From: Amir Mizinski <[email protected]>
while testing TPM2_CC_VERIFY_SIGNATURE with usage of RSA 3072-bit keys i
encountered a timeout error. it seems current values do not support this case
as described in ptp 1.05 6.5.1.3:
https://trustedcomputinggroup.org/wp-content/uploads/PC_Client_Specific-Platform_TPM_Profile_for-PTP_2p0-v1p05p_r14_pub.pdf
The patch was tested on Raspberry-Pie 3, using Nuvoton NPCT75X TPM.
Changes since version 1:
-"tpm2: add longer timout for verify signature command"
- Fixed and extended commit description.
Addressed comments from:
- Jarkko Sakkinen: https://lore.kernel.org/patchwork/patch/1424664/
Changes since version 2:
-"tpm2: add longer timout for verify signature command"
- Fixed commit description.
Addressed comments from:
- Jarkko Sakkinen: https://lore.kernel.org/patchwork/patch/1431866/
Changes since version 3:
-"tpm2: add longer timout for verify signature command"
- Fixed Link tag in commit description.
Addressed comments from:
- Jarkko Sakkinen: https://lore.kernel.org/patchwork/patch/1434828/
Amir Mizinski (1):
tpm2: add longer timeout for verify signature command
drivers/char/tpm/tpm2-cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.7.4
From: Amir Mizinski <[email protected]>
While running a TPM2_CC_VERIFY_SIGNATURE operation with RSA 3072-bit
keys the TPM driver fails with the following error:
"kernel: [ 2416.187522] tpm tpm0: Operation Timed out"
Since the TPM PC Client specification does not specify a number for
verify signature operation timeout, and the duration of
TPM2_CC_VERIFY_SIGNATURE with RSA 3072-bit keys exceeds the current timeout
of TPM_LONG (2 seconds), it is preferable to pick the longest timeout
possible.
Therefore, set the duration for TPM2_CC_VERIFY_SIGNATUE to TPM_LONG_LONG
(5 minutes).
Link: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
Signed-off-by: Amir Mizinski <[email protected]>
---
drivers/char/tpm/tpm2-cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 7603295..e71154b 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -87,7 +87,7 @@ static u8 tpm2_ordinal_duration_index(u32 ordinal)
return TPM_MEDIUM;
case TPM2_CC_VERIFY_SIGNATURE: /* 177 */
- return TPM_LONG;
+ return TPM_LONG_LONG;
case TPM2_CC_PCR_EXTEND: /* 182 */
return TPM_MEDIUM;
--
2.7.4
On Tue, May 25, 2021 at 02:13:25PM +0300, [email protected] wrote:
> From: Amir Mizinski <[email protected]>
>
> While running a TPM2_CC_VERIFY_SIGNATURE operation with RSA 3072-bit
> keys the TPM driver fails with the following error:
>
> "kernel: [ 2416.187522] tpm tpm0: Operation Timed out"
>
> Since the TPM PC Client specification does not specify a number for
> verify signature operation timeout, and the duration of
> TPM2_CC_VERIFY_SIGNATURE with RSA 3072-bit keys exceeds the current timeout
> of TPM_LONG (2 seconds), it is preferable to pick the longest timeout
> possible.
>
> Therefore, set the duration for TPM2_CC_VERIFY_SIGNATUE to TPM_LONG_LONG
> (5 minutes).
>
> Link: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
> Signed-off-by: Amir Mizinski <[email protected]>
> ---
Thank you.
Reviewed-by: Jarkko Sakkinen <[email protected]>
/Jarkko
On Wed, May 26, 2021 at 07:50:43AM +0300, Jarkko Sakkinen wrote:
> On Tue, May 25, 2021 at 02:13:25PM +0300, [email protected] wrote:
> > From: Amir Mizinski <[email protected]>
> >
> > While running a TPM2_CC_VERIFY_SIGNATURE operation with RSA 3072-bit
> > keys the TPM driver fails with the following error:
> >
> > "kernel: [ 2416.187522] tpm tpm0: Operation Timed out"
> >
> > Since the TPM PC Client specification does not specify a number for
> > verify signature operation timeout, and the duration of
> > TPM2_CC_VERIFY_SIGNATURE with RSA 3072-bit keys exceeds the current timeout
> > of TPM_LONG (2 seconds), it is preferable to pick the longest timeout
> > possible.
> >
> > Therefore, set the duration for TPM2_CC_VERIFY_SIGNATUE to TPM_LONG_LONG
> > (5 minutes).
> >
> > Link: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
> > Signed-off-by: Amir Mizinski <[email protected]>
> > ---
>
> Thank you.
>
> Reviewed-by: Jarkko Sakkinen <[email protected]>
I mean @kernel.org.
I mangled the short summary as
"tpm: add longer timeout for TPM2_CC_VERIFY_SIGNATURE"
given that
1. The subsystem tag was wrong.
2. Always to talk about the *exact thing*. I.e. in this case it's
preferable to just write the command name, as"verify time signature
command" does not have any formal menaing.
It's now applied, thanks.
/Jarkko