Jarkko Sakkinen
authored
The initial HMAC session feature added TPM bus encryption and/or integrity protection to various in-kernel TPM operations. This can cause performance bottlenecks with IMA, as it heavily utilizes PCR extend operations. In order to mitigate this performance issue, introduce a kernel command-line parameter to the TPM driver for disabling the integrity protection for PCR extend operations (i.e. TPM2_PCR_Extend). Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Link: https://lore.kernel.org/linux-integrity/20241015193916.59964-1-zohar@linux.ibm.com/ Fixes: 6519fea6 ("tpm: add hmac checks to tpm2_pcr_extend()") Tested-by:Mimi Zohar <zohar@linux.ibm.com> Co-developed-by:
Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by:
Jarkko Sakkinen <jarkko@kernel.org>