// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 4: Supporting Routines
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014
#include "InternalRoutines.h"
//
//
// Functions
//
// HierarchyPreInstall()
//
// This function performs the initialization functions for the hierarchy when the TPM is simulated. This
// function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a
// simulated environment.
//
void
HierarchyPreInstall_Init(
void
)
{
// Allow lockout clear command
gp.disableClear = FALSE;
// Initialize Primary Seeds
gp.EPSeed.t.size = PRIMARY_SEED_SIZE;
CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
gp.PPSeed.t.size = PRIMARY_SEED_SIZE;
CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer);
// Initialize owner, endorsement and lockout auth
gp.ownerAuth.t.size = 0;
gp.endorsementAuth.t.size = 0;
gp.lockoutAuth.t.size = 0;
// Initialize owner, endorsement, and lockout policy
gp.ownerAlg = TPM_ALG_NULL;
gp.ownerPolicy.t.size = 0;
gp.endorsementAlg = TPM_ALG_NULL;
gp.endorsementPolicy.t.size = 0;
gp.lockoutAlg = TPM_ALG_NULL;
gp.lockoutPolicy.t.size = 0;
// Initialize ehProof, shProof and phProof
gp.phProof.t.size = PROOF_SIZE;
gp.shProof.t.size = PROOF_SIZE;
gp.ehProof.t.size = PROOF_SIZE;
CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer);
CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer);
CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer);
// Write hierarchy data to NV
NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear);
NvWriteReserved(NV_EP_SEED, &gp.EPSeed);
NvWriteReserved(NV_SP_SEED, &gp.SPSeed);
NvWriteReserved(NV_PP_SEED, &gp.PPSeed);
NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg);
NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy);
NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg);
NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy);
NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg);
NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy);
NvWriteReserved(NV_PH_PROOF, &gp.phProof);
NvWriteReserved(NV_SH_PROOF, &gp.shProof);
NvWriteReserved(NV_EH_PROOF, &gp.ehProof);
return;
}
//
//
// HierarchyStartup()
//
// This function is called at TPM2_Startup() to initialize the hierarchy related values.
//
void
HierarchyStartup(
STARTUP_TYPE type // IN: start up type
)
{
// phEnable is SET on any startup
g_phEnable = TRUE;
// Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
// TPM_RESTART
if(type != SU_RESUME)
{
gc.platformAuth.t.size = 0;
gc.platformPolicy.t.size = 0;
// enable the storage and endorsement hierarchies and the platformNV
gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
}
// nullProof and nullSeed are updated at every TPM_RESET
if(type == SU_RESET)
{
gr.nullProof.t.size = PROOF_SIZE;
CryptGenerateRandom(gr.nullProof.t.size,
gr.nullProof.t.buffer);
gr.nullSeed.t.size = PRIMARY_SEED_SIZE;
CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer);
}
return;
}
//
// HierarchyGetProof()
//
// This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value.
//
TPM2B_AUTH *
HierarchyGetProof(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant
)
{
TPM2B_AUTH *auth = NULL;
switch(hierarchy)
{
case TPM_RH_PLATFORM:
// phProof for TPM_RH_PLATFORM
auth = &gp.phProof;
break;
case TPM_RH_ENDORSEMENT:
// ehProof for TPM_RH_ENDORSEMENT
auth = &gp.ehProof;
break;
case TPM_RH_OWNER:
// shProof for TPM_RH_OWNER
auth = &gp.shProof;
break;
case TPM_RH_NULL:
// nullProof for TPM_RH_NULL
auth = &gr.nullProof;
break;
default:
pAssert(FALSE);
break;
}
return auth;
}
//
//
// HierarchyGetPrimarySeed()
//
// This function returns the primary seed of a hierarchy.
//
TPM2B_SEED *
HierarchyGetPrimarySeed(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
)
{
TPM2B_SEED *seed = NULL;
switch(hierarchy)
{
case TPM_RH_PLATFORM:
seed = &gp.PPSeed;
break;
case TPM_RH_OWNER:
seed = &gp.SPSeed;
break;
case TPM_RH_ENDORSEMENT:
seed = &gp.EPSeed;
break;
case TPM_RH_NULL:
return &gr.nullSeed;
default:
pAssert(FALSE);
break;
}
return seed;
}
//
//
// HierarchyIsEnabled()
//
// This function checks to see if a hierarchy is enabled.
//
// NOTE: The TPM_RH_NULL hierarchy is always enabled.
//
//
// Return Value Meaning
//
// TRUE hierarchy is enabled
// FALSE hierarchy is disabled
//
BOOL
HierarchyIsEnabled(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
)
{
BOOL enabled = FALSE;
switch(hierarchy)
{
case TPM_RH_PLATFORM:
enabled = g_phEnable;
break;
case TPM_RH_OWNER:
enabled = gc.shEnable;
break;
case TPM_RH_ENDORSEMENT:
enabled = gc.ehEnable;
break;
case TPM_RH_NULL:
enabled = TRUE;
break;
default:
pAssert(FALSE);
break;
}
return enabled;
}