tpm: add longer timeout for TPM2_CC_VERIFY_SIGNATURE

While running a TPM2_CC_VERIFY_SIGNATURE operation with RSA 3072-bit
keys the TPM driver fails with the following error:

"kernel: [ 2416.187522] tpm tpm0: Operation Timed out"

Since the TPM PC Client specification does not specify a number for
verify signature operation timeout, and the duration of
TPM2_CC_VERIFY_SIGNATURE with RSA 3072-bit keys exceeds the current timeout
of TPM_LONG (2 seconds), it is preferable to pick the longest timeout
possible.

Therefore, set the duration for TPM2_CC_VERIFY_SIGNATUE to TPM_LONG_LONG
(5 minutes).

[jarkko@kernel.org: mangled the short summary a bit]

Link: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
Signed-off-by: Amir Mizinski <amirmizi6@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
This commit is contained in:
Amir Mizinski 2021-05-25 14:13:25 +03:00 committed by Jarkko Sakkinen
parent 446cd6f0f3
commit 5317677db4
1 changed files with 1 additions and 1 deletions

View File

@ -87,7 +87,7 @@ static u8 tpm2_ordinal_duration_index(u32 ordinal)
return TPM_MEDIUM; return TPM_MEDIUM;
case TPM2_CC_VERIFY_SIGNATURE: /* 177 */ case TPM2_CC_VERIFY_SIGNATURE: /* 177 */
return TPM_LONG; return TPM_LONG_LONG;
case TPM2_CC_PCR_EXTEND: /* 182 */ case TPM2_CC_PCR_EXTEND: /* 182 */
return TPM_MEDIUM; return TPM_MEDIUM;