[PATCH 3/5 V2] tpm2: add longer timeouts for creation commands.
tomas.winkler at intel.com
Tue Mar 6 15:19:23 UTC 2018
> On Tue, 2018-03-06 at 11:25 +0200, Tomas Winkler wrote:
> > TPM2_CC_Create(0x153) and TPM2_CC_CreatePrimary (0x131) involve
> > generation of crypto keys which can be a computationally intensive task.
> > The timeout is set to 3min.
> > Rather than increasing default timeout a new constant is added, to not
> > stall for too long on regular commands failures.
> > Signed-off-by: Tomas Winkler <tomas.winkler at intel.com>
> Why are you radically chaging the default timeout? The commit message
> does not tell anything about that change.
Let me, recheck but it should be same value just converted to msecs.
> Why couldn't we just have two timeouts: one default and one long that
> would be at least as long as the longest timeout defined in the spec?
I've tried to explain it in the commit message but apparently has failed.
We have a default or undefined which should be the same as it was unless I did some silly mistake in conversion to msecs (will check), ass all others are in msecs.
It was 2 min = 2 * 60 * HZ (in jiffies) which would be msecs_to_jiffies(2 * 60 * 1000 = 120000)
TPM2_DURATION_DEFAULT = 120000
Then we have a new one which is 3 min just for key generation (Prime number generation is heavy liffting)
> Then we would not have to ever update LAST_CC constant, we could actually
> remove it completely.
I believe I've removed it next patch, I didnât want do too much in this one.
More information about the Linux-security-module-archive