Platforms that support FF-A direct message request v2 can implement Secure Partitions (SPs) that host multiple services. When the TPM service shares its SP with other services, message requests from the driver may fail with a BUSY response if another service is currently active.
To improve robustness in such scenarios, we need to introduce retry logic in the driver. When a BUSY error is received, the driver will re-attempt the TPM request until it succeeds or a run-time configurable timeout(default: 2000 ms) is reached. This ensures reliable TPM access under shared-SP conditions. Add a module parameter, `busy_timeout_ms`, which specifies the maximum amount of time (in milliseconds) to retry on BUSY before giving up. This change builds on top of commit a85b55ee64a5, which introduced support for TPM service communication using the FF-A direct message v2 path, in accordance with section 3.3 of the TPM Service Command Response Buffer Interface specification. https://developer.arm.com/documentation/den0138/latest/ This was tested with an FF-A based fTPM currently not publicly available. There are plans to open source the fTPM. Changes in v9: - Removed memset usage, introduced designated initialization for `tpm_crb_ffa_data` structure. - Code formatting changes for consistency. Prachotan Bathi (3): tpm_crb_ffa: Fix typos in function name tpm_crb_ffa:Remove memset usage tpm_crb_ffa: handle tpm busy return code .../admin-guide/kernel-parameters.txt | 8 +++ drivers/char/tpm/tpm_crb_ffa.c | 72 +++++++++++++------ 2 files changed, 57 insertions(+), 23 deletions(-) -- 2.43.0
