blob: c5472008079546c68eeaa2f2897ee4cfe002816c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#+TITLE: Session Context - Active Session
#+DATE: 2026-01-25
* Session: Sunday 2026-01-25 @ 00:15 CST (continued to ~05:45)
** Current Task: LUKS Automated Testing - Almost Working
*** Summary
Implementing automated LUKS passphrase handling for reboot tests. Using hybrid
approach: sendkey for GRUB prompt + keyfile for initramfs.
*** What's Working
1. sendkey for GRUB passphrase - WORKING
- Monitor socket added to VM
- handle_luks_passphrase() detects prompt and sends keystrokes
- GRUB successfully decrypts (serial shows "Slot 0 opened")
- Kernel and initramfs load successfully
2. Keyfile setup - WORKING
- setup_luks_testing_keyfile() creates keyfile
- Adds keyfile to LUKS slot 1
- Embeds in initramfs via FILES=
- Updates crypttab to use keyfile
*** Bug Just Fixed
configure_btrfs_initramfs() was overwriting HOOKS and removing the encrypt hook.
Just fixed by checking if LUKS is enabled and including encrypt hook.
The fix (in btrfs.sh line ~815-825):
#+begin_src bash
local encrypt_hook=""
[[ "$NO_ENCRYPT" != "yes" && -n "$LUKS_PASSPHRASE" ]] && encrypt_hook="encrypt "
# Then include ${encrypt_hook} in HOOKS sed command
#+end_src
*** Next Step
Run the test again to verify the fix works:
./scripts/test-install.sh btrfs-luks
*** Files Modified This Session
- custom/lib/btrfs.sh
- Added setup_luks_testing_keyfile() function
- Modified configure_crypttab() for keyfile support
- Modified configure_luks_initramfs() for keyfile in FILES=
- Fixed configure_btrfs_initramfs() to preserve encrypt hook
- custom/archangel
- Added call to setup_luks_testing_keyfile() in LUKS flow
- scripts/test-install.sh
- Added monitor socket to start_vm_from_disk()
- Added handle_luks_passphrase() function
- Added send_key_to_monitor() function
- Integrated LUKS handling into reboot test flow
- scripts/test-configs/btrfs-luks.conf - Added TESTING=yes
- scripts/test-configs/btrfs-mirror-luks.conf - Added TESTING=yes
- docs/TESTING-STRATEGY.org - New file documenting approach
*** Commits Made This Session
- a099f50: Add ISO naming task, update session context
*** Test Results Before Fix
- btrfs-single: PASS
- btrfs-mirror: PASS
- btrfs-stripe: PASS
- btrfs-luks: FAIL (encrypt hook missing - just fixed)
- btrfs-mirror-luks: FAIL (same issue)
*** Technical Details
LUKS Boot Flow:
1. GRUB decrypts /boot with GRUB_ENABLE_CRYPTODISK (sendkey provides passphrase)
2. GRUB loads kernel and initramfs
3. Initramfs encrypt hook decrypts root (keyfile provides passphrase)
4. Root mounted, boot continues
sendkey Implementation:
- QEMU monitor socket: -monitor unix:$VM_DIR/monitor-${test_name}.sock,server,nowait
- Watch serial log for "Enter passphrase for"
- Send passphrase char-by-char via "sendkey" monitor command
- Character mapping (a-z, 0-9, special chars to QEMU key names)
Keyfile Implementation:
- Random 2KB keyfile at /etc/cryptroot.key
- Added to LUKS slot 1 (passphrase stays in slot 0)
- Embedded in initramfs via mkinitcpio FILES=()
- crypttab uses keyfile path instead of "none"
*** Decision Rationale
Chose hybrid approach (sendkey + keyfile) over:
- Option A (unencrypted /boot): Tests different code path than production
- Option B (accept limitation): Would miss integration bugs like empty grub.cfg
Documented in docs/TESTING-STRATEGY.org.
*** ISO on Ventoy
archzfs-vmlinuz-6.12.66-lts-2026-01-25-x86_64.iso (2.1G)
Updated on Ventoy flash drive.
*** Remaining Work
1. Verify encrypt hook fix works
2. Run full btrfs test suite including LUKS configs
3. If passing, commit all changes
4. Continue to Phase 5 (CLI tools) or Phase 6 (documentation)
|
