1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7
8 #include "InternalRoutines.h"
9 #include "Clear_fp.h"
10 //
11 //
12 // Error Returns Meaning
13 //
14 // TPM_RC_DISABLED Clear command has been disabled
15 //
16 TPM_RC
TPM2_Clear(Clear_In * in)17 TPM2_Clear(
18 Clear_In *in // IN: input parameter list
19 )
20 {
21 TPM_RC result;
22
23 // Input parameter is not reference in command action
24 in = NULL;
25
26 // The command needs NV update. Check if NV is available.
27 // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
28 // this point
29 result = NvIsAvailable();
30 if(result != TPM_RC_SUCCESS) return result;
31
32 // Input Validation
33
34 // If Clear command is disabled, return an error
35 if(gp.disableClear)
36 return TPM_RC_DISABLED;
37
38 // Internal Data Update
39
40 // Reset storage hierarchy seed from RNG
41 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
42
43 // Create new shProof and ehProof value from RNG
44 CryptGenerateRandom(PROOF_SIZE, gp.shProof.t.buffer);
45 CryptGenerateRandom(PROOF_SIZE, gp.ehProof.t.buffer);
46
47 // Enable storage and endorsement hierarchy
48 gc.shEnable = gc.ehEnable = TRUE;
49
50 // set the authValue buffers to zero
51 MemorySet(gp.ownerAuth.t.buffer, 0, gp.ownerAuth.t.size);
52 MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size);
53 MemorySet(gp.lockoutAuth.t.buffer, 0, gp.lockoutAuth.t.size);
54 // Set storage, endorsement and lockout authValue to null
55 gp.ownerAuth.t.size = gp.endorsementAuth.t.size = gp.lockoutAuth.t.size = 0;
56
57 // Set storage, endorsement, and lockout authPolicy to null
58 gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL;
59 gp.ownerPolicy.t.size = 0;
60 gp.endorsementPolicy.t.size = 0;
61 gp.lockoutPolicy.t.size = 0;
62
63 // Flush loaded object in storage and endorsement hierarchy
64 ObjectFlushHierarchy(TPM_RH_OWNER);
65 ObjectFlushHierarchy(TPM_RH_ENDORSEMENT);
66
67 // Flush owner and endorsement object and owner index in NV
68 NvFlushHierarchy(TPM_RH_OWNER);
69 NvFlushHierarchy(TPM_RH_ENDORSEMENT);
70
71 // Save hierarchy changes to NV
72 NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
73 NvWriteReserved(NV_SH_PROOF, &gp.shProof);
74 NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
75 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
76 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
77 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
78 NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
79 NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
80 NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
81 NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
82 NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
83 NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
84
85 // Initialize dictionary attack parameters
86 DAPreInstall_Init();
87
88 // Reset clock
89 go.clock = 0;
90 go.clockSafe = YES;
91 // Update the DRBG state whenever writing orderly state to NV
92 CryptDrbgGetPutState(GET_STATE);
93 NvWriteReserved(NV_ORDERLY_DATA, &go);
94
95 // Reset counters
96 gp.resetCount = gr.restartCount = gr.clearCount = 0;
97 gp.auditCounter = 0;
98 NvWriteReserved(NV_RESET_COUNT, &gp.resetCount);
99 NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter);
100
101 // orderly state should be cleared because of the update to state clear data
102 g_clearOrderly = TRUE;
103
104 return TPM_RC_SUCCESS;
105 }
106