Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

packaging: merge 2.51.6 changelog back to master #10650

Merged
merged 4 commits into from
Aug 20, 2021
Merged

packaging: merge 2.51.6 changelog back to master #10650

merged 4 commits into from
Aug 20, 2021

Conversation

anonymouse64
Copy link
Member

To prevent the core snap edge build versions from getting out of sync.

mvo5 and others added 4 commits August 19, 2021 19:13
@mvo5
secboot: switch main key KDF memory cost to 32KB
3654c20 
The main encryption key is high entropy 256bit already so there is
no need to use a strong KDF on top of this. There was a PR already
that switched this to 32MB but it turns out that 32KB is enough.
@mvo5
secboot: use half the mem for KDF in AddRecoveryKey
a4ebd61 
* osutil: rework TotalSystemMemory to TotalUsableMemory

This commit renames total TotalSystemMemory to TotalUsableMemory
and also changes the code to take the CmaTotal into account. This
is the memory reserved by the  "Contiguous Memory Allocator" and
it is not usable for normal processes. This kind of memory is
used e.g. by the framebuffer of the Raspberry Pi or by DSPs on
certain boards.

* secboot: use half the mem for KDF in AddRecoveryKey

Instead of benchmarking the KDF parameters for the recovery key
(which takes some time to run) we can also use defaults for the
KDF parameters. The defaults suggested by Chris are "4 iterations"
and half the usable memory. This commit implements the suggestions.

* secboot: update KDF memory heuristic

After discussing with Chris and Samuele we updated the KDF memory
heuristic so that it takes more parameters in mind. It now
considers the usable memory and substracts a hardcoded 384MB
that is required to have a working system (a bit of a conservative
estiamte) and then takes half of this for the KDF memory.

* osutil,secboot: fix typos

* secboot: add comment about minimum mem
@anonymouse64
release: 2.51.6
9355297 
Update changelog with the 2.51.6 changes.
@anonymouse64
Merge branch 'release/2.51' into feature/release-2.51.6-changelog
8a89f3a 
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
@anonymouse64 anonymouse64 added the Simple 😃 A small PR which can be reviewed quickly label Aug 19, 2021
@anonymouse64 anonymouse64 requested a review from mvo5 August 19, 2021 22:09
mvo5
mvo5 approved these changes Aug 20, 2021
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine, thanks

stolowski
stolowski approved these changes Aug 20, 2021
View reviewed changes
Copy link
Contributor

@stolowski stolowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you

@mvo5 mvo5 merged commit b1c0d7f into snapcore:master Aug 20, 2021
@anonymouse64 anonymouse64 deleted the feature/release-2.51.6-changelog branch August 27, 2021 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stolowski stolowski stolowski approved these changes

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
Simple 😃 A small PR which can be reviewed quickly
Projects
None yet
Milestone
No milestone
3 participants
@anonymouse64 @stolowski @mvo5