From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <isar-users+bncBDRNBJOPTENRBE76XG2AMGQEBIACEXY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Wed, 10 Jul 2024 14:31:22 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-wm1-f55.google.com (mail-wm1-f55.google.com [209.85.128.55])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46ACVLWP010730
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iua@isar-build.org>; Wed, 10 Jul 2024 14:31:22 +0200
Received: by mail-wm1-f55.google.com with SMTP id 5b1f17b1804b1-42725ec6e0asf9752095e9.0
        for <iua@isar-build.org>; Wed, 10 Jul 2024 05:31:22 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1720614676; cv=pass;
        d=google.com; s=arc-20160816;
        b=vDaQEhMUSjPVk8Kry87MeD6zChmZvXi11dOK79QVDfLrWX+znGpeqOwhBv248ZtpCa
         UNDI0MabTDru72yiVk/ObtqvvtWKIKhrUCSVVmzKZJ2C3kzZRMG53jbFKJnhea+6qXL7
         2iP+QLKF1awvTebuu2+VJnDE4+L4pxuXzbitDpGcZ1/ILSwuU20ccOZsWbI3wKWLM7X1
         O0VpGcAr98+at4m/aiX2VhXJmd0efyIvwxSzkKNmCIuFoNJ3Wj6eKtqaB1J4qe8XpLWF
         uFYH8rEnMAJ1Hbo67/l4k/HDqpHk1hePBrf2kBAr3/17PoXyxvta2gK6bjWJHnUVBVmx
         lhuA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=0wJZso9AYaUFdIatd6HqrL2jojq+xdW1KHGdMPfGmdY=;
        fh=k8Wacl+oS+cstApDGscvDR+enVJa/CFNA/D1ITiSPJM=;
        b=HK9Cgsnhm7qz6kFUsLZcgSxM5rRf75e0g4uu6Kk2x+2nBU4WmUXBZYkKT86MCAvoaS
         5IdohWBU/AcSQQTLaNLN4DkUnG2gOeGlpqbwXUBLQJ/CW12Pje8Fmm0LlsV9VZqMNapV
         WVPpRPGqVf5OVeDZSL/yUtkhrPd7oKsN7Rt5ks54VtVGfvQypL833kUHfL6XyXgSUwFq
         rRPgWZw8r7/5PqHfyV0T1M1pILFwXKOrKL4hcGRZisr/LC63RgE8g4TSWB2MwB/0azVq
         ze7D6zIOUu3NXdUznAlf9vQpTdnCNISDMLbAUf+4fr9aSQ2GRshP7PblXkKSYzcW8w9q
         v+gQ==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=RVhwFQDG;
       spf=pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1325885-20240710123110c520430a7c39b3a990-KNt9nB@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1720614676; x=1721219476; darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=0wJZso9AYaUFdIatd6HqrL2jojq+xdW1KHGdMPfGmdY=;
        b=HeKkeX+x3OB4vYGF4RcpujFdklVA2mtkeaVH98AMg0Ut8PYGn3URTHIPAEAX+spawD
         oVGdstzMfAjfzZCOAJniw0aQIs4D15ncsEcrniA/k0rqxuvfabOZxFVvqV4hGZ6wDYCR
         cF2udx5TgqIQoPeRkIni3XXHha+lcj44WdMvLF8/oo7ZAWjzqwmDfbH6cW/fAcE7cdlB
         HXQRdb/wPJjyNaoCZOA47gs55pDEzQ5si8jAtM9GuHNVxyR2xrnv+/4030anYgiQGSWr
         z4ReAr/pTUCm6l/V1l+E+/G4uBCcZQyWf9j52HCF02n9u52j0dTDb7HsDgdyMUX/hqhV
         jtAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1720614676; x=1721219476;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=0wJZso9AYaUFdIatd6HqrL2jojq+xdW1KHGdMPfGmdY=;
        b=iNTBrxAcqKUHGqF6AGyGpvhIEDokGJtyYzlBqkDpoT33qoqyd56uQDq4S7l/Z6tyvu
         0REg/oor+Q2+SNb3l8c5LKuzZRfWuu3A1zEEW2LZq5MPL4qOZIfnXEmEYTt0MKPImqis
         phbav2A5Nf2Mr4RN2wy0YWhAW7wXvTm7LWHAGdQ+FZdYSGg/i3ZBa9+zbAnssjxGBul/
         c5Ls05q77E72JGRmTr02y2nPqCpdro62cimqBdHntFUN8qZhDsIFGrNu1E6EOQtHqjlw
         3R5obaoXN71TLK1Eyxzjd6NKZUMlhPo2q8ca89vrOXzBls1NQic0g18U/5txNfMCSPvo
         ZUvw==
X-Forwarded-Encrypted: i=2; AJvYcCV6VYjzK0B94feltltvf5fTVMu8d+ZKSQUFZhvYQr3fr5T95cYiEHreJfLNS8/TKE+bBzw2tx4jqnWgoUEKLKRuINA=
X-Gm-Message-State: AOJu0YyZ2pxSSWUt4rII95rFcoxWskvVPtXdkGXR9EUVGVgL+1qgdxrY
	VUHIpxNFkBNXhYaArJbQuARxW7GKlOLzlyQsnLNHjXEha2s8/8Y4
X-Google-Smtp-Source: AGHT+IFqoevIOpzjviGpw8Kita2TjUKk+VmHFCvLBOcgwoe6/DiPfG60Q0/KKrfQcUqnwj9fa2VrAA==
X-Received: by 2002:a05:600c:2303:b0:426:5d43:e41d with SMTP id 5b1f17b1804b1-426707d799cmr36203775e9.18.1720614675858;
        Wed, 10 Jul 2024 05:31:15 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:600c:4754:b0:424:ad28:5291 with SMTP id
 5b1f17b1804b1-42649aa7e6fls27209585e9.2.-pod-prod-02-eu; Wed, 10 Jul 2024
 05:31:14 -0700 (PDT)
X-Received: by 2002:a5d:568b:0:b0:367:94f7:1fdc with SMTP id ffacd0b85a97d-367cea96246mr3288771f8f.40.1720614673951;
        Wed, 10 Jul 2024 05:31:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720614673; cv=none;
        d=google.com; s=arc-20160816;
        b=coqFK0oMAnvuHFtCT9HzI/EGH+ueu1+jwPIPl+IzazcWJhn+Z19w6liq6zD3UhTPcw
         06+Zt08De3PdwqYw85rAWIgbL61/JCmUdWe2BPAQ1EUhQ4GtxqauZgmeN2D7calrO9f0
         X3I0AxnIEGiEkRvcN6QW8jqKbNN/FiV+5Etx7aCCzBtmJcIdiAOIUDZ8gphWN0odxmAU
         1+M47+XhWWkrNdibEv4kl9919vRK2ZqtZU6rju6dsjXPeQOAED+tJOOv/d12IWj4wCpU
         E3nfWYj2tP1D2BAcALZvtuuh1nkK8hUIel4gSelm6Fe0IgFT+zdNKDx536Ys5IxvW42x
         BWBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:content-transfer-encoding:mime-version:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
        bh=/rdALwUadZXmxfor2JUdtY0bd5+UvY1uHb6gGVUhnJY=;
        fh=dwnf3PiLoNuxEmlEQqfoWYSFcsr4isZMqOMz5uUNloE=;
        b=axtzPmw7D3jSPPJKD9X7NglrNx0QkJCkL5pSXfoi/YIRbsPXx3GbkjKveL9/liWlIU
         zyAr+9/KyURzioqxQisux6B0fBowrBSeoTIoyQK+vYowvT0BAQlrk+vuM6R80Lbr4TNu
         XCPAk2v+O76a5ahPTsK3xU6Dw4QI5B2QeQJGLhjt/auBUY6oW5jrV79dZvvue9oNtCGA
         TR5S0JBw9jAH0ZUtAxnlF5Z866OP3HHVWdNkmBjx4ZBZcC93XAfr6RwD9qDE3dVd2DOb
         Ssg6i/jGwBwUD/PIeJrJRA3YKDUKG/Nh2ZMGv6q01/C2bjYXFMlaQU66A+wgkSW7Ychp
         CyCA==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm2 header.b=RVhwFQDG;
       spf=pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1325885-20240710123110c520430a7c39b3a990-KNt9nB@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225])
        by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-367cdf9f8c7si83200f8f.3.2024.07.10.05.31.13
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 10 Jul 2024 05:31:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225;
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20240710123110c520430a7c39b3a990
        for <isar-users@googlegroups.com>;
        Wed, 10 Jul 2024 14:31:13 +0200
From: "'Rakesh Kumar' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, cedric.hombourger@siemens.com,
        Rakesh Kumar <kumar.rakesh@siemens.com>
Subject: [PATCH] initramfs: move fTPM and tee-supplicant initialization to local-top stage
Date: Wed, 10 Jul 2024 18:00:46 +0530
Message-Id: <20240710123046.2174029-1-kumar.rakesh@siemens.com>
In-Reply-To: <fa89edf3-30be-4692-baa1-9c69876c96d4@siemens.com>
References: <fa89edf3-30be-4692-baa1-9c69876c96d4@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1325885:519-21489:flowmailer
X-Original-Sender: kumar.rakesh@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm2 header.b=RVhwFQDG;       spf=pass
 (google.com: domain of fm-1325885-20240710123110c520430a7c39b3a990-knt9nb@rts-flowmailer.siemens.com
 designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1325885-20240710123110c520430a7c39b3a990-KNt9nB@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Rakesh Kumar <kumar.rakesh@siemens.com>
Reply-To: Rakesh Kumar <kumar.rakesh@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: list
Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>, <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>, <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,
	SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: 1nakpZg32FUw

To ensure proper initialization of the fTPM and tee-supplicant services before
the root filesystem is mounted, we are relocating their initialization to the
local-top section of initramfs. This change ensures that the encrypted root filesystems
are properly initialized and mounted before the local-bottom scripts run.

Reason for local-top:

* Early Initialization: The local-top scripts run before the root filesystem is mounted.
  This timing is essential for encrypted root filesystems since the decryption process must be
  completed before the filesystem can be accessed.

* Dependency Handling: The encryption setup requires initializing dependencies such as
  fTPM (firmware Trusted Platform Module) devices. Performing these tasks early in the boot process
  ensures that all necessary components are in place before the root filesystem is mounted.

Signed-off-by: Rakesh Kumar <kumar.rakesh@siemens.com>
---
 .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb    | 4 ++--
 .../initramfs-tee-supplicant-hook_0.1.bb                      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
index db38e618..82fec1bb 100644
--- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb
@@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools"
 
 do_install[cleandirs] += " \
     ${D}/usr/share/initramfs-tools/hooks \
-    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
     install -m 0755 "${WORKDIR}/tee-ftpm.hook" \
         "${D}/usr/share/initramfs-tools/hooks/tee-ftpm"
     install -m 0755 "${WORKDIR}/tee-ftpm.script" \
-        "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm"
+        "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm"
 }
diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
index 3768b8e0..a7a19bee 100644
--- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
+++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant-hook_0.1.bb
@@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, procps"
 
 do_install[cleandirs] += " \
     ${D}/usr/share/initramfs-tools/hooks \
-    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
     install -m 0755 "${WORKDIR}/tee-supplicant.hook" \
         "${D}/usr/share/initramfs-tools/hooks/tee-supplicant"
     install -m 0755 "${WORKDIR}/tee-supplicant.script" \
-        "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant"
+        "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant"
 }
-- 
2.39.2

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/20240710123046.2174029-1-kumar.rakesh%40siemens.com.