tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commands/tpm: Skip loopback image measurement

Browse Source 
The loopback image is configured to function as a disk by being mapped
as a block device. Instead of measuring the entire block device we
should focus on tracking the individual files accessed from it. For
example, we do not directly measure block devices like hd0 disk but the
files opened from it.

This method is important to avoid running out of memory since loopback
images can be very large. Trying to read and measure the whole image at
once could cause out of memory errors and disrupt the boot process.

Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Michael Chang 2024-10-03 15:23:22 +08:00 committed by Daniel Kiper
parent 3808b1a9bd
commit 86ec48882b
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
grub-core/commands/tpm.c
View File

@ -36,6 +36,16 @@ grub_tpm_verify_init (grub_file_t io,
{ {
*context = io->name; *context = io->name;
*flags |= GRUB_VERIFY_FLAGS_SINGLE_CHUNK; *flags |= GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
/*
* The loopback image is mapped as a disk allowing it to function like
* a block device. However, we measure files read from the block device
* not the device itself. For example, we don't measure block devices like
* hd0 disk directly. This process is crucial to prevent out-of-memory
* errors as loopback images are inherently large.
*/
if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_LOOPBACK)
*flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
return GRUB_ERR_NONE; return GRUB_ERR_NONE;
} }