[SeaBIOS] [RFC PATCH v1 5/9] tpm: Implement tpm2_set_timeouts

Stefan Berger stefanb at us.ibm.com
Fri Jan 15 20:44:35 CET 2016 

From: Stefan Berger <stefanb at linux.vnet.ibm.com>

The TIS timeouts for TPM 2 are different than for TPM 1.2.
Also the timeouts indicating a failed TPM 2 command are different.
Further, the  command durations and timeouts cannot be read from the device.

We take the command timeout values for short, medium, and long running
commands from table 15 of the following specification:

TCG PC Client Platform TPM Profile (PTP) Specification

http://www.trustedcomputinggroup.org/resources/pc_client_platform_tpm_profile_ptp_specification

The values should work for all physical TPMs.

The tricky thing with virtualized environments is that the values
may need to be longer for a system where a vTPM cannot get sufficient
cycles. So a future patch _may_ need to multiply those values here
with some factor.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 src/hw/tpm_drivers.h | 17 +++++++++++++++++
 src/tcgbios.c        | 20 ++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/src/hw/tpm_drivers.h b/src/hw/tpm_drivers.h
index 665c534..36d6ab9 100644
--- a/src/hw/tpm_drivers.h
+++ b/src/hw/tpm_drivers.h
@@ -66,6 +66,14 @@ TPMVersion tpmhw_get_tpm_version(void);
 #define TIS_DEFAULT_TIMEOUT_C           750000 /* us */
 #define TIS_DEFAULT_TIMEOUT_D           750000 /* us */
 
+/*
+ * Default TIS 2 timeouts given in TPM Profile (TPT) Spec
+ */
+#define TIS2_DEFAULT_TIMEOUT_A          750000 /* us */
+#define TIS2_DEFAULT_TIMEOUT_B         2000000 /* us */
+#define TIS2_DEFAULT_TIMEOUT_C          200000 /* us */
+#define TIS2_DEFAULT_TIMEOUT_D           30000 /* us */
+
 enum tisTimeoutType {
     TIS_TIMEOUT_TYPE_A = 0,
     TIS_TIMEOUT_TYPE_B,
@@ -81,4 +89,13 @@ enum tisTimeoutType {
 #define TPM_DEFAULT_DURATION_MEDIUM    20000000 /* us */
 #define TPM_DEFAULT_DURATION_LONG      60000000 /* us */
 
+/*
+ * TPM 2 command durations; we set them to the timeout values
+ * given in TPM Profile (PTP) Speicfication; exceeding those
+ * timeout values indicates a faulty TPM.
+ */
+#define TPM2_DEFAULT_DURATION_SHORT       750000 /* us */
+#define TPM2_DEFAULT_DURATION_MEDIUM     2000000 /* us */
+#define TPM2_DEFAULT_DURATION_LONG       2000000 /* us */
+
 #endif /* TPM_DRIVERS_H */
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 0d6cfdb..7b6409c 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -322,6 +322,24 @@ tpm12_determine_timeouts(void)
     return 0;
 }
 
+static void
+tpm2_set_timeouts(void)
+{
+    u32 durations[3] = {
+        TPM2_DEFAULT_DURATION_SHORT,
+        TPM2_DEFAULT_DURATION_MEDIUM,
+        TPM2_DEFAULT_DURATION_LONG,
+    };
+    u32 timeouts[4] = {
+        TIS2_DEFAULT_TIMEOUT_A,
+        TIS2_DEFAULT_TIMEOUT_B,
+        TIS2_DEFAULT_TIMEOUT_C,
+        TIS2_DEFAULT_TIMEOUT_D,
+    };
+
+    tpmhw_set_timeouts(timeouts, durations);
+}
+
 static int
 tpm12_extend(u32 pcrindex, const u8 *digest)
 {
@@ -557,6 +575,8 @@ err_exit:
 static int
 tpm2_startup(void)
 {
+    tpm2_set_timeouts();
+
     dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM2_Startup(SU_CLEAR)\n");
     int ret = tpm_build_and_send_cmd(0, TPM2_CC_Startup,
                                      Startup_SU_CLEAR,
-- 
2.4.3

More information about the SeaBIOS mailing list