lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0fdd1c13-51c6-e65c-1ca5-38621fa21f53@linux.ibm.com>
Date:   Tue, 14 Apr 2020 14:07:26 -0400
From:   Ken Goldman <kgold@...ux.ibm.com>
To:     Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>,
        zohar@...ux.ibm.com, dmitry.kasatkin@...il.com, jmorris@...ei.org,
        serge@...lyn.com, zhangliguang@...ux.alibaba.com,
        zhang.jia@...ux.alibaba.com
Cc:     linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ima: optimize ima_pcr_extend function by asynchronous

I wonder if there's a different issue?  I just ran selftest with 
fullTest = yes in two different TPM vendors.

One took 230 msec, the other 320 msec.

I've never seen anything near 10 seconds.

Note that this is worse than the worst case because it's forcing a full 
retest.  The TPM typically starts its self test immediately at power up 
and could be complete by the time the OS starts to boot.

When I run selftest with fullTest = no, I get 30 msec, probably
because it's not doing anything.

On 4/14/2020 7:50 AM, Tianjia Zhang wrote:
> Because ima_pcr_extend() to operate the TPM chip, this process is
> very time-consuming, for IMA, this is a blocking action, especially
> when the TPM is in self test state, this process will block for up
> to ten seconds.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ