1 // This file was extracted from the TCG Published
2 // Trusted Platform Module Library
3 // Part 3: Commands
4 // Family "2.0"
5 // Level 00 Revision 01.16
6 // October 30, 2014
7 
8 #include "InternalRoutines.h"
9 #include "SetPrimaryPolicy_fp.h"
10 //
11 //
12 //     Error Returns               Meaning
13 //
14 //     TPM_RC_SIZE                 size of input authPolicy is not consistent with input hash algorithm
15 //
16 TPM_RC
TPM2_SetPrimaryPolicy(SetPrimaryPolicy_In * in)17 TPM2_SetPrimaryPolicy(
18    SetPrimaryPolicy_In    *in                 // IN: input parameter list
19    )
20 {
21    TPM_RC                  result;
22 
23 // Input Validation
24 
25    // Check the authPolicy consistent with hash algorithm. If the policy size is
26    // zero, then the algorithm is required to be TPM_ALG_NULL
27    if(in->authPolicy.t.size != CryptGetHashDigestSize(in->hashAlg))
28        return TPM_RC_SIZE + RC_SetPrimaryPolicy_authPolicy;
29 
30    // The command need NV update for OWNER and ENDORSEMENT hierarchy, and
31    // might need orderlyState update for PLATFROM hierarchy.
32    // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE
33    // error may be returned at this point
34    result = NvIsAvailable();
35    if(result != TPM_RC_SUCCESS)
36        return result;
37 
38 // Internal Data Update
39 
40    // Set hierarchy policy
41    switch(in->authHandle)
42    {
43        case TPM_RH_OWNER:
44            gp.ownerAlg = in->hashAlg;
45            gp.ownerPolicy = in->authPolicy;
46            NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
47            NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
48            break;
49        case TPM_RH_ENDORSEMENT:
50            gp.endorsementAlg = in->hashAlg;
51            gp.endorsementPolicy = in->authPolicy;
52            NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
53            NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
54            break;
55        case TPM_RH_PLATFORM:
56            gc.platformAlg = in->hashAlg;
57            gc.platformPolicy = in->authPolicy;
58            // need to update orderly state
59            g_clearOrderly = TRUE;
60            break;
61        case TPM_RH_LOCKOUT:
62            gp.lockoutAlg = in->hashAlg;
63            gp.lockoutPolicy = in->authPolicy;
64            NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
65            NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
66            break;
67 
68        default:
69             pAssert(FALSE);
70             break;
71    }
72 
73    return TPM_RC_SUCCESS;
74 }
75