Closed arrow53 closed 2 years ago
Basically this just wasn't my use-case, and I didn't have time or HW to test with this config.
Random thoughts:
mender-partuuid
should be an issue, but I'm not sure of the implications. meta-mender-kernel
relies on MENDER_STORAGE_DEVICE_BASE
for the new/separate kernel partitions, is that variable valid when using UUID?grub-mender-grubenv
seems like it'd work with uuid and the separate A/B kernel partitionsHave you tried removing that check? Not likely it'll work with just that, but it might get most the way there.
thanks. I'm not really sure what I'm doing so thought I'd at least run it by you first. I commented the check out and seemed to get past it. Im going to leave this open for a bit.
ok made it here
ERROR: mender-luks-initramfs-1.0-r0 do_rootfs: MENDER_EXTRA_PARTS and DISTRO_FEATURE 'mender-partuuid' are both defined and incompatible
ok made it here
ERROR: mender-luks-initramfs-1.0-r0 do_rootfs: MENDER_EXTRA_PARTS and DISTRO_FEATURE 'mender-partuuid' are both defined and incompatible
That's going to be a tough one to get past. MENDER_EXTRA_PARTS
is the hook that meta-mender-kernel
uses to create the A/B kernel partitions.
To get around this, you'd need to either
meta-mender
, or rewrite/reimplement the partition/image creation mender has/boot
For the second option, you can try
MENDER_EXTRA_PARTS
to be emptygrub-mender-grubenv_git%.bbappend
to set mender_kernela_part
and mender_kernelb_part
to empty (""
) or the /boot
part number.meta-mender-kernel
state scripts are probably invalid in this use case (https://github.com/coreycothrum/meta-mender-kernel/tree/master/recipes-mender/mender-kernel-state-scripts). Might want to override that recipe to not install anything.Again though, this loses the kernel A/B stuff. Might be OK. You'd need to write a state script or update module to update it (https://github.com/coreycothrum/meta-mender-kernel/issues/5).
@coreycothrum thanks a ton for the comments. From doing a bit of research, for my target platforms such as imx8, raspberry pi, etc. it seems the second option is the way to go
let me see if I can remove the /boot
dependencies
@coreycothrum I'm getting DEV_BASE
to be blank despite the variables seemingly being find and I can see the image file exists
I've never used sudo in a bbclass before. Is there anything special I need to do?
I hate that I had to (use sudo), but I couldn't find a way around it.
I typically run my builds inside a docker container under WSL. There was some "special" stuff there, but it might not be directly applicable.
What that class/function does is mount the image as a loopback device, and then encrypt it. So basically you need root access to your machine (host) /dev
.
When running in a container, I needed to run as sudo/root, use the --privileged
flag, and volume mount /dev
into the container. If you running natively, I'm not sure there is anything specially to do to get access to /dev
Are there some (host) dependancies with losetup
? Can you try those commands manually/natively to confirm you can mount the image on your system?
Yes, I see now in the logs its unhappy about not getting a root password. No passwd for sudo fixes it but your docker container idea is definitely the way to go.
@coreycothrum I realize I've now gone pretty far afield from your original project. But, I think I'm close now.
For my raspberry pi I now have a /boot
and three encrypted partitions. The /boot
directory has a /boot/LUKS
folder with three 16.8 MB .luks
files.
Sorry i'm so clueless on this but is the general strategy to use the .luks
files to decode the partition? Do I need grub
for that? Right now I just have uboot and it doesn't seem to be doing that step.
Hit any key to stop autoboot: 0
switch to partitions #0, OK
mmc0 is current device
Scanning mmc 0:1...
Found U-Boot script /boot.scr
299 bytes read in 1 ms (292 KiB/s)
## Executing script at 02400000
switch to partitions #0, OK
mmc0 is current device
** Unrecognized filesystem type **
Bad Linux ARM64 Image magic!
SCRIPT FAILED: continuing...
Card did not respond to voltage select!
Those files are the 'detached headers' for the LUKS partition(s).
I have only used it with grub, but I don't think that's a requirement. The decryption happens after grub, when the kernel is booting.
So in my use-case, I have dual A/B kernel partitions. grub will choose which patition/kernel to use based on the mender roots partition, and launch that one.
That stuff is likely different, I'm not sure how uboot is doing it.
But there should be a linux kernel in /boot... and it should be "bundled". Meaning, it is both a kernel and an initramfs. This layer has an init script that runs when the kernel is booted, and that unlocks the roots and data paritions.
What's the contents of boot.scr? What's generating it? I couldn't really tell from my QUICK look through meta-mender
. Does it not launch the kernel? It may need to be patched so it does.
Hope that helps!
ah, good to know. So, if I can get the kernel to boot then I should be in good shape!
Yes, that is my problem though is uboot will no longer boot the kernel when I use your layer. Image
is indeed in the \boot
directory along with the .dtb
files and boot.scr
boot.scr
I think comes from here
https://github.com/mendersoftware/meta-mender/blob/dunfell/meta-mender-raspberrypi/recipes-bsp/rpi-u-boot-scr/files/boot.cmd.in
and mine looks like this
'V�R�M�����w�,Boot script�fdt addr ${fdt_addr} && fdt get value bootargs /chosen bootargs
run mender_setup
mmc dev ${mender_uboot_dev}
load ${mender_uboot_root} ${kernel_addr_r} /boot/Image
booti ${kernel_addr_r} - ${fdt_addr}
run mender_try_to_recover
What is super weird though is I can take all the \boot
files from a good working image and copy them over to the \boot
partition on the image I create when I use your layer and it still doesn't work.
There is a hidden partition at the beginning of the .sdimg
file and I'm not sure what is there but maybe it's different.
Can KERNEL_IMAGETYPE
be set to bzImage
? Is that a grub only thing?
@coreycothrum using a compressed image is a good idea but I can't seem to build it with the current kernel recipe.
At any rate, I figured out the problem. meta-mender-raspberrypi
is indeed A/B'ing the kernel. uboot
is being used for partition selection between 2 or 3
load ${mender_uboot_root} ${kernel_addr_r} /boot/Image
where mender_uboot_root
starts off as mmc 0:2
.
I had assumed it was /boot
which is mmc 0:1
but there's actually a /boot
partition in the main rootfs parititon.
So, any thoughts on this? Maybe I should just pull the kernel from the /boot
partition and not worry about A/B'ing the kernel.
You are using the kernel to decrypt those partitions so I'm not sure I have an alternative?
@coreycothrum I'm using a compulab board with an imx8mp part. They have a mender configuration that uses
mender-partuuid
. Integrating your layer I seeThis is the referenced line
https://github.com/compulab-yokneam/meta-mender-compulab/blob/gatesgarth/templates/local.conf.append#L15
Do you have any thoughts on what I can do to resolve this?