| Message ID | 20190902142735.6280-1-jsnitsel@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | tpm: add update_durations class op to allow override of chip supplied values | expand |
On Mon Sep 02 19, Jerry Snitselaar wrote: >We've run into a case where a customer has an STM TPM 1.2 chip >(version 1.2.8.28), that is getting into an inconsistent state and >they end up getting tpm transmit errors. In really old tpm code this >wasn't seen because the code that grabbed the duration values from the >chip could fail silently, and would proceed to just use default values >and move forward. More recent code though successfully gets the >duration values from the chip, and using those values this particular >chip version gets into the state seen by the customer. > >The idea with this patchset is to provide a facility like the >update_timeouts operation to allow the override of chip supplied >values. > >changes from v3: > * Assign value to version when tpm1_getcap is successful for TPM 1.1 device > not when it fails. > >changes from v2: > * Added patch 1/3 > * Rework tpm_tis_update_durations to make use of new version structs > and pull tpm1_getcap calls out of loop. > >changes from v1: > * Remove unneeded newline > * Formatting cleanups > * Change tpm_tis_update_durations to be a void function, and > use chip->duration_adjusted to track whether adjustment was > made. > >Jarkko Sakkinen (1): > tpm: Remove duplicate code from caps_show() in tpm-sysfs.c > >Jerry Snitselaar (2): > tpm: provide a way to override the chip returned durations > tpm_tis: override durations for STM tpm with firmware 1.2.8.28 > > Anyone else have any feedback on this patchset?
On Sat, Sep 28, 2019 at 10:45:43AM -0700, Jerry Snitselaar wrote: > On Mon Sep 02 19, Jerry Snitselaar wrote: > > We've run into a case where a customer has an STM TPM 1.2 chip > > (version 1.2.8.28), that is getting into an inconsistent state and > > they end up getting tpm transmit errors. In really old tpm code this > > wasn't seen because the code that grabbed the duration values from the > > chip could fail silently, and would proceed to just use default values > > and move forward. More recent code though successfully gets the > > duration values from the chip, and using those values this particular > > chip version gets into the state seen by the customer. > > > > The idea with this patchset is to provide a facility like the > > update_timeouts operation to allow the override of chip supplied > > values. > > > > changes from v3: > > * Assign value to version when tpm1_getcap is successful for TPM 1.1 device > > not when it fails. > > > > changes from v2: > > * Added patch 1/3 > > * Rework tpm_tis_update_durations to make use of new version structs > > and pull tpm1_getcap calls out of loop. > > > > changes from v1: > > * Remove unneeded newline > > * Formatting cleanups > > * Change tpm_tis_update_durations to be a void function, and > > use chip->duration_adjusted to track whether adjustment was > > made. > > > > Jarkko Sakkinen (1): > > tpm: Remove duplicate code from caps_show() in tpm-sysfs.c > > > > Jerry Snitselaar (2): > > tpm: provide a way to override the chip returned durations > > tpm_tis: override durations for STM tpm with firmware 1.2.8.28 > > > > > > Anyone else have any feedback on this patchset? Thanks for reminding. I'll put this to my master soonish. /Jarkko
On Mon, Sep 02, 2019 at 07:27:32AM -0700, Jerry Snitselaar wrote: > We've run into a case where a customer has an STM TPM 1.2 chip > (version 1.2.8.28), that is getting into an inconsistent state and > they end up getting tpm transmit errors. In really old tpm code this > wasn't seen because the code that grabbed the duration values from the > chip could fail silently, and would proceed to just use default values > and move forward. More recent code though successfully gets the > duration values from the chip, and using those values this particular > chip version gets into the state seen by the customer. > > The idea with this patchset is to provide a facility like the > update_timeouts operation to allow the override of chip supplied > values. > > changes from v3: > * Assign value to version when tpm1_getcap is successful for TPM 1.1 device > not when it fails. > > changes from v2: > * Added patch 1/3 > * Rework tpm_tis_update_durations to make use of new version structs > and pull tpm1_getcap calls out of loop. > > changes from v1: > * Remove unneeded newline > * Formatting cleanups > * Change tpm_tis_update_durations to be a void function, and > use chip->duration_adjusted to track whether adjustment was > made. > > Jarkko Sakkinen (1): > tpm: Remove duplicate code from caps_show() in tpm-sysfs.c > > Jerry Snitselaar (2): > tpm: provide a way to override the chip returned durations > tpm_tis: override durations for STM tpm with firmware 1.2.8.28 > > I applied to my master branch. Probably hard to get wide testing given the "niche" case when the issue happens. Should be sufficient that the commonc case still works. /Jarkko
On Wed Oct 02 19, Jarkko Sakkinen wrote: >On Mon, Sep 02, 2019 at 07:27:32AM -0700, Jerry Snitselaar wrote: >> We've run into a case where a customer has an STM TPM 1.2 chip >> (version 1.2.8.28), that is getting into an inconsistent state and >> they end up getting tpm transmit errors. In really old tpm code this >> wasn't seen because the code that grabbed the duration values from the >> chip could fail silently, and would proceed to just use default values >> and move forward. More recent code though successfully gets the >> duration values from the chip, and using those values this particular >> chip version gets into the state seen by the customer. >> >> The idea with this patchset is to provide a facility like the >> update_timeouts operation to allow the override of chip supplied >> values. >> >> changes from v3: >> * Assign value to version when tpm1_getcap is successful for TPM 1.1 device >> not when it fails. >> >> changes from v2: >> * Added patch 1/3 >> * Rework tpm_tis_update_durations to make use of new version structs >> and pull tpm1_getcap calls out of loop. >> >> changes from v1: >> * Remove unneeded newline >> * Formatting cleanups >> * Change tpm_tis_update_durations to be a void function, and >> use chip->duration_adjusted to track whether adjustment was >> made. >> >> Jarkko Sakkinen (1): >> tpm: Remove duplicate code from caps_show() in tpm-sysfs.c >> >> Jerry Snitselaar (2): >> tpm: provide a way to override the chip returned durations >> tpm_tis: override durations for STM tpm with firmware 1.2.8.28 >> >> > >I applied to my master branch. > >Probably hard to get wide testing given the "niche" case when the >issue happens. Should be sufficient that the commonc case still >works. > >/Jarkko Yeah, it is a pain. The people with the problem systems tested an earlier version of Alexey's patches. I have a system with a different rev STM device, so I did some testing with a modified patch that keyed off that revision, but it will be hard to get it wide exposure.
On Thu, Oct 03, 2019 at 09:55:51AM -0700, Jerry Snitselaar wrote: > On Wed Oct 02 19, Jarkko Sakkinen wrote: > > On Mon, Sep 02, 2019 at 07:27:32AM -0700, Jerry Snitselaar wrote: > > > We've run into a case where a customer has an STM TPM 1.2 chip > > > (version 1.2.8.28), that is getting into an inconsistent state and > > > they end up getting tpm transmit errors. In really old tpm code this > > > wasn't seen because the code that grabbed the duration values from the > > > chip could fail silently, and would proceed to just use default values > > > and move forward. More recent code though successfully gets the > > > duration values from the chip, and using those values this particular > > > chip version gets into the state seen by the customer. > > > > > > The idea with this patchset is to provide a facility like the > > > update_timeouts operation to allow the override of chip supplied > > > values. > > > > > > changes from v3: > > > * Assign value to version when tpm1_getcap is successful for TPM 1.1 device > > > not when it fails. > > > > > > changes from v2: > > > * Added patch 1/3 > > > * Rework tpm_tis_update_durations to make use of new version structs > > > and pull tpm1_getcap calls out of loop. > > > > > > changes from v1: > > > * Remove unneeded newline > > > * Formatting cleanups > > > * Change tpm_tis_update_durations to be a void function, and > > > use chip->duration_adjusted to track whether adjustment was > > > made. > > > > > > Jarkko Sakkinen (1): > > > tpm: Remove duplicate code from caps_show() in tpm-sysfs.c > > > > > > Jerry Snitselaar (2): > > > tpm: provide a way to override the chip returned durations > > > tpm_tis: override durations for STM tpm with firmware 1.2.8.28 > > > > > > > > > > I applied to my master branch. > > > > Probably hard to get wide testing given the "niche" case when the > > issue happens. Should be sufficient that the commonc case still > > works. > > > > /Jarkko > > Yeah, it is a pain. The people with the problem systems tested an > earlier version of Alexey's patches. I have a system with a different > rev STM device, so I did some testing with a modified patch that keyed > off that revision, but it will be hard to get it wide exposure. I think this is sufficient for me as it 1. Fixes the issue. 2. I've verified that it doesn't break systems that don't have the issue The worst case scenario is that you break something that is broken already... /Jarkko
We've run into a case where a customer has an STM TPM 1.2 chip (version 1.2.8.28), that is getting into an inconsistent state and they end up getting tpm transmit errors. In really old tpm code this wasn't seen because the code that grabbed the duration values from the chip could fail silently, and would proceed to just use default values and move forward. More recent code though successfully gets the duration values from the chip, and using those values this particular chip version gets into the state seen by the customer. The idea with this patchset is to provide a facility like the update_timeouts operation to allow the override of chip supplied values. changes from v3: * Assign value to version when tpm1_getcap is successful for TPM 1.1 device not when it fails. changes from v2: * Added patch 1/3 * Rework tpm_tis_update_durations to make use of new version structs and pull tpm1_getcap calls out of loop. changes from v1: * Remove unneeded newline * Formatting cleanups * Change tpm_tis_update_durations to be a void function, and use chip->duration_adjusted to track whether adjustment was made. Jarkko Sakkinen (1): tpm: Remove duplicate code from caps_show() in tpm-sysfs.c Jerry Snitselaar (2): tpm: provide a way to override the chip returned durations tpm_tis: override durations for STM tpm with firmware 1.2.8.28