From: "'Rakesh Kumar' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, cedric.hombourger@siemens.com,
Rakesh Kumar <kumar.rakesh@siemens.com>
Subject: [PATCH] initramfs: move fTPM and tee-supplicant initialization to local-top stage
Date: Wed, 10 Jul 2024 18:00:46 +0530 [thread overview]
Message-ID: <20240710123046.2174029-1-kumar.rakesh@siemens.com> (raw)
In-Reply-To: <fa89edf3-30be-4692-baa1-9c69876c96d4@siemens.com>
To ensure proper initialization of the fTPM and tee-supplicant services before
the root filesystem is mounted, we are relocating their initialization to the
local-top section of initramfs. This change ensures that the encrypted root filesystems
are properly initialized and mounted before the local-bottom scripts run.
Reason for local-top:
* Early Initialization: The local-top scripts run before the root filesystem is mounted.
This timing is essential for encrypted root filesystems since the decryption process must be
completed before the filesystem can be accessed.
* Dependency Handling: The encryption setup requires initializing dependencies such as
fTPM (firmware Trusted Platform Module) devices. Performing these tasks early in the boot process
ensures that all necessary components are in place before the root filesystem is mounted.
Signed-off-by: Rakesh Kumar <kumar.rakesh@siemens.com>
---
.../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb | 4 ++--
.../initramfs-tee-supplicant-hook_0.1.bb | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
index db38e618..82fec1bb 100644
--- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
@@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools"
do_install[cleandirs] += " \
${D}/usr/share/initramfs-tools/hooks \
- ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+ ${D}/usr/share/initramfs-tools/scripts/local-top"
do_install() {
install -m 0755 "${WORKDIR}/tee-ftpm.hook" \
"${D}/usr/share/initramfs-tools/hooks/tee-ftpm"
install -m 0755 "${WORKDIR}/tee-ftpm.script" \
- "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm"
+ "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm"
}
diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
index 3768b8e0..a7a19bee 100644
--- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
@@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, procps"
do_install[cleandirs] += " \
${D}/usr/share/initramfs-tools/hooks \
- ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+ ${D}/usr/share/initramfs-tools/scripts/local-top"
do_install() {
install -m 0755 "${WORKDIR}/tee-supplicant.hook" \
"${D}/usr/share/initramfs-tools/hooks/tee-supplicant"
install -m 0755 "${WORKDIR}/tee-supplicant.script" \
- "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant"
+ "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant"
}
--
2.39.2
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/20240710123046.2174029-1-kumar.rakesh%40siemens.com.
next prev parent reply other threads:[~2024-07-10 12:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-10 5:33 'Rakesh Kumar' via isar-users
2024-07-10 11:21 ` 'Jan Kiszka' via isar-users
2024-07-10 12:30 ` 'Rakesh Kumar' via isar-users [this message]
2024-07-10 12:39 ` Rakesh Kumar
2024-07-13 14:55 ` Rakesh Kumar
2024-07-22 5:43 ` 'Kumar, Rakesh' via isar-users
2024-07-22 8:52 ` Uladzimir Bely
2024-07-22 13:31 ` Rakesh Kumar
2024-07-23 7:37 ` Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240710123046.2174029-1-kumar.rakesh@siemens.com \
--to=isar-users@googlegroups.com \
--cc=cedric.hombourger@siemens.com \
--cc=jan.kiszka@siemens.com \
--cc=kumar.rakesh@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox