From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 10 Jul 2024 08:31:31 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f61.google.com (mail-qv1-f61.google.com [209.85.219.61]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46A6VU59009315 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 10 Jul 2024 08:31:30 +0200 Received: by mail-qv1-f61.google.com with SMTP id 6a1803df08f44-6b61dbb0005sf20400976d6.2 for ; Tue, 09 Jul 2024 23:31:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1720593084; cv=pass; d=google.com; s=arc-20160816; b=qGq/RNavOZNZSdfdLcBmPFCwUAu6bhktKtAZvQQBuk6pfqOZLAhEdmJNuJH7ezEWmL vUg1xDHapdfVVeqnXNYxx8Zv6aFAns81UlsQ+D+i4iSP/yrsOyEmdOjL950rk7Q4s+/w DPjcKFPEZxvpX60IT6TonzEEgzzfcYnRsjj/YpeW4bV3AytU5G0ZGrOW5+/qGjx8z+yG qvyOCC6OLqdn5d82HYeWFSqkMc6dhsLw9e1jmAioaxqhmCCZVBT4MldkREotQ7EHu3j1 gOAZQyYYIUIf7/26LaCfoopHcgOQfOhTy5P3/XYMRyIz96vzQgvUXMBJRLZdJhv5N33Z t2rQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Ez2lZ+BCihnVkwW0YPrv+rhH5vF09a92BjbuA/2rZ84=; fh=kp+ZiEuEb+oSLEMOdtq1vgsQ3+ivwBA0538wjrXJdwc=; b=GKnedCZZ0vdFV+zjfZ9ME5UiMPTv6iXJLavdYlKsvFFnASi4SwFhUQ4JiouyTdnl4f yxMoFqPweb7HDex2HAzVU2ZPoT7vBEighZoss+0gr0VcGMJVscWj3xxwmpmWvrKgKriF 54m1ftmbK+rLZzd8ZzOFBX0Lm9lmUPhi2At05Lh7q3q8odGf4OQNQ5WADLR8EsWXqZKY SwYUigoizP26iDR6vxcANUFu0FKojz3Cg3+mgdRrit68kDFYJ6NQSD103ywIxgGYYoOl DkiYeapnQet752eogIypvCsQaopS0kSDm+fY5DaaiQ6T0rarqFF19u99jIgaw3xjSOfc 576w==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=LUrgCYnM; spf=pass (google.com: domain of fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-1325885-2024071005350945a01f5ec5c609d46f-AkS9uE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1720593084; x=1721197884; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=Ez2lZ+BCihnVkwW0YPrv+rhH5vF09a92BjbuA/2rZ84=; b=BEtutix/WG4Quagf0IsZgkx/yrDMj2IOUtfIY4At5lob+YTDIDkubH4aki2RY1Zsnw 9qJscosQI5SnD9tfITO4PbfRvziOSJeobMdtL9+3IeAyU3D9OH/fCb7sNWdfFaRZTKgl janqZEA7dBRPfPfG8H9H5Ox+eHNPhLkz6jGEIkVim+xJ7roAk9ykREHlz0m/WKCrm+Z4 JA8QGVvl6KYQuF+Oxzxec0JM6I3L2040yelriThoh72W/bLU2kPtd0HdkFDFULjBlCaf Rwhk3npphfSmKgx2ZD9twgnLc5Umt84Xv5sf1QOVl8Yc2Ch1xWCaUEcfA/u+NnuBHSkF pQcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720593084; x=1721197884; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:message-id:date:subject:cc:to:from:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ez2lZ+BCihnVkwW0YPrv+rhH5vF09a92BjbuA/2rZ84=; b=OINltEVdJ8/qVHBbAR0jKvKrdFu8lAnHgJABzMHuZxMheem8R3Qt7/YzsCvWOVesv2 Qtw+e8sZ/SwwqUjCqI/O9nCqI5Jc+og2aYGbp5L25O/vbpxNRLSaJ9+GGpDU9ZY+GI8t SNh4/u22GZ+K6kll/pPAdvlyiCM9Df4370hIHWNa/q8ixlQLQOTMFXI6xFWMeXbiKjg7 UPyGmNXvdjQQjsftHKk8G364FoXtDkJSclRHmOktATosdLEu1u04oVhkpWUWGOJrgG6U oluY65dzG8JmIO/uvbuCBJfmPFOldzZgjzkFe12lq3C1aTcymQ614D2hzaSpWbdDmNlM N6TQ== X-Forwarded-Encrypted: i=2; AJvYcCVzaHGcuZ2dKN5bM32KLXS91lKulJno2vM+rpGJsjQNNcDWAJoljHts/vUBv1XgHKmlNQTbkq2413Ikp0upLCg2IL4= X-Gm-Message-State: AOJu0YzHexYFl06YJ8WhZpSOLq7fA5cV6UHF7WHlrcjTR3hK+As6PZ6X lk55eM3NoVohI7fmtSCoebpGu0WIaxpXkijo1ehwHcWv4GigTNyL X-Google-Smtp-Source: AGHT+IHGE3utKYHU+jXhewaKVV5sU8AORnh29QzYllEk71qe1Iiy5EacyzgOUnbUNqs7iFzqWoCktw== X-Received: by 2002:a05:6214:401c:b0:6b5:e77b:b785 with SMTP id 6a1803df08f44-6b61c1c7d32mr62405786d6.48.1720593084333; Tue, 09 Jul 2024 23:31:24 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6214:4114:b0:6b0:7d67:d552 with SMTP id 6a1803df08f44-6b5ea788b27ls141484396d6.2.-pod-prod-00-us; Tue, 09 Jul 2024 23:31:24 -0700 (PDT) X-Received: by 2002:a05:6214:1308:b0:6b5:d9ad:43d6 with SMTP id 6a1803df08f44-6b61dae4dfdmr708356d6.5.1720593084018; Tue, 09 Jul 2024 23:31:24 -0700 (PDT) Received: by 2002:a05:620a:3d0e:b0:79c:bd3:58c5 with SMTP id af79cd13be357-79f834e871fms85a; Tue, 9 Jul 2024 22:35:12 -0700 (PDT) X-Received: by 2002:a05:6512:3e09:b0:52c:e1cd:39b7 with SMTP id 2adb3069b0e04-52eb9990b0dmr3659091e87.5.1720589710217; Tue, 09 Jul 2024 22:35:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1720589710; cv=none; d=google.com; s=arc-20160816; b=zuLjbc1KpuoMjHl9Mbak0mDR69/eSwdwLw8X67RtpJNsq6/lJNEx9tyrpfoTu7e80W X4xI8Vpsty7pf1yUDY/YG58GKplfU30N+wSf+T8oUnHe0jAj3op3MD1FWYb9BFdpRxpx 784sBQRTOElmTabpeFv6OpEDZeunq6r8tKIZlBx3PUwN3fD7tNs6Na7pFYhswxmAgA9F vJgYxRHHvxM0ME0Lp481SjHAFlvo7izQ95js5tYzXtoHzbWfn8qP93/35tGy+6VuQ5j3 44SMLQYCaVhrIp1rHrAAHyJpQMyfNn4C7RM9qTQG15tpIXSaBcfbADdinmWgi5zEpstL oioQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:message-id:date :subject:cc:to:from:dkim-signature; bh=6fYqQ63imSaHrxKRIQo8yyGcYXCaxDHzcbgAEFJ7664=; fh=dwnf3PiLoNuxEmlEQqfoWYSFcsr4isZMqOMz5uUNloE=; b=a8+nxY5MIiZvNoVwQk4NG575VdLkYekfLABrUb9ZAX8Xv6IHrzXvFOJ8ojLxR6Vh4V egDkw6dEczg+KzYzlgHuKTUudCm+FJrSK19tG4WZZDwYKX7Lz0g8GDKoZxzyCdUBAFH5 o8gn9oj4mJnweIxTG90ZENpToDmMrB7JZNPj8ydhTQen+q/DpjZxWtg5CwTYMZ06uywg 6BedQXxED4SlQFghVzeNA/HHlLeIK/esnPTCuRmQplzrt+1YTswCR8h/j9jc/AwcaJFv SUY6McUnllAFDNyVaQOsidIdhYws++oi6VxL5xcNWpyLN6xTnkygupVbIZvMrSzwsjXx s0xA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=LUrgCYnM; spf=pass (google.com: domain of fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-1325885-2024071005350945a01f5ec5c609d46f-AkS9uE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net. [185.136.65.226]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-4266f736460si700375e9.2.2024.07.09.22.35.10 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2024 22:35:10 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226; Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 2024071005350945a01f5ec5c609d46f for ; Wed, 10 Jul 2024 07:35:09 +0200 From: "'Rakesh Kumar' via isar-users" To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, cedric.hombourger@siemens.com, Rakesh Kumar Subject: [PATCH] initramfs: move fTPM and tee-supplicant initialization to local-top stage Date: Wed, 10 Jul 2024 11:03:35 +0530 Message-Id: <20240710053335.2163596-1-kumar.rakesh@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1325885:519-21489:flowmailer X-Original-Sender: kumar.rakesh@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=LUrgCYnM; spf=pass (google.com: domain of fm-1325885-2024071005350945a01f5ec5c609d46f-aks9ue@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-1325885-2024071005350945a01f5ec5c609d46f-AkS9uE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Rakesh Kumar Reply-To: Rakesh Kumar Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: f5k7MTatJtZG To ensure proper initialization of the fTPM and tee-supplicant services before the root filesystem is mounted, we are relocating their initialization to the local-top section of initramfs. This change ensures that the encrypted filesystems are properly initialized and ready for use before the root filesystem is mounted at local-bottom stage. Reason for local-top: * Early Initialization: The local-top scripts run before the root filesystem is mounted. This timing is essential for encrypted root filesystems since the decryption process must be completed before the filesystem can be accessed. * Dependency Handling: The encryption setup requires initializing dependencies such as fTPM (firmware Trusted Platform Module) devices. Performing these tasks early in the boot process ensures that all necessary components are in place before the root filesystem is mounted. Signed-off-by: Rakesh Kumar --- .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb | 4 ++-- .../initramfs-tee-supplicant-hook_0.1.bb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb index db38e618..82fec1bb 100644 --- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb +++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools" do_install[cleandirs] += " \ ${D}/usr/share/initramfs-tools/hooks \ - ${D}/usr/share/initramfs-tools/scripts/local-bottom" + ${D}/usr/share/initramfs-tools/scripts/local-top" do_install() { install -m 0755 "${WORKDIR}/tee-ftpm.hook" \ "${D}/usr/share/initramfs-tools/hooks/tee-ftpm" install -m 0755 "${WORKDIR}/tee-ftpm.script" \ - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm" + "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm" } diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb index 3768b8e0..a7a19bee 100644 --- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb +++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, procps" do_install[cleandirs] += " \ ${D}/usr/share/initramfs-tools/hooks \ - ${D}/usr/share/initramfs-tools/scripts/local-bottom" + ${D}/usr/share/initramfs-tools/scripts/local-top" do_install() { install -m 0755 "${WORKDIR}/tee-supplicant.hook" \ "${D}/usr/share/initramfs-tools/hooks/tee-supplicant" install -m 0755 "${WORKDIR}/tee-supplicant.script" \ - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant" + "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant" } -- 2.39.2 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/20240710053335.2163596-1-kumar.rakesh%40siemens.com.