#959425 loopback command hangs in 2.04 under UEFI

Package:
src:grub2
Source:
grub2
Submitter:
Alkis Georgopoulos
Date:
2025-07-24 06:19:01 UTC
Severity:
important
#959425#5
Date:
2020-05-02 10:02:21 UTC
From:
To:
#959425#10
Date:
2020-05-03 10:07:09 UTC
From:
To:
Dear Maintainer,
I could reproduce this issue with these grub images
inside a QEmu EFI enabled VM (no secureboot enabled).

grub-efi-amd64-signed: /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed
grub-efi-amd64-bin:    /usr/lib/grub/x86_64-efi/monolithic/grubx64.efi

Further tried to track it down by manually creating the
image like it is done in grub2-2.04/debian/build-efi-images.

At the end I had a not hanging image, where just the "tpm"
module was left out.

Kind regards,
Bernhard

#959425#15
Date:
2020-05-03 11:27:13 UTC
From:
To:
I can confirm that running `rmmod tpm` is a workaround.
After removing tpm, `loopback loop some.iso` works without hanging.

Thank you Bernhard.

#959425#20
Date:
2020-05-03 14:01:55 UTC
From:
To:
Dear Maintainer,
I further tried to get some more logging output by "set debug=all".

There I found that the loopback command actually returns after
around 2 minutes for my 335 MB ISO file.
From the logging is looks like the whole ISO is read
to memory, if the tpm module is loaded.
If it is not loaded the ISO seems to get not touched at all.

Is it "just" checking if the file is signed?
(Even when running without secureboot?)

Kind regards,
Bernhard

#959425#25
Date:
2025-07-24 05:39:44 UTC
From:
To:
This is not about any signatures. If the TPM module is loaded GRUB
needs to read and measure the whole file in order to update PCR 9:

https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html

This way, if the ISO image changes it will affect the PCR values even
if the kernel, initrd, etc., have not been modified.

The fix for this is not to measure the whole ISO image but only the
individual files read from it:

https://github.com/olafhering/grub/commit/86ec48882bd0b06268f93033bce9eea168188fae

But this patch was added after GRUB 2.12 and a more recent version
hasn't been released yet.

Berto