On 2/1/2018 3:12 PM, Mario.Limonciello@xxxxxxxx wrote:
I was told that TPMs that are FIPS validated (such as that in the XPS 13) may
take longer for the self tests to run.
I don't understand why the SeftTest command should take longer.
I understand that a FIPS TPM must do all the self tests before it
returns any results, while a non-FIPS must only test the algorithms
required to return the result. So, some other command will take longer.
~~
From the TPM spec:
FIPS 140-2 requires that all power-on self-tests be complete before the
TPM returns any value that depends on the results of a testable
function. If compliance with FIPS 140-2 is required, any command that
requires use of an untested function causes the TPM to operate as if
TPM2_SelfTest(fullTest = NO) was received. The TPM returns
TPM_RC_TESTING and continues to return TPM_RC_TESTING until all tests
are complete. Alternatively, it may complete all tests and then complete
the command. It may also return TPM_RC_NEEDS_TEST.
