From: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com,
johnxw@amazon.com, felix.moessbauer@siemens.com
Subject: [cip-dev][isar-cip-core][PATCH v5 11/11] initramfs-crypt-hook: cleanup logging
Date: Mon, 6 May 2024 16:17:32 +0200 [thread overview]
Message-ID: <20240506141833.3622989-12-Quirin.Gylstorff@siemens.com> (raw)
In-Reply-To: <20240506141833.3622989-1-Quirin.Gylstorff@siemens.com>
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Reduce the clutter during boot. Print messages only if debug is
set in the commandline.
Use the provided logging functionality.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
.../initramfs-crypt-hook/files/encrypt_partition.script | 8 ++++++--
.../files/mount_crypt_partitions.script | 2 +-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
index d9a85e5..d48db94 100644
--- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
+++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
@@ -78,7 +78,7 @@ reencrypt_existing_partition() {
fi
;;
squashfs|"")
- echo "skip disk resize as it is not supported or unnecessary for fstype: '$partition_fstype'"
+ [ "$debug" = "y" ] && echo "skip disk resize as it is not supported or unnecessary for fstype: '$partition_fstype'"
;;
*)
panic "cannot resize parition. unsupport fstype: $partition_fstype"
@@ -112,7 +112,7 @@ done
if [ ! -e "$tpm_device" ]; then
if [ "$tpm_encryption_optional" = "true" ]; then
- echo "No tpm_device exists abort optional encryption"
+ log_warning_msg "No tpm_device exists abort optional encryption"
exit 0
fi
panic "No tpm device exists or supports pcr_hash '$pcr_bank_hash_type' or '$tpm_key_algorithm' - cannot create a encrypted device!"
@@ -167,16 +167,20 @@ for partition_set in $partition_sets; do
case "${partition_format}" in
"reencrypt")
+ log_begin_msg "Encryption of ${part_device}"
reencrypt_existing_partition "$part_device" "$tmp_key"
enroll_tpm2_token "$part_device" "$tmp_key" "$tpm_device" "$tpm_key_algorithm" "$pcr_bank_hash_type"
open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device"
+ log_end_msg
;;
"format")
+ log_begin_msg "Encryption of ${part_device}"
/usr/sbin/cryptsetup luksFormat --batch-mode \
--type luks2 "$partition" < "$tmp_key"
enroll_tpm2_token "$part_device" "$tmp_key" "$tpm_device" "$tpm_key_algorithm" "$pcr_bank_hash_type"
open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device"
eval "${create_file_system_cmd} ${decrypted_part}"
+ log_end_msg
;;
*)
panic "Unknown value ${partition_format}. Cannot create a encrypted partition !"
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script b/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script
index f35685e..f47219b 100644
--- a/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script
+++ b/recipes-initramfs/initramfs-crypt-hook/files/mount_crypt_partitions.script
@@ -35,7 +35,7 @@ esac
mount_partition() {
partition_dev_path=$1
partition_mountpoint=$2
- echo "mount device: '$partition_dev_path' to '$partition_mountpoint'"
+ [ "$debug" = "y" ] && echo "mount device: '$partition_dev_path' to '$partition_mountpoint'"
if ! mountpoint -q "${partition_mountpoint}"; then
if ! mount -t "$(get_fstype "${partition_dev_path}")" "${partition_dev_path}" \
"${partition_mountpoint}"; then
--
2.43.0
next prev parent reply other threads:[~2024-05-06 14:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 14:17 [cip-dev][isar-cip-core][PATCH v5 00/11] Add option to encrypt the rootfs Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 01/11] wic/*: Add part-labels to system partition Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 02/11] initramfs: allow empty mountpoint for crypt hooks Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 03/11] initramfs-crypt: Only resize partition if ext* formatted Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 04/11] fix: use luks2 to identify encrypted partition Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 05/11] Rename encrypt-partitions to encrypt-data Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 06/11] Kconfig: Add option to encrypt the rootfs Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 07/11] crypt-hook: Extend partition selection Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 08/11] README: Add rootfs encryption Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 09/11] README.swupdate: Add section about partition selection Quirin Gylstorff
2024-05-06 14:17 ` [cip-dev][isar-cip-core][PATCH v5 10/11] fix: Remove spurious '-' Quirin Gylstorff
2024-05-06 14:17 ` Quirin Gylstorff [this message]
2024-05-07 15:58 ` [cip-dev][isar-cip-core][PATCH v5 00/11] Add option to encrypt the rootfs Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240506141833.3622989-12-Quirin.Gylstorff@siemens.com \
--to=quirin.gylstorff@siemens.com \
--cc=cip-dev@lists.cip-project.org \
--cc=felix.moessbauer@siemens.com \
--cc=jan.kiszka@siemens.com \
--cc=johnxw@amazon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).