From 5d18458663042a8e6b901d518259e8f828d08dc3 Mon Sep 17 00:00:00 2001 From: Andrew Lytvynov Date: Wed, 18 Jun 2025 12:08:21 -0700 Subject: [PATCH] feature/tpm: log timing of TPM commands --- feature/tpm/tpm.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/feature/tpm/tpm.go b/feature/tpm/tpm.go index 6feac85e3..1ebbcee1c 100644 --- a/feature/tpm/tpm.go +++ b/feature/tpm/tpm.go @@ -16,6 +16,7 @@ import ( "slices" "strings" "sync" + "time" "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" @@ -128,6 +129,7 @@ func newStore(logf logger.Logf, path string) (ipn.StateStore, error) { key: key, cache: make(map[ipn.StateKey][]byte), } + if err := store.writeSealed(); err != nil { return nil, fmt.Errorf("failed to write initial state file: %w", err) } @@ -186,6 +188,8 @@ func (s *tpmStore) WriteState(k ipn.StateKey, bs []byte) error { } s.cache[k] = bytes.Clone(bs) + s.logf("================ tpmStore.WriteState %q", k) + return s.writeSealed() } @@ -314,14 +318,19 @@ func withSRK(logf logger.Logf, tpm transport.TPM, fn func(srk tpm2.AuthHandle) e // tpmSeal seals the data using SRK of the local TPM. func tpmSeal(logf logger.Logf, data []byte) (*tpmSealedData, error) { + start := time.Now() tpm, err := open() if err != nil { return nil, fmt.Errorf("opening TPM: %w", err) } + logf("tpm: open %v", time.Since(start)) + start = time.Now() defer tpm.Close() var res *tpmSealedData err = withSRK(logf, tpm, func(srk tpm2.AuthHandle) error { + logf("tpm: withSRK %v", time.Since(start)) + start = time.Now() sealCmd := tpm2.Create{ ParentHandle: srk, InSensitive: tpm2.TPM2BSensitiveCreate{ @@ -345,6 +354,8 @@ func tpmSeal(logf logger.Logf, data []byte) (*tpmSealedData, error) { if err != nil { return fmt.Errorf("tpm2.Create: %w", err) } + logf("tpm: tpm2.Create %v", time.Since(start)) + start = time.Now() res = &tpmSealedData{ Private: sealRes.OutPrivate.Buffer,