Hierarchy.c

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
//
//
//             Functions
//
//               HierarchyPreInstall()
//
//      This function performs the initialization functions for the hierarchy when the TPM is simulated. This
//      function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a
//      simulated environment.
//
void
HierarchyPreInstall_Init(
     void
     )
{
     // Allow lockout clear command
     gp.disableClear = FALSE;
     // Initialize Primary Seeds
     gp.EPSeed.t.size = PRIMARY_SEED_SIZE;
     CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
     gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
     CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
     gp.PPSeed.t.size = PRIMARY_SEED_SIZE;
     CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer);
     // Initialize owner, endorsement and lockout auth
     gp.ownerAuth.t.size = 0;
     gp.endorsementAuth.t.size = 0;
     gp.lockoutAuth.t.size = 0;
     // Initialize owner, endorsement, and lockout policy
     gp.ownerAlg = TPM_ALG_NULL;
     gp.ownerPolicy.t.size = 0;
     gp.endorsementAlg = TPM_ALG_NULL;
     gp.endorsementPolicy.t.size = 0;
     gp.lockoutAlg = TPM_ALG_NULL;
     gp.lockoutPolicy.t.size = 0;
    // Initialize ehProof, shProof and phProof
    gp.phProof.t.size = PROOF_SIZE;
    gp.shProof.t.size = PROOF_SIZE;
    gp.ehProof.t.size = PROOF_SIZE;
    CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer);
    CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer);
    CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer);
    // Write hierarchy data to NV
    NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear);
    NvWriteReserved(NV_EP_SEED, &gp.EPSeed);
    NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
    NvWriteReserved(NV_PP_SEED, &gp.PPSeed);
    NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
    NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
    NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
    NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
    NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
    NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
    NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
    NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
    NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
    NvWriteReserved(NV_PH_PROOF, &gp.phProof);
    NvWriteReserved(NV_SH_PROOF, &gp.shProof);
    NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
    return;
}
//
//
//          HierarchyStartup()
//
//     This function is called at TPM2_Startup() to initialize the hierarchy related values.
//
void
HierarchyStartup(
    STARTUP_TYPE         type                // IN: start up type
    )
{
    // phEnable is SET on any startup
    g_phEnable = TRUE;
    // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
    // TPM_RESTART
    if(type != SU_RESUME)
    {
        gc.platformAuth.t.size = 0;
        gc.platformPolicy.t.size = 0;
         // enable the storage and endorsement hierarchies and the platformNV
         gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
    }
    // nullProof and nullSeed are updated at every TPM_RESET
    if(type == SU_RESET)
    {
        gr.nullProof.t.size = PROOF_SIZE;
        CryptGenerateRandom(gr.nullProof.t.size,
                            gr.nullProof.t.buffer);
        gr.nullSeed.t.size = PRIMARY_SEED_SIZE;
        CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer);
    }
    return;
}
//
//           HierarchyGetProof()
//
//      This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value.
//
TPM2B_AUTH *
HierarchyGetProof(
    TPMI_RH_HIERARCHY         hierarchy           // IN: hierarchy constant
    )
{
    TPM2B_AUTH               *auth = NULL;
    switch(hierarchy)
    {
    case TPM_RH_PLATFORM:
        // phProof for TPM_RH_PLATFORM
        auth = &gp.phProof;
        break;
    case TPM_RH_ENDORSEMENT:
        // ehProof for TPM_RH_ENDORSEMENT
        auth = &gp.ehProof;
        break;
    case TPM_RH_OWNER:
        // shProof for TPM_RH_OWNER
        auth = &gp.shProof;
        break;
    case TPM_RH_NULL:
        // nullProof for TPM_RH_NULL
        auth = &gr.nullProof;
        break;
    default:
        pAssert(FALSE);
        break;
    }
    return auth;
}
//
//
//           HierarchyGetPrimarySeed()
//
//      This function returns the primary seed of a hierarchy.
//
TPM2B_SEED *
HierarchyGetPrimarySeed(
    TPMI_RH_HIERARCHY         hierarchy           // IN: hierarchy
    )
{
    TPM2B_SEED          *seed = NULL;
    switch(hierarchy)
    {
    case TPM_RH_PLATFORM:
        seed = &gp.PPSeed;
        break;
    case TPM_RH_OWNER:
        seed = &gp.SPSeed;
        break;
    case TPM_RH_ENDORSEMENT:
        seed = &gp.EPSeed;
        break;
    case TPM_RH_NULL:
        return &gr.nullSeed;
    default:
        pAssert(FALSE);
        break;
    }
     return seed;
}
//
//
//            HierarchyIsEnabled()
//
//      This function checks to see if a hierarchy is enabled.
//
//      NOTE:           The TPM_RH_NULL hierarchy is always enabled.
//
//
//      Return Value                     Meaning
//
//      TRUE                             hierarchy is enabled
//      FALSE                            hierarchy is disabled
//
BOOL
HierarchyIsEnabled(
     TPMI_RH_HIERARCHY        hierarchy           // IN: hierarchy
     )
{
     BOOL               enabled = FALSE;
     switch(hierarchy)
     {
     case TPM_RH_PLATFORM:
         enabled = g_phEnable;
         break;
     case TPM_RH_OWNER:
         enabled = gc.shEnable;
         break;
     case TPM_RH_ENDORSEMENT:
         enabled = gc.ehEnable;
         break;
     case TPM_RH_NULL:
         enabled = TRUE;
         break;
     default:
         pAssert(FALSE);
         break;
     }
     return enabled;
}