From: Amir Mizinski <[email protected]>
while testing TPM2_CC_VERIFY_SIGNATURE with usage of RSA 3070-bit keys i
encountered a timeout error. it seems current values do not support this case
as described in ptp 1.05 6.5.1.3:
https://trustedcomputinggroup.org/wp-content/uploads/PC_Client_Specific-Platform_TPM_Profile_for-PTP_2p0-v1p05p_r14_pub.pdf
The patch was tested on Raspberry-Pie 3, using Nuvoton NPCT75X TPM.
Amir Mizinski (1):
tpm2: add longer timout for verify signature command
drivers/char/tpm/tpm2-cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.7.4
From: Amir Mizinski <[email protected]>
TPM2_CC_VERIFY_SIGNATURE(0x177) Current timeout does not apply to usage with
RSA 3070-bit keys.
Additional time may be required for usage with RSA 3070-bit keys. Therefore, the
timeout of TPM2_CC_VERIFY_SIGNATURE is set to 3 minutes (TPM_LONG_LONG).
Signed-off-by: Amir Mizinski <[email protected]>
---
drivers/char/tpm/tpm2-cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index eff1f12..235a454 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -87,7 +87,7 @@ static u8 tpm2_ordinal_duration_index(u32 ordinal)
return TPM_MEDIUM;
case TPM2_CC_VERIFY_SIGNATURE: /* 177 */
- return TPM_LONG;
+ return TPM_LONG_LONG;
case TPM2_CC_PCR_EXTEND: /* 182 */
return TPM_MEDIUM;
--
2.7.4
On Mon, May 10, 2021 at 05:27:19PM +0300, [email protected] wrote:
> From: Amir Mizinski <[email protected]>
>
> TPM2_CC_VERIFY_SIGNATURE(0x177) Current timeout does not apply to usage with
> RSA 3070-bit keys.
I don't understand what this sentence means.
Better excuse for making the whole change would be to:
1. If possible put a snippet of the klog transcript what happens to you.
2. You probably want rationalize this change for the reason that, since the
TPM PC Client specification does not specify any specific number, and
you have a corner case to show, it's best to pick the longest timeout,
i.e. TPM_LONG_LONG.
> Additional time may be required for usage with RSA 3070-bit keys. Therefore, the
> timeout of TPM2_CC_VERIFY_SIGNATURE is set to 3 minutes (TPM_LONG_LONG).
>
> Signed-off-by: Amir Mizinski <[email protected]>
Please, re-phrase : "Set duration for TPM2_CC_VERIFY_SIGNATUE to
TPM_LONG_LONG (3 minutes)". Imperative way to express things is always
better, and "timeout" is a concept of its own, separate from "duration" in
TPM jargon.
> ---
> drivers/char/tpm/tpm2-cmd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index eff1f12..235a454 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -87,7 +87,7 @@ static u8 tpm2_ordinal_duration_index(u32 ordinal)
> return TPM_MEDIUM;
>
> case TPM2_CC_VERIFY_SIGNATURE: /* 177 */
> - return TPM_LONG;
> + return TPM_LONG_LONG;
>
> case TPM2_CC_PCR_EXTEND: /* 182 */
> return TPM_MEDIUM;
> --
> 2.7.4
>
>
The commit message needs rework because now it makes no sense. With the
correct rationalization this probably would make sense.
/Jarkko