linux-kernel August 2008 archive
Main Archive Page > Month Archives  > linux-kernel archives
linux-kernel: Re: [PATCH 1/4] integrity: TPM internel kernel int

Re: [PATCH 1/4] integrity: TPM internel kernel interface

From: Kenneth Goldman <kgoldman_at_nospam>
Date: Mon Aug 18 2008 - 15:01:04 GMT
To: Pavel Machek <pavel@suse.cz>


Pavel Machek <pavel@suse.cz> wrote on 08/14/2008 07:12:10 AM:

> Only 2 TPMs I've seen were on pluggable modules... which was fortunate
> because they slowed down boot by 5+ minutes, and broke it completely
> in other cases. Nickname 'kurvitko' (aka useless trash that breaks
> stuff). They are currently lying under my table, disconnected.
>
> (OTOH they were not on PCI, but on some low-count pin header).

1 - The pluggable modules use a standard LPC bus header. In my> experience, all the TPM vendors supply them in low quantities for evaluation and test, but no one expects them to be used in production because of the security issues.

2 - I'd be interested to know whether the slowdown was in the BIOS, in the OS boot, or on bringup of an application? Was this Linux or some other OS?

Both the TCG and the platform vendors are very sensitive to the BIOS part of the boot time. For example, the TPM self test is broken into a fast part for features that are required before boot and a slower part that can be done later. There are recommendations to break up hashing to remove the TPM from the critical path.

Even then, the slowest TPM operation is keypair creation, on the order of 1-5 seconds, which should not be required during boot. I wonder if the problem was actually a code bug or unsupported operation causing timeouts?

It would be great if you could debug a bit and report your findings to us. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html