On Tue, Mar 21, 2023 at 03:35:33PM +0100, Daniel Kiper wrote: > On Mon, Mar 20, 2023 at 06:18:26PM +0800, Michael Chang via Grub-devel wrote: > > When the TPM module is loaded, the verifier reads the entire file into > > memory, measures and extends the hash, and uses the verified content as > > a backing buffer for disk files. However, this process can result in a > > high memory utilization cost per file operation, sometimes causing the > > system to run out of memory, which can lead to boot failure. To address > > this issue, previous patches have optimized memory management by > > I would mention at least commit 887f98f0d (mm: Allow dynamically > requesting additional memory regions) here.
OK. I will do it. > > > dynamically allocating heap space to maximize memory usage and reduce > > the threat of memory exhaustion. But in some cases, problems may still > > arise, such as when large ISO images are mounted using loopback or when > > dealing with embedded systems with limited memory resources. > > > > Unfortunately, the current implementation of the TPM module doesn't > > allow for the elimination of the back buffer once it is loaded, even if > > no TPM device is present or the device has been explicitly disabled. > > This can lead to wasted memory. To solve this issue, a patch has been > > developed to detect the TPM status at the time of loading and skip > > verifier registration if the device is missing or deactivated. This > > prevents the allocation of memory for a back buffer, avoiding wasted > > memory when no real measure boot functionality is performed. This patch > > also provides users with the option to disable the TPM device to free up > > memory in scenarios where the system can't afford the high memory > > utilization cost. > > The last sentence is confusing because it gives an impression the patch > adds an option to the GRUB to "disable the TPM device". Which of course > is not true. I expect you wanted to say something like that: "disabling > the TPM device in the system reduces memory usage in the GRUB. This can > be useful in scenarios where the system can't afford the high memory > utilization cost and nobody cares about the measurements of loaded > artifacts." Initially, I want to emphasize that after this proposed change, disabling TPM will become an option to free up memory for others. However, my previous expression may have been confusing, and I apologize for that. Thank you for your review, and I have updated the v5 patch to address your comment. Regards, Michael > > Otherwise patch LGTM... > > Daniel > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel