1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
/********************************************************************************/
/* */
/* LibTPM compile-time choices (#defines) */
/* Written by Stefan Berger */
/* IBM Thomas J. Watson Research Center */
/* $Id: tpm_library_conf.h 4589 2011-07-05 12:22:40Z stefanb $ */
/* */
/* (c) Copyright IBM Corporation 2010. */
/* */
/* All rights reserved. */
/* */
/* Redistribution and use in source and binary forms, with or without */
/* modification, are permitted provided that the following conditions are */
/* met: */
/* */
/* Redistributions of source code must retain the above copyright notice, */
/* this list of conditions and the following disclaimer. */
/* */
/* Redistributions in binary form must reproduce the above copyright */
/* notice, this list of conditions and the following disclaimer in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* Neither the names of the IBM Corporation nor the names of its */
/* contributors may be used to endorse or promote products derived from */
/* this software without specific prior written permission. */
/* */
/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
/********************************************************************************/
#ifndef TPM_LIBRARY_CONF_H
#define TPM_LIBRARY_CONF_H
/* Note: None of these defines should be used directly; rather,
* the TPMLIB_GetTPMProperty() call should be used to
* query their value.
* Since tpm_constants.h defines some default values if none
* other are defined, this header should be included before
* tpm_constants.h is included.
*/
/* need to restrict the maximum size of keys to cap the below blobs */
#define TPM_RSA_KEY_LENGTH_MAX 2048
/* maximum size of the IO buffer used for requests and responses */
#define TPM_BUFFER_MAX 4096
/*
* Below the following acronyms are used to identify what
* #define influences which one of the state blobs the TPM
* produces.
*
* PA : permanentall
* SS : savestate
* VA : volatileall
*
* BAL: contributes to the ballooning of the state blob
*/
/*
* Do not touch these #define's anymore. They are fixed forever
* and define the properties of the TPM library and have a
* direct influence on the size requirements of the TPM's block
* store and the organization of data inside that block store.
*/
/*
* Every 2048 bit key in volatile space accounts for an
* increase of maximum of 559 bytes (PCR_INFO_LONG, tied to PCRs).
*/
#define TPM_KEY_HANDLES 20 /* SS, VA, BAL */
/*
* Every 2048 bit key on which the owner evict key flag is set
* accounts for an increase of 559 bytes of the permanentall
* blob.
*/
#define TPM_OWNER_EVICT_KEY_HANDLES 10 /* PA, BAL */
/*
* The largest auth session is DSAP; each such session consumes 119 bytes
*/
#define TPM_MIN_AUTH_SESSIONS 16 /* SS, VA, BAL */
/*
* Every transport session accounts for an increase of 78 bytes
*/
#define TPM_MIN_TRANS_SESSIONS 16 /* SS, VA, BAL */
/*
* Every DAA session accounts for an increase of 844 bytes.
*/
#define TPM_MIN_DAA_SESSIONS 2 /* SS, VA, BAL */
#define TPM_MIN_SESSION_LIST 128 /* SS, VA */
#define TPM_MIN_COUNTERS 8 /* PA */
#define TPM_NUM_FAMILY_TABLE_ENTRY_MIN 16 /* PA */
#define TPM_NUM_DELEGATE_TABLE_ENTRY_MIN 4 /* PA */
/*
* NB: above #defines directly influence the largest size of the
* 'permanentall', 'savestate' and 'volatileall' data. If these
* #define's allow the below space requirements to be exceeded, the
* TPM may go into shutdown mode, something we would definitely
* like to prevent. We are mostly concerned about the size of
* the 'permanentall' blob, which is capped by TPM_MAX_NV_SPACE,
* and that of the 'savestate' blob, which is capped by
* TPM_MAX_SAVESTATE_SPACE.
*/
#define TPM_SPACE_SAFETY_MARGIN (4 * 1024)
/*
* As of V0.5.1 (may have increased since then):
* permanent space + 10 keys = 7920 bytes
* full volatile space = 17223 bytes
* full savestate space = 16992 bytes
*/
/*
* For the TPM_MAX_NV_SPACE we cannot provide a safety margin here
* since the TPM will allow NVRAM spaces to allocate everything.
* So, we tell the user in TPMLIB_GetTPMProperty that it's 20kb. This
* gives us some safety margin for the future.
*/
#define TPM_PERMANENT_ALL_BASE_SIZE (2334 /* incl. SRK, EK */ + \
2048 /* extra space */)
#define TPM_MAX_NV_DEFINED_SIZE (2048 /* min. NVRAM spaces */ + \
26*1024 /* extra NVRAM space */ )
#define TPM_MAX_NV_SPACE (TPM_PERMANENT_ALL_BASE_SIZE + \
TPM_OWNER_EVICT_KEY_HANDLES * 559 + \
TPM_MAX_NV_DEFINED_SIZE)
#define TPM_MAX_SAVESTATE_SPACE (972 + /* base size */ \
TPM_KEY_HANDLES * 559 + \
TPM_MIN_TRANS_SESSIONS * 78 + \
TPM_MIN_DAA_SESSIONS * 844 + \
TPM_MIN_AUTH_SESSIONS * 119 + \
TPM_SPACE_SAFETY_MARGIN)
#define TPM_MAX_VOLATILESTATE_SPACE (1203 + /* base size */ \
TPM_KEY_HANDLES * 559 + \
TPM_MIN_TRANS_SESSIONS * 78 + \
TPM_MIN_DAA_SESSIONS * 844 + \
TPM_MIN_AUTH_SESSIONS * 119 + \
TPM_SPACE_SAFETY_MARGIN)
/*
* The timeouts in microseconds.
*
* The problem with the timeouts is that on a heavily utilized
* virtualized platform, the processing of the TPM's commands will
* take much longer than on a system that's not very busy. So, we
* now choose values that are very high so that we don't hit timeouts
* in TPM drivers just because the system is busy. However, hitting
* timeouts on a very busy system may be inevitable...
*/
#define TPM_SMALL_DURATION ( 50 * 1000 * 1000)
#define TPM_MEDIUM_DURATION (100 * 1000 * 1000)
#define TPM_LONG_DURATION (300 * 1000 * 1000)
#endif /* TPM_LIBRARY_CONF_H */
|
