diff mbox series

initramfs: move fTPM and tee-supplicant initialization to local-top stage

Message ID 20240710123046.2174029-1-kumar.rakesh@siemens.com
State Accepted, archived
Headers show
Series initramfs: move fTPM and tee-supplicant initialization to local-top stage | expand

Commit Message

Rakesh Kumar July 10, 2024, 12:30 p.m. UTC 
To ensure proper initialization of the fTPM and tee-supplicant services before
the root filesystem is mounted, we are relocating their initialization to the
local-top section of initramfs. This change ensures that the encrypted root filesystems
are properly initialized and mounted before the local-bottom scripts run.

Reason for local-top:

* Early Initialization: The local-top scripts run before the root filesystem is mounted.
  This timing is essential for encrypted root filesystems since the decryption process must be
  completed before the filesystem can be accessed.

* Dependency Handling: The encryption setup requires initializing dependencies such as
  fTPM (firmware Trusted Platform Module) devices. Performing these tasks early in the boot process
  ensures that all necessary components are in place before the root filesystem is mounted.

Signed-off-by: Rakesh Kumar <kumar.rakesh@siemens.com>
---
 .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb    | 4 ++--
 .../initramfs-tee-supplicant-hook_0.1.bb                      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
index db38e618..82fec1bb 100644
--- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
@@ -17,11 +17,11 @@  DEBIAN_DEPENDS = "initramfs-tools"
 
 do_install[cleandirs] += " \
     ${D}/usr/share/initramfs-tools/hooks \
-    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
     install -m 0755 "${WORKDIR}/tee-ftpm.hook" \
         "${D}/usr/share/initramfs-tools/hooks/tee-ftpm"
     install -m 0755 "${WORKDIR}/tee-ftpm.script" \
-        "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm"
+        "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm"
 }
diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
index 3768b8e0..a7a19bee 100644
--- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
@@ -17,11 +17,11 @@  DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, procps"
 
 do_install[cleandirs] += " \
     ${D}/usr/share/initramfs-tools/hooks \
-    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
     install -m 0755 "${WORKDIR}/tee-supplicant.hook" \
         "${D}/usr/share/initramfs-tools/hooks/tee-supplicant"
     install -m 0755 "${WORKDIR}/tee-supplicant.script" \
-        "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant"
+        "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant"
 }