google · josephlr · Dec 4, 2025 · Dec 12, 2025 · Jan 22, 2026 · Jan 22, 2026
diff --git a/TPMCmd/Platform/include/prototypes/platform_public_interface.h b/TPMCmd/Platform/include/prototypes/platform_public_interface.h
@@ -144,4 +144,4 @@ LIB_EXPORT void _plat__RunCommand(
     unsigned char** response       // IN/OUT: response buffer
 );
 
-#endif  // _PLATFORM_PUBLIC_INTERFACE_H_
+#endif  // _PLATFORM_PUBLIC_INTERFACE_H_
diff --git a/TPMCmd/Platform/src/Cancel.c b/TPMCmd/Platform/src/Cancel.c
@@ -33,4 +33,4 @@ LIB_EXPORT void _plat__ClearCancel(void)
 {
     s_isCanceled = FALSE;
     return;
-}
+}
diff --git a/TPMCmd/Platform/src/DebugHelpers.c b/TPMCmd/Platform/src/DebugHelpers.c
@@ -11,81 +11,6 @@
 #include <time.h>
 #include "Platform.h"
 
-#if CERTIFYX509_DEBUG
-
-const char* debugFileName = "DebugFile.txt";
-
-//*** fileOpen()
-// This exists to allow use of the 'safe' version of fopen() with a MS runtime.
-static FILE* fileOpen(const char* fn, const char* mode)
-{
-    FILE* f;
-#  if defined _MSC_VER
-    if(fopen_s(&f, fn, mode) != 0)
-        f = NULL;
-#  else
-    f = fopen(fn, mode);
-#  endif
-    return f;
-}
-
-//*** DebugFileInit()
-// This function initializes the file containing the debug data with the time of the
-// file creation.
-//  Return Type: int
-//   0              success
-//  != 0            error
-int DebugFileInit(void)
-{
-    FILE*  f = NULL;
-    time_t t = time(NULL);
-//
-// Get current date and time.
-#  if defined _MSC_VER
-    char timeString[100];
-    ctime_s(timeString, (size_t)sizeof(timeString), &t);
-#  else
-    char* timeString;
-    timeString = ctime(&t);
-#  endif
-    // Try to open the debug file
-    f = fileOpen(debugFileName, "w");
-    if(f)
-    {
-        // Initialize the contents with the time.
-        fprintf(f, "%s\n", timeString);
-        fclose(f);
-        return 0;
-    }
-    return -1;
-}
-
-//*** DebugDumpBuffer()
-void DebugDumpBuffer(int size, unsigned char* buf, const char* identifier)
-{
-    int i;
-    //
-    FILE* f = fileOpen(debugFileName, "a");
-    if(!f)
-        return;
-    if(identifier)
-        fprintf(f, "%s\n", identifier);
-    if(buf)
-    {
-        for(i = 0; i < size; i++)
-        {
-            if(((i % 16) == 0) && (i))
-                fprintf(f, "\n");
-            fprintf(f, " %02X", buf[i]);
-        }
-        if((size % 16) != 0)
-            fprintf(f, "\n");
-    }
-    fclose(f);
-}
-
-#endif  // CERTIFYX509_DEBUG
-
 #if ENABLE_TPM_DEBUG_PRINT
 
 LIB_EXPORT void _plat_debug_print(const char* str)

diff --git a/TPMCmd/Platform/src/Entropy.c b/TPMCmd/Platform/src/Entropy.c
@@ -112,4 +112,4 @@ LIB_EXPORT int32_t _plat__GetEntropy(unsigned char* entropy,  // output buffer
         }
     }
     return ret;
-}
+}
diff --git a/TPMCmd/Platform/src/LocalityPlat.c b/TPMCmd/Platform/src/LocalityPlat.c
@@ -20,4 +20,4 @@ LIB_EXPORT void _plat__LocalitySet(unsigned char locality)
         locality = 0;
     s_locality = locality;
     return;
-}
+}
diff --git a/TPMCmd/Platform/src/NVMem.c b/TPMCmd/Platform/src/NVMem.c
@@ -79,7 +79,7 @@ static long NvFileSize(int leaveAt)
     {
         case SEEK_SET:
             filePos = 0;
-            // [[fallthrough]];
+            FALLTHROUGH;
         case SEEK_CUR:
             fseek(s_NvFile, filePos, SEEK_SET);
             break;

diff --git a/TPMCmd/Platform/src/PPPlat.c b/TPMCmd/Platform/src/PPPlat.c
@@ -33,4 +33,4 @@ LIB_EXPORT void _plat__Signal_PhysicalPresenceOff(void)
 {
     s_physicalPresence = FALSE;
     return;
-}
+}
diff --git a/TPMCmd/Platform/src/PowerPlat.c b/TPMCmd/Platform/src/PowerPlat.c
@@ -67,4 +67,4 @@ LIB_EXPORT void _plat__Signal_PowerOff(void)
 #endif
 
     return;
-}
+}
diff --git a/TPMCmd/Platform/src/RunCommand.c b/TPMCmd/Platform/src/RunCommand.c
@@ -45,7 +45,7 @@ LIB_EXPORT void _plat__RunCommand(
 #if ALLOW_FORCE_FAILURE_MODE
     if(_plat_internal_IsForceFailureMode())
     {
-        _plat__Fail(__FUNCTION__, __LINE__, 0xFFFFFFFFFFFFFFFF, FATAL_ERROR_FORCED);
+        _plat__Fail(__func__, __LINE__, 0xFFFFFFFFFFFFFFFF, FATAL_ERROR_FORCED);
     }
 #endif
 

diff --git a/TPMCmd/Platform/src/Unique.c b/TPMCmd/Platform/src/Unique.c
@@ -45,4 +45,4 @@ LIB_EXPORT uint32_t _plat__GetUnique(uint32_t which,  // which vendor value to r
     return retVal;
 }
 
-#endif
+#endif
diff --git a/TPMCmd/Simulator/src/TPMCmdp.c b/TPMCmd/Simulator/src/TPMCmdp.c
@@ -240,4 +240,4 @@ void _rpc__SetTpmFirmwareSvn(uint16_t svn)
 #if SIMULATION
     _plat__SetTpmFirmwareSvn(svn);
 #endif
-}
+}
diff --git a/TPMCmd/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h b/TPMCmd/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h
@@ -71,9 +71,6 @@
 // has been added someplace (preferably, somewhere in CryptRand.c)
 #define DRBG_DEBUG_PRINT            (NO  * DEBUG)
 
-// This define is used to control the debug for the CertifyX509 command.
-#define CERTIFYX509_DEBUG           (NO * DEBUG)
-
 // This provides fixed seeding of the RNG when doing debug on a simulator. This
 // should allow consistent results on test runs as long as the input parameters
 // to the functions remains the same.

diff --git a/TPMCmd/TpmConfiguration/TpmConfiguration/TpmProfile_CommandList.h b/TPMCmd/TpmConfiguration/TpmConfiguration/TpmProfile_CommandList.h
@@ -35,12 +35,6 @@
 #define CC_FieldUpgradeStart          CC_NO
 #define CC_FirmwareRead               CC_NO
 
-// A prototype of CertifyX509 is provided here for informative purposes only.
-// While all of the TPM reference implementation is provided "AS IS" without any
-// warranty, the current design and implementation of CertifyX509 are considered
-// to be especially unsuitable for product use.
-#define CC_CertifyX509                CC_NO
-
 // Normal commands:
 
 #define CC_ACT_SetTimeout             (CC_YES && ACT_SUPPORT)

diff --git a/TPMCmd/TpmConfiguration/TpmConfiguration/TpmProfile_Common.h b/TPMCmd/TpmConfiguration/TpmConfiguration/TpmProfile_Common.h
@@ -165,7 +165,7 @@
 #define RH_ACT_7                                ( NO * ACT_SUPPORT)
 #define RH_ACT_8                                ( NO * ACT_SUPPORT)
 #define RH_ACT_9                                ( NO * ACT_SUPPORT)
-#define RH_ACT_A                                (YES * ACT_SUPPORT)
+#define RH_ACT_A                                ( NO * ACT_SUPPORT)
 #define RH_ACT_B                                ( NO * ACT_SUPPORT)
 #define RH_ACT_C                                ( NO * ACT_SUPPORT)
 #define RH_ACT_D                                ( NO * ACT_SUPPORT)

diff --git a/TPMCmd/TpmConfiguration/TpmConfiguration/TpmProfile_Misc.h b/TPMCmd/TpmConfiguration/TpmConfiguration/TpmProfile_Misc.h
@@ -44,8 +44,6 @@
 #define RAM_INDEX_SPACE            512
 #define ENABLE_PCR_NO_INCREMENT    YES
 
-#define SIZE_OF_X509_SERIAL_NUMBER 20
-
 // amount of space the platform can provide in PERSISTENT_DATA during
 // manufacture
 #define PERSISTENT_DATA_PLATFORM_SPACE  16

diff --git a/TPMCmd/TpmConfiguration/TpmConfiguration/VendorCommands/VendorCommandList.h b/TPMCmd/TpmConfiguration/TpmConfiguration/VendorCommands/VendorCommandList.h
@@ -17,4 +17,4 @@
 #else
 // nothing
 #endif
-// and command attributes must be defined in TpmProfile_CommandList_AttributeData.inl
+// and command attributes must be defined in TpmProfile_CommandList_AttributeData.inl
diff --git a/TPMCmd/TpmConfiguration/TpmVendorCommandHandlers/Vendor_TCG_Test.c b/TPMCmd/TpmConfiguration/TpmVendorCommandHandlers/Vendor_TCG_Test.c
@@ -14,4 +14,4 @@ TPM2_Vendor_TCG_Test(Vendor_TCG_Test_In*  in,  // IN: input parameter list
     return TPM_RC_SUCCESS;
 }
 
-#endif  // CC_Vendor_TCG_Test
+#endif  // CC_Vendor_TCG_Test
diff --git a/TPMCmd/tpm/cryptolibs/Ossl/include/Ossl/BnToOsslMath.h b/TPMCmd/tpm/cryptolibs/Ossl/include/Ossl/BnToOsslMath.h
@@ -17,7 +17,7 @@
 #include <openssl/ec.h>
 #include <openssl/bn.h>
 
-#if OPENSSL_VERSION_NUMBER >= 0x30600000L
+#if OPENSSL_VERSION_NUMBER >= 0x30700000L
 // Check the bignum_st definition against the one below and either update the
 // version check or provide the new definition for this version.
 #  error Untested OpenSSL version

diff --git a/TPMCmd/tpm/cryptolibs/TpmBigNum/BnConvert.c b/TPMCmd/tpm/cryptolibs/TpmBigNum/BnConvert.c
@@ -202,4 +202,4 @@ LIB_EXPORT BOOL BnPointToBytes(
     return result;
 }
 
-#endif  // ALG_ECC
+#endif  // ALG_ECC
diff --git a/TPMCmd/tpm/cryptolibs/TpmBigNum/BnMemory.c b/TPMCmd/tpm/cryptolibs/TpmBigNum/BnMemory.c
@@ -129,4 +129,4 @@ LIB_EXPORT bn_point_t* BnInitializePoint(
     return p;
 }
 
-#endif  // ALG_ECC
+#endif  // ALG_ECC
diff --git a/TPMCmd/tpm/cryptolibs/TpmBigNum/TpmBigNum.h b/TPMCmd/tpm/cryptolibs/TpmBigNum/TpmBigNum.h
@@ -14,4 +14,4 @@
 #include "BnMemory_fp.h"
 #include "BnMath_fp.h"
 #include "BnUtil_fp.h"
-#include <MathLibraryInterface.h>
+#include <MathLibraryInterface.h>
diff --git a/TPMCmd/tpm/cryptolibs/TpmBigNum/include/BnValues.h b/TPMCmd/tpm/cryptolibs/TpmBigNum/include/BnValues.h
@@ -315,4 +315,4 @@ TPM_INLINE TPM_ECC_CURVE BnCurveGetCurveId(const TPMBN_ECC_CURVE_CONSTANTS* C)
 
 #endif
 
-#endif  // _BN_NUMBERS_H
+#endif  // _BN_NUMBERS_H
diff --git a/TPMCmd/tpm/include/platform_interface/prototypes/platform_failure_mode_fp.h b/TPMCmd/tpm/include/platform_interface/prototypes/platform_failure_mode_fp.h
@@ -43,4 +43,4 @@ LIB_EXPORT const char* _plat__GetFailureFunctionName(void);
 LIB_EXPORT uint32_t    _plat__GetFailureLine(void);
 #endif
 
-#endif  // _PLATFORM_FAILURE_MODE_FP_H_
+#endif  // _PLATFORM_FAILURE_MODE_FP_H_
diff --git a/TPMCmd/tpm/include/platform_interface/prototypes/platform_init_fp.h b/TPMCmd/tpm/include/platform_interface/prototypes/platform_init_fp.h
@@ -15,4 +15,4 @@ LIB_EXPORT void _plat__StartTpmInit(void);
 // this will not be called
 LIB_EXPORT void _plat__EndOkTpmInit(void);
 
-#endif  // _PLATFORM_INIT_FP_H_
+#endif  // _PLATFORM_INIT_FP_H_
diff --git a/TPMCmd/tpm/include/platform_interface/tpm_to_platform_interface.h b/TPMCmd/tpm/include/platform_interface/tpm_to_platform_interface.h
@@ -79,19 +79,6 @@ LIB_EXPORT void _plat__ClockRateAdjust(_plat__ClockAdjustStep adjustment);
 
 //** From DebugHelpers.c
 
-#if CERTIFYX509_DEBUG
-
-//*** DebugFileInit()
-// This function opens the file used to hold the debug data.
-//  Return Type: int
-//   0        success
-//  != 0          error
-int DebugFileInit(void);
-
-//*** DebugDumpBuffer()
-void DebugDumpBuffer(int size, unsigned char* buf, const char* identifier);
-#endif  // CERTIFYX509_DEBUG
-
 //** From Entropy.c
 
 //*** _plat__GetEntropy()
@@ -216,7 +203,7 @@ LIB_EXPORT int _plat__NvCommit(void);
 //***_plat__TearDown
 // notify platform that TPM_TearDown was called so platform can cleanup or
 // zeroize anything in the Platform.  This should zeroize NV as well.
-LIB_EXPORT void _plat__TearDown();
+LIB_EXPORT void _plat__TearDown(void);
 
 //** From PlatformACT.c
 

diff --git a/TPMCmd/tpm/include/private/CommandAttributeData.h b/TPMCmd/tpm/include/private/CommandAttributeData.h
@@ -356,9 +356,6 @@ const TPMA_CC    s_ccAttr [] = {
 #if CC_Policy_AC_SendSelect
         TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0),
 #endif
-#if CC_CertifyX509
-        TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0),
-#endif
 #if CC_ACT_SetTimeout
         TPMA_CC_INITIALIZER(0x0198, 0, 0, 0, 0, 1, 0, 0, 0),
 #endif
@@ -860,10 +857,6 @@ const COMMAND_ATTRIBUTES    s_commandAttributes [] = {
         (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196
             (DECRYPT_2+ALLOW_TRIAL)),
 #endif
-#if CC_CertifyX509
-        (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197
-            (DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)),
-#endif
 #if CC_ACT_SetTimeout
         (COMMAND_ATTRIBUTES)(CC_ACT_SetTimeout * // 0x0198
             (HANDLE_1_USER)),

diff --git a/TPMCmd/tpm/include/private/CommandDispatchData.h b/TPMCmd/tpm/include/private/CommandDispatchData.h
@@ -2164,53 +2164,6 @@ GetTime_COMMAND_DESCRIPTOR_t _GetTimeData = {
 #define _GetTimeDataAddress 0
 #endif // CC_GetTime
 
-#if       CC_CertifyX509
-#include    "CertifyX509_fp.h"
-
-typedef TPM_RC (CertifyX509_Entry)(
-    CertifyX509_In*             in,
-    CertifyX509_Out*            out
-);
-
-
-typedef const struct
-{
-    CertifyX509_Entry           *entry;
-    UINT16                      inSize;
-    UINT16                      outSize;
-    UINT16                      offsetOfTypes;
-    UINT16                      paramOffsets[6];
-    BYTE                        types[10];
-} CertifyX509_COMMAND_DESCRIPTOR_t;
-
-CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = {
-    /* entry         */         &TPM2_CertifyX509,
-    /* inSize        */         (UINT16)(sizeof(CertifyX509_In)),
-    /* outSize       */         (UINT16)(sizeof(CertifyX509_Out)),
-    /* offsetOfTypes */         offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types),
-    /* offsets       */         {(UINT16)(offsetof(CertifyX509_In, signHandle)),
-                                 (UINT16)(offsetof(CertifyX509_In, reserved)),
-                                 (UINT16)(offsetof(CertifyX509_In, inScheme)),
-                                 (UINT16)(offsetof(CertifyX509_In, partialCertificate)),
-                                 (UINT16)(offsetof(CertifyX509_Out, tbsDigest)),
-                                 (UINT16)(offsetof(CertifyX509_Out, signature))},
-    /* types         */         {TPMI_DH_OBJECT_H_UNMARSHAL,
-                                 TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG,
-                                 TPM2B_DATA_P_UNMARSHAL,
-                                 TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG,
-                                 TPM2B_MAX_BUFFER_P_UNMARSHAL,
-                                 END_OF_LIST,
-                                 TPM2B_MAX_BUFFER_P_MARSHAL,
-                                 TPM2B_DIGEST_P_MARSHAL,
-                                 TPMT_SIGNATURE_P_MARSHAL,
-                                 END_OF_LIST}
-};
-
-#define _CertifyX509DataAddress (&_CertifyX509Data)
-#else
-#define _CertifyX509DataAddress 0
-#endif // CC_CertifyX509
-
 #if       CC_Commit
 #include    "Commit_fp.h"
 
@@ -5551,9 +5504,6 @@ COMMAND_DESCRIPTOR_t* s_CommandDataArray[] = {
 #if CC_Policy_AC_SendSelect
         (COMMAND_DESCRIPTOR_t*)_Policy_AC_SendSelectDataAddress,
 #endif // CC_Policy_AC_SendSelect
-#if CC_CertifyX509
-        (COMMAND_DESCRIPTOR_t*)_CertifyX509DataAddress,
-#endif // CC_CertifyX509
 #if CC_ACT_SetTimeout
         (COMMAND_DESCRIPTOR_t*)_ACT_SetTimeoutDataAddress,
 #endif // CC_ACT_SetTimeout

diff --git a/TPMCmd/tpm/include/private/CryptSym.h b/TPMCmd/tpm/include/private/CryptSym.h
@@ -72,4 +72,4 @@ typedef union tpmCryptKeySchedule_t
         decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG;          \
         break;
 
-#endif  // CRYPT_SYM_H
+#endif  // CRYPT_SYM_H
diff --git a/TPMCmd/tpm/include/private/NV.h b/TPMCmd/tpm/include/private/NV.h
@@ -113,4 +113,4 @@ typedef UINT32 NV_LIST_TERMINATOR[3];
 // possibly a combination of UT_NV and UT_ORDERLY.
 #define SET_NV_UPDATE(type) g_updateNV |= (type)
 
-#endif  // _NV_H_
+#endif  // _NV_H_
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,4 +33,4 @@ LIB_EXPORT void _plat__ClearCancel(void) @@
     {
         s_isCanceled = FALSE;
         return;
-    }
+    }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -315,4 +315,4 @@ TPM_INLINE TPM_ECC_CURVE BnCurveGetCurveId(const TPMBN_ECC_CURVE_CONSTANTS* C)

		#endif

		#endif // _BN_NUMBERS_H
		#endif // _BN_NUMBERS_H