stiefelsystem
stiefelsystem copied to clipboard
SFTtech
compressed initramfs sometimes shows error at boot
Maybe using some consistency/integrity checks with MAC/HMAC would be good together with a loop that does a couple of retries.
for a proper solution it would be good to know what error is shown at boot. i doubt it's an integrity problem.
If I remember correctly, I've so far encountered the following two types of error messages related to this:
Note that these messages are printed on top of the systemd output (the systemd output is probably from the stiefelclient before kexec'ing). The unpacking fails and some files are missing in the filesystem. As you can see, the mkinitcpio hooks are run, but usually fail at some point due to missing files.
I guess the question is at which point the initramfs gets corrupted. Just double checked, and we actually do use an encrypt-then-mac scheme, so nevermind my previous reply.... However, this makes it even more confusing where the actual error might happen.
Yes, this is the type of error I meant. The part I find most interesting, is the fact, that the error never occurred for me, when I disabled the compression of the initramfs. I have seen this error with all other compression options. In theory this should have no influence as the compression is done at initramfs creation time. However, when booting the initramfs "normaly" (without stiefel), the error does not occur. The error does not mean, that the boot fails. For me every time the boot continued without any problems. If I had to guess, I would suspect some kind of padding issue.