From: "Dr. Greg Wettstein" <gw@idfusion.org>
To: Kenneth Goldman <kgoldman@us.ibm.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>,
greg@enjellic.com,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net
Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion
Date: Tue, 14 Feb 2017 08:38:29 -0600 [thread overview]
Message-ID: <20170214143829.GA28175@wind.enjellic.com> (raw)
In-Reply-To: <OFA049276F.2B32440E-ON852580C3.00742287-852580C3.00748E6B@notes.na.collabserv.com>
On Fri, Feb 10, 2017 at 04:13:05PM -0500, Kenneth Goldman wrote:
Good morning to everyone.
> James Bottomley <James.Bottomley@HansenPartnership.com> wrote on
> 02/10/2017 11:46:03 AM:
>
> > > quote: 810 milliseconds
> > > verify signature: 635 milliseconds
For those who may be interested in this sort of thing I grabbed a few
minutes and ran these basic verification primitives against a Kaby
Lake system.
Average time for a quote is 600 milliseconds with a signature
verification clocking in at 100 milliseconds. The latter is
consistent with what James found on his Skylake machine.
Latencies are still significant with things like container start
times.
> > Part of the way of reducing the latency is not to use the TPM for
> > things that don't require secrecy:
> Agreed. There are a few times one would verify a signature inside the
> TPM,
> but they're far from mainstream:
>
> 1 - Early in the boot cycle, when there's no crypto library.
>
> 2 - When the crypto library doesn't support the required algorithm.
>
> 3 - When a ticket is needed to prove to the TPM later that it verified
> the signature.
I don't think there is any doubt that running cryptographic primitives
in userspace is going to be faster then going to hardware. Obviously
that also means there is no need for a TPM resource manager which has
been the subject of much discussion here.
The CoreOS paper makes significant reference to increased security
guarantees inherent in the use of a TPM. Obviously whatever uses
those are will have the noted latency constraints.
We have extended our behavior measurement verifications to the
container level so we offer an explicit guarantee that a container has
not operated in a manner which is inconsistent with the intent of its
designer. Getting the security guarantee we need requires that an
linkage to a hardware root of trust hence our concerns about hardware
latency.
Have a good day.
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg@enjellic.com
------------------------------------------------------------------------------
"UNIX is simple and coherent, but it takes a genious (or at any rate,
a programmer) to understand and appreciate its simplicity."
-- Dennis Ritchie
USENIX '87
next prev parent reply other threads:[~2017-02-14 14:39 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-10 10:03 [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion Dr. Greg Wettstein
2017-02-10 16:46 ` James Bottomley
2017-02-12 20:29 ` Ken Goldman
[not found] ` <OFA049276F.2B32440E-ON852580C3.00742287-852580C3.00748E6B@notes.na.collabserv.com>
2017-02-14 14:38 ` Dr. Greg Wettstein [this message]
2017-02-14 16:47 ` James Bottomley
[not found] ` <71dc0e80-6678-a124-9184-1f93c8532d09@linux.vnet.ibm.com>
2017-02-16 20:06 ` Dr. Greg Wettstein
2017-02-16 20:33 ` Jarkko Sakkinen
2017-02-17 9:56 ` Dr. Greg Wettstein
2017-02-17 12:37 ` Jarkko Sakkinen
2017-02-17 22:37 ` Dr. Greg Wettstein
-- strict thread matches above, loose matches on Subject: below --
2017-02-09 9:06 Dr. Greg Wettstein
2017-02-09 15:19 ` Jarkko Sakkinen
2017-02-09 19:04 ` Jason Gunthorpe
2017-02-09 19:29 ` James Bottomley
2017-02-09 21:54 ` Jason Gunthorpe
2017-02-10 8:48 ` Jarkko Sakkinen
2017-02-09 19:24 ` James Bottomley
2017-02-09 20:05 ` James Bottomley
2017-01-18 20:48 James Bottomley
2017-01-19 12:25 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-19 12:41 ` Jarkko Sakkinen
[not found] ` <o6gdhu$li$1@blaine.gmane.org>
2017-01-27 21:59 ` James Bottomley
2017-01-19 12:59 ` James Bottomley
2017-01-20 13:40 ` Jarkko Sakkinen
[not found] ` <o6gese$pev$1@blaine.gmane.org>
2017-01-27 22:04 ` James Bottomley
2017-01-27 23:35 ` Jason Gunthorpe
2017-01-27 23:48 ` James Bottomley
2017-01-30 0:52 ` Ken Goldman
2017-01-30 16:04 ` [tpmdd-devel] " James Bottomley
2017-01-30 21:58 ` Jarkko Sakkinen
2017-01-30 22:13 ` James Bottomley
2017-01-31 13:31 ` Jarkko Sakkinen
[not found] ` <o6qog0$30l$1@blaine.gmane.org>
2017-01-31 19:55 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170214143829.GA28175@wind.enjellic.com \
--to=gw@idfusion.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=greg@enjellic.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=kgoldman@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox