Ubuntu
linux package

IMA significantly increases boot time when enabled

Bug #1308788 reported by Jonathan Davies
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

I have a TPM-enabled laptop (sudo apt-get install trousers tpm-tools && sudo tpm_takeownership) and enabled IMA with the following boot options in GRUB:

"ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix"

As shown from the attached bootcharts, the boot time goes from circa 25s to circa 225s on an i7, SSD-based system.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-24-generic 3.13.0-24.46
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: jpds 2204 F.... pulseaudio
 /dev/snd/controlC1: jpds 2204 F.... pulseaudio
CurrentDesktop: Unity
Date: Wed Apr 16 19:00:53 2014
InstallationDate: Installed on 2014-04-16 (0 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140410)
MachineType: Hewlett-Packard HP EliteBook Folio 1040 G1
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed root=UUID=31caa47c-4bb8-4d50-b4a7-6c3d2dbf407d ro quiet splash ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-24-generic N/A
 linux-backports-modules-3.13.0-24-generic N/A
 linux-firmware 1.127
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/09/2014
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: L83 Ver. 01.05
dmi.board.name: 213E
dmi.board.vendor: Hewlett-Packard
dmi.board.version: KBC Version 24.2A
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvrL83Ver.01.05:bd02/09/2014:svnHewlett-Packard:pnHPEliteBookFolio1040G1:pvrA3009DD18303:rvnHewlett-Packard:rn213E:rvrKBCVersion24.2A:cvnHewlett-Packard:ct10:cvr:
dmi.product.name: HP EliteBook Folio 1040 G1
dmi.product.version: A3009DD18303
dmi.sys.vendor: Hewlett-Packard

Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :

I've been told that adding "iversion" to the root filesystem's fstab options improves performance, here's a bootchart with that option enabled.

Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v3.15 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

If you are unable to test the mainline kernel, for example it will not boot, please add the tag: 'kernel-unable-to-test-upstream'.
Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.15-rc1-trusty/

Changed in linux (Ubuntu):
importance: Undecided → Medium
tags: added: kernel-da-key
Revision history for this message
Jonathan Davies (jpds) wrote :

This is a bootchart of my system with a stripped down version of Ubuntu. Read:

- No recommended packages installed by default.
- pkgsel/include set to ubuntu-desktop firefox gnome-screensaver gnome-terminal indicator-application indicator-appmenu indicator-datetime indicator-messages indicator-power indicator-printers indicator-session indicator-sound libreoffice-calc libreoffice-gnome libreoffice-gtk libreoffice-impress libreoffice-writer network-manager network-manager-gnome plymouth-theme-ubuntu-logo rhythmbox ttf-ubuntu-font-family unity-lens-applications unity-lens-files unity-lens-music xchat xchat-indicator

Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :
Revision history for this message
Jonathan Davies (jpds) wrote :

Comment #9 also has the difference from the above charts that it's using legacy boot instead of EFI.

tags: added: kernel-bug-exists-upstream
Revision history for this message
Jonathan Davies (jpds) wrote :

No difference between boot speeds (3.13 vs. 3.15); deeming: kernel-bug-exists-upstream.

Chris J Arges (arges)
Changed in linux (Ubuntu):
assignee: nobody → Chris J Arges (arges)
Chris J Arges (arges)
Changed in linux (Ubuntu):
assignee: Chris J Arges (arges) → nobody
To post a comment you must log in.