I pushed this patch since I was able to get confirmation of it working on a
system we have here.
Ross, do you have any feedback on the previous policy patch with the warning
message and 5sec delay?
Joe
From: Cihula, Joseph
Sent: Saturday, February 06, 2010 2:11 PM
To: Christian Limpach; Wang, Shane; Ross Philipson;
tboot-devel@lists.sourceforge.net
Subject: RE: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg
changeset 176.
As Christian points out, the best approach is to “round up” any timeouts that
are less than the defaults. Here is such a patch-please verify it on your TPM
with the incorrect timeouts.
Joe
diff -r 0d7b5f56f26a tboot/common/tpm.c
--- a/tboot/common/tpm.c Tue Jan 26 13:44:35 2010 -0800
+++ b/tboot/common/tpm.c Sat Feb 06 12:20:25 2010 -0800
@@ -1951,6 +1951,14 @@ bool is_tpm_ready(uint32_t locality)
printk("TPM timeout values: A: %u, B: %u, C: %u, D: %u\n",
g_timeout.timeout_a, g_timeout.timeout_b, g_timeout.timeout_c,
g_timeout.timeout_d);
+ /*
+ * if any timeout values are less than default values, set to default
+ * value (due to bug with some TPMs)
+ */
+ if ( g_timeout.timeout_a < TIMEOUT_A ) g_timeout.timeout_a = TIMEOUT_A;
+ if ( g_timeout.timeout_b < TIMEOUT_B ) g_timeout.timeout_b = TIMEOUT_B;
+ if ( g_timeout.timeout_c < TIMEOUT_C ) g_timeout.timeout_c = TIMEOUT_C;
+ if ( g_timeout.timeout_d < TIMEOUT_D ) g_timeout.timeout_d = TIMEOUT_D;
}
return true;
From: Christian Limpach [mailto:christian.limp...@eu.citrix.com]
Sent: Monday, February 01, 2010 12:27 PM
To: Wang, Shane; Ross Philipson; tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg
changeset 176.
I was wondering about that. The values returned from the TPM in the hp6930p
are definitely milliseconds, they are in fact equal to the default values.
A possible solution would be to always use the minimum of the value returned
from the TPM and the default value. Presumably the reason for allowing the tpm
to specify the timeout is to allow a slow TPM to specify longer timeouts.
christian
From: Wang, Shane [mailto:shane.w...@intel.com]
Sent: Sunday, January 31, 2010 10:33 PM
To: Ross Philipson; tboot-devel@lists.sourceforge.net
Cc: Christian Limpach
Subject: RE: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg
changeset 176.
Hi, Ross and Christian,
According to TCG PC Client Sepcific TPM Interface Specification (TIS), calling
the TPM_GetCapability command with the capability TPM_CAP_PROP_TIS_TIMEOUTS
return an array of uint32 values each representing the number of microseconds
for the associated timeout. And the structure we used represents the number of
milliseconds. I also tested the code with some TPMs. I guess maybe your hp6930p
doesn't conform to the spec.
Thanks.
Shane
________________________________
From: Ross Philipson [mailto:ross.philip...@citrix.com]
Sent: 2010年1月29日 18:45
To: tboot-devel@lists.sourceforge.net
Cc: Christian Limpach
Subject: [tboot-devel] [PATCH] Fix timeout bug introduced by tboot.hg changeset
176.
Patch to fix timeout bug introduced by tboot.hg changeset 176. Either the TPM
in the hp6930p doesn't operate to spec or the code was never tested. With the
patch, the values read from the tpm are equal to the default values used before
tpm timeout code was added in changesets 163 and 176.
Signed-off-by: Christian Limpach
christian.limp...@eu.citrix.com<mailto:christian.limp...@eu.citrix.com>
Acked-by: Ross Philipson
ross.philip...@citrix.com<mailto:ross.philip...@citrix.com>
diff -r 75e242a56344 tboot/common/tpm.c
--- a/tboot/common/tpm.c Tue Jan 05 23:05:07 2010 -0800
+++ b/tboot/common/tpm.c Fri Jan 29 00:59:05 2010 +0000
@@ -1944,10 +1944,10 @@
* timeout_x represents the number of milliseconds for the timeout
* and timeout[x] represents the number of microseconds.
*/
- g_timeout.timeout_a = timeout[0]/1000;
- g_timeout.timeout_b = timeout[1]/1000;
- g_timeout.timeout_c = timeout[2]/1000;
- g_timeout.timeout_d = timeout[3]/1000;
+ g_timeout.timeout_a = timeout[0];
+ g_timeout.timeout_b = timeout[1];
+ g_timeout.timeout_c = timeout[2];
+ g_timeout.timeout_d = timeout[3];
printk("TPM timeout values: A: %u, B: %u, C: %u, D: %u\n",
g_timeout.timeout_a, g_timeout.timeout_b, g_timeout.timeout_c,
g_timeout.timeout_d);
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
