When the TPM module is loaded, the verifier reads the entire file into memory, measures and extends the hash, and uses the verified content as a backing buffer for disk files. However, this process can result in a high memory utilization cost per file operation, sometimes causing the system to run out of memory, which can lead to boot failure. To address this issue, previous patches have optimized memory management by dynamically allocating heap space to maximize memory usage and reduce the threat of memory exhaustion. But in some cases, problems may still arise, such as when large ISO images are mounted using loopback or when dealing with embedded systems with limited memory resources.
Unfortunately, the current implementation of the TPM module doesn't allow for the elimination of the back buffer once it is loaded, even if no TPM device is present or the device has been explicitly disabled. This can lead to wasted memory. To solve this issue, a patch has been developed to detect the TPM status at the time of loading and skip verifier registration if the device is missing or deactivated. This prevents the allocation of memory for a back buffer, avoiding wasted memory when no real measure boot functionality is performed. This patch also provides users with the option to disable the TPM device to free up memory in scenarios where the system can't afford the high memory utilization cost. Signed-off-by: Michael Chang <mch...@suse.com> Signed-off-by: Stefan Berger <stef...@linux.ibm.com> --- grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++ grub-core/commands/ieee1275/ibmvtpm.c | 20 +++++++-------- grub-core/commands/tpm.c | 11 ++++++++ include/grub/tpm.h | 1 + 4 files changed, 59 insertions(+), 10 deletions(-) diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c index ae09c1bf8..e1f343fea 100644 --- a/grub-core/commands/efi/tpm.c +++ b/grub-core/commands/efi/tpm.c @@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, else return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description); } + +int +grub_tpm_present (void) +{ + grub_efi_handle_t tpm_handle; + grub_efi_uint8_t protocol_version; + + if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) + return 0; + + if (protocol_version == 1) + { + grub_efi_tpm_protocol_t *tpm; + + tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (!tpm) + { + grub_dprintf ("tpm", "Cannot open TPM protocol\n"); + return 0; + } + return grub_tpm1_present (tpm); + } + else + { + grub_efi_tpm2_protocol_t *tpm; + + tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (!tpm) + { + grub_dprintf ("tpm", "Cannot open TPM protocol\n"); + return 0; + } + return grub_tpm2_present (tpm); + } +} diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c index 239942d27..e01759c17 100644 --- a/grub-core/commands/ieee1275/ibmvtpm.c +++ b/grub-core/commands/ieee1275/ibmvtpm.c @@ -135,16 +135,6 @@ grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, const char *description) { - /* - * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes - * can be found. - */ - grub_err_t err = tpm_init (); - - /* Absence of a TPM isn't a failure. */ - if (err != GRUB_ERR_NONE) - return GRUB_ERR_NONE; - grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", pcr, size, description); @@ -153,3 +143,13 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, return GRUB_ERR_NONE; } + +int +grub_tpm_present (void) +{ + /* + * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes + * can be found. + */ + return tpm_init() == GRUB_ERR_NONE; +} diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c index 3437e8e03..3128bede0 100644 --- a/grub-core/commands/tpm.c +++ b/grub-core/commands/tpm.c @@ -103,10 +103,21 @@ struct grub_file_verifier grub_tpm_verifier = { GRUB_MOD_INIT (tpm) { + /* + * Even though this now calls ibmvtpm's grub_tpm_present() from + * GRUB_MOD_INIT(), it does seem to call it late enough in the initialization + * sequence so that whatever discovered 'device nodes' before this + * GRUB_MOD_INIT() is called, enables the ibmvtpm driver to see the device + * nodes. + */ + if (!grub_tpm_present()) + return; grub_verifier_register (&grub_tpm_verifier); } GRUB_MOD_FINI (tpm) { + if (!grub_tpm_present()) + return; grub_verifier_unregister (&grub_tpm_verifier); } diff --git a/include/grub/tpm.h b/include/grub/tpm.h index 5c285cbc5..c19fcbd0a 100644 --- a/include/grub/tpm.h +++ b/include/grub/tpm.h @@ -36,4 +36,5 @@ grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, const char *description); +int grub_tpm_present (void); #endif -- 2.39.2 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel