/src/tpm2/NV_ReadLock.c

Source (jump to first uncovered line)
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "NV_ReadLock_fp.h"
#include "NV_spt_fp.h"
//
//
//     Error Returns                    Meaning
//
//     TPM_RC_ATTRIBUTES                TPMA_NV_READ_STCLEAR is not SET so Index referenced by
//                                      nvIndex may not be write locked
//     TPM_RC_NV_AUTHORIZATION          the authorization was valid but the authorizing entity (authHandle) is
//                                      not allowed to read from the Index referenced by nvIndex
//
TPM_RC
TPM2_NV_ReadLock(
   NV_ReadLock_In    *in                 // IN: input parameter list
   )
{
   TPM_RC            result;
   NV_INDEX          nvIndex;

   // The command needs NV update. Check if NV is available.
   // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
   // this point
   result = NvIsAvailable();
   if(result != TPM_RC_SUCCESS) return result;

// Input Validation

   // Common read access checks. NvReadAccessChecks() returns
   // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED
   // error may be returned at this point
   result = NvReadAccessChecks(in->authHandle, in->nvIndex);
   if(result != TPM_RC_SUCCESS)
   {
       if(result == TPM_RC_NV_AUTHORIZATION)
           return TPM_RC_NV_AUTHORIZATION;
       // Index is already locked for write
       else if(result == TPM_RC_NV_LOCKED)
           return TPM_RC_SUCCESS;

         // If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue.
         // It is not an error to read lock an uninitialized Index.
   }

   // Indexes in the virtual range cannot be locked.
   if (_plat__NvGetHandleVirtualOffset(in->nvIndex))
       return TPM_RC_NV_AUTHORIZATION;

   // Get NV index info
   NvGetIndexInfo(in->nvIndex, &nvIndex);

   // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked
   if(nvIndex.publicArea.attributes.TPMA_NV_READ_STCLEAR == CLEAR)
       return TPM_RC_ATTRIBUTES + RC_NV_ReadLock_nvIndex;

// Internal Data Update

   // Set the READLOCK attribute
   nvIndex.publicArea.attributes.TPMA_NV_READLOCKED = SET;
   // Write NV info back
   NvWriteIndexInfo(in->nvIndex, &nvIndex);

   return TPM_RC_SUCCESS;
}

Coverage Report

Created: 2023-06-07 06:46

Line	Count	Source (jump to first uncovered line)
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 3: Commands
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "InternalRoutines.h"
9		#include "NV_ReadLock_fp.h"
10		#include "NV_spt_fp.h"
11		//
12		//
13		// Error Returns Meaning
14		//
15		// TPM_RC_ATTRIBUTES TPMA_NV_READ_STCLEAR is not SET so Index referenced by
16		// nvIndex may not be write locked
17		// TPM_RC_NV_AUTHORIZATION the authorization was valid but the authorizing entity (authHandle) is
18		// not allowed to read from the Index referenced by nvIndex
19		//
20		TPM_RC
21		TPM2_NV_ReadLock(
22		NV_ReadLock_In *in // IN: input parameter list
23		)
24	0	{
25	0	TPM_RC result;
26	0	NV_INDEX nvIndex;
27
28		// The command needs NV update. Check if NV is available.
29		// A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
30		// this point
31	0	result = NvIsAvailable();
32	0	if(result != TPM_RC_SUCCESS) return result;
33
34		// Input Validation
35
36		// Common read access checks. NvReadAccessChecks() returns
37		// TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED
38		// error may be returned at this point
39	0	result = NvReadAccessChecks(in->authHandle, in->nvIndex);
40	0	if(result != TPM_RC_SUCCESS)
41	0	{
42	0	if(result == TPM_RC_NV_AUTHORIZATION)
43	0	return TPM_RC_NV_AUTHORIZATION;
44		// Index is already locked for write
45	0	else if(result == TPM_RC_NV_LOCKED)
46	0	return TPM_RC_SUCCESS;
47
48		// If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue.
49		// It is not an error to read lock an uninitialized Index.
50	0	}
51
52		// Indexes in the virtual range cannot be locked.
53	0	if (_plat__NvGetHandleVirtualOffset(in->nvIndex))
54	0	return TPM_RC_NV_AUTHORIZATION;
55
56		// Get NV index info
57	0	NvGetIndexInfo(in->nvIndex, &nvIndex);
58
59		// if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked
60	0	if(nvIndex.publicArea.attributes.TPMA_NV_READ_STCLEAR == CLEAR)
61	0	return TPM_RC_ATTRIBUTES + RC_NV_ReadLock_nvIndex;
62
63		// Internal Data Update
64
65		// Set the READLOCK attribute
66	0	nvIndex.publicArea.attributes.TPMA_NV_READLOCKED = SET;
67		// Write NV info back
68	0	NvWriteIndexInfo(in->nvIndex, &nvIndex);
69
70	0	return TPM_RC_SUCCESS;
71	0	}