1 2/* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004, 2007 8 * 9 */ 10 11 12#include <stdlib.h> 13#include <stdio.h> 14#include <string.h> 15#include <inttypes.h> 16 17#include "trousers/tss.h" 18#include "trousers_types.h" 19#include "tcs_tsp.h" 20#include "tcsps.h" 21#include "tcs_utils.h" 22#include "tcs_int_literals.h" 23#include "capabilities.h" 24#include "tcslog.h" 25#include "req_mgr.h" 26#include "tcsd_wrap.h" 27#include "tcsd.h" 28 29TSS_RESULT 30TCSP_SetOwnerInstall_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 31 TSS_BOOL state) /* in */ 32{ 33 UINT64 offset = 0; 34 UINT32 paramSize; 35 TSS_RESULT result; 36 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 37 38 LogDebug("Entering SetOwnerInstall"); 39 if ((result = ctx_verify_context(hContext))) 40 return result; 41 42 if ((result = tpm_rqu_build(TPM_ORD_SetOwnerInstall, &offset, txBlob, state, NULL))) 43 return result; 44 45 if ((result = req_mgr_submit_req(txBlob))) 46 return result; 47 48 result = UnloadBlob_Header(txBlob, ¶mSize); 49 LogResult("SetOwnerInstall", result); 50 return result; 51} 52 53TSS_RESULT 54TCSP_OwnerSetDisable_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 55 TSS_BOOL disableState, /* in */ 56 TPM_AUTH * ownerAuth) /* in, out */ 57{ 58 UINT64 offset = 0; 59 UINT32 paramSize; 60 TSS_RESULT result; 61 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 62 63 if ((result = ctx_verify_context(hContext))) 64 goto done; 65 66 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 67 goto done; 68 69 if ((result = tpm_rqu_build(TPM_ORD_OwnerSetDisable, &offset, txBlob, disableState, 70 ownerAuth))) 71 goto done; 72 73 if ((result = req_mgr_submit_req(txBlob))) 74 goto done; 75 76 result = UnloadBlob_Header(txBlob, ¶mSize); 77 if (!result) { 78 result = tpm_rsp_parse(TPM_ORD_OwnerSetDisable, txBlob, paramSize, ownerAuth); 79 } 80done: 81 auth_mgr_release_auth(ownerAuth, NULL, hContext); 82 return result; 83} 84 85TSS_RESULT 86TCSP_DisableOwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 87 TPM_AUTH * ownerAuth) /* in, out */ 88{ 89 UINT64 offset = 0; 90 UINT32 paramSize; 91 TSS_RESULT result; 92 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 93 94 LogDebug("Entering DisableownerClear"); 95 96 if ((result = ctx_verify_context(hContext))) 97 goto done; 98 99 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 100 goto done; 101 102 if ((result = tpm_rqu_build(TPM_ORD_DisableOwnerClear, &offset, txBlob, ownerAuth))) 103 goto done; 104 105 if ((result = req_mgr_submit_req(txBlob))) 106 goto done; 107 108 result = UnloadBlob_Header(txBlob, ¶mSize); 109 if (!result) { 110 result = tpm_rsp_parse(TPM_ORD_DisableOwnerClear, txBlob, paramSize, ownerAuth); 111 } 112 LogResult("DisableOwnerClear", result); 113done: 114 auth_mgr_release_auth(ownerAuth, NULL, hContext); 115 return result; 116} 117 118TSS_RESULT 119TCSP_ForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 120{ 121 UINT64 offset = 0; 122 UINT32 paramSize; 123 TSS_RESULT result; 124 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 125 126 LogDebug("Entering Force Clear"); 127 if ((result = ctx_verify_context(hContext))) 128 return result; 129 130 if ((result = tpm_rqu_build(TPM_ORD_ForceClear, &offset, txBlob, NULL))) 131 return result; 132 133 if ((result = req_mgr_submit_req(txBlob))) 134 return result; 135 136 result = UnloadBlob_Header(txBlob, ¶mSize); 137 LogResult("Force Clear", result); 138 return result; 139} 140 141TSS_RESULT 142TCSP_DisableForceClear_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 143{ 144 UINT64 offset = 0; 145 UINT32 paramSize; 146 TSS_RESULT result; 147 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 148 149 LogDebug("Entering Disable Force Clear"); 150 if ((result = ctx_verify_context(hContext))) 151 return result; 152 153 if ((result = tpm_rqu_build(TPM_ORD_DisableForceClear, &offset, txBlob, NULL))) 154 return result; 155 156 if ((result = req_mgr_submit_req(txBlob))) 157 return result; 158 159 result = UnloadBlob_Header(txBlob, ¶mSize); 160 LogResult("Disable Force Clear", result); 161 return result; 162} 163 164TSS_RESULT 165TCSP_PhysicalPresence_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 166 TCPA_PHYSICAL_PRESENCE fPhysicalPresence) /* in */ 167{ 168 UINT64 offset = 0; 169 UINT32 paramSize; 170 TSS_RESULT result = TCSERR(TSS_E_NOTIMPL); 171 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 172 char runlevel; 173 174 runlevel = platform_get_runlevel(); 175 176 if (runlevel != 's' && runlevel != 'S' && runlevel != '1') { 177 LogInfo("Physical Presence command denied: Must be in single" 178 " user mode."); 179 return TCSERR(TSS_E_NOTIMPL); 180 } 181 182 if ((result = ctx_verify_context(hContext))) 183 return result; 184 185 if ((result = tpm_rqu_build(TSC_ORD_PhysicalPresence, &offset, txBlob, fPhysicalPresence))) 186 return result; 187 188 if ((result = req_mgr_submit_req(txBlob))) 189 return result; 190 191 return UnloadBlob_Header(txBlob, ¶mSize); 192} 193 194TSS_RESULT 195TCSP_PhysicalDisable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 196{ 197 UINT64 offset = 0; 198 UINT32 paramSize; 199 TSS_RESULT result; 200 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 201 202 LogDebug("Entering Physical Disable"); 203 if ((result = ctx_verify_context(hContext))) 204 return result; 205 206 if ((result = tpm_rqu_build(TPM_ORD_PhysicalDisable, &offset, txBlob, NULL))) 207 return result; 208 209 if ((result = req_mgr_submit_req(txBlob))) 210 return result; 211 212 result = UnloadBlob_Header(txBlob, ¶mSize); 213 LogResult("Physical Disable", result); 214 215 return result; 216} 217 218TSS_RESULT 219TCSP_PhysicalEnable_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 220{ 221 UINT64 offset = 0; 222 TSS_RESULT result; 223 UINT32 paramSize; 224 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 225 226 LogDebug("Entering Physical Enable"); 227 if ((result = ctx_verify_context(hContext))) 228 return result; 229 230 if ((result = tpm_rqu_build(TPM_ORD_PhysicalEnable, &offset, txBlob, NULL))) 231 return result; 232 233 if ((result = req_mgr_submit_req(txBlob))) 234 return result; 235 236 result = UnloadBlob_Header(txBlob, ¶mSize); 237 LogResult("Physical Enable", result); 238 239 return result; 240} 241 242TSS_RESULT 243TCSP_PhysicalSetDeactivated_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 244 TSS_BOOL state) /* in */ 245{ 246 UINT64 offset = 0; 247 UINT32 paramSize; 248 TSS_RESULT result; 249 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 250 251 LogDebug("Entering Physical Set Deactivated"); 252 if ((result = ctx_verify_context(hContext))) 253 return result; 254 255 if ((result = tpm_rqu_build(TPM_ORD_PhysicalSetDeactivated, &offset, txBlob, state, NULL))) 256 return result; 257 258 if ((result = req_mgr_submit_req(txBlob))) 259 return result; 260 261 result = UnloadBlob_Header(txBlob, ¶mSize); 262 LogResult("PhysicalSetDeactivated", result); 263 return result; 264} 265 266TSS_RESULT 267TCSP_SetTempDeactivated_Internal(TCS_CONTEXT_HANDLE hContext) /* in */ 268{ 269 UINT64 offset = 0; 270 UINT32 paramSize; 271 TSS_RESULT result; 272 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 273 274 LogDebug("Entering Set Temp Deactivated"); 275 if ((result = ctx_verify_context(hContext))) 276 return result; 277 278 if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, NULL))) 279 return result; 280 281 if ((result = req_mgr_submit_req(txBlob))) 282 return result; 283 284 result = UnloadBlob_Header(txBlob, ¶mSize); 285 LogResult("SetTempDeactivated", result); 286 287 return result; 288} 289 290#ifdef TSS_BUILD_TSS12 291TSS_RESULT 292TCSP_SetTempDeactivated2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 293 TPM_AUTH * operatorAuth) /* in, out */ 294{ 295 UINT64 offset = 0; 296 UINT32 paramSize; 297 TSS_RESULT result; 298 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 299 300 LogDebug("Entering Set Temp Deactivated2"); 301 if ((result = ctx_verify_context(hContext))) 302 return result; 303 304 if (operatorAuth) { 305 if ((result = auth_mgr_check(hContext, &operatorAuth->AuthHandle))) 306 return result; 307 } 308 309 if ((result = tpm_rqu_build(TPM_ORD_SetTempDeactivated, &offset, txBlob, operatorAuth))) 310 goto done; 311 312 if ((result = req_mgr_submit_req(txBlob))) 313 goto done; 314 315 result = UnloadBlob_Header(txBlob, ¶mSize); 316 317 if (!result) { 318 result = tpm_rsp_parse(TPM_ORD_SetTempDeactivated, txBlob, paramSize, 319 operatorAuth); 320 } 321 322 LogResult("SetTempDeactivated2", result); 323 324done: 325 auth_mgr_release_auth(operatorAuth, NULL, hContext); 326 327 return result; 328} 329#endif 330 331TSS_RESULT 332TCSP_FieldUpgrade_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 333 UINT32 dataInSize, /* in */ 334 BYTE * dataIn, /* in */ 335 UINT32 * dataOutSize, /* out */ 336 BYTE ** dataOut, /* out */ 337 TPM_AUTH * ownerAuth) /* in, out */ 338{ 339 TSS_RESULT result; 340 UINT32 paramSize; 341 UINT64 offset = 0; 342 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 343 344 LogDebug("Field Upgrade"); 345 346 if ((result = ctx_verify_context(hContext))) 347 goto done; 348 349 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 350 goto done; 351 352 if ((result = tpm_rqu_build(TPM_ORD_FieldUpgrade, &offset, txBlob, dataInSize, dataInSize, 353 dataIn, ownerAuth, NULL))) 354 return result; 355 356 if ((result = req_mgr_submit_req(txBlob))) 357 goto done; 358 359 result = UnloadBlob_Header(txBlob, ¶mSize); 360 361 if (!result) { 362 result = tpm_rsp_parse(TPM_ORD_FieldUpgrade, txBlob, paramSize, dataOutSize, 363 dataOut, ownerAuth); 364 } 365 LogResult("Field Upgrade", result); 366done: 367 auth_mgr_release_auth(ownerAuth, NULL, hContext); 368 return result; 369} 370 371TSS_RESULT 372TCSP_SetRedirection_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 373 TCS_KEY_HANDLE keyHandle, /* in */ 374 UINT32 c1, /* in */ 375 UINT32 c2, /* in */ 376 TPM_AUTH * privAuth) /* in, out */ 377{ 378 TSS_RESULT result; 379 UINT32 paramSize; 380 UINT64 offset = 0; 381 TCPA_KEY_HANDLE keySlot; 382 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 383 384 LogDebug("Set Redirection"); 385 386 if ((result = ctx_verify_context(hContext))) 387 goto done; 388 389 if (privAuth != NULL) { 390 if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) 391 goto done; 392 } 393 394 if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) { 395 result = TCSERR(TSS_E_FAIL); 396 goto done; 397 } 398 399 if ((result = tpm_rqu_build(TPM_ORD_SetRedirection, &offset, txBlob, keySlot, c1, c2, 400 privAuth))) 401 goto done; 402 403 if ((result = req_mgr_submit_req(txBlob))) 404 goto done; 405 406 result = UnloadBlob_Header(txBlob, ¶mSize); 407 408 if (!result) { 409 result = tpm_rsp_parse(TPM_ORD_SetRedirection, txBlob, paramSize, privAuth); 410 } 411 LogResult("Set Redirection", result); 412done: 413 auth_mgr_release_auth(privAuth, NULL, hContext); 414 return result; 415} 416 417#ifdef TSS_BUILD_TSS12 418TSS_RESULT 419TCSP_ResetLockValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 420 TPM_AUTH * ownerAuth) /* in, out */ 421{ 422 UINT64 offset = 0; 423 UINT32 paramSize; 424 TSS_RESULT result; 425 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 426 427 if ((result = ctx_verify_context(hContext))) 428 goto done; 429 430 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) 431 goto done; 432 433 if ((result = tpm_rqu_build(TPM_ORD_ResetLockValue, &offset, txBlob, ownerAuth))) 434 return result; 435 436 if ((result = req_mgr_submit_req(txBlob))) 437 goto done; 438 439 result = UnloadBlob_Header(txBlob, ¶mSize); 440 if (!result) { 441 result = tpm_rsp_parse(TPM_ORD_ResetLockValue, txBlob, paramSize, ownerAuth); 442 } 443 444done: 445 auth_mgr_release_auth(ownerAuth, NULL, hContext); 446 return result; 447} 448 449TSS_RESULT 450TCSP_FlushSpecific_Common(UINT32 tpmResHandle, TPM_RESOURCE_TYPE resourceType) 451{ 452 UINT64 offset = 0; 453 UINT32 paramSize; 454 TSS_RESULT result; 455 BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; 456 457 if ((result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, tpmResHandle, 458 resourceType))) 459 return result; 460 461 if ((result = req_mgr_submit_req(txBlob))) 462 return result; 463 464 result = UnloadBlob_Header(txBlob, ¶mSize); 465 if (!result) { 466 result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL); 467 } 468 469 return result; 470} 471 472TSS_RESULT 473TCSP_FlushSpecific_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ 474 TCS_HANDLE hResHandle, /* in */ 475 TPM_RESOURCE_TYPE resourceType) /* in */ 476{ 477 UINT32 tpmResHandle; 478 TSS_RESULT result; 479 480 if ((result = ctx_verify_context(hContext))) 481 return result; 482 483 switch (resourceType) { 484 case TPM_RT_KEY: 485 if ((result = get_slot_lite(hContext, hResHandle, &tpmResHandle))) 486 return result; 487 488 if ((result = ctx_remove_key_loaded(hContext, hResHandle))) 489 return result; 490 491 if ((result = key_mgr_dec_ref_count(hResHandle))) 492 return result; 493 break; 494 case TPM_RT_AUTH: 495 if ((result = auth_mgr_check(hContext, &hResHandle))) 496 return result; 497 498 auth_mgr_release_auth_handle(hResHandle, hContext, FALSE); 499 /* fall through */ 500 case TPM_RT_TRANS: 501 case TPM_RT_DAA_TPM: 502 tpmResHandle = hResHandle; 503 break; 504 case TPM_RT_CONTEXT: 505 result = TCSERR(TSS_E_NOTIMPL); 506 goto done; 507 default: 508 LogDebugFn("Unknown resource type: 0x%x", resourceType); 509 goto done; 510 } 511 512 result = TCSP_FlushSpecific_Common(tpmResHandle, resourceType); 513 514done: 515 return result; 516} 517#endif 518 519