From 59204c57d0a4889e3cace81b3361ea06f7b3fb45 Mon Sep 17 00:00:00 2001 From: Luigi Semenzato Date: Wed, 9 Jun 2010 13:37:15 -0700 Subject: [PATCH] Import recent tpm_lite changes that make all TPM commands return a status. Review URL: http://codereview.chromium.org/2711006 --- tests/Makefile | 1 + tests/rollback_index_mock.c | 22 +-- vboot_firmware/include/firmware_image_fw.h | 3 +- vboot_firmware/include/rollback_index.h | 10 +- vboot_firmware/include/tlcl.h | 64 +++++--- vboot_firmware/lib/firmware_image_fw.c | 5 +- vboot_firmware/lib/rollback_index.c | 177 +++++++++++---------- vboot_firmware/linktest/main.c | 3 +- vboot_firmware/stub/tlcl.c | 27 ++-- 9 files changed, 173 insertions(+), 139 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 207b931555..055773359c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -9,6 +9,7 @@ INCLUDES += -I./include \ -I$(FWDIR)/lib/cgptlib/include \ -I$(FWDIR)/lib/cryptolib/include \ -I../misclibs/include \ + -I../vboot_firmware/lib/include\ -I../vfirmware/include\ -I../vkernel/include IMAGE_LIBS = $(TOP)/vfirmware/firmware_image.o \ diff --git a/tests/rollback_index_mock.c b/tests/rollback_index_mock.c index 2e1e5ee15d..d3da5b0daf 100644 --- a/tests/rollback_index_mock.c +++ b/tests/rollback_index_mock.c @@ -6,6 +6,7 @@ */ #include "rollback_index.h" +#include "tss_constants.h" #include #include @@ -15,14 +16,14 @@ uint16_t g_firmware_version = 0; uint16_t g_kernel_key_version = 0; uint16_t g_kernel_version = 0; -int SetupTPM(void) { +uint32_t SetupTPM(void) { #ifndef NDEBUG debug("Rollback Index Library Mock: TPM initialized.\n"); #endif - return 0; + return TPM_SUCCESS; } -int GetStoredVersions(int type, uint16_t* key_version, uint16_t* version) { +uint32_t GetStoredVersions(int type, uint16_t* key_version, uint16_t* version) { switch (type) { case FIRMWARE_VERSIONS: *key_version = g_firmware_key_version; @@ -33,10 +34,10 @@ int GetStoredVersions(int type, uint16_t* key_version, uint16_t* version) { *version = g_kernel_version; break; } - return 0; + return TPM_SUCCESS; } -int WriteStoredVersions(int type, uint16_t key_version, uint16_t version) { +uint32_t WriteStoredVersions(int type, uint16_t key_version, uint16_t version) { switch (type) { case FIRMWARE_VERSIONS: g_firmware_key_version = key_version; @@ -50,18 +51,19 @@ int WriteStoredVersions(int type, uint16_t key_version, uint16_t version) { #ifndef NDEBUG debug("Rollback Index Library Mock: Stored Versions written.\n"); #endif - return 0; + return TPM_SUCCESS; } -int LockFirmwareVersions() { +uint32_t LockFirmwareVersions(void) { #ifndef NDEBUG debug("Rollback Index Library Mock: Firmware Versions Locked.\n"); #endif - return 0; + return TPM_SUCCESS; } -int LockKernelVersionsByLockingPP() { + +uint32_t LockKernelVersionsByLockingPP(void) { #ifndef NDEBUG debug("Rollback Index Library Mock: Kernel Versions Locked.\n"); #endif - return 0; + return TPM_SUCCESS; } diff --git a/vboot_firmware/include/firmware_image_fw.h b/vboot_firmware/include/firmware_image_fw.h index fb90f0271b..32ae9ed404 100644 --- a/vboot_firmware/include/firmware_image_fw.h +++ b/vboot_firmware/include/firmware_image_fw.h @@ -65,7 +65,8 @@ typedef struct FirmwareImage { #define VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM 7 #define VERIFY_FIRMWARE_KEY_ROLLBACK 8 #define VERIFY_FIRMWARE_VERSION_ROLLBACK 9 -#define VERIFY_FIRMWARE_MAX 10 /* Total number of error codes. */ +#define VERIFY_FIRMWARE_TPM_ERROR 10 +#define VERIFY_FIRMWARE_MAX 11 /* Total number of error codes. */ extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX]; diff --git a/vboot_firmware/include/rollback_index.h b/vboot_firmware/include/rollback_index.h index e0e9d27b36..9be97b9737 100644 --- a/vboot_firmware/include/rollback_index.h +++ b/vboot_firmware/include/rollback_index.h @@ -28,10 +28,10 @@ extern uint16_t g_kernel_version; #define KERNEL_BACKUP_IS_VALID_NV_INDEX 0x1005 /* All functions return 0 if successful, non-zero if error */ -int SetupTPM(void); -int GetStoredVersions(int type, uint16_t* key_version, uint16_t* version); -int WriteStoredVersions(int type, uint16_t key_version, uint16_t version); -int LockFirmwareVersions(); -int LockKernelVersionsByLockingPP(); +uint32_t SetupTPM(void); +uint32_t GetStoredVersions(int type, uint16_t* key_version, uint16_t* version); +uint32_t WriteStoredVersions(int type, uint16_t key_version, uint16_t version); +uint32_t LockFirmwareVersions(void); +uint32_t LockKernelVersionsByLockingPP(void); #endif /* VBOOT_REFERENCE_ROLLBACK_INDEX_H_ */ diff --git a/vboot_firmware/include/tlcl.h b/vboot_firmware/include/tlcl.h index 655b877630..8a01928a25 100644 --- a/vboot_firmware/include/tlcl.h +++ b/vboot_firmware/include/tlcl.h @@ -15,6 +15,10 @@ * duplicate copies in sync. But in the current model, this is hard * to do without breaking standalone compilation. * Eventually tpm_lite should be moved into vboot_reference. + * + * FURTHER NOTE: The subset of TPM error codes relevant to verified boot + * (TPM_SUCCESS, etc.) are in tss_constants.h. A full list of TPM error codes + * are in /usr/include/tss/tpm_error.h, from the trousers package. */ #ifndef TPM_LITE_TLCL_H_ @@ -27,74 +31,82 @@ /* Call this first. */ -void TlclLibinit(void); +void TlclLibInit(void); /* Sends a TPM_Startup(ST_CLEAR). Note that this is a no-op for the emulator, - * because it runs this command during initialization. + * because it runs this command during initialization. The TPM error code is + * returned (0 for success). */ -void TlclStartup(void); +uint32_t TlclStartup(void); /* Run the self test. Note---this is synchronous. To run this in parallel - * with other firmware, use ContinueSelfTest. + * with other firmware, use ContinueSelfTest. The TPM error code is returned. */ -void TlclSelftestfull(void); +uint32_t TlclSelftestfull(void); + +/* Runs the self test in the background. The TPM error code is returned. + */ +uint32_t TlclContinueSelfTest(void); /* Defines a space with permission [perm]. [index] is the index for the space, - * [size] the usable data size. Errors are ignored. + * [size] the usable data size. The TPM error code is returned. */ -void TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size); +uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size); /* Writes [length] bytes of [data] to space at [index]. The TPM error code is - * returned (0 for success). + * returned. */ uint32_t TlclWrite(uint32_t index, uint8_t *data, uint32_t length); /* Reads [length] bytes from space at [index] into [data]. The TPM error code - * is returned (0 for success). + * is returned. */ uint32_t TlclRead(uint32_t index, uint8_t *data, uint32_t length); -/* Write-locks space at [index]. +/* Write-locks space at [index]. The TPM error code is returned. */ -void TlclWriteLock(uint32_t index); +uint32_t TlclWriteLock(uint32_t index); -/* Read-locks space at [index]. +/* Read-locks space at [index]. The TPM error code is returned. */ -void TlclReadLock(uint32_t index); +uint32_t TlclReadLock(uint32_t index); -/* Asserts physical presence in software. +/* Asserts physical presence in software. The TPM error code is returned. */ -void TlclAssertPhysicalPresence(void); +uint32_t TlclAssertPhysicalPresence(void); -/* Turns off physical presence and locks it off until next reboot. +/* Turns off physical presence and locks it off until next reboot. The TPM + * error code is returned. */ uint32_t TlclLockPhysicalPresence(void); -/* Sets the nvLocked bit. +/* Sets the nvLocked bit. The TPM error code is returned. */ -void TlclSetNvLocked(void); +uint32_t TlclSetNvLocked(void); /* Returns 1 if the TPM is owned, 0 otherwise. */ int TlclIsOwned(void); -/* Issues a ForceClear. +/* Issues a ForceClear. The TPM error code is returned. */ -void TlclForceClear(void); +uint32_t TlclForceClear(void); -/* Issues a SetEnable. +/* Issues a SetEnable. The TPM error code is returned. */ -void TlclSetEnable(void); +uint32_t TlclSetEnable(void); /* Issues a SetDeactivated. Pass 0 to activate. Returns result code. */ -int TlclSetDeactivated(uint8_t flag); +uint32_t TlclSetDeactivated(uint8_t flag); -/* Gets some permanent flags of interest. (Add more here as needed.) +/* Gets flags of interest. (Add more here as needed.) The TPM error code is + * returned. */ -int TlclGetFlags(uint8_t* disable, uint8_t* deactivated); +uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated); -/* Sets the bGlobalLock flag, which only a reboot can clear. +/* Sets the bGlobalLock flag, which only a reboot can clear. The TPM error + * code is returned. */ uint32_t TlclSetGlobalLock(void); diff --git a/vboot_firmware/lib/firmware_image_fw.c b/vboot_firmware/lib/firmware_image_fw.c index dc86887bab..75f4b09f30 100644 --- a/vboot_firmware/lib/firmware_image_fw.c +++ b/vboot_firmware/lib/firmware_image_fw.c @@ -10,6 +10,7 @@ #include "cryptolib.h" #include "rollback_index.h" +#include "tss_constants.h" #include "utility.h" /* Macro to determine the size of a field structure in the FirmwareImage @@ -310,7 +311,9 @@ int VerifyFirmwareDriver_f(uint8_t* root_key_blob, * this is done by setting the globalLock bit, which is cleared only by * TPM_Init at reboot. */ - LockFirmwareVersions(); + if (TPM_SUCCESS != LockFirmwareVersions()) { + return VERIFY_FIRMWARE_TPM_ERROR; + } /* Determine which firmware (if any) to jump to. * diff --git a/vboot_firmware/lib/rollback_index.c b/vboot_firmware/lib/rollback_index.c index fe0caffbf8..e15b07ed70 100644 --- a/vboot_firmware/lib/rollback_index.c +++ b/vboot_firmware/lib/rollback_index.c @@ -19,7 +19,14 @@ uint16_t g_firmware_version = 0; uint16_t g_kernel_key_version = 0; uint16_t g_kernel_version = 0; -static int InitializeSpaces(void) { +#define RETURN_ON_FAILURE(tpm_command) do { \ + uint32_t result; \ + if ((result = tpm_command) != TPM_SUCCESS) {\ + return result; \ + } \ + } while (0) + +static uint32_t InitializeSpaces(void) { uint32_t zero = 0; uint32_t space_holder; uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE; @@ -33,35 +40,40 @@ static int InitializeSpaces(void) { return 0; } - TlclSetNvLocked(); + RETURN_ON_FAILURE(TlclSetNvLocked()); - TlclDefineSpace(FIRMWARE_VERSIONS_NV_INDEX, firmware_perm, sizeof(uint32_t)); - TlclWrite(FIRMWARE_VERSIONS_NV_INDEX, (uint8_t*) &zero, sizeof(uint32_t)); + RETURN_ON_FAILURE(TlclDefineSpace(FIRMWARE_VERSIONS_NV_INDEX, + firmware_perm, sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclWrite(FIRMWARE_VERSIONS_NV_INDEX, + (uint8_t*) &zero, sizeof(uint32_t))); - TlclDefineSpace(KERNEL_VERSIONS_NV_INDEX, kernel_perm, sizeof(uint32_t)); - TlclWrite(KERNEL_VERSIONS_NV_INDEX, (uint8_t*) &zero, sizeof(uint32_t)); + RETURN_ON_FAILURE(TlclDefineSpace(KERNEL_VERSIONS_NV_INDEX, + kernel_perm, sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclWrite(KERNEL_VERSIONS_NV_INDEX, (uint8_t*) &zero, + sizeof(uint32_t))); /* The space KERNEL_VERSIONS_BACKUP_NV_INDEX is used to protect the kernel * versions when entering recovery mode. The content of space * KERNEL_BACKUP_IS_VALID determines whether the backup value (1) or the * regular value (0) should be trusted. */ - TlclDefineSpace(KERNEL_VERSIONS_BACKUP_NV_INDEX, - firmware_perm, sizeof(uint32_t)); - TlclWrite(KERNEL_VERSIONS_BACKUP_NV_INDEX, - (uint8_t*) &zero, sizeof(uint32_t)); - TlclDefineSpace(KERNEL_BACKUP_IS_VALID_NV_INDEX, - firmware_perm, sizeof(uint32_t)); - TlclWrite(KERNEL_BACKUP_IS_VALID_NV_INDEX, - (uint8_t*) &zero, sizeof(uint32_t)); + RETURN_ON_FAILURE(TlclDefineSpace(KERNEL_VERSIONS_BACKUP_NV_INDEX, + firmware_perm, sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclWrite(KERNEL_VERSIONS_BACKUP_NV_INDEX, + (uint8_t*) &zero, sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclDefineSpace(KERNEL_BACKUP_IS_VALID_NV_INDEX, + firmware_perm, sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclWrite(KERNEL_BACKUP_IS_VALID_NV_INDEX, + (uint8_t*) &zero, sizeof(uint32_t))); /* The space TPM_IS_INITIALIZED_NV_INDEX is used to indicate that the TPM * initialization has completed. Without it we cannot be sure that the last * space to be created was also initialized (power could have been lost right * after its creation). */ - TlclDefineSpace(TPM_IS_INITIALIZED_NV_INDEX, firmware_perm, sizeof(uint32_t)); - return 1; + RETURN_ON_FAILURE(TlclDefineSpace(TPM_IS_INITIALIZED_NV_INDEX, + firmware_perm, sizeof(uint32_t))); + return TPM_SUCCESS; } /* Enters the recovery mode. If |unlocked| is true, there is some problem with @@ -104,7 +116,7 @@ static void EnterRecovery(int unlocked) { /* TODO(nelson): code for entering recovery mode. */ } -static int GetTPMRollbackIndices(void) { +static uint32_t GetTPMRollbackIndices(void) { uint32_t backup_is_valid; uint32_t firmware_versions; uint32_t kernel_versions; @@ -133,86 +145,83 @@ static int GetTPMRollbackIndices(void) { * incompetent. Foo to them. Politeness and lack of an adequate * character set prevent me from expressing my true feelings. */ - TlclDefineSpace(KERNEL_VERSIONS_NV_INDEX, TPM_NV_PER_PPWRITE, - sizeof(uint32_t)); + RETURN_ON_FAILURE(TlclDefineSpace(KERNEL_VERSIONS_NV_INDEX, + TPM_NV_PER_PPWRITE, + sizeof(uint32_t))); } else if (result != TPM_SUCCESS) { EnterRecovery(1); } if (result == TPM_E_BADINDEX || protected_combined_versions != unsafe_combined_versions) { - TlclWrite(KERNEL_VERSIONS_NV_INDEX, - (uint8_t*) &protected_combined_versions, sizeof(uint32_t)); + RETURN_ON_FAILURE(TlclWrite(KERNEL_VERSIONS_NV_INDEX, + (uint8_t*) &protected_combined_versions, + sizeof(uint32_t))); } /* We recovered the backed-up versions and now we can reset the * BACKUP_IS_VALID flag. */ - TlclWrite(KERNEL_BACKUP_IS_VALID_NV_INDEX, (uint8_t*) &zero, 0); + RETURN_ON_FAILURE(TlclWrite(KERNEL_BACKUP_IS_VALID_NV_INDEX, + (uint8_t*) &zero, 0)); - /* TODO(nelson): ForceClear and reboot if unowned. */ + if (!TlclIsOwned()) { + /* Must ForceClear and reboot to prevent from running into the 64-write + * limit. + */ + RETURN_ON_FAILURE(TlclForceClear()); + /* Reboot! No return */ + return 9999; + } } /* We perform the reads, making sure they succeed. A failure means that the * rollback index locations are missing or somehow messed up. We let the * caller deal with that. */ - if (TPM_SUCCESS != TlclRead(FIRMWARE_VERSIONS_NV_INDEX, - (uint8_t*) &firmware_versions, - sizeof(firmware_versions)) || - TPM_SUCCESS != TlclRead(KERNEL_VERSIONS_NV_INDEX, - (uint8_t*) &kernel_versions, - sizeof(kernel_versions))) - return 0; + RETURN_ON_FAILURE(TlclRead(FIRMWARE_VERSIONS_NV_INDEX, + (uint8_t*) &firmware_versions, + sizeof(firmware_versions))); + RETURN_ON_FAILURE(TlclRead(KERNEL_VERSIONS_NV_INDEX, + (uint8_t*) &kernel_versions, + sizeof(kernel_versions))); g_firmware_key_version = firmware_versions >> 16; g_firmware_version = firmware_versions && 0xffff; g_kernel_key_version = kernel_versions >> 16; g_kernel_version = kernel_versions && 0xffff; - return 1; + return TPM_SUCCESS; } -int SetupTPM(void) { +uint32_t SetupTPM(void) { uint8_t disable; uint8_t deactivated; - TlclLibinit(); - TlclStartup(); - /* TODO(gauravsh): The call to self test should probably be deferred. - * As per semenzato@chromium.org - - * TlclStartup should be called before the firmware initializes the memory - * controller, so the selftest can run in parallel with that. Here we should - * just call TlclSelftestFull to make sure the self test has - * completed---unless we want to rely on the NVRAM operations being available - * before the selftest completes. */ - TlclSelftestfull(); - TlclAssertPhysicalPresence(); + TlclLibInit(); + RETURN_ON_FAILURE(TlclStartup()); + RETURN_ON_FAILURE(TlclContinueSelfTest()); + RETURN_ON_FAILURE(TlclAssertPhysicalPresence()); /* Check that the TPM is enabled and activated. */ - if(TlclGetFlags(&disable, &deactivated) != TPM_SUCCESS) { - debug("failed to get TPM flags"); - return 1; - } + RETURN_ON_FAILURE(TlclGetFlags(&disable, &deactivated)); if (disable || deactivated) { - TlclSetEnable(); - if (TlclSetDeactivated(0) != TPM_SUCCESS) { - debug("failed to activate TPM"); - return 1; - } + RETURN_ON_FAILURE(TlclSetEnable()); + RETURN_ON_FAILURE(TlclSetDeactivated(0)); + /* TODO: Reboot now */ + return 9999; } /* We expect this to fail the first time we run on a device, indicating that * the TPM has not been initialized yet. */ - if (!GetTPMRollbackIndices()) { - debug("failed to get rollback indices"); - if (!InitializeSpaces()) { - /* If InitializeSpaces() fails (possibly because it had been executed - * already), something is wrong. */ - return 1; - } + if (GetTPMRollbackIndices() != TPM_SUCCESS) { + /* If InitializeSpaces() fails (possibly because it had been executed + * already), something is wrong. */ + RETURN_ON_FAILURE(InitializeSpaces()); + /* Try again. */ + RETURN_ON_FAILURE(GetTPMRollbackIndices()); } - return 0; + return TPM_SUCCESS; } -int GetStoredVersions(int type, uint16_t* key_version, uint16_t* version) { +uint32_t GetStoredVersions(int type, uint16_t* key_version, uint16_t* version) { /* TODO: should verify that SetupTPM() has been called. Note that * SetupTPM() does hardware setup AND sets global variables. When we @@ -232,39 +241,39 @@ int GetStoredVersions(int type, uint16_t* key_version, uint16_t* version) { break; } - return 0; + return TPM_SUCCESS; } -int WriteStoredVersions(int type, uint16_t key_version, uint16_t version) { +uint32_t WriteStoredVersions(int type, uint16_t key_version, uint16_t version) { uint32_t combined_version = (key_version << 16) & version; switch (type) { case FIRMWARE_VERSIONS: - return (TPM_SUCCESS != TlclWrite(FIRMWARE_VERSIONS_NV_INDEX, - (uint8_t*) &combined_version, - sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclWrite(FIRMWARE_VERSIONS_NV_INDEX, + (uint8_t*) &combined_version, + sizeof(uint32_t))); + break; case KERNEL_VERSIONS: - return (TPM_SUCCESS != TlclWrite(KERNEL_VERSIONS_NV_INDEX, - (uint8_t*) &combined_version, - sizeof(uint32_t))); + RETURN_ON_FAILURE(TlclWrite(KERNEL_VERSIONS_NV_INDEX, + (uint8_t*) &combined_version, + sizeof(uint32_t))); + break; } - /* TODO(nelson): ForceClear and reboot if unowned. */ - - return 1; + /* TODO(semenzato): change TlclIsOwned to return a TPM status directly and + * the "owned" value by reference. + */ + if (!TlclIsOwned()) { + RETURN_ON_FAILURE(TlclForceClear()); + /* TODO: Reboot here. No return. */ + return 9999; + } + return TPM_SUCCESS; } -int LockFirmwareVersions() { - if (TlclSetGlobalLock() != TPM_SUCCESS) { - debug("failed to set global lock"); - return 1; - } - return 0; +uint32_t LockFirmwareVersions() { + return TlclSetGlobalLock(); } -int LockKernelVersionsByLockingPP() { - if (TlclLockPhysicalPresence() != TPM_SUCCESS) { - debug("failed to turn off PP"); - return 1; - } - return 0; +uint32_t LockKernelVersionsByLockingPP() { + return TlclLockPhysicalPresence(); } diff --git a/vboot_firmware/linktest/main.c b/vboot_firmware/linktest/main.c index 6b743a86d5..cbefc2f41f 100644 --- a/vboot_firmware/linktest/main.c +++ b/vboot_firmware/linktest/main.c @@ -48,9 +48,10 @@ int main(void) LockKernelVersionsByLockingPP(); // tlcl.h - TlclLibinit(); + TlclLibInit(); TlclStartup(); TlclSelftestfull(); + TlclContinueSelfTest(); TlclDefineSpace(0, 0, 0); TlclWrite(0, 0, 0); TlclRead(0, 0, 0); diff --git a/vboot_firmware/stub/tlcl.c b/vboot_firmware/stub/tlcl.c index 1b551895c8..6d1cf5b18e 100644 --- a/vboot_firmware/stub/tlcl.c +++ b/vboot_firmware/stub/tlcl.c @@ -7,24 +7,29 @@ #include "tss_constants.h" -void TlclLibinit(void) { return; } -void TlclStartup(void) { return; } -void TlclSelftestfull(void) { return; } -void TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) { return; } +void TlclLibInit(void) { return; } +uint32_t TlclStartup(void) { return TPM_SUCCESS; } +uint32_t TlclSelftestfull(void) { return TPM_SUCCESS; } +uint32_t TlclContinueSelfTest(void) { return TPM_SUCCESS; } +uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) { + return TPM_SUCCESS; +} uint32_t TlclWrite(uint32_t index, uint8_t *data, uint32_t length) { return TPM_SUCCESS; } uint32_t TlclRead(uint32_t index, uint8_t *data, uint32_t length) { return TPM_SUCCESS; } -void TlclWriteLock(uint32_t index) { return; } -void TlclReadLock(uint32_t index) { return; } -void TlclAssertPhysicalPresence(void) { return; } +uint32_t TlclWriteLock(uint32_t index) { return TPM_SUCCESS; } +uint32_t TlclReadLock(uint32_t index) { return TPM_SUCCESS; } +uint32_t TlclAssertPhysicalPresence(void) { return TPM_SUCCESS; } uint32_t TlclLockPhysicalPresence(void) { return TPM_SUCCESS; } -void TlclSetNvLocked(void) { return; } -int TlclIsOwned(void) { return 0; } -void TlclForceClear(void) { return; } +uint32_t TlclSetNvLocked(void) { return TPM_SUCCESS; } +int TlclIsOwned(void) { return TPM_SUCCESS; } +uint32_t TlclForceClear(void) { return TPM_SUCCESS; } uint32_t TlclSetEnable(void) { return TPM_SUCCESS; } uint32_t TlclSetDeactivated(int deactivated) { return TPM_SUCCESS; } uint32_t TlclSetGlobalLock(void) { return TPM_SUCCESS; } -int TlclGetFlags(uint8_t* disable, uint8_t* deactivated) { return TPM_SUCCESS; } +uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated) { + return TPM_SUCCESS; +}