tpm: add longer timeout for TPM2_CC_VERIFY_SIGNATURE

amirmizi · jarkkojs · commit 5317677db429 · 2021-06-23T16:51:03.000+03:00
While running a TPM2_CC_VERIFY_SIGNATURE operation with RSA 3072-bit keys the TPM driver fails with the following error: "kernel: [ 2416.187522] tpm tpm0: Operation Timed out" Since the TPM PC Client specification does not specify a number for verify signature operation timeout, and the duration of TPM2_CC_VERIFY_SIGNATURE with RSA 3072-bit keys exceeds the current timeout of TPM_LONG (2 seconds), it is preferable to pick the longest timeout possible. Therefore, set the duration for TPM2_CC_VERIFY_SIGNATUE to TPM_LONG_LONG (5 minutes). [jarkko@kernel.org: mangled the short summary a bit] Link: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ Signed-off-by: Amir Mizinski <amirmizi6@gmail.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
@@ -87,7 +87,7 @@ static u8 tpm2_ordinal_duration_index(u32 ordinal)
 		return TPM_MEDIUM;
 
 	case TPM2_CC_VERIFY_SIGNATURE:        /* 177 */
-		return TPM_LONG;
+		return TPM_LONG_LONG;
 
 	case TPM2_CC_PCR_EXTEND:              /* 182 */
 		return TPM_MEDIUM;
