[PATCH 0/2] Add data-reset to initramfs

[PATCH 0/2] Add data-reset to initramfs

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This adds an initramfs hook to delete all data from the persistent
partitions.

This will reset the device identity `/etc/machine-id` and all
other information stored in the overlay.


I didn't call it factory-reset as it does not clean the encrypted
data partition. This would require:
- deleting all TPM data
- reformatting the encrypted partitions

Also it does not delete snapshots from btrfs or similar devices.


Quirin Gylstorff (2):
  initramfs: add hook for data-reset
  add data-reset hook to cip-core-initramfs

 .../cip-core-initramfs/cip-core-initramfs.bb  |  1 +
 .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
 .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
 3 files changed, 113 insertions(+)
 create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
 create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb

-- 
2.47.0

[PATCH 1/2] initramfs: add hook for data-reset

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This allows to reset the device data by deleting
all files in the persistent partitions.

The reset occurs if a file defined by the variable
INITRAMFS_DATA_RESET_MARKER
exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.

This feature allows to add device specific trigger to restore
the persistent file system to the first-boot state.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
 .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
 2 files changed, 112 insertions(+)
 create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
 create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb

diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
new file mode 100644
index 0000000..f02f95c
--- /dev/null
+++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
@@ -0,0 +1,76 @@
+#!/bin/sh
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+prereqs()
+{
+	# Make sure that this script is run last in local-top
+	# but before overlay
+	local req
+	for req in "${0%/*}"/*; do
+		script="${req##*/}"
+		if [ "$script" != "${0##*/}" ] &&
+			[ "$script" != "overlay" ] ; then
+			printf '%s\n' "$script"
+		fi
+	done
+}
+case $1 in
+prereqs)
+	prereqs
+	exit 0
+	;;
+esac
+
+. /scripts/functions
+
+marker="${INITRAMFS_DATA_RESET_MARKER}"
+marker_storage_device="${INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE}"
+target_devices="${INITRAMFS_DATA_RESET_DEVICES}"
+
+storage_mnt="$(findmnt "${marker_storage_device}")"
+factory_reset=false
+tmp_mount=$(mktemp -d)
+# check for marker
+if [ -z "${storage_mnt}" ]; then
+	if ! mount -t "$(get_fstype "${marker_storage_device}")" \
+		 "${marker_storage_device}" \
+		 "${tmp_mount}"; then
+		panic "Can't mount ${marker_storage_device}!"
+	fi
+	storage_mnt="$tmp_mount"
+fi
+if [ -e "${storage_mnt}${marker}" ]; then
+	factory_reset=true
+fi
+if mountpoint -q "$tmp_mount"; then
+	umount "$tmp_mount"
+fi
+if [ "${factory_reset}" = "true" ]; then
+	log_begin_msg "Factory Reset"
+	for target in ${target_devices}; do
+		target_mnt="$(findmnt "${target}")"
+		if [ -z "$target_mnt" ]; then
+			if ! mount -t "$(get_fstype "${target}")" \
+		 		"${marker_storage_device}" \
+		 		"${tmp_mount}"; then
+				panic "Can't mount ${target}!"
+			fi
+			target_mnt="$tmp_mount"
+		fi
+
+		# delete all files in the target mount point
+		find "${target_mnt}" ! -wholename "${target_mnt}" \
+			! -name "lost+found" -exec rm -rf {} +
+
+		if mountpoint -q "$tmp_mount"; then
+			umount "$tmp_mount"
+		fi
+	done
+	log_end_msg "Factory Reset"
+fi
diff --git a/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb b/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
new file mode 100644
index 0000000..6dfd896
--- /dev/null
+++ b/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
@@ -0,0 +1,36 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+require recipes-initramfs/initramfs-hook/hook.inc
+SRC_URI += " \
+    file://local-bottom-complete.tmpl"
+
+DESCRIPTION = "Delete the content of the given Devices"
+
+# if this file exists execute a factory reset for the given
+# list of factory-reset targets.
+INITRAMFS_DATA_RESET_MARKER ?= "/.data-reset"
+
+# use labels as crypt setup replaces the label links if
+# an partition is encrypted
+INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE ??= "/dev/disk/by-label/var"
+
+# list of partitions by label
+INITRAMFS_DATA_RESET_DEVICES ??= "/dev/disk/by-label/var"
+
+TEMPLATE_FILES += "local-bottom-complete.tmpl"
+TEMPLATE_VARS += " INITRAMFS_DATA_RESET_MARKER \
+                   INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE \
+                   INITRAMFS_DATA_RESET_DEVICES"
+
+DEBIAN_DEPENDS .= ", coreutils, util-linux"
+
+HOOK_ADD_MODULES = "factory-reset"
+HOOK_COPY_EXECS = "mountpoint findmnt mktemp rm find"
-- 
2.47.0

[PATCH 2/2] add data-reset hook to cip-core-initramfs

[Quirin Gylstorff]

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
index 0e4cf74..d4b1e5e 100644
--- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
+++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
@@ -12,6 +12,7 @@
 inherit initramfs
 
 INITRAMFS_INSTALL += " \
+    initramfs-data-reset-hook \
     initramfs-overlay-hook \
     "
 
-- 
2.47.0

Re: [PATCH 1/2] initramfs: add hook for data-reset

[Jan Kiszka]

On 24.04.25 11:22, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> This allows to reset the device data by deleting
> all files in the persistent partitions.
> 
> The reset occurs if a file defined by the variable
> INITRAMFS_DATA_RESET_MARKER
> exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.
> 
> This feature allows to add device specific trigger to restore
> the persistent file system to the first-boot state.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
>  .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
>  2 files changed, 112 insertions(+)
>  create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
>  create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
> 
> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
> new file mode 100644
> index 0000000..f02f95c
> --- /dev/null
> +++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
> @@ -0,0 +1,76 @@
> +#!/bin/sh
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2025
> +#
> +# Authors:
> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +#
> +prereqs()
> +{
> +	# Make sure that this script is run last in local-top

But it is called "local-bottom-complete"...

> +	# but before overlay
> +	local req
> +	for req in "${0%/*}"/*; do
> +		script="${req##*/}"
> +		if [ "$script" != "${0##*/}" ] &&
> +			[ "$script" != "overlay" ] ; then
> +			printf '%s\n' "$script"
> +		fi

Will create undefined dependencies between this and the crypt hook.
Please sort that out.

> +	done
> +}
> +case $1 in
> +prereqs)
> +	prereqs
> +	exit 0
> +	;;
> +esac
> +
> +. /scripts/functions
> +
> +marker="${INITRAMFS_DATA_RESET_MARKER}"
> +marker_storage_device="${INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE}"
> +target_devices="${INITRAMFS_DATA_RESET_DEVICES}"
> +
> +storage_mnt="$(findmnt "${marker_storage_device}")"
> +factory_reset=false

I thought you didn't want to call it "factory reset"?

> +tmp_mount=$(mktemp -d)
> +# check for marker
> +if [ -z "${storage_mnt}" ]; then
> +	if ! mount -t "$(get_fstype "${marker_storage_device}")" \
> +		 "${marker_storage_device}" \
> +		 "${tmp_mount}"; then
> +		panic "Can't mount ${marker_storage_device}!"
> +	fi
> +	storage_mnt="$tmp_mount"
> +fi
> +if [ -e "${storage_mnt}${marker}" ]; then
> +	factory_reset=true
> +fi
> +if mountpoint -q "$tmp_mount"; then
> +	umount "$tmp_mount"
> +fi
> +if [ "${factory_reset}" = "true" ]; then
> +	log_begin_msg "Factory Reset"
> +	for target in ${target_devices}; do
> +		target_mnt="$(findmnt "${target}")"
> +		if [ -z "$target_mnt" ]; then
> +			if ! mount -t "$(get_fstype "${target}")" \
> +		 		"${marker_storage_device}" \
> +		 		"${tmp_mount}"; then
> +				panic "Can't mount ${target}!"
> +			fi
> +			target_mnt="$tmp_mount"
> +		fi
> +
> +		# delete all files in the target mount point
> +		find "${target_mnt}" ! -wholename "${target_mnt}" \
> +			! -name "lost+found" -exec rm -rf {} +

rm --one-file-system

But wouldn't reformatting be simpler?

> +
> +		if mountpoint -q "$tmp_mount"; then
> +			umount "$tmp_mount"
> +		fi
> +	done
> +	log_end_msg "Factory Reset"
> +fi
> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb b/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
> new file mode 100644
> index 0000000..6dfd896
> --- /dev/null
> +++ b/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
> @@ -0,0 +1,36 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2025
> +#
> +# Authors:
> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +
> +require recipes-initramfs/initramfs-hook/hook.inc
> +SRC_URI += " \
> +    file://local-bottom-complete.tmpl"
> +
> +DESCRIPTION = "Delete the content of the given Devices"
> +
> +# if this file exists execute a factory reset for the given
> +# list of factory-reset targets.
> +INITRAMFS_DATA_RESET_MARKER ?= "/.data-reset"

Hmm, not really a working default if you have a read-only rootfs, no?

> +
> +# use labels as crypt setup replaces the label links if
> +# an partition is encrypted
> +INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE ??= "/dev/disk/by-label/var"
> +
> +# list of partitions by label
> +INITRAMFS_DATA_RESET_DEVICES ??= "/dev/disk/by-label/var"
> +
> +TEMPLATE_FILES += "local-bottom-complete.tmpl"
> +TEMPLATE_VARS += " INITRAMFS_DATA_RESET_MARKER \
> +                   INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE \
> +                   INITRAMFS_DATA_RESET_DEVICES"
> +
> +DEBIAN_DEPENDS .= ", coreutils, util-linux"
> +
> +HOOK_ADD_MODULES = "factory-reset"

What's that module?

> +HOOK_COPY_EXECS = "mountpoint findmnt mktemp rm find"

Should we already prepare alternative reset triggers by sticking the
file-based variant here into some callback?

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center

Re: [PATCH 1/2] initramfs: add hook for data-reset

[Quirin Gylstorff]

On 4/28/25 08:35, Jan Kiszka wrote:
> On 24.04.25 11:22, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This allows to reset the device data by deleting
>> all files in the persistent partitions.
>>
>> The reset occurs if a file defined by the variable
>> INITRAMFS_DATA_RESET_MARKER
>> exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.
>>
>> This feature allows to add device specific trigger to restore
>> the persistent file system to the first-boot state.
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
>>   .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
>>   2 files changed, 112 insertions(+)
>>   create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
>>   create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
>>
>> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
>> new file mode 100644
>> index 0000000..f02f95c
>> --- /dev/null
>> +++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-bottom-complete.tmpl
>> @@ -0,0 +1,76 @@
>> +#!/bin/sh
>> +#
>> +# CIP Core, generic profile
>> +#
>> +# Copyright (c) Siemens AG, 2025
>> +#
>> +# Authors:
>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> +#
>> +prereqs()
>> +{
>> +	# Make sure that this script is run last in local-top
> 
> But it is called "local-bottom-complete"...
> 
>> +	# but before overlay
>> +	local req
>> +	for req in "${0%/*}"/*; do
>> +		script="${req##*/}"
>> +		if [ "$script" != "${0##*/}" ] &&
>> +			[ "$script" != "overlay" ] ; then
>> +			printf '%s\n' "$script"
>> +		fi
> 
> Will create undefined dependencies between this and the crypt hook.
> Please sort that out.

I will move this before the crypt hook for now.
  >> +	done
>> +}
>> +case $1 in
>> +prereqs)
>> +	prereqs
>> +	exit 0
>> +	;;
>> +esac
>> +
>> +. /scripts/functions
>> +
>> +marker="${INITRAMFS_DATA_RESET_MARKER}"
>> +marker_storage_device="${INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE}"
>> +target_devices="${INITRAMFS_DATA_RESET_DEVICES}"
>> +
>> +storage_mnt="$(findmnt "${marker_storage_device}")"
>> +factory_reset=false
> 
> I thought you didn't want to call it "factory reset"?
As the hook does not to a complete factory reset ( the disk encryption 
stays) I used data reset for now. If we add formatting a throw a way
  the disk keys I can rename it.


> 
>> +tmp_mount=$(mktemp -d)
>> +# check for marker
>> +if [ -z "${storage_mnt}" ]; then
>> +	if ! mount -t "$(get_fstype "${marker_storage_device}")" \
>> +		 "${marker_storage_device}" \
>> +		 "${tmp_mount}"; then
>> +		panic "Can't mount ${marker_storage_device}!"
>> +	fi
>> +	storage_mnt="$tmp_mount"
>> +fi
>> +if [ -e "${storage_mnt}${marker}" ]; then
>> +	factory_reset=true
>> +fi
>> +if mountpoint -q "$tmp_mount"; then
>> +	umount "$tmp_mount"
>> +fi
>> +if [ "${factory_reset}" = "true" ]; then
>> +	log_begin_msg "Factory Reset"
>> +	for target in ${target_devices}; do
>> +		target_mnt="$(findmnt "${target}")"
>> +		if [ -z "$target_mnt" ]; then
>> +			if ! mount -t "$(get_fstype "${target}")" \
>> +		 		"${marker_storage_device}" \
>> +		 		"${tmp_mount}"; then
>> +				panic "Can't mount ${target}!"
>> +			fi
>> +			target_mnt="$tmp_mount"
>> +		fi
>> +
>> +		# delete all files in the target mount point
>> +		find "${target_mnt}" ! -wholename "${target_mnt}" \
>> +			! -name "lost+found" -exec rm -rf {} +
> 
> rm --one-file-system
> 
> But wouldn't reformatting be simpler?
> 
That is the question - My first thought was reformatting but then we 
lose the information from snapshot based file systems (e.g. btrfs).


>> +
>> +		if mountpoint -q "$tmp_mount"; then
>> +			umount "$tmp_mount"
>> +		fi
>> +	done
>> +	log_end_msg "Factory Reset"
>> +fi
>> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb b/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
>> new file mode 100644
>> index 0000000..6dfd896
>> --- /dev/null
>> +++ b/recipes-initramfs/initramfs-factory-reset-hook/initramfs-data-reset-hook_0.1.bb
>> @@ -0,0 +1,36 @@
>> +#
>> +# CIP Core, generic profile
>> +#
>> +# Copyright (c) Siemens AG, 2025
>> +#
>> +# Authors:
>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> +#
>> +# SPDX-License-Identifier: MIT
>> +
>> +require recipes-initramfs/initramfs-hook/hook.inc
>> +SRC_URI += " \
>> +    file://local-bottom-complete.tmpl"
>> +
>> +DESCRIPTION = "Delete the content of the given Devices"
>> +
>> +# if this file exists execute a factory reset for the given
>> +# list of factory-reset targets.
>> +INITRAMFS_DATA_RESET_MARKER ?= "/.data-reset"
> 
> Hmm, not really a working default if you have a read-only rootfs, no?
> 
>> +
>> +# use labels as crypt setup replaces the label links if
>> +# an partition is encrypted
>> +INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE ??= "/dev/disk/by-label/var"
>> +
>> +# list of partitions by label
>> +INITRAMFS_DATA_RESET_DEVICES ??= "/dev/disk/by-label/var"
>> +
>> +TEMPLATE_FILES += "local-bottom-complete.tmpl"
>> +TEMPLATE_VARS += " INITRAMFS_DATA_RESET_MARKER \
>> +                   INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE \
>> +                   INITRAMFS_DATA_RESET_DEVICES"
>> +
>> +DEBIAN_DEPENDS .= ", coreutils, util-linux"
>> +
>> +HOOK_ADD_MODULES = "factory-reset"
> 
> What's that module?
> 
>> +HOOK_COPY_EXECS = "mountpoint findmnt mktemp rm find"
> 
> Should we already prepare alternative reset triggers by sticking the
> file-based variant here into some callback?

We could do that.
Qurin
> 
> Jan
> 

Re: [PATCH 1/2] initramfs: add hook for data-reset

[Jan Kiszka]

On 28.04.25 10:23, Quirin Gylstorff wrote:
> 
> 
> On 4/28/25 08:35, Jan Kiszka wrote:
>> On 24.04.25 11:22, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> This allows to reset the device data by deleting
>>> all files in the persistent partitions.
>>>
>>> The reset occurs if a file defined by the variable
>>> INITRAMFS_DATA_RESET_MARKER
>>> exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.
>>>
>>> This feature allows to add device specific trigger to restore
>>> the persistent file system to the first-boot state.
>>>
>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>> ---
>>>   .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
>>>   .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
>>>   2 files changed, 112 insertions(+)
>>>   create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>> files/local-bottom-complete.tmpl
>>>   create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>> initramfs-data-reset-hook_0.1.bb
>>>
>>> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/
>>> local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-
>>> reset-hook/files/local-bottom-complete.tmpl
>>> new file mode 100644
>>> index 0000000..f02f95c
>>> --- /dev/null
>>> +++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-
>>> bottom-complete.tmpl
>>> @@ -0,0 +1,76 @@
>>> +#!/bin/sh
>>> +#
>>> +# CIP Core, generic profile
>>> +#
>>> +# Copyright (c) Siemens AG, 2025
>>> +#
>>> +# Authors:
>>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>> +#
>>> +prereqs()
>>> +{
>>> +    # Make sure that this script is run last in local-top
>>
>> But it is called "local-bottom-complete"...
>>
>>> +    # but before overlay
>>> +    local req
>>> +    for req in "${0%/*}"/*; do
>>> +        script="${req##*/}"
>>> +        if [ "$script" != "${0##*/}" ] &&
>>> +            [ "$script" != "overlay" ] ; then
>>> +            printf '%s\n' "$script"
>>> +        fi
>>
>> Will create undefined dependencies between this and the crypt hook.
>> Please sort that out.
> 
> I will move this before the crypt hook for now.

Don't you need crypt to run first to unlock the data partition?

>  >> +    done
>>> +}
>>> +case $1 in
>>> +prereqs)
>>> +    prereqs
>>> +    exit 0
>>> +    ;;
>>> +esac
>>> +
>>> +. /scripts/functions
>>> +
>>> +marker="${INITRAMFS_DATA_RESET_MARKER}"
>>> +marker_storage_device="${INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE}"
>>> +target_devices="${INITRAMFS_DATA_RESET_DEVICES}"
>>> +
>>> +storage_mnt="$(findmnt "${marker_storage_device}")"
>>> +factory_reset=false
>>
>> I thought you didn't want to call it "factory reset"?
> As the hook does not to a complete factory reset ( the disk encryption
> stays) I used data reset for now. If we add formatting a throw a way
>  the disk keys I can rename it.
> 
> 
>>
>>> +tmp_mount=$(mktemp -d)
>>> +# check for marker
>>> +if [ -z "${storage_mnt}" ]; then
>>> +    if ! mount -t "$(get_fstype "${marker_storage_device}")" \
>>> +         "${marker_storage_device}" \
>>> +         "${tmp_mount}"; then
>>> +        panic "Can't mount ${marker_storage_device}!"
>>> +    fi
>>> +    storage_mnt="$tmp_mount"
>>> +fi
>>> +if [ -e "${storage_mnt}${marker}" ]; then
>>> +    factory_reset=true
>>> +fi
>>> +if mountpoint -q "$tmp_mount"; then
>>> +    umount "$tmp_mount"
>>> +fi
>>> +if [ "${factory_reset}" = "true" ]; then
>>> +    log_begin_msg "Factory Reset"
>>> +    for target in ${target_devices}; do
>>> +        target_mnt="$(findmnt "${target}")"
>>> +        if [ -z "$target_mnt" ]; then
>>> +            if ! mount -t "$(get_fstype "${target}")" \
>>> +                 "${marker_storage_device}" \
>>> +                 "${tmp_mount}"; then
>>> +                panic "Can't mount ${target}!"
>>> +            fi
>>> +            target_mnt="$tmp_mount"
>>> +        fi
>>> +
>>> +        # delete all files in the target mount point
>>> +        find "${target_mnt}" ! -wholename "${target_mnt}" \
>>> +            ! -name "lost+found" -exec rm -rf {} +
>>
>> rm --one-file-system
>>
>> But wouldn't reformatting be simpler?
>>
> That is the question - My first thought was reformatting but then we
> lose the information from snapshot based file systems (e.g. btrfs).
> 

Which information? Aren't snapshot considered data here as well - which
we want to reset?

For a future solution that uses a/b btrfs plus some factory reset
snapshot state, this logic here will surely need adjustments. Or we
won't use the hook but rather embed related logic into some a/b data
partition hook.

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center

Re: [PATCH 1/2] initramfs: add hook for data-reset

[Quirin Gylstorff]

On 4/28/25 11:03, Jan Kiszka wrote:
> On 28.04.25 10:23, Quirin Gylstorff wrote:
>>
>>
>> On 4/28/25 08:35, Jan Kiszka wrote:
>>> On 24.04.25 11:22, Quirin Gylstorff wrote:
>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>
>>>> This allows to reset the device data by deleting
>>>> all files in the persistent partitions.
>>>>
>>>> The reset occurs if a file defined by the variable
>>>> INITRAMFS_DATA_RESET_MARKER
>>>> exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.
>>>>
>>>> This feature allows to add device specific trigger to restore
>>>> the persistent file system to the first-boot state.
>>>>
>>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>> ---
>>>>    .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
>>>>    .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
>>>>    2 files changed, 112 insertions(+)
>>>>    create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>>> files/local-bottom-complete.tmpl
>>>>    create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>>> initramfs-data-reset-hook_0.1.bb
>>>>
>>>> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/
>>>> local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-
>>>> reset-hook/files/local-bottom-complete.tmpl
>>>> new file mode 100644
>>>> index 0000000..f02f95c
>>>> --- /dev/null
>>>> +++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-
>>>> bottom-complete.tmpl
>>>> @@ -0,0 +1,76 @@
>>>> +#!/bin/sh
>>>> +#
>>>> +# CIP Core, generic profile
>>>> +#
>>>> +# Copyright (c) Siemens AG, 2025
>>>> +#
>>>> +# Authors:
>>>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>> +#
>>>> +prereqs()
>>>> +{
>>>> +    # Make sure that this script is run last in local-top
>>>
>>> But it is called "local-bottom-complete"...
>>>
>>>> +    # but before overlay
>>>> +    local req
>>>> +    for req in "${0%/*}"/*; do
>>>> +        script="${req##*/}"
>>>> +        if [ "$script" != "${0##*/}" ] &&
>>>> +            [ "$script" != "overlay" ] ; then
>>>> +            printf '%s\n' "$script"
>>>> +        fi
>>>
>>> Will create undefined dependencies between this and the crypt hook.
>>> Please sort that out.
>>
>> I will move this before the crypt hook for now.
> 
> Don't you need crypt to run first to unlock the data partition?
This hook runs in local-bottom, unlock runs in local-top. So the 
partitions are already unlocked as the trigger is stored in the `/var/` 
partition. If we move the trigger file to a boot partition or the efi 
partition we could to the factory reset also for encrypted partition
and then move it to local-top.

Quirin
> 
>>   >> +    done
>>>> +}
>>>> +case $1 in
>>>> +prereqs)
>>>> +    prereqs
>>>> +    exit 0
>>>> +    ;;
>>>> +esac
>>>> +
>>>> +. /scripts/functions
>>>> +
>>>> +marker="${INITRAMFS_DATA_RESET_MARKER}"
>>>> +marker_storage_device="${INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE}"
>>>> +target_devices="${INITRAMFS_DATA_RESET_DEVICES}"
>>>> +
>>>> +storage_mnt="$(findmnt "${marker_storage_device}")"
>>>> +factory_reset=false
>>>
>>> I thought you didn't want to call it "factory reset"?
>> As the hook does not to a complete factory reset ( the disk encryption
>> stays) I used data reset for now. If we add formatting a throw a way
>>   the disk keys I can rename it.
>>
>>
>>>
>>>> +tmp_mount=$(mktemp -d)
>>>> +# check for marker
>>>> +if [ -z "${storage_mnt}" ]; then
>>>> +    if ! mount -t "$(get_fstype "${marker_storage_device}")" \
>>>> +         "${marker_storage_device}" \
>>>> +         "${tmp_mount}"; then
>>>> +        panic "Can't mount ${marker_storage_device}!"
>>>> +    fi
>>>> +    storage_mnt="$tmp_mount"
>>>> +fi
>>>> +if [ -e "${storage_mnt}${marker}" ]; then
>>>> +    factory_reset=true
>>>> +fi
>>>> +if mountpoint -q "$tmp_mount"; then
>>>> +    umount "$tmp_mount"
>>>> +fi
>>>> +if [ "${factory_reset}" = "true" ]; then
>>>> +    log_begin_msg "Factory Reset"
>>>> +    for target in ${target_devices}; do
>>>> +        target_mnt="$(findmnt "${target}")"
>>>> +        if [ -z "$target_mnt" ]; then
>>>> +            if ! mount -t "$(get_fstype "${target}")" \
>>>> +                 "${marker_storage_device}" \
>>>> +                 "${tmp_mount}"; then
>>>> +                panic "Can't mount ${target}!"
>>>> +            fi
>>>> +            target_mnt="$tmp_mount"
>>>> +        fi
>>>> +
>>>> +        # delete all files in the target mount point
>>>> +        find "${target_mnt}" ! -wholename "${target_mnt}" \
>>>> +            ! -name "lost+found" -exec rm -rf {} +
>>>
>>> rm --one-file-system
>>>
>>> But wouldn't reformatting be simpler?
>>>
>> That is the question - My first thought was reformatting but then we
>> lose the information from snapshot based file systems (e.g. btrfs).
>>
> 
> Which information? Aren't snapshot considered data here as well - which
> we want to reset?
> 
> For a future solution that uses a/b btrfs plus some factory reset
> snapshot state, this logic here will surely need adjustments. Or we
> won't use the hook but rather embed related logic into some a/b data
> partition hook.

Currently I would like to have the factory-reset related logic in one place.

Quirin

> 
> Jan
> 

Re: [PATCH 1/2] initramfs: add hook for data-reset

[Jan Kiszka]

On 29.04.25 14:30, Quirin Gylstorff wrote:
> 
> 
> On 4/28/25 11:03, Jan Kiszka wrote:
>> On 28.04.25 10:23, Quirin Gylstorff wrote:
>>>
>>>
>>> On 4/28/25 08:35, Jan Kiszka wrote:
>>>> On 24.04.25 11:22, Quirin Gylstorff wrote:
>>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>>
>>>>> This allows to reset the device data by deleting
>>>>> all files in the persistent partitions.
>>>>>
>>>>> The reset occurs if a file defined by the variable
>>>>> INITRAMFS_DATA_RESET_MARKER
>>>>> exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.
>>>>>
>>>>> This feature allows to add device specific trigger to restore
>>>>> the persistent file system to the first-boot state.
>>>>>
>>>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>> ---
>>>>>    .../files/local-bottom-complete.tmpl          | 76 +++++++++++++
>>>>> ++++++
>>>>>    .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
>>>>>    2 files changed, 112 insertions(+)
>>>>>    create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>>>> files/local-bottom-complete.tmpl
>>>>>    create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>>>> initramfs-data-reset-hook_0.1.bb
>>>>>
>>>>> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/
>>>>> local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-
>>>>> reset-hook/files/local-bottom-complete.tmpl
>>>>> new file mode 100644
>>>>> index 0000000..f02f95c
>>>>> --- /dev/null
>>>>> +++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-
>>>>> bottom-complete.tmpl
>>>>> @@ -0,0 +1,76 @@
>>>>> +#!/bin/sh
>>>>> +#
>>>>> +# CIP Core, generic profile
>>>>> +#
>>>>> +# Copyright (c) Siemens AG, 2025
>>>>> +#
>>>>> +# Authors:
>>>>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>> +#
>>>>> +prereqs()
>>>>> +{
>>>>> +    # Make sure that this script is run last in local-top
>>>>
>>>> But it is called "local-bottom-complete"...
>>>>
>>>>> +    # but before overlay
>>>>> +    local req
>>>>> +    for req in "${0%/*}"/*; do
>>>>> +        script="${req##*/}"
>>>>> +        if [ "$script" != "${0##*/}" ] &&
>>>>> +            [ "$script" != "overlay" ] ; then
>>>>> +            printf '%s\n' "$script"
>>>>> +        fi
>>>>
>>>> Will create undefined dependencies between this and the crypt hook.
>>>> Please sort that out.
>>>
>>> I will move this before the crypt hook for now.
>>
>> Don't you need crypt to run first to unlock the data partition?
> This hook runs in local-bottom, unlock runs in local-top. So the
> partitions are already unlocked as the trigger is stored in the `/var/`
> partition. If we move the trigger file to a boot partition or the efi
> partition we could to the factory reset also for encrypted partition
> and then move it to local-top.

The crypt hook has both types of scripts. Unlocking indeed happens in
local-top, but you still need to sync its local-bottom with this one here.

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center