[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] tpm: Disable tpm verifier if tpm is not present

From: Daniel Kiper
Subject: Re: [PATCH v3] tpm: Disable tpm verifier if tpm is not present
Date: Mon, 13 Mar 2023 14:29:41 +0100
User-agent: NeoMutt/20170113 (1.7.2)

On Mon, Feb 20, 2023 at 02:36:18PM +0800, Michael Chang via Grub-devel wrote:
> This helps to prevent out of memory error when reading large files via
> disabling tpm device as verifier has to read all content into memory in
> one chunk to measure the hash and extend to tpm.
> For ibmvtpm driver support this change here would be needed. It helps to
> prevent much memory consuming tpm subsystem from being activated when no
> vtpm device present.

I have taken a look at this patch once again with fresh mind. Now I think
the main advantage of having it is that we do not load files twice when
there is lack of TPM and there are no other verifiers present. Though it
is difficult to get it from the current commit message. So, I think it
has to be changed in the following way:
  - the problem description,
  - how the problem is solved by this patch and what are the other
    advantages of having it in the GRUB,
  - how the problem is mitigated by the recent mm changes on the
    platforms with TPM enabled.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]