1// This file was extracted from the TCG Published 2// Trusted Platform Module Library 3// Part 4: Supporting Routines 4// Family "2.0" 5// Level 00 Revision 01.16 6// October 30, 2014 7 8#include "InternalRoutines.h" 9// 10// 11// Functions 12// 13// HierarchyPreInstall() 14// 15// This function performs the initialization functions for the hierarchy when the TPM is simulated. This 16// function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a 17// simulated environment. 18// 19void 20HierarchyPreInstall_Init( 21 void 22 ) 23{ 24 // Allow lockout clear command 25 gp.disableClear = FALSE; 26 // Initialize Primary Seeds 27 gp.EPSeed.t.size = PRIMARY_SEED_SIZE; 28 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer); 29 gp.SPSeed.t.size = PRIMARY_SEED_SIZE; 30 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer); 31 gp.PPSeed.t.size = PRIMARY_SEED_SIZE; 32 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer); 33 // Initialize owner, endorsement and lockout auth 34 gp.ownerAuth.t.size = 0; 35 gp.endorsementAuth.t.size = 0; 36 gp.lockoutAuth.t.size = 0; 37 // Initialize owner, endorsement, and lockout policy 38 gp.ownerAlg = TPM_ALG_NULL; 39 gp.ownerPolicy.t.size = 0; 40 gp.endorsementAlg = TPM_ALG_NULL; 41 gp.endorsementPolicy.t.size = 0; 42 gp.lockoutAlg = TPM_ALG_NULL; 43 gp.lockoutPolicy.t.size = 0; 44 // Initialize ehProof, shProof and phProof 45 gp.phProof.t.size = PROOF_SIZE; 46 gp.shProof.t.size = PROOF_SIZE; 47 gp.ehProof.t.size = PROOF_SIZE; 48 CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer); 49 CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer); 50 CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer); 51 // Write hierarchy data to NV 52 NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear); 53 NvWriteReserved(NV_EP_SEED, &gp.EPSeed); 54 NvWriteReserved(NV_SP_SEED, &gp.SPSeed); 55 NvWriteReserved(NV_PP_SEED, &gp.PPSeed); 56 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth); 57 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); 58 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); 59 NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg); 60 NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy); 61 NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg); 62 NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy); 63 NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg); 64 NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy); 65 NvWriteReserved(NV_PH_PROOF, &gp.phProof); 66 NvWriteReserved(NV_SH_PROOF, &gp.shProof); 67 NvWriteReserved(NV_EH_PROOF, &gp.ehProof); 68 return; 69} 70// 71// 72// HierarchyStartup() 73// 74// This function is called at TPM2_Startup() to initialize the hierarchy related values. 75// 76void 77HierarchyStartup( 78 STARTUP_TYPE type // IN: start up type 79 ) 80{ 81 // phEnable is SET on any startup 82 g_phEnable = TRUE; 83 // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and 84 // TPM_RESTART 85 if(type != SU_RESUME) 86 { 87 gc.platformAuth.t.size = 0; 88 gc.platformPolicy.t.size = 0; 89 // enable the storage and endorsement hierarchies and the platformNV 90 gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; 91 } 92 // nullProof and nullSeed are updated at every TPM_RESET 93 if(type == SU_RESET) 94 { 95 gr.nullProof.t.size = PROOF_SIZE; 96 CryptGenerateRandom(gr.nullProof.t.size, 97 gr.nullProof.t.buffer); 98 gr.nullSeed.t.size = PRIMARY_SEED_SIZE; 99 CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer); 100 } 101 return; 102} 103// 104// HierarchyGetProof() 105// 106// This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value. 107// 108TPM2B_AUTH * 109HierarchyGetProof( 110 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant 111 ) 112{ 113 TPM2B_AUTH *auth = NULL; 114 switch(hierarchy) 115 { 116 case TPM_RH_PLATFORM: 117 // phProof for TPM_RH_PLATFORM 118 auth = &gp.phProof; 119 break; 120 case TPM_RH_ENDORSEMENT: 121 // ehProof for TPM_RH_ENDORSEMENT 122 auth = &gp.ehProof; 123 break; 124 case TPM_RH_OWNER: 125 // shProof for TPM_RH_OWNER 126 auth = &gp.shProof; 127 break; 128 case TPM_RH_NULL: 129 // nullProof for TPM_RH_NULL 130 auth = &gr.nullProof; 131 break; 132 default: 133 pAssert(FALSE); 134 break; 135 } 136 return auth; 137} 138// 139// 140// HierarchyGetPrimarySeed() 141// 142// This function returns the primary seed of a hierarchy. 143// 144TPM2B_SEED * 145HierarchyGetPrimarySeed( 146 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy 147 ) 148{ 149 TPM2B_SEED *seed = NULL; 150 switch(hierarchy) 151 { 152 case TPM_RH_PLATFORM: 153 seed = &gp.PPSeed; 154 break; 155 case TPM_RH_OWNER: 156 seed = &gp.SPSeed; 157 break; 158 case TPM_RH_ENDORSEMENT: 159 seed = &gp.EPSeed; 160 break; 161 case TPM_RH_NULL: 162 return &gr.nullSeed; 163 default: 164 pAssert(FALSE); 165 break; 166 } 167 return seed; 168} 169// 170// 171// HierarchyIsEnabled() 172// 173// This function checks to see if a hierarchy is enabled. 174// 175// NOTE: The TPM_RH_NULL hierarchy is always enabled. 176// 177// 178// Return Value Meaning 179// 180// TRUE hierarchy is enabled 181// FALSE hierarchy is disabled 182// 183BOOL 184HierarchyIsEnabled( 185 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy 186 ) 187{ 188 BOOL enabled = FALSE; 189 switch(hierarchy) 190 { 191 case TPM_RH_PLATFORM: 192 enabled = g_phEnable; 193 break; 194 case TPM_RH_OWNER: 195 enabled = gc.shEnable; 196 break; 197 case TPM_RH_ENDORSEMENT: 198 enabled = gc.ehEnable; 199 break; 200 case TPM_RH_NULL: 201 enabled = TRUE; 202 break; 203 default: 204 pAssert(FALSE); 205 break; 206 } 207 return enabled; 208} 209