Merge #365437 from ~timchen119/fortknox/+git/fortknox-kernel:alpha-encrypt
Initial FDE initramfs implementation
The changes include the fortknox-kernel (badger) alpha delivering.
For the alpha milestone we will deliver:
* A working UC16 gadget and kernel snap
* The LUKS/FDE solution with a dummy key passphrase 'ubuntu' and without TPM.
* Include cryptsetup and TPM tools/libs in initramfs
Changes:
* Modified install-firstboot-from-initrd hook for needed crypto kernel modules.
* Add crypto-functions and partitioning logic in scripts/crypto-functions for cryptsetup/LUKS encrpytion.
* Add dummy obtain_crypto_key() function in scripts/crypto-key-functions.
- To be rewriten to use TPM on next milestone.
* Add firstboot logic in local-premount/resize.
* Add meta/force-kernel-extraction for upcoming system-boot kernel extraction snapd support.
- Need to Track the pull request on next milestone: https://github.com/snapcore/snapd/pull/6616/
* Extract to /boot when restoring/installing system-boot partition.
* Modified snapcraft.yaml for updating TPM tss lib 2.2.2
* Create verbose logs for updated initramfs contents.
* For cryptsetup, use -s 512 for an effective key size of 256 bits as with XTS the effective key size is only half.
* Put the action of relabeling old "writable" to "restore" as the last step to improve fail-safe experience and refactor the factory-reset process.
* Add more comments, shebang and license headers.
The changes include the fortknox-kernel (badger) alpha delivering.
For the alpha milestone we will deliver:
* A working UC16 gadget and kernel snap
* The LUKS/FDE solution with a dummy key passphrase 'ubuntu' and without TPM.
* Include cryptsetup and TPM tools/libs in initramfs
Changes:
* Modified install-firstboot-from-initrd hook for needed crypto kernel modules.
* Add crypto-functions and partitioning logic in scripts/crypto-functions for cryptsetup/LUKS encrpytion.
* Add dummy obtain_crypto_key() function in scripts/crypto-key-functions.
- To be rewriten to use TPM on next milestone.
* Add firstboot logic in local-premount/resize.
* Add meta/force-kernel-extraction for upcoming system-boot kernel extraction snapd support.
- Need to Track the pull request on next milestone: https://github.com/snapcore/snapd/pull/6616/
* Extract to /boot when restoring/installing system-boot partition.
* Modified snapcraft.yaml for updating TPM tss lib 2.2.2
* Create verbose logs for updated initramfs contents.
* For cryptsetup, use -s 512 for an effective key size of 256 bits as with XTS the effective key size is only half.
* Put the action of relabeling old "writable" to "restore" as the last step to improve fail-safe experience and refactor the factory-reset process.
* Add more comments, shebang and license headers.
