Conversation
jarkko

Jarkko Sakkinen

First performance fixes for TPM HMAC encryption:

https://lore.kernel.org/linux-integrity/D4727YOJY8KZ.L6RKMRBKRCSN@kernel.org/T/#m22ed621c65c75c75900fe77c6b963ac98eb1b624

I don't expect this to fully address the performance challenges. It is the first axis here. Other axis is the session creation but these are independent issues.
1
0
2
jarkko

Jarkko Sakkinen

Reply to @jarkko
I was a bit stressed out of this and did the first thing that I could think of and it seems to deliver promising results:

https://lore.kernel.org/linux-integrity/CALSz7m1WG7fZ9UuO0URgCZEDG7r_wB4Ev_4mOHJThH_d1Ed1nw@mail.gmail.com/

I was hoping to get exactly that 5 seconds drop based on calculating relative times of call stacks measured by bpftrace, but did not expect that the calculations I made in the notebook would be exact match of the empirical results (this never happens) 🤷

I make a similar fix now for auth session objects (this was for not eagerly swapping the public key used as the communications end point).
1
0
2
jarkko

Jarkko Sakkinen

Reply to @jarkko
2nd iteration: https://lore.kernel.org/linux-integrity/20240916110714.1396407-1-jarkko@kernel.org/
1
0
0
jarkko

Jarkko Sakkinen

Reply to @jarkko
With the latest patch set according to the reporter the boot time is now ~8.9 secs, which is IMHO acceptable overhead for encryption. If that 1.9 secs is an issue then it is better to disable TPM than use fast and broken version of it.
1
0
3
jarkko

Jarkko Sakkinen

Reply to @jarkko
Post-poning hwrng registeration will not help and was a false conclusion .

I attached kprobes using boot-time config and these appear when init process is already running:

start_event: (tpm_transmit+0x4/0x4b0)
end_event: (tpm_transmit_cmd+0x33/0xc0 <- tpm_transmit)
start_event: (tpm_transmit+0x4/0x4b0)
end_event: (tpm_transmit_cmd+0x33/0xc0 <- tpm_transmit)
start_event: (tpm_transmit+0x4/0x4b0)
end_event: (tpm_transmit_cmd+0x33/0xc0 <- tpm_transmit)

These emit from tpm2_get_random() invoked by hwrng.

I guess 8.9 seconds is what we satisfy for the moment :-) I put out one more version where extras have been cut and performance fixes also have fixes tags as we most likely want these also to 6.10/6.11.
0
1
0
About social.kernel.org

Terms of service

  1. Please do not use this service in violation of the Linux Kernel Code of Conduct. Doing so will result in your account suspension with the referral of the matter to the CoC committee.

  2. "Repeating"/"boosting" someone else's status on this platform will be treated as endorsement and will fall under rule #1.

  3. You are encouraged to use this platform to promote your work on the Linux Kernel, but there is no restriction on permitted topics (with the exception of anything covered by #1 above).

  4. There is no requirement to post in English, but it should be considered the primary language of communication on this platform.

Privacy notice

The admins of this service have access to all posted statuses. They aren't looking, but if it's something they shouldn't know about, then you should not post it on this platform.

Please see the Linux Foundation Privacy Policy, which applies to this platform as well.

Getting your own account

If you would like an account on this instance, please check that the following applies to you:

  • You are listed in MAINTAINERS or CREDITS

  • OR: You have a kernel.org account or email address

  • OR: You have a long and established history of involvement with the Linux Kernel

If the above is true and you agree with the Terms of Service and Privacy Notice listed above, please use these instructions to request an account: