1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "NV_ReadLock_fp.h"
10 #include "NV_spt_fp.h"
11 //
12 //
13 //     Error Returns                    Meaning
14 //
15 //     TPM_RC_ATTRIBUTES                TPMA_NV_READ_STCLEAR is not SET so Index referenced by
16 //                                      nvIndex may not be write locked
17 //     TPM_RC_NV_AUTHORIZATION          the authorization was valid but the authorizing entity (authHandle) is
18 //                                      not allowed to read from the Index referenced by nvIndex
19 //
20 TPM_RC
TPM2_NV_ReadLock(NV_ReadLock_In * in)21 TPM2_NV_ReadLock(
22    NV_ReadLock_In    *in                 // IN: input parameter list
23    )
24 {
25    TPM_RC            result;
26    NV_INDEX          nvIndex;
27 
28    // The command needs NV update. Check if NV is available.
29    // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
30    // this point
31    result = NvIsAvailable();
32    if(result != TPM_RC_SUCCESS) return result;
33 
34 // Input Validation
35 
36    // Common read access checks. NvReadAccessChecks() returns
37    // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED
38    // error may be returned at this point
39    result = NvReadAccessChecks(in->authHandle, in->nvIndex);
40    if(result != TPM_RC_SUCCESS)
41    {
42        if(result == TPM_RC_NV_AUTHORIZATION)
43            return TPM_RC_NV_AUTHORIZATION;
44        // Index is already locked for write
45        else if(result == TPM_RC_NV_LOCKED)
46            return TPM_RC_SUCCESS;
47 
48          // If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue.
49          // It is not an error to read lock an uninitialized Index.
50    }
51 
52    // Get NV index info
53    NvGetIndexInfo(in->nvIndex, &nvIndex);
54 
55    // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked
56    if(nvIndex.publicArea.attributes.TPMA_NV_READ_STCLEAR == CLEAR)
57        return TPM_RC_ATTRIBUTES + RC_NV_ReadLock_nvIndex;
58 
59 // Internal Data Update
60 
61    // Set the READLOCK attribute
62    nvIndex.publicArea.attributes.TPMA_NV_READLOCKED = SET;
63    // Write NV info back
64    NvWriteIndexInfo(in->nvIndex, &nvIndex);
65 
66    return TPM_RC_SUCCESS;
67 }
68