gylstorffq
commented
1 year ago How do you ensure that your ftpm initramfs script is executed before creating/opening the crypt partitions?
Closed BaochengSu closed 1 year ago
gylstorffq
commented
1 year ago How do you ensure that your ftpm initramfs script is executed before creating/opening the crypt partitions?
jan-kiszka
commented
1 year ago @stormc, FYI
BaochengSu
commented
1 year ago How do you ensure that your ftpm initramfs script is executed before creating/opening the crypt partitions?
IIUC, the prereqs of the initramfs-crypt-hook does the trick.
gylstorffq
commented
1 year ago Did you patch initramfs-crypt-hook in isar-cip-core ? I did not find anything on the mailing list and in the repository.
BaochengSu
commented
1 year ago Did you patch
initramfs-crypt-hookin isar-cip-core ? I did not find anything on the mailing list and in the repository.
No, no need to patch it, since it does its job very well. :)
jan-kiszka
commented
1 year ago What's the state of this now? It's apparently still not building in CI. Already an idea?
BaochengSu
commented
1 year ago What's the state of this now? It's apparently still not building in CI. Already an idea?
No, seems like an OOM warning: Total memory requested is more than 75% of physical memory.
This does not happen in the master branch, the only noticeable change in this branch is the bump of isar-cip-core. I will try to have a testing branch to only bump the cip-core to pinpoint the root cause.
2023-05-25 11:46:59 - ERROR - ERROR: iot2050-image-swu-example-1.0-r0 do_image_squashfs: ExecutionError('/build/tmp/work/iot2050-debian-arm64/iot2050-image-swu-example-iot2050/1.0-r0/temp/run.do_image_squashfs.712079', 1, None, None)
2023-05-25 11:46:59 - ERROR - ERROR: Logfile of failure stored in: /build/tmp/work/iot2050-debian-arm64/iot2050-image-swu-example-iot2050/1.0-r0/temp/log.do_image_squashfs.712079
2023-05-25 11:46:59 - INFO - Log data follows:
2023-05-25 11:46:59 - INFO - | DEBUG: Executing python function set_image_size
2023-05-25 11:46:59 - INFO - | DEBUG: Python function set_image_size finished
2023-05-25 11:46:59 - INFO - | DEBUG: Executing shell function do_image_squashfs
2023-05-25 11:46:59 - INFO - | Total memory requested is more than 75% of physical memory.
2023-05-25 11:46:59 - INFO - | Mksquashfs uses memory to cache data from disk to optimise performance.
2023-05-25 11:46:59 - INFO - | It is pointless to ask it to use more than this amount of memory, as this
2023-05-25 11:46:59 - INFO - | causes thrashing and it is thus self-defeating.
2023-05-25 11:46:59 - INFO - | FATAL ERROR:Requested memory size too large
2023-05-25 11:46:59 - INFO - | WARNING: exit code 1 from a shell command.
stormc
commented
1 year ago What's the state of this now? It's apparently still not building in CI. Already an idea?
No, seems like an OOM warning:
Total memory requested is more than 75% of physical memory.This does not happen in the master branch, the only noticeable change in this branch is the bump of isar-cip-core. I will try to have a testing branch to only bump the cip-core to pinpoint the root cause.
Confirmed, this happens on ISAR-CIP-Core if you have, e.g., an 8GB RAM machine, you need more RAM.
jan-kiszka
commented
1 year ago That's squashfs - can that be addressed by some fs generation switches? @gylstorffq
This integrate the fTPM based data encryption onto IOT2050.
The fTPM is using https://github.com/microsoft/ms-tpm-20-ref/.
The build target is Secure Boot enabled example image, the two persistent partitions, /var and /home will be encrypted during the first booting.
Known Issue:
expand-on-first-bootdoes not work for encrypted LUKS partitions.@jan-kiszka @gylstorffq , need your help to review :)