[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] tpm: Disable tpm verifier if tpm is not present
From: |
Michael Chang |
Subject: |
Re: [PATCH v3] tpm: Disable tpm verifier if tpm is not present |
Date: |
Thu, 16 Mar 2023 19:17:02 +0800 |
On Mon, Mar 13, 2023 at 02:29:41PM +0100, Daniel Kiper wrote:
> On Mon, Feb 20, 2023 at 02:36:18PM +0800, Michael Chang via Grub-devel wrote:
> > This helps to prevent out of memory error when reading large files via
> > disabling tpm device as verifier has to read all content into memory in
> > one chunk to measure the hash and extend to tpm.
> >
> > For ibmvtpm driver support this change here would be needed. It helps to
> > prevent much memory consuming tpm subsystem from being activated when no
> > vtpm device present.
>
> I have taken a look at this patch once again with fresh mind. Now I think
> the main advantage of having it is that we do not load files twice when
> there is lack of TPM and there are no other verifiers present. Though it
It is *at least* twice the cost of memory for any opened file until it
is closed.
> is difficult to get it from the current commit message. So, I think it
> has to be changed in the following way:
> - the problem description,
> - how the problem is solved by this patch and what are the other
> advantages of having it in the GRUB,
> - how the problem is mitigated by the recent mm changes on the
> platforms with TPM enabled.
Thanks for your time on review the patch. I will try to come up with
better description according to your comment in next revision.
Regards,
Michael
>
> Daniel