208 lines
5.9 KiB
C
208 lines
5.9 KiB
C
// This file was extracted from the TCG Published
|
|
// Trusted Platform Module Library
|
|
// Part 4: Supporting Routines
|
|
// Family "2.0"
|
|
// Level 00 Revision 01.16
|
|
// October 30, 2014
|
|
|
|
#include "InternalRoutines.h"
|
|
//
|
|
//
|
|
// Functions
|
|
//
|
|
// HierarchyPreInstall()
|
|
//
|
|
// This function performs the initialization functions for the hierarchy when the TPM is simulated. This
|
|
// function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a
|
|
// simulated environment.
|
|
//
|
|
void
|
|
HierarchyPreInstall_Init(
|
|
void
|
|
)
|
|
{
|
|
// Allow lockout clear command
|
|
gp.disableClear = FALSE;
|
|
// Initialize Primary Seeds
|
|
gp.EPSeed.t.size = PRIMARY_SEED_SIZE;
|
|
CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
|
|
gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
|
|
CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
|
|
gp.PPSeed.t.size = PRIMARY_SEED_SIZE;
|
|
CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer);
|
|
// Initialize owner, endorsement and lockout auth
|
|
gp.ownerAuth.t.size = 0;
|
|
gp.endorsementAuth.t.size = 0;
|
|
gp.lockoutAuth.t.size = 0;
|
|
// Initialize owner, endorsement, and lockout policy
|
|
gp.ownerAlg = TPM_ALG_NULL;
|
|
gp.ownerPolicy.t.size = 0;
|
|
gp.endorsementAlg = TPM_ALG_NULL;
|
|
gp.endorsementPolicy.t.size = 0;
|
|
gp.lockoutAlg = TPM_ALG_NULL;
|
|
gp.lockoutPolicy.t.size = 0;
|
|
// Initialize ehProof, shProof and phProof
|
|
gp.phProof.t.size = PROOF_SIZE;
|
|
gp.shProof.t.size = PROOF_SIZE;
|
|
gp.ehProof.t.size = PROOF_SIZE;
|
|
CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer);
|
|
CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer);
|
|
CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer);
|
|
// Write hierarchy data to NV
|
|
NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear);
|
|
NvWriteReserved(NV_EP_SEED, &gp.EPSeed);
|
|
NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
|
|
NvWriteReserved(NV_PP_SEED, &gp.PPSeed);
|
|
NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
|
|
NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
|
|
NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
|
|
NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
|
|
NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
|
|
NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
|
|
NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
|
|
NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
|
|
NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
|
|
NvWriteReserved(NV_PH_PROOF, &gp.phProof);
|
|
NvWriteReserved(NV_SH_PROOF, &gp.shProof);
|
|
NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
|
|
return;
|
|
}
|
|
//
|
|
//
|
|
// HierarchyStartup()
|
|
//
|
|
// This function is called at TPM2_Startup() to initialize the hierarchy related values.
|
|
//
|
|
void
|
|
HierarchyStartup(
|
|
STARTUP_TYPE type // IN: start up type
|
|
)
|
|
{
|
|
// phEnable is SET on any startup
|
|
g_phEnable = TRUE;
|
|
// Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
|
|
// TPM_RESTART
|
|
if(type != SU_RESUME)
|
|
{
|
|
gc.platformAuth.t.size = 0;
|
|
gc.platformPolicy.t.size = 0;
|
|
// enable the storage and endorsement hierarchies and the platformNV
|
|
gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
|
|
}
|
|
// nullProof and nullSeed are updated at every TPM_RESET
|
|
if(type == SU_RESET)
|
|
{
|
|
gr.nullProof.t.size = PROOF_SIZE;
|
|
CryptGenerateRandom(gr.nullProof.t.size,
|
|
gr.nullProof.t.buffer);
|
|
gr.nullSeed.t.size = PRIMARY_SEED_SIZE;
|
|
CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer);
|
|
}
|
|
return;
|
|
}
|
|
//
|
|
// HierarchyGetProof()
|
|
//
|
|
// This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value.
|
|
//
|
|
TPM2B_AUTH *
|
|
HierarchyGetProof(
|
|
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant
|
|
)
|
|
{
|
|
TPM2B_AUTH *auth = NULL;
|
|
switch(hierarchy)
|
|
{
|
|
case TPM_RH_PLATFORM:
|
|
// phProof for TPM_RH_PLATFORM
|
|
auth = &gp.phProof;
|
|
break;
|
|
case TPM_RH_ENDORSEMENT:
|
|
// ehProof for TPM_RH_ENDORSEMENT
|
|
auth = &gp.ehProof;
|
|
break;
|
|
case TPM_RH_OWNER:
|
|
// shProof for TPM_RH_OWNER
|
|
auth = &gp.shProof;
|
|
break;
|
|
case TPM_RH_NULL:
|
|
// nullProof for TPM_RH_NULL
|
|
auth = &gr.nullProof;
|
|
break;
|
|
default:
|
|
pAssert(FALSE);
|
|
break;
|
|
}
|
|
return auth;
|
|
}
|
|
//
|
|
//
|
|
// HierarchyGetPrimarySeed()
|
|
//
|
|
// This function returns the primary seed of a hierarchy.
|
|
//
|
|
TPM2B_SEED *
|
|
HierarchyGetPrimarySeed(
|
|
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
|
|
)
|
|
{
|
|
TPM2B_SEED *seed = NULL;
|
|
switch(hierarchy)
|
|
{
|
|
case TPM_RH_PLATFORM:
|
|
seed = &gp.PPSeed;
|
|
break;
|
|
case TPM_RH_OWNER:
|
|
seed = &gp.SPSeed;
|
|
break;
|
|
case TPM_RH_ENDORSEMENT:
|
|
seed = &gp.EPSeed;
|
|
break;
|
|
case TPM_RH_NULL:
|
|
return &gr.nullSeed;
|
|
default:
|
|
pAssert(FALSE);
|
|
break;
|
|
}
|
|
return seed;
|
|
}
|
|
//
|
|
//
|
|
// HierarchyIsEnabled()
|
|
//
|
|
// This function checks to see if a hierarchy is enabled.
|
|
//
|
|
// NOTE: The TPM_RH_NULL hierarchy is always enabled.
|
|
//
|
|
//
|
|
// Return Value Meaning
|
|
//
|
|
// TRUE hierarchy is enabled
|
|
// FALSE hierarchy is disabled
|
|
//
|
|
BOOL
|
|
HierarchyIsEnabled(
|
|
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
|
|
)
|
|
{
|
|
BOOL enabled = FALSE;
|
|
switch(hierarchy)
|
|
{
|
|
case TPM_RH_PLATFORM:
|
|
enabled = g_phEnable;
|
|
break;
|
|
case TPM_RH_OWNER:
|
|
enabled = gc.shEnable;
|
|
break;
|
|
case TPM_RH_ENDORSEMENT:
|
|
enabled = gc.ehEnable;
|
|
break;
|
|
case TPM_RH_NULL:
|
|
enabled = TRUE;
|
|
break;
|
|
default:
|
|
pAssert(FALSE);
|
|
break;
|
|
}
|
|
return enabled;
|
|
}
|