New issue
Advanced search Search tips

Issue 851053 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Jun 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug

Blocking:
issue 851113


Participants' hotlists:
TPM-Userland-Performance


Sign in to add a comment

trunks: allow sessions without parameter encryption

Project Member Reported by apronin@chromium.org, Jun 8 2018

Issue description

Trunks already supports using sessions with or w/o the 1st parameter encryption. However, a salted sessionKey is always created to protect authValue.

We should be able to start sessions with an empty sessionKey and w/o salt encryption for the use cases that don't need it: known, typically empty, authValue and no parameter encryption needed.

That should noticeably improve performance. 
StartAuthSession is known to be typically taking ~800ms because of key initialization needed for that: b/35579370#comment41
 
Blocking: 851113
Description: Show this description
Cc: xzhou@chromium.org
xzhou: This should solve your 800ms problem for accessing NVRAM. CL is here: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1037689
Project Member

Comment 4 by bugdroid1@chromium.org, Jun 14 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/1d380a08700edb30de55f2029913dc5dcb3eb4e3

commit 1d380a08700edb30de55f2029913dc5dcb3eb4e3
Author: Andrey Pronin <apronin@chromium.org>
Date: Thu Jun 14 21:40:39 2018

platform2: support unsalted sessions in trunks

Allow unsalted sessions (tpmKey = NULL instead of the salting key).

In addition, for sessions with enable_decryption == false, since we
won't be using encryption in the followup commands, set symmetric
algorithm to TPM_ALG_NULL.

This CL adds the option of having unsalted sessions, but doesn't change
the current behavior of callers, which always create salted sessions.

BUG= chromium:851053 
TEST=unit tests

Change-Id: Ibfb61241b3feb866286ecd1c77c42aa9d1eaecc2
Reviewed-on: https://chromium-review.googlesource.com/1037689
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/trunks_factory_for_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/scoped_global_session_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/hmac_session_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/tpm_utility_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/tpm_manager/server/tpm2_nvram_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/cryptohome/tpm2_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/session_manager_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/policy_session_impl.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/chaps/tpm2_utility_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/chaps/tpm2_utility_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/policy_session_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/hmac_session_impl.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/attestation/common/tpm_utility_v2.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/cryptohome/signature_sealing_backend_tpm2_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/mock_policy_session.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/cryptohome/tpm2_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/scoped_global_session.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/hmac_session.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/hmac_session_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/session_manager.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/session_manager_impl.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/session_manager_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/tpm_manager/server/tpm2_initializer_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/tpm_manager/server/tpm2_nvram_impl.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/trunks_client_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/policy_session_test.cc
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/mock_session_manager.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/mock_hmac_session.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/policy_session.h
[modify] https://crrev.com/1d380a08700edb30de55f2029913dc5dcb3eb4e3/trunks/tpm_utility_impl.cc

Status: Fixed (was: Untriaged)
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 25 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/c4b3b6eaca44151b0bcced12970afa40eea3eb5a

commit c4b3b6eaca44151b0bcced12970afa40eea3eb5a
Author: Andrey Pronin <apronin@chromium.org>
Date: Mon Jun 25 17:52:51 2018

trunks: add key operations to trunks_client

To test and measure performance of basic key operations
add ability to invoke them through trunks_client CLI.

BUG= chromium:851053 
TEST=build; try trunks_client --key* options on fizz

Change-Id: I57384dd3e863eb876a34e7f97f10850a0c46637e
Reviewed-on: https://chromium-review.googlesource.com/1098527
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/c4b3b6eaca44151b0bcced12970afa40eea3eb5a/trunks/trunks_client.cc

Sign in to add a comment