/src/tpm2/EvictControl.c

Source
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "EvictControl_fp.h"
//
//
//     Error Returns                     Meaning
//
//     TPM_RC_ATTRIBUTES                 an object with temporary, stClear or publicOnly attribute SET cannot
//                                       be made persistent
//     TPM_RC_HIERARCHY                  auth cannot authorize the operation in the hierarchy of evictObject
//     TPM_RC_HANDLE                     evictHandle of the persistent object to be evicted is not the same as
//                                       the persistentHandle argument
//     TPM_RC_NV_HANDLE                  persistentHandle is unavailable
//     TPM_RC_NV_SPACE                   no space in NV to make evictHandle persistent
//     TPM_RC_RANGE                      persistentHandle is not in the range corresponding to the hierarchy of
//                                       evictObject
//
TPM_RC
TPM2_EvictControl(
   EvictControl_In       *in                   // IN: input parameter list
   )
{
   TPM_RC       result;
   OBJECT       *evictObject;

   // The command needs NV update. Check if NV is available.
   // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
   // this point
   result = NvIsAvailable();
   if(result != TPM_RC_SUCCESS) return result;

// Input Validation

   // Get internal object pointer
   evictObject = ObjectGet(in->objectHandle);

   // Temporary, stClear or public only objects can not be made persistent
   if(   evictObject->attributes.temporary == SET
      || evictObject->attributes.stClear == SET
      || evictObject->attributes.publicOnly == SET
     )
       return TPM_RC_ATTRIBUTES + RC_EvictControl_objectHandle;

   // If objectHandle refers to a persistent object, it should be the same as
   // input persistentHandle
   if(   evictObject->attributes.evict == SET
      && evictObject->evictHandle != in->persistentHandle
     )
       return TPM_RC_HANDLE + RC_EvictControl_objectHandle;

   // Additional auth validation
   if(in->auth == TPM_RH_PLATFORM)
   {
       // To make persistent
       if(evictObject->attributes.evict == CLEAR)
       {
           // Platform auth can not set evict object in storage or endorsement
           // hierarchy
          if(evictObject->attributes.ppsHierarchy == CLEAR)
              return TPM_RC_HIERARCHY + RC_EvictControl_objectHandle;

          // Platform cannot use a handle outside of platform persistent range.
          if(!NvIsPlatformPersistentHandle(in->persistentHandle))
              return TPM_RC_RANGE + RC_EvictControl_persistentHandle;
      }
      // Platform auth can delete any persistent object
  }
  else if(in->auth == TPM_RH_OWNER)
  {
      // Owner auth can not set or clear evict object in platform hierarchy
      if(evictObject->attributes.ppsHierarchy == SET)
          return TPM_RC_HIERARCHY + RC_EvictControl_objectHandle;

      // Owner cannot use a handle outside of owner persistent range.
      if(   evictObject->attributes.evict == CLEAR
         && !NvIsOwnerPersistentHandle(in->persistentHandle)
        )
          return TPM_RC_RANGE + RC_EvictControl_persistentHandle;
  }
  else
  {
      // Other auth is not allowed in this command and should be filtered out
      // at unmarshal process
      pAssert(FALSE);
  }

// Internal Data Update

  // Change evict state
  if(evictObject->attributes.evict == CLEAR)
  {
      // Make object persistent
      // A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this
      // point
      result = NvAddEvictObject(in->persistentHandle, evictObject);
      if(result != TPM_RC_SUCCESS) return result;
  }
  else
  {
      // Delete the persistent object in NV
      NvDeleteEntity(evictObject->evictHandle);
  }

  return TPM_RC_SUCCESS;

}

Line	Count	Source
1		// This file was extracted from the TCG Published
2		// Trusted Platform Module Library
3		// Part 3: Commands
4		// Family "2.0"
5		// Level 00 Revision 01.16
6		// October 30, 2014
7
8		#include "InternalRoutines.h"
9		#include "EvictControl_fp.h"
10		//
11		//
12		// Error Returns Meaning
13		//
14		// TPM_RC_ATTRIBUTES an object with temporary, stClear or publicOnly attribute SET cannot
15		// be made persistent
16		// TPM_RC_HIERARCHY auth cannot authorize the operation in the hierarchy of evictObject
17		// TPM_RC_HANDLE evictHandle of the persistent object to be evicted is not the same as
18		// the persistentHandle argument
19		// TPM_RC_NV_HANDLE persistentHandle is unavailable
20		// TPM_RC_NV_SPACE no space in NV to make evictHandle persistent
21		// TPM_RC_RANGE persistentHandle is not in the range corresponding to the hierarchy of
22		// evictObject
23		//
24		TPM_RC
25		TPM2_EvictControl(
26		EvictControl_In *in // IN: input parameter list
27		)
28	0	{
29	0	TPM_RC result;
30	0	OBJECT *evictObject;
31
32		// The command needs NV update. Check if NV is available.
33		// A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
34		// this point
35	0	result = NvIsAvailable();
36	0	if(result != TPM_RC_SUCCESS) return result;
37
38		// Input Validation
39
40		// Get internal object pointer
41	0	evictObject = ObjectGet(in->objectHandle);
42
43		// Temporary, stClear or public only objects can not be made persistent
44	0	if( evictObject->attributes.temporary == SET
45	0	\|\| evictObject->attributes.stClear == SET
46	0	\|\| evictObject->attributes.publicOnly == SET
47	0	)
48	0	return TPM_RC_ATTRIBUTES + RC_EvictControl_objectHandle;
49
50		// If objectHandle refers to a persistent object, it should be the same as
51		// input persistentHandle
52	0	if( evictObject->attributes.evict == SET
53	0	&& evictObject->evictHandle != in->persistentHandle
54	0	)
55	0	return TPM_RC_HANDLE + RC_EvictControl_objectHandle;
56
57		// Additional auth validation
58	0	if(in->auth == TPM_RH_PLATFORM)
59	0	{
60		// To make persistent
61	0	if(evictObject->attributes.evict == CLEAR)
62	0	{
63		// Platform auth can not set evict object in storage or endorsement
64		// hierarchy
65	0	if(evictObject->attributes.ppsHierarchy == CLEAR)
66	0	return TPM_RC_HIERARCHY + RC_EvictControl_objectHandle;
67
68		// Platform cannot use a handle outside of platform persistent range.
69	0	if(!NvIsPlatformPersistentHandle(in->persistentHandle))
70	0	return TPM_RC_RANGE + RC_EvictControl_persistentHandle;
71	0	}
72		// Platform auth can delete any persistent object
73	0	}
74	0	else if(in->auth == TPM_RH_OWNER)
75	0	{
76		// Owner auth can not set or clear evict object in platform hierarchy
77	0	if(evictObject->attributes.ppsHierarchy == SET)
78	0	return TPM_RC_HIERARCHY + RC_EvictControl_objectHandle;
79
80		// Owner cannot use a handle outside of owner persistent range.
81	0	if( evictObject->attributes.evict == CLEAR
82	0	&& !NvIsOwnerPersistentHandle(in->persistentHandle)
83	0	)
84	0	return TPM_RC_RANGE + RC_EvictControl_persistentHandle;
85	0	}
86	0	else
87	0	{
88		// Other auth is not allowed in this command and should be filtered out
89		// at unmarshal process
90	0	pAssert(FALSE);
91	0	}
92
93		// Internal Data Update
94
95		// Change evict state
96	0	if(evictObject->attributes.evict == CLEAR)
97	0	{
98		// Make object persistent
99		// A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this
100		// point
101	0	result = NvAddEvictObject(in->persistentHandle, evictObject);
102	0	if(result != TPM_RC_SUCCESS) return result;
103	0	}
104	0	else
105	0	{
106		// Delete the persistent object in NV
107	0	NvDeleteEntity(evictObject->evictHandle);
108	0	}
109
110	0	return TPM_RC_SUCCESS;
111
112	0	}

Coverage Report

Created: 2025-11-29 06:59