1 /* Microsoft Reference Implementation for TPM 2.0
2 *
3 * The copyright in this software is being made available under the BSD License,
4 * included below. This software may be subject to other third party and
5 * contributor rights, including patent rights, and no such rights are granted
6 * under this license.
7 *
8 * Copyright (c) Microsoft Corporation
9 *
10 * All rights reserved.
11 *
12 * BSD License
13 *
14 * Redistribution and use in source and binary forms, with or without modification,
15 * are permitted provided that the following conditions are met:
16 *
17 * Redistributions of source code must retain the above copyright notice, this list
18 * of conditions and the following disclaimer.
19 *
20 * Redistributions in binary form must reproduce the above copyright notice, this
21 * list of conditions and the following disclaimer in the documentation and/or
22 * other materials provided with the distribution.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35 //** Introduction
36 // This file contains the functions used for managing and accessing the
37 // hierarchy-related values.
38
39 //** Includes
40
41 #include "Tpm.h"
42
43 //** Functions
44
45 //*** HierarchyPreInstall()
46 // This function performs the initialization functions for the hierarchy
47 // when the TPM is simulated. This function should not be called if the
48 // TPM is not in a manufacturing mode at the manufacturer, or in a simulated
49 // environment.
50 void
HierarchyPreInstall_Init(void)51 HierarchyPreInstall_Init(
52 void
53 )
54 {
55 // Allow lockout clear command
56 gp.disableClear = FALSE;
57
58 // Initialize Primary Seeds
59 gp.EPSeed.t.size = sizeof(gp.EPSeed.t.buffer);
60 gp.SPSeed.t.size = sizeof(gp.SPSeed.t.buffer);
61 gp.PPSeed.t.size = sizeof(gp.PPSeed.t.buffer);
62 #if (defined USE_PLATFORM_EPS) && (USE_PLATFORM_EPS != NO)
63 _plat__GetEPS(gp.EPSeed.t.size, gp.EPSeed.t.buffer);
64 #else
65 CryptRandomGenerate(gp.EPSeed.t.size, gp.EPSeed.t.buffer);
66 #endif
67 CryptRandomGenerate(gp.SPSeed.t.size, gp.SPSeed.t.buffer);
68 CryptRandomGenerate(gp.PPSeed.t.size, gp.PPSeed.t.buffer);
69
70 // Initialize owner, endorsement and lockout authorization
71 gp.ownerAuth.t.size = 0;
72 gp.endorsementAuth.t.size = 0;
73 gp.lockoutAuth.t.size = 0;
74
75 // Initialize owner, endorsement, and lockout policy
76 gp.ownerAlg = TPM_ALG_NULL;
77 gp.ownerPolicy.t.size = 0;
78 gp.endorsementAlg = TPM_ALG_NULL;
79 gp.endorsementPolicy.t.size = 0;
80 gp.lockoutAlg = TPM_ALG_NULL;
81 gp.lockoutPolicy.t.size = 0;
82
83 // Initialize ehProof, shProof and phProof
84 gp.phProof.t.size = sizeof(gp.phProof.t.buffer);
85 gp.shProof.t.size = sizeof(gp.shProof.t.buffer);
86 gp.ehProof.t.size = sizeof(gp.ehProof.t.buffer);
87 CryptRandomGenerate(gp.phProof.t.size, gp.phProof.t.buffer);
88 CryptRandomGenerate(gp.shProof.t.size, gp.shProof.t.buffer);
89 CryptRandomGenerate(gp.ehProof.t.size, gp.ehProof.t.buffer);
90
91 // Write hierarchy data to NV
92 NV_SYNC_PERSISTENT(disableClear);
93 NV_SYNC_PERSISTENT(EPSeed);
94 NV_SYNC_PERSISTENT(SPSeed);
95 NV_SYNC_PERSISTENT(PPSeed);
96 NV_SYNC_PERSISTENT(ownerAuth);
97 NV_SYNC_PERSISTENT(endorsementAuth);
98 NV_SYNC_PERSISTENT(lockoutAuth);
99 NV_SYNC_PERSISTENT(ownerAlg);
100 NV_SYNC_PERSISTENT(ownerPolicy);
101 NV_SYNC_PERSISTENT(endorsementAlg);
102 NV_SYNC_PERSISTENT(endorsementPolicy);
103 NV_SYNC_PERSISTENT(lockoutAlg);
104 NV_SYNC_PERSISTENT(lockoutPolicy);
105 NV_SYNC_PERSISTENT(phProof);
106 NV_SYNC_PERSISTENT(shProof);
107 NV_SYNC_PERSISTENT(ehProof);
108
109 return;
110 }
111
112 //*** HierarchyStartup()
113 // This function is called at TPM2_Startup() to initialize the hierarchy
114 // related values.
115 BOOL
HierarchyStartup(STARTUP_TYPE type)116 HierarchyStartup(
117 STARTUP_TYPE type // IN: start up type
118 )
119 {
120 // phEnable is SET on any startup
121 g_phEnable = TRUE;
122
123 // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
124 // TPM_RESTART
125 if(type != SU_RESUME)
126 {
127 gc.platformAuth.t.size = 0;
128 gc.platformPolicy.t.size = 0;
129 gc.platformAlg = TPM_ALG_NULL;
130
131 // enable the storage and endorsement hierarchies and the platformNV
132 gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
133 }
134
135 // nullProof and nullSeed are updated at every TPM_RESET
136 if((type != SU_RESTART) && (type != SU_RESUME))
137 {
138 gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer);
139 CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer);
140 gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer);
141 CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer);
142 }
143
144 return TRUE;
145 }
146
147 //*** HierarchyGetProof()
148 // This function finds the proof value associated with a hierarchy.It returns a
149 // pointer to the proof value.
150 TPM2B_PROOF *
HierarchyGetProof(TPMI_RH_HIERARCHY hierarchy)151 HierarchyGetProof(
152 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant
153 )
154 {
155 TPM2B_PROOF *proof = NULL;
156
157 switch(hierarchy)
158 {
159 case TPM_RH_PLATFORM:
160 // phProof for TPM_RH_PLATFORM
161 proof = &gp.phProof;
162 break;
163 case TPM_RH_ENDORSEMENT:
164 // ehProof for TPM_RH_ENDORSEMENT
165 proof = &gp.ehProof;
166 break;
167 case TPM_RH_OWNER:
168 // shProof for TPM_RH_OWNER
169 proof = &gp.shProof;
170 break;
171 default:
172 // nullProof for TPM_RH_NULL or anything else
173 proof = &gr.nullProof;
174 break;
175 }
176 return proof;
177 }
178
179 //*** HierarchyGetPrimarySeed()
180 // This function returns the primary seed of a hierarchy.
181 TPM2B_SEED *
HierarchyGetPrimarySeed(TPMI_RH_HIERARCHY hierarchy)182 HierarchyGetPrimarySeed(
183 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
184 )
185 {
186 TPM2B_SEED *seed = NULL;
187 switch(hierarchy)
188 {
189 case TPM_RH_PLATFORM:
190 seed = &gp.PPSeed;
191 break;
192 case TPM_RH_OWNER:
193 seed = &gp.SPSeed;
194 break;
195 case TPM_RH_ENDORSEMENT:
196 seed = &gp.EPSeed;
197 break;
198 default:
199 seed = &gr.nullSeed;
200 break;
201 }
202 return seed;
203 }
204
205 //*** HierarchyIsEnabled()
206 // This function checks to see if a hierarchy is enabled.
207 // NOTE: The TPM_RH_NULL hierarchy is always enabled.
208 // Return Type: BOOL
209 // TRUE(1) hierarchy is enabled
210 // FALSE(0) hierarchy is disabled
211 BOOL
HierarchyIsEnabled(TPMI_RH_HIERARCHY hierarchy)212 HierarchyIsEnabled(
213 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
214 )
215 {
216 BOOL enabled = FALSE;
217
218 switch(hierarchy)
219 {
220 case TPM_RH_PLATFORM:
221 enabled = g_phEnable;
222 break;
223 case TPM_RH_OWNER:
224 enabled = gc.shEnable;
225 break;
226 case TPM_RH_ENDORSEMENT:
227 enabled = gc.ehEnable;
228 break;
229 case TPM_RH_NULL:
230 enabled = TRUE;
231 break;
232 default:
233 enabled = FALSE;
234 break;
235 }
236 return enabled;
237 }