On Mon, Jun 01, 2020 at 02:03:37PM +0100, Chris Coulson wrote: > When a file is verified, the entire contents of the verified file are > loaded in to memory and retained until the file handle is closed. A > consequence of this is that opening a loopback image can incur a > significant memory cost. > > As loopback devices are just another disk implementation, don't treat > loopback images any differently to physical disk images, and skip > verification of them. Files opened from the filesystem within a loopback > image will still be passed to verifier modules where required.
I looked at this patch before and while I don't have a lot of experience with grub code, I think this is the smallest solution to our issue at least, given that it seems unlikely anyone actually needs to verify loopback devices. Maybe this really needs to build two modules though, one verified-loopback and one loopback, and then people can build monolithic binaries depending on what behavor they need. I think I'll go ahead merging this downstream into our Ubuntu patchset, so we can move on while we hash out cool plans that allow people to do both verified and unverified loopbacking? -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
