Re: [PATCH 1/2] Makefile.zboot: Sign Image before packing into EFI-STUB shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 6 Dec 2024 at 10:24, Gerd Hoffmann <kraxel@xxxxxxxxxx> wrote:
>
> On Fri, Dec 06, 2024 at 09:03:30AM +0100, Ard Biesheuvel wrote:
> > (cc Peter, Gerd)
> >
...
> > Perhaps we should just make EFI zboot gzip-only, rather than
> > supporting 7 different compression methods because that is what the
> > legacy decompressors on ARM and x86 support - I struggle to see the
> > point of that tbh (even though I implemented that myself)
>
> We have 7 meanwhile?  Wow.  That looks somewhat insane indeed.
>
> > That way, the kernel can authenticate the outer PE zboot image as
> > usual, and perform the decompression itself, without having to carry
> > code for all compression formats it might encounter.
>
> gzip was the only one for a looooong time, so we want probably keep
> that.  It also is somewhat dated and doesn't offer the best compression
> rations, so I do the point in supporting some better alternative.  But
> can we settle on *one* gzip alternative, reducing the total number from
> seven to two?  Reasonable choice for the alternative would IMHO be:
>
>   (1) xz - that seems to have established as *the* gzip alternative,
>       release tarballs are either .gz or .xz these days, everything
>       else is rather exotic.
>
>   (2) zstd - typical distro kernels need that *anyway* because there
>       are more in-kernel users, btrfs uses zstd compression for example.
>
> distro data points:  fedora/x64 used gzip in the past and uses zstd
> compression today.  fedora/aa64 uses gzip for zboot.
>

GZIP + ZSTD seems like a reasonable compromise to me - AIUI, xz offers
a marginal improvement in compression ratio but it is substantially
slower at decompression time.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux