/** @file\r
Implement TPM2 Hierarchy related command.\r
\r
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>\r
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
\r
#pragma pack(1)\r
\r
+typedef struct {\r
+ TPM2_COMMAND_HEADER Header;\r
+ TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_COMMAND AuthSession;\r
+ TPM2B_DIGEST AuthPolicy;\r
+ TPMI_ALG_HASH HashAlg;\r
+} TPM2_SET_PRIMARY_POLICY_COMMAND;\r
+\r
+typedef struct {\r
+ TPM2_RESPONSE_HEADER Header;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_RESPONSE AuthSession;\r
+} TPM2_SET_PRIMARY_POLICY_RESPONSE;\r
+\r
typedef struct {\r
TPM2_COMMAND_HEADER Header;\r
TPMI_RH_CLEAR AuthHandle;\r
\r
#pragma pack()\r
\r
+/**\r
+ This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
+ storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
+\r
+ @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
+ @param[in] AuthSession Auth Session context\r
+ @param[in] AuthPolicy An authorization policy hash\r
+ @param[in] HashAlg The hash algorithm to use for the policy\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2SetPrimaryPolicy (\r
+ IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
+ IN TPMS_AUTH_COMMAND *AuthSession,\r
+ IN TPM2B_DIGEST *AuthPolicy,\r
+ IN TPMI_ALG_HASH HashAlg\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r
+ TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r
+ UINT32 SendBufferSize;\r
+ UINT32 RecvBufferSize;\r
+ UINT8 *Buffer;\r
+ UINT32 SessionInfoSize;\r
+\r
+ //\r
+ // Construct command\r
+ //\r
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r
+\r
+ SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
+\r
+ //\r
+ // Add in Auth session\r
+ //\r
+ Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
+\r
+ // sessionInfoSize\r
+ SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
+ Buffer += SessionInfoSize;\r
+ SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
+\r
+ //\r
+ // Real data\r
+ //\r
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r
+ Buffer += sizeof(UINT16);\r
+ CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r
+ Buffer += AuthPolicy->size;\r
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r
+ Buffer += sizeof(UINT16);\r
+\r
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
+\r
+ //\r
+ // send Tpm command\r
+ //\r
+ RecvBufferSize = sizeof (RecvBuffer);\r
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
+\r
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
+ ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
+ return Status;\r
+}\r
+\r
/**\r
This command removes all TPM context associated with a specific Owner.\r
\r
ResultBufSize = sizeof(Res);\r
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
if (EFI_ERROR(Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
//\r
//\r
\r
// None\r
-\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
\r
// disable\r
*(UINT8 *)Buffer = Disable;\r
- Buffer += sizeof(UINT8);\r
+ Buffer++;\r
\r
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
ResultBufSize = sizeof(Res);\r
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
if (EFI_ERROR(Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
//\r
//\r
\r
// None\r
-\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
Buffer += sizeof(UINT32);\r
\r
*(UINT8 *)Buffer = State;\r
- Buffer += sizeof(UINT8);\r
+ Buffer++;\r
\r
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r