1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 3: Commands 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "InternalRoutines.h" 9 #include "Clear_fp.h" 10 // 11 // 12 // Error Returns Meaning 13 // 14 // TPM_RC_DISABLED Clear command has been disabled 15 // 16 TPM_RC 17 TPM2_Clear( 18 Clear_In *in // IN: input parameter list 19 ) 20 { 21 TPM_RC result; 22 23 // Input parameter is not reference in command action 24 in = NULL; 25 26 // The command needs NV update. Check if NV is available. 27 // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at 28 // this point 29 result = NvIsAvailable(); 30 if(result != TPM_RC_SUCCESS) return result; 31 32 // Input Validation 33 34 // If Clear command is disabled, return an error 35 if(gp.disableClear) 36 return TPM_RC_DISABLED; 37 38 // Internal Data Update 39 40 // Reset storage hierarchy seed from RNG 41 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer); 42 43 // Create new shProof and ehProof value from RNG 44 CryptGenerateRandom(PROOF_SIZE, gp.shProof.t.buffer); 45 CryptGenerateRandom(PROOF_SIZE, gp.ehProof.t.buffer); 46 47 // Enable storage and endorsement hierarchy 48 gc.shEnable = gc.ehEnable = TRUE; 49 50 // set the authValue buffers to zero 51 MemorySet(gp.ownerAuth.t.buffer, 0, gp.ownerAuth.t.size); 52 MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size); 53 MemorySet(gp.lockoutAuth.t.buffer, 0, gp.lockoutAuth.t.size); 54 // Set storage, endorsement and lockout authValue to null 55 gp.ownerAuth.t.size = gp.endorsementAuth.t.size = gp.lockoutAuth.t.size = 0; 56 57 // Set storage, endorsement, and lockout authPolicy to null 58 gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL; 59 gp.ownerPolicy.t.size = 0; 60 gp.endorsementPolicy.t.size = 0; 61 gp.lockoutPolicy.t.size = 0; 62 63 // Flush loaded object in storage and endorsement hierarchy 64 ObjectFlushHierarchy(TPM_RH_OWNER); 65 ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); 66 67 // Flush owner and endorsement object and owner index in NV 68 NvFlushHierarchy(TPM_RH_OWNER); 69 NvFlushHierarchy(TPM_RH_ENDORSEMENT); 70 71 // Save hierarchy changes to NV 72 NvWriteReserved(NV_SP_SEED, &gp.SPSeed); 73 NvWriteReserved(NV_SH_PROOF, &gp.shProof); 74 NvWriteReserved(NV_EH_PROOF, &gp.ehProof); 75 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth); 76 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); 77 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); 78 NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg); 79 NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg); 80 NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg); 81 NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy); 82 NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy); 83 NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy); 84 85 // Initialize dictionary attack parameters 86 DAPreInstall_Init(); 87 88 // Reset clock 89 go.clock = 0; 90 go.clockSafe = YES; 91 // Update the DRBG state whenever writing orderly state to NV 92 CryptDrbgGetPutState(GET_STATE); 93 NvWriteReserved(NV_ORDERLY_DATA, &go); 94 95 // Reset counters 96 gp.resetCount = gr.restartCount = gr.clearCount = 0; 97 gp.auditCounter = 0; 98 NvWriteReserved(NV_RESET_COUNT, &gp.resetCount); 99 NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter); 100 101 // orderly state should be cleared because of the update to state clear data 102 g_clearOrderly = TRUE; 103 104 return TPM_RC_SUCCESS; 105 } 106
