Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2537408lqo; Mon, 20 May 2024 08:44:52 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUcCGtKM945Bq6Po/VsICk9Z0V3HVUn4ZH1iayr7v/uWKqKm/eBnujTs3N4dO89D7ZQO1yquPc/xj/NulQ81o0hZ7FQRE2iByBZoAQX+Q== X-Google-Smtp-Source: AGHT+IHQpIri6tH4ji7AYMi/6Qgnj9kfxqXhpOmcAcrJa5aJnsUd/ZpYyHGt2tlOuxPlgHekMK3F X-Received: by 2002:a17:906:2309:b0:a59:bbf0:88f0 with SMTP id a640c23a62f3a-a5a2d55eec2mr2893249266b.18.1716219892154; Mon, 20 May 2024 08:44:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716219892; cv=pass; d=google.com; s=arc-20160816; b=VJrdsz7t6gXuTbUwQX6PQAa1uaxVsJERJD30KpEoeS66O8VQlmudjFDi12kun/brzh Mukpl0tVtwgg724QC3sLw89lmlMq+caZBTdS/0X7yDFClBh6J/YU2XrvPpeqUQRgZENC bbTopyl+FNE2tEekO+xZNACZdcG0OMxhr4A3B8Tqsbj+IvAhGPAU7AbTIHLFK9tN3YZk e5MACZYkbOMgRi8+D9u6lyfGXk9RSv1GE0VeLhoKuZL4E10fPpxIA14bXHp7QPmD/a7S x5KwHGDXI96vhJKXl4eQIHXT5hoDcph3GptAct75lGKz4VhN1bhcNpvEDyyi3L2hdoAE 3pYA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=uSfgs2t1YgTP1h277NBOQGAe5CmGXHOJoDdFHYdTPzA=; fh=ILt4wHAmz+GI6R3h1PPAaoqCKoPuWnw1DeLtdComRlM=; b=O/yPPsQAAhfO7O1TQIy78G20HXJapIfjfD+760H8mfg5YP/d+Z+PQppjeyjQx1tEXc hY+rQTTURH0FpIzjYNO3JSIulXpNQdmk9p3s7eZZFC0CJvBx1zjqCK+Xa34ZvsZmtvw7 t15bY+w5X+pqsI5qy/2peSIJI/cv3i9AorCXuaVZYvWHoTaJDJmAsBrSvVmtDqHDphuA 4kVESeaTHOEYGXyrYpElodNxhIYYWpq5HMNhZT6obTzyA6H8BFHfDx7bUGSc0wZZy82Y a9diZnHbUSdtvjgIzHQ7wxugl9w09IoR5DKE5W/4/C27yZw8VCmtHBr0VykMzZJd5Gkb HSqA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="QpJG34v/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-183922-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-183922-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5cdb323178si604053166b.118.2024.05.20.08.44.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 May 2024 08:44:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-183922-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="QpJG34v/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-183922-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-183922-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id DDF941F219B7 for ; Mon, 20 May 2024 15:44:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5A4C413775E; Mon, 20 May 2024 15:44:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QpJG34v/" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 79F4613774C; Mon, 20 May 2024 15:44:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716219867; cv=none; b=WpR0USPVVzKlGFsmMdixYvomdcMZ0ipP3yAq/DvEZuR/UGfSBWVORPORjRgoXzdYlw6YT23NjBZds4xeFrMGzykMmlk5zEWBstqTZsfGFQ7xnDIjiSnzk9NsU/0AwKxEzGWu8Q0fUKlUdxadytQuOSu57wGX2qkyq6QnBrQAUi0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716219867; c=relaxed/simple; bh=/L4FskE1HfAHScBbUruTM2tjBuSCUX2t8pOV7GehlYs=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=MF3vDxQxzbNxwe+O3Z9973AIXR+QEEHZzmyw+mm/Df8X0g/H7n2qHzWQ/jzC1Haa8fGpOCe1cBTOY/W92QzbAeP/osNpKmRZRC/uRbveu26EQkUIv41YOfvmmgHGCZQtNWejwGQNZ0m6q4JzQskLE7zolbk0HeOsHkAMn2D/ZTU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QpJG34v/; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A3CC2C2BD10; Mon, 20 May 2024 15:44:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716219867; bh=/L4FskE1HfAHScBbUruTM2tjBuSCUX2t8pOV7GehlYs=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=QpJG34v/lOIJWRMRp1RBRrkH8ymaB5o0UPDpba70rf0d/jvmQlr5AoBK4PwxPHniS 89NvhOyKftO/PSEHPid9ByD2VGBSs961xR4bmeCjUyrmO6wcORpw+Hw7snZQH7Mj6W FW4inGyvSKXQ3FKftp/NNbco3CNTsfNlMkyh95GZ5GlXi9n0iRRCUK7uk4xbvcloI4 lWDMwKwz5RKyaE2z5uKVBP9NZluUXNCOmT5RKyqVaxaYl+nSFoF6tPsMsoOyelBMXi 3WLer03ddSQ84LQCw3EzdTRWo3QfG80Tt38qIwqwLjHnbtjyVJc7OGfZRIoqOoin87 xFIZsqi6c7oRw== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Mon, 20 May 2024 18:44:24 +0300 Message-Id: Cc: , "Vitor Soares" , "Peter Huewe" , "Jason Gunthorpe" , "open list" Subject: Re: [PATCH] tpm: Disable TCG_TPM2_HMAC by default From: "Jarkko Sakkinen" To: "James Bottomley" , X-Mailer: aerc 0.17.0 References: <20240518113424.13486-1-jarkko@kernel.org> <41466b65a30a351d57869042e9f130cdb68aab5b.camel@HansenPartnership.com> In-Reply-To: <41466b65a30a351d57869042e9f130cdb68aab5b.camel@HansenPartnership.com> On Mon May 20, 2024 at 5:50 PM EEST, James Bottomley wrote: > On Sat, 2024-05-18 at 14:34 +0300, Jarkko Sakkinen wrote: > > Causes performance drop in initialization so needs to be opt-in. > > Distributors are capable of opt-in enabling this. Could be also > > handled by kernel-command line in the future. > >=20 > > Reported-by: Vitor Soares > > Closes: > > https://lore.kernel.org/linux-integrity/bf67346ef623ff3c452c4f968b7d900= 911e250c3.camel@gmail.com/#t > > Hey, there's no response on that thread verifying the primary > generation is the culprit. Could we at least wait for a reply before > taking such drastic action based on surmise? > > I'd be really surprised if it is primary generation. If I used an RSA > primary it would be a problem (My oldest TPM takes a couple of minutes > to generate one) but the longest I've seen an EC primary take to > generate is still less than a second. > > James Nothing is going to happen before rc1 is out, it would be earliest rc2. ECDSA should be always faster than RSA so you're right that it does not necessarily make much sense, unless there are TPM2 chips with only RSA. It might make sense to have at least a command-line option to disable hmac. BR, Jarkko