Line | Count | Source (jump to first uncovered line) |
1 | | // This file was extracted from the TCG Published |
2 | | // Trusted Platform Module Library |
3 | | // Part 4: Supporting Routines |
4 | | // Family "2.0" |
5 | | // Level 00 Revision 01.16 |
6 | | // October 30, 2014 |
7 | | |
8 | | #include "InternalRoutines.h" |
9 | | // |
10 | | // |
11 | | // Functions |
12 | | // |
13 | | // HierarchyPreInstall() |
14 | | // |
15 | | // This function performs the initialization functions for the hierarchy when the TPM is simulated. This |
16 | | // function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a |
17 | | // simulated environment. |
18 | | // |
19 | | void |
20 | | HierarchyPreInstall_Init( |
21 | | void |
22 | | ) |
23 | 5.63k | { |
24 | | // Allow lockout clear command |
25 | 5.63k | gp.disableClear = FALSE; |
26 | | // Initialize Primary Seeds |
27 | 5.63k | gp.EPSeed.t.size = PRIMARY_SEED_SIZE; |
28 | 5.63k | CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer); |
29 | 5.63k | gp.SPSeed.t.size = PRIMARY_SEED_SIZE; |
30 | 5.63k | CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer); |
31 | 5.63k | gp.PPSeed.t.size = PRIMARY_SEED_SIZE; |
32 | 5.63k | CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer); |
33 | | // Initialize owner, endorsement and lockout auth |
34 | 5.63k | gp.ownerAuth.t.size = 0; |
35 | 5.63k | gp.endorsementAuth.t.size = 0; |
36 | 5.63k | gp.lockoutAuth.t.size = 0; |
37 | | // Initialize owner, endorsement, and lockout policy |
38 | 5.63k | gp.ownerAlg = TPM_ALG_NULL; |
39 | 5.63k | gp.ownerPolicy.t.size = 0; |
40 | 5.63k | gp.endorsementAlg = TPM_ALG_NULL; |
41 | 5.63k | gp.endorsementPolicy.t.size = 0; |
42 | 5.63k | gp.lockoutAlg = TPM_ALG_NULL; |
43 | 5.63k | gp.lockoutPolicy.t.size = 0; |
44 | | // Initialize ehProof, shProof and phProof |
45 | 5.63k | gp.phProof.t.size = PROOF_SIZE; |
46 | 5.63k | gp.shProof.t.size = PROOF_SIZE; |
47 | 5.63k | gp.ehProof.t.size = PROOF_SIZE; |
48 | 5.63k | CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer); |
49 | 5.63k | CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer); |
50 | 5.63k | CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer); |
51 | | // Write hierarchy data to NV |
52 | 5.63k | NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear); |
53 | 5.63k | NvWriteReserved(NV_EP_SEED, &gp.EPSeed); |
54 | 5.63k | NvWriteReserved(NV_SP_SEED, &gp.SPSeed); |
55 | 5.63k | NvWriteReserved(NV_PP_SEED, &gp.PPSeed); |
56 | 5.63k | NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth); |
57 | 5.63k | NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); |
58 | 5.63k | NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); |
59 | 5.63k | NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg); |
60 | 5.63k | NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy); |
61 | 5.63k | NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg); |
62 | 5.63k | NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy); |
63 | 5.63k | NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg); |
64 | 5.63k | NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy); |
65 | 5.63k | NvWriteReserved(NV_PH_PROOF, &gp.phProof); |
66 | 5.63k | NvWriteReserved(NV_SH_PROOF, &gp.shProof); |
67 | 5.63k | NvWriteReserved(NV_EH_PROOF, &gp.ehProof); |
68 | 5.63k | return; |
69 | 5.63k | } |
70 | | // |
71 | | // |
72 | | // HierarchyStartup() |
73 | | // |
74 | | // This function is called at TPM2_Startup() to initialize the hierarchy related values. |
75 | | // |
76 | | void |
77 | | HierarchyStartup( |
78 | | STARTUP_TYPE type // IN: start up type |
79 | | ) |
80 | 5.63k | { |
81 | | // phEnable is SET on any startup |
82 | 5.63k | g_phEnable = TRUE; |
83 | | // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and |
84 | | // TPM_RESTART |
85 | 5.63k | if(type != SU_RESUME) |
86 | 5.63k | { |
87 | 5.63k | gc.platformAuth.t.size = 0; |
88 | 5.63k | gc.platformPolicy.t.size = 0; |
89 | | // enable the storage and endorsement hierarchies and the platformNV |
90 | 5.63k | gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; |
91 | 5.63k | } |
92 | | // nullProof and nullSeed are updated at every TPM_RESET |
93 | 5.63k | if(type == SU_RESET) |
94 | 5.63k | { |
95 | 5.63k | gr.nullProof.t.size = PROOF_SIZE; |
96 | 5.63k | CryptGenerateRandom(gr.nullProof.t.size, |
97 | 5.63k | gr.nullProof.t.buffer); |
98 | 5.63k | gr.nullSeed.t.size = PRIMARY_SEED_SIZE; |
99 | 5.63k | CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer); |
100 | 5.63k | } |
101 | 5.63k | return; |
102 | 5.63k | } |
103 | | // |
104 | | // HierarchyGetProof() |
105 | | // |
106 | | // This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value. |
107 | | // |
108 | | TPM2B_AUTH * |
109 | | HierarchyGetProof( |
110 | | TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant |
111 | | ) |
112 | 145 | { |
113 | 145 | TPM2B_AUTH *auth = NULL; |
114 | 145 | switch(hierarchy) |
115 | 145 | { |
116 | 45 | case TPM_RH_PLATFORM: |
117 | | // phProof for TPM_RH_PLATFORM |
118 | 45 | auth = &gp.phProof; |
119 | 45 | break; |
120 | 41 | case TPM_RH_ENDORSEMENT: |
121 | | // ehProof for TPM_RH_ENDORSEMENT |
122 | 41 | auth = &gp.ehProof; |
123 | 41 | break; |
124 | 40 | case TPM_RH_OWNER: |
125 | | // shProof for TPM_RH_OWNER |
126 | 40 | auth = &gp.shProof; |
127 | 40 | break; |
128 | 19 | case TPM_RH_NULL: |
129 | | // nullProof for TPM_RH_NULL |
130 | 19 | auth = &gr.nullProof; |
131 | 19 | break; |
132 | 0 | default: |
133 | 0 | pAssert(FALSE); |
134 | 0 | break; |
135 | 145 | } |
136 | 145 | return auth; |
137 | 145 | } |
138 | | // |
139 | | // |
140 | | // HierarchyGetPrimarySeed() |
141 | | // |
142 | | // This function returns the primary seed of a hierarchy. |
143 | | // |
144 | | TPM2B_SEED * |
145 | | HierarchyGetPrimarySeed( |
146 | | TPMI_RH_HIERARCHY hierarchy // IN: hierarchy |
147 | | ) |
148 | 185 | { |
149 | 185 | TPM2B_SEED *seed = NULL; |
150 | 185 | switch(hierarchy) |
151 | 185 | { |
152 | 60 | case TPM_RH_PLATFORM: |
153 | 60 | seed = &gp.PPSeed; |
154 | 60 | break; |
155 | 43 | case TPM_RH_OWNER: |
156 | 43 | seed = &gp.SPSeed; |
157 | 43 | break; |
158 | 52 | case TPM_RH_ENDORSEMENT: |
159 | 52 | seed = &gp.EPSeed; |
160 | 52 | break; |
161 | 30 | case TPM_RH_NULL: |
162 | 30 | return &gr.nullSeed; |
163 | 0 | default: |
164 | 0 | pAssert(FALSE); |
165 | 0 | break; |
166 | 185 | } |
167 | 155 | return seed; |
168 | 185 | } |
169 | | // |
170 | | // |
171 | | // HierarchyIsEnabled() |
172 | | // |
173 | | // This function checks to see if a hierarchy is enabled. |
174 | | // |
175 | | // NOTE: The TPM_RH_NULL hierarchy is always enabled. |
176 | | // |
177 | | // |
178 | | // Return Value Meaning |
179 | | // |
180 | | // TRUE hierarchy is enabled |
181 | | // FALSE hierarchy is disabled |
182 | | // |
183 | | BOOL |
184 | | HierarchyIsEnabled( |
185 | | TPMI_RH_HIERARCHY hierarchy // IN: hierarchy |
186 | | ) |
187 | 175 | { |
188 | 175 | BOOL enabled = FALSE; |
189 | 175 | switch(hierarchy) |
190 | 175 | { |
191 | 20 | case TPM_RH_PLATFORM: |
192 | 20 | enabled = g_phEnable; |
193 | 20 | break; |
194 | 36 | case TPM_RH_OWNER: |
195 | 36 | enabled = gc.shEnable; |
196 | 36 | break; |
197 | 19 | case TPM_RH_ENDORSEMENT: |
198 | 19 | enabled = gc.ehEnable; |
199 | 19 | break; |
200 | 100 | case TPM_RH_NULL: |
201 | 100 | enabled = TRUE; |
202 | 100 | break; |
203 | 0 | default: |
204 | 0 | pAssert(FALSE); |
205 | 0 | break; |
206 | 175 | } |
207 | 175 | return enabled; |
208 | 175 | } |