1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 4: Supporting Routines
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7
8 #include "InternalRoutines.h"
9 //
10 //
11 // Functions
12 //
13 // HierarchyPreInstall()
14 //
15 // This function performs the initialization functions for the hierarchy when the TPM is simulated. This
16 // function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a
17 // simulated environment.
18 //
19 void
HierarchyPreInstall_Init(void)20 HierarchyPreInstall_Init(
21 void
22 )
23 {
24 // Allow lockout clear command
25 gp.disableClear = FALSE;
26 // Initialize Primary Seeds
27 gp.EPSeed.t.size = PRIMARY_SEED_SIZE;
28 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
29 gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
30 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
31 gp.PPSeed.t.size = PRIMARY_SEED_SIZE;
32 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer);
33 // Initialize owner, endorsement and lockout auth
34 gp.ownerAuth.t.size = 0;
35 gp.endorsementAuth.t.size = 0;
36 gp.lockoutAuth.t.size = 0;
37 // Initialize owner, endorsement, and lockout policy
38 gp.ownerAlg = TPM_ALG_NULL;
39 gp.ownerPolicy.t.size = 0;
40 gp.endorsementAlg = TPM_ALG_NULL;
41 gp.endorsementPolicy.t.size = 0;
42 gp.lockoutAlg = TPM_ALG_NULL;
43 gp.lockoutPolicy.t.size = 0;
44 // Initialize ehProof, shProof and phProof
45 gp.phProof.t.size = PROOF_SIZE;
46 gp.shProof.t.size = PROOF_SIZE;
47 gp.ehProof.t.size = PROOF_SIZE;
48 CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer);
49 CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer);
50 CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer);
51 // Write hierarchy data to NV
52 NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear);
53 NvWriteReserved(NV_EP_SEED, &gp.EPSeed);
54 NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
55 NvWriteReserved(NV_PP_SEED, &gp.PPSeed);
56 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
57 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
58 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
59 NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
60 NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
61 NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
62 NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
63 NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
64 NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
65 NvWriteReserved(NV_PH_PROOF, &gp.phProof);
66 NvWriteReserved(NV_SH_PROOF, &gp.shProof);
67 NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
68 return;
69 }
70 //
71 //
72 // HierarchyStartup()
73 //
74 // This function is called at TPM2_Startup() to initialize the hierarchy related values.
75 //
76 void
HierarchyStartup(STARTUP_TYPE type)77 HierarchyStartup(
78 STARTUP_TYPE type // IN: start up type
79 )
80 {
81 // phEnable is SET on any startup
82 g_phEnable = TRUE;
83 // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
84 // TPM_RESTART
85 if(type != SU_RESUME)
86 {
87 gc.platformAuth.t.size = 0;
88 gc.platformPolicy.t.size = 0;
89 // enable the storage and endorsement hierarchies and the platformNV
90 gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
91 }
92 // nullProof and nullSeed are updated at every TPM_RESET
93 if(type == SU_RESET)
94 {
95 gr.nullProof.t.size = PROOF_SIZE;
96 CryptGenerateRandom(gr.nullProof.t.size,
97 gr.nullProof.t.buffer);
98 gr.nullSeed.t.size = PRIMARY_SEED_SIZE;
99 CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer);
100 }
101 return;
102 }
103 //
104 // HierarchyGetProof()
105 //
106 // This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value.
107 //
108 TPM2B_AUTH *
HierarchyGetProof(TPMI_RH_HIERARCHY hierarchy)109 HierarchyGetProof(
110 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant
111 )
112 {
113 TPM2B_AUTH *auth = NULL;
114 switch(hierarchy)
115 {
116 case TPM_RH_PLATFORM:
117 // phProof for TPM_RH_PLATFORM
118 auth = &gp.phProof;
119 break;
120 case TPM_RH_ENDORSEMENT:
121 // ehProof for TPM_RH_ENDORSEMENT
122 auth = &gp.ehProof;
123 break;
124 case TPM_RH_OWNER:
125 // shProof for TPM_RH_OWNER
126 auth = &gp.shProof;
127 break;
128 case TPM_RH_NULL:
129 // nullProof for TPM_RH_NULL
130 auth = &gr.nullProof;
131 break;
132 default:
133 pAssert(FALSE);
134 break;
135 }
136 return auth;
137 }
138 //
139 //
140 // HierarchyGetPrimarySeed()
141 //
142 // This function returns the primary seed of a hierarchy.
143 //
144 TPM2B_SEED *
HierarchyGetPrimarySeed(TPMI_RH_HIERARCHY hierarchy)145 HierarchyGetPrimarySeed(
146 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
147 )
148 {
149 TPM2B_SEED *seed = NULL;
150 switch(hierarchy)
151 {
152 case TPM_RH_PLATFORM:
153 seed = &gp.PPSeed;
154 break;
155 case TPM_RH_OWNER:
156 seed = &gp.SPSeed;
157 break;
158 case TPM_RH_ENDORSEMENT:
159 seed = &gp.EPSeed;
160 break;
161 case TPM_RH_NULL:
162 return &gr.nullSeed;
163 default:
164 pAssert(FALSE);
165 break;
166 }
167 return seed;
168 }
169 //
170 //
171 // HierarchyIsEnabled()
172 //
173 // This function checks to see if a hierarchy is enabled.
174 //
175 // NOTE: The TPM_RH_NULL hierarchy is always enabled.
176 //
177 //
178 // Return Value Meaning
179 //
180 // TRUE hierarchy is enabled
181 // FALSE hierarchy is disabled
182 //
183 BOOL
HierarchyIsEnabled(TPMI_RH_HIERARCHY hierarchy)184 HierarchyIsEnabled(
185 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
186 )
187 {
188 BOOL enabled = FALSE;
189 switch(hierarchy)
190 {
191 case TPM_RH_PLATFORM:
192 enabled = g_phEnable;
193 break;
194 case TPM_RH_OWNER:
195 enabled = gc.shEnable;
196 break;
197 case TPM_RH_ENDORSEMENT:
198 enabled = gc.ehEnable;
199 break;
200 case TPM_RH_NULL:
201 enabled = TRUE;
202 break;
203 default:
204 pAssert(FALSE);
205 break;
206 }
207 return enabled;
208 }
209