1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 3: Commands 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "InternalRoutines.h" 9 #include "HierarchyChangeAuth_fp.h" 10 #include "Object_spt_fp.h" 11 // 12 // 13 // Error Returns Meaning 14 // 15 // TPM_RC_SIZE newAuth size is greater than that of integrity hash digest 16 // 17 TPM_RC TPM2_HierarchyChangeAuth(HierarchyChangeAuth_In * in)18TPM2_HierarchyChangeAuth( 19 HierarchyChangeAuth_In *in // IN: input parameter list 20 ) 21 { 22 TPM_RC result; 23 24 // The command needs NV update. Check if NV is available. 25 // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at 26 // this point 27 result = NvIsAvailable(); 28 if(result != TPM_RC_SUCCESS) return result; 29 30 // Make sure the the auth value is a reasonable size (not larger than 31 // the size of the digest produced by the integrity hash. The integrity 32 // hash is assumed to produce the longest digest of any hash implemented 33 // on the TPM. 34 if( MemoryRemoveTrailingZeros(&in->newAuth) 35 > CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG)) 36 return TPM_RC_SIZE + RC_HierarchyChangeAuth_newAuth; 37 38 // Set hierarchy authValue 39 switch(in->authHandle) 40 { 41 case TPM_RH_OWNER: 42 gp.ownerAuth = in->newAuth; 43 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth); 44 break; 45 case TPM_RH_ENDORSEMENT: 46 gp.endorsementAuth = in->newAuth; 47 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); 48 break; 49 case TPM_RH_PLATFORM: 50 gc.platformAuth = in->newAuth; 51 // orderly state should be cleared 52 g_clearOrderly = TRUE; 53 break; 54 case TPM_RH_LOCKOUT: 55 gp.lockoutAuth = in->newAuth; 56 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); 57 break; 58 default: 59 pAssert(FALSE); 60 break; 61 } 62 63 return TPM_RC_SUCCESS; 64 } 65