[SLOF] [PATCH 00/16] Add vTPM support to SLOF

Nikunj A Dadhania nikunj at linux.vnet.ibm.com
Wed Sep 30 15:48:28 AEST 2015 

Stefan Berger <stefanb at linux.vnet.ibm.com> writes:

> On 09/29/2015 04:45 AM, Nikunj A Dadhania wrote:
>> Hi Stefan,
>>
>> Stefan Berger <stefanb at linux.vnet.ibm.com> writes:
>>
>>> The following series of patches adds TPM support to SLOF.
>>> In particular it adds the following:
>>>
>>> - TPM drivers for hardware interface and CRQ interface
>>> - TPM initialization
>>> - TPM logging area and firmware API to transfer it to the OS
>>>    (measurements are visible in sysfs)
>>> - Some measurement code (Static Core Root Of Trust)
>>> - TPM menu (accessible via 't' key during boot if TPM is available)
>>> - Firmware API extensions following Power Firmware Doc
>>>    (to make trusted grub work)
>> How much impact does this have on the boot time of the guest? Can you
>> share some measurements with and without this patches.
>
> I conducted the following 3 tests with 5 starts of QEMU each. I measured 
> the startup time (in seconds) using a stop watch from the point QEMU 
> started until the login prompt appeared on the console. The Linux kernel 
> did not have a built-in vTPM driver, so there is no additional time 
> spent interacting with the vTPM on this level.
>
> 1) SLOF without patches applied, no  attached vTPM: 18.8, 18.3, 18.9, 
> 18.9, 18.7
> 2) SLOF with    patches applied, no  attached vTPM: 18.5, 18.7, 18.8, 
> 18.6, 18.9
> 3) SLOF with    patches applied, and attached vTPM: 21.8, 21.7, 20.4, 
> 21.2, 22.9

Nice, not much difference in case 2, which is important.

I generally time these kind of things using expect script:

**********************************************************************
#!/usr/bin/expect
set QEMUPPC64  "/home/nikunj/work/setup/qemu/bin/qemu-system-ppc64"
set timeout 600

log_user=0
spawn $QEMUPPC64 <qemu command line parameters>
expect {
    # expected booted string/login string of VM
    "# "
    {
        send_user "Success\n"   
        close
    }
    timeout { send_user "\nFailed 1a\n" }
}
**********************************************************************

And run the test:
    for i in `seq 1 10`; do time expect -f boot-test.exp; done

>
> Comments:
>
> 2) SLOF with patches applied and no attached vTPM probes for an attached 
> vTPM and since it did not find one, it will not spend time interacting 
> with it.
>
> 3) SLOF with patches applied and an attached vTPM will interact with the 
> vTPM; initialization of the vTPM also involves testing of crypto 
> algorithms and further interaction with the TPM accounts for the 
> additional time spent.

Thanks,
Nikunj

More information about the SLOF mailing list