I've been told that adding "iversion" to the root filesystem's fstab options improves performance, here's a bootchart with that option enabled.
** Attachment added: "Bootchart with IMA-enabled take 4 (root fstab with iversion option)" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308788/+attachment/4085791/+files/arwan-trusty-20140416-4-iversion.png -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1308788 Title: IMA significantly increases boot time when enabled Status in “linux” package in Ubuntu: Confirmed Bug description: I have a TPM-enabled laptop (sudo apt-get install trousers tpm-tools && sudo tpm_takeownership) and enabled IMA with the following boot options in GRUB: "ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix" As shown from the attached bootcharts, the boot time goes from circa 25s to circa 225s on an i7, SSD-based system. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-24-generic 3.13.0-24.46 ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9 Uname: Linux 3.13.0-24-generic x86_64 ApportVersion: 2.14.1-0ubuntu1 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: jpds 2204 F.... pulseaudio /dev/snd/controlC1: jpds 2204 F.... pulseaudio CurrentDesktop: Unity Date: Wed Apr 16 19:00:53 2014 InstallationDate: Installed on 2014-04-16 (0 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140410) MachineType: Hewlett-Packard HP EliteBook Folio 1040 G1 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed root=UUID=31caa47c-4bb8-4d50-b4a7-6c3d2dbf407d ro quiet splash ima_tcb ima_audit=1 ima_appraise_tcb rootflags=i_version ima_appraise=fix vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-3.13.0-24-generic N/A linux-backports-modules-3.13.0-24-generic N/A linux-firmware 1.127 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 02/09/2014 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: L83 Ver. 01.05 dmi.board.name: 213E dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 24.2A dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvrL83Ver.01.05:bd02/09/2014:svnHewlett-Packard:pnHPEliteBookFolio1040G1:pvrA3009DD18303:rvnHewlett-Packard:rn213E:rvrKBCVersion24.2A:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP EliteBook Folio 1040 G1 dmi.product.version: A3009DD18303 dmi.sys.vendor: Hewlett-Packard To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308788/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
