On 8/1/2023 3:12 PM, Sush Shringarputale wrote:
In addition, a large IMA log can add pressure on the network bandwidth when
the attestation client sends it to remote-attestation-service.
I would not worry too much about network bandwidth.
1. Every solution eventually realizes that sending the entire log each
time hurts performance. The verifier will ask the attestor, "give me
everything since record n", and the number of new entries approaches zero.
2. My benchmarks show that
On the client, the TPM quote time swamps everything else.
On the server, verifying the IMA entry signatures swamps everything else.
The network transfer time is negligible.