From: Juergen Repp <juergen_repp@web.de>
To: Andreas.Fuchs@infineon.com,
James.Bottomley@HansenPartnership.com,
linux-integrity@vger.kernel.org
Cc: christian.plappert@sit.fraunhofer.de
Subject: Re: TPM resource manager returns -1 for TPM2_RC_CONTEXT_GAP
Date: Thu, 19 Oct 2023 19:13:36 +0200 [thread overview]
Message-ID: <513b3dd3-3a3a-46a6-a626-9a6c0b7eef4e@web.de> (raw)
In-Reply-To: <23488b27daae488e97323ff07f52db6f@infineon.com>
Am 19.10.23 um 18:16 schrieb Andreas.Fuchs@infineon.com:
>> From: James Bottomley <James.Bottomley@HansenPartnership.com>
>> On Thu, 2023-10-19 at 16:05 +0200, Juergen Repp wrote:
>>> There is an issue related to this problem on github for tpm2-tss:
>>> https://github.com/tpm2-software/tpm2-tss/issues/2691 (/dev/tpmrm0 was
>>> used) The error did occur after abbout 200 signing operations when a
>>> second session was opened by a second process at the same time.
>>> Kernel log:
>>> [ 401.923826] tpm tpm0: tpm2_save_context: failed with a TPM error
>>> 0x0901
>>> [ 401.925049] tpm tpm0: A TPM error (459) occurred flushing context
>>
>> I'm afraid that's a known problem with the Intel TSS: it saves the context, which will cause a gapping error if you keep it saved while doing other context requiring operations. The solutions are either to implement degapping in the kernel or persuade the Intel TSS not to save contexts unnecessarily.
>
> This is independent of the TSS used.
> When you have one long lasting session being used seldomly (i.e. in Application A) and another session or multiple sessions being used frequently (i.e. in Application B), then you will hit this problem at some point.
> As such ANY resource manager (in kernel or outside) needs to implement session ungaping, otherwise it will fail such scenarios.
>
yes we were able to work around the problem by using the resource mangager from https://github.com/tpm2-software/tpm2-abrmd which implements the ungapping.
next prev parent reply other threads:[~2023-10-19 17:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-19 14:05 TPM resource manager returns -1 for TPM2_RC_CONTEXT_GAP Juergen Repp
2023-10-19 15:13 ` James Bottomley
2023-10-19 16:16 ` Andreas.Fuchs
2023-10-19 17:13 ` Juergen Repp [this message]
2023-10-20 13:05 ` James Bottomley
2023-10-20 13:09 ` Andreas.Fuchs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=513b3dd3-3a3a-46a6-a626-9a6c0b7eef4e@web.de \
--to=juergen_repp@web.de \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=christian.plappert@sit.fraunhofer.de \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox