Re: [REGRESSION] tpm_tis on Lenovo T410 broken in 2.6.38-rc6

From: Rajiv Andrade
Date: Mon Mar 07 2011 - 21:57:26 EST

Next message: KOSAKI Motohiro: "Re: [PATCH] mm: check zone->all_unreclaimable in all_unreclaimable()"
Previous message: KOSAKI Motohiro: "Re: [PATCH 8/8] Add VM counters for transparent hugepages"
In reply to: Ted Ts'o: "Re: [REGRESSION] tpm_tis on Lenovo T410 broken in 2.6.38-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/05/2011 01:48 PM, Ted Ts'o wrote:

On Fri, Mar 04, 2011 at 11:44:18AM -0300, Rajiv Andrade wrote:
The bug was that when running the kernel with IMA, at boot time, it
issues 3 TPM commands IIRC, given the 2 min timeout,
when the TPM didn't respond due to it not working with interrupts
for example, the boot hang for 6 minutes.

At boot time, why don't you just poll? Maybe I'm missing something.

Polling is the alternative option there already, in case the TPM doesn't get an
IRQ assigned. However, for a reason we've now found out (testing on more
platforms before posting), when such happens, the TPM doesn't issue
the interrupt signals when the device driver expects, to make
wait_event_interruptible_timeout() return before timeout.

Or you could just simply use a different default timeout during the
boot sequence, or simply tell your IMA users to disable it, since if
you are just hacking the TPM to do a fast fail, the IMA is going to be
broken anyway, right?

That's true, but it would be disabled at the bootloader command line, same place
the interrupts could be disabled, that causes both to work.
However disabling the interrupts at command line was considered to be a
workaround in the bugzilla it was reported, so I understood it should work
as is for the users.

Thanks, it is. HZ isn't enough time for this TPM/setup to have short
timeout commands to succeed, including
the tpm_get_timeouts(). I was skeptic at first that this would be
the reason since I have the same machine,
and was working for me, the reason I asked for these parameters
setup attempts.

Yes, but you're probably doing different TPM operations than I am....
I'm not trying to do IMA, I'm trying to login to a WPA2 protected
network where the private key needed to authenticate to the enterprise
wireless network is locked in the TPM.

Ah.. completely different story then, I thought you were seeing the timeouts for
_any_ command, sorry. Just to confirm, can you issue a tpm_version? I believe you
might have them already, but this requires the tpm-tools and trousers packages
installed.

Thanks,
Rajiv

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KOSAKI Motohiro: "Re: [PATCH] mm: check zone->all_unreclaimable in all_unreclaimable()"
Previous message: KOSAKI Motohiro: "Re: [PATCH 8/8] Add VM counters for transparent hugepages"
In reply to: Ted Ts'o: "Re: [REGRESSION] tpm_tis on Lenovo T410 broken in 2.6.38-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]