Re: [PATCH 3/5] initramfs-crypt-hook: use real device path in luksFormat case

[Quirin Gylstorff <quirin.gylstorff@siemens.com>]

On 2/27/25 10:16, Jan Kiszka wrote:
> On 26.02.25 10:59, Claudius Heine wrote:
>> In the 'format' case the `$partition` variable is used instead of
>> `$part_device`, which is likely an error, because all other cases use
>> `$part_device`.
>>
>> `$part_device` is the real path to the block device, while `$partition`
>> is the 'name' of the partition in the `$PARITIONS` variable, as defined
>> in the recipe.
>>
>> This fixes an inconsistency, it shouldn't be a bug here, but could
>> result in bugs when this script is adapted in product layers, etc.
>>
>> Signed-off-by: Claudius Heine <ch@denx.de>
>> ---
>>   recipes-initramfs/initramfs-crypt-hook/files/local-top-complete | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/recipes-initramfs/initramfs-crypt-hook/files/local-top-complete b/recipes-initramfs/initramfs-crypt-hook/files/local-top-complete
>> index f1aa0d7..b907ea7 100644
>> --- a/recipes-initramfs/initramfs-crypt-hook/files/local-top-complete
>> +++ b/recipes-initramfs/initramfs-crypt-hook/files/local-top-complete
>> @@ -254,7 +254,7 @@ for partition_set in $partition_sets; do
>>   		"format")
>>   			log_begin_msg "Encryption of ${part_device}"
>>   			/usr/sbin/cryptsetup luksFormat --batch-mode \
>> -				 --type luks2 "$partition" < "$tmp_key"
>> +				 --type luks2 "$part_device" < "$tmp_key"
>>   			enroll_tpm2_token "$part_device" "$tmp_key" "$tpm_device" "$tpm_key_algorithm" "$pcr_bank_hash_type"
>>   			open_tpm2_partition "$part_device" "$crypt_mount_name" "$tpm_device"
>>   			eval "${create_file_system_cmd} ${decrypted_part}"
> 
> This goes back to commit 98974a68ab9b, and there it is stated:
> 
> +       # clevis does not work with links in /dev/disk*
> +       part_device=$(readlink -f "$partition")
> 
> So this really looks like a pure consistency cleanup (but a valid one).
> Right, Quirin?
Yes.

Quirin
> 
> Jan
>