1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 4: Supporting Routines
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 //
10 //
11 //             Functions
12 //
13 //               HierarchyPreInstall()
14 //
15 //      This function performs the initialization functions for the hierarchy when the TPM is simulated. This
16 //      function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a
17 //      simulated environment.
18 //
19 void
HierarchyPreInstall_Init(void)20 HierarchyPreInstall_Init(
21      void
22      )
23 {
24      // Allow lockout clear command
25      gp.disableClear = FALSE;
26      // Initialize Primary Seeds
27      gp.EPSeed.t.size = PRIMARY_SEED_SIZE;
28      CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
29      gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
30      CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
31      gp.PPSeed.t.size = PRIMARY_SEED_SIZE;
32      CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer);
33      // Initialize owner, endorsement and lockout auth
34      gp.ownerAuth.t.size = 0;
35      gp.endorsementAuth.t.size = 0;
36      gp.lockoutAuth.t.size = 0;
37      // Initialize owner, endorsement, and lockout policy
38      gp.ownerAlg = TPM_ALG_NULL;
39      gp.ownerPolicy.t.size = 0;
40      gp.endorsementAlg = TPM_ALG_NULL;
41      gp.endorsementPolicy.t.size = 0;
42      gp.lockoutAlg = TPM_ALG_NULL;
43      gp.lockoutPolicy.t.size = 0;
44     // Initialize ehProof, shProof and phProof
45     gp.phProof.t.size = PROOF_SIZE;
46     gp.shProof.t.size = PROOF_SIZE;
47     gp.ehProof.t.size = PROOF_SIZE;
48     CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer);
49     CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer);
50     CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer);
51     // Write hierarchy data to NV
52     NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear);
53     NvWriteReserved(NV_EP_SEED, &gp.EPSeed);
54     NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
55     NvWriteReserved(NV_PP_SEED, &gp.PPSeed);
56     NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
57     NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
58     NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
59     NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
60     NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
61     NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
62     NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
63     NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
64     NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
65     NvWriteReserved(NV_PH_PROOF, &gp.phProof);
66     NvWriteReserved(NV_SH_PROOF, &gp.shProof);
67     NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
68     return;
69 }
70 //
71 //
72 //          HierarchyStartup()
73 //
74 //     This function is called at TPM2_Startup() to initialize the hierarchy related values.
75 //
76 void
HierarchyStartup(STARTUP_TYPE type)77 HierarchyStartup(
78     STARTUP_TYPE         type                // IN: start up type
79     )
80 {
81     // phEnable is SET on any startup
82     g_phEnable = TRUE;
83     // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
84     // TPM_RESTART
85     if(type != SU_RESUME)
86     {
87         gc.platformAuth.t.size = 0;
88         gc.platformPolicy.t.size = 0;
89          // enable the storage and endorsement hierarchies and the platformNV
90          gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
91     }
92     // nullProof and nullSeed are updated at every TPM_RESET
93     if(type == SU_RESET)
94     {
95         gr.nullProof.t.size = PROOF_SIZE;
96         CryptGenerateRandom(gr.nullProof.t.size,
97                             gr.nullProof.t.buffer);
98         gr.nullSeed.t.size = PRIMARY_SEED_SIZE;
99         CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer);
100     }
101     return;
102 }
103 //
104 //           HierarchyGetProof()
105 //
106 //      This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value.
107 //
108 TPM2B_AUTH *
HierarchyGetProof(TPMI_RH_HIERARCHY hierarchy)109 HierarchyGetProof(
110     TPMI_RH_HIERARCHY         hierarchy           // IN: hierarchy constant
111     )
112 {
113     TPM2B_AUTH               *auth = NULL;
114     switch(hierarchy)
115     {
116     case TPM_RH_PLATFORM:
117         // phProof for TPM_RH_PLATFORM
118         auth = &gp.phProof;
119         break;
120     case TPM_RH_ENDORSEMENT:
121         // ehProof for TPM_RH_ENDORSEMENT
122         auth = &gp.ehProof;
123         break;
124     case TPM_RH_OWNER:
125         // shProof for TPM_RH_OWNER
126         auth = &gp.shProof;
127         break;
128     case TPM_RH_NULL:
129         // nullProof for TPM_RH_NULL
130         auth = &gr.nullProof;
131         break;
132     default:
133         pAssert(FALSE);
134         break;
135     }
136     return auth;
137 }
138 //
139 //
140 //           HierarchyGetPrimarySeed()
141 //
142 //      This function returns the primary seed of a hierarchy.
143 //
144 TPM2B_SEED *
HierarchyGetPrimarySeed(TPMI_RH_HIERARCHY hierarchy)145 HierarchyGetPrimarySeed(
146     TPMI_RH_HIERARCHY         hierarchy           // IN: hierarchy
147     )
148 {
149     TPM2B_SEED          *seed = NULL;
150     switch(hierarchy)
151     {
152     case TPM_RH_PLATFORM:
153         seed = &gp.PPSeed;
154         break;
155     case TPM_RH_OWNER:
156         seed = &gp.SPSeed;
157         break;
158     case TPM_RH_ENDORSEMENT:
159         seed = &gp.EPSeed;
160         break;
161     case TPM_RH_NULL:
162         return &gr.nullSeed;
163     default:
164         pAssert(FALSE);
165         break;
166     }
167      return seed;
168 }
169 //
170 //
171 //            HierarchyIsEnabled()
172 //
173 //      This function checks to see if a hierarchy is enabled.
174 //
175 //      NOTE:           The TPM_RH_NULL hierarchy is always enabled.
176 //
177 //
178 //      Return Value                     Meaning
179 //
180 //      TRUE                             hierarchy is enabled
181 //      FALSE                            hierarchy is disabled
182 //
183 BOOL
HierarchyIsEnabled(TPMI_RH_HIERARCHY hierarchy)184 HierarchyIsEnabled(
185      TPMI_RH_HIERARCHY        hierarchy           // IN: hierarchy
186      )
187 {
188      BOOL               enabled = FALSE;
189      switch(hierarchy)
190      {
191      case TPM_RH_PLATFORM:
192          enabled = g_phEnable;
193          break;
194      case TPM_RH_OWNER:
195          enabled = gc.shEnable;
196          break;
197      case TPM_RH_ENDORSEMENT:
198          enabled = gc.ehEnable;
199          break;
200      case TPM_RH_NULL:
201          enabled = TRUE;
202          break;
203      default:
204          pAssert(FALSE);
205          break;
206      }
207      return enabled;
208 }
209