From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 02 Jul 2025 22:00:23 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uX3d1-00DOxZ-15 for lore@lore.pengutronix.de; Wed, 02 Jul 2025 22:00:23 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uX3d1-0002Mg-4E; Wed, 02 Jul 2025 22:00:23 +0200 Received: from mail-yb1-xb32.google.com ([2607:f8b0:4864:20::b32]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1uX3cb-0002Fn-OF for ptxdist@pengutronix.de; Wed, 02 Jul 2025 21:59:58 +0200 Received: by mail-yb1-xb32.google.com with SMTP id 3f1490d57ef6-e731a56e111so4142163276.1 for ; Wed, 02 Jul 2025 12:59:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sightlogix-com.20230601.gappssmtp.com; s=20230601; t=1751486396; x=1752091196; darn=pengutronix.de; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=dtOrgbFYCs5OvnWjJkuhPA8EaUi9Apgg8NN52Esyg0I=; b=dxusm2CMBHbQMBcKTOhPLy545ggLsgDJ6fUKeemuTHPSSJeHED7Sb0lT6pII9wev4b IAjVs3Ylm41JTGFsd31rw6pU8TFEDK7LDQc/2VgZAaYrXVK57xtBgq7+JI5XpLT2566t 7kx7SnpUs2jgQTugEKxuHlnzkq3tj4HIlyWs6WWX9X5RNKtXdq38qGOxAl0Le4Y3THSO 6HJEEclFKBHSI6C6DMWl0lZzvLi+cSe4p5DRs0WjVYyXoLXMoAgK4U5scw6M/KZ0kj6B LhvJNdvL2xOyp3/Wih3eqmiKQVLQVn+2v9f76Go+EgRLHxD5aIkj7PMy/9PByEcTA36q QYQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751486396; x=1752091196; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=dtOrgbFYCs5OvnWjJkuhPA8EaUi9Apgg8NN52Esyg0I=; b=lHI/+Swr10TKsghJIGpzUbGopN/ssViEKQlvAQMKDzrD9yICAGEfjcA1o6ydsFTiIn e96L6q7pcSX7yjKxC7rNc7MLZXNBZyL/S4bPFJWBXLnjlB4puD1antM5WyPAj6W0obeI fUUtRfWCET6s6V6iPaopdZR05GQmVrf3vtfb/7jiGr8c8TXE9f58jIyYTt+D9GGuI622 mYduG2zyMgpeKOmAavULzQXX4ewA7GzlpC34vfrTeM0lxksF/wRDIg7uxNL9KSlKw5Tx KRvyQdWNBOO1k4cNwAraim6tdYO/lDPeSfw5RMkhp5iSP80IVp5L9uTn9NHsrS26CDc3 bJIg== X-Gm-Message-State: AOJu0Yx3ltYgFRl6/2s+Sf1dfvm1lWeM48zXKbn6DAKRnq7tW1ZHCL8V NvB3g5yCtOr5G6Ph2f9PSTuOqBrIrtJs8OmpkQHdPPgcyEkRZiu3HzU/cq+nuTrugQMBvu/LkPx 3CzwJNPnSPYcp4M7SGbtAOBPhnuOvm7wGrCrm79KTAI7quVxohhLKHO4= X-Gm-Gg: ASbGnct86Uc+QJ74LMHEFiMSJduibvqwa5MqMndrgaUZ4YbIjoqgMFuF4nCgkCOs26Z K3K361afShT3pTEFab3apK2Uk9zeTv0J/m/vWsB2wml1foqfev8mBX8sz+brL1ZoBuU6h/fBmfO xi4050eXvvgCuLlY+UhCzako1gS2y3ifg1OLBMR8nFTw== X-Google-Smtp-Source: AGHT+IFgs8JaSztnarl+koEH9Jh7llOsHVI6QFY/7swzcWaQAALWx6Iad6QQbmUudzrFxUPObSi0L8NWqtbRkEf+MAY= X-Received: by 2002:a05:6902:188b:b0:e87:a6b3:ee41 with SMTP id 3f1490d57ef6-e897e15f140mr5767272276.16.1751486396342; Wed, 02 Jul 2025 12:59:56 -0700 (PDT) MIME-Version: 1.0 From: Sandy Patterson Date: Wed, 2 Jul 2025 15:59:45 -0400 X-Gm-Features: Ac12FXwbPHibjEiZ5GQfieamECRoDHPwnIOztel2ALhpzo9yXsobo4DaEXaFULU Message-ID: To: ptxdist@pengutronix.de Content-Type: text/plain; charset="UTF-8" X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-1.7 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] building a separate initramfs X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Hi, I'm having trouble figuring out how to build an initramfs from a second userspace set of packages. Basically I want to run an encrypted and verified rootfs. I have a solution for another board which uses an initramfs that sets up the keys/root hashes and does a pivot_root. But in order to get this into ptxdist I had to precompile all the binaries for the ramdisk and make a custom rule to build it. I was hoping to find how others do this or get some pointers before I go and replicate that again. Or perhaps ptxdist has another solution already built for encrypting a root and maintaining trust? Best, Sandy Patterson