Public bug reported:
[Impact]
TPM2 key creation commands time out on and off on some Intel platforms
that use Infineon SLB9670 and SLB9672 TPM modules.
A recent change cut the timeout for the key creation commands
(CREATE_PRIMARY, CREATE, CREATE_LOADED) from 300 seconds down to 30
seconds. On affected hardware these commands sometimes take longer than
30 seconds, so they fail with a timeout. The failures show up a few
times across hundreds of test runs.
This affects the in-kernel TPM path, so anything that creates TPM keys
(measured boot, key sealing, fwts/checkbox TPM tests) can hit it.
[Fix]
Restore the timeout for the three key creation commands back to 300
seconds.
Upstream commit:
de59d78e64039baa5fed455ddb905ba8263e7ede
("tpm: restore timeout for key creation commands")
This reverts the timeout regression from:
207696b17f38 ("tpm: use a map for tpm2_calc_ordinal_duration()")
which is in v6.19-rc6.
[Test Plan]
On affected hardware with tpm2-tools installed, create a primary key
many times:
$ for i in $(seq 1 100); do
sudo tpm2_createprimary -C o -c /tmp/prim.ctx || echo "FAIL run $i"
done
$ dmesg | grep -i tpm
Without patch: some runs fail, and dmesg shows TPM command timeout
errors for the create commands.
With patch: all runs pass, no TPM timeout errors in dmesg.
[Where problems could occur]
This touches the TPM2 command duration table in the tpm driver.
The change only raises the allowed wait time, so it does not change
command behavior.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2158880
Title:
TPM2 key creation commands time out on Infineon SLB9670/SLB9672
modules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2158880/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs