1 // This file was extracted from the TCG Published 2 // Trusted Platform Module Library 3 // Part 4: Supporting Routines 4 // Family "2.0" 5 // Level 00 Revision 01.16 6 // October 30, 2014 7 8 #include "InternalRoutines.h" 9 // 10 // 11 // Functions 12 // 13 // HierarchyPreInstall() 14 // 15 // This function performs the initialization functions for the hierarchy when the TPM is simulated. This 16 // function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a 17 // simulated environment. 18 // 19 void 20 HierarchyPreInstall_Init( 21 void 22 ) 23 { 24 // Allow lockout clear command 25 gp.disableClear = FALSE; 26 // Initialize Primary Seeds 27 gp.EPSeed.t.size = PRIMARY_SEED_SIZE; 28 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer); 29 gp.SPSeed.t.size = PRIMARY_SEED_SIZE; 30 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer); 31 gp.PPSeed.t.size = PRIMARY_SEED_SIZE; 32 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer); 33 // Initialize owner, endorsement and lockout auth 34 gp.ownerAuth.t.size = 0; 35 gp.endorsementAuth.t.size = 0; 36 gp.lockoutAuth.t.size = 0; 37 // Initialize owner, endorsement, and lockout policy 38 gp.ownerAlg = TPM_ALG_NULL; 39 gp.ownerPolicy.t.size = 0; 40 gp.endorsementAlg = TPM_ALG_NULL; 41 gp.endorsementPolicy.t.size = 0; 42 gp.lockoutAlg = TPM_ALG_NULL; 43 gp.lockoutPolicy.t.size = 0; 44 // Initialize ehProof, shProof and phProof 45 gp.phProof.t.size = PROOF_SIZE; 46 gp.shProof.t.size = PROOF_SIZE; 47 gp.ehProof.t.size = PROOF_SIZE; 48 CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer); 49 CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer); 50 CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer); 51 // Write hierarchy data to NV 52 NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear); 53 NvWriteReserved(NV_EP_SEED, &gp.EPSeed); 54 NvWriteReserved(NV_SP_SEED, &gp.SPSeed); 55 NvWriteReserved(NV_PP_SEED, &gp.PPSeed); 56 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth); 57 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); 58 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); 59 NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg); 60 NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy); 61 NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg); 62 NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy); 63 NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg); 64 NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy); 65 NvWriteReserved(NV_PH_PROOF, &gp.phProof); 66 NvWriteReserved(NV_SH_PROOF, &gp.shProof); 67 NvWriteReserved(NV_EH_PROOF, &gp.ehProof); 68 return; 69 } 70 // 71 // 72 // HierarchyStartup() 73 // 74 // This function is called at TPM2_Startup() to initialize the hierarchy related values. 75 // 76 void 77 HierarchyStartup( 78 STARTUP_TYPE type // IN: start up type 79 ) 80 { 81 // phEnable is SET on any startup 82 g_phEnable = TRUE; 83 // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and 84 // TPM_RESTART 85 if(type != SU_RESUME) 86 { 87 gc.platformAuth.t.size = 0; 88 gc.platformPolicy.t.size = 0; 89 // enable the storage and endorsement hierarchies and the platformNV 90 gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; 91 } 92 // nullProof and nullSeed are updated at every TPM_RESET 93 if(type == SU_RESET) 94 { 95 gr.nullProof.t.size = PROOF_SIZE; 96 CryptGenerateRandom(gr.nullProof.t.size, 97 gr.nullProof.t.buffer); 98 gr.nullSeed.t.size = PRIMARY_SEED_SIZE; 99 CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer); 100 } 101 return; 102 } 103 // 104 // HierarchyGetProof() 105 // 106 // This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value. 107 // 108 TPM2B_AUTH * 109 HierarchyGetProof( 110 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant 111 ) 112 { 113 TPM2B_AUTH *auth = NULL; 114 switch(hierarchy) 115 { 116 case TPM_RH_PLATFORM: 117 // phProof for TPM_RH_PLATFORM 118 auth = &gp.phProof; 119 break; 120 case TPM_RH_ENDORSEMENT: 121 // ehProof for TPM_RH_ENDORSEMENT 122 auth = &gp.ehProof; 123 break; 124 case TPM_RH_OWNER: 125 // shProof for TPM_RH_OWNER 126 auth = &gp.shProof; 127 break; 128 case TPM_RH_NULL: 129 // nullProof for TPM_RH_NULL 130 auth = &gr.nullProof; 131 break; 132 default: 133 pAssert(FALSE); 134 break; 135 } 136 return auth; 137 } 138 // 139 // 140 // HierarchyGetPrimarySeed() 141 // 142 // This function returns the primary seed of a hierarchy. 143 // 144 TPM2B_SEED * 145 HierarchyGetPrimarySeed( 146 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy 147 ) 148 { 149 TPM2B_SEED *seed = NULL; 150 switch(hierarchy) 151 { 152 case TPM_RH_PLATFORM: 153 seed = &gp.PPSeed; 154 break; 155 case TPM_RH_OWNER: 156 seed = &gp.SPSeed; 157 break; 158 case TPM_RH_ENDORSEMENT: 159 seed = &gp.EPSeed; 160 break; 161 case TPM_RH_NULL: 162 return &gr.nullSeed; 163 default: 164 pAssert(FALSE); 165 break; 166 } 167 return seed; 168 } 169 // 170 // 171 // HierarchyIsEnabled() 172 // 173 // This function checks to see if a hierarchy is enabled. 174 // 175 // NOTE: The TPM_RH_NULL hierarchy is always enabled. 176 // 177 // 178 // Return Value Meaning 179 // 180 // TRUE hierarchy is enabled 181 // FALSE hierarchy is disabled 182 // 183 BOOL 184 HierarchyIsEnabled( 185 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy 186 ) 187 { 188 BOOL enabled = FALSE; 189 switch(hierarchy) 190 { 191 case TPM_RH_PLATFORM: 192 enabled = g_phEnable; 193 break; 194 case TPM_RH_OWNER: 195 enabled = gc.shEnable; 196 break; 197 case TPM_RH_ENDORSEMENT: 198 enabled = gc.ehEnable; 199 break; 200 case TPM_RH_NULL: 201 enabled = TRUE; 202 break; 203 default: 204 pAssert(FALSE); 205 break; 206 } 207 return enabled; 208 } 209
