From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 22 Jul 2024 10:52:42 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f60.google.com (mail-wm1-f60.google.com [209.85.128.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46M8qfCE019473 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Jul 2024 10:52:41 +0200 Received: by mail-wm1-f60.google.com with SMTP id 5b1f17b1804b1-427a7a65e7dsf15481065e9.1 for ; Mon, 22 Jul 2024 01:52:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721638356; cv=pass; d=google.com; s=arc-20160816; b=gpwUJRTef4wGLvO417+PqlGKiohv8vYL3aSXG2G4ZTN46qaT9qj7Q1+fgOqtrZ3prN uYKzCPp/yD8C6bT2J23xueiTT/7lHbxlGZQ4BSM0Sxg6wHsapGbOQfrF5ZhhwKzH2/xj 1I8Epy1/fgvCIX332XtK/24KjaBZxCaOqrD45glkC+9iFcmjfWyHgMQ5vG0UorxEYK/r KvcEjZTcKTCjZ2LC67lELaF5yGZHaM6sjOsjO13wqllrnBOyBqtMPIXMUe8TnqfK+STp CiYtc8KewTXHKqRgMFrrFnXf8AA/C5kQ+ZOX5WAy0+yYpiPRKfgDcGCkFPjguMpKHC45 gw9g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:user-agent :content-transfer-encoding:autocrypt:references:in-reply-to:date:to :from:subject:message-id:sender:dkim-signature; bh=GmFSWzCKix9cCmpkhYpaTCfWj5C6bXVKTOxmGVVcGfY=; fh=VznQx7LGYE+IlUlPdvRKDLSeMvXkoR+gC/8cMXpnolk=; b=BRitka59yi3Usmg7IBqlqC89xQFw0tX+SY3X/p9cfxTKwspb7vCWCL7g4cKZifkw1U jX4bZfUwM4TAVhVYSolUYuOE1DKV5fjSZQPL8kZNWjBBznXLI+cwXJApDtkfulz16qWT lRYvmudhX+fAS+61Dk2cI6yu1bQ+lIkq/k0s1w2We9zM6XaAXAx9xcyH1Gm31Tc1HaT4 WqXvmmqrkHvMhv6TINBZqdnahF1O8ilZURgOQRAhDVRRSEScvWh4BSU6LWYmW5Ee5v0R D0rUu+8mfxI0jnABvrHXG1Efvu2+z2m9RoHtRGpFOUjD3vHYQPMv3VOPCtiNpxnSMYxV 8jPQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721638356; x=1722243156; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:user-agent:content-transfer-encoding :autocrypt:references:in-reply-to:date:to:from:subject:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=GmFSWzCKix9cCmpkhYpaTCfWj5C6bXVKTOxmGVVcGfY=; b=cK5griyZ/tjcMTjtX9WzrOLRZGe3l5y62AWUbAtn1XbJCIKqjSVRE5WLZs6FZG0qhk I3cxrMAXsORN5Kp1pEHOivtOp/Sn2zP7sEKzgZlBx4LI/HNGA+5AjXY/8huex/1nZZV5 ETCXmJaAypvBhggEQG9HgUmGfvqcOfa0UlSjFScqg1cHxqj8BdCvyEY2HptLHa4Ppjjp 0PcATJpJpX2Yfeq1MXHcdJnvH0Zu/QSRmsTq5ik4BCU/y6fhU7waH8opNhWdbzHdhf/r kajJAhPwSJ9ad5ycuWsF9e3a3zYFdnYDGNG77P6skGDhmQAZPp2ArqHypz99XJm5SHg3 FKSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721638356; x=1722243156; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :user-agent:content-transfer-encoding:autocrypt:references :in-reply-to:date:to:from:subject:message-id:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=GmFSWzCKix9cCmpkhYpaTCfWj5C6bXVKTOxmGVVcGfY=; b=LJ/1DdHB+jT96RdWED3asA/FfOh7UBNjxgF1KYE4h5i4ALfNDLCh/MkJbA7+gsUbHs WBP5MO4ouIK3Q6a4PD8mdoFvaNLrZ9ozBe+0gmh7+F2SnJwIPgn41Frez8IRri0ta9YS ulPzB5e3xL5OT8i0stMouLIjdLKQ5aVGkZe191lDhm6sNIsomLigpebJxFfoDVl3nhGo vBWlQZ3zm0ueOp+niId4g+Yv5G8a8nnaiwOAm+ht29RA+ke+p2Rmwuijvm+fIUw/z+Ja oJoUFt2opTntak8zAWfKiMwQudGnGZDNA4YwnVtSehVXBLU5v0vzxIMn+A1JKljyVi+0 m4Ow== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVPOXLN6IB0ukUfovtqKu0cig3q5nBxzQK1lEFoac9mWVc8NWusYu5e9eRNpL2E3Q1Z/RIsh4DZnN/avGoR9Qv0BBM= X-Gm-Message-State: AOJu0YxfQPeEobHxR6bgmCQukV05QNrCArlPisnKjnTAigvLgszMeKae KW8hgkt/8qTgNkpG9hEdegPx5MLpvgF/N/MAUO5lALPtISgoGX6H X-Google-Smtp-Source: AGHT+IFB7nOjbhHAZjEWdPi9sBhgQbtlmmV+OkqR4BdH/N+3Mgh+peZCrXi2oiQkoDVvCQqf1/C1Hg== X-Received: by 2002:a05:600c:3b0d:b0:426:618a:a092 with SMTP id 5b1f17b1804b1-427d2ac024cmr76061105e9.13.1721638355307; Mon, 22 Jul 2024 01:52:35 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:1c15:b0:426:ab3f:fafd with SMTP id 5b1f17b1804b1-427c83cbc97ls16468835e9.0.-pod-prod-00-eu; Mon, 22 Jul 2024 01:52:33 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW6DMHkmaS6ju0GGKMHRwJyprG+Gv6reYP8cFtOwdIAgyo9JqYndCO1jmR5YbsDNi8kOEaH2n1ntRuZRH06Z9bmgLN30C7fX9F6lDQ= X-Received: by 2002:a05:600c:1d21:b0:426:5e32:4857 with SMTP id 5b1f17b1804b1-427da7719f2mr50505225e9.0.1721638353384; Mon, 22 Jul 2024 01:52:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721638353; cv=none; d=google.com; s=arc-20160816; b=eB2VDXPgSQr22L0dHrIRinMkOZ3Vg7hUPmjIMPJNcyTMJjKgv8tv7e5kEDXtTSC1AW eoSkb+T1WOr1QaQ1FG6yO3IO2+3Xf8xCedNAlthSLCojkmERANg7s+JMRu2fVevXhp0l z77gmnCEDtPmvdNvikGArJfM4PN8524FneSnj3WNuhUNTxk2m+Bfw1SnIaByW+H3dw0d TjvJEAO5iTWVhzwDHN/gEREiGxCIK1fibC7WwW0+qYhU1ZX4z2yqDzNNpc7VLq/ko7CR XH/2kmlJgffFFe97H3Ri33oskV2j14zfJteeWP2wv70D5fMmhRHy1X1pV1I79qPHV+jm beEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id; bh=weonMRUidirittCgE2S1Wu+V/hj1RfyPSwgO36Mb3v0=; fh=Rbr0pZ9bOOGQ0W2wdLyiMBxJ/1niFM1ywCjwdrUw0f4=; b=Rc1x3bo5Y1QbjdtFQPQTeq4SR2eumZOv6sFWSFMpUk2IEYzU8THFvFckIxN/NGu21d QTRcqekqSzC2y9f++9wDNVjXfGneHqo3+/VLBAbIV7wxg+1nwxtkNxd2HLq6fG4Kojpo 48fNE7Q6S2sKce3V2D6MZd/Avm70O3jFNSRX5EH+Vl7Sv/mmselN8lOGK1N6QZDSKk5/ FsGUEolxHQw1CFq826ImuTgScXbVuruZG9rttEwIGTnRW1AYNESC7vL49wnu1i5u85NY qhZH65hJ6b2mVXixwQjAuS5nH8mEHNHM4Q5ogiw21QqVbxo9L3Z3ftxEhHbkFnN52IV7 5VZg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-427d2a7f7bcsi4312735e9.1.2024.07.22.01.52.33 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 22 Jul 2024 01:52:33 -0700 (PDT) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [IPv6:::1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 46M8qUk0019460 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 22 Jul 2024 10:52:31 +0200 Message-ID: <5a0e3e458a2e951d09b435c96e05bb0cd0f4c5e1.camel@ilbers.de> Subject: Re: [PATCH] initramfs: move fTPM and tee-supplicant initialization to local-top stage From: Uladzimir Bely To: "Kumar, Rakesh" , "Kiszka, Jan" , "isar-users@googlegroups.com" , "quirin.gylstorff@siemens.com" Date: Mon, 22 Jul 2024 11:52:30 +0300 In-Reply-To: References: <20240710053335.2163596-1-kumar.rakesh@siemens.com> Autocrypt: addr=ubely@ilbers.de; prefer-encrypt=mutual; keydata=mQENBGO2eUkBCACtT+T3OrPVSExBmqfgXT3lp9XcdxRzjYp26wezkgYjjBXaf36bxtaAf S471VoQtpar0RVeFfW7WDDdfX9ZclSj36zBQe+RVSJzoNoNQfjOXWuSHb5Z+cpAFtqBY4muxK4+ia IlLJd6CN3ejOsLHATtCeHHq8wi0z2T+KdLQO+wQRgo2hjj0Lp9pGTrKJry50HP/o7Vbdu14dOx2xq r8+wPc6SQbBIrcqaa4MqCQC00vQG7eXvo+k2MOw59FDdpMH0KR9mHgp3u/s4I+4YRBArukt9G9xz/ rsEFmxAIBC6N/a6Hzwg4puc91n7ABDsPg8Vp+X3MDraujN0dvR6OKVNtABEBAAG0IFVsYWR6aW1pc iBCZWx5IDx1YmVseUBpbGJlcnMuZGU+iQFOBBMBCAA4FiEEJqPNVhVGyk12Eh+PAUQYBM/2FkoFAm O2eUkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQAUQYBM/2FkprlAgAmuna8Hm9EyoEtTl DBGDg6Zm4ZLp5ffvZBE946h92jepDrteoxsJ7pSzJVC2HmDLa4iZUao7lLLbDsUj5x45/iLJcqBZK k3YnAxP2r6a+kI+1VVQY1pxdG1nlJAbdNzoojm/qmezNPSrqni61KVMQKsXBCWhIjSXDSM9CsBj21 a+9qaVqfxovJGTn9lgrZO+xzKQNMKZeOouJlscVuFj21P0ww3/YENiU/nMeTSuYypO76mDtAd08Jo nc3yuHa9MJGei5ixN3wT+IrGR2aL2hdw2M6NgH7sYbL2Zi4ugD6RXHJai1Bh2yvFSVqSQ+M6QOInT 4ud7wslm1XRB065dXtA== Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.2 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ubely@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: 5tZD6xrWhssG On Mon, 2024-07-22 at 05:43 +0000, 'Kumar, Rakesh' via isar-users wrote: > Hi all, >=20 > Any updates on this patch. >=20 > If this patch needs any correction/improvement then please give your > inputs on this. >=20 We are going to check the patch in CI and merge as usually. A delay in testing is due, among other things, to the lack of "v2" suffix in new patch version. So, in e-mail hierarchy it still looks like first version of the patch under discussion. Please further use "v2", "v3... when sending new versions of the patches. > Regards, > Rakesh >=20 > -----Original Message----- > From: Kiszka, Jan (T CED) =20 > Sent: 10 July 2024 16:51 > To: Kumar, Rakesh (DI CTO FDS CES LX PBU 1) > ; isar-users@googlegroups.com; Gylstorff, > Quirin (T CED OES-DE) > Cc: Hombourger, Cedric (DI CTO FDS CES LX) > > Subject: Re: [PATCH] initramfs: move fTPM and tee-supplicant > initialization to local-top stage >=20 > On 10.07.24 07:33, Rakesh Kumar wrote: > > To ensure proper initialization of the fTPM and tee-supplicant=20 > > services before the root filesystem is mounted, we are relocating=20 > > their initialization to the local-top section of initramfs. This=20 > > change ensures that the encrypted filesystems are properly > > initialized=20 > > and ready for use before the root filesystem is mounted at local- > > bottom stage. >=20 > Close but not fully correct: The rootfs is mounted AFTER the top > stage and BEFORE bottom. >=20 > >=20 > > Reason for local-top: > >=20 > > * Early Initialization: The local-top scripts run before the root > > filesystem is mounted. > > =C2=A0 This timing is essential for encrypted root filesystems since th= e > > decryption process must be > > =C2=A0 completed before the filesystem can be accessed. > >=20 > > * Dependency Handling: The encryption setup requires initializing > > dependencies such as > > =C2=A0 fTPM (firmware Trusted Platform Module) devices. Performing thes= e > > tasks early in the boot process > > =C2=A0 ensures that all necessary components are in place before the > > root filesystem is mounted. >=20 > This will still need some isar-cip-core patch in order to add a > PREREQ on fTPM if a concrete target using fTPM for disk encryption. > But Quirin just had another idea, leaving the stage to him now. :) >=20 > Jan >=20 > >=20 > > Signed-off-by: Rakesh Kumar > > --- > > =C2=A0.../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb=C2=A0= =C2=A0=C2=A0 | 4 > > ++-- > > =C2=A0.../initramfs-tee-supplicant-hook_0.1.bb=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 | 4 > > ++-- > > =C2=A02 files changed, 4 insertions(+), 4 deletions(-) > >=20 > > diff --git=20 > > a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > ftpm-ho > > ok_0.1.bb=20 > > b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > ftpm-ho > > ok_0.1.bb > > index db38e618..82fec1bb 100644 > > ---=20 > > a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > ftpm-ho > > ok_0.1.bb > > +++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > > ftp > > +++ m-hook_0.1.bb > > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS =3D "initramfs-tools" > > =C2=A0 > > =C2=A0do_install[cleandirs] +=3D " \ > > =C2=A0=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/hooks \ > > -=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-bottom= " > > +=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-top" > > =C2=A0 > > =C2=A0do_install() { > > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-ftpm.hook" \ > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initra= mfs-tools/hooks/tee-ftpm" > > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-ftpm.script" \ > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-t= ools/scripts/local-bottom/tee- > > ftpm" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-t= ools/scripts/local-top/tee- > > ftpm" > > =C2=A0} > > diff --git=20 > > a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > > tee-s > > upplicant-hook_0.1.bb=20 > > b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > > tee-s > > upplicant-hook_0.1.bb > > index 3768b8e0..a7a19bee 100644 > > ---=20 > > a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > > tee-s > > upplicant-hook_0.1.bb > > +++ b/meta/recipes-initramfs/initramfs-tee-supplicant- > > hook/initramfs-t > > +++ ee-supplicant-hook_0.1.bb > > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS =3D "initramfs-tools, tee- > > supplicant, procps" > > =C2=A0 > > =C2=A0do_install[cleandirs] +=3D " \ > > =C2=A0=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/hooks \ > > -=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-bottom= " > > +=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-top" > > =C2=A0 > > =C2=A0do_install() { > > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-supplicant.hoo= k" \ > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initra= mfs-tools/hooks/tee-supplicant" > > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-supplicant.scr= ipt" \ > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-t= ools/scripts/local-bottom/tee- > > supplicant" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-t= ools/scripts/local-top/tee- > > supplicant" > > =C2=A0} >=20 > -- > Siemens AG, Technology > Linux Expert Center >=20 --=20 Best regards, Uladzimir. --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= isar-users/5a0e3e458a2e951d09b435c96e05bb0cd0f4c5e1.camel%40ilbers.de.