1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#959425: loopback command hangs in 2.04 under UEFI

    From Alberto Garcia@21:1/5 to All on Thu Jul 24 08:20:02 2025
    On Sun, May 03, 2020 at 04:01:55PM +0200, Bernhard Übelacker wrote:
    From the logging is looks like the whole ISO is read
    to memory, if the tpm module is loaded.
    If it is not loaded the ISO seems to get not touched at all.

    Is it "just" checking if the file is signed?
    (Even when running without secureboot?)

    This is not about any signatures. If the TPM module is loaded GRUB
    needs to read and measure the whole file in order to update PCR 9:

    https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html

    This way, if the ISO image changes it will affect the PCR values even
    if the kernel, initrd, etc., have not been modified.

    The fix for this is not to measure the whole ISO image but only the
    individual files read from it:

    https://github.com/olafhering/grub/commit/86ec48882bd0b06268f93033bce9eea168188fae

    But this patch was added after GRUB 2.12 and a more recent version
    hasn't been released yet.

    Berto

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)