On Thu, Mar 18, 2021 at 01:22:19AM +0000, Colin Watson wrote: > On Tue, Mar 02, 2021 at 07:00:08PM +0100, Daniel Kiper wrote:
[snip] > I believe the practical threshold is 62 512-byte sectors, i.e. 31744 > bytes. > > As you can see, the biggest single change was induced by this patch, > which moves the verifiers API into the kernel image. Makes sense. Is > there anything we can do about this? > > I'm a little confused why this change had to be made in this way. > grub_load_modules is called pretty early during kernel initialization, > and it initializes all embedded modules. Wouldn't it have been > sufficient to leave verifiers as a module and simply include that module > in all UEFI-platform images? > > If that wouldn't have worked for some reason, then perhaps it would be > possible to restructure things a bit more so that we could leave the > verifiers API as a module on i386-pc, e.g. by moving it back to > grub-core/commands/verifiers.c and having conditional code that either > registers/unregisters the filter in a module or registers it at kernel > startup, depending on the platform. It wouldn't be especially pretty, > but I think we could tolerate that for the sake of fixing this > regression. I fully concur with Colin's idea. It is unfortunate that short MBR gap is still used, but it is also unnecessary to increase core image size to support nonexistent efi lockdown on i386-pc platform. The only consumer of the verifiers on the i386-pc platform is pgp module so it is good to keep verifiers as module as long as autoload can keep existing configuation to work transparently. For that I've also worked out a patch and will post here for review. Thanks, Michael > > Thanks, > > -- > Colin Watson (he/him) [cjwat...@debian.org] > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
