lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 8 Aug 2017 22:11:45 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Peter Huewe <peterhuewe@....de>
Cc:     Nayna Jain <nayna@...ux.vnet.ibm.com>,
        tpmdd-devel@...ts.sourceforge.net, tpmdd@...horst.net,
        jgunthorpe@...idianresearch.com,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-ima-devel@...ts.sourceforge.net, patrickc@...ibm.com
Subject: Re: [PATCH] tpm: improve tpm_tis send() performance by ignoring
 burstcount

On Mon, Aug 07, 2017 at 01:52:34PM +0200, Peter Huewe wrote:
> 
> 
> Am 7. August 2017 13:46:32 MESZ schrieb Nayna Jain <nayna@...ux.vnet.ibm.com>:
> >The TPM burstcount status indicates the number of bytes that can
> >be sent to the TPM without causing bus wait states.  Effectively,
> >it is the number of empty bytes in the command FIFO. Further,
> >some TPMs have a static burstcount, when the value remains zero
> >until the entire FIFO is empty.
> >
> >This patch ignores burstcount, permitting wait states, and thus
> >writes the command as fast as the TPM can accept the bytes.
> >The performance of a 34 byte extend on a TPM 1.2 improved from
> >52 msec to 11 msec.
> >
> >Suggested-by: Ken Goldman <kgold@...ux.vnet.ibm.com> in
> >conjunction with the TPM Device Driver work group.
> >Signed-off-by: Nayna Jain <nayna@...ux.vnet.ibm.com>
> >Acked-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
> 
> Are you sure this is a good idea?
> On lpc systems this more or less stalls the bus, including keyboard/mouse (if connected via superio lpc).
> 
> On which systems have you tested this?
> Spi/Lpc? Architecture?
> 
> This might not be noticable for small transfers, but think about much larger transfers....
> 
> Imho: NACK from my side.
> 
> Thanks,
> Peter

Thanks Peter, a great insight. TPM could share the bus with other
devices. Even if this optimizes the performace for TPM it might cause
performance issues elsewhere.

One more viewpoint: TCG must added the burst count for a reason (might
be very well related what Peter said). Is ignoring it something that TCG
recommends? Not following standard exactly in the driver code sometimes
makes sense on *small details* but I would not say that this a small
detail...

After these viewpoints definitive NACK from my side too...

/Jarkko

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ