| Message ID | 20240425115119.813384-5-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Add option to encrypt the rootfs | expand |
On Thu, 2024-04-25 at 13:50 +0200, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > This fixes an issue with encrypted rootfs during system reboot. > With the token option it can happen that during reboot the no > valid Luks partition is found and the boot up fails in the initrd. This is an interesting testcase for the watchdog. Does the kernel already trigger the watchdog at this initrd stage? Did the system hang here forever, or did it reboot? Felix > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > .../initramfs-crypt-hook/files/encrypt_partition.script | 2 > +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/recipes-initramfs/initramfs-crypt- > hook/files/encrypt_partition.script b/recipes-initramfs/initramfs- > crypt-hook/files/encrypt_partition.script > index 51c81f3..685d882 100644 > --- a/recipes-initramfs/initramfs-crypt- > hook/files/encrypt_partition.script > +++ b/recipes-initramfs/initramfs-crypt- > hook/files/encrypt_partition.script > @@ -134,7 +134,7 @@ for partition_set in $partition_sets; do > fi > > if /usr/sbin/cryptsetup luksDump --batch-mode "$partition" \ > - | grep -q "token"; then > + | grep -q "luks2"; then > open_tpm2_partition "$part_device" > "$crypt_mount_name" "$tpm_device" > continue > fi
On 4/25/24 2:06 PM, Moessbauer, Felix (T CED OES-DE) wrote: > On Thu, 2024-04-25 at 13:50 +0200, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> This fixes an issue with encrypted rootfs during system reboot. >> With the token option it can happen that during reboot the no >> valid Luks partition is found and the boot up fails in the initrd. > > This is an interesting testcase for the watchdog. Does the kernel > already trigger the watchdog at this initrd stage? Did the system hang > here forever, or did it reboot? As we have panic=5 enabled the watchdog will be triggered and we have a reboot loop. Quirin > > Felix > >> >> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> --- >> .../initramfs-crypt-hook/files/encrypt_partition.script | 2 >> +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/recipes-initramfs/initramfs-crypt- >> hook/files/encrypt_partition.script b/recipes-initramfs/initramfs- >> crypt-hook/files/encrypt_partition.script >> index 51c81f3..685d882 100644 >> --- a/recipes-initramfs/initramfs-crypt- >> hook/files/encrypt_partition.script >> +++ b/recipes-initramfs/initramfs-crypt- >> hook/files/encrypt_partition.script >> @@ -134,7 +134,7 @@ for partition_set in $partition_sets; do >> fi >> >> if /usr/sbin/cryptsetup luksDump --batch-mode "$partition" \ >> - | grep -q "token"; then >> + | grep -q "luks2"; then >> open_tpm2_partition "$part_device" >> "$crypt_mount_name" "$tpm_device" >> continue >> fi >
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script index 51c81f3..685d882 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script @@ -134,7 +134,7 @@ for partition_set in $partition_sets; do fi if /usr/sbin/cryptsetup luksDump --batch-mode "$partition" \ - | grep -q "token"; then + | grep -q "luks2"; then open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device" continue fi