Open LimaLima opened 1 day ago
p.s. rpi-otp-private-key
returns zeros on the target CM4.
I was expecting it to have something random after provisioning.
Thanks for the report, @LimaLima
I'm hoping to reproduce this on CM4 either later today or tomorrow.
Your observations are essentially correct - I'd have expected to see a device-unique key returned, and that you just have zeros implies that the keywriter failed on your device.
Ok, so we have two problems then:
Any suggested workarounds, or some additional information I could collect?
Some further testing:
RPI_SB_WORKDIR
folder (workaround for the issue #42)rpi-otp-private-key
(workaround for key provisioning issue)unxz -k required.ko.xz
to make sure the modules are available (workaround for cryptoroot incompatibility with compressed modules)Provisioning went through "successfully" However, LUKS is locked:
Confirmed manually: Even tried with a key made out of 0'os:
Need to find additional workarounds :(
v1.1.0 Configuration:
Running on a fresh install of Pi4, based on the same
2024-07-04-raspios-bookworm-arm64-lite.img
Targeting CM4 (8GiB MMC, 1 GiB RAM, no wifi) on IO Board, as per documentationAfter "successful" provisioning, boot fails before switching to encrypted partition: boot.img/initramfs8 does not contain uncompressed kernel modules that are required here, but it has their .xz versions