From patchwork Fri Jul 12 08:11:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Koch X-Patchwork-Id: 13731376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6687C3DA4D for ; Fri, 12 Jul 2024 08:12:00 +0000 (UTC) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.59]) by mx.groups.io with SMTP id smtpd.web10.3114.1720771915351009156 for ; Fri, 12 Jul 2024 01:11:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=apmNXLUZ; spf=pass (domain: siemens.com, ip: 40.107.21.59, mailfrom: stefan-koch@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nNz9OgLi7elP6tDRPmuvdAQTwFsEySz1InJLFzKKBxYpwZJGqv9GCOkOfN/E++ut9iinGrsIV2dxdgajuaS1WUrFLhoZ+K/LNvn6b7n9uZo5WZiDvVdHtaZkVodbAE30wub3XdePgEhKHDdhw+0qHGbBRVDlir6moL82US/GQvZLu00PlfuvDU2TwlXOfYr8l2lBQxGQdV1PRLZX7SWROwiPJPsvh3E9IcCMpFpL7MzqoVzHsb6ZtmxtOzDspyHeCI8h64ut9cSUMChPVDwIGk4dJhxRQEjfkvb0zUtkzhLqrTNQ8Ob76AlrzvwzYbmKm3vyim95bqtKotMi0eMPbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1Q24Tu2uwjZfXJmLlSAJYpA5T7ljBNbrWYhvu3P6hfc=; b=QSYHuWKWyiyti04apZETHtQ0pXgo7BgIchHjlow9AoSU+rB4r3XxWaPNtil5mgwKOflJkh/IS8My5tWjeveljzJfVfEEub6gG564Drs3cbw+vTvpTbWN4JxvarXal/q9Yu9oWKG2x49v/Gr3QR5ZxQ2768Xhx7s3egWewGoPDUKF9NicIGj+cBYunyF2DfVtkCLkGZKKafu9YVsr+6FaY0lJSSJLRuW7ShKH6q8vnXx5FroCrPXMZ5BfNd62fIixenme0pHAAAvqLUKvomQ8oTXF4zpgJXfc6JEPfV9CYs/LNw4b0BQZ6BCXY4ExNOcY6evhqMXIAlWYF0YbG2hUtQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1Q24Tu2uwjZfXJmLlSAJYpA5T7ljBNbrWYhvu3P6hfc=; b=apmNXLUZEkqTY9xF6fD1k+TsuqUvyPX+3Zm/BuJ3Ag+awlVySbIuk5EOBzQMhFqJMrDvw/9NPcqc6mQXoNYWoe0m4QzB0jJ0V2jvESMbHzsknN+y+VWvWnZrVvBy40OAUXdHgGDxISb6LpNST7ErhCpOc8h1c1G8WA9rlJenaqUiaAwvZpfMhrI40f0+6+SHt3HNBH57PQXfkWpQeIhMPKF6mo3CHi7XsiTeHNtIvXFokxCzPfT8jxWxYM82setrTG1gCQWq8AGjkmooP9cNLFbow+W3Zg9aorT82Jjw1VU2CG+IEVj+9HLtD2/SV5bWhrW5EvFzGR/I8fm7ynYoPA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) by VI1PR10MB8134.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:1df::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.20; Fri, 12 Jul 2024 08:11:52 +0000 Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec]) by AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec%4]) with mapi id 15.20.7762.020; Fri, 12 Jul 2024 08:11:52 +0000 From: Stefan Koch To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, christian.storm@siemens.com, michael.adler@siemens.com, simon.sudler@siemens.com, stefan-koch@siemens.com Subject: [PATCH 1/4] initramfs-crypt-hook: Do not attempt to repair a partially encrypted filesystem Date: Fri, 12 Jul 2024 10:11:40 +0200 Message-ID: <20240712081143.1376952-2-stefan-koch@siemens.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240712081143.1376952-1-stefan-koch@siemens.com> References: <20240712081143.1376952-1-stefan-koch@siemens.com> X-ClientProxiedBy: FR4P281CA0294.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e7::15) To AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR10MB4959:EE_|VI1PR10MB8134:EE_ X-MS-Office365-Filtering-Correlation-Id: a0d9f41e-59b5-4082-9fa4-08dca24a49a0 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: 4Oq40kwsT4Mmx43Accw90ToUwavNcGBLpFJQNJJWqOkwQc56Yr4Dfz20nsr+OkCuhEcSa3IVUw58CpyOJ/qJ34BHP1YXiBsxBXNONUIxjC+n7/wD3HKo+qzzXFQgokG4mvlyhHMpEZUkbsAo3mUFjjEW4lIWJhwzDVpHNg7wKaiT8+GHZ1XVrK5whOm55KiJV0YQB2u2xQ7ImapPiMGD0BWMkY06y8sk8HTIhi2S0TKoJpEWN/WmzhGv9s4VHU2gjqHSIUmo3mV53N0Oz9mOj7oW+L7BxZbkg2755WyvJo2Z/wYDgWQEGKr8bxRNZRm7j56aAaFlbyV2c9pqDEaR3hqWj2JpspGmdve2ig3jRPWpw9pcy3UkSEQCLdqMrD3LrGQ9DWnfKTr0rQaxMUIXjAIbsWWFE5Y4vCNtANlE0V3FFhCtdgQS8RsmkDnBY8h7kA5267P3Nc4582ZivMyQYKYpjaYzyGybsnZGppi8hxzSjLzYQsnn3OKSJzTmcT1axICGekDfbBHBhdyC0wCNx776yUIjteQ2EVY4RqAacznbJgTshSRICbsmQmxzS4LSfgvPjviMBYR3w5CgChpbYz52XmY7QpfZqL0xVANNidivGmTe7WGcF1zKok4patJ9RgOESiywjanqw/1G4ADSmbwBB5C9VwhMyAknHTaHfTrx5UJgZbFevY3XuWmokxomJZV2ZKaQXzasgJ1qDYtkEeHB7Do6BpFa2uQE3GkhnzFv/PQ7brCqUlci1xavA/5YeetMlMl+hoj4F58i8z2TdsQOf4yToH/TJa/N4XD0UZnI0PPcjRGC12Om3qKqu9/YlvwMlPTkkjY50l+B1cbbxgzfATDeaCBv6ftcsHlHyykEVSLQG4BODOpKsDd+P7pjtejMJoSY9hGeR/n7Yv/n6QO5ElcX4OC7TpLZKhdpyRf3i7ut/Uv183Nhakmo9MoXT81RO3yszACrMSg7s2GB7BIY/0fWqJZq5WwO/0KLIqTjpyoLnbValjZCrJoRifDUYOMppeBpnQtFoehvjH8DmkLeBKJFouPt8vFM4cbWN/vwuUQl4moShxi2UOyGvem8uWHzgveY78uVqXydqgLfYIEFK8FPd71/IObSTPtoUQtP24qymh5jkp1OarGaBJ1u8ebtBexFOJvnmyjXb35U9DqNoMj8yDtMNM5OqwOF5tUXW18+495kXtzDCdt/TNWHJofJDyDnYwJABy0aFF3J9yRh8vilZ17qosdiRkNGn2ogp13A0xqtWBPU775ty2q2/ggT9Y29IkvdbPsNE/LS+yJktPDXYbipnvpHU6jG3FfUcmefEf5vBb+w91ca4fSvwCeXiNoynWso7TEUBcpk0w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: hL+Y6iPq8DRh1XYaaq8nwAOCpJqjXRZTs5/clYTYpuVDpyeFafvs/TgAN5lJxs+E60WOzjow8Ij3FEpYG1g6J7BpNebHgX7aTLSdadlKYr6Lf24Oziq43kHyNW0wgpFVTcpBrDoAyzkBsLtn8BaSwq03S0ta5ldtL0Z2dqCSBE+ZOsjI60Iyux1sl6VUpZxe8rn0KLBkyXCzwcRN4ls2tF6hXG7pAxJMqIVaGJntb7xlLbVKuVNcybcEu+Cjm8X0oNgvnnVm93Fp7n7p+H+ZoRgCuXi9IurCKEnAUVi7KmazY6KzfhkVyEPefypiwf2vDpSScNPc2o/EGBNTuU0/VvkKKfyaDEEhgiUyUlp1OaqqseD1TBA6+iOhMMQS1XC5/dP4ZKiZBOzT+YSK3uwJ+8cJrL12CdFLxRwnztz0K3/gqV4efpE38vmTmdIAsaumPesc+u6vkGO7TdunrlWpLE3PtLgBBjMWF1qT2p8hldFUZsOh31sKstHL84jxVOBqryo4jKXkHkPjI9eZgUwkhUldf1M1rGc6tVdmtmMzTSToI3v1vE7aWHz6rdGQCUsjAW15B1l7WmO3PHKz2FWQs0K3uEolPATRJsU1ooV/PXfqZ9NKp4S0Htw30R1bV5jVED38lLsZeGSNPboyC+0V3+1mWEzr7wfPLuXEq8Kq9mbQfQ7s82DTwUQ0U2GcydJmOVYbhGhovKynNcUGAxoCH2/731MooTZ0mIJemb2KMrCwd1treJ9aPwX/GX2dcd/BTwd+nOoEE2f01cwoBIXJc4SiQJbk8cV8ucD5AU2MSZsVcJ1O9mR1ZcysnXa/KwEk44qRLokfBXRLFwG9f3M07/91UJdtsKD8Yxkz5ZeF+pLSpvmkp1xTv4GxOtKaZXnnmKFhg2VB2hB0sEL/ngHVEMjMYYl5mC24/nxEXKdeSVuK6HzuCvfm0TpKtaqyQDRmq+xthOwu/ZAyMOf5bcUaErx/6sBgUk8OVF+cwflaIlUdE7P+d82LUWfKyzW+fdkeT9iX0niSKcu94NGuVnEHCPje5xLtjBnB7+yOHVlBBl3wFMkQUUQpFQOcomw8NkGxiXCbFwjfleS1Wxi0fk6O2F3IiLJC8qiHez9nN50PVzPTEuteDq9QBr9plfsTu6moqXQW2wfS+joNu5Ia/rPq9p9UQSGEBOHkaUqJyF8vTWodNP73dZQDX3NNzyFd2C31mMu5+GsuYF5ObkPtnWcatHWA9/YmaB/vTjSRY1S8SlaembDoawxR6elp+kCTQJdS/aQ6VpW+RO/OmReFHeCeWLA5TgdKnxji2vB6FeLj8dfnqIEJZmYVJgHEFYBLLMEiJ/msfqkaDrd/WBSuCGJi6iX3+fMqnSeYfCBsz3STW2qFieNgXWyJZ7SWWw0aWPcxz90XomePRyJoAsbUo4LPM8RQBzpBQBYJQaM5lTMDOC5RerxoEFi+o/zVF6W+ssFt81k/DkUOy5g/6x21knqkmc5LKcA8q7aopRW9z1BdFEZlYrMhtzP5W3GMzIGO6z+THGOcy8rAQrrulIXk5B02daqX1NaEh9Y+Mr+Z5sYES7dCrcza+8Lyds8lPvSk+F/JDbzpNCD/dkK2f3TyZivkMnNGLvaMOYCKQPh/6vxJJ1depcFVfkwJ/KJaT6fUF041 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a0d9f41e-59b5-4082-9fa4-08dca24a49a0 X-MS-Exchange-CrossTenant-AuthSource: AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2024 08:11:52.7807 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MNayEHfK8UsJZQ3e6loHS+Br1WVLjnZqnieKUxApoN5AQM9sGVyO8T57RSTJ/q9eI8HfcKAnnec3h3QDQbydjg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB8134 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 12 Jul 2024 08:12:00 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/16458 Signed-off-by: Stefan Koch --- .../initramfs-crypt-hook/files/encrypt_partition.script | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script index ff4c135..f943aea 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script @@ -77,7 +77,13 @@ reencrypt_existing_partition() { [options] broken_system_clock=true EOF - e2fsck -p -f "$1" + # ensure that filesystem is clean otherwise resize2fs will fail + # do not attempt to repair a partially encrypted filesystem + # ensure that there is no attempt to + # repair a partially encrypted filesystem + if ! cryptsetup luksUUID "$1" &> /dev/null; then + e2fsck -p -f "$1" + fi if ! resize2fs "$1" "${reduced_size_in_kb}"; then panic "reencryption of filesystem $1 cannot continue!" fi From patchwork Fri Jul 12 08:11:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Koch X-Patchwork-Id: 13731375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA55DC41513 for ; Fri, 12 Jul 2024 08:12:00 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.69]) by mx.groups.io with SMTP id smtpd.web11.3144.1720771916444724822 for ; Fri, 12 Jul 2024 01:11:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=MSuubvOY; spf=pass (domain: siemens.com, ip: 40.107.22.69, mailfrom: stefan-koch@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qGyd36AdazlRd33673OKfd1y5x/Zrn5QPzaT5bQwLISxbH9rPcZJsfDFPtqO1pxieRwlkC/Q2QmA2zPRdK3LAamCqL8rr/izo1SsWof5CR5+PR5nHG70DgWIr3IWMDWByrrZvPkQ4pxObVbMdQ7FoLjWKzddpxyX1sKS9fiQXGN8E3pPr3QsqUDeXvlfY3cQmvSVsVvASV4yfwK0vzWnKlGttuzTucael1bxCjm2q4qkrMTV6cLshrvd75iPlGi/Q0pn8dGe9kAa2P+PbrJsZ+IPg2+T+RBJDuc8Mg6UY0ZkPb/TdttFEPhgRg4ZTgOUjMkBfApoy+gvBD9jPknM8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/6Olq5WmYhCV+JPRggHGElGTMrH37yZQVKTAZBi2My0=; b=JGSxGhH7CL1Q+3Kp8EBDgjJwY6sDmAjc8kO+0RhMlv5MGViVjPZiVQegJiH/l7F5vdIwEDit0DZavBkfH6LrtWPTYcBcT1cRzCxSB6R2jE6b4Oxdb2PtViYvYvh2JE8aA2HOaoIKxBBoDGAIwO5cZwQQck/u2Oc7YagP+C+rSXwhmfhfFdNYM0RBBvGecglLXhVdh9xyMi2ZFu/lZlu/CE1o5g4PZFfdDbZDwBklSLBS+e1wlqfKFSWQDe9KoCf/4LedlGJ/3DJkGYGAzCLEBbrPvpGF/NTa2A3bk1tm/eYPfNofBcCXJQYSMqeMsuJFf+D9rYi/UbLGy1FVa+Nd5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/6Olq5WmYhCV+JPRggHGElGTMrH37yZQVKTAZBi2My0=; b=MSuubvOYuDS7gSk3Ofvys7Q1/yNH7Q2I9TUwyoA2PM6gZcH0VhkCw0wo48eLMD2riTfbnekUBuKb8GxDfaY48WyoCQgqtsvzRvHue+diF+a+RDx4JPwJD1gaMg0wuGN8ZkV4r407q5S3Qqe67uPAvxzMyT2Yo+1cgTVf/tovDNM5jY6vn+ROp3jzwhV4HexyBIcsQ8kxGSVwC3ic4d0tbT5v09jRUD8mCcdNA7vyDyXmnW8QmXFGDzQwzhcBj+CrOTxNzRI3gsQcqe4sUya+Aysu2FKx87rUMhlkLEreKHPpA/NYcvWLlpuPF3L/3Le8DxCvFCQCLU2Zg0jzOaTfTg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) by GVXPR10MB8316.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:1e4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.23; Fri, 12 Jul 2024 08:11:53 +0000 Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec]) by AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec%4]) with mapi id 15.20.7762.020; Fri, 12 Jul 2024 08:11:53 +0000 From: Stefan Koch To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, christian.storm@siemens.com, michael.adler@siemens.com, simon.sudler@siemens.com, stefan-koch@siemens.com Subject: [PATCH 2/4] initramfs-crypt-hook: Provide full losetup executable Date: Fri, 12 Jul 2024 10:11:41 +0200 Message-ID: <20240712081143.1376952-3-stefan-koch@siemens.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240712081143.1376952-1-stefan-koch@siemens.com> References: <20240712081143.1376952-1-stefan-koch@siemens.com> X-ClientProxiedBy: FR4P281CA0289.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:e7::18) To AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR10MB4959:EE_|GVXPR10MB8316:EE_ X-MS-Office365-Filtering-Correlation-Id: 24b4c631-f4b1-4b68-ccb8-08dca24a4a30 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: rryN3Qk4Cknkb6coW0XAm4gOa7Sfm7FdqL3qaUDXqKRliiYTGElGPtUCPzKNdT6lFCEyVHy5xDYNSm0XD7g4AQ8U/K9/j+ZX0D3BwLFOLJQ0GXkePa5dJoSywKj4HPwH93k8E0fnpP4lsu1xu7ChOOnsbnKODkpm5LUGGK7P1t21QJt9HUwwNe1CA1DKmUYuyO1uxcpxCvxAZtyAT3T/xcQZDx7+OcO0CXgVgJZE/tnQ9rhS+cgjWlIVuqXjo11hrIsIPuPdKfCJbuiw9Fk2BFaJggiAZ+3l4MC0N8Ut/gxhlAAiHSYLsyVvefLkPbAspEvPmoveBH5mtG28gIi2m5VG6HOi/84HomE1sohcjyM05NVJO8nRvuI4up0x5KeTzp6/oO19YY8McUE1rwMsyEAe+ZMhDmIQp0JRo8AqCLG4Mym7CZnY9Se4I4e6I3sxcNQ1OG6rAHohddehwlX9J622CE4IFX2voySPnGdQToxlEInrjTXfgIQ3vttyShwhD4W9DqFxjFWM8E2qSAGlgEJWH3byT/K67wV7rQ+K4SMWIk39WOm72lROvrwQi+Ft0fbL8c6+4Ly5/Y/I9E5YbNWJhzh9S0uTYAqP+GN7552SAC8TjKWeJ5OPLPQgiSRIv0s0rpLcpqxJtCxAxKbx1Ck6c7h26RVjaTkb3/ra8bWsZvguT7nSyIPJKC5sHMEoGZPaAaNlfyRykfnBwdQOxwYTRqOJ845mkxRQ6RnstnQzMclxMbRs3KLyNEKMqagdWdFgVkLW5KjPwybkJmUIsYLMuCGbvkTDap1BtC26KSV6kkKVCkiwdyR4Xm4hGcQJ9LArQs9IOyl01EcgH0RxfjP2tDxbt0vGPbhJ0Bj7OKsz7NwD5dKSZlT9dEz9SYquzRAUqSoAWGBCJPPhXxW4rQoaTp7A58bpODAQhlIcEmLLYB3BBgj6ys0I6zFDXMXBgCT6MCpH3hEXiYB4BonHU41VQ6GRAg/7MW1GaxjR/7FQTgEWHJsOjlobb6YR4OnuHXz53b+9bEPrxr2iOeFibLL5/2mGFggfh/IxQHN73+t6RkrSCkvp7dD5TjUItLf27xevAyO8Wg0w/QiOGwgCXEekrb4OIfFXqKuRtSN/1QwXABMQdqfbFdpB/mlaWrMZ+2IQEytyjQmeNKvlpTDid71YoC9wwW1cHPhSqHjXrsTzpB2uTAL9qIzsqqn2gPGh2n5BA3slJReaFAiBpJGPld9wZyqwB2i99dnJW8uWwSWcRau2QRht+/5V+5qfF4o5k3zCmZ/KAn/R0zutTK46tWDtfu3MwoNVD3l0xP78Y4DBwlMUhut2QUbfyGcGZC+wMqAjd0N4Sqitakxdtv+j7Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: QGaf+ec7+r5lIdI/FXfdBhbvXr2kNFQUFlOc8fnXmPl4MznM1bU3IxCDC8+wQc25W943Znd44qk2e2qCVpqkjrkVKc8cgxeOS1P/ePGgxsHuoOqVQ4QHzNk/LlhzZ5s551Bcz/khl+5z2GA3bojdQFDKsI9Hu6Tt+Gm9Wivgp+Zxxu/HAKshfkuONvcCrTg/0a0OoIW4o+N+qkw20yG3YE/WnCfCfRwU5eUtscirj2cGECIsdJS3K7HgZ0qgqmskoW3hwPPEfgGiKDkMSir436xa9zuqkoVpI2RufVkmmVugEGXg1ZzYuiyTSk0ETcEvDsdo1N4n+nKLStBPuiIXeS9XWLLS04XaItG6GRikWMi72/d72hNB4ApaddrfPR0BlcSHeUqgJd6VF17QmIu+qhbjaRjH0uin9xE43T82PtqzCR3i98CB8iJTMwGvuutAfthsGtLoU48R3kVddI04d7VJh12k2y4b3cNBG5GaWvW8SRM1zc0uQxvK3xjZPEKgAw6M+7CXfrYNwP8T4lH3QjT/0sptUIsh9NDZC2pmHIfIO1xTmMxa3u3TGAI5RCMhXJuRgdDG1EnIG97THcbaSlKJpgB3xCz/5mW2WhQFcXMOGFSwQP0uykbs7ISuKgXImG/ek906W1utvKuG3S55r2fO6vflrVxRQMnocCSQoRKL7JVSEGyDoTam2X5Jo7kD3eT9ejtNIYPARMNXr/BIJuNbVGfPC3/54fqrq/terade2+BHNTY2vKVlPq1lMG4HeqoxmeH3/oZjFZhix0zqx2HEqPscJ94+nEYH7sS0YuEB6FOcN7Es/ZSvGfQ8wd8Ttt9xWCu3X19yODQyyQvha6hNFjKopMPbv1SMom9VHgqKNKe3DRE/otTCxZgXjmnzB4f8cA6tlml51RS858kbCHcXFD0HLKsBrnqm5mZX9bs4JvJ56QQJTUM9vthhpyxpIMRqDWUb2aUg5BtaEe/RBbp65pOI4LZPajNB8tSCluHhDT1JKSOHsgJigy+kDTUVugnk6eTknRE2zAJQZNac5P/lwrOLT66knU7eap6zg5cDEMnLpRAXUMkAxHi7uZYjjFGKC8JfOm1qiWD+32BKGzPZHLb437mAcoV3BkjTos/ux3BFRzBLsFl8seAnVrhVEmRoZaznbn6GVpxF2FbxVDEHPDH0or+9q1w2E2zSMr3DrKKFL78vHd6cOvD951U0UGXi2+ulecz7csIuRmkwT5R6+qZoFbW7869gYwP9ah+Rl1RPBaNlmSEvQVrDulUzS0xMg9GRMBgcmzxaf6KwrO4wC29jVE5wfNfFEZmkCbKhDmsla5OYfq+6cjn1x6+fTii9/ALFzcO2rx1nK9TZCUwkxlC+Cs6ZEOSBWldRbs7t0TXYlAdA+j+Ddsw9S/Xc++76Xu1TfyhpqlSIxN28LqwzRF4M6o6QbFTeHyHpCJGsU3i42C+1gbNBmgKnSZEBaOk/laO4Kv+7KGjZ0L1tgeD7fSoDEhrezAluFNq/AK4zPh7YYK75qlFHOOy6aMQM7BL7JonsTXCiF/IMBJBGey+Ye+t1gTI96S8+tLrzdeI5CWE+1SXlB0UH9XZYiYWC8UUXE4MrYYS0y8/Na6CJRIbY2zS2lTy3Q5lcWZrD3aRy5L8cDKud9DN2SJWQxFU5 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24b4c631-f4b1-4b68-ccb8-08dca24a4a30 X-MS-Exchange-CrossTenant-AuthSource: AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2024 08:11:53.7758 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pSdBrMyWokMFXbT7+e67ayWUJCX2NhrcB3XmS7tSfbhaQr/8fX96MbPv8DBuoLiHXA9q1a7VDbecwQiRZbtSAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR10MB8316 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 12 Jul 2024 08:12:00 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/16459 - The busybox losetup doesn't support "--sizelimit" parameter Signed-off-by: Stefan Koch --- .../initramfs-crypt-hook/files/encrypt_partition.env.tmpl | 1 + .../files/encrypt_partition.systemd.hook | 4 ++++ .../initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb | 5 ++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl index bb93361..72033d1 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl @@ -5,3 +5,4 @@ WATCHDOG_DEV="${INITRAMFS_WATCHDOG_DEVICE}" HASH_TYPE="${CRYPT_HASH_TYPE}" KEY_ALGORITHM="${CRYPT_KEY_ALGORITHM}" ENCRYPTION_IS_OPTIONAL="${CRYPT_ENCRYPTION_OPTIONAL}" +LOSETUP_PATH="${CRYPT_LOSETUP_PATH}" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook index be8c117..2ace533 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook @@ -19,6 +19,9 @@ esac . /usr/share/initramfs-tools/hook-functions +# get configuration variables +. /usr/share/encrypt_partition/encrypt_partition.env + hook_error() { echo "(ERROR): $1" >&2 exit 1 @@ -47,6 +50,7 @@ copy_exec /usr/bin/sleep || hook_error "/usr/bin/sleep not found" copy_exec /usr/sbin/e2fsck || hook_error "/usr/sbin/e2fsck not found" copy_exec /usr/sbin/resize2fs || hook_error "/usr/sbin/resize2fs not found" copy_exec /usr/sbin/cryptsetup || hook_error "/usr/sbin/cryptsetup not found" +copy_exec /usr/sbin/losetup "$LOSETUP_PATH" || hook_error "/usr/sbin/losetup not found" copy_exec /usr/bin/systemd-cryptenroll || hook_error "/usr/bin/systemd-cryptenroll not found" copy_exec /usr/lib/systemd/systemd-cryptsetup || hook_error "/usr/lib/systemd/systemd-cryptsetup not found" copy_exec /usr/bin/tpm2_pcrread || hook_error "Unable to copy /usr/bin/tpm2_pcrread" diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb index 72de5b6..1679133 100644 --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb @@ -9,7 +9,7 @@ # SPDX-License-Identifier: MIT inherit dpkg-raw -DEBIAN_DEPENDS = "initramfs-tools, cryptsetup, \ +DEBIAN_DEPENDS = "initramfs-tools, mount, cryptsetup, \ awk, openssl, libtss2-esys-3.0.2-0 | libtss2-esys0, \ libtss2-rc0 | libtss2-esys0, libtss2-mu0 | libtss2-esys0, \ e2fsprogs, tpm2-tools, coreutils, uuid-runtime" @@ -57,6 +57,8 @@ CRYPT_PARTITIONS ??= "home:/home:reencrypt var:/var:reencrypt" # CRYPT_CREATE_FILE_SYSTEM_CMD contains the shell command to create the filesystem # in a newly formatted LUKS Partition CRYPT_CREATE_FILE_SYSTEM_CMD ??= "/usr/sbin/mke2fs -t ext4" +# Path to full (non-busybox) losetup binary +CRYPT_LOSETUP_PATH ??= "/usr/local/sbin/losetup" # Timeout for creating / re-encrypting partitions on first boot CRYPT_SETUP_TIMEOUT ??= "600" # Watchdog to service during the initial setup of the crypto partitions @@ -68,6 +70,7 @@ CRYPT_ENCRYPTION_OPTIONAL ??= "false" TEMPLATE_VARS = "CRYPT_PARTITIONS CRYPT_CREATE_FILE_SYSTEM_CMD \ CRYPT_SETUP_TIMEOUT INITRAMFS_WATCHDOG_DEVICE CRYPT_HASH_TYPE \ + CRYPT_LOSETUP_PATH \ CRYPT_KEY_ALGORITHM CRYPT_ENCRYPTION_OPTIONAL" TEMPLATE_FILES = "encrypt_partition.env.tmpl" From patchwork Fri Jul 12 08:11:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Koch X-Patchwork-Id: 13731377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7774C3DA45 for ; Fri, 12 Jul 2024 08:12:00 +0000 (UTC) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (EUR05-AM6-obe.outbound.protection.outlook.com [40.107.22.69]) by mx.groups.io with SMTP id smtpd.web11.3144.1720771916444724822 for ; Fri, 12 Jul 2024 01:11:57 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=Zzrz/XAI; spf=pass (domain: siemens.com, ip: 40.107.22.69, mailfrom: stefan-koch@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nkroddKBJUFQqqsf6P/HlCZ9+ixY5wTI9zMYjupX2u/PDO8NbPOWt9OI85YEkS659CYJyLAHAEghA1R5gPrjKPb9/kL6qtFNXjISfgX3+vwuq/WBpluB/8yyEpOiMAUhaEpNwr2VIZ/orsy09nsQLFrzeuLSmkFxcBi5qsHwEUvWaKABGUyquYaodHJ1BDxT5APd/0jcaDuLcKMqpkrhatV/LgfcvXON0sQZ5IDoY56sjKauP6uO04miOJWkxqMxUma4ndXnfWxWukfVxJUSn0bKX5cLHkpb3yK3ZvFsAtzjXwehRt2bVwv8fFBOrgCVYHs/FqwN/vbC0XE6AabTPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ba9y4KDCaEb23d7FS43uUh/ESktNEkzhli+JTZceamg=; b=oP2DW9LB1wB53mQKqrep2HORQLDZ2bPwUdwobs7+ZiOD8DII7JHJYim5vVn0NOpQefwkfuOuR9HX0+YZ/ySVURk52QixvIgd45yXyT2Q5OIxcdnMv3xrfgcYTc1n6TjPx52qoPzM9yC0/InfH0vHauTVJR3VtqpS0s3wRs+PI2wOOwDpY7iLpEeMSpKvnlV2jYI03HAMTLI6GoyK6PFsZ2P2vJPmW96Zs7+NSRDqPFqPxrZtzZCB9s3Nbic8erPzpXQrE48oMwoXyMhwGNZDu9WfKYMrN0TJuVIhE9HlLi6A13A030FF22LsxL32tFAQhxJsbYT67WGr3cO/uXBqlA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ba9y4KDCaEb23d7FS43uUh/ESktNEkzhli+JTZceamg=; b=Zzrz/XAI3GQp0qwi0bx8Qh9i0a8d3mWuA6UrAzSOue9WiJWJhkFSWRStZCZUabwj0GOj/nkBTjklYFBiQtqpmPTNgYlqLOg4t/8ZPBl+U6q6qvFejiRM4VM8hOdv27hI38xLf16XhaM1FThWWkwUrl33jgQ0pP+IhIJ2wjGc6gr38XlCIgjJqkNC99LGod4iSlhEbGqenn6445w6HVUhj1tXJm/MhKWLX43mjPQYi7xm9fJEl8aVUy0dZGN6zBfysgxbALHXVLd6zdXyfc1+I6AuKKCDbFGJlXYXcJheJ0KupRf5wSD90t5GpXCHi9Dky8yl6WLKMc3KNgOLptRtIQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) by GVXPR10MB8316.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:1e4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.23; Fri, 12 Jul 2024 08:11:55 +0000 Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec]) by AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec%4]) with mapi id 15.20.7762.020; Fri, 12 Jul 2024 08:11:55 +0000 From: Stefan Koch To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, christian.storm@siemens.com, michael.adler@siemens.com, simon.sudler@siemens.com, stefan-koch@siemens.com Subject: [PATCH 3/4] initramfs-crypt-hook: Speedup disk-encryption reencrypt Date: Fri, 12 Jul 2024 10:11:42 +0200 Message-ID: <20240712081143.1376952-4-stefan-koch@siemens.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240712081143.1376952-1-stefan-koch@siemens.com> References: <20240712081143.1376952-1-stefan-koch@siemens.com> X-ClientProxiedBy: FR3P281CA0032.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1c::13) To AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR10MB4959:EE_|GVXPR10MB8316:EE_ X-MS-Office365-Filtering-Correlation-Id: 40c9bad7-70af-4c83-df00-08dca24a4b04 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: L1nj/DFkDxvr7zjgchc6BJr5NxpFbcgV27l+ybwWuTelMIlIYQbmWgvzvzRtXPvxShUb88H2fiZ11NqbmqGeQoy8E3KRfARKZHQHyFQhKxQKLAfIUYVihK2lqXJZXDCDyn3bH/33jcXjmq3oIV7jAjoa1fdnrKzjdvEMPcbONLgD1N9wpKos1ob2BIwq31QlqxUGutlGqX5lTHKoaiiSWQJvYnFz0zw9nb+BRDoO/l84/TBDDIV75nVRlmnu1afhyqllKBXI4ituxS4DK8geU7si9NpCHYUH3p0FXf8tOoiS4gpYsA2X6EOZTW1A/dUh506F7WYdZuTl+TarAun/1OCmYakD5XH0xgbgCaC9cU0CdEO7VAYNPnAnh/mn71T1jmNUlXjTtq3beEuJlR2CaaCumsgACw5eWV4vyxRi7gBy8ipLwCg3ejqYzgSr45k6zsscpHsZ14hr3EMsSNMlj6KS68HD/LrFyjsbNAndBaBhCkwbPOuyagsyiuv2uVBKtQYoiVZu6WdJgpcOiPPkmQlJb8beX+Ck+YXpyicnzVb29eydkf2j/CJBzBJlUGDwgsCnWu6EiUfUeHb1cYGkfd8idyhgh3VHfZTuK3xdCMtQY4lJ7hUk38xKZkjaNVCkrt9KJWA+dDmkYhiS4LZAtIbbIDY6rixP8XuJQlu9gkKMaavM+e5oh01a0x9vl4BRw4UE9FjJaQnZUOENppOMsHSXWzPsvvSE8sg9JxeA0nMoOhLwaCBqCGPtJMMuDQ4rwWqOoq8Y/v7NNMu5BH1xibuHNwJh+ZIn+wCRfufGGa42xrotx7o2XRK7eRuVlqkcGW4ISI2VP8oXTU0tULuReo1qtJtHsuGBnCXtf4MoLgQDQ/fYmQThMy5btKhwjzCEwYLykQBz4FESce04n/BY4XgfuRoNSD5oho1Y/DQNF8tHZKCoG77qfHROcCMP5GJh+BQitrUmloBCEzYLyu5fST04IH24hvMGfLmDpR78z/9Q+OASrzHpAvCQpCtoM0BDkQzTrPtIab53R7c0w0qz1wFzQNzvEDkVbsBLfax7zYsS0McXhjH4XVbXfUz6CXCwfZT+9H0L1Vzpgrdb8qc1G+0NnGDrLACtsduCHHqf1G+Y4gjh+6uETZgCN2BVGhcbUFh4IvFrR7OnxBNJ59Cr8PxbjVIQAs2zpTSL8UmJ7eKnx2W4GHzilEuqFMgApe1GeimGR4yteoSVeREq9QKXNKQZzzWWv2aT84HaVs6jiN1ymGkjs8QVliLfWL7Yrk4+kTJ3SJKbEcAhlqCgBbG3f4XmIp/muYs29v9HUtoquP3jCii18XNEWj0feLbCvJmWePaydqz2Y9Yww4Ambld7Kw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: heEe8UHXdAIn5R/51+OtuaB7+Y35y2HOIAqnMMnPV3yNto5VJKJIwCXbA27aeS6F02+QRl1zbi43wO7OrDFGLizjCv34ljD7uSvMeIsKGMNww4XjkILe8N8c7XNA2KuWIEukV8ct87iGb4vfb57vRB3QMjtrhxyy+k8EVGARRuua4GVbJLDE+Yro9W9asoeUKqEAFN7WV6aqJ/OU0EY0y4SPQXb6SphJfZNsFtgcvR7S7Wzj7va9EaQCRbmweiJ/T5dawGKArS4WwagpEYckDAOA6nbajiV58jatJCsH4MWzFb4jEpe5axVXJF3FfK/F5EamA7hq2+y7kyPanXS6HNFM2zY+dj/uDKwoNfyo3FWTgn2TGh1SKDVA76FvmnjC8qc50w3/LqBWv+5yR/ey66sWfJ6gOB066FOnQ8AnBELEyCLUS7d8e29cTOiz/CKBrVWUuTLW6MrttvG2JSqntUuSOlPH3p184J58ttrYtYgCfWjcO0UnVxqhei0sz/YR2bminIxWg/2KCRYj1GGH5STEbbeaTYmSibq0d7feXBMnK3Lmwc0GRKua3EtHiSafdZ/QMRF+spxGZbe8KTTW5T7/1+8Uxb7kr0BzS+1QCgcebR+IKHGvJUhymgcInkCPiZOMr7LcSDemR6eovW7jMiZkN8pLnygak7LMgETqh75iFEZGJO/FPvhisreu8cBA1w6lfcEIhDlPEMVjUc1H5DtDHsVZrvGs43lYaeeBeTH4EH0gmCy83dqqyeUQRjh5z1JV0MALEcH7kxHSVpDu124TbcpZRq4t+YfcYXvxbYMkvt7pZ1aiYKQ+WqrIk8kKhkKXMrfjOfgeKCAITfFdOH9DMiAawaxOv32mo+ncX8h7iJgy8yyYyIEPA6HFkbwMAYAoTK6Njj4f0NoszLrnC3RCLKU+7W+GW4IBxODPGsH3GD3pR+FZG69oOLcPeEUuU6VjfvdGauMa6HabxXxPHIn8gX+WvL+jFIiU+isifmVZ4AV9N5zOMvE1t5MfElUQbDNw22KI4HKkPUUZNvJyYzoyWAiuUSiAibTA4KNWmxEHZKIcWnihphgs0lGjGvmfRrnyOOBoWPERSbBSbM0+C8yU2ftqVitfn+pM4+t10z/WDeleZbpA+aLOAnwRgiTDICGLusgviiAlbDK0zPFMcOFugFKh7LSxncNSdh2ExONS7/jUudwg963J7xiPbObTIfYajP91LOY57sDbiElZlutER+EQo5EMEu1Klrp7ZZAmIZQ5RnfO4RgLiNy2SUxwhE6vD4jTWecLY9UblC8B82TDduD8FH7jmgxODUHFoGn07wZl+mc8QyMkmDUNPPYOdmddNKK1MUEOXxzG/a7Atd9U9v9S4j5CnwTdrIvxDFfPKjvjPVOcZyUKZeEHBZEkIR3RrRRK2HTm/XingXQnkDwdxIH/SNfG4Znj6lHvXL7rYYlj6tVTgZkWak8GheVmzy+YoiULd/RmZPpOQl2iGVpbdZoK4FY4QOeEpmbQsIqttHeWK6tQOzJZ0OAxiVhCtsORMSwGfGjPD/kNu/eDWe3i6XUYYZn6SU3LOyG/xZ5Iwjt8Gq4l6ArdERQ0ttkB7mae+h3VEzyprIHLQFmswKGrGLTp0s9KNglMoUGHPdcWKmUMeJ/7klXb//HnEweK X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 40c9bad7-70af-4c83-df00-08dca24a4b04 X-MS-Exchange-CrossTenant-AuthSource: AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2024 08:11:55.0636 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xz1CcqZQ6Y0V6fCdSqJ3YQLmbLizBxeTlXILnySo/D81/j34GjaqPUe0r3j12Q7f4TMLG71fuUdUXORFkJYHCA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR10MB8316 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 12 Jul 2024 08:12:00 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/16460 - When "CRYPT_FAST_REENCRYPTION" is set to "1" (consider security and data reliablity aspects when enabling): - shrink partition temporarily to minimum - encrypt shrinked partition - expand encrypted partition to maximum Signed-off-by: Stefan Koch --- .../files/encrypt_partition.env.tmpl | 1 + .../files/encrypt_partition.script | 50 ++++++++++++++++--- .../initramfs-crypt-hook_0.2.bb | 6 ++- 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl index 72033d1..9f3df4f 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl @@ -6,3 +6,4 @@ HASH_TYPE="${CRYPT_HASH_TYPE}" KEY_ALGORITHM="${CRYPT_KEY_ALGORITHM}" ENCRYPTION_IS_OPTIONAL="${CRYPT_ENCRYPTION_OPTIONAL}" LOSETUP_PATH="${CRYPT_LOSETUP_PATH}" +FAST_REENCRYPTION="${CRYPT_FAST_REENCRYPTION}" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script index f943aea..e768b54 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script @@ -62,13 +62,16 @@ service_watchdog() { } reencrypt_existing_partition() { + reencrypt_device="$1" part_size_blocks="$(cat /sys/class/block/"$(awk -v dev="$1" 'BEGIN{split(dev,a,"/"); print a[3]}' )"/size)" - # reduce the filesystem and partition by 32M to fit the LUKS header + part_size_in_kb="$(expr "$part_size_blocks" / 2)" # blocksize 512 byte + partition_fstype=$(get_fstype "${1}") + # reduce the filesystem and partition by 32M to fit the LUKS header reduce_device_size=32768 - reduced_size="$(expr "$part_size_blocks" - 65536 )" - reduced_size_in_byte="$(expr "$reduced_size" \* 512)" - reduced_size_in_kb="$(expr "$reduced_size_in_byte" / 1024)K" + reduce_device_size_blocks="$(expr "$reduce_device_size" \* 2)" # 512 byte blocks + reduced_size="$(expr "$part_size_blocks" - "$reduce_device_size_blocks" )" + reduced_size_in_kb="$(expr "$reduced_size" / 2)" # blocksize 512 byte case $partition_fstype in ext*) # reduce the filesystem and partition by 32M to fit the LUKS header @@ -84,9 +87,31 @@ EOF if ! cryptsetup luksUUID "$1" &> /dev/null; then e2fsck -p -f "$1" fi - if ! resize2fs "$1" "${reduced_size_in_kb}"; then + # shrink partition temporarily to minimum + min_size_fsblocks="$(resize2fs "$1" -P | awk -F ": " '{ print $2 }')" + if [ "$FAST_REENCRYPTION" = "1" ] && loop_device="$("$LOSETUP_PATH" -f)" && [ -n "$min_size_fsblocks" ]; then + # set encrypted size for expanding step + encrypted_size_in_kb="$reduced_size_in_kb" + # minimum partition size + min_size_in_kb="$(expr "$min_size_fsblocks" \* 4)" # blocksize 4096 byte + # shrinked partition size (reduce_size + minimum partition size) + reduced_size_in_kb="$(expr "$reduce_device_size" + "$min_size_in_kb")" + # set loop device as reencrypt device + reencrypt_device="$loop_device" + else + # continue with default reencryption in failure case + FAST_REENCRYPTION="0" + fi + + if ! resize2fs "$1" "${reduced_size_in_kb}K"; then panic "reencryption of filesystem $1 cannot continue!" fi + + if [ "$FAST_REENCRYPTION" = "1" ]; then + # use temporarily loop device to simulate shrinked device + # because cryptsetup uses device size at reducing + "$LOSETUP_PATH" --sizelimit "${reduced_size_in_kb}K" "$loop_device" "$1" + fi ;; squashfs|swap|"") [ "$debug" = "y" ] && echo "skip disk resize as it is not supported or unnecessary for fstype: '$partition_fstype'" @@ -96,9 +121,14 @@ EOF ;; esac if [ -x /usr/sbin/cryptsetup-reencrypt ]; then - /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k "$1" < "$2" + /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k "$reencrypt_device" < "$2" else - /usr/sbin/cryptsetup reencrypt --encrypt --reduce-device-size "$reduce_device_size"k "$1" < "$2" + /usr/sbin/cryptsetup reencrypt --encrypt --reduce-device-size "$reduce_device_size"k "$reencrypt_device" < "$2" + fi + + if [ "$FAST_REENCRYPTION" = "1" ]; then + # remove temporarily loop device + "$LOSETUP_PATH" -d "$loop_device" fi } for candidate in /dev/tpm*; do @@ -182,6 +212,12 @@ for partition_set in $partition_sets; do reencrypt_existing_partition "$part_device" "$tmp_key" enroll_tpm2_token "$part_device" "$tmp_key" "$tpm_device" "$tpm_key_algorithm" "$pcr_bank_hash_type" open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device" + if [ "$FAST_REENCRYPTION" = "1" ]; then + # expand encrypted partition to maximum + /usr/sbin/cryptsetup resize "$decrypted_part" + # expand filesystem within encrypted layer to maximum + resize2fs "$decrypted_part" "${encrypted_size_in_kb}K" + fi log_end_msg ;; "format") diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb index 1679133..76ce72c 100644 --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb @@ -59,6 +59,10 @@ CRYPT_PARTITIONS ??= "home:/home:reencrypt var:/var:reencrypt" CRYPT_CREATE_FILE_SYSTEM_CMD ??= "/usr/sbin/mke2fs -t ext4" # Path to full (non-busybox) losetup binary CRYPT_LOSETUP_PATH ??= "/usr/local/sbin/losetup" +# Fast reencryption state +# It uses temporary partition resize, +# consider security and data reliablity aspects when enabling +CRYPT_FAST_REENCRYPTION ??= "0" # Timeout for creating / re-encrypting partitions on first boot CRYPT_SETUP_TIMEOUT ??= "600" # Watchdog to service during the initial setup of the crypto partitions @@ -70,7 +74,7 @@ CRYPT_ENCRYPTION_OPTIONAL ??= "false" TEMPLATE_VARS = "CRYPT_PARTITIONS CRYPT_CREATE_FILE_SYSTEM_CMD \ CRYPT_SETUP_TIMEOUT INITRAMFS_WATCHDOG_DEVICE CRYPT_HASH_TYPE \ - CRYPT_LOSETUP_PATH \ + CRYPT_LOSETUP_PATH CRYPT_FAST_REENCRYPTION \ CRYPT_KEY_ALGORITHM CRYPT_ENCRYPTION_OPTIONAL" TEMPLATE_FILES = "encrypt_partition.env.tmpl" From patchwork Fri Jul 12 08:11:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Koch X-Patchwork-Id: 13731378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0882C3DA45 for ; Fri, 12 Jul 2024 08:12:10 +0000 (UTC) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.107.20.57]) by mx.groups.io with SMTP id smtpd.web10.3116.1720771920681530655 for ; Fri, 12 Jul 2024 01:12:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@siemens.com header.s=selector2 header.b=DRp/JIND; spf=pass (domain: siemens.com, ip: 40.107.20.57, mailfrom: stefan-koch@siemens.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qwpUemaGGIXMCIA5VxUp97O92QmgyFCljACDkU6JRs+WJeZrQat5OGxjveaUDoFM2b7OCSc1IfPh6ErcxUmSfI+J2YLQGrfPvroLDdwelnmEBHHVzvGGTqnbzxvWgwL4h4RyWhBDfNqGBSNxeonuoMd7rPKuzFc2PqGxW/qqwdKeXPhOpqBacYssAwAtMmPbI7/6YL2lR6SNqCkZB0PsWsKiEewt5uhJlkRxMTQGWWQfc+yD8sgVeyCffZczJr1DmvByW5b6FM101UVX8J7dQEP3WZbb+OW7jUbQglqZur2Fwa1y+wxv2uE+BN3NLwdiMa9KiScnun8hGmDVGSsYCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KDFKkQykj7N89n+n2HVmJjrDY62BxlYiTvEIbhe+Iv8=; b=nu7lu1soHco8UszAnzCSO9jbI7QiHWc1jr2LGlikEy0NnAAn0pCv5WTFlTW6ZLTEkOHmDPjfhO55dVzRxxpzEuIrxCGMqPM31i8HX7EHXjSdFatXOJPfaXTMrvbyuqfDq2IHx231idpOkQXfiMr73IgV79546U5mkuaM+yZ0qnFqI8LGJueN/WCBr04RZYkAJELe8XIPqmn+DuhfelJL+tAE+947/8gbYBsm+JLsXZDGt2goec7Fjq/DEnXSkHIqhQWb5ls/L2GO9xD3Iz2FNLOQSgRV1Gb8PBGwWQKEvYo3zbmVUMmpts53mcOI57h/iEnsRx379ikGoP+FFxaCDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KDFKkQykj7N89n+n2HVmJjrDY62BxlYiTvEIbhe+Iv8=; b=DRp/JINDrWXYslLWKe/WQlDMFXkpGWfnTWjCkSYf8EMtHM+9YBydiojr8wiSTLXsZNpTdZLrrLoTXMfKXxWai+QkhqU8bDtwJ8u7ugU0W3I/5vaej0xCLj1+pLsGDf1Eypidjoii5EU5fkjLrdcjbqh6X4gqCyB1X+v2VkEW+NTQpEhWux2d8Q9vtWYKWIoM/RcIom+dEvwEkt8YVKPbAtli1aiZcJy2Vx4Yz1cE8geUrByJQEhFcVai5HOMFSjMLkIQlubjJ7hDIk6e3Q6DvMmH+AehyogTVO9K6p7OBUL3FKeplZOxl+ia6j0L2wSqueaUYca0KlLnzgWM+wAtXg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) by GVXPR10MB8316.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:1e4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.23; Fri, 12 Jul 2024 08:11:56 +0000 Received: from AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec]) by AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM ([fe80::71d7:e998:3abf:a1ec%4]) with mapi id 15.20.7762.020; Fri, 12 Jul 2024 08:11:56 +0000 From: Stefan Koch To: cip-dev@lists.cip-project.org CC: jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, christian.storm@siemens.com, michael.adler@siemens.com, simon.sudler@siemens.com, stefan-koch@siemens.com Subject: [PATCH 4/4] initramfs-crypt-hook: Add missing mountpoint executable Date: Fri, 12 Jul 2024 10:11:43 +0200 Message-ID: <20240712081143.1376952-5-stefan-koch@siemens.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240712081143.1376952-1-stefan-koch@siemens.com> References: <20240712081143.1376952-1-stefan-koch@siemens.com> X-ClientProxiedBy: FR0P281CA0113.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a8::13) To AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM9PR10MB4959:EE_|GVXPR10MB8316:EE_ X-MS-Office365-Filtering-Correlation-Id: 9caa251a-3f1e-4ddd-cebc-08dca24a4be5 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014; X-Microsoft-Antispam-Message-Info: 9d3YPHim4yzkAO52/LFszJxURYC/1mCWcIqb3QSWLMmmA9a695/wlN3QBoef6tXb6h8pH+de1oJQr1PrhiS+xtnB69yZXObIrEUF3Gmy6oaooyXs4juWC9o/+0CyOjOTAQ8IqwIOoDDjvTl48IfP6yZ2I2U5GX0c5B6Oy4lqVIJMS25IPidjgZfMnAleqCVZ2jFRC4XPKBMnTEXtIUqtJnpa2qH6/XjfdgqAjQmfGfWOCq8DZvkLp+65UehQohliKoM3EJkLkxUioajGdDSAQAmebiB5BgW/S+vb8vzO7orGWg70NrGYt8ZvtXmvG3lrcEemDowJHOIm0FhLdc//uGszyqrfRH+d578iz/hvk5qPSo5ylAUO/jJapZKM+zR0fXIUXkAMsxkDcD+8ojLZ4tqsgd+p+FJHYzEyWBMFuSijzhv2PVhNkYV/eTNIgnSyoRMzYa+Kgv34OpDTYHPe0D0LGioDK3D8liPO6tAwjUnZwf+CuAA05WUZHy1E0wFJqo4gge9k66k4PgKfASUAZAc/CDsIpfCHlmQAuVvv7v4ACpXfSG1QOYJpFWPDa+ZSO8z4H23SUY8r2Cj2Fc49DJEN6WgHk6jbku6FuVJofzYdrDiolQ5S9lD7e96lP7G9MEE+8T2ONbcopM7S/dg/DYLsll4x3TH1dTJUkXA143KWwYxRjkwf8ceERnor7A0AYwRqqxtJ3w/1PDCKeViMjT4FLmyp917EKmFoot1iM0ycOh41Wz2Ezc6GzIVfnIH+aF+EsBC08QBTAH1UFrvYJACDivCkDfFc27+8L3hUjjyX1DMXdf4yS7HWzh3YLgTrvrHfCTHmPkis2rcc1MhwS+1ao4Z8ApC2Vfu52ZjxHYfiH2TO0qQO7lZ71ZsPIWY5SaTD/IougUz0qytlrd3O0zsJK+H1DjWNV1XEJI/lGevLWkIIZoBj6hbrR6PYb+gGWnEDxGkHy/4Ohxv/azOks3WXRlji6oMygW+E/L0i4DpFoDUE5u5BoeDYmUqUgDkJtIVxXju967mTYa+pEBOAu/i+0Bhet49Gi0b95ow823CzX21HxDpjUBTiKcS/TQv0BPnq3SidXIZbjOKI4ZkJWbGHiqyCSE6inx7qMjENGKOzRc3cCfuGel4NMsqXzXqwaAi37TeofI0uIR1ES+u8ZK9E2+2vSD5yyRUexd2z4+yVkFr1cG6SI85ZybBG4HIB8QOCwAQ15ayY85lxj//qAdEMWGFv3xfPrvw6ujwkMYxJCKAUQA3zQr+RKFs1WefgpHjlyFYqt+jqkBV1EE0YbGXlrwT0etGtADyTEgv68pGZb3FPIoFy7ZexTudGPdsM97x9Lp8aNoAYuPlwuBpVAg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: h6P4g8lUfwhItSuDb2sq7clGj55kLOErG00OVKeovvzi6n745blh9wfmGlvEBcjq8f9DCnz3Zky7uz5gUw+aR9tDsvkTWfVqCj0G9RK1kLPAlM7a+Pe3nBty05MRWyr/p73Nmf7l6PUnQzc7O6jow+zJjm8KdTCz8CRW0ICbgoyqftyuAiY1LRT0OS48c9Xjf5cqN9l7TyLGL1D3Kn4XBKOh7D8E43kgR+h6agOxZVVmTdNYrzCG+TbEGURyEnnXo1AdfSpO1LoKt6zbJ/sx0dgPknKk4vGexSAiEe9r9QvRkCTli4Auj2EXNQQfXvWygPbxaA9E97+aavmQMQ7/c6TUX+stp7JKP4Y0FKqtNHCjmOFenNj7fbTFCVKfQMj9mUOBj89FdbqUfZq7tMWDSR9D8ITtr6eTHOcFspjEnN5RE27V2+1oWR1KvL/sUwpEsKkkhwNwmTJoSiLeKtnWLGk5nh4xHhMC9k4qeT82UmQFxx5aVL74N5dzzDtKmmNRAglaiiqRjP3Z2MtDejdjWosOYpbiYmuUS7ouTdzhExj5pviysEkz4IJfccvF+hwyRhjro6Zoy3S/xMgBbabqPBUYQXzqh6vJ/9+dVMKHYK9C8hnv1RJwSjFhcGzbrPqZsqmh3p10vVsxK52rkmnsjyc40iRBv11JFV527ex3sZR4igp3GRwINGJvKCNHnaZ1byqZGED+xtKXx+q/mGF7zpFAXTwrX5awKMN3ZGnOa9SZjH/6yIqgfuFuuXIQaug8w1Eh43I9PukoU+y6BJEoidwuLB3cke6nAzSGvVwIy5lsN3ufh+nlY6iVbWakLoqVQcYh8jwmB1U1l/eo4aGPAhz3P4WKjeWx+9LMU/g65XP8zVoaRbwh63/M08YOpxpw9r1AADG4Cg35VoHYbuFouXCOhQflbsXWS+acER3YHSq2CIEGOw9KV1KT9THmcGtlYJtkac7/a8poHV+vxPSix/pYCziq6J1OHNavBr/R12NyyzqcGKLOhGeYnZV45NaYrcqjejnCYtXPjJ+FyjheyGP2CnFKcEgkGkI7wemfj7JwOOcdTQdGEJ42gWJ2CC54ft0ttXfbrTfzxtgize2KEYYJng+A4/OS7dSh72h9P0S0gcKZ9nCgoYi1zN2TpQVEmeEGx1rE94K+dz/+mjdD+njghPV3dHm2OMUM8ElBdKWnBCRR2IV0d650Z4+hmZkiXjO/xXsOpUHCeOJuqLGzps0MI4NgTHnzverqrCxuoxIoT6orL50JStGIqb01U3U64+FSliuMw6k7+p6EQlmDJpSi8Su+iFXwtTqEWODsiXo2iNtf+l8E9EyaNrm/2tghDQ34eAw00QdbriKJdOH5IO6OP57cB7UEPT/E0b4cfpzaq+CzowuD633rhHkUddJ+aTq3lGW917LOtJCMZEMcx4WgfbWYcwJOe2IEF0w9kR6VeMuCWol6G06qXW46ABHvVfCxLrWM+BDoV3wKhfWx/wby08SfjhmgW4pagDLuXB6a1A5t0FwbaYKL6YGFZ6avxZD54R6BpXYb08uYj4LihEMRPQlcKTr/T9OsYanJjtqPv2S0X/IqLj2Lpnq9luI1lEZbK7FrB4lkRSEV8AVeJNa3Z9oxIiLn5PxPmDKNoeVQ2P/Hava9oPWmJm3ygXiT X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9caa251a-3f1e-4ddd-cebc-08dca24a4be5 X-MS-Exchange-CrossTenant-AuthSource: AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2024 08:11:56.5395 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: QOMN5Kyvg/yUTyrFwHXIAQI2s+28R3WGbT0+UbPNeT+JaXq6UbIDKjqBxWgjcvTfDlbdCcFSFa1ZuOUQnJxriQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR10MB8316 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 12 Jul 2024 08:12:10 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/16461 Signed-off-by: Stefan Koch --- .../initramfs-crypt-hook/files/encrypt_partition.clevis.hook | 1 + .../initramfs-crypt-hook/files/encrypt_partition.systemd.hook | 1 + .../initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook index 4e62ef7..275461d 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook @@ -45,6 +45,7 @@ copy_exec /usr/sbin/mke2fs || hook_error "/usr/sbin/mke2fs not found" copy_exec /usr/bin/grep || hook_error "/usr/bin/grep not found" copy_exec /usr/bin/awk || hook_error "/usr/bin/awk not found" copy_exec /usr/bin/expr || hook_error "/usr/bin/expr not found" +copy_exec /usr/bin/mountpoint || hook_error "/usr/bin/mountpoint not found" copy_exec /usr/sbin/e2fsck || hook_error "/usr/sbin/e2fsck not found" copy_exec /usr/sbin/resize2fs || hook_error "/usr/sbin/resize2fs not found" copy_exec /usr/sbin/cryptsetup || hook_error "/usr/sbin/cryptsetup not found" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook index 2ace533..4aa3e91 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook @@ -45,6 +45,7 @@ copy_exec /usr/sbin/mke2fs || hook_error "/usr/sbin/mke2fs not found" copy_exec /usr/bin/grep || hook_error "/usr/bin/grep not found" copy_exec /usr/bin/awk || hook_error "/usr/bin/awk not found" copy_exec /usr/bin/expr || hook_error "/usr/bin/expr not found" +copy_exec /usr/bin/mountpoint || hook_error "/usr/bin/mountpoint not found" copy_exec /usr/bin/seq || hook_error "/usr/bin/seq not found" copy_exec /usr/bin/sleep || hook_error "/usr/bin/sleep not found" copy_exec /usr/sbin/e2fsck || hook_error "/usr/sbin/e2fsck not found" diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb index 76ce72c..1364248 100644 --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb @@ -12,7 +12,7 @@ inherit dpkg-raw DEBIAN_DEPENDS = "initramfs-tools, mount, cryptsetup, \ awk, openssl, libtss2-esys-3.0.2-0 | libtss2-esys0, \ libtss2-rc0 | libtss2-esys0, libtss2-mu0 | libtss2-esys0, \ - e2fsprogs, tpm2-tools, coreutils, uuid-runtime" + e2fsprogs, tpm2-tools, coreutils, util-linux, uuid-runtime" CLEVIS_DEPEND = ", clevis-luks, jose, bash, luksmeta, file, libpwquality-tools"