linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ken Goldman <kgold@linux.ibm.com>
To: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
	zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
	jmorris@namei.org, serge@hallyn.com,
	zhangliguang@linux.alibaba.com, zhang.jia@linux.alibaba.com
Cc: linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ima: optimize ima_pcr_extend function by asynchronous
Date: Tue, 14 Apr 2020 14:07:26 -0400	[thread overview]
Message-ID: <0fdd1c13-51c6-e65c-1ca5-38621fa21f53@linux.ibm.com> (raw)
In-Reply-To: <20200414115020.99288-1-tianjia.zhang@linux.alibaba.com>

I wonder if there's a different issue?  I just ran selftest with 
fullTest = yes in two different TPM vendors.

One took 230 msec, the other 320 msec.

I've never seen anything near 10 seconds.

Note that this is worse than the worst case because it's forcing a full 
retest.  The TPM typically starts its self test immediately at power up 
and could be complete by the time the OS starts to boot.

When I run selftest with fullTest = no, I get 30 msec, probably
because it's not doing anything.

On 4/14/2020 7:50 AM, Tianjia Zhang wrote:
> Because ima_pcr_extend() to operate the TPM chip, this process is
> very time-consuming, for IMA, this is a blocking action, especially
> when the TPM is in self test state, this process will block for up
> to ten seconds.



  parent reply	other threads:[~2020-04-14 18:07 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-14 11:50 [PATCH] ima: optimize ima_pcr_extend function by asynchronous Tianjia Zhang
2020-04-14 16:11 ` Mimi Zohar
2020-04-14 18:07 ` Ken Goldman [this message]
2020-04-15  2:53   ` Tianjia Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0fdd1c13-51c6-e65c-1ca5-38621fa21f53@linux.ibm.com \
    --to=kgold@linux.ibm.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=jmorris@namei.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=tianjia.zhang@linux.alibaba.com \
    --cc=zhang.jia@linux.alibaba.com \
    --cc=zhangliguang@linux.alibaba.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).