As Christian points out, the best approach is to “round up” any timeouts that are less than the defaults. Here is such a patch-please verify it on your TPM with the incorrect timeouts.
Joe
diff -r 0d7b5f56f26a tboot/common/tpm.c
--- a/tboot/common/tpm.c Tue Jan 26 13:44:35 2010 -0800
+++ b/tboot/common/tpm.c Sat Feb 06 12:20:25 2010 -0800
@@ -1951,6 +1951,14 @@ bool is_tpm_ready(uint32_t locality)
printk("TPM timeout values: A: %u, B: %u, C: %u, D: %u\n",
g_timeout.timeout_a, g_timeout.timeout_b, g_timeout.timeout_c,
g_timeout.timeout_d);
+ /*
+ * if any timeout values are less than default values, set to default
+ * value (due to bug with some TPMs)
+ */
+ if ( g_timeout.timeout_a < TIMEOUT_A ) g_timeout.timeout_a = TIMEOUT_A;
+ if ( g_timeout.timeout_b < TIMEOUT_B ) g_timeout.timeout_b = TIMEOUT_B;
+ if ( g_timeout.timeout_c < TIMEOUT_C ) g_timeout.timeout_c = TIMEOUT_C;
+ if ( g_timeout.timeout_d < TIMEOUT_D ) g_timeout.timeout_d = TIMEOUT_D;
}
return true;
From: Christian Limpach [mailto:[email protected]]
Sent: Monday, February 01, 2010 12:27 PM
To: Wang, Shane; Ross Philipson; [email protected]
Subject: Re: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg
changeset 176.
I was wondering about that. The values returned from the TPM in the hp6930p
are definitely milliseconds, they are in fact equal to the default values.
A possible solution would be to always use the minimum of the value returned
from the TPM and the default value. Presumably the reason for allowing the tpm
to specify the timeout is to allow a slow TPM to specify longer timeouts.
christian
From: Wang, Shane [mailto:[email protected]]
Sent: Sunday, January 31, 2010 10:33 PM
To: Ross Philipson; [email protected]
Cc: Christian Limpach
Subject: RE: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg
changeset 176.
Hi, Ross and Christian,
According to TCG PC Client Sepcific TPM Interface Specification (TIS), calling
the TPM_GetCapability command with the capability TPM_CAP_PROP_TIS_TIMEOUTS
return an array of uint32 values each representing the number of microseconds
for the associated timeout. And the structure we used represents the number of
milliseconds. I also tested the code with some TPMs. I guess maybe your hp6930p
doesn't conform to the spec.
Thanks.
Shane
________________________________
From: Ross Philipson [mailto:[email protected]]
Sent: 2010年1月29日 18:45
To: [email protected]
Cc: Christian Limpach
Subject: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg changeset
176.
Patch to fix timeout bug introduced by tboot.hg changeset 176. Either the TPM
in the hp6930p doesn't operate to spec or the code was never tested. With the
patch, the values read from the tpm are equal to the default values used before
tpm timeout code was added in changesets 163 and 176.
Signed-off-by: Christian Limpach
[email protected]<mailto:[email protected]>
Acked-by: Ross Philipson
[email protected]<mailto:[email protected]>
diff -r 75e242a56344 tboot/common/tpm.c
--- a/tboot/common/tpm.c Tue Jan 05 23:05:07 2010 -0800
+++ b/tboot/common/tpm.c Fri Jan 29 00:59:05 2010 +0000
@@ -1944,10 +1944,10 @@
* timeout_x represents the number of milliseconds for the timeout
* and timeout[x] represents the number of microseconds.
*/
- g_timeout.timeout_a = timeout[0]/1000;
- g_timeout.timeout_b = timeout[1]/1000;
- g_timeout.timeout_c = timeout[2]/1000;
- g_timeout.timeout_d = timeout[3]/1000;
+ g_timeout.timeout_a = timeout[0];
+ g_timeout.timeout_b = timeout[1];
+ g_timeout.timeout_c = timeout[2];
+ g_timeout.timeout_d = timeout[3];
printk("TPM timeout values: A: %u, B: %u, C: %u, D: %u\n",
g_timeout.timeout_a, g_timeout.timeout_b, g_timeout.timeout_c,
g_timeout.timeout_d);
tboot-timeout.patch
Description: tboot-timeout.patch
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ tboot-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tboot-devel
