www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Jarkko Sakkinen <jarkko@kernel.org>
	Wed, 13 Nov 2024 05:54:12 +0000 (07:54 +0200)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Wed, 13 Nov 2024 19:10:45 +0000 (21:10 +0200)
commit	27184f8905ba680f22abf1707fbed24036a67119
tree	41ee96a7f5cc05747216cd7401c6014dfa7280fd	tree
parent	14b6320953a3f856a3f93bf9a0e423395baa593d	commit \| diff

tpm: Opt-in in disable PCR integrity protection

The initial HMAC session feature added TPM bus encryption and/or integrity
protection to various in-kernel TPM operations. This can cause performance
bottlenecks with IMA, as it heavily utilizes PCR extend operations.

In order to mitigate this performance issue, introduce a kernel
command-line parameter to the TPM driver for disabling the integrity
protection for PCR extend operations (i.e. TPM2_PCR_Extend).

Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Link: https://lore.kernel.org/linux-integrity/20241015193916.59964-1-zohar@linux.ibm.com/
Fixes: 6519fea6fd37 ("tpm: add hmac checks to tpm2_pcr_extend()")
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Co-developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
drivers/char/tpm/tpm-buf.c		diff \| blob \| history
drivers/char/tpm/tpm2-cmd.c		diff \| blob \| history
drivers/char/tpm/tpm2-sessions.c		diff \| blob \| history
include/linux/tpm.h		diff \| blob \| history