Luke Hinds

As in the address to contact the registrar maybe different to the address the registrar binds to (so we may want two values) so we split it out? registrar.conf `listen_ip...

understood, this is good proposal. I am open to having different configs, but I do see your point, it would make it more complicated change as we would need to...

tagging @stefanberger who may have some ideas here. edit: oh hold on, can you try again with `require_ek_cert` set to `False` https://github.com/keylime/keylime/blob/ac9cfc9c3cc2e82bde8f70d4f5f47b01a75b6ce0/keylime.conf#L369 Unless you have injected your own ek?

This is having trouble connecting to the agent, if your agent running?

Note: We should test this using different sizes of whitelists and if this proves conclusive , we should look into compression or the design of the WL handling.

Keep alive. I think this issue need to morph into an investigation on how to better handle whitelists being iterated over and quieted in the database. It's going to be...

Thanks @rajdroid , it appears to be related to the whitelist size, my guess is we iterate over in an expensive manner and that spikes resource usage - that is...

> Is that the whitelist for IMA verification? If yes, this is surprising to me, as I thought (based only on log interpretation) that the measurement/IMA matching was performed by...

@rajdroid any progress, how is it going?

tagging tpm folks @stefanberger @puiterwijk