| Message ID | PRAPR10MB5422768B34B02D220449FBE680692@PRAPR10MB5422.EURPRD10.PROD.OUTLOOK.COM (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [isar-cip-core,1/1] initramfs-crypt-hook: Add required kernel modules for upstream kernel | expand |
On 10.01.24 13:37, Cetin, Gokhan wrote: > > This adds necessary crypt modules and loop device that are > not loaded at early boot as default with upstream kernel. > > Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com> > --- > .../files/encrypt_partition.clevis.hook | 4 +++- > .../files/encrypt_partition.clevis.script | 8 ++++++++ > .../files/encrypt_partition.systemd.hook | 4 +++- > .../files/encrypt_partition.systemd.script | 8 ++++++++ > 4 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook > index 37b373c..7e69f88 100755 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook > @@ -35,7 +35,9 @@ manual_add_modules dm_mod > manual_add_modules dm_crypt > > # add crypto modules for debian upstream kernel > -manual_add_modules aesni-intel > +manual_add_modules ecb > +manual_add_modules aes_generic > +manual_add_modules xts > > copy_exec /usr/bin/openssl || hook_error "/usr/bin/openssl not found" > copy_exec /usr/sbin/mke2fs || hook_error "/usr/sbin/mke2fs not found" > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script > index 6d8f209..9be03e9 100644 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script > @@ -36,6 +36,14 @@ esac > modprobe tpm_tis > modprobe tpm_crb > > +modprobe ecb > +modprobe aes_generic > +modprobe xts > + > +# this needs to be probed particularly > +# for reencryption with upstream kernel > +modprobe loop > + > # fixed tpm device or do we need to find it > tpm_device=/dev/tpmrm0 > partition_sets="$PARTITIONS" > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook > index 0a39da6..abbe28a 100755 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook > @@ -32,7 +32,9 @@ manual_add_modules dm_mod > manual_add_modules dm_crypt > > # add crypto modules for debian upstream kernel > -manual_add_modules aesni-intel > +manual_add_modules ecb > +manual_add_modules aes_generic > +manual_add_modules xts > > copy_exec /usr/bin/openssl || hook_error "/usr/bin/openssl not found" > copy_exec /usr/sbin/mke2fs || hook_error "/usr/sbin/mke2fs not found" > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script > index 2ac8d30..67d56f1 100644 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script > @@ -36,6 +36,14 @@ esac > modprobe tpm_tis > modprobe tpm_crb > > +modprobe ecb > +modprobe aes_generic > +modprobe xts > + > +# this needs to be probed particularly > +# for reencryption with upstream kernel "Upstream" is a bit vague here, and all those probings depend on the concrete kernel not having the feature built-in (but having it at all). The reference to re-encryption can be helpful, though. > +modprobe loop > + > # fixed tpm device or do we need to find it > tpm_device=/dev/tpmrm0 > partition_sets="$PARTITIONS" Looks good otherwise. Jan
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook index 37b373c..7e69f88 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.hook @@ -35,7 +35,9 @@ manual_add_modules dm_mod manual_add_modules dm_crypt # add crypto modules for debian upstream kernel -manual_add_modules aesni-intel +manual_add_modules ecb +manual_add_modules aes_generic +manual_add_modules xts copy_exec /usr/bin/openssl || hook_error "/usr/bin/openssl not found" copy_exec /usr/sbin/mke2fs || hook_error "/usr/sbin/mke2fs not found" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script index 6d8f209..9be03e9 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script @@ -36,6 +36,14 @@ esac modprobe tpm_tis modprobe tpm_crb +modprobe ecb +modprobe aes_generic +modprobe xts + +# this needs to be probed particularly +# for reencryption with upstream kernel +modprobe loop + # fixed tpm device or do we need to find it tpm_device=/dev/tpmrm0 partition_sets="$PARTITIONS" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook index 0a39da6..abbe28a 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook @@ -32,7 +32,9 @@ manual_add_modules dm_mod manual_add_modules dm_crypt # add crypto modules for debian upstream kernel -manual_add_modules aesni-intel +manual_add_modules ecb +manual_add_modules aes_generic +manual_add_modules xts copy_exec /usr/bin/openssl || hook_error "/usr/bin/openssl not found" copy_exec /usr/sbin/mke2fs || hook_error "/usr/sbin/mke2fs not found" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script index 2ac8d30..67d56f1 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script @@ -36,6 +36,14 @@ esac modprobe tpm_tis modprobe tpm_crb +modprobe ecb +modprobe aes_generic +modprobe xts + +# this needs to be probed particularly +# for reencryption with upstream kernel +modprobe loop + # fixed tpm device or do we need to find it tpm_device=/dev/tpmrm0 partition_sets="$PARTITIONS"
This adds necessary crypt modules and loop device that are not loaded at early boot as default with upstream kernel. Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com> --- .../files/encrypt_partition.clevis.hook | 4 +++- .../files/encrypt_partition.clevis.script | 8 ++++++++ .../files/encrypt_partition.systemd.hook | 4 +++- .../files/encrypt_partition.systemd.script | 8 ++++++++ 4 files changed, 22 insertions(+), 2 deletions(-)