lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 1 Apr 2018 09:37:40 +0200
From:   Paul Menzel <pmenzel@...gen.mpg.de>
To:     Dmitry Kasatkin <dmitry.kasatkin@...il.com>
Cc:     linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: How to move `init_ima` out of critical path to decrease boot time?

Dear Linux folks,


With Linux 4.16-rc7 [1] on a TUXEDO Book BU1406 with an Intel Kaby Lake 
processor, `init_ima` takes 112 ms to execute according to 
`initcall_debug`. That is quite a long time, and it’d be great to reduce 
that.

```
[    0.426588] calling  init_ima+0x0/0x3a @ 1
[    0.541706] initcall init_ima+0x0/0x3a returned 0 after 112414 usecs
```

The Ubuntu kernel configuration has `CONFIG_IMA=y`, and it be great, if 
users could decrease the boot time without having to rebuild the Linux 
kernel.

What options are there?

1.  Add an option to disable IMA from the Linux kernel command line, for 
example with `ima.disable`?

2.  Do the initialization asynchronously? (At least from the Linux 
messages it looks like, it’s ordered.)

3.  Add a debug option to make it easier to find out what takes so long?


Kind regards,

Paul


[1] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.16-rc7/

View attachment "linux_4.16-rc7_messages.txt" of type "text/plain" (165758 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ