booster icon indicating copy to clipboard operation
booster copied to clipboard
verified publisher icon anatol

Missing `usbhid` in Host-Specific Image

Open NN708 opened this issue 1 year ago • 3 comments

I have encountered an issue where the usbhid module is missing from the generated initramfs image when no USB devices are connected during the build process. This issue prevents the unlocking of LUKS volumes using FIDO2. It occurs specifically when creating a host-specific image, which only includes kernel modules used by the current host.

Force loading these modules (as in #236, plus hid_generic) is a potential solution, but it was removed in 31d06a47708a139c159cb96dc7dc067a64230db0.

NN708 avatar Dec 10 '24 16:12 NN708

cc @c3Ls1US

I wonder if it worthwile to restore the force-load part.

for _, file := range conf.extraFiles {
		if file == "fido2-assert" {
			conf.modulesForceLoad = append(conf.modulesForceLoad, "usbhid", "hid_sensor_hub")
			break
		}
	}

anatol avatar Dec 10 '24 17:12 anatol

We could, but, strictly in terms of creating a host specific image, isn’t the system working as intended?

But if we want to look into fixing this, instead of force loading, maybe a better idea is for Booster to detect if the user’s root volume was FIDO2 encrypted then include the module. I believe that metadata should be in the LUKS2 header, especially if systemd was used.

ghost avatar Dec 11 '24 06:12 ghost

Hello @c3Ls1US,

Image builds could occur during package updates when the FIDO2 device may not be accessible, which is not the intended behavior for users. I agree that it would be better for Booster to detect the volumes and determine which modules to include accordingly.

NN708 avatar Dec 11 '24 12:12 NN708