From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 23 Jul 2024 09:37:48 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f192.google.com (mail-lj1-f192.google.com [209.85.208.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 46N7bddG025214 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 23 Jul 2024 09:37:39 +0200 Received: by mail-lj1-f192.google.com with SMTP id 38308e7fff4ca-2ef2e57fb7csf23601671fa.1 for ; Tue, 23 Jul 2024 00:37:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721720254; cv=pass; d=google.com; s=arc-20160816; b=Qg74ye1TVr1Uj30gSK9gulEcB/APwGwqnFSznZt2kyHUaYnaoS64QXirBE+6AR2qKr XTaSvACbC3IQcfciT6uyqgqtvTMX/+FT1Rjo3zpSnhIVEcwu8ayXtgi1d+8nB8H9r4JB EGEzgyQknuhRnGnHhpC7TuK0wvAPbHorq0dKqwuAA++JAzsaDvBZ3GL+rSwTn+jtTLtZ vrsbDvrEcWjMGD6b5m4K4Wpw3zbURdc+axj4UIEPiLQt/OFcjAfLrpOXlLRxBaJu9M7o xCHx6bNawYC/SswyNpgT1M+1AGslboxhHr4lFwIYVhNrWMdK8uU/eJ05c1srN0RfAem6 mi4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:user-agent :content-transfer-encoding:autocrypt:references:in-reply-to:date:to :from:subject:message-id:sender:dkim-signature; bh=O5fHiwHXblFbp4TXcjkDUSWHN8rPND1GJdZwiM+wWL4=; fh=f9EQ7LEGdrM3WDGGAmSxfuiBC2wQCc0A1cu2uvveiN4=; b=lnxIOQzjW7UfQBd9pyNwCNf2WlLAhKX43t9pPW0GLw+vT5PK4DYQWGfcHoYITL8n+6 juoxSyVIgFi8I1TbkeVcXmQBkzZxwWS+gIfuu5G3PDu4FMYw3V1GoCTfjeDvUc35forr BIAfESTb26mGLGhJP6T9pJWuPkyaBaHE0vfc+EopnSfFAXviDYi9j9t9LHcRhmcdoNQC XZ2cKTtMiP9Ec37KQEfYLnYkwOU3Y4+/tHFfgmP8FSkeeI0h1FTRWHcQO/TZZWlkl6BO fbs3SQ6yaH68JnsamEJFsOasPaiK9NyuEwS6NxL4e37xtmlELQFxUlAZ9kf1tIe6bHzZ xZ9w==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721720254; x=1722325054; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:user-agent:content-transfer-encoding :autocrypt:references:in-reply-to:date:to:from:subject:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=O5fHiwHXblFbp4TXcjkDUSWHN8rPND1GJdZwiM+wWL4=; b=ue06pbID+mJagEhrfFYb10snRcOADTfUqDbH6gU7KMl6BNQhxarXqjZacoboovN5v9 ez7vIwebOyOc/FGGryc0XPG8jgx27LZnu9gYqwxdHrgYp86Oh+OtX8XM2a9nFPoip5MJ HXVmu1ZOl9n13MNGHIIX90jfpTtxkLCrFzucbZNdiqGLXOWzFlySJ8ukMMjmJ0zdjdQ/ GVNoddERt4du5/cvm6TdPZQmlQNMAwBxp2MOGPAVbAXYDgl+tpqS4iSq8U3nELGTCOmi rXEpQ9q/GN1jnwdJLgwHsi9UnKYSEFPGnYJR62Cp2ZAItpDF+aWFDnyKmV7meVOJre7V fHog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721720254; x=1722325054; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :user-agent:content-transfer-encoding:autocrypt:references :in-reply-to:date:to:from:subject:message-id:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=O5fHiwHXblFbp4TXcjkDUSWHN8rPND1GJdZwiM+wWL4=; b=HPAyQGSER1HVQmFhr8SFSQsoEsKFev6uVlFcjoxoz7nR7Pgzt2Qk+LBg/GQnQWXsaK W33tK77lWsxGFl8F0ASTzGp/AwDeu1NNyyV2CaLQsHJXwgejFbaYGGWC1y8BQIIXB4Ek od8SX4VYAH1yFybmcP/iSW5YBGXpXxoXw4HlpGkzD58CJ0s3k3FY3ugjpFSzYhfdVUMh sxALkCuGsQ2EKDxQr0cmjZ8eFeIe1rmJSA0cpVUvmsdyLLut23SPrDfqg9Blj7VRKBJP sfcebjmp5KxLca7jPZc5JUcIGtJmUIrVQM91Us3/FAWDXJpQQb3+xcfkkMSqEvpGuQ5d KoDA== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVQGrX92IstWzCCCpiZBP3LSxq4U4Svr3rnAECKHtv2f0TrL3fYCXaMJuU+tiO5596k+JPb1rt7QuZKZFFdLyXcgyM= X-Gm-Message-State: AOJu0YyM6AiOgoBH9BO/yp83wLkBrYHveZ94dz/oEu3tRY1dCo9IB8KX 0T8pEqFfYmuRr3YagxXTIZ8QkC4sPsoP3ZnmVmNXOxEjM0HicaEG X-Google-Smtp-Source: AGHT+IFvRbRu6te9tRymgkZoNQAcpIlsFuAGe6PC2tlVAcH7PtiF9T2J0mNeaua3FGGWtL3UtMI3NA== X-Received: by 2002:a2e:8902:0:b0:2ef:2472:300c with SMTP id 38308e7fff4ca-2ef247230c3mr49607351fa.25.1721720253258; Tue, 23 Jul 2024 00:37:33 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:50c:b0:2ef:1eb3:4741 with SMTP id 38308e7fff4ca-2ef1eb3492als14043021fa.0.-pod-prod-01-eu; Tue, 23 Jul 2024 00:37:31 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVzii12CQVARkVms/UJTjtGLzMjQRphjbrO0HNAeuV/pfAK7Gty9pGKEKyDDt0NhRotRzptUeaHT5XAlSSf2JSQgU9Us4Wy2GuUA64= X-Received: by 2002:a05:651c:1021:b0:2ef:29f3:c9ee with SMTP id 38308e7fff4ca-2ef29f3ca90mr40946751fa.35.1721720250930; Tue, 23 Jul 2024 00:37:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721720250; cv=none; d=google.com; s=arc-20160816; b=jeiW0eaw53e9NAhu0W+6NJLlwSUeCPGV+MutV3MWoqep5deDSxjdmLSCWVW0NpeIfR i5yOj/Q31vYhA1yLUi+dJtifmG5mYBzv+87AlKTZuI3iOwOiMmiryjmqvFBeacIYlNs2 xs0JidcFIvPvUHTbHrudA8TPVt7EkCpkigozSBCPXVDcH4XMYL+RsA8RfTDUQrDxZKtW ZZAgzVYGCohpxxDMUNf+3BR0rZv283X9rXhz60e/8rdulHp47P1mcD+8Rsm9SbcrYrRK m8u3Ib40YuPj54M0pcTrwufFccbFhOlOPpvCntLNCS0UYSYU3l/+qCqGlVF6FL4aBs/L l5tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:content-transfer-encoding:autocrypt :references:in-reply-to:date:to:from:subject:message-id; bh=AomjYHaKCKt3km9e8L01pGabODQoKwh5koydFT2H2Hs=; fh=ccQXl74Cdj9dNf1vJ8yhoIVQsYk9q5g0xPcMTPam+sk=; b=0LXezvINibf8VwxH4Ipsmj85tMUVzre2DQnrYZfMffIbsyiI+aKbwfqDtwfJPgf7xB Zjiyt8mpjbAYem6jkCcjAj1PkdidQZBk8NNlmYpHaeyewmKGVg1YzCCIsBM/PgL8dofH DiA99H+INANTsLM6cTsZGzVsaXiA9JprFpRvVneySBw0JxfUWdAN48w00Ua4bV4q1gWv OFyZzmKZtfp6lDrVvcUOhKg3Hpk6LEXuzFU5zdUirxp19NCbL4uqBnEPMzY0TUyC9RWD dZSqGi0ZORkkgSAAZQ73XvcYH9Cdu7VLJak3woBEisrnlsBdXJah3HyGzvEYm3ER3ltd MM4g==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-2ef1f267dc4si1307751fa.7.2024.07.23.00.37.30 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 23 Jul 2024 00:37:30 -0700 (PDT) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [IPv6:::1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 46N7bNsm025201 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Jul 2024 09:37:25 +0200 Message-ID: Subject: Re: [PATCH] initramfs: move fTPM and tee-supplicant initialization to local-top stage From: Uladzimir Bely To: Rakesh Kumar , isar-users@googlegroups.com Date: Tue, 23 Jul 2024 10:37:23 +0300 In-Reply-To: <20240710053335.2163596-1-kumar.rakesh@siemens.com> References: <20240710053335.2163596-1-kumar.rakesh@siemens.com> Autocrypt: addr=ubely@ilbers.de; prefer-encrypt=mutual; keydata=mQENBGO2eUkBCACtT+T3OrPVSExBmqfgXT3lp9XcdxRzjYp26wezkgYjjBXaf36bxtaAf S471VoQtpar0RVeFfW7WDDdfX9ZclSj36zBQe+RVSJzoNoNQfjOXWuSHb5Z+cpAFtqBY4muxK4+ia IlLJd6CN3ejOsLHATtCeHHq8wi0z2T+KdLQO+wQRgo2hjj0Lp9pGTrKJry50HP/o7Vbdu14dOx2xq r8+wPc6SQbBIrcqaa4MqCQC00vQG7eXvo+k2MOw59FDdpMH0KR9mHgp3u/s4I+4YRBArukt9G9xz/ rsEFmxAIBC6N/a6Hzwg4puc91n7ABDsPg8Vp+X3MDraujN0dvR6OKVNtABEBAAG0IFVsYWR6aW1pc iBCZWx5IDx1YmVseUBpbGJlcnMuZGU+iQFOBBMBCAA4FiEEJqPNVhVGyk12Eh+PAUQYBM/2FkoFAm O2eUkCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQAUQYBM/2FkprlAgAmuna8Hm9EyoEtTl DBGDg6Zm4ZLp5ffvZBE946h92jepDrteoxsJ7pSzJVC2HmDLa4iZUao7lLLbDsUj5x45/iLJcqBZK k3YnAxP2r6a+kI+1VVQY1pxdG1nlJAbdNzoojm/qmezNPSrqni61KVMQKsXBCWhIjSXDSM9CsBj21 a+9qaVqfxovJGTn9lgrZO+xzKQNMKZeOouJlscVuFj21P0ww3/YENiU/nMeTSuYypO76mDtAd08Jo nc3yuHa9MJGei5ixN3wT+IrGR2aL2hdw2M6NgH7sYbL2Zi4ugD6RXHJai1Bh2yvFSVqSQ+M6QOInT 4ud7wslm1XRB065dXtA== Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.2 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-2.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ubely@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: hlHzbX8NhJub On Wed, 2024-07-10 at 11:03 +0530, 'Rakesh Kumar' via isar-users wrote: > To ensure proper initialization of the fTPM and tee-supplicant > services before > the root filesystem is mounted, we are relocating their > initialization to the > local-top section of initramfs. This change ensures that the > encrypted filesystems > are properly initialized and ready for use before the root filesystem > is mounted at > local-bottom stage. >=20 > Reason for local-top: >=20 > * Early Initialization: The local-top scripts run before the root > filesystem is mounted. > =C2=A0 This timing is essential for encrypted root filesystems since the > decryption process must be > =C2=A0 completed before the filesystem can be accessed. >=20 > * Dependency Handling: The encryption setup requires initializing > dependencies such as > =C2=A0 fTPM (firmware Trusted Platform Module) devices. Performing these > tasks early in the boot process > =C2=A0 ensures that all necessary components are in place before the root > filesystem is mounted. >=20 > Signed-off-by: Rakesh Kumar > --- > =C2=A0.../initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb=C2=A0=C2= =A0=C2=A0 | 4 > ++-- > =C2=A0.../initramfs-tee-supplicant-hook_0.1.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 | 4 > ++-- > =C2=A02 files changed, 4 insertions(+), 4 deletions(-) >=20 > diff --git a/meta/recipes-initramfs/initramfs-tee-ftpm- > hook/initramfs-tee-ftpm-hook_0.1.bb b/meta/recipes- > initramfs/initramfs-tee-ftpm-hook/initramfs-tee-ftpm-hook_0.1.bb > index db38e618..82fec1bb 100644 > --- a/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > ftpm-hook_0.1.bb > +++ b/meta/recipes-initramfs/initramfs-tee-ftpm-hook/initramfs-tee- > ftpm-hook_0.1.bb > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS =3D "initramfs-tools" > =C2=A0 > =C2=A0do_install[cleandirs] +=3D " \ > =C2=A0=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/hooks \ > -=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-bottom" > +=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-top" > =C2=A0 > =C2=A0do_install() { > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-ftpm.hook" \ > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramf= s-tools/hooks/tee-ftpm" > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-ftpm.script" \ > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-too= ls/scripts/local-bottom/tee- > ftpm" > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-too= ls/scripts/local-top/tee-ftpm" > =C2=A0} > diff --git a/meta/recipes-initramfs/initramfs-tee-supplicant- > hook/initramfs-tee-supplicant-hook_0.1.bb b/meta/recipes- > initramfs/initramfs-tee-supplicant-hook/initramfs-tee-supplicant- > hook_0.1.bb > index 3768b8e0..a7a19bee 100644 > --- a/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > tee-supplicant-hook_0.1.bb > +++ b/meta/recipes-initramfs/initramfs-tee-supplicant-hook/initramfs- > tee-supplicant-hook_0.1.bb > @@ -17,11 +17,11 @@ DEBIAN_DEPENDS =3D "initramfs-tools, tee- > supplicant, procps" > =C2=A0 > =C2=A0do_install[cleandirs] +=3D " \ > =C2=A0=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/hooks \ > -=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-bottom" > +=C2=A0=C2=A0=C2=A0 ${D}/usr/share/initramfs-tools/scripts/local-top" > =C2=A0 > =C2=A0do_install() { > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-supplicant.hook"= \ > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramf= s-tools/hooks/tee-supplicant" > =C2=A0=C2=A0=C2=A0=C2=A0 install -m 0755 "${WORKDIR}/tee-supplicant.scrip= t" \ > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-too= ls/scripts/local-bottom/tee- > supplicant" > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "${D}/usr/share/initramfs-too= ls/scripts/local-top/tee- > supplicant" > =C2=A0} > --=20 > 2.39.2 >=20 Applied v2 to next, thanks. --=20 Best regards, Uladzimir. --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= isar-users/e5cf41d3a2a12ec0b26c7d920cf8138073b7e8ea.camel%40ilbers.de.