On Thu, Feb 06, 2020 at 15:27:29 +0100, Patrick Steinhardt wrote:
> By default, GRUB will allocate a quarter of the pages it got available
> in the EFI subsystem. On many current systems, this will amount to
> roughly 800MB of RAM assuming an address space of 32 bits. This is
> plenty for most use cases, but it doesn't suffice when using full disk
> encryption with a key derival function based on Argon2.
>
> Besides the usual iteration count known from PBKDF2, Argon2 introduces
> two additional parameters "memory" and "parallelism". While the latter
> doesn't really matter to us, the memory parameter is quite interesting.
> If encrypting a partition with LUKS2 using Argon2 as KDF, then
> cryptsetup will default to a memory parameter of 1GB. Meaning we need to
> allocate a buffer of 1GB in size in order to be able to derive the key,
> which definitely won't squeeze into the limit of 800MB.
>
> To prepare for Argon2, let's thus increase the default and make half of
> memory available, instead of a quarter only. This amounts to about
> 1600MB on above systems, which is sufficient for Argon2.
I was never a huge fan of the "grab a percentage of RAM" in the first
place, and I think "grab twice that" is not the best solution here.
(Real) corner cases that would be affected by this are:
1) chainloading grub from grub
2) OS loaders (loaded by GRUB) requiring large amounts of RAM before
ExitBootsevices().
If you have a known minimum requirement, can we work towards that
instead?
For a least-invasive approach, that could be something like
- rename required_pages target_heap_pages
- add a required_pages var initialized to ... something real
and then
if (target_heap_size < required_pages)
target_heap_pages = required_pages.
The MIN/MAX heap size could move into the "something real"
calculation, getting rid of the current (arbitrary) clamping of
MAX_HEAP_SIZE to 1.6G..
/
Leif
> Signed-off-by: Patrick Steinhardt <p...@pks.im>
> ---
> grub-core/kern/efi/mm.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
> index b02fab1b1..d1f9d046b 100644
> --- a/grub-core/kern/efi/mm.c
> +++ b/grub-core/kern/efi/mm.c
> @@ -599,10 +599,10 @@ grub_efi_mm_init (void)
> filtered_memory_map_end = filter_memory_map (memory_map,
> filtered_memory_map,
> desc_size, memory_map_end);
>
> - /* By default, request a quarter of the available memory. */
> + /* By default, request half of the available memory. */
> total_pages = get_total_pages (filtered_memory_map, desc_size,
> filtered_memory_map_end);
> - required_pages = (total_pages >> 2);
> + required_pages = (total_pages / 2);
> if (required_pages < BYTES_TO_PAGES (MIN_HEAP_SIZE))
> required_pages = BYTES_TO_PAGES (MIN_HEAP_SIZE);
> else if (required_pages > BYTES_TO_PAGES (MAX_HEAP_SIZE))
> --
> 2.25.0
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
