Public bug reported:

[Impact]
TPM2 key creation commands time out on and off on some Intel platforms
that use Infineon SLB9670 and SLB9672 TPM modules.

A recent change cut the timeout for the key creation commands
(CREATE_PRIMARY, CREATE, CREATE_LOADED) from 300 seconds down to 30
seconds. On affected hardware these commands sometimes take longer than
30 seconds, so they fail with a timeout. The failures show up a few
times across hundreds of test runs.

This affects the in-kernel TPM path, so anything that creates TPM keys
(measured boot, key sealing, fwts/checkbox TPM tests) can hit it.

[Fix]
Restore the timeout for the three key creation commands back to 300
seconds.

Upstream commit:
de59d78e64039baa5fed455ddb905ba8263e7ede
("tpm: restore timeout for key creation commands")

This reverts the timeout regression from:
207696b17f38 ("tpm: use a map for tpm2_calc_ordinal_duration()")
which is in v6.19-rc6.

[Test Plan]
On affected hardware with tpm2-tools installed, create a primary key
many times:

$ for i in $(seq 1 100); do
    sudo tpm2_createprimary -C o -c /tmp/prim.ctx || echo "FAIL run $i"
  done
$ dmesg | grep -i tpm

Without patch: some runs fail, and dmesg shows TPM command timeout
errors for the create commands.
With patch: all runs pass, no TPM timeout errors in dmesg.


[Where problems could occur]
This touches the TPM2 command duration table in the tpm driver.

The change only raises the allowed wait time, so it does not change
command behavior.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2158880

Title:
  TPM2 key creation commands time out on Infineon SLB9670/SLB9672
  modules

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2158880/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to