Sure Uladzimir, I will take care of that going forward. thanks! Regards, Rakesh On Monday, July 22, 2024 at 2:22:35 PM UTC+5:30 Uladzimir Bely wrote: > On Mon, 2024-07-22 at 05:43 +0000, 'Kumar, Rakesh' via isar-users > wrote: > > Hi all, > > > > Any updates on this patch. > > > > If this patch needs any correction/improvement then please give your > > inputs on this. > > > > We are going to check the patch in CI and merge as usually. A delay in > testing is due, among other things, to the lack of "v2" suffix in new > patch version. So, in e-mail hierarchy it still looks like first > version of the patch under discussion. Please further use "v2", "v3... > when sending new versions of the patches. > > > > Regards, > > Rakesh > > > > -----Original Message----- > > From: Kiszka, Jan (T CED) > > Sent: 10 July 2024 16:51 > > To: Kumar, Rakesh (DI CTO FDS CES LX PBU 1) > > ; isar-...@googlegroups.com; Gylstorff, > > Quirin (T CED OES-DE) > > Cc: Hombourger, Cedric (DI CTO FDS CES LX) > > > > Subject: Re: [PATCH] initramfs: move fTPM and tee-supplicant > > initialization to local-top stage > > > > On 10.07.24 07:33, Rakesh Kumar wrote: > > > To ensure proper initialization of the fTPM and tee-supplicant > > > services before the root filesystem is mounted, we are relocating > > > their initialization to the local-top section of initramfs. This > > > change ensures that the encrypted filesystems are properly > > > initialized > > > and ready for use before the root filesystem is mounted at local- > > > bottom stage. > > > > Close but not fully correct: The rootfs is mounted AFTER the top > > stage and BEFORE bottom. > > > > > > > > Reason for local-top: > > > > > > * Early Initialization: The local-top scripts run before the root > > > filesystem is mounted. > > > This timing is essential for encrypted root filesystems since the > > > decryption process must be > > > completed before the filesystem can be accessed. > > > > > > * Dependency Handling: The encryption setup requires initializing > > > dependencies such as > > > fTPM (firmware Trusted Platform Module) devices. Performing these > > > tasks early in the boot process > > > ensures that all necessary components are in place before the > > > root filesystem is mounted. > > > > This will still need some isar-cip-core patch in order to add a > > PREREQ on fTPM if a concrete target using fTPM for disk encryption. > > But Quirin just had another idea, leaving the stage to him now. :) > > > > Jan > > > > > > > > Signed-off-by: Rakesh Kumar > > > --- > > > .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb | 4 > > > ++-- > > > .../initramfs-tee-supplicant-hook_0.1.bb | 4 > > > ++-- > > > 2 files changed, 4 insertions(+), 4 deletions(-) > > > > > > diff --git > > > a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > > ftpm-ho > > > ok_0.1.bb > > > b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > > ftpm-ho > > > ok_0.1.bb > > > index db38e618..82fec1bb 100644 > > > --- > > > a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > > ftpm-ho > > > ok_0.1.bb > > > +++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > > ftp > > > +++ m-hook_0.1.bb > > > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools" > > > > > > do_install[cleandirs] += " \ > > > ${D}/usr/share/initramfs-tools/hooks \ > > > - ${D}/usr/share/initramfs-tools/scripts/local-bottom" > > > + ${D}/usr/share/initramfs-tools/scripts/local-top" > > > > > > do_install() { > > > install -m 0755 "${WORKDIR}/tee-ftpm.hook" \ > > > "${D}/usr/share/initramfs-tools/hooks/tee-ftpm" > > > install -m 0755 "${WORKDIR}/tee-ftpm.script" \ > > > - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee- > > > ftpm" > > > + "${D}/usr/share/initramfs-tools/scripts/local-top/tee- > > > ftpm" > > > } > > > diff --git > > > a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > > > tee-s > > > upplicant-hook_0.1.bb > > > b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > > > tee-s > > > upplicant-hook_0.1.bb > > > index 3768b8e0..a7a19bee 100644 > > > --- > > > a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > > > tee-s > > > upplicant-hook_0.1.bb > > > +++ b/meta/recipes-initramfs/initramfs-tee-supplicant- > > > hook/initramfs-t > > > +++ ee-supplicant-hook_0.1.bb > > > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee- > > > supplicant, procps" > > > > > > do_install[cleandirs] += " \ > > > ${D}/usr/share/initramfs-tools/hooks \ > > > - ${D}/usr/share/initramfs-tools/scripts/local-bottom" > > > + ${D}/usr/share/initramfs-tools/scripts/local-top" > > > > > > do_install() { > > > install -m 0755 "${WORKDIR}/tee-supplicant.hook" \ > > > "${D}/usr/share/initramfs-tools/hooks/tee-supplicant" > > > install -m 0755 "${WORKDIR}/tee-supplicant.script" \ > > > - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee- > > > supplicant" > > > + "${D}/usr/share/initramfs-tools/scripts/local-top/tee- > > > supplicant" > > > } > > > > -- > > Siemens AG, Technology > > Linux Expert Center > > > > -- > Best regards, > Uladzimir. > > > > -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/1520ebfe-5e48-4866-b4be-c9090a17e1fcn%40googlegroups.com.