On Fri, 2024-09-06 at 14:32 +0200, Roberto Sassu wrote: > Hi all > > when running the benchmark on my new component, the Integrity Digest > Cache, I ran into a serious performance issue. > > The benchmark is extending a TPM PCR with 12313 entries of the IMA > measurement list, and calculating the time elapsed for the operation. > > Without TPM HMAC: 102.8 seconds > > With TPM HMAC: 1941.71 seconds Jarkko patch set [1] improved the performance: 404.4 seconds Still quite slow. We should consider not only the boot performance. Depending on the use case, IMA can be used after boot and slow down applications performance. Thanks Roberto [1] https://lore.kernel.org/linux-integrity/20240921120811.1264985-1-jarkko@xxxxxxxxxx/
