ACL format

This section defines the wire format for M_ACL and its descendant types.

In a key attestation bundle as described in Key attestation bundle construction, the following fields will use this format:

kcmsg.data.acl

M_ACL

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
n_groups	4 bytes	Little-endian unsigned integer.
groups	variable	n_groups copies of `M_PermissionGroup`. See M_vec_PermissionGroup

n_groups

4 bytes

Little-endian unsigned integer.

groups

variable

n_groups copies of M_PermissionGroup. See M_vec_PermissionGroup

M_Act

An enumeration type, represented as a 4-byte little-endian unsigned integer. Possible values include:

Value	Name
1	`Act_OpPermissions`
2	`Act_MakeBlob`
3	`Act_MakeArchiveBlob`
5	`Act_DeriveKey`
47	`Act_DeriveKeyEx`

M_Act_DeriveKeyEx_Details

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_Act_DeriveKeyEx_Details_flags
role	4 bytes	Little-endian unsigned integer. See M_DeriveRole
mech	4 bytes	Little-endian unsigned integer. See M_DeriveMech
n_otherkeys	4 bytes	Little-endian unsigned integer.
otherkeys	variable	n_otherkeys copies of `M_KeyRoleIDEx`. See M_vec_KeyRoleIDEx
params	variable	Empty, or M_DKMechParams if `params_present` (0x00000001) is set in flags)

flags

4 bytes

Little-endian unsigned integer. See M_Act_DeriveKeyEx_Details_flags

role

4 bytes

Little-endian unsigned integer. See M_DeriveRole

mech

4 bytes

Little-endian unsigned integer. See M_DeriveMech

n_otherkeys

4 bytes

Little-endian unsigned integer.

otherkeys

variable

n_otherkeys copies of M_KeyRoleIDEx. See M_vec_KeyRoleIDEx

params

variable

Empty, or M_DKMechParams if params_present (0x00000001) is set in flags)

M_Act_DeriveKeyEx_Details_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`params_present`

0x00000001

params_present

M_Act_DeriveKey_Details

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_Act_DeriveKey_Details_flags
role	4 bytes	Little-endian unsigned integer. See M_DeriveRole
mech	4 bytes	Little-endian unsigned integer. See M_DeriveMech
n_otherkeys	4 bytes	Little-endian unsigned integer.
otherkeys	variable	n_otherkeys copies of `M_KeyRoleID`. See M_vec_KeyRoleID
params	variable	Empty, or M_DKMechParams if `params_present` (0x00000001) is set in flags)

flags

4 bytes

Little-endian unsigned integer. See M_Act_DeriveKey_Details_flags

role

4 bytes

Little-endian unsigned integer. See M_DeriveRole

mech

4 bytes

Little-endian unsigned integer. See M_DeriveMech

n_otherkeys

4 bytes

Little-endian unsigned integer.

otherkeys

variable

n_otherkeys copies of M_KeyRoleID. See M_vec_KeyRoleID

params

variable

Empty, or M_DKMechParams if params_present (0x00000001) is set in flags)

M_Act_DeriveKey_Details_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`params_present`

0x00000001

params_present

M_Act_MakeArchiveBlob_Details

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_Act_MakeArchiveBlob_Details_flags
mech	4 bytes	Little-endian unsigned integer. See M_Mech
kahash	variable	Empty, or M_Hash if `kahash_present` (0x00000001) is set in flags)
blobfile	variable	Empty, or M_MakeBlobFilePerms if `blobfile_present` (0x00000002) is set in flags)

flags

4 bytes

Little-endian unsigned integer. See M_Act_MakeArchiveBlob_Details_flags

mech

4 bytes

Little-endian unsigned integer. See M_Mech

kahash

variable

Empty, or M_Hash if kahash_present (0x00000001) is set in flags)

blobfile

variable

Empty, or M_MakeBlobFilePerms if blobfile_present (0x00000002) is set in flags)

M_Act_MakeArchiveBlob_Details_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`kahash_present`
0x00000002	`blobfile_present`

0x00000001

kahash_present

0x00000002

blobfile_present

M_Act_MakeBlob_Details

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_Act_MakeBlob_Details_flags
kmhash	variable	Empty, or M_Hash if `kmhash_present` (0x00000004) is set in flags)
kthash	variable	Empty, or M_Hash if `kthash_present` (0x00000008) is set in flags)
ktparams	variable	Empty, or M_TokenParams if `ktparams_present` (0x00000010) is set in flags)
blobfile	variable	Empty, or M_MakeBlobFilePerms if `blobfile_present` (0x00000040) is set in flags)

flags

4 bytes

Little-endian unsigned integer. See M_Act_MakeBlob_Details_flags

kmhash

variable

Empty, or M_Hash if kmhash_present (0x00000004) is set in flags)

kthash

variable

Empty, or M_Hash if kthash_present (0x00000008) is set in flags)

ktparams

variable

Empty, or M_TokenParams if ktparams_present (0x00000010) is set in flags)

blobfile

variable

Empty, or M_MakeBlobFilePerms if blobfile_present (0x00000040) is set in flags)

M_Act_MakeBlob_Details_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`AllowKmOnly`
0x00000002	`AllowNonKm0`
0x00000004	`kmhash_present`
0x00000008	`kthash_present`
0x00000010	`ktparams_present`
0x00000020	`AllowNullKmToken`
0x00000040	`blobfile_present`

0x00000001

AllowKmOnly

0x00000002

AllowNonKm0

0x00000004

kmhash_present

0x00000008

kthash_present

0x00000010

ktparams_present

0x00000020

AllowNullKmToken

0x00000040

blobfile_present

M_Act_OpPermissions_Details

This represents a structure with the following fields:

Field	Size	Format
perms	4 bytes	Little-endian unsigned integer. See M_Act_OpPermissions_Details_perms

Field

Size

Format

perms

4 bytes

Little-endian unsigned integer. See M_Act_OpPermissions_Details_perms

M_Act_OpPermissions_Details_perms

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`DuplicateHandle`
0x00000002	`UseAsCertificate`
0x00000004	`ExportAsPlain`
0x00000008	`GetAppData`
0x00000010	`SetAppData`
0x00000020	`ReduceACL`
0x00000040	`ExpandACL`
0x00000080	`Encrypt`
0x00000100	`Decrypt`
0x00000200	`Verify`
0x00000400	`UseAsBlobKey`
0x00000800	`UseAsKM`
0x00001000	`Sign`
0x00002000	`GetACL`
0x00004000	`UseAsLoaderKey`
0x00008000	`SignModuleCert`

0x00000001

DuplicateHandle

0x00000002

UseAsCertificate

0x00000004

ExportAsPlain

0x00000008

GetAppData

0x00000010

SetAppData

0x00000020

ReduceACL

0x00000040

ExpandACL

0x00000080

Encrypt

0x00000100

Decrypt

0x00000200

Verify

0x00000400

UseAsBlobKey

0x00000800

UseAsKM

0x00001000

Sign

0x00002000

GetACL

0x00004000

UseAsLoaderKey

0x00008000

SignModuleCert

M_Action

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
type	4 bytes	Little-endian unsigned integer. See M_Act
details	variable	Depends on field `type`. See below.

type

4 bytes

Little-endian unsigned integer. See M_Act

details

variable

Depends on field type. See below.

M_Action.details representations

This depends on the value of the type field, as follows:

Name of type Value of type Format of details

Name of `type`	Value of `type`	Format of `details`
Act_OpPermissions	1	M_Act_OpPermissions_Details
Act_MakeBlob	2	M_Act_MakeBlob_Details
Act_MakeArchiveBlob	3	M_Act_MakeArchiveBlob_Details
Act_DeriveKey	5	M_Act_DeriveKey_Details
Act_DeriveKeyEx	47	M_Act_DeriveKeyEx_Details

Act_OpPermissions

M_Act_OpPermissions_Details

Act_MakeBlob

M_Act_MakeBlob_Details

Act_MakeArchiveBlob

M_Act_MakeArchiveBlob_Details

Act_DeriveKey

M_Act_DeriveKey_Details

Act_DeriveKeyEx

M_Act_DeriveKeyEx_Details

Any supported values of type not present in the table correspond to an empty (zero-length) details field.

M_vec_Action

This represents an array of M_Action objects.

M_DKMechParams

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
mech	4 bytes	Little-endian unsigned integer. See M_DeriveMech
params	variable	Depends on field `mech`. See below.

mech

4 bytes

Little-endian unsigned integer. See M_DeriveMech

params

variable

Depends on field mech. See below.

M_DKMechParams.params representations

All of the supported values of mech correspond to an empty (zero-length) params field.

M_DeriveMech

An enumeration type, represented as a 4-byte little-endian unsigned integer. Possible values include:

Value	Name
29	`DeriveMech_PublicFromPrivate`

M_DeriveRole

An enumeration type, represented as a 4-byte little-endian unsigned integer. Possible values include:

Value	Name
1	`DeriveRole_BaseKey`

M_FileDeviceFlags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`NVMem`
0x00000002	`PhysToken`
0x00000004	`SoftToken`

0x00000001

NVMem

0x00000002

PhysToken

0x00000004

SoftToken

M_KeyHashAndMech

This represents a structure with the following fields:

Field	Size	Format
hash	variable	See M_Hash
mech	4 bytes	Little-endian unsigned integer. See M_Mech

Field

Size

Format

hash

variable

See M_Hash

mech

4 bytes

Little-endian unsigned integer. See M_Mech

M_KeyHashExAndMech

This represents a structure with the following fields:

Field	Size	Format
hash	variable	See M_KeyHashEx
mech	4 bytes	Little-endian unsigned integer. See M_Mech

Field

Size

Format

hash

variable

See M_KeyHashEx

mech

4 bytes

Little-endian unsigned integer. See M_Mech

M_KeyRoleID

This represents a structure with the following fields:

Field	Size	Format
role	4 bytes	Little-endian unsigned integer. See M_DeriveRole
hash	variable	See M_Hash

Field

Size

Format

role

4 bytes

Little-endian unsigned integer. See M_DeriveRole

hash

variable

See M_Hash

M_vec_KeyRoleID

This represents an array of M_KeyRoleID objects.

M_KeyRoleIDEx

This represents a structure with the following fields:

Field	Size	Format
role	4 bytes	Little-endian unsigned integer. See M_DeriveRole
hash	variable	See M_KeyHashEx

Field

Size

Format

role

4 bytes

Little-endian unsigned integer. See M_DeriveRole

hash

variable

See M_KeyHashEx

M_vec_KeyRoleIDEx

This represents an array of M_KeyRoleIDEx objects.

M_MakeBlobFilePerms

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_MakeBlobFilePerms_flags
devs	variable	Empty, or M_FileDeviceFlags if `devs_present` (0x00000001) is set in flags)
aclhash	variable	Empty, or M_Hash if `aclhash_present` (0x00000002) is set in flags)

flags

4 bytes

Little-endian unsigned integer. See M_MakeBlobFilePerms_flags

devs

variable

Empty, or M_FileDeviceFlags if devs_present (0x00000001) is set in flags)

aclhash

variable

Empty, or M_Hash if aclhash_present (0x00000002) is set in flags)

M_MakeBlobFilePerms_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`devs_present`
0x00000002	`aclhash_present`

0x00000001

devs_present

0x00000002

aclhash_present

M_NVMemRange

This represents a structure with the following fields:

Field	Size	Format
first	4 bytes	Little-endian unsigned integer. See M_Word
last	4 bytes	Little-endian unsigned integer. See M_Word

Field

Size

Format

first

4 bytes

Little-endian unsigned integer. See M_Word

last

4 bytes

Little-endian unsigned integer. See M_Word

M_PermissionGroup

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_PermissionGroup_flags
n_limits	4 bytes	Little-endian unsigned integer.
limits	variable	n_limits copies of `M_UseLimit`. See M_vec_UseLimit
n_actions	4 bytes	Little-endian unsigned integer.
actions	variable	n_actions copies of `M_Action`. See M_vec_Action
certifier	variable	Empty, or M_Hash if `certifier_present` (0x00000001) is set in flags)
certmech	variable	Empty, or M_KeyHashAndMech if `certmech_present` (0x00000004) is set in flags)
moduleserial	variable	Empty, or M_ASCIIString if `moduleserial_present` (0x00000008) is set in flags)
certmechex	variable	Empty, or M_KeyHashExAndMech if `certmechex_present` (0x00000040) is set in flags)

flags

4 bytes

Little-endian unsigned integer. See M_PermissionGroup_flags

n_limits

4 bytes

Little-endian unsigned integer.

limits

variable

n_limits copies of M_UseLimit. See M_vec_UseLimit

n_actions

4 bytes

Little-endian unsigned integer.

actions

variable

n_actions copies of M_Action. See M_vec_Action

certifier

variable

Empty, or M_Hash if certifier_present (0x00000001) is set in flags)

certmech

variable

Empty, or M_KeyHashAndMech if certmech_present (0x00000004) is set in flags)

moduleserial

variable

Empty, or M_ASCIIString if moduleserial_present (0x00000008) is set in flags)

certmechex

variable

Empty, or M_KeyHashExAndMech if certmechex_present (0x00000040) is set in flags)

M_vec_PermissionGroup

This represents an array of M_PermissionGroup objects.

M_PermissionGroup_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`certifier_present`
0x00000002	`FreshCerts`
0x00000004	`certmech_present`
0x00000008	`moduleserial_present`
0x00000010	`NSOCertified`
0x00000020	`LogKeyUsage`
0x00000040	`certmechex_present`

0x00000001

certifier_present

0x00000002

FreshCerts

0x00000004

certmech_present

0x00000008

moduleserial_present

0x00000010

NSOCertified

0x00000020

LogKeyUsage

0x00000040

certmechex_present

M_TokenParams

This represents a structure with the following fields:

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_TokenParams_flags
sharesneeded	4 bytes	Little-endian unsigned integer. See M_Word
sharestotal	4 bytes	Little-endian unsigned integer. See M_Word
timelimit	4 bytes	Little-endian unsigned integer. See M_Word

Field

Size

Format

flags

4 bytes

Little-endian unsigned integer. See M_TokenParams_flags

sharesneeded

4 bytes

Little-endian unsigned integer. See M_Word

sharestotal

4 bytes

Little-endian unsigned integer. See M_Word

timelimit

4 bytes

Little-endian unsigned integer. See M_Word

M_TokenParams_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. Individual bit values are:

Value Name

Value	Name
0x00000001	`AllTokensRemovable`
0x00000002	`AllButOneRemovable`
0x00000004	`AllowSoftSlots`

0x00000001

AllTokensRemovable

0x00000002

AllButOneRemovable

0x00000004

AllowSoftSlots

M_UseLim

An enumeration type, represented as a 4-byte little-endian unsigned integer. Possible values include:

Value	Name
1	`UseLim_Global`
3	`UseLim_Time`
4	`UseLim_NonVolatile`
6	`UseLim_Auth`

M_UseLim_Auth_Details

This represents a structure with the following fields:

Field	Size	Format
id	variable	See M_Hash
max	4 bytes	Little-endian unsigned integer. See M_Word

Field

Size

Format

variable

See M_Hash

max

4 bytes

Little-endian unsigned integer. See M_Word

M_UseLim_Global_Details

This represents a structure with the following fields:

Field	Size	Format
id	variable	See M_Hash
max	4 bytes	Little-endian unsigned integer. See M_Word

Field

Size

Format

variable

See M_Hash

max

4 bytes

Little-endian unsigned integer. See M_Word

M_UseLim_NonVolatile_Details

This represents a structure with the following fields:

Field	Size	Format
flags	4 bytes	Little-endian unsigned integer. See M_UseLim_NonVolatile_Details_flags
file	variable	See M_FileID
range	variable	See M_NVMemRange
maxlo	4 bytes	Little-endian unsigned integer. See M_Word
maxhi	4 bytes	Little-endian unsigned integer. See M_Word
prefetch	4 bytes	Little-endian unsigned integer. See M_Word

Field

Size

Format

flags

4 bytes

Little-endian unsigned integer. See M_UseLim_NonVolatile_Details_flags

file

variable

See M_FileID

range

variable

See M_NVMemRange

maxlo

4 bytes

Little-endian unsigned integer. See M_Word

maxhi

4 bytes

Little-endian unsigned integer. See M_Word

prefetch

4 bytes

Little-endian unsigned integer. See M_Word

M_UseLim_NonVolatile_Details_flags

A bitmap type, represented as a 4-byte little-endian unsigned integer. No flags are currently defined for this field.

M_UseLim_Time_Details

This represents a structure with the following fields:

Field	Size	Format
seconds	4 bytes	Little-endian unsigned integer. See M_Word

Field

Size

Format

seconds

4 bytes

Little-endian unsigned integer. See M_Word

M_UseLimit

This represents a structure with the following fields:

Field Size Format

Field	Size	Format
type	4 bytes	Little-endian unsigned integer. See M_UseLim
details	variable	Depends on field `type`. See below.

type

4 bytes

Little-endian unsigned integer. See M_UseLim

details

variable

Depends on field type. See below.

M_UseLimit.details representations

This depends on the value of the type field, as follows:

Name of type Value of type Format of details

Name of `type`	Value of `type`	Format of `details`
UseLim_Global	1	M_UseLim_Global_Details
UseLim_Time	3	M_UseLim_Time_Details
UseLim_NonVolatile	4	M_UseLim_NonVolatile_Details
UseLim_Auth	6	M_UseLim_Auth_Details

UseLim_Global

M_UseLim_Global_Details

UseLim_Time

M_UseLim_Time_Details

UseLim_NonVolatile

M_UseLim_NonVolatile_Details

UseLim_Auth

M_UseLim_Auth_Details

Any supported values of type not present in the table correspond to an empty (zero-length) details field.

M_vec_UseLimit

This represents an array of M_UseLimit objects.