IMA significantly increases boot time when enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
I have a TPM-enabled laptop (sudo apt-get install trousers tpm-tools && sudo tpm_takeownership) and enabled IMA with the following boot options in GRUB:
"ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix"
As shown from the attached bootcharts, the boot time goes from circa 25s to circa 225s on an i7, SSD-based system.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-
ProcVersionSign
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
/dev/snd/
CurrentDesktop: Unity
Date: Wed Apr 16 19:00:53 2014
InstallationDate: Installed on 2014-04-16 (0 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140410)
MachineType: Hewlett-Packard HP EliteBook Folio 1040 G1
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=
RelatedPackageV
linux-
linux-
linux-firmware 1.127
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/09/2014
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: L83 Ver. 01.05
dmi.board.name: 213E
dmi.board.vendor: Hewlett-Packard
dmi.board.version: KBC Version 24.2A
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-
dmi.product.name: HP EliteBook Folio 1040 G1
dmi.product.
dmi.sys.vendor: Hewlett-Packard
Changed in linux (Ubuntu): | |
assignee: | nobody → Chris J Arges (arges) |
Changed in linux (Ubuntu): | |
assignee: | Chris J Arges (arges) → nobody |
I've been told that adding "iversion" to the root filesystem's fstab options improves performance, here's a bootchart with that option enabled.