Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present

From:	Daniel Kiper
Subject:	Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present
Date:	Tue, 29 Nov 2022 16:11:48 +0100
User-agent:	NeoMutt/20170113 (1.7.2)

On Fri, Nov 25, 2022 at 03:00:48PM +0800, Michael Chang via Grub-devel wrote:
> On Thu, Nov 24, 2022 at 05:04:48PM +0100, Daniel Kiper wrote:
> > On Mon, Oct 17, 2022 at 01:19:08PM +0800, Michael Chang via Grub-devel 
> > wrote:
> > > On Fri, Oct 14, 2022 at 11:40:01AM +0200, Daniel Kiper wrote:
> > > > On Fri, Oct 07, 2022 at 01:37:10PM +0800, Michael Chang via Grub-devel 
> > > > wrote:
> > > > > This helps to prevent out of memory error when reading large files 
> > > > > via disabling
> > > > > tpm device as verifier has to read all content into memory in one 
> > > > > chunk to
> > > > > measure the hash and extend to tpm.
> > > >
> > > > How does this patch help when the TPM is present in the system?
> > >
> > > If the firmware menu offers option to disable TPM device, then this
> > > patch can be useful to get around 'out of memory error' through
> > > disabling TPM device from firmware in order to make tpm verifier won't
> > > be in the way of reading huge files.
> > >
> > > This is essentially a compromised solution as long as tpm module can be
> > > a built-in module in signed image and at the same time user may come
> > > across the need to open huge files, for eg, loopback mount in grub for
> > > the rescue image. In this case they could be opted in to disable tpm
> > > device from firmware to proceed if they run into out of memory or other
> > > (slow) reading issues.
> >
> > I think I would prefer something similar to this [1] patch. Of course
> > if [1] is not enough...
>
> The tpm verifier attempts to set GRUB_VERIFY_FLAGS_SINGLE_CHUNK for all
> incoming files, which gets loaded into memory in its entirety as an
> duplicated copy to disk files. The overhead is too huge to some low
> profile hardwares with smaller memory or when the boot path has to cover
> very large files, hence the out of memory error.
>
> I think it inevitable to use GRUB_VERIFY_FLAGS_SINGLE_CHUNK as tpm
> measures and extends file intergrity. But we ought to avoid the overhead
> when TPM device is not present or disabled by the user.
>
> The patch [1] seems to deal with the tpm error which prevents a file
> from being opened, which is orthogonal to the memory allocation issue in
> the common verifier before tpm doing measurement.

This is what I expected. So, that is why I said "Of course if [1] is not
enough..."... :-) Now I think it would be nice if TPM verifier is
disabled when the TPM device is broken/disabled/... and/or somebody sets
a separate environemnt variable in the GRUB. WDYT?

Daniel

[1] 
http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4356538d03c5a5350790b6453b523fb9214c2e9

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present, Daniel Kiper, 2022/11/24
- Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present, Michael Chang, 2022/11/25
  - Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present, Daniel Kiper <=

Prev by Date: Re: Possible memory fault in fs/iso9660 (correction)
Next by Date: Re: [PATCH 2/2] bash-completion:fix shellcheck warning
Previous by thread: Re: [PATCH v2] tpm: Disable tpm verifier if tpm is not present
Next by thread: Re: [PATCH v3 0/2] Fix installation issues on ppc64le
Index(es):
- Date
- Thread