Hi all, Any update on this patch? Rakesh On Wednesday, July 10, 2024 at 6:57:20 PM UTC+5:30 Rakesh Kumar wrote: > thanks, Jan Kiszka, for pointing that out! I have made the corrections > in git message now. > > > > > Regards, > Rakesh > > On Wednesday, July 10, 2024 at 4:51:11 PM UTC+5:30 Jan Kiszka wrote: > >> On 10.07.24 07:33, Rakesh Kumar wrote: >> > To ensure proper initialization of the fTPM and tee-supplicant services >> before >> > the root filesystem is mounted, we are relocating their initialization >> to the >> > local-top section of initramfs. This change ensures that the encrypted >> filesystems >> > are properly initialized and ready for use before the root filesystem >> is mounted at >> > local-bottom stage. >> >> Close but not fully correct: The rootfs is mounted AFTER the top stage >> and BEFORE bottom. >> >> > >> > Reason for local-top: >> > >> > * Early Initialization: The local-top scripts run before the root >> filesystem is mounted. >> > This timing is essential for encrypted root filesystems since the >> decryption process must be >> > completed before the filesystem can be accessed. >> > >> > * Dependency Handling: The encryption setup requires initializing >> dependencies such as >> > fTPM (firmware Trusted Platform Module) devices. Performing these tasks >> early in the boot process >> > ensures that all necessary components are in place before the root >> filesystem is mounted. >> >> This will still need some isar-cip-core patch in order to add a PREREQ >> on fTPM if a concrete target using fTPM for disk encryption. But Quirin >> just had another idea, leaving the stage to him now. :) >> >> Jan >> >> > >> > Signed-off-by: Rakesh Kumar >> > --- >> > .../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb | 4 ++-- >> > .../initramfs-tee-supplicant-hook_0.1.bb | 4 ++-- >> > 2 files changed, 4 insertions(+), 4 deletions(-) >> > >> > diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/ >> initramfs-tee-ftpm-hook_0.1.bb >> b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/ >> initramfs-tee-ftpm-hook_0.1.bb >> > index db38e618..82fec1bb 100644 >> > --- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/ >> initramfs-tee-ftpm-hook_0.1.bb >> > +++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/ >> initramfs-tee-ftpm-hook_0.1.bb >> > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools" >> > >> > do_install[cleandirs] += " \ >> > ${D}/usr/share/initramfs-tools/hooks \ >> > - ${D}/usr/share/initramfs-tools/scripts/local-bottom" >> > + ${D}/usr/share/initramfs-tools/scripts/local-top" >> > >> > do_install() { >> > install -m 0755 "${WORKDIR}/tee-ftpm.hook" \ >> > "${D}/usr/share/initramfs-tools/hooks/tee-ftpm" >> > install -m 0755 "${WORKDIR}/tee-ftpm.script" \ >> > - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-ftpm" >> > + "${D}/usr/share/initramfs-tools/scripts/local-top/tee-ftpm" >> > } >> > diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/ >> initramfs-tee-supplicant-hook_0.1.bb >> b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/ >> initramfs-tee-supplicant-hook_0.1.bb >> > index 3768b8e0..a7a19bee 100644 >> > --- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/ >> initramfs-tee-supplicant-hook_0.1.bb >> > +++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/ >> initramfs-tee-supplicant-hook_0.1.bb >> > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS = "initramfs-tools, tee-supplicant, >> procps" >> > >> > do_install[cleandirs] += " \ >> > ${D}/usr/share/initramfs-tools/hooks \ >> > - ${D}/usr/share/initramfs-tools/scripts/local-bottom" >> > + ${D}/usr/share/initramfs-tools/scripts/local-top" >> > >> > do_install() { >> > install -m 0755 "${WORKDIR}/tee-supplicant.hook" \ >> > "${D}/usr/share/initramfs-tools/hooks/tee-supplicant" >> > install -m 0755 "${WORKDIR}/tee-supplicant.script" \ >> > - "${D}/usr/share/initramfs-tools/scripts/local-bottom/tee-supplicant" >> > + "${D}/usr/share/initramfs-tools/scripts/local-top/tee-supplicant" >> > } >> >> -- >> Siemens AG, Technology >> Linux Expert Center >> >> -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/isar-users/70361b22-2139-4644-9946-c0e7c482f767n%40googlegroups.com.