5 Replies Latest reply: Aug 19, 2014 10:48 AM by Cindys-Oracle RSS

    TPM on Solaris 11 is really broken

    RaiderOfTheLostSparc

      Hi, is it just me or is TPM broken on Solaris 11.1+?

       

      root@t4-1:/ # modinfo | grep tpm

      205 7b67e570   32f8 248   1  tpm (TPM 1.2 driver)

       

      root@t4-1:/ # pkg list entire

      NAME (PUBLISHER)                                  VERSION                    IFO

      entire                                            0.5.11-0.175.1.17.0.5.0    i--

       

      root@t4-1:/ # svcs tcsd

      STATE          STIME    FMRI

      online         12:10:20 svc:/application/security/tcsd:default

       

      Fire up some curl's to "exercise" tscd (I think exec'ing a program is checking the elf signature using TPM provided crypto algos?)

       

      $ echo "TPM on Solaris 11.1+ sucks" > /tmp/tpm.txt

      $ while :; do print -n '.'; curl -so /dev/null file:///tmp/tpm.txt; done

      $ while :; do print -n '.'; curl -so /dev/null file:///tmp/tpm.txt; done

      $ while :; do print -n '.'; curl -so /dev/null file:///tmp/tpm.txt; done

       

      Watch them go slowly, and after a few minutes all the curls just hang:

       

      root@t4-1:/ # pgrep -lf curl

      5805 curl -so /dev/null file:///tmp/tpm.txt

      5812 curl -so /dev/null file:///tmp/tpm.txt

      5813 curl -so /dev/null file:///tmp/tpm.txt

       

      While tcsd is still working hard:

       

         PID USERNAME NLWP PRI NICE  SIZE   RES STATE    TIME    CPU COMMAND
      14202 root       11   1    0 5576K 4168K cpu/29  69:33  1.53% tcsd

       

      Everything's fine (and faster!) when tcsd is disabled though.

       

      PS: also happens on Intel x86 hardware with TPM