From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"Vitor Soares" <ivitro@gmail.com>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
<linux-integrity@vger.kernel.org>
Cc: <keyrings@vger.kernel.org>, "Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"David Howells" <dhowells@redhat.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
<linux-kernel@vger.kernel.org>,
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default
Date: Mon, 27 May 2024 18:01:52 +0300 [thread overview]
Message-ID: <D1KINAE5E2MH.729CM4ABV5VN@kernel.org> (raw)
In-Reply-To: <D1KIFPNBNGKH.IJKFRXH8WINU@kernel.org>
On Mon May 27, 2024 at 5:51 PM EEST, Jarkko Sakkinen wrote:
> On Thu May 23, 2024 at 10:59 AM EEST, Vitor Soares wrote:
> > On Wed, 2024-05-22 at 19:11 +0300, Jarkko Sakkinen wrote:
> > > On Wed May 22, 2024 at 5:58 PM EEST, Vitor Soares wrote:
> > > > I did run with ftrace, but need some more time to go through it.
> > > >
> > > > Here the step I did:
> > > > kernel config:
> > > > CONFIG_FUNCTION_TRACER
> > > > CONFIG_FUNCTION_GRAPH_TRACER
> > > >
> > > > ftrace:
> > > > # set filters
> > > > echo tpm* > set_ftrace_filter
> > > >
> > > > # set tracer
> > > > echo function_graph > current_tracer
> > > >
> > > > # take the sample
> > > > echo 1 > tracing_on; time modprobe tpm_tis_spi; echo 0 > tracing_on
> > > >
> > > > regards,
> > > > Vitor Soares
> > >
> > > I'm now compiling distro kernel (OpenSUSE) for NUC7 with v6.10 contents.
> > >
> > > After I have that setup, I'll develop a perf test either with perf or
> > > bpftrace. I'll come back with the possible CONFIG_* that should be in
> > > place in your kernel. Might take up until next week as I have some
> > > conference stuff to prepare but I try to have stuff ready early next
> > > week.
> > >
> > > No need to rush with this as long as possible patches go to rc2 or rc3.
> > > Let's do a proper analysis instead.
> > >
> > > In the meantime you could check if you get perf and/or bpftrace to
> > > your image that use to boot up your device. Preferably both but
> > > please inform about this.
> > >
> >
> > I already have perf running, for the bpftrace I might not be able to help.
>
> The interesting function to look at with/without hmac is probably
> tpm2_get_random().
>
> I attached a patch that removes hmac shenigans out of tpm2_get_random()
> for the sake of proper comparative testing.
Other thing that we need to measure is to split the cost into
two parts:
1. Handshake, i.e. setting up and shutdowning a session.
2. Transaction, payload TPM command.
This could be done by setting up couple of kprobes_events:
payload_event: tpm2_get_random() etc.
hmac_event: tpm2_start_auth_session(), tpm2_end_auth_session() etc.
And just summing up the time for a boot to get a cost for hmac.
I'd use bootconfig for this:
https://www.kernel.org/doc/html/v6.9/trace/boottime-trace.html
So I've made up plans how measure the incident but not sure when I
have time to pro-actively work on a benchmark (thus sharing details).
So I think with just proper bootconfig wtih no other tools uses this
can be measured.
BR, Jarkko
next prev parent reply other threads:[~2024-05-27 15:01 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-19 23:51 [PATCH 0/3] KEYS: trusted: bug fixes Jarkko Sakkinen
2024-05-19 23:51 ` [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default Jarkko Sakkinen
2024-05-21 7:03 ` Vitor Soares
2024-05-21 7:10 ` Jarkko Sakkinen
2024-05-21 12:33 ` James Bottomley
2024-05-21 13:00 ` Jarkko Sakkinen
2024-05-21 13:11 ` Jarkko Sakkinen
2024-05-21 13:16 ` Jarkko Sakkinen
2024-05-22 8:18 ` Vitor Soares
2024-05-22 12:01 ` Jarkko Sakkinen
2024-05-22 13:17 ` Vitor Soares
2024-05-22 13:31 ` Vitor Soares
2024-05-22 14:11 ` Jarkko Sakkinen
2024-05-22 14:20 ` James Bottomley
2024-05-22 14:39 ` Jarkko Sakkinen
2024-05-22 13:35 ` James Bottomley
2024-05-22 14:13 ` Jarkko Sakkinen
2024-05-22 14:58 ` Vitor Soares
2024-05-22 16:11 ` Jarkko Sakkinen
2024-05-23 7:59 ` Vitor Soares
2024-05-27 14:51 ` Jarkko Sakkinen
2024-05-27 15:01 ` Jarkko Sakkinen [this message]
2024-05-27 15:12 ` Jarkko Sakkinen
2024-05-27 15:34 ` Jarkko Sakkinen
2024-05-27 17:57 ` James Bottomley
2024-05-27 19:53 ` Jarkko Sakkinen
2024-05-27 20:01 ` Jarkko Sakkinen
2024-05-27 21:36 ` James Bottomley
2024-05-27 23:17 ` Jarkko Sakkinen
2024-05-27 23:44 ` James Bottomley
2024-05-28 1:04 ` Jarkko Sakkinen
2024-05-28 1:07 ` Jarkko Sakkinen
2024-05-19 23:51 ` [PATCH 2/3] KEYS: trusted: Fix memory leak in tpm2_key_encode() Jarkko Sakkinen
2024-05-19 23:51 ` [PATCH 3/3] KEYS: trusted: Do not use WARN when encode fails Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D1KINAE5E2MH.729CM4ABV5VN@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dhowells@redhat.com \
--cc=ivitro@gmail.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=peterhuewe@gmx.de \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.