Tbsi_Get_OwnerAuth function

Retrieves the owner authorization of the TPM if the information is available in the local registry.

Syntax


TBS_RESULT WINAPI Tbsi_Get_OwnerAuth(
  _In_       TBS_HCONTEXT hContext,
  _In_       TBS_OWNERAUTH_TYPE ownerauthType,
  _Out_opt_  PBYTE pOutputBuf,
  _Inout_    PUINT32 pOutputBufLen
);

Parameters

hContext [in]

TBS handle obtained from a previous call to the Tbsi_Context_Create function.

ownerauthType [in]

Unsigned 32-bit integer indicating the type of owner authentication.

ValueMeaning
TBS_OWNERAUTH_TYPE_FULL
1

The owner authorization is full.

TBS_OWNERAUTH_TYPE_ADMIN
2

The owner authorization is an administrator.

TBS_OWNERAUTH_TYPE_USER
3

The owner authorization is a user.

TBS_OWNERAUTH_TYPE_ENDORSEMENT
4

The owner authorization is an endorsement authorization.

 

pOutputBuf [out, optional]

A pointer to a buffer to receive the TPM owner authorization information.

pOutputBufLen [in, out]

An integer that, on input, specifies the size, in bytes, of the output buffer. On successful return, this value is set to the actual size of the TPM ownerAuth, in bytes.

Return value

If the function succeeds, the function returns TBS_SUCCESS.

If the function fails, it returns a TBS return code that indicates the error.

Return code/valueDescription
TBS_SUCCESS
0 (0x0)

The function was successful.

TBS_E_OWNERAUTH_NOT_FOUND
2150121493 (0x80284015)

The requested TPM ownerAuth value was not found.

 

Remarks

There are additional authorization values, also known as delegation blobs, derived from the full TPM ownerAuth that allow a subset of the TPM functionality to be executed. The administrator can configure the level of ownerAuth that should be locally stored in the registry through Group Policy and the same can be obtained from this API call.

If Active Directory backup of ownerAuth is enabled through Group Policy, the default level of ownerAuth is set as Delegated which means that the full owner auth is removed from the local registry and stored in Active Directory. Only delegation blobs are locally stored in the registry in that case. Although, the level of ownerAuth storage can be explicitly configured to Full resulting in the TPM ownerAuth being locally available in the registry.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header

Tbs.h

Library

Tbs.lib

DLL

Tbs.dll

 

 

Community Additions

ADD
Show:
© 2014 Microsoft