blob: 95b531d260d44c67643e65d47b09dd534ac2d1a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014
#include "InternalRoutines.h"
#include "HierarchyChangeAuth_fp.h"
#include "Object_spt_fp.h"
//
//
// Error Returns Meaning
//
// TPM_RC_SIZE newAuth size is greater than that of integrity hash digest
//
TPM_RC
TPM2_HierarchyChangeAuth(
HierarchyChangeAuth_In *in // IN: input parameter list
)
{
TPM_RC result;
// The command needs NV update. Check if NV is available.
// A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
// this point
result = NvIsAvailable();
if(result != TPM_RC_SUCCESS) return result;
// Make sure the the auth value is a reasonable size (not larger than
// the size of the digest produced by the integrity hash. The integrity
// hash is assumed to produce the longest digest of any hash implemented
// on the TPM.
if( MemoryRemoveTrailingZeros(&in->newAuth)
> CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG))
return TPM_RC_SIZE + RC_HierarchyChangeAuth_newAuth;
// Set hierarchy authValue
switch(in->authHandle)
{
case TPM_RH_OWNER:
gp.ownerAuth = in->newAuth;
NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth);
break;
case TPM_RH_ENDORSEMENT:
gp.endorsementAuth = in->newAuth;
NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth);
break;
case TPM_RH_PLATFORM:
gc.platformAuth = in->newAuth;
// orderly state should be cleared
g_clearOrderly = TRUE;
break;
case TPM_RH_LOCKOUT:
gp.lockoutAuth = in->newAuth;
NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth);
break;
default:
pAssert(FALSE);
break;
}
return TPM_RC_SUCCESS;
}
|
