[SeaBIOS] [PATCH v3 05/11] tpm: Implement tpm20_set_timeouts

Stefan Berger stefanb at us.ibm.com
Tue Feb 2 19:09:13 CET 2016 

From: Stefan Berger <stefanb at linux.vnet.ibm.com>

The TIS timeouts for TPM 2 are different than for TPM 1.2.
Also the timeouts indicating a failed TPM 2 command are different.
Further, the  command durations and timeouts cannot be read from the device.

We take the command timeout values for short, medium, and long running
commands from table 15 of the following specification:

TCG PC Client Platform TPM Profile (PTP) Specification

http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification

The values should work for all physical TPMs.

The tricky thing with virtualized environments is that the values
may need to be longer for a system where a vTPM cannot get sufficient
cycles. So a future patch _may_ need to multiply those values here
with some factor.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 src/hw/tpm_drivers.h | 17 +++++++++++++++++
 src/tcgbios.c        | 20 ++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/src/hw/tpm_drivers.h b/src/hw/tpm_drivers.h
index 52c7a15..56fd9e8 100644
--- a/src/hw/tpm_drivers.h
+++ b/src/hw/tpm_drivers.h
@@ -66,6 +66,14 @@ void tpmhw_set_timeouts(u32 timeouts[4], u32 durations[3]);
 #define TIS_DEFAULT_TIMEOUT_C           750000 /* us */
 #define TIS_DEFAULT_TIMEOUT_D           750000 /* us */
 
+/*
+ * Default TIS 2 timeouts given in TPM Profile (TPT) Spec
+ */
+#define TIS2_DEFAULT_TIMEOUT_A          750000 /* us */
+#define TIS2_DEFAULT_TIMEOUT_B         2000000 /* us */
+#define TIS2_DEFAULT_TIMEOUT_C          200000 /* us */
+#define TIS2_DEFAULT_TIMEOUT_D           30000 /* us */
+
 enum tisTimeoutType {
     TIS_TIMEOUT_TYPE_A = 0,
     TIS_TIMEOUT_TYPE_B,
@@ -81,4 +89,13 @@ enum tisTimeoutType {
 #define TPM_DEFAULT_DURATION_MEDIUM    20000000 /* us */
 #define TPM_DEFAULT_DURATION_LONG      60000000 /* us */
 
+/*
+ * TPM 2 command durations; we set them to the timeout values
+ * given in TPM Profile (PTP) Specification; exceeding those
+ * timeout values indicates a faulty TPM.
+ */
+#define TPM2_DEFAULT_DURATION_SHORT       750000 /* us */
+#define TPM2_DEFAULT_DURATION_MEDIUM     2000000 /* us */
+#define TPM2_DEFAULT_DURATION_LONG       2000000 /* us */
+
 #endif /* TPM_DRIVERS_H */
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 0b40a8f..463b7bb 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -322,6 +322,24 @@ tpm12_determine_timeouts(void)
     return 0;
 }
 
+static void
+tpm20_set_timeouts(void)
+{
+    u32 durations[3] = {
+        TPM2_DEFAULT_DURATION_SHORT,
+        TPM2_DEFAULT_DURATION_MEDIUM,
+        TPM2_DEFAULT_DURATION_LONG,
+    };
+    u32 timeouts[4] = {
+        TIS2_DEFAULT_TIMEOUT_A,
+        TIS2_DEFAULT_TIMEOUT_B,
+        TIS2_DEFAULT_TIMEOUT_C,
+        TIS2_DEFAULT_TIMEOUT_D,
+    };
+
+    tpmhw_set_timeouts(timeouts, durations);
+}
+
 static int
 tpm12_extend(u32 pcrindex, const u8 *digest)
 {
@@ -557,6 +575,8 @@ err_exit:
 static int
 tpm20_startup(void)
 {
+    tpm20_set_timeouts();
+
     int ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
                                      Startup_SU_CLEAR,
                                      sizeof(Startup_SU_CLEAR),
-- 
2.4.3

More information about the SeaBIOS mailing list