[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present
From: |
Daniel Kiper |
Subject: |
Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present |
Date: |
Thu, 24 Nov 2022 17:04:48 +0100 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Mon, Oct 17, 2022 at 01:19:08PM +0800, Michael Chang via Grub-devel wrote:
> On Fri, Oct 14, 2022 at 11:40:01AM +0200, Daniel Kiper wrote:
> > On Fri, Oct 07, 2022 at 01:37:10PM +0800, Michael Chang via Grub-devel
> > wrote:
> > > This helps to prevent out of memory error when reading large files via
> > > disabling
> > > tpm device as verifier has to read all content into memory in one chunk to
> > > measure the hash and extend to tpm.
> >
> > How does this patch help when the TPM is present in the system?
>
> If the firmware menu offers option to disable TPM device, then this
> patch can be useful to get around 'out of memory error' through
> disabling TPM device from firmware in order to make tpm verifier won't
> be in the way of reading huge files.
>
> This is essentially a compromised solution as long as tpm module can be
> a built-in module in signed image and at the same time user may come
> across the need to open huge files, for eg, loopback mount in grub for
> the rescue image. In this case they could be opted in to disable tpm
> device from firmware to proceed if they run into out of memory or other
> (slow) reading issues.
I think I would prefer something similar to this [1] patch. Of course
if [1] is not enough...
Daniel
[1]
http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4356538d03c5a5350790b6453b523fb9214c2e9
- Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present,
Daniel Kiper <=