From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1okIc5-0008Rr-3M for mharc-grub-devel@gnu.org; Mon, 17 Oct 2022 01:24:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49560) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1okIbw-0008P0-Q0 for grub-devel@gnu.org; Mon, 17 Oct 2022 01:24:26 -0400 Received: from mail-db8eur05on20605.outbound.protection.outlook.com ([2a01:111:f400:7e1a::605]:54336 helo=EUR05-DB8-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1okIbu-0006j8-N7 for grub-devel@gnu.org; Mon, 17 Oct 2022 01:24:24 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VeHFs5KLwbrduCjV8hGjAk1SWvk6XKPdXLibbqusv0rc+GKojDavCqfD3B8WfvfJ6y5pW6xxe4b9nJgp4uk56Z0cfeaUZ1sO281nQ2IEXZAp3fZsm2z+WurbT3dSeWpZ05dqDvo80HhJx5Xbiij/nBFDsg3wUQMqMqBhh6hmkwGTxNxlovS3Ttlk+Awx0uOx0PgLizbK9WPp8jQWkpgU15A/DUzlwoQxkO1QId2Oi9MT/l9yQDlZDEn9OaGFFemRuSkVBrqtlHpIZ0IVtF/P/WIsymybEd0oThe4OL7ncU6I0EOfUc09pwp+TCyYfwcoPRLf5sknEcN5jSSIpgmYqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uo5zFJwJ2haSrxprHB9hWfxnZjLfA0FHFpGWWCqQcRs=; b=A9Y1FbVUlL2QYZeuKHZdBk7ZPaO2jtU5NOONKd7YJVzP8vN65RM8MqJ6+L49mSX+4Z8PSBEAAu8gIVsHzAPzooZ6MG5twwW+ZzQvNIcpygTbTdj5m5eq6pMXejrdYnXZVq/RVfnS9kchRJL7V/XICxZkxX3qz7zWycI2ft8D4NhejuTkJTzSEu6iWWarFZW0Vgzjuw0E8JorxEIiGf8u3xZL5LGiYzoMt86jyhvSsF84ZGATvQ4NtkvSb6UttAKzV3jjWu5goSiMebuyOpgjNcMtsxZRJdqjDYwqIaIYi5LDoZDCXrghDRLSz4f0Tj3myBVZdMdjCdxw0TSpJ2d6ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uo5zFJwJ2haSrxprHB9hWfxnZjLfA0FHFpGWWCqQcRs=; b=k8d+3INV+SaMa2mrIiagFD6Sy7R5xOGUXhWMQ0PqewEzF9Q8wvbAhRaybOg4pmAwAMu52YjMxOVh8+Oka6xvoopYZ7644awtS5LdbkoOzzIWyGeX1SUJSH0bq5EGiUHCW/jlZb5h4eDOWb5289nmE7f6DDaz4aVo6YIlgwqFk5dBXK/5Mg09RbtN9Wvom//nYLEtve78ZZknhFFvVklhnkFAjSh9RdIha8hY4f/wyTcs+hGxQsYFPOkCL/9+78diJ9EcjVmLwbXTUiHA5cHRP2fRgP38qItAH2iyqImCCausdcaEUE33kQ7Htn/b/2sPtxJ7kK2GgpXxDCeRIgZwyw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DU2PR04MB9081.eurprd04.prod.outlook.com (2603:10a6:10:2f0::13) by AS8PR04MB8165.eurprd04.prod.outlook.com (2603:10a6:20b:3fd::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.26; Mon, 17 Oct 2022 05:19:17 +0000 Received: from DU2PR04MB9081.eurprd04.prod.outlook.com ([fe80::a241:d3e4:c22b:a236]) by DU2PR04MB9081.eurprd04.prod.outlook.com ([fe80::a241:d3e4:c22b:a236%7]) with mapi id 15.20.5723.029; Mon, 17 Oct 2022 05:19:17 +0000 Date: Mon, 17 Oct 2022 13:19:08 +0800 From: Michael Chang To: The development of GNU GRUB Subject: Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present Message-ID: <20221017051908.GA21185@mazu> References: <20221007053710.18345-1-mchang@suse.com> <20221014094001.dqoncqektby34etb@tomti.i.net-space.pl> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221014094001.dqoncqektby34etb@tomti.i.net-space.pl> User-Agent: Mutt/1.10.1 (2018-07-13) X-ClientProxiedBy: TYCPR01CA0136.jpnprd01.prod.outlook.com (2603:1096:400:2b7::6) To DU2PR04MB9081.eurprd04.prod.outlook.com (2603:10a6:10:2f0::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB9081:EE_|AS8PR04MB8165:EE_ X-MS-Office365-Filtering-Correlation-Id: 7564a18c-28fa-4c49-35bc-08daafff234f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: womT37SsF5i6IMMW0+SSHVGDaoOw976RVdSNbJ1akJ2zvP620drvPh2JJZUylx+rVDj/5dApL1T/Pn6JaVuKRV6n13ypgMEY3emZ84ZqEqpSEq0F8K795FtfWqJ8/dDYapf8EQ76ZdybAC4DO2hJ6X6RyJjlLtJWXb08ojUm/oTbTicMVlMkKyLCFvxBO7yr3ovrrYSRubm3syboST6ZJLprEPEwFeCiGnOcwEZGgseQ5MiGqtxe9p3dy9xTnnvNTLfPDY1PbjgnHgA9kyv9V01rNBEm8jCC7Lndb+ft88cV2jdM8VGOMSx7P7mYCV4s6UNY1/QvcUatvH0s40vhkWwU2rCYdM7Lc2lkAGviJuLPWkuP6QB6EWs9aXSti+w+Eh4Yr9GOYwtqWhO5Su6aiss5KepsxOQMXHyDMAX9Ta3YBU2LG1mzDrvMHV8rwZooSmItLM+X/wsZZmmqH6v+9mmMe/aRpRU1dBGrsGcAgWRPWFx8LtmeHyp0p2ZPtjVYjzT61Yg2zmMrDLrSXMEQxSaPtuRMIuFuUEbiAjYlWrWgxeK6awtGx155vJeB4ZKn0cqLj0Qf8sD7uyglPs/4PE4a4+xf2anyVLuyobTqPss7Yzb1amve9YVeE8dDFqZsoLBv2vm+5DINipQvTix9+25Y7fZoftmDRK6yZRQ+x3rivLxIt/ooT2G7a1UxekXMNKMt67Ir5bN70wDsJRvUCiPDfJ/MF+7Uc4uR4K2YCww= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR04MB9081.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(7916004)(136003)(396003)(39860400002)(366004)(346002)(376002)(451199015)(33716001)(33656002)(86362001)(38100700002)(6666004)(83380400001)(66946007)(66476007)(316002)(6916009)(66899015)(8676002)(5660300002)(966005)(6486002)(1076003)(186003)(2906002)(8936002)(6506007)(478600001)(9686003)(66556008)(6512007)(41300700001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?v5+0LXEekaMAyR4/6TuLPGg6h6Abb1uP2lN1Vpk+tvWrSW4g/D7dyl4NlOJj?= =?us-ascii?Q?mh94Npduno52H+njbFnZRIFv2nJwidiA7TDwIUtnLj8rKii29dvnLjh48YQ4?= =?us-ascii?Q?Kbk/0JCaPpbMz9k0SfUCkCqxOPUHBu1pK5e8iFjg1sYIHyuB1skGuYn/KPlO?= =?us-ascii?Q?yT5/q4TGDH/7Pq2YVXG8kwIv+RYscTrXGE9CL45HMQh5oRcUxa9BfDYPHv8j?= =?us-ascii?Q?gbbiF96d7HHFSJ1beBR3XBKJN8TWUHiQ4qi9qRB2COVRkZtijhW65xazOBbm?= =?us-ascii?Q?+nv1zfSpJTo7FyQG14ZjhQsPa5Rlhh6gB0pTae596tJfMKqplB17UJG1Ng6q?= =?us-ascii?Q?dKyspTVnNCkBsKR0e6SuqewwBZXWQ70nAmUCBwcIBJUCnRDyXybtUaiofrGI?= =?us-ascii?Q?6T+RDP7V5TwR0j9m99DdOUcpdOm5fnu9spiq9Yvv6jMDKz7hxjF8JWFmRwsJ?= =?us-ascii?Q?XtFae46lkwGKBgQy2qY4KS3/eqDFJBi1BeeayXX48Jyz5VmZFWThwHY1b6vx?= =?us-ascii?Q?dX7U2i7LHPNMRZaCBXqaGSFk8IkPRMP0EhN8LM7ceLmLSPIICLY1HG1Go0h4?= =?us-ascii?Q?iu3wMEQvlUkvIyjGWjCAcMjDU9EShmFoQzs510vZex6ll5TKoHyFQJSnQfr+?= =?us-ascii?Q?Cx8JtLr3cXcUvwJE7FPULEahZLKLAVqTBx9Dx6omfvstG7XmvMgZUgyjfQLB?= =?us-ascii?Q?/59Vh0t3lq1nd7EwpnjG1/YROomgeuv0vrPfcBMoN/mo8SZI4TCXGm8JqVWZ?= =?us-ascii?Q?/u+MlGC2zODCgmqVfecMVxkZp4u4O9dIA+oXWYRb/lgaFr9bcQr5YzGprPhL?= =?us-ascii?Q?skl1zu6696SO/iUKwV7F5ubW0WpcO9Q7rvdz0CYk9xY6dFBKP88o2x8DmLR5?= =?us-ascii?Q?YrukAKsHZRSB9f1DctYvYcI2iRuW1MAkyttqq0zimuHyGr+RolIQv7vOvrr1?= =?us-ascii?Q?mQBy/kfv9JQeyF74h1DCSJBmQ8DQbvFTD4d7xbNitHWeWLsKCf35IRwlxt6Y?= =?us-ascii?Q?RpRxoTn0ek7oPNK4tXP/uPDpmmUf+Q9cX3WPvdoMgomDwPwpjWyigk43tZ+J?= =?us-ascii?Q?4sVpUcFNh5mJUlphf6drJjIT+kBNhbhitPfQZdH6X97VgiJ1W2cERpKCl8zi?= =?us-ascii?Q?/+bpN7LZVuKaH+b1vGIZNU2WooeQKQZFo3Wvu8k+Dg7WmvyA7y5nZ7wRczmU?= =?us-ascii?Q?z0FL3nMFdxuPL56xsqfTHj9qMlIb5xnejvJJSXxPYDbvwL9qpT4xkhSGqhsw?= =?us-ascii?Q?KoIKZq6wVEHz1u9HKjcubzrk/7dDtgR/QZvpiha2KtQ9onXwAjAK8ALsN8Vz?= =?us-ascii?Q?0hxZHgAVGUZdjOP3YPMJ6Bn1nPP7RiMjGVKd8CJSzcYU1w7I9BRUrcW5mW7B?= =?us-ascii?Q?zZNU6xXXox50wxLAsiM5wlFHGUE7kEVC62FoGqbQI7wOviAjG8G9cEfWPzZ3?= =?us-ascii?Q?2ZXdmz80iXTV+gYzyw4itJr/5heNYr4bXSFQLKdxkCj0ZGfhgB1Giyvx0hvw?= =?us-ascii?Q?qmaNSSwCKOgmsdSs0NMYqhUfZsdxVSRXug0pEltHQYQsLDlC7JtNbGwDqS4j?= =?us-ascii?Q?J6giVggAZS/xj8sMM2aC6EePT19OlBpCCVljGngnHEdweEneChWyoEQEbDfo?= =?us-ascii?Q?PybYxhw1SOhMpgIYZYY20niSi+/Cl6l01epWoOMHNK0L?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7564a18c-28fa-4c49-35bc-08daafff234f X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB9081.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Oct 2022 05:19:17.1823 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: T7fcLQY4QABh4ciQdLmXJ6pXEsaR6vtYQvB8A0yNc/p9Cpw9YT7zfp8zm5Bherba X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8165 Received-SPF: pass client-ip=2a01:111:f400:7e1a::605; envelope-from=MChang@suse.com; helo=EUR05-DB8-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2022 05:24:30 -0000 On Fri, Oct 14, 2022 at 11:40:01AM +0200, Daniel Kiper wrote: > On Fri, Oct 07, 2022 at 01:37:10PM +0800, Michael Chang via Grub-devel wrote: > > This helps to prevent out of memory error when reading large files via disabling > > tpm device as verifier has to read all content into memory in one chunk to > > measure the hash and extend to tpm. > > How does this patch help when the TPM is present in the system? If the firmware menu offers option to disable TPM device, then this patch can be useful to get around 'out of memory error' through disabling TPM device from firmware in order to make tpm verifier won't be in the way of reading huge files. This is essentially a compromised solution as long as tpm module can be a built-in module in signed image and at the same time user may come across the need to open huge files, for eg, loopback mount in grub for the rescue image. In this case they could be opted in to disable tpm device from firmware to proceed if they run into out of memory or other (slow) reading issues. Thanks, Michael > > Daniel > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel