@@ -591,8 +591,12 @@ int wolfBoot_store_blob(TPMI_RH_NV_AUTH authHandle, uint32_t nvIndex,
591591 memset (& nv , 0 , sizeof (nv ));
592592
593593 nv .handle .hndl = nvIndex ;
594- nv .handle .auth .size = authSz ;
595- memcpy (nv .handle .auth .buffer , auth , authSz );
594+ if (authSz > 0 ) {
595+ if (auth == NULL )
596+ return BAD_FUNC_ARG ;
597+ nv .handle .auth .size = authSz ;
598+ memcpy (nv .handle .auth .buffer , auth , authSz );
599+ }
596600
597601 parent .hndl = authHandle ;
598602
@@ -667,8 +671,12 @@ int wolfBoot_read_blob(uint32_t nvIndex, WOLFTPM2_KEYBLOB* blob,
667671 memset (& nv , 0 , sizeof (nv ));
668672
669673 nv .handle .hndl = nvIndex ;
670- nv .handle .auth .size = authSz ;
671- memcpy (nv .handle .auth .buffer , auth , authSz );
674+ if (authSz > 0 ) {
675+ if (auth == NULL )
676+ return BAD_FUNC_ARG ;
677+ nv .handle .auth .size = authSz ;
678+ memcpy (nv .handle .auth .buffer , auth , authSz );
679+ }
672680 wolfTPM2_SetAuthHandle (& wolftpm_dev , 0 , & nv .handle );
673681
674682 pos = 0 ;
@@ -722,8 +730,12 @@ int wolfBoot_delete_blob(TPMI_RH_NV_AUTH authHandle, uint32_t nvIndex,
722730 memset (& nv , 0 , sizeof (nv ));
723731
724732 nv .handle .hndl = nvIndex ;
725- nv .handle .auth .size = authSz ;
726- memcpy (nv .handle .auth .buffer , auth , authSz );
733+ if (authSz > 0 ) {
734+ if (auth == NULL )
735+ return BAD_FUNC_ARG ;
736+ nv .handle .auth .size = authSz ;
737+ memcpy (nv .handle .auth .buffer , auth , authSz );
738+ }
727739
728740 parent .hndl = authHandle ;
729741
@@ -822,6 +834,12 @@ int wolfBoot_seal_blob(const uint8_t* pubkey_hint,
822834 return rc ;
823835}
824836
837+ int wolfBoot_delete_seal (int index )
838+ {
839+ return wolfBoot_delete_blob (TPM_RH_PLATFORM ,
840+ WOLFBOOT_TPM_SEAL_NV_BASE + index , NULL , 0 );
841+ }
842+
825843/* Index (0-X) determines location in NV from WOLFBOOT_TPM_SEAL_NV_BASE to
826844 * store sealed blob */
827845int wolfBoot_seal_auth (const uint8_t * pubkey_hint ,
@@ -991,15 +1009,15 @@ int wolfBoot_unseal_blob(const uint8_t* pubkey_hint,
9911009 rc = wolfTPM2_PolicyAuthorize (& wolftpm_dev , policy_session .handle .hndl ,
9921010 & authKey .pub , & checkTicket , pcrDigest , pcrDigestSz ,
9931011 policyRef , policyRefSz );
994- }
995- else {
996- /* A failure here means the signed policy did not match expected policy.
997- * Use this PCR mask and policy digest with the sign tool --policy=
998- * argument to sign */
999- wolfBoot_printf ("Policy signature failed! \n" );
1000- wolfBoot_printf ( "Expected PCR Mask (0x%08x) and PCR Policy (%d)\n" ,
1001- pcrMask , policyDigestSz );
1002- wolfBoot_print_hexstr ( policyDigest , policyDigestSz , 0 );
1012+ if ( rc != 0 ) {
1013+ /* A failure here means the signed policy did not match expected
1014+ * policy. Use this PCR mask and policy digest with the sign tool
1015+ * -- policy= argument to sign */
1016+ wolfBoot_printf ( "Policy signature failed!\n" );
1017+ wolfBoot_printf ("Expected PCR Mask (0x%08x) and PCR Policy (%d) \n" ,
1018+ pcrMask , policyDigestSz );
1019+ wolfBoot_print_hexstr ( policyDigest , policyDigestSz , 0 );
1020+ }
10031021 }
10041022
10051023 /* done with authorization public key */
@@ -1237,6 +1255,20 @@ void wolfBoot_tpm2_deinit(void)
12371255 wolfTPM2_Cleanup (& wolftpm_dev );
12381256}
12391257
1258+ /**
1259+ * @brief Clear the content of the TPM2 device.
1260+ *
1261+ * This function clears the TPM2 device and remove all stored secrets.
1262+ *
1263+ * @return BAD_FUNC_ARG if any of the underlying functions has passed an invalid
1264+ * argument, e.g. wolftpm_dev is not initialized
1265+ * @return TPM_RC_SUCCESS in case of success
1266+ */
1267+ int wolfBoot_tpm2_clear (void )
1268+ {
1269+ return wolfTPM2_Clear (& wolftpm_dev );
1270+ }
1271+
12401272
12411273#ifdef WOLFBOOT_TPM_KEYSTORE
12421274/* check root of trust based on key_slot (index) and public key hint */
0 commit comments