TSS_RESULT
Tspi_TPM_SetStatus(TSS_HTPM hTPM, /* in */
TSS_FLAG statusFlag, /* in */
TSS_BOOL fTpmState) /* in */
{
TPM_AUTH auth, *pAuth;
TSS_RESULT result;
TCPA_DIGEST hashDigest;
TSS_HCONTEXT tspContext;
TSS_HPOLICY hPolicy;
TSS_HPOLICY hOperatorPolicy;
Trspi_HashCtx hashCtx;
UINT32 tpmVersion;
if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext)))
return result;
if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy)))
return result;
switch (statusFlag) {
case TSS_TPMSTATUS_DISABLEOWNERCLEAR:
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisableOwnerClear);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DisableOwnerClear, hPolicy,
FALSE, &hashDigest, &auth)))
return result;
if ((result = TCS_API(tspContext)->DisableOwnerClear(tspContext, &auth)))
return result;
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, result);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisableOwnerClear);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth)))
return result;
break;
case TSS_TPMSTATUS_DISABLEFORCECLEAR:
result = TCS_API(tspContext)->DisableForceClear(tspContext);
break;
case TSS_TPMSTATUS_DISABLED:
case TSS_TPMSTATUS_OWNERSETDISABLE:
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerSetDisable);
result |= Trspi_Hash_BOOL(&hashCtx, fTpmState);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerSetDisable, hPolicy,
FALSE, &hashDigest, &auth)))
return result;
if ((result = TCS_API(tspContext)->OwnerSetDisable(tspContext, fTpmState, &auth)))
return result;
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, result);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerSetDisable);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth)))
return result;
break;
case TSS_TPMSTATUS_PHYSICALDISABLE:
if (fTpmState)
result = TCS_API(tspContext)->PhysicalDisable(tspContext);
else
result = TCS_API(tspContext)->PhysicalEnable(tspContext);
break;
case TSS_TPMSTATUS_DEACTIVATED:
case TSS_TPMSTATUS_PHYSICALSETDEACTIVATED:
result = TCS_API(tspContext)->PhysicalSetDeactivated(tspContext, fTpmState);
break;
case TSS_TPMSTATUS_SETTEMPDEACTIVATED:
if ((result = obj_context_get_tpm_version(tspContext, &tpmVersion)))
return result;
/* XXX Change 0,1,2 to #defines */
switch (tpmVersion) {
case 0:
case 1:
result = TCS_API(tspContext)->SetTempDeactivated(tspContext);
break;
case 2:
if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_OPERATOR, &hOperatorPolicy)))
return result;
if (hOperatorPolicy != NULL_HPOLICY) {
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetTempDeactivated);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
pAuth = &auth;
if ((result = secret_PerformAuth_OIAP(hTPM,
TPM_ORD_SetTempDeactivated,
hOperatorPolicy, FALSE,
&hashDigest, pAuth)))
return result;
}
else
pAuth = NULL;
if ((result = TCS_API(tspContext)->SetTempDeactivated2(tspContext, pAuth)))
return result;
if (pAuth) {
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, result);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_SetTempDeactivated);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = obj_policy_validate_auth_oiap(hOperatorPolicy,
&hashDigest,
pAuth)))
return result;
}
break;
default:
return TSPERR(TSS_E_INTERNAL_ERROR);
}
break;
case TSS_TPMSTATUS_SETOWNERINSTALL:
result = TCS_API(tspContext)->SetOwnerInstall(tspContext, fTpmState);
break;
case TSS_TPMSTATUS_DISABLEPUBEKREAD:
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisablePubekRead);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_DisablePubekRead, hPolicy,
FALSE, &hashDigest, &auth)))
return result;
if ((result = TCS_API(tspContext)->DisablePubekRead(tspContext, &auth)))
return result;
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, result);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_DisablePubekRead);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth)))
return result;
break;
case TSS_TPMSTATUS_ALLOWMAINTENANCE:
/* Allow maintenance cannot be set to TRUE in the TPM */
if (fTpmState)
return TSPERR(TSS_E_BAD_PARAMETER);
/* The path to setting allow maintenance to FALSE is through
* KillMaintenanceFeature */
return Tspi_TPM_KillMaintenanceFeature(hTPM);
break;
#ifdef TSS_BUILD_TSS12
case TSS_TPMSTATUS_DISABLEPUBSRKREAD:
/* The logic of setting a 'disable' flag is reversed in the TPM, where setting this
* flag to TRUE will enable the SRK read, while FALSE disables it. So we need to
* flip the bool here. Sigh... */
fTpmState = fTpmState ? FALSE : TRUE;
result = TSP_SetCapability(tspContext, hTPM, hPolicy, TPM_SET_PERM_FLAGS,
TPM_PF_READSRKPUB, fTpmState);
break;
case TSS_TPMSTATUS_RESETLOCK:
/* ignoring the bool here */
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ResetLockValue);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_ResetLockValue, hPolicy,
FALSE, &hashDigest, &auth)))
return result;
if ((result = TCS_API(tspContext)->ResetLockValue(tspContext, &auth)))
return result;
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
result |= Trspi_Hash_UINT32(&hashCtx, result);
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_ResetLockValue);
if ((result |= Trspi_HashFinal(&hashCtx, hashDigest.digest)))
return result;
if ((result = obj_policy_validate_auth_oiap(hPolicy, &hashDigest, &auth)))
return result;
break;
#endif
#ifndef TSS_SPEC_COMPLIANCE
case TSS_TPMSTATUS_PHYSPRES_LIFETIMELOCK:
/* set the lifetime lock bit */
result = TCS_API(tspContext)->PhysicalPresence(tspContext,
TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK);
break;
case TSS_TPMSTATUS_PHYSPRES_HWENABLE:
/* HWENABLE, TRUE -> set the TPM_PHYSICAL_PRESENCE_HW_ENABLE bit
* HWENABLE, FALSE -> set the TPM_PHYSICAL_PRESENCE_HW_DISABLE bit */
if (fTpmState)
result = TCS_API(tspContext)->PhysicalPresence(tspContext,
TPM_PHYSICAL_PRESENCE_HW_ENABLE);
else
result = TCS_API(tspContext)->PhysicalPresence(tspContext,
TPM_PHYSICAL_PRESENCE_HW_DISABLE);
break;
case TSS_TPMSTATUS_PHYSPRES_CMDENABLE:
/* CMDENABLE, TRUE -> set the TPM_PHYSICAL_PRESENCE_CMD_ENABLE bit
* CMDENABLE, FALSE -> set the TPM_PHYSICAL_PRESENCE_CMD_DISABLE bit */
if (fTpmState)
result = TCS_API(tspContext)->PhysicalPresence(tspContext,
TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
else
result = TCS_API(tspContext)->PhysicalPresence(tspContext,
TPM_PHYSICAL_PRESENCE_CMD_DISABLE);
break;
case TSS_TPMSTATUS_PHYSPRES_LOCK:
/* set the physical presence lock bit */
result = TCS_API(tspContext)->PhysicalPresence(tspContext,
TPM_PHYSICAL_PRESENCE_LOCK);
break;
case TSS_TPMSTATUS_PHYSPRESENCE:
/* set the physical presence state */
result = TCS_API(tspContext)->PhysicalPresence(tspContext, (fTpmState ?
TPM_PHYSICAL_PRESENCE_PRESENT :
TPM_PHYSICAL_PRESENCE_NOTPRESENT));
break;
#endif
default:
return TSPERR(TSS_E_BAD_PARAMETER);
break;
}
return result;
}
int
main_v1_1( void )
{
char *function = "Tspi_TPM_KillMaintenanceFeature01";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_RESULT result;
UINT32 exitCode = 0;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Insert the owner auth into the TPM's policy
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit(result);
}
result = Tspi_Policy_SetSecret(hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit(result);
}
//Get random number
result = Tspi_TPM_KillMaintenanceFeature( hTPM );
if ( result != TSS_SUCCESS && TSS_ERROR_CODE(result) != TCPA_E_INACTIVE)
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
}
else
{
print_error_nonapi( function, result );
}
exitCode = result;
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
