[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verifier running out of memory on ieee1275/powerpc64
|
From: |
Simon Hardy |
|
Subject: |
Re: Verifier running out of memory on ieee1275/powerpc64 |
|
Date: |
Wed, 18 Mar 2020 15:59:07 +0000 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
The 2020/03/17 13:15, Stefan Berger wrote:
> I trying to add (v)TPM support for the ieee1275/powerpc64 platform to grub.
> The issue I have been running into is that the verifier runs out of memory.
> At that point it has loaded the (~ 32MB) Linux kernel and now the verifier
> is invoked to load the file. Unfortunately it cannot load the file since it
> doesn't have enough memory to grub_malloc. I have played with increasing
> heap size(es) but it still doesn't work. The kernel and initramfs files on
> ppc64 can be rather big, thus we do not a lot of memory. The rescue
> initramfs here is for example 78MB, a regular initramfs from Fedora 31 is
> ~34MB. The kernel sizes on my system are 32MB, though a colleague was using
> an unstripped kernel of 127MB, so lots of (unfragmented) memory needs to be
> available to run verifiers.
The verifiers framework has a flag, GRUB_VERIFY_FLAGS_SINGLE_CHUNK, that is
used by the platform-independent TPM module. This could be deferred to the
platform-specific TPM file (see point 3 below). With this flag unset for your
platform, you could verify the files in small chunks. This requires three
further elements:
1. You will need to implement the chunk-by-chunk behaviour in
verifiers.c, it doesn't exist yet.
2. You will need to add functionality to calculate a hash from chunks, or
require that the crypto module is built into the core.
3. The firmware interface needs to support HashLogExtend with a user supplied
hash instead of a memory buffer. For example the PC Conventional BIOS API has
this, but the UEFI API does not.