Jump to content

Encrypted image no prompt


StickyPine

Recommended Posts

Hello,

 

Here is the end goal of what I am trying to achieve: I am using a rockpro64 and would like to be able to boot from SPI into a rootfs present on an encrypted hdd RAID.

 

I tried building an image with root encryption enabled but apparently, has stated on the wiki, it is possible that no prompt will be shown during the boot process. This is exactly what is happening to me, the boot process halts without showing anyway of entering the passphrase.

 

Is there a way to solve this issue ? Or to reach my goal with a different method ?

 

Many thanks !!

Link to comment
Share on other sites

Using the serial connection doesn't provide extra information, the boot process halts after  "Starting kernel ..."

The OS is Debian Buster.

 

Here is the serial output:

 

Spoiler
U-Boot TPL 2021.01-09768-gc762ab29b8 (Mar 20 2021 - 13:48:40)
Channel 0: LPDDR4, 50MHz
BW=32 Col=10 Bk=8 CS0 Row=15 CS1 Row=15 CS=2 Die BW=16 Size=2048MB
Channel 1: LPDDR4, 50MHz
BW=32 Col=10 Bk=8 CS0 Row=15 CS1 Row=15 CS=2 Die BW=16 Size=2048MB
256B stride
lpddr4_set_rate: change freq to 400000000 mhz 0, 1
lpddr4_set_rate: change freq to 800000000 mhz 1, 0
Trying to boot from BOOTROM
Returning to boot ROM...

U-Boot SPL 2021.01-09768-gc762ab29b8 (Mar 20 2021 - 13:48:40 +0000)
Trying to boot from SPI
NOTICE:  BL31: v2.4(release):v2.4
NOTICE:  BL31: Built : 13:33:26, Mar 20 2021


U-Boot 2021.01-09768-gc762ab29b8 (Mar 20 2021 - 13:48:40 +0000)

SoC: Rockchip rk3399
Reset cause: POR
Model: Pine64 RockPro64 v2.1
DRAM:  3.9 GiB
PMIC:  RK808
MMC:   mmc@fe310000: 2, mmc@fe320000: 1, sdhci@fe330000: 0
Loading Environment from SPIFlash... SF: Detected gd25q128 with page size 256 Bytes, erB
*** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Model: Pine64 RockPro64 v2.1
Net:   eth0: ethernet@fe300000
Hit any key to stop autoboot:  0
Card did not respond to voltage select! : -110
switch to partitions #0, OK
mmc1 is current device
Scanning mmc 1:1...
Found U-Boot script /boot.scr
3185 bytes read in 4 ms (777.3 KiB/s)
## Executing script at 00500000
Boot script loaded from mmc 1
167 bytes read in 3 ms (53.7 KiB/s)
14004102 bytes read in 597 ms (22.4 MiB/s)
28582400 bytes read in 1211 ms (22.5 MiB/s)
75809 bytes read in 11 ms (6.6 MiB/s)
2698 bytes read in 7 ms (376 KiB/s)
Applying kernel provided DT fixup script (rockchip-fixup.scr)
## Executing script at 09000000
Moving Image from 0x2080000 to 0x2200000, end=3de0000
## Loading init Ramdisk from Legacy Image at 06000000 ...
   Image Name:   uInitrd
   Image Type:   AArch64 Linux RAMDisk Image (gzip compressed)
   Data Size:    14004038 Bytes = 13.4 MiB
   Load Address: 00000000
   Entry Point:  00000000
   Verifying Checksum ... OK
## Flattened Device Tree blob at 01f00000
   Booting using the fdt blob at 0x1f00000
   Loading Ramdisk to f11ab000, end f1f05f46 ... OK
   Loading Device Tree to 00000000f1130000, end 00000000f11aafff ... OK

Starting kernel ...

 

 

Edited by TRS-80
put long output inside spoiler
Link to comment
Share on other sites

When using an encrypted root, it needs to be unlocked and prepared for mount in the kernel initramfs. This part runs after u-boot, but before SystemD takes over. It also have slightly different rules on where kernel output goes, where it only goes to one "console", which is specified in the kernel arguments (visible after boot in /proc/cmdline).

 

If memory serves, the last "console=" argument takes priority during initramfs (though its hazy sometimes and it might be the first). You may need to adjust the order of the kernel arguments to make your password prompt appear on VGA or serial console (whichever you expect).

 

I don't have a rockpro64 to test with, but you should verify that it's not doing something silly like going to a serial port with a different baud rate than your uboot. FYI, RK3399's use an odd baud rate of 1.5 megabaud.

Link to comment
Share on other sites

So if I understand it correctly, the board is actually booting, but the output is sent to the wrong output stream ?

 

Quote

You may need to adjust the order of the kernel arguments to make your password prompt appear on VGA or serial console (whichever you expect).

 

Could you explain how to modify this parameter ?

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines