1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "Clear_fp.h"
10 //
11 //
12 //     Error Returns                   Meaning
13 //
14 //     TPM_RC_DISABLED                 Clear command has been disabled
15 //
16 TPM_RC
TPM2_Clear(Clear_In * in)17 TPM2_Clear(
18    Clear_In          *in                // IN: input parameter list
19    )
20 {
21    TPM_RC                  result;
22 
23    // Input parameter is not reference in command action
24    in = NULL;
25 
26    // The command needs NV update. Check if NV is available.
27    // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
28    // this point
29    result = NvIsAvailable();
30    if(result != TPM_RC_SUCCESS) return result;
31 
32 // Input Validation
33 
34    // If Clear command is disabled, return an error
35    if(gp.disableClear)
36        return TPM_RC_DISABLED;
37 
38 // Internal Data Update
39 
40    // Reset storage hierarchy seed from RNG
41    CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
42 
43    // Create new shProof and ehProof value from RNG
44    CryptGenerateRandom(PROOF_SIZE, gp.shProof.t.buffer);
45    CryptGenerateRandom(PROOF_SIZE, gp.ehProof.t.buffer);
46 
47    // Enable storage and endorsement hierarchy
48    gc.shEnable = gc.ehEnable = TRUE;
49 
50    // set the authValue buffers to zero
51    MemorySet(gp.ownerAuth.t.buffer, 0, gp.ownerAuth.t.size);
52    MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size);
53    MemorySet(gp.lockoutAuth.t.buffer, 0, gp.lockoutAuth.t.size);
54    // Set storage, endorsement and lockout authValue to null
55    gp.ownerAuth.t.size = gp.endorsementAuth.t.size = gp.lockoutAuth.t.size = 0;
56 
57    // Set storage, endorsement, and lockout authPolicy to null
58    gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL;
59    gp.ownerPolicy.t.size = 0;
60    gp.endorsementPolicy.t.size = 0;
61    gp.lockoutPolicy.t.size = 0;
62 
63    // Flush loaded object in storage and endorsement hierarchy
64    ObjectFlushHierarchy(TPM_RH_OWNER);
65    ObjectFlushHierarchy(TPM_RH_ENDORSEMENT);
66 
67    // Flush owner and endorsement object and owner index in NV
68    NvFlushHierarchy(TPM_RH_OWNER);
69    NvFlushHierarchy(TPM_RH_ENDORSEMENT);
70 
71    // Save hierarchy changes to NV
72    NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
73    NvWriteReserved(NV_SH_PROOF, &gp.shProof);
74    NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
75    NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
76    NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
77    NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
78    NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
79    NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
80    NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
81    NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
82    NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
83    NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
84 
85    // Initialize dictionary attack parameters
86    DAPreInstall_Init();
87 
88    // Reset clock
89    go.clock = 0;
90    go.clockSafe = YES;
91    // Update the DRBG state whenever writing orderly state to NV
92    CryptDrbgGetPutState(GET_STATE);
93    NvWriteReserved(NV_ORDERLY_DATA, &go);
94 
95    // Reset counters
96    gp.resetCount = gr.restartCount = gr.clearCount = 0;
97    gp.auditCounter = 0;
98    NvWriteReserved(NV_RESET_COUNT, &gp.resetCount);
99    NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter);
100 
101    // orderly state should be cleared because of the update to state clear data
102    g_clearOrderly = TRUE;
103 
104    return TPM_RC_SUCCESS;
105 }
106