From: Michael Chang <mchang@suse.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present
Date: Mon, 17 Oct 2022 13:19:08 +0800 [thread overview]
Message-ID: <20221017051908.GA21185@mazu> (raw)
In-Reply-To: <20221014094001.dqoncqektby34etb@tomti.i.net-space.pl>
On Fri, Oct 14, 2022 at 11:40:01AM +0200, Daniel Kiper wrote:
> On Fri, Oct 07, 2022 at 01:37:10PM +0800, Michael Chang via Grub-devel wrote:
> > This helps to prevent out of memory error when reading large files via disabling
> > tpm device as verifier has to read all content into memory in one chunk to
> > measure the hash and extend to tpm.
>
> How does this patch help when the TPM is present in the system?
If the firmware menu offers option to disable TPM device, then this
patch can be useful to get around 'out of memory error' through
disabling TPM device from firmware in order to make tpm verifier won't
be in the way of reading huge files.
This is essentially a compromised solution as long as tpm module can be
a built-in module in signed image and at the same time user may come
across the need to open huge files, for eg, loopback mount in grub for
the rescue image. In this case they could be opted in to disable tpm
device from firmware to proceed if they run into out of memory or other
(slow) reading issues.
Thanks,
Michael
>
> Daniel
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2022-10-17 5:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-07 5:37 [PATCH v2] tpm: Disable tpm verifier if tpm is not present Michael Chang
2022-10-14 9:40 ` Daniel Kiper
2022-10-17 5:19 ` Michael Chang [this message]
2022-11-24 16:04 ` Daniel Kiper
2022-11-25 7:00 ` Michael Chang
2022-11-29 15:11 ` Daniel Kiper
2023-02-20 4:57 ` Michael Chang
2023-02-23 13:22 ` Daniel Kiper
2023-02-28 3:22 ` Michael Chang
2023-03-02 18:59 ` Daniel Kiper
2023-03-03 4:18 ` Michael Chang
2023-03-03 18:19 ` Daniel Kiper
2023-03-06 3:58 ` Michael Chang
2023-02-16 18:02 ` Stefan Berger
2023-02-20 4:39 ` Michael Chang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221017051908.GA21185@mazu \
--to=mchang@suse.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.