/src/tpm2/Clear.c

Source
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "Clear_fp.h"
//
//
//     Error Returns                   Meaning
//
//     TPM_RC_DISABLED                 Clear command has been disabled
//
TPM_RC
TPM2_Clear(
   Clear_In          *in                // IN: input parameter list
   )
{
   TPM_RC                  result;

   // Input parameter is not reference in command action
   in = NULL;

   // The command needs NV update. Check if NV is available.
   // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
   // this point
   result = NvIsAvailable();
   if(result != TPM_RC_SUCCESS) return result;

// Input Validation

   // If Clear command is disabled, return an error
   if(gp.disableClear)
       return TPM_RC_DISABLED;

// Internal Data Update

   // Reset storage hierarchy seed from RNG
   gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
   CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);

   // Create new shProof and ehProof value from RNG
   gp.shProof.t.size = PROOF_SIZE;
   CryptGenerateRandom(PROOF_SIZE, gp.shProof.t.buffer);
   gp.ehProof.t.size= PROOF_SIZE;
   CryptGenerateRandom(PROOF_SIZE, gp.ehProof.t.buffer);

   // Enable storage and endorsement hierarchy
   gc.shEnable = gc.ehEnable = TRUE;

   // set the authValue buffers to zero
   MemorySet(gp.ownerAuth.t.buffer, 0, gp.ownerAuth.t.size);
   MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size);
   MemorySet(gp.lockoutAuth.t.buffer, 0, gp.lockoutAuth.t.size);
   // Set storage, endorsement and lockout authValue to null
   gp.ownerAuth.t.size = gp.endorsementAuth.t.size = gp.lockoutAuth.t.size = 0;

   // Set storage, endorsement, and lockout authPolicy to null
   gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL;
   gp.ownerPolicy.t.size = 0;
   gp.endorsementPolicy.t.size = 0;
   gp.lockoutPolicy.t.size = 0;

   // Flush loaded object in storage and endorsement hierarchy
   ObjectFlushHierarchy(TPM_RH_OWNER);
   ObjectFlushHierarchy(TPM_RH_ENDORSEMENT);

   // Flush owner and endorsement object and owner index in NV
   NvFlushHierarchy(TPM_RH_OWNER);
   NvFlushHierarchy(TPM_RH_ENDORSEMENT);

   // Save hierarchy changes to NV
   NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
   NvWriteReserved(NV_SH_PROOF, &gp.shProof);
   NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
   NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
   NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
   NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
   NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
   NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
   NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
   NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
   NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
   NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);

   // Initialize dictionary attack parameters
   DAPreInstall_Init();

   // Reset clock
   go.clock = 0;
   go.clockSafe = YES;
   // Update the DRBG state whenever writing orderly state to NV
   CryptDrbgGetPutState(GET_STATE);
   NvWriteReserved(NV_ORDERLY_DATA, &go);

   // Reset counters
   gp.resetCount = gr.restartCount = gr.clearCount = 0;
   gp.auditCounter = 0;
   NvWriteReserved(NV_RESET_COUNT, &gp.resetCount);
   NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter);

#ifdef EMBEDDED_MODE
   // Perform any platform-specific actions.
   _plat__OwnerClearCallback();
#endif

   // orderly state should be cleared because of the update to state clear data
   g_clearOrderly = TRUE;

   return TPM_RC_SUCCESS;
}

Line	Count	Source
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 3: Commands
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "InternalRoutines.h"
9		#include "Clear_fp.h"
10		//
11		//
12		// Error Returns Meaning
13		//
14		// TPM_RC_DISABLED Clear command has been disabled
15		//
16		TPM_RC
17		TPM2_Clear(
18		Clear_In *in // IN: input parameter list
19		)
20	0	{
21	0	TPM_RC result;
22
23		// Input parameter is not reference in command action
24	0	in = NULL;
25
26		// The command needs NV update. Check if NV is available.
27		// A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
28		// this point
29	0	result = NvIsAvailable();
30	0	if(result != TPM_RC_SUCCESS) return result;
31
32		// Input Validation
33
34		// If Clear command is disabled, return an error
35	0	if(gp.disableClear)
36	0	return TPM_RC_DISABLED;
37
38		// Internal Data Update
39
40		// Reset storage hierarchy seed from RNG
41	0	gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
42	0	CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
43
44		// Create new shProof and ehProof value from RNG
45	0	gp.shProof.t.size = PROOF_SIZE;
46	0	CryptGenerateRandom(PROOF_SIZE, gp.shProof.t.buffer);
47	0	gp.ehProof.t.size= PROOF_SIZE;
48	0	CryptGenerateRandom(PROOF_SIZE, gp.ehProof.t.buffer);
49
50		// Enable storage and endorsement hierarchy
51	0	gc.shEnable = gc.ehEnable = TRUE;
52
53		// set the authValue buffers to zero
54	0	MemorySet(gp.ownerAuth.t.buffer, 0, gp.ownerAuth.t.size);
55	0	MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size);
56	0	MemorySet(gp.lockoutAuth.t.buffer, 0, gp.lockoutAuth.t.size);
57		// Set storage, endorsement and lockout authValue to null
58	0	gp.ownerAuth.t.size = gp.endorsementAuth.t.size = gp.lockoutAuth.t.size = 0;
59
60		// Set storage, endorsement, and lockout authPolicy to null
61	0	gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL;
62	0	gp.ownerPolicy.t.size = 0;
63	0	gp.endorsementPolicy.t.size = 0;
64	0	gp.lockoutPolicy.t.size = 0;
65
66		// Flush loaded object in storage and endorsement hierarchy
67	0	ObjectFlushHierarchy(TPM_RH_OWNER);
68	0	ObjectFlushHierarchy(TPM_RH_ENDORSEMENT);
69
70		// Flush owner and endorsement object and owner index in NV
71	0	NvFlushHierarchy(TPM_RH_OWNER);
72	0	NvFlushHierarchy(TPM_RH_ENDORSEMENT);
73
74		// Save hierarchy changes to NV
75	0	NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
76	0	NvWriteReserved(NV_SH_PROOF, &gp.shProof);
77	0	NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
78	0	NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
79	0	NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
80	0	NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
81	0	NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
82	0	NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
83	0	NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
84	0	NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
85	0	NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
86	0	NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
87
88		// Initialize dictionary attack parameters
89	0	DAPreInstall_Init();
90
91		// Reset clock
92	0	go.clock = 0;
93	0	go.clockSafe = YES;
94		// Update the DRBG state whenever writing orderly state to NV
95	0	CryptDrbgGetPutState(GET_STATE);
96	0	NvWriteReserved(NV_ORDERLY_DATA, &go);
97
98		// Reset counters
99	0	gp.resetCount = gr.restartCount = gr.clearCount = 0;
100	0	gp.auditCounter = 0;
101	0	NvWriteReserved(NV_RESET_COUNT, &gp.resetCount);
102	0	NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter);
103
104		#ifdef EMBEDDED_MODE
105		// Perform any platform-specific actions.
106		_plat__OwnerClearCallback();
107		#endif
108
109		// orderly state should be cleared because of the update to state clear data
110	0	g_clearOrderly = TRUE;
111
112	0	return TPM_RC_SUCCESS;
113	0	}

Coverage Report

Created: 2025-10-28 06:46