[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4D759AB8.4020300@linux.vnet.ibm.com>
Date: Mon, 07 Mar 2011 23:55:52 -0300
From: Rajiv Andrade <srajiv@...ux.vnet.ibm.com>
To: "Ted Ts'o" <tytso@....edu>,
Linus Torvalds <torvalds@...ux-foundation.org>,
James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org
Subject: Re: [REGRESSION] tpm_tis on Lenovo T410 broken in 2.6.38-rc6
On 03/05/2011 01:48 PM, Ted Ts'o wrote:
> On Fri, Mar 04, 2011 at 11:44:18AM -0300, Rajiv Andrade wrote:
>> The bug was that when running the kernel with IMA, at boot time, it
>> issues 3 TPM commands IIRC, given the 2 min timeout,
>> when the TPM didn't respond due to it not working with interrupts
>> for example, the boot hang for 6 minutes.
> At boot time, why don't you just poll? Maybe I'm missing something.
Polling is the alternative option there already, in case the TPM doesn't
get an
IRQ assigned. However, for a reason we've now found out (testing on more
platforms before posting), when such happens, the TPM doesn't issue
the interrupt signals when the device driver expects, to make
wait_event_interruptible_timeout() return before timeout.
> Or you could just simply use a different default timeout during the
> boot sequence, or simply tell your IMA users to disable it, since if
> you are just hacking the TPM to do a fast fail, the IMA is going to be
> broken anyway, right?
>
That's true, but it would be disabled at the bootloader command line,
same place
the interrupts could be disabled, that causes both to work.
However disabling the interrupts at command line was considered to be a
workaround in the bugzilla it was reported, so I understood it should work
as is for the users.
>> Thanks, it is. HZ isn't enough time for this TPM/setup to have short
>> timeout commands to succeed, including
>> the tpm_get_timeouts(). I was skeptic at first that this would be
>> the reason since I have the same machine,
>> and was working for me, the reason I asked for these parameters
>> setup attempts.
> Yes, but you're probably doing different TPM operations than I am....
> I'm not trying to do IMA, I'm trying to login to a WPA2 protected
> network where the private key needed to authenticate to the enterprise
> wireless network is locked in the TPM.
>
Ah.. completely different story then, I thought you were seeing the
timeouts for
_any_ command, sorry. Just to confirm, can you issue a tpm_version? I
believe you
might have them already, but this requires the tpm-tools and trousers
packages
installed.
Thanks,
Rajiv
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists