From patchwork Thu Apr 25 11:50:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13643213 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48289C25B10 for ; Thu, 25 Apr 2024 11:51:30 +0000 (UTC) Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net [185.136.64.228]) by mx.groups.io with SMTP id smtpd.web10.14924.1714045884006929455 for ; Thu, 25 Apr 2024 04:51:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=KrbPgP+S; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228, mailfrom: fm-51332-20240425115121c66c3c0d497d2e216b-w8acfw@rts-flowmailer.siemens.com) Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20240425115121c66c3c0d497d2e216b for ; Thu, 25 Apr 2024 13:51:21 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=92laoSyA7ibBoNhzAQr2FvY4IP6MNIW/tOc+ONdCPmM=; b=KrbPgP+ShSQu49yCUpQSxaZanHxaKNUguSNT+d9tC5FjedkEMUVTZspLj5AR8OCCWuZmoT kYJEjkm9fojDowZP4UBrsptVK8BSqmaHs8JZx9hk9X6kjLVG1F/oo2apYg0Tdy/m96puyFYK tXdm1uO9FF6phfmzOeGS7kjzV0Y/U=; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, johnxw@amazon.com, felix.moessbauer@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v3 4/9] fix: use luks2 to identify encrypted partition Date: Thu, 25 Apr 2024 13:50:32 +0200 Message-ID: <20240425115119.813384-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240425115119.813384-1-Quirin.Gylstorff@siemens.com> References: <20240425115119.813384-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Apr 2024 11:51:30 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/15756 From: Quirin Gylstorff This fixes an issue with encrypted rootfs during system reboot. With the token option it can happen that during reboot the no valid Luks partition is found and the boot up fails in the initrd. Signed-off-by: Quirin Gylstorff --- .../initramfs-crypt-hook/files/encrypt_partition.script | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script index 51c81f3..685d882 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script @@ -134,7 +134,7 @@ for partition_set in $partition_sets; do fi if /usr/sbin/cryptsetup luksDump --batch-mode "$partition" \ - | grep -q "token"; then + | grep -q "luks2"; then open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device" continue fi