← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #55399

[Bug 1308788] [NEW] IMA significantly increases boot time when enabled

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I have a TPM-enabled laptop (sudo apt-get install trousers tpm-tools &&
sudo tpm_takeownership) and enabled IMA with the following boot options
in GRUB:

"ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version
ima_appraise=fix"

As shown from the attached bootcharts, the boot time goes from circa 25s
to circa 225s on an i7, SSD-based system.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-24-generic 3.13.0-24.46
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER        PID ACCESS COMMAND
 /dev/snd/controlC0:  jpds       2204 F.... pulseaudio
 /dev/snd/controlC1:  jpds       2204 F.... pulseaudio
CurrentDesktop: Unity
Date: Wed Apr 16 19:00:53 2014
InstallationDate: Installed on 2014-04-16 (0 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140410)
MachineType: Hewlett-Packard HP EliteBook Folio 1040 G1
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed root=UUID=31caa47c-4bb8-4d50-b4a7-6c3d2dbf407d ro quiet splash ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-24-generic N/A
 linux-backports-modules-3.13.0-24-generic  N/A
 linux-firmware                             1.127
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/09/2014
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: L83 Ver. 01.05
dmi.board.name: 213E
dmi.board.vendor: Hewlett-Packard
dmi.board.version: KBC Version 24.2A
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvrL83Ver.01.05:bd02/09/2014:svnHewlett-Packard:pnHPEliteBookFolio1040G1:pvrA3009DD18303:rvnHewlett-Packard:rn213E:rvrKBCVersion24.2A:cvnHewlett-Packard:ct10:cvr:
dmi.product.name: HP EliteBook Folio 1040 G1
dmi.product.version: A3009DD18303
dmi.sys.vendor: Hewlett-Packard

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Confirmed


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1308788

Title:
  IMA significantly increases boot time when enabled

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  I have a TPM-enabled laptop (sudo apt-get install trousers tpm-tools
  && sudo tpm_takeownership) and enabled IMA with the following boot
  options in GRUB:

  "ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version
  ima_appraise=fix"

  As shown from the attached bootcharts, the boot time goes from circa
  25s to circa 225s on an i7, SSD-based system.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-24-generic 3.13.0-24.46
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu1
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  jpds       2204 F.... pulseaudio
   /dev/snd/controlC1:  jpds       2204 F.... pulseaudio
  CurrentDesktop: Unity
  Date: Wed Apr 16 19:00:53 2014
  InstallationDate: Installed on 2014-04-16 (0 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140410)
  MachineType: Hewlett-Packard HP EliteBook Folio 1040 G1
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed root=UUID=31caa47c-4bb8-4d50-b4a7-6c3d2dbf407d ro quiet splash ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-24-generic N/A
   linux-backports-modules-3.13.0-24-generic  N/A
   linux-firmware                             1.127
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 02/09/2014
  dmi.bios.vendor: Hewlett-Packard
  dmi.bios.version: L83 Ver. 01.05
  dmi.board.name: 213E
  dmi.board.vendor: Hewlett-Packard
  dmi.board.version: KBC Version 24.2A
  dmi.chassis.type: 10
  dmi.chassis.vendor: Hewlett-Packard
  dmi.modalias: dmi:bvnHewlett-Packard:bvrL83Ver.01.05:bd02/09/2014:svnHewlett-Packard:pnHPEliteBookFolio1040G1:pvrA3009DD18303:rvnHewlett-Packard:rn213E:rvrKBCVersion24.2A:cvnHewlett-Packard:ct10:cvr:
  dmi.product.name: HP EliteBook Folio 1040 G1
  dmi.product.version: A3009DD18303
  dmi.sys.vendor: Hewlett-Packard

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308788/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next