[SLOF] [PATCH 00/16] Add vTPM support to SLOF

Stefan Berger stefanb at linux.vnet.ibm.com
Tue Sep 29 23:54:29 AEST 2015 

On 09/29/2015 04:45 AM, Nikunj A Dadhania wrote:
> Hi Stefan,
>
> Stefan Berger <stefanb at linux.vnet.ibm.com> writes:
>
>> The following series of patches adds TPM support to SLOF.
>> In particular it adds the following:
>>
>> - TPM drivers for hardware interface and CRQ interface
>> - TPM initialization
>> - TPM logging area and firmware API to transfer it to the OS
>>    (measurements are visible in sysfs)
>> - Some measurement code (Static Core Root Of Trust)
>> - TPM menu (accessible via 't' key during boot if TPM is available)
>> - Firmware API extensions following Power Firmware Doc
>>    (to make trusted grub work)
> How much impact does this have on the boot time of the guest? Can you
> share some measurements with and without this patches.

I conducted the following 3 tests with 5 starts of QEMU each. I measured 
the startup time (in seconds) using a stop watch from the point QEMU 
started until the login prompt appeared on the console. The Linux kernel 
did not have a built-in vTPM driver, so there is no additional time 
spent interacting with the vTPM on this level.

1) SLOF without patches applied, no  attached vTPM: 18.8, 18.3, 18.9, 
18.9, 18.7
2) SLOF with    patches applied, no  attached vTPM: 18.5, 18.7, 18.8, 
18.6, 18.9
3) SLOF with    patches applied, and attached vTPM: 21.8, 21.7, 20.4, 
21.2, 22.9

Comments:

2) SLOF with patches applied and no attached vTPM probes for an attached 
vTPM and since it did not find one, it will not spend time interacting 
with it.

3) SLOF with patches applied and an attached vTPM will interact with the 
vTPM; initialization of the vTPM also involves testing of crypto 
algorithms and further interaction with the TPM accounts for the 
additional time spent.

Regards,
     Stefan


>
>> Necessarily, some of its parts are written in Forth, many are written
>> in 'C'. The extensions are known to work with QEMU for ppc64 running Linux.
>>
>> Patches 4-6 will eventually need to be merged to avoid compiler warnings
>> related to unused functions.
>>
>> Regards,
>>      Stefan
>>
> Regards,
> Nikunj

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/slof/attachments/20150929/96f9ea42/attachment.html>

More information about the SLOF mailing list