From patchwork Wed Jul 10 05:33:35 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Rakesh Kumar <kumar.rakesh@siemens.com>
X-Patchwork-Id: 3675
Return-Path: <isar-users+bncBAABBPGVXC2AMGQETJVAYWY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 10 Jul 2024 08:31:31 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-qv1-f61.google.com (mail-qv1-f61.google.com
 [209.85.219.61])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 46A6VUUL009316
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Wed, 10 Jul 2024 08:31:30 +0200
Received: by mail-qv1-f61.google.com with SMTP id
 6a1803df08f44-6b5ec98bde2sf69554206d6.3
        for <iupwgm@isar-build.org>; Tue, 09 Jul 2024 23:31:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1720593084; cv=pass;
        d=google.com; s=arc-20160816;
        b=TrmVmJBecDgABII8Ys+Rs5cPWvonrIqFuvjnMG+OwCwcIOmcCFlmgdMJ4gOwjnNZKT
         GXyrkShDZ05GYdZbLzoCWJfg7pl2nCbzMZyb6tcfMke/J9yWDwZ/495HNTx1jgc0zcnZ
         7pRWACSpHhlA0C4txzaEVsT8K8HBe0e8Z39GfWb5G9CHlD0+16xfvEVwvPgsYZQoQgNv
         Oj7byIsV6+4lTNVy6ZDe+SQLL0hwghQFDMKYRXdD8WRGWwnyM3/CiyHrPNcGe2W1X53n
         /x+Nxoc2k6QEVAOc435ibmnLHTJbvb3J1vy5VJPMON4r6gXhR1GU7We2v82Mg1hFCjWC
         asNA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=Ez2lZ+BCihnVkwW0YPrv+rhH5vF09a92BjbuA/2rZ84=;
        fh=gdMagg7y2ovOWsKFrdACm0FaEOLkMvfpNY9LXdlBz0Y=;
        b=Subix7SNVeVHYjkaS0VdAKHnAFQwMfJKJFIQnqlWfynGJUzq3xtwQsMvwKzbftwZER
         wjulQf8GnHTCa9OStt2M8QEwA5o0+/dCoDoGSjYFshm0+c2Y7HpdpL9Dl6Cfp3LP/KKr
         yANlCAKBIQFgWjs/70IWEvtTKLm9+3eJeYViFBV1TWqL4Ke2zuhsOiEF8vlvINTTSDTv
         WGt6IrB6nTrSkaCLM+2z1FB9w9G073VT4hIhjV3FeETNb5UslbJ53gmjyXXWx+RW8c0l
         rFF3NhGWGiGGYKuBJKJ+aNie+42pxZxQcPaYeQaB0P8aZ+nHwlhjBz78RH+X7pnnX0eK
         iVDw==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=LUrgCYnM;
       spf=pass (google.com: domain of
 fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender)
 smtp.mailfrom=fm-1325885-2024071005350945a01f5ec5c609d46f-AkS9uE@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1720593084; x=1721197884;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject
         :date:message-id:reply-to;
        bh=Ez2lZ+BCihnVkwW0YPrv+rhH5vF09a92BjbuA/2rZ84=;
        b=BEtutix/WG4Quagf0IsZgkx/yrDMj2IOUtfIY4At5lob+YTDIDkubH4aki2RY1Zsnw
         9qJscosQI5SnD9tfITO4PbfRvziOSJeobMdtL9+3IeAyU3D9OH/fCb7sNWdfFaRZTKgl
         janqZEA7dBRPfPfG8H9H5Ox+eHNPhLkz6jGEIkVim+xJ7roAk9ykREHlz0m/WKCrm+Z4
         JA8QGVvl6KYQuF+Oxzxec0JM6I3L2040yelriThoh72W/bLU2kPtd0HdkFDFULjBlCaf
         Rwhk3npphfSmKgx2ZD9twgnLc5Umt84Xv5sf1QOVl8Yc2Ch1xWCaUEcfA/u+NnuBHSkF
         pQcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1720593084; x=1721197884;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:message-id:date:subject:cc:to:from:x-beenthere
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Ez2lZ+BCihnVkwW0YPrv+rhH5vF09a92BjbuA/2rZ84=;
        b=vJ6ZR/XTNooOv7uvyYpRFDxIcutR/UrPCs854h9gUcXXtpFTKEBlp0V6InjO5m0jl/
         YkQSZyt5sXWyE3BFAVjQgi1Fxs9SU+le33rQopKIGf6d3zppKCFRRfekfOZ3jEpc7H+b
         O+JOKlf585+quNRsdYwm/MC2j+hjsVIpwmXBISZjr0zZ/TwqDaihfh4Kq7kgVs91Bc9J
         g7NLQP6jW8lCpZwLJ/YzWMVN4da1FQlcSn8Q0qYTTp4P9XKJUMcCCD5u47kMNFvtsTom
         vze/CTr+gbx+x5VsQX4Q4zyWUoI1FwzNHzKnx+9Z2q2THOtY6yyZY5Kkv2qXQbP+iHpS
         LjNg==
X-Forwarded-Encrypted: i=2;
 AJvYcCXxCU8yEHl3b8Lp0KQmYLLqUaZglc0AYdWvQlQkEXeB713KO0b/BdXRD2tVF1fpimsrxqHkgEO1NaH9tWR1vLfLUY4ykIk=
X-Gm-Message-State: AOJu0YyXtkhNw3phGRQWgk5dpNUxc8XO4fHgiYpock7UgZpSK8+vKzVE
	iTzF7QiSUobEWauEaH20tkdpHGkm0eDNVJGp/HeLUlp3jk4zAaqm
X-Google-Smtp-Source: 
 AGHT+IHGE3utKYHU+jXhewaKVV5sU8AORnh29QzYllEk71qe1Iiy5EacyzgOUnbUNqs7iFzqWoCktw==
X-Received: by 2002:a05:6214:401c:b0:6b5:e77b:b785 with SMTP id
 6a1803df08f44-6b61c1c7d32mr62405786d6.48.1720593084333;
        Tue, 09 Jul 2024 23:31:24 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6214:4114:b0:6b0:7d67:d552 with SMTP id
 6a1803df08f44-6b5ea788b27ls141484396d6.2.-pod-prod-00-us; Tue, 09 Jul 2024
 23:31:24 -0700 (PDT)
X-Received: by 2002:a05:6214:1308:b0:6b5:d9ad:43d6 with SMTP id
 6a1803df08f44-6b61dae4dfdmr708356d6.5.1720593084018;
        Tue, 09 Jul 2024 23:31:24 -0700 (PDT)
Received: by 2002:a05:620a:3d0e:b0:79c:bd3:58c5 with SMTP id
 af79cd13be357-79f834e871fms85a;
        Tue, 9 Jul 2024 22:35:12 -0700 (PDT)
X-Received: by 2002:a05:6512:3e09:b0:52c:e1cd:39b7 with SMTP id
 2adb3069b0e04-52eb9990b0dmr3659091e87.5.1720589710217;
        Tue, 09 Jul 2024 22:35:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720589710; cv=none;
        d=google.com; s=arc-20160816;
        b=zuLjbc1KpuoMjHl9Mbak0mDR69/eSwdwLw8X67RtpJNsq6/lJNEx9tyrpfoTu7e80W
         X4xI8Vpsty7pf1yUDY/YG58GKplfU30N+wSf+T8oUnHe0jAj3op3MD1FWYb9BFdpRxpx
         784sBQRTOElmTabpeFv6OpEDZeunq6r8tKIZlBx3PUwN3fD7tNs6Na7pFYhswxmAgA9F
         vJgYxRHHvxM0ME0Lp481SjHAFlvo7izQ95js5tYzXtoHzbWfn8qP93/35tGy+6VuQ5j3
         44SMLQYCaVhrIp1rHrAAHyJpQMyfNn4C7RM9qTQG15tpIXSaBcfbADdinmWgi5zEpstL
         oioQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=feedback-id:content-transfer-encoding:mime-version:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=6fYqQ63imSaHrxKRIQo8yyGcYXCaxDHzcbgAEFJ7664=;
        fh=dwnf3PiLoNuxEmlEQqfoWYSFcsr4isZMqOMz5uUNloE=;
        b=a8+nxY5MIiZvNoVwQk4NG575VdLkYekfLABrUb9ZAX8Xv6IHrzXvFOJ8ojLxR6Vh4V
         egDkw6dEczg+KzYzlgHuKTUudCm+FJrSK19tG4WZZDwYKX7Lz0g8GDKoZxzyCdUBAFH5
         o8gn9oj4mJnweIxTG90ZENpToDmMrB7JZNPj8ydhTQen+q/DpjZxWtg5CwTYMZ06uywg
         6BedQXxED4SlQFghVzeNA/HHlLeIK/esnPTCuRmQplzrt+1YTswCR8h/j9jc/AwcaJFv
         SUY6McUnllAFDNyVaQOsidIdhYws++oi6VxL5xcNWpyLN6xTnkygupVbIZvMrSzwsjXx
         s0xA==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=LUrgCYnM;
       spf=pass (google.com: domain of
 fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender)
 smtp.mailfrom=fm-1325885-2024071005350945a01f5ec5c609d46f-AkS9uE@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-65-226.siemens.flowmailer.net
 (mta-65-226.siemens.flowmailer.net. [185.136.65.226])
        by gmr-mx.google.com with ESMTPS id
 5b1f17b1804b1-4266f736460si700375e9.2.2024.07.09.22.35.10
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 09 Jul 2024 22:35:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226;
Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id
 2024071005350945a01f5ec5c609d46f
        for <isar-users@googlegroups.com>;
        Wed, 10 Jul 2024 07:35:09 +0200
X-Patchwork-Original-From: "'Rakesh Kumar' via isar-users"
 <isar-users@googlegroups.com>
From: Rakesh Kumar <kumar.rakesh@siemens.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, cedric.hombourger@siemens.com,
        Rakesh Kumar <kumar.rakesh@siemens.com>
Subject: [PATCH] initramfs: move fTPM and tee-supplicant initialization to
 local-top stage
Date: Wed, 10 Jul 2024 11:03:35 +0530
Message-Id: <20240710053335.2163596-1-kumar.rakesh@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1325885:519-21489:flowmailer
X-Original-Sender: kumar.rakesh@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b=LUrgCYnM;       spf=pass
 (google.com: domain of
 fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com
 designates 185.136.65.226 as permitted sender)
 smtp.mailfrom=fm-1325885-2024071005350945a01f5ec5c609d46f-AkS9uE@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Rakesh Kumar <kumar.rakesh@siemens.com>
Reply-To: Rakesh Kumar <kumar.rakesh@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,
	SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

To ensure proper initialization of the fTPM and tee-supplicant services before
the root filesystem is mounted, we are relocating their initialization to the
local-top section of initramfs. This change ensures that the encrypted filesystems
are properly initialized and ready for use before the root filesystem is mounted at
local-bottom stage.

Reason for local-top:

* Early Initialization: The local-top scripts run before the root filesystem is mounted.
  This timing is essential for encrypted root filesystems since the decryption process must be
  completed before the filesystem can be accessed.

* Dependency Handling: The encryption setup requires initializing dependencies such as
  fTPM (firmware Trusted Platform Module) devices. Performing these tasks early in the boot process
  ensures that all necessary components are in place before the root filesystem is mounted.

Signed-off-by: Rakesh Kumar <kumar.rakesh@siemens.com>
---
 .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb    | 4 ++--
 .../initramfs-tee-supplicant-hook_0.1.bb                      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
index db38e618..82fec1bb 100644
--- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
@@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools"
 
 do_install[cleandirs] += " \
     ${D}/usr/share/initramfs-tools/hooks \
-    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
     install -m 0755 "${WORKDIR}/tee-ftpm.hook" \
         "${D}/usr/share/initramfs-tools/hooks/tee-ftpm"
     install -m 0755 "${WORKDIR}/tee-ftpm.script" \
-        "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm"
+        "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm"
 }
diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
index 3768b8e0..a7a19bee 100644
--- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
@@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, procps"
 
 do_install[cleandirs] += " \
     ${D}/usr/share/initramfs-tools/hooks \
-    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
     install -m 0755 "${WORKDIR}/tee-supplicant.hook" \
         "${D}/usr/share/initramfs-tools/hooks/tee-supplicant"
     install -m 0755 "${WORKDIR}/tee-supplicant.script" \
-        "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant"
+        "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant"
 }