[SeaBIOS] [RFC PATCH v1 5/9] tpm: Implement tpm2_set_timeouts
Kevin O'Connor
kevin at koconnor.net
Thu Jan 21 23:42:44 CET 2016
On Fri, Jan 15, 2016 at 02:44:35PM -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>
> The TIS timeouts for TPM 2 are different than for TPM 1.2.
> Also the timeouts indicating a failed TPM 2 command are different.
> Further, the command durations and timeouts cannot be read from the device.
>
> We take the command timeout values for short, medium, and long running
> commands from table 15 of the following specification:
>
> TCG PC Client Platform TPM Profile (PTP) Specification
>
> http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification
>
> The values should work for all physical TPMs.
>
> The tricky thing with virtualized environments is that the values
> may need to be longer for a system where a vTPM cannot get sufficient
> cycles. So a future patch _may_ need to multiply those values here
> with some factor.
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
> src/hw/tpm_drivers.h | 17 +++++++++++++++++
> src/tcgbios.c | 20 ++++++++++++++++++++
> 2 files changed, 37 insertions(+)
>
> diff --git a/src/hw/tpm_drivers.h b/src/hw/tpm_drivers.h
> index 665c534..36d6ab9 100644
> --- a/src/hw/tpm_drivers.h
> +++ b/src/hw/tpm_drivers.h
> @@ -66,6 +66,14 @@ TPMVersion tpmhw_get_tpm_version(void);
> #define TIS_DEFAULT_TIMEOUT_C 750000 /* us */
> #define TIS_DEFAULT_TIMEOUT_D 750000 /* us */
>
> +/*
> + * Default TIS 2 timeouts given in TPM Profile (TPT) Spec
> + */
> +#define TIS2_DEFAULT_TIMEOUT_A 750000 /* us */
> +#define TIS2_DEFAULT_TIMEOUT_B 2000000 /* us */
> +#define TIS2_DEFAULT_TIMEOUT_C 200000 /* us */
> +#define TIS2_DEFAULT_TIMEOUT_D 30000 /* us */
> +
> enum tisTimeoutType {
> TIS_TIMEOUT_TYPE_A = 0,
> TIS_TIMEOUT_TYPE_B,
> @@ -81,4 +89,13 @@ enum tisTimeoutType {
> #define TPM_DEFAULT_DURATION_MEDIUM 20000000 /* us */
> #define TPM_DEFAULT_DURATION_LONG 60000000 /* us */
>
> +/*
> + * TPM 2 command durations; we set them to the timeout values
> + * given in TPM Profile (PTP) Speicfication; exceeding those
> + * timeout values indicates a faulty TPM.
> + */
> +#define TPM2_DEFAULT_DURATION_SHORT 750000 /* us */
> +#define TPM2_DEFAULT_DURATION_MEDIUM 2000000 /* us */
> +#define TPM2_DEFAULT_DURATION_LONG 2000000 /* us */
> +
> #endif /* TPM_DRIVERS_H */
> diff --git a/src/tcgbios.c b/src/tcgbios.c
> index 0d6cfdb..7b6409c 100644
> --- a/src/tcgbios.c
> +++ b/src/tcgbios.c
> @@ -322,6 +322,24 @@ tpm12_determine_timeouts(void)
> return 0;
> }
>
> +static void
> +tpm2_set_timeouts(void)
> +{
> + u32 durations[3] = {
> + TPM2_DEFAULT_DURATION_SHORT,
> + TPM2_DEFAULT_DURATION_MEDIUM,
> + TPM2_DEFAULT_DURATION_LONG,
> + };
> + u32 timeouts[4] = {
> + TIS2_DEFAULT_TIMEOUT_A,
> + TIS2_DEFAULT_TIMEOUT_B,
> + TIS2_DEFAULT_TIMEOUT_C,
> + TIS2_DEFAULT_TIMEOUT_D,
> + };
> +
> + tpmhw_set_timeouts(timeouts, durations);
> +}
> +
> static int
> tpm12_extend(u32 pcrindex, const u8 *digest)
> {
> @@ -557,6 +575,8 @@ err_exit:
> static int
> tpm2_startup(void)
> {
> + tpm2_set_timeouts();
> +
How about just do this in tpmhw_probe() and not bother with calling
tpmhw_set_timeouts in tcgbios.c (for tpm2).
-Kevin
More information about the SeaBIOS
mailing list