On Mon, Oct 17, 2022 at 01:19:08PM +0800, Michael Chang via Grub-devel wrote: > On Fri, Oct 14, 2022 at 11:40:01AM +0200, Daniel Kiper wrote: > > On Fri, Oct 07, 2022 at 01:37:10PM +0800, Michael Chang via Grub-devel > > wrote: > > > This helps to prevent out of memory error when reading large files via > > > disabling > > > tpm device as verifier has to read all content into memory in one chunk to > > > measure the hash and extend to tpm. > > > > How does this patch help when the TPM is present in the system? > > If the firmware menu offers option to disable TPM device, then this > patch can be useful to get around 'out of memory error' through > disabling TPM device from firmware in order to make tpm verifier won't > be in the way of reading huge files. > > This is essentially a compromised solution as long as tpm module can be > a built-in module in signed image and at the same time user may come > across the need to open huge files, for eg, loopback mount in grub for > the rescue image. In this case they could be opted in to disable tpm > device from firmware to proceed if they run into out of memory or other > (slow) reading issues.
I think I would prefer something similar to this [1] patch. Of course if [1] is not enough... Daniel [1] http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4356538d03c5a5350790b6453b523fb9214c2e9 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
