[PATCH] ima: optimize ima_pcr_extend function by asynchronous
Ken Goldman
kgold at linux.ibm.com
Tue Apr 14 18:07:26 UTC 2020
I wonder if there's a different issue? I just ran selftest with
fullTest = yes in two different TPM vendors.
One took 230 msec, the other 320 msec.
I've never seen anything near 10 seconds.
Note that this is worse than the worst case because it's forcing a full
retest. The TPM typically starts its self test immediately at power up
and could be complete by the time the OS starts to boot.
When I run selftest with fullTest = no, I get 30 msec, probably
because it's not doing anything.
On 4/14/2020 7:50 AM, Tianjia Zhang wrote:
> Because ima_pcr_extend() to operate the TPM chip, this process is
> very time-consuming, for IMA, this is a blocking action, especially
> when the TPM is in self test state, this process will block for up
> to ten seconds.
More information about the Linux-security-module-archive
mailing list