Home | History | Annotate | Download | only in tpm2 
      1 // This file was extracted from the TCG Published
      2 // Trusted Platform Module Library
      3 // Part 3: Commands
      4 // Family "2.0"
      5 // Level 00 Revision 01.16
      6 // October 30, 2014
      7 
      8 #include "InternalRoutines.h"
      9 #include "SetPrimaryPolicy_fp.h"
     10 //
     11 //
     12 //     Error Returns               Meaning
     13 //
     14 //     TPM_RC_SIZE                 size of input authPolicy is not consistent with input hash algorithm
     15 //
     16 TPM_RC
     17 TPM2_SetPrimaryPolicy(
     18    SetPrimaryPolicy_In    *in                 // IN: input parameter list
     19    )
     20 {
     21    TPM_RC                  result;
     22 
     23 // Input Validation
     24 
     25    // Check the authPolicy consistent with hash algorithm. If the policy size is
     26    // zero, then the algorithm is required to be TPM_ALG_NULL
     27    if(in->authPolicy.t.size != CryptGetHashDigestSize(in->hashAlg))
     28        return TPM_RC_SIZE + RC_SetPrimaryPolicy_authPolicy;
     29 
     30    // The command need NV update for OWNER and ENDORSEMENT hierarchy, and
     31    // might need orderlyState update for PLATFROM hierarchy.
     32    // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE
     33    // error may be returned at this point
     34    result = NvIsAvailable();
     35    if(result != TPM_RC_SUCCESS)
     36        return result;
     37 
     38 // Internal Data Update
     39 
     40    // Set hierarchy policy
     41    switch(in->authHandle)
     42    {
     43        case TPM_RH_OWNER:
     44            gp.ownerAlg = in->hashAlg;
     45            gp.ownerPolicy = in->authPolicy;
     46            NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
     47            NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
     48            break;
     49        case TPM_RH_ENDORSEMENT:
     50            gp.endorsementAlg = in->hashAlg;
     51            gp.endorsementPolicy = in->authPolicy;
     52            NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
     53            NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
     54            break;
     55        case TPM_RH_PLATFORM:
     56            gc.platformAlg = in->hashAlg;
     57            gc.platformPolicy = in->authPolicy;
     58            // need to update orderly state
     59            g_clearOrderly = TRUE;
     60            break;
     61        case TPM_RH_LOCKOUT:
     62            gp.lockoutAlg = in->hashAlg;
     63            gp.lockoutPolicy = in->authPolicy;
     64            NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
     65            NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
     66            break;
     67 
     68        default:
     69             pAssert(FALSE);
     70             break;
     71    }
     72 
     73    return TPM_RC_SUCCESS;
     74 }
     75