Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Grub2 crypto and verify operations are slow

I'm trying to test https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2 to prepare it for "complete" status, but I'm getting caught at testing the functionality with verify_detached <path to a file> <path to file's .sig>. It's either hanging or taking way too long (greater than 10 minutes). The effect of this is that attempting to boot takes impossibly long (I haven't timed it, because it hasn't succeeded yet. I would presume that it takes a long time, or never does actually boot), because it would have to verify many files.

Similarly, utilising the cryptodisk functionality takes a long time, but unlike "verify," does actually succeed.

Grub is likely single-threaded, but this is too long. I'm looking for an explanation or help. Thanks.

(This is a RSA 2048-bit key, on an i7-6500U, if it helps)

Grub2 crypto and verify operations are slow

I'm trying to test https://fedoraproject.org/wiki/Changes/Include_security_modules_in_efi_Grub2 to prepare it for "complete" status, but I'm getting caught at testing the functionality with verify_detached <path to a file> <path to file's .sig>. It's either hanging or taking way too long (greater than 10 minutes). The effect of this is that attempting to boot takes impossibly long (I haven't timed it, because it hasn't succeeded yet. I would presume that it takes a long time, or never does actually boot), because it would have to verify many several files.

Similarly, utilising the cryptodisk functionality takes a long time, but unlike "verify," it does actually succeed.succeed in a semi-reasonable amount of time (but much longer than decrypting the root partition in initramfs).

Grub is likely single-threaded, but this is too long. I'm looking for an explanation or help. Thanks.

(This is a RSA 2048-bit key, on an i7-6500U, if it helps)