1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004, 2007 8 * 9 */ 10 11 12 #include <stdlib.h> 13 #include <stdio.h> 14 #include <string.h> 15 #include <inttypes.h> 16 17 #include "trousers/tss.h" 18 #include "trousers_types.h" 19 #include "tcs_tsp.h" 20 #include "tcsps.h" 21 #include "tcs_utils.h" 22 #include "tcs_int_literals.h" 23 #include "capabilities.h" 24 #include "tcslog.h" 25 #include "req_mgr.h" 26 #include "tcsd_wrap.h" 27 #include "tcsd.h" 28 29 TSS_RESULT 30 TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 31 TSS_BOOL state) /* in */ 32 { 33 UINT64 offset = 0; 34 UINT32 paramSize; 35 TSS_RESULT result; 36 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 37 38 LogDebug("Entering SetOwnerInstall"); 39 if ((result = ctx_verify_context(hContext))) 40 return result; 41 42 if ((result = tpm_rqu_build(TPM_ORD_SetOwnerInstall, &offset, txBlob, state, NULL))) 43 return result; 44 45 if ((result = req_mgr_submit_req(txBlob))) 46 return result; 47 48 result = UnloadBlob_Header(txBlob, ¶mSize); 49 LogResult("SetOwnerInstall", result); 50 return result; 51 } 52 53 TSS_RESULT 54 TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 55 TSS_BOOL disableState, /* in */ 56 TPM_AUTH * ownerAuth) /* in, out */ 57 { 58 UINT64 offset = 0; 59 UINT32 paramSize; 60 TSS_RESULT result; 61 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 62 63 if ((result = ctx_verify_context(hContext))) 64 goto done; 65 66 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 67 goto done; 68 69 if ((result = tpm_rqu_build(TPM_ORD_OwnerSetDisable, &offset, txBlob, disableState, 70 ownerAuth))) 71 goto done; 72 73 if ((result = req_mgr_submit_req(txBlob))) 74 goto done; 75 76 result = UnloadBlob_Header(txBlob, ¶mSize); 77 if (!result) { 78 result = tpm_rsp_parse(TPM_ORD_OwnerSetDisable, txBlob, paramSize, ownerAuth); 79 } 80 done: 81 auth_mgr_release_auth(ownerAuth, NULL, hContext); 82 return result; 83 } 84 85 TSS_RESULT 86 TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 87 TPM_AUTH * ownerAuth) /* in, out */ 88 { 89 UINT64 offset = 0; 90 UINT32 paramSize; 91 TSS_RESULT result; 92 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 93 94 LogDebug("Entering DisableownerClear"); 95 96 if ((result = ctx_verify_context(hContext))) 97 goto done; 98 99 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 100 goto done; 101 102 if ((result = tpm_rqu_build(TPM_ORD_DisableOwnerClear, &offset, txBlob, ownerAuth))) 103 goto done; 104 105 if ((result = req_mgr_submit_req(txBlob))) 106 goto done; 107 108 result = UnloadBlob_Header(txBlob, ¶mSize); 109 if (!result) { 110 result = tpm_rsp_parse(TPM_ORD_DisableOwnerClear, txBlob, paramSize, ownerAuth); 111 } 112 LogResult("DisableOwnerClear", result); 113 done: 114 auth_mgr_release_auth(ownerAuth, NULL, hContext); 115 return result; 116 } 117 118 TSS_RESULT 119 TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 120 { 121 UINT64 offset = 0; 122 UINT32 paramSize; 123 TSS_RESULT result; 124 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 125 126 LogDebug("Entering Force Clear"); 127 if ((result = ctx_verify_context(hContext))) 128 return result; 129 130 if ((result = tpm_rqu_build(TPM_ORD_ForceClear, &offset, txBlob, NULL))) 131 return result; 132 133 if ((result = req_mgr_submit_req(txBlob))) 134 return result; 135 136 result = UnloadBlob_Header(txBlob, ¶mSize); 137 LogResult("Force Clear", result); 138 return result; 139 } 140 141 TSS_RESULT 142 TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 143 { 144 UINT64 offset = 0; 145 UINT32 paramSize; 146 TSS_RESULT result; 147 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 148 149 LogDebug("Entering Disable Force Clear"); 150 if ((result = ctx_verify_context(hContext))) 151 return result; 152 153 if ((result = tpm_rqu_build(TPM_ORD_DisableForceClear, &offset, txBlob, NULL))) 154 return result; 155 156 if ((result = req_mgr_submit_req(txBlob))) 157 return result; 158 159 result = UnloadBlob_Header(txBlob, ¶mSize); 160 LogResult("Disable Force Clear", result); 161 return result; 162 } 163 164 TSS_RESULT 165 TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 166 TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */ 167 { 168 UINT64 offset = 0; 169 UINT32 paramSize; 170 TSS_RESULT result = TCSERR(TSS_E_NOTIMPL); 171 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 172 char runlevel; 173 174 runlevel = platform_get_runlevel(); 175 176 if (runlevel != 's' && runlevel != 'S' && runlevel != '1') { 177 LogInfo("Physical Presence command denied: Must be in single" 178 " user mode."); 179 return TCSERR(TSS_E_NOTIMPL); 180 } 181 182 if ((result = ctx_verify_context(hContext))) 183 return result; 184 185 if ((result = tpm_rqu_build(TSC_ORD_PhysicalPresence, &offset, txBlob, fPhysicalPresence))) 186 return result; 187 188 if ((result = req_mgr_submit_req(txBlob))) 189 return result; 190 191 return UnloadBlob_Header(txBlob, ¶mSize); 192 } 193 194 TSS_RESULT 195 TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 196 { 197 UINT64 offset = 0; 198 UINT32 paramSize; 199 TSS_RESULT result; 200 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 201 202 LogDebug("Entering Physical Disable"); 203 if ((result = ctx_verify_context(hContext))) 204 return result; 205 206 if ((result = tpm_rqu_build(TPM_ORD_PhysicalDisable, &offset, txBlob, NULL))) 207 return result; 208 209 if ((result = req_mgr_submit_req(txBlob))) 210 return result; 211 212 result = UnloadBlob_Header(txBlob, ¶mSize); 213 LogResult("Physical Disable", result); 214 215 return result; 216 } 217 218 TSS_RESULT 219 TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 220 { 221 UINT64 offset = 0; 222 TSS_RESULT result; 223 UINT32 paramSize; 224 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 225 226 LogDebug("Entering Physical Enable"); 227 if ((result = ctx_verify_context(hContext))) 228 return result; 229 230 if ((result = tpm_rqu_build(TPM_ORD_PhysicalEnable, &offset, txBlob, NULL))) 231 return result; 232 233 if ((result = req_mgr_submit_req(txBlob))) 234 return result; 235 236 result = UnloadBlob_Header(txBlob, ¶mSize); 237 LogResult("Physical Enable", result); 238 239 return result; 240 } 241 242 TSS_RESULT 243 TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 244 TSS_BOOL state) /* in */ 245 { 246 UINT64 offset = 0; 247 UINT32 paramSize; 248 TSS_RESULT result; 249 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 250 251 LogDebug("Entering Physical Set Deactivated"); 252 if ((result = ctx_verify_context(hContext))) 253 return result; 254 255 if ((result = tpm_rqu_build(TPM_ORD_PhysicalSetDeactivated, &offset, txBlob, state, NULL))) 256 return result; 257 258 if ((result = req_mgr_submit_req(txBlob))) 259 return result; 260 261 result = UnloadBlob_Header(txBlob, ¶mSize); 262 LogResult("PhysicalSetDeactivated", result); 263 return result; 264 } 265 266 TSS_RESULT 267 TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 268 { 269 UINT64 offset = 0; 270 UINT32 paramSize; 271 TSS_RESULT result; 272 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 273 274 LogDebug("Entering Set Temp Deactivated"); 275 if ((result = ctx_verify_context(hContext))) 276 return result; 277 278 if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, NULL))) 279 return result; 280 281 if ((result = req_mgr_submit_req(txBlob))) 282 return result; 283 284 result = UnloadBlob_Header(txBlob, ¶mSize); 285 LogResult("SetTempDeactivated", result); 286 287 return result; 288 } 289 290 #ifdef TSS_BUILD_TSS12 291 TSS_RESULT 292 TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 293 TPM_AUTH * operatorAuth) /* in, out */ 294 { 295 UINT64 offset = 0; 296 UINT32 paramSize; 297 TSS_RESULT result; 298 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 299 300 LogDebug("Entering Set Temp Deactivated2"); 301 if ((result = ctx_verify_context(hContext))) 302 return result; 303 304 if (operatorAuth) { 305 if ((result = auth_mgr_check(hContext, &operatorAuth->AuthHandle))) 306 return result; 307 } 308 309 if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, operatorAuth))) 310 goto done; 311 312 if ((result = req_mgr_submit_req(txBlob))) 313 goto done; 314 315 result = UnloadBlob_Header(txBlob, ¶mSize); 316 317 if (!result) { 318 result = tpm_rsp_parse(TPM_ORD_SetTempDeactivated, txBlob, paramSize, 319 operatorAuth); 320 } 321 322 LogResult("SetTempDeactivated2", result); 323 324 done: 325 auth_mgr_release_auth(operatorAuth, NULL, hContext); 326 327 return result; 328 } 329 #endif 330 331 TSS_RESULT 332 TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 333 UINT32 dataInSize, /* in */ 334 BYTE * dataIn, /* in */ 335 UINT32 * dataOutSize, /* out */ 336 BYTE ** dataOut, /* out */ 337 TPM_AUTH * ownerAuth) /* in, out */ 338 { 339 TSS_RESULT result; 340 UINT32 paramSize; 341 UINT64 offset = 0; 342 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 343 344 LogDebug("Field Upgrade"); 345 346 if ((result = ctx_verify_context(hContext))) 347 goto done; 348 349 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 350 goto done; 351 352 if ((result = tpm_rqu_build(TPM_ORD_FieldUpgrade, &offset, txBlob, dataInSize, dataInSize, 353 dataIn, ownerAuth, NULL))) 354 return result; 355 356 if ((result = req_mgr_submit_req(txBlob))) 357 goto done; 358 359 result = UnloadBlob_Header(txBlob, ¶mSize); 360 361 if (!result) { 362 result = tpm_rsp_parse(TPM_ORD_FieldUpgrade, txBlob, paramSize, dataOutSize, 363 dataOut, ownerAuth); 364 } 365 LogResult("Field Upgrade", result); 366 done: 367 auth_mgr_release_auth(ownerAuth, NULL, hContext); 368 return result; 369 } 370 371 TSS_RESULT 372 TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 373 TCS_KEY_HANDLE keyHandle, /* in */ 374 UINT32 c1, /* in */ 375 UINT32 c2, /* in */ 376 TPM_AUTH * privAuth) /* in, out */ 377 { 378 TSS_RESULT result; 379 UINT32 paramSize; 380 UINT64 offset = 0; 381 TCPA_KEY_HANDLE keySlot; 382 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 383 384 LogDebug("Set Redirection"); 385 386 if ((result = ctx_verify_context(hContext))) 387 goto done; 388 389 if (privAuth != NULL) { 390 if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) 391 goto done; 392 } 393 394 if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) { 395 result = TCSERR(TSS_E_FAIL); 396 goto done; 397 } 398 399 if ((result = tpm_rqu_build(TPM_ORD_SetRedirection, &offset, txBlob, keySlot, c1, c2, 400 privAuth))) 401 goto done; 402 403 if ((result = req_mgr_submit_req(txBlob))) 404 goto done; 405 406 result = UnloadBlob_Header(txBlob, ¶mSize); 407 408 if (!result) { 409 result = tpm_rsp_parse(TPM_ORD_SetRedirection, txBlob, paramSize, privAuth); 410 } 411 LogResult("Set Redirection", result); 412 done: 413 auth_mgr_release_auth(privAuth, NULL, hContext); 414 return result; 415 } 416 417 #ifdef TSS_BUILD_TSS12 418 TSS_RESULT 419 TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 420 TPM_AUTH * ownerAuth) /* in, out */ 421 { 422 UINT64 offset = 0; 423 UINT32 paramSize; 424 TSS_RESULT result; 425 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 426 427 if ((result = ctx_verify_context(hContext))) 428 goto done; 429 430 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 431 goto done; 432 433 if ((result = tpm_rqu_build(TPM_ORD_ResetLockValue, &offset, txBlob, ownerAuth))) 434 return result; 435 436 if ((result = req_mgr_submit_req(txBlob))) 437 goto done; 438 439 result = UnloadBlob_Header(txBlob, ¶mSize); 440 if (!result) { 441 result = tpm_rsp_parse(TPM_ORD_ResetLockValue, txBlob, paramSize, ownerAuth); 442 } 443 444 done: 445 auth_mgr_release_auth(ownerAuth, NULL, hContext); 446 return result; 447 } 448 449 TSS_RESULT 450 TCSP_FlushSpecific_Common(UINT32 tpmResHandle, TPM_RESOURCE_TYPE resourceType) 451 { 452 UINT64 offset = 0; 453 UINT32 paramSize; 454 TSS_RESULT result; 455 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 456 457 if ((result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, tpmResHandle, 458 resourceType))) 459 return result; 460 461 if ((result = req_mgr_submit_req(txBlob))) 462 return result; 463 464 result = UnloadBlob_Header(txBlob, ¶mSize); 465 if (!result) { 466 result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL); 467 } 468 469 return result; 470 } 471 472 TSS_RESULT 473 TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 474 TCS_HANDLE hResHandle, /* in */ 475 TPM_RESOURCE_TYPE resourceType) /* in */ 476 { 477 UINT32 tpmResHandle; 478 TSS_RESULT result; 479 480 if ((result = ctx_verify_context(hContext))) 481 return result; 482 483 switch (resourceType) { 484 case TPM_RT_KEY: 485 if ((result = get_slot_lite(hContext, hResHandle, &tpmResHandle))) 486 return result; 487 488 if ((result = ctx_remove_key_loaded(hContext, hResHandle))) 489 return result; 490 491 if ((result = key_mgr_dec_ref_count(hResHandle))) 492 return result; 493 break; 494 case TPM_RT_AUTH: 495 if ((result = auth_mgr_check(hContext, &hResHandle))) 496 return result; 497 498 auth_mgr_release_auth_handle(hResHandle, hContext, FALSE); 499 /* fall through */ 500 case TPM_RT_TRANS: 501 case TPM_RT_DAA_TPM: 502 tpmResHandle = hResHandle; 503 break; 504 case TPM_RT_CONTEXT: 505 result = TCSERR(TSS_E_NOTIMPL); 506 goto done; 507 default: 508 LogDebugFn("Unknown resource type: 0x%x", resourceType); 509 goto done; 510 } 511 512 result = TCSP_FlushSpecific_Common(tpmResHandle, resourceType); 513 514 done: 515 return result; 516 } 517 #endif 518 519
Indexes created Thu Jun 25 00:25:11 UTC 2026