Race condition during initramfs image creation in 1FA mode can lead to data loss

[jaseg]

I just found a nice failure mode. I've been using this piece of software for a while on archlinux. Yesterday, I did a system upgrade, and the system hard crashed while pacman was re-building the initramfs images. The result was that the old images were deleted, but the new images were not yet written to disk.

On a normal arch setup, this is easily fixed by rebooting into a rescue image, then re-building the initramfs images. This does not work here, since the 1FA challenge is only stored inside the initramfs image, and inside the (encrypted) root partition. Thus, this system crash effectively shredded the disk encryption key.

I have a few suggestions on solutions for this.

1. Store a backup of the 1FA challenge in a plain text file on the boot partition, that is never touched or deleted afterwards.
2. Store the 1FA challenge somewhere in the LUKS header, or generate it from persistent data such as the volume UUID.
3. Ensure the old initramfs images are never ever deleted before the new images have been built. (ideally, after the new images have successfully booted at least once)