@@ -711,6 +711,33 @@ int wolfBoot_read_blob(uint32_t nvIndex, WOLFTPM2_KEYBLOB* blob,
711711 return rc ;
712712}
713713
714+ int wolfBoot_delete_blob (TPMI_RH_NV_AUTH authHandle , uint32_t nvIndex ,
715+ const uint8_t * auth , uint32_t authSz )
716+ {
717+ int rc ;
718+ WOLFTPM2_HANDLE parent ;
719+ WOLFTPM2_NV nv ;
720+
721+ memset (& parent , 0 , sizeof (parent ));
722+ memset (& nv , 0 , sizeof (nv ));
723+
724+ nv .handle .hndl = nvIndex ;
725+ nv .handle .auth .size = authSz ;
726+ memcpy (nv .handle .auth .buffer , auth , authSz );
727+
728+ parent .hndl = authHandle ;
729+
730+ rc = wolfTPM2_NVOpen (& wolftpm_dev , & nv , nvIndex , auth , authSz );
731+ if (rc == 0 ) {
732+ rc = wolfTPM2_NVDeleteAuth (& wolftpm_dev , & parent , nvIndex );
733+ }
734+ if (rc != 0 ) {
735+ wolfBoot_printf ("Error %d deleting blob from NV index %x (error %s)\n" ,
736+ rc , nv .handle .hndl , wolfTPM2_GetRCString (rc ));
737+ }
738+ return rc ;
739+ }
740+
714741/* The secret is sealed based on a policy authorization from a public key. */
715742int wolfBoot_seal_blob (const uint8_t * pubkey_hint , const uint8_t * policy , uint16_t policySz ,
716743 WOLFTPM2_KEYBLOB * seal_blob , const uint8_t * secret , int secret_sz )
@@ -804,6 +831,10 @@ int wolfBoot_seal(const uint8_t* pubkey_hint, const uint8_t* policy, uint16_t po
804831 wolfTPM2_GetNvAttributesTemplate (TPM_RH_PLATFORM , & nvAttributes );
805832 nvAttributes |= TPMA_NV_WRITEDEFINE ;
806833
834+ /* delete if already exists */
835+ (void )wolfBoot_delete_blob (TPM_RH_PLATFORM ,
836+ WOLFBOOT_TPM_SEAL_NV_BASE + index , NULL , 0 );
837+
807838 rc = wolfBoot_store_blob (TPM_RH_PLATFORM ,
808839 WOLFBOOT_TPM_SEAL_NV_BASE + index ,
809840 nvAttributes , & seal_blob ,
0 commit comments