From patchwork Wed Jul 10 12:30:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rakesh Kumar X-Patchwork-Id: 3676 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 10 Jul 2024 14:31:22 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f55.google.com (mail-wm1-f55.google.com [209.85.128.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46ACVLBn010729 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 10 Jul 2024 14:31:22 +0200 Received: by mail-wm1-f55.google.com with SMTP id 5b1f17b1804b1-426679bc120sf23841885e9.1 for ; Wed, 10 Jul 2024 05:31:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1720614676; cv=pass; d=google.com; s=arc-20160816; b=UV1w4er9IvgZx72dpXoOmKXcjuJHTfwYEmtCUOT8UgU84tkUoG4a0qQYZrUKwZEEOc XJwTdiChT/Z6CIKVp7WD7yqLuyRkbsPptxTVA7NMzUt7gXwrclja30wbMLFVmBsFdYco DnpGxsSzPV5a8nrsY3k3Ls9EYGPd8DHOkV+czr6P4IXWZR1RNQk/wBCopqstakFeQGKw 873CrL0Pc05NiXnfPC1jogX90spNlkzWiJc/nlRpiNuYNqrjAUBTJ5OU10U7ONfNiccf HH8rQzyCBFbmrIPHoW+OXy3Sg0w6o002egRKMNK31ORjvW/q7HXiLY3i+9SnlZPH2pzv CdSg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0wJZso9AYaUFdIatd6HqrL2jojq+xdW1KHGdMPfGmdY=; fh=Pb/6IZrvzCpzTP8vW+PB8o8fctVrfrmWVfkubU5BJBQ=; b=HMAX1Ll6qVsb0o5gOafH2wy43fi/9xzxCvKy1Dd4b3RmlQs7nIRjo/LfKwutVj+yaC s++PtNhxfVLYBmU87dO2QJwpI6qsamxId3FIu9k/fGLRKIeE14T0mDXa43TCdcNH48ot aKfcM6W4dcu/YtNbzZZxt0Wd7THGBK1hDH9/FuB9qXZejFL8TZyX8wYMNC54mxLytAY9 EXf7vZxMIEnnv4+jN7P8EN5h94zG1b4gbxZQdiRo0NLYxaKG2RSfEIIWBifSBM7RKsh+ 1RoLkfDaDEHj6P5yof2p747VYO1APPDxEMyDnM7B8GCH14toQl9NVKyjIUUrEBmq6qxr wfew==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=RVhwFQDG; spf=pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1325885-20240710123110c520430a7c39b3a990-KNt9nB@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1720614676; x=1721219476; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=0wJZso9AYaUFdIatd6HqrL2jojq+xdW1KHGdMPfGmdY=; b=HeKkeX+x3OB4vYGF4RcpujFdklVA2mtkeaVH98AMg0Ut8PYGn3URTHIPAEAX+spawD oVGdstzMfAjfzZCOAJniw0aQIs4D15ncsEcrniA/k0rqxuvfabOZxFVvqV4hGZ6wDYCR cF2udx5TgqIQoPeRkIni3XXHha+lcj44WdMvLF8/oo7ZAWjzqwmDfbH6cW/fAcE7cdlB HXQRdb/wPJjyNaoCZOA47gs55pDEzQ5si8jAtM9GuHNVxyR2xrnv+/4030anYgiQGSWr z4ReAr/pTUCm6l/V1l+E+/G4uBCcZQyWf9j52HCF02n9u52j0dTDb7HsDgdyMUX/hqhV jtAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720614676; x=1721219476; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0wJZso9AYaUFdIatd6HqrL2jojq+xdW1KHGdMPfGmdY=; b=Jup7fzGW0OppRyZ6UEGuJWFyl4rgDGUDCGGPvfU66mSA0/rbEXVRneHfke/0RO17OF X8Z+HCN+6KEpJBp+mOk3P/VtIZvTZnp1LPBjAOH2ep7BvWv3PMFzFYp3eHtyBeIHmf8N 3doa+wHs5MXJAet8uPiWaOOFpcUaFs0zHn+Mv/rsDE1o3ggniP/jRICAYr75cyS5ApAP B77o+GrVtY56Rw3y2WxUXLB2ckQrKlprU9idb5W5QooQ2knNgzM2E7OnPZzvYnZpyLcH kZrS5AqJ+hnZ/3hO6ln5Eg2/RghqTtjBRo4W0Hi+DpHkpioo7S40KBYul4+uE6CxTXuT FF6Q== X-Forwarded-Encrypted: i=2; AJvYcCXwv9naavFeY0HSrg8OuJs6J7e0kySETVJC7XXBhyz2qrAHAjZvRFRX3Ww3/bsx3LmAwSOi3Ohr4fT71l1zqFOYrQY06oc= X-Gm-Message-State: AOJu0Yy4NZsrVOoI+rwBmpJi726PQJTbMRR8wNPqWp+2H6QF8/VXrbuI n/I3tPVz785dxV4DSH+1+SHJvlP2m+kwBVFWzg7FArYs5ic0AkBn X-Google-Smtp-Source: AGHT+IFqoevIOpzjviGpw8Kita2TjUKk+VmHFCvLBOcgwoe6/DiPfG60Q0/KKrfQcUqnwj9fa2VrAA== X-Received: by 2002:a05:600c:2303:b0:426:5d43:e41d with SMTP id 5b1f17b1804b1-426707d799cmr36203775e9.18.1720614675858; Wed, 10 Jul 2024 05:31:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:4754:b0:424:ad28:5291 with SMTP id 5b1f17b1804b1-42649aa7e6fls27209585e9.2.-pod-prod-02-eu; Wed, 10 Jul 2024 05:31:14 -0700 (PDT) X-Received: by 2002:a5d:568b:0:b0:367:94f7:1fdc with SMTP id ffacd0b85a97d-367cea96246mr3288771f8f.40.1720614673951; Wed, 10 Jul 2024 05:31:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1720614673; cv=none; d=google.com; s=arc-20160816; b=coqFK0oMAnvuHFtCT9HzI/EGH+ueu1+jwPIPl+IzazcWJhn+Z19w6liq6zD3UhTPcw 06+Zt08De3PdwqYw85rAWIgbL61/JCmUdWe2BPAQ1EUhQ4GtxqauZgmeN2D7calrO9f0 X3I0AxnIEGiEkRvcN6QW8jqKbNN/FiV+5Etx7aCCzBtmJcIdiAOIUDZ8gphWN0odxmAU 1+M47+XhWWkrNdibEv4kl9919vRK2ZqtZU6rju6dsjXPeQOAED+tJOOv/d12IWj4wCpU E3nfWYj2tP1D2BAcALZvtuuh1nkK8hUIel4gSelm6Fe0IgFT+zdNKDx536Ys5IxvW42x BWBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=/rdALwUadZXmxfor2JUdtY0bd5+UvY1uHb6gGVUhnJY=; fh=dwnf3PiLoNuxEmlEQqfoWYSFcsr4isZMqOMz5uUNloE=; b=axtzPmw7D3jSPPJKD9X7NglrNx0QkJCkL5pSXfoi/YIRbsPXx3GbkjKveL9/liWlIU zyAr+9/KyURzioqxQisux6B0fBowrBSeoTIoyQK+vYowvT0BAQlrk+vuM6R80Lbr4TNu XCPAk2v+O76a5ahPTsK3xU6Dw4QI5B2QeQJGLhjt/auBUY6oW5jrV79dZvvue9oNtCGA TR5S0JBw9jAH0ZUtAxnlF5Z866OP3HHVWdNkmBjx4ZBZcC93XAfr6RwD9qDE3dVd2DOb Ssg6i/jGwBwUD/PIeJrJRA3YKDUKG/Nh2ZMGv6q01/C2bjYXFMlaQU66A+wgkSW7Ychp CyCA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=RVhwFQDG; spf=pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1325885-20240710123110c520430a7c39b3a990-KNt9nB@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-367cdf9f8c7si83200f8f.3.2024.07.10.05.31.13 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jul 2024 05:31:13 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20240710123110c520430a7c39b3a990 for ; Wed, 10 Jul 2024 14:31:13 +0200 X-Patchwork-Original-From: "'Rakesh Kumar' via isar-users" From: Rakesh Kumar To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, cedric.hombourger@siemens.com, Rakesh Kumar Subject: [PATCH] initramfs: move fTPM and tee-supplicant initialization to local-top stage Date: Wed, 10 Jul 2024 18:00:46 +0530 Message-Id: <20240710123046.2174029-1-kumar.rakesh@siemens.com> In-Reply-To: References: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1325885:519-21489:flowmailer X-Original-Sender: kumar.rakesh@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=RVhwFQDG; spf=pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1325885-20240710123110c520430a7c39b3a990-KNt9nB@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Rakesh Kumar Reply-To: Rakesh Kumar Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= To ensure proper initialization of the fTPM and tee-supplicant services before the root filesystem is mounted, we are relocating their initialization to the local-top section of initramfs. This change ensures that the encrypted root filesystems are properly initialized and mounted before the local-bottom scripts run. Reason for local-top: * Early Initialization: The local-top scripts run before the root filesystem is mounted. This timing is essential for encrypted root filesystems since the decryption process must be completed before the filesystem can be accessed. * Dependency Handling: The encryption setup requires initializing dependencies such as fTPM (firmware Trusted Platform Module) devices. Performing these tasks early in the boot process ensures that all necessary components are in place before the root filesystem is mounted. Signed-off-by: Rakesh Kumar --- .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb | 4 ++-- .../initramfs-tee-supplicant-hook_0.1.bb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb index db38e618..82fec1bb 100644 --- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb +++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools" do_install[cleandirs] += " \ ${D}/usr/share/initramfs-tools/hooks \ - ${D}/usr/share/initramfs-tools/scripts/local-bottom" + ${D}/usr/share/initramfs-tools/scripts/local-top" do_install() { install -m 0755 "${WORKDIR}/tee-ftpm.hook" \ "${D}/usr/share/initramfs-tools/hooks/tee-ftpm" install -m 0755 "${WORKDIR}/tee-ftpm.script" \ - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm" + "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm" } diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb index 3768b8e0..a7a19bee 100644 --- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb +++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, procps" do_install[cleandirs] += " \ ${D}/usr/share/initramfs-tools/hooks \ - ${D}/usr/share/initramfs-tools/scripts/local-bottom" + ${D}/usr/share/initramfs-tools/scripts/local-top" do_install() { install -m 0755 "${WORKDIR}/tee-supplicant.hook" \ "${D}/usr/share/initramfs-tools/hooks/tee-supplicant" install -m 0755 "${WORKDIR}/tee-supplicant.script" \ - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant" + "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant" }