Improve the decryption flow. |
|
Issue descriptionCurrently, with password authentication the DecryptTPM flow is executed three times for TPM2.0 devices (when correct password is provided). First to mount the cryptohome. Second to ResetLECredentials - called inside ChromeOS. Third to RemoveKeyset, which turns out to not be present - called from Chrome. The second and third flows could be halted most of the times without doing the decrypt flow. For the second, the tree could be checked. For the third, the existence of the keyset.
,
Dec 20
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/20357cb1d4dd33506fa5d6789d3e59163e5bc8bb commit 20357cb1d4dd33506fa5d6789d3e59163e5bc8bb Author: Igor <igorcov@chromium.org> Date: Thu Dec 20 18:03:49 2018 cryptohome: Improve ResetLECredentials ResetLECredentials tries to go through expensive authenticate operation before looking for vault keyset to reset. Many times user has no LECredentials keyset, so the authentication just wastes time. This change tries to check the credentials only if at least one LECredentials keyset was found. Another optimization that can be done, is to check if the failed attempts counter in the keyset is greater than zero. Otherwise it makes no sense to reset, so we could avoid authentication in that case too. That is planned to be done in a separate CL. BUG=chromium:912126 TEST=None Change-Id: I7a9f45bbdaec53d49ad65b000192fecb2cbb7d8b Reviewed-on: https://chromium-review.googlesource.com/1384310 Commit-Ready: Igor <igorcov@chromium.org> Tested-by: Igor <igorcov@chromium.org> Reviewed-by: Igor <igorcov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/20357cb1d4dd33506fa5d6789d3e59163e5bc8bb/cryptohome/homedirs.cc |
|
►
Sign in to add a comment |
|
Comment 1 by bugdroid1@chromium.org
, Dec 18