From patchwork Mon May 6 14:17:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13655536 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 473FAC25B78 for ; Mon, 6 May 2024 14:18:45 +0000 (UTC) Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net [185.136.64.228]) by mx.groups.io with SMTP id smtpd.web11.21515.1715005117673833519 for ; Mon, 06 May 2024 07:18:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=l5Vt2o1i; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228, mailfrom: fm-51332-20240506141835f0229696b19efc2603-nskgao@rts-flowmailer.siemens.com) Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20240506141835f0229696b19efc2603 for ; Mon, 06 May 2024 16:18:35 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=IPPDMivXsGMLuh/iWR8m2aU1+wo2X5/VuI470sb9hBo=; b=l5Vt2o1iukitI4LOGbKoelwDeNTdZ9tLzIANOWnvfsvoev/6jpckSfKu2NBgQwjvU7X9+3 LQTXB+hbFFJlTKyFQyCa+zvyJrCl2namojlg3xhD8KtMVBmrAYHfnNsI4iCZ2SE8selgKO0H u/JEJ5hfwfeFnQFCvrq5s+bQRUvvM=; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, johnxw@amazon.com, felix.moessbauer@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v5 04/11] fix: use luks2 to identify encrypted partition Date: Mon, 6 May 2024 16:17:25 +0200 Message-ID: <20240506141833.3622989-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20240506141833.3622989-1-Quirin.Gylstorff@siemens.com> References: <20240506141833.3622989-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 06 May 2024 14:18:45 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/15833 From: Quirin Gylstorff This fixes an issue with encrypted rootfs during system reboot. With the token option it can happen that during reboot the no valid Luks partition is found and the boot up fails in the initrd. Signed-off-by: Quirin Gylstorff --- .../initramfs-crypt-hook/files/encrypt_partition.script | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script index 2e6abf9..7cb7f34 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script @@ -134,7 +134,7 @@ for partition_set in $partition_sets; do fi if /usr/sbin/cryptsetup luksDump --batch-mode "$partition" \ - | grep -q "token"; then + | grep -q "luks2"; then open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device" continue fi