[PATCH 3/5 V2] tpm2: add longer timeouts for creation commands.

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Sat Mar 10 11:21:16 UTC 2018


On Tue, 2018-03-06 at 15:19 +0000, Winkler, Tomas wrote:
> > On Tue, 2018-03-06 at 11:25 +0200, Tomas Winkler wrote:
> > > TPM2_CC_Create(0x153) and TPM2_CC_CreatePrimary (0x131) involve
> > > generation of crypto keys which can be a computationally intensive task.
> > > The timeout is set to 3min.
> > > Rather than increasing default timeout a new constant is added, to not
> > > stall for too long on regular commands failures.
> > > 
> > > Signed-off-by: Tomas Winkler <tomas.winkler at intel.com>
> > 
> > Why are you radically chaging the default timeout? The commit message
> > does not tell anything about that change.
> > 
> 
> Let me, recheck but it should be same value just converted to msecs.
>  
> > Why couldn't we just have two timeouts: one default and one long that
> > would be at least as long as the longest timeout defined in the spec?
> 
> I've tried to explain it in the commit message but apparently has failed. 
> 
> We have a default or undefined which should be the same as it was unless I did
> some silly mistake in conversion to msecs (will check), ass all others are in
> msecs.
> It was 2 min = 2 * 60 * HZ (in jiffies) which would be msecs_to_jiffies(2 * 60
> * 1000 = 120000) 
> TPM2_DURATION_DEFAULT   = 120000

Aah, of course :-) The problem was that I had somehow a blid spot with
seeing the msec_to_jiffies() conversion.

TPM_NUM_DURATIONS would a better name than TPM_DURATION_MAX because
TPM_DURATION_MAX is easy to confuse with TPM_DURATION_* constants.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list