/** @file\r
Implement TPM2 Hierarchy related command.\r
\r
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
\r
#pragma pack(1)\r
\r
+typedef struct {\r
+ TPM2_COMMAND_HEADER Header;\r
+ TPMI_RH_HIERARCHY_AUTH AuthHandle;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_COMMAND AuthSession;\r
+ TPM2B_DIGEST AuthPolicy;\r
+ TPMI_ALG_HASH HashAlg;\r
+} TPM2_SET_PRIMARY_POLICY_COMMAND;\r
+\r
+typedef struct {\r
+ TPM2_RESPONSE_HEADER Header;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_RESPONSE AuthSession;\r
+} TPM2_SET_PRIMARY_POLICY_RESPONSE;\r
+\r
typedef struct {\r
TPM2_COMMAND_HEADER Header;\r
TPMI_RH_CLEAR AuthHandle;\r
\r
#pragma pack()\r
\r
+/**\r
+ This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the\r
+ storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).\r
+\r
+ @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated\r
+ @param[in] AuthSession Auth Session context\r
+ @param[in] AuthPolicy An authorization policy hash\r
+ @param[in] HashAlg The hash algorithm to use for the policy\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2SetPrimaryPolicy (\r
+ IN TPMI_RH_HIERARCHY_AUTH AuthHandle,\r
+ IN TPMS_AUTH_COMMAND *AuthSession,\r
+ IN TPM2B_DIGEST *AuthPolicy,\r
+ IN TPMI_ALG_HASH HashAlg\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;\r
+ TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;\r
+ UINT32 SendBufferSize;\r
+ UINT32 RecvBufferSize;\r
+ UINT8 *Buffer;\r
+ UINT32 SessionInfoSize;\r
+\r
+ //\r
+ // Construct command\r
+ //\r
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);\r
+\r
+ SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);\r
+\r
+ //\r
+ // Add in Auth session\r
+ //\r
+ Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
+\r
+ // sessionInfoSize\r
+ SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
+ Buffer += SessionInfoSize;\r
+ SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
+\r
+ //\r
+ // Real data\r
+ //\r
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));\r
+ Buffer += sizeof(UINT16);\r
+ CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);\r
+ Buffer += AuthPolicy->size;\r
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));\r
+ Buffer += sizeof(UINT16);\r
+\r
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
+\r
+ //\r
+ // send Tpm command\r
+ //\r
+ RecvBufferSize = sizeof (RecvBuffer);\r
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
+\r
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
+ }\r
+\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
+ ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
+ return Status;\r
+}\r
+\r
/**\r
This command removes all TPM context associated with a specific Owner.\r
\r
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}\r
@param[in] AuthSession Auth Session context\r
- \r
+\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_DEVICE_ERROR Unexpected device behavior.\r
**/\r
ResultBufSize = sizeof(Res);\r
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
if (EFI_ERROR(Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
//\r
//\r
\r
// None\r
-\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
\r
// disable\r
*(UINT8 *)Buffer = Disable;\r
- Buffer += sizeof(UINT8);\r
+ Buffer++;\r
\r
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
ResultBufSize = sizeof(Res);\r
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);\r
if (EFI_ERROR(Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
//\r
//\r
\r
// None\r
-\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size));\r
Buffer += sizeof(UINT16);\r
\r
- // New Authorizeation\r
+ // New Authorization\r
CopyMem(Buffer, NewAuth->buffer, NewAuth->size);\r
Buffer += NewAuth->size;\r
\r
// Call the TPM\r
//\r
Status = Tpm2SubmitCommand (\r
- CmdSize, \r
- (UINT8 *)&Cmd, \r
+ CmdSize,\r
+ (UINT8 *)&Cmd,\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
// Call the TPM\r
//\r
Status = Tpm2SubmitCommand (\r
- CmdSize, \r
- (UINT8 *)&Cmd, \r
+ CmdSize,\r
+ (UINT8 *)&Cmd,\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
// Call the TPM\r
//\r
Status = Tpm2SubmitCommand (\r
- CmdSize, \r
- (UINT8 *)&Cmd, \r
+ CmdSize,\r
+ (UINT8 *)&Cmd,\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r
\r
/**\r
Buffer += sizeof(UINT32);\r
\r
*(UINT8 *)Buffer = State;\r
- Buffer += sizeof(UINT8);\r
+ Buffer++;\r
\r
CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd);\r
Cmd.Header.paramSize = SwapBytes32(CmdSize);\r
// Call the TPM\r
//\r
Status = Tpm2SubmitCommand (\r
- CmdSize, \r
- (UINT8 *)&Cmd, \r
+ CmdSize,\r
+ (UINT8 *)&Cmd,\r
&ResultBufSize,\r
ResultBuf\r
);\r
+ if (EFI_ERROR(Status)) {\r
+ goto Done;\r
+ }\r
\r
if (ResultBufSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
RespSize = SwapBytes32(Res.Header.paramSize);\r
if (RespSize > sizeof(Res)) {\r
DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));\r
- return EFI_BUFFER_TOO_SMALL;\r
+ Status = EFI_BUFFER_TOO_SMALL;\r
+ goto Done;\r
}\r
\r
//\r
//\r
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {\r
DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));\r
- return EFI_DEVICE_ERROR;\r
+ Status = EFI_DEVICE_ERROR;\r
+ goto Done;\r
}\r
\r
- return EFI_SUCCESS;\r
+Done:\r
+ //\r
+ // Clear AuthSession Content\r
+ //\r
+ ZeroMem (&Cmd, sizeof(Cmd));\r
+ ZeroMem (&Res, sizeof(Res));\r
+ return Status;\r
}\r