
+#define TPM_CAP_AUDIT_COMMANDS  ((TPM_CAP_t) 0x00000004)
+#define TPM_CAP_PCRS            ((TPM_CAP_t) 0x00000005)
+#define TPM_CAP_TPM_PROPERTIES  ((TPM_CAP_t) 0x00000006)
+#define TPM_CAP_PCR_PROPERTIES  ((TPM_CAP_t) 0x00000007)
+#define TPM_CAP_ECC_CURVES      ((TPM_CAP_t) 0x00000008)
+#define TPM_CAP_LAST            ((TPM_CAP_t) 0x00000008)
+#define TPM_CAP_VENDOR_PROPERTY ((TPM_CAP_t) 0x00000100)
+
+/* TPM_PT_t Constants */
+typedef grub_uint32_t TPM_PT_t;
+
+#define TPM_PT_NONE             ((TPM_PT_t) 0x00000000)
+#define PT_GROUP                ((TPM_PT_t) 0x00000100)
+#define PT_FIXED                ((TPM_PT_t) (PT_GROUP * 1))
+#define TPM_PT_FAMILY_INDICATOR ((TPM_PT_t) (PT_FIXED + 0))
+#define TPM_PT_LEVEL            ((TPM_PT_t) (PT_FIXED + 1))
+#define TPM_PT_REVISION         ((TPM_PT_t) (PT_FIXED + 2))
+#define TPM_PT_DAY_OF_YEAR      ((TPM_PT_t) (PT_FIXED + 3))
+#define TPM_PT_YEAR             ((TPM_PT_t) (PT_FIXED + 4))
+#define TPM_PT_PCR_COUNT        ((TPM_PT_t) (PT_FIXED + 18))
+
+/* TPM_SE_t Constants */
+typedef grub_uint8_t TPM_SE_t;
+
+#define TPM_SE_HMAC   ((TPM_SE_t) 0x00)
+#define TPM_SE_POLICY ((TPM_SE_t) 0x01)
+#define TPM_SE_TRIAL  ((TPM_SE_t) 0x03)
+
+/* TPMI_YES_NO_t Constants */
+typedef grub_uint8_t TPMI_YES_NO_t;
+
+#define TPM_NO  ((TPMI_YES_NO_t)0)
+#define TPM_YES ((TPMI_YES_NO_t)1)
+
+/* TPM_ST_t Constants */
+typedef grub_uint16_t TPM_ST_t;
+typedef TPM_ST_t TPMI_ST_COMMAND_TAG_t;
+
+#define TPM_ST_NO_SESSIONS ((TPMI_ST_COMMAND_TAG_t) 0x8001)
+#define TPM_ST_SESSIONS    ((TPMI_ST_COMMAND_TAG_t) 0x8002)
+
+/* TPM_HANDLE_t Types */
+typedef grub_uint32_t TPM_HANDLE_t;
+
+typedef TPM_HANDLE_t TPMI_RH_HIERARCHY_t;
+typedef TPM_HANDLE_t TPMI_RH_LOCKOUT_t;
+typedef TPM_HANDLE_t TPMI_SH_AUTH_SESSION_t;
+typedef TPM_HANDLE_t TPMI_DH_CONTEXT_t;
+typedef TPM_HANDLE_t TPMI_DH_OBJECT_t;
+typedef TPM_HANDLE_t TPMI_DH_ENTITY_t;
+typedef TPM_HANDLE_t TPMI_SH_POLICY_t;
+typedef TPM_HANDLE_t TPMI_DH_PCR_t;
+typedef TPM_HANDLE_t TPMI_RH_NV_AUTH_t;
+typedef TPM_HANDLE_t TPMI_RH_NV_INDEX_t;
+
+/* TPM_HT_t Constants */
+typedef grub_uint8_t TPM_HT_t;
+#define TPM_HT_PERMANENT  ((TPM_HT_t) 0x40)
+#define TPM_HT_PERSISTENT ((TPM_HT_t) 0x81)
+
+/* TPM_RH_t Constants */
+typedef TPM_HANDLE_t TPM_RH_t;
+
+#define TPM_RH_FIRST       ((TPM_RH_t) 0x40000000)
+#define TPM_RH_SRK         ((TPM_RH_t) 0x40000000)
+#define TPM_RH_OWNER       ((TPM_RH_t) 0x40000001)
+#define TPM_RH_REVOKE      ((TPM_RH_t) 0x40000002)
+#define TPM_RH_TRANSPORT   ((TPM_RH_t) 0x40000003)
+#define TPM_RH_OPERATOR    ((TPM_RH_t) 0x40000004)
+#define TPM_RH_ADMIN       ((TPM_RH_t) 0x40000005)
+#define TPM_RH_EK          ((TPM_RH_t) 0x40000006)
+#define TPM_RH_NULL        ((TPM_RH_t) 0x40000007)
+#define TPM_RH_UNASSIGNED  ((TPM_RH_t) 0x40000008)
+#define TPM_RS_PW          ((TPM_RH_t) 0x40000009)
+#define TPM_RH_LOCKOUT     ((TPM_RH_t) 0x4000000A)
+#define TPM_RH_ENDORSEMENT ((TPM_RH_t) 0x4000000B)
+#define TPM_RH_PLATFORM    ((TPM_RH_t) 0x4000000C)
+#define TPM_RH_PLATFORM_NV ((TPM_RH_t) 0x4000000D)
+#define TPM_RH_AUTH_00     ((TPM_RH_t) 0x40000010)
+#define TPM_RH_AUTH_FF     ((TPM_RH_t) 0x4000010F)
+#define TPM_RH_LAST        ((TPM_RH_t) 0x4000010F)
+
+/* TPM_HC_t Constants */
+typedef TPM_HANDLE_t TPM_HC_t;
+#define TPM_HR_HANDLE_MASK   ((TPM_HC_t) 0x00FFFFFF)
+#define TPM_HR_RANGE_MASK    ((TPM_HC_t) 0xFF000000)
+#define TPM_HR_SHIFT         ((TPM_HC_t) 24)
+#define TPM_HR_PERSISTENT    ((TPM_HC_t) (TPM_HT_PERSISTENT << TPM_HR_SHIFT))
+#define TPM_HR_PERMANENT     ((TPM_HC_t) (TPM_HT_PERMANENT << TPM_HR_SHIFT))
+#define TPM_PERSISTENT_FIRST ((TPM_HC_t) (TPM_HR_PERSISTENT + 0))
+#define TPM_PERSISTENT_LAST  ((TPM_HC_t) (TPM_PERSISTENT_FIRST + 0x00FFFFFF))
+#define TPM_PERMANENT_FIRST  ((TPM_HC_t) TPM_RH_FIRST)
+#define TPM_PERMANENT_LAST   ((TPM_HC_t) TPM_RH_LAST)
+
+/* TPM Handle Type Checks */
+#define TPM_HT_IS_PERMANENT(HANDLE) (((HANDLE) >> TPM_HR_SHIFT) == 
TPM_HT_PERMANENT)
+#define TPM_HT_IS_PERSISTENT(HANDLE) (((HANDLE) >> TPM_HR_SHIFT) == 
TPM_HT_PERSISTENT)
+
+/* TPM_ECC_CURVE_t Constants */
+typedef grub_uint16_t TPM_ECC_CURVE_t;
+
+#define TPM_ECC_NONE      ((TPM_ECC_CURVE_t) 0x0000)
+#define TPM_ECC_NIST_P192 ((TPM_ECC_CURVE_t) 0x0001)
+#define TPM_ECC_NIST_P224 ((TPM_ECC_CURVE_t) 0x0002)
+#define TPM_ECC_NIST_P256 ((TPM_ECC_CURVE_t) 0x0003)
+#define TPM_ECC_NIST_P384 ((TPM_ECC_CURVE_t) 0x0004)
+#define TPM_ECC_NIST_P521 ((TPM_ECC_CURVE_t) 0x0005)
+#define TPM_ECC_BN_P256   ((TPM_ECC_CURVE_t) 0x0010)
+#define TPM_ECC_BN_P638   ((TPM_ECC_CURVE_t) 0x0011)
+#define TPM_ECC_SM2_P256  ((TPM_ECC_CURVE_t) 0x0020)
+
+/* TPM_CC_t Constants */
+typedef grub_uint32_t TPM_CC_t;
+
+#define TPM_CC_EvictControl     ((TPM_CC_t) 0x00000120)
+#define TPM_CC_CreatePrimary    ((TPM_CC_t) 0x00000131)
+#define TPM_CC_Create           ((TPM_CC_t) 0x00000153)
+#define TPM_CC_FlushContext     ((TPM_CC_t) 0x00000165)
+#define TPM_CC_ReadPublic       ((TPM_CC_t) 0x00000173)
+#define TPM_CC_StartAuthSession ((TPM_CC_t) 0x00000176)
+#define TPM_CC_PolicyPCR        ((TPM_CC_t) 0x0000017f)
+#define TPM_CC_NV_Read          ((TPM_CC_t) 0x0000014e)
+#define TPM_CC_NV_ReadPublic    ((TPM_CC_t) 0x00000169)
+#define TPM_CC_GetCapability    ((TPM_CC_t) 0x0000017a)
+#define TPM_CC_PCR_Read         ((TPM_CC_t) 0x0000017e)
+#define TPM_CC_Load             ((TPM_CC_t) 0x00000157)
+#define TPM_CC_LoadExternal     ((TPM_CC_t) 0x00000167)
+#define TPM_CC_Unseal           ((TPM_CC_t) 0x0000015e)
+#define TPM_CC_PolicyGetDigest  ((TPM_CC_t) 0x00000189)
+#define TPM_CC_Hash             ((TPM_CC_t) 0x0000017d)
+#define TPM_CC_VerifySignature  ((TPM_CC_t) 0x00000177)
+#define TPM_CC_PolicyAuthorize  ((TPM_CC_t) 0x0000016a)
+#define TPM_CC_TestParms        ((TPM_CC_t) 0x0000018a)
+
+/* Hash algorithm sizes */
+#define TPM_SHA1_DIGEST_SIZE    20
+#define TPM_SHA256_DIGEST_SIZE  32
+#define TPM_SM3_256_DIGEST_SIZE 32
+#define TPM_SHA384_DIGEST_SIZE  48
+#define TPM_SHA512_DIGEST_SIZE  64
+
+/* Encryption algorithm sizes */
+#define TPM_MAX_SYM_BLOCK_SIZE 16
+#define TPM_MAX_SYM_DATA       256
+#define TPM_MAX_ECC_KEY_BYTES  128
+#define TPM_MAX_SYM_KEY_BYTES  32
+#define TPM_MAX_RSA_KEY_BYTES  512
+
+/* Buffer Size Constants */
+#define TPM_MAX_PCRS                      32
+#define TPM_NUM_PCR_BANKS                 16
+#define TPM_PCR_SELECT_MAX                ((TPM_MAX_PCRS + 7) / 8)
+#define TPM_MAX_DIGEST_BUFFER             1024
+#define TPM_MAX_TPM_PROPERTIES            8
+#define TPM_MAX_NV_BUFFER_SIZE            2048
+#define TPM_PRIVATE_VENDOR_SPECIFIC_BYTES 1280
+
+/* TPM_GENERATED_t Constants */
+typedef grub_uint32_t TPM_GENERATED_t;
+
+#define TPM_GENERATED_VALUE ((TPM_GENERATED_t) 0xff544347)
+
+/* TPM_ALG_ID_t Types */
+typedef TPM_ALG_ID_t TPMI_ALG_PUBLIC_t;
+typedef TPM_ALG_ID_t TPMI_ALG_HASH_t;
+typedef TPM_ALG_ID_t TPMI_ALG_KEYEDHASH_SCHEME_t;
+typedef TPM_ALG_ID_t TPMI_ALG_KDF_t;
+typedef TPM_ALG_ID_t TPMI_ALG_SYM_OBJECT_t;
+typedef TPM_ALG_ID_t TPMI_ALG_SYM_MODE_t;
+typedef TPM_ALG_ID_t TPMI_ALG_RSA_DECRYPT_t;
+typedef TPM_ALG_ID_t TPMI_ALG_ECC_SCHEME_t;
+typedef TPM_ALG_ID_t TPMI_ALG_ASYM_SCHEME_t;
+typedef TPM_ALG_ID_t TPMI_ALG_RSA_SCHEME_t;
+typedef TPM_ALG_ID_t TPMI_ALG_SYM_t;
+typedef TPM_ALG_ID_t TPMI_ALG_SIG_SCHEME_t;
+
+/* TPM_KEY_BITS_t Type */
+typedef grub_uint16_t TPM_KEY_BITS_t;
+
+/* TPMI_ECC_CURVE_t Types */
+typedef TPM_ECC_CURVE_t TPMI_ECC_CURVE_t;
+
+/* TPMI_RH_PROVISION_t Type */
+typedef TPM_HANDLE_t TPMI_RH_PROVISION_t;
+
+/* TPMI_RH_PROVISION_t Type */
+typedef TPM_HANDLE_t TPMI_DH_PERSISTENT_t;
+
+#endif /* ! GRUB_TPM2_INTERNAL_TYPES_HEADER */
-- 
2.35.3




reply via email to

[Prev in Thread] Current Thread [Next in Thread]