[PATCH] ima: optimize ima_pcr_extend function by asynchronous
Tianjia Zhang
tianjia.zhang at linux.alibaba.com
Wed Apr 15 02:53:06 UTC 2020
On 2020/4/15 2:07, Ken Goldman wrote:
> I wonder if there's a different issue? I just ran selftest with
> fullTest = yes in two different TPM vendors.
>
> One took 230 msec, the other 320 msec.
>
> I've never seen anything near 10 seconds.
>
> Note that this is worse than the worst case because it's forcing a full
> retest. The TPM typically starts its self test immediately at power up
> and could be complete by the time the OS starts to boot.
>
> When I run selftest with fullTest = no, I get 30 msec, probably
> because it's not doing anything.
>
> On 4/14/2020 7:50 AM, Tianjia Zhang wrote:
>> Because ima_pcr_extend() to operate the TPM chip, this process is
>> very time-consuming, for IMA, this is a blocking action, especially
>> when the TPM is in self test state, this process will block for up
>> to ten seconds.
>
Ten seconds is an extreme scenario, and I haven't seen this worst case,
but the TPM driver will fail to return in this scenario.
Thanks and best,
Tianjia
More information about the Linux-security-module-archive
mailing list