On Fri, 6 Dec 2024 at 10:24, Gerd Hoffmann <kraxel@xxxxxxxxxx> wrote: > > On Fri, Dec 06, 2024 at 09:03:30AM +0100, Ard Biesheuvel wrote: > > (cc Peter, Gerd) > > ... > > Perhaps we should just make EFI zboot gzip-only, rather than > > supporting 7 different compression methods because that is what the > > legacy decompressors on ARM and x86 support - I struggle to see the > > point of that tbh (even though I implemented that myself) > > We have 7 meanwhile? Wow. That looks somewhat insane indeed. > > > That way, the kernel can authenticate the outer PE zboot image as > > usual, and perform the decompression itself, without having to carry > > code for all compression formats it might encounter. > > gzip was the only one for a looooong time, so we want probably keep > that. It also is somewhat dated and doesn't offer the best compression > rations, so I do the point in supporting some better alternative. But > can we settle on *one* gzip alternative, reducing the total number from > seven to two? Reasonable choice for the alternative would IMHO be: > > (1) xz - that seems to have established as *the* gzip alternative, > release tarballs are either .gz or .xz these days, everything > else is rather exotic. > > (2) zstd - typical distro kernels need that *anyway* because there > are more in-kernel users, btrfs uses zstd compression for example. > > distro data points: fedora/x64 used gzip in the past and uses zstd > compression today. fedora/aa64 uses gzip for zboot. > GZIP + ZSTD seems like a reasonable compromise to me - AIUI, xz offers a marginal improvement in compression ratio but it is substantially slower at decompression time.