Initial reboot succeeds, leaves console hung. Successive reboots fail and hang system in unusable state. #9
Comments
|
Hi, @haroules thank you for a detailed bug report and kind words, I really appreciate that! I'm busy with other things right now, so I don't have much time left to debug this issue currently. Therefore I suspect general kexec failure. I mean performing the raw kexec (without patching initramfs): will lead to the same issues with the exception that the system will require you to provide the passphrase during boot. If that's the case, the task is to find the kexec/kernel bug report and check what can be done, or if there is no report - create one. As I said, I can't do it right now, but I would be grateful for any info on this. |
|
Hi Pawel,
My ubuntu host doesn't have the kexec tools loaded. I'll get to that and
then try what you asked and report back.
I did do some googling on the errors and i noticed some concerns with
SGX being enabled. I'll be disabling that to see if it has any effect.
Thanks for getting back to me.
-Tony
On 2024-12-21 04:23, Paweł Pokrywka wrote:
Hi, @haroules [1] thank you for a detailed bug report and kind words, I
really appreciate that!
I'm busy with other things right now, so I don't have much time left to
debug this issue currently.
However, what you described suggests a kernel-level issue. Cryptreboot
doesn't do any fancy kernel-level stuff. It just appends a cpio archive
with 2 or 3 files to initramfs which is a standard way of extending it
(most initramfs are composed of at least 2 cpio archives).
Therefore I suspect general kexec failure. I mean performing the raw
kexec (without patching initramfs):
kexec -al /boot/vmlinuz --initrd /boot/initrd.img --reuse-cmdline
will lead to the same issues with the exception that the system will
require you to provide the passphrase during boot.
If that's the case, the task is to find the kexec/kernel bug report and
check what can be done, or if there is no report - create one. As I
said, I can't do it right now, but I would be grateful for any info on
this.
--
Reply to this email directly, view it on GitHub [2], or unsubscribe
[3].
You are receiving this because you were mentioned.Message ID:
***@***.***>
Links:
------
[1] https://github.com/haroules
[2]
#9 (comment)
[3]
https://github.com/notifications/unsubscribe-auth/AEO3VCY7MOLQPPFOWL46G6D2GUXP7AVCNFSM6AAAAABT6B52ISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJYGA3DCNRUG4
--=_2ebed78bd1ce747ee22407c72349b943
Content-Type: multipart/related;
boundary="=_637fc5e2c72c1e152410526cf1c70c9e"
--=_637fc5e2c72c1e152410526cf1c70c9e
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3DUTF-8" /></head><body style=3D'font-size: 10pt'>
<p>Hi Pawel,</p>
<p>My ubuntu host doesn't have the kexec tools loaded. I'll get to that and=
then try what you asked and report back. </p>
<p>I did do some googling on the errors and i noticed some concerns with SG=
X being enabled. I'll be disabling that to see if it has any effect.<=
/p>
<p>Thanks for getting back to me.</p>
<p>-Tony</p>
<p id=3D"reply-intro">On 2024-12-21 04:23, Pawe=C5=82 Pokrywka wrote:</p>
<blockquote type=3D"cite" style=3D"padding: 0 0.4em; border-left: #1010ff 2=
px solid; margin: 0">
<div id=3D"replybody1">
<p><br /></p>
<p dir=3D"auto">Hi, <a class=3D"v1user-mention v1notranslate" href=3D"https=
://github.com/haroules" target=3D"_blank" rel=3D"noopener ***@***.***=
ules</a> thank you for a detailed bug report and kind words, I really appre=
ciate that!</p>
<p dir=3D"auto">I'm busy with other things right now, so I don't have much =
time left to debug this issue currently.<br />However, what you described s=
uggests a kernel-level issue. Cryptreboot doesn't do any fancy kernel-level=
stuff. It just appends a cpio archive with 2 or 3 files to initramfs which=
is a standard way of extending it (most initramfs are composed of at least=
2 cpio archives).</p>
<p dir=3D"auto">Therefore I suspect general kexec failure. I mean performin=
g the raw kexec (without patching initramfs):</p>
<pre class=3D"v1notranslate"><code class=3D"v1notranslate">kexec -al /boot/=
vmlinuz --initrd /boot/initrd.img --reuse-cmdline
</code></pre>
<p dir=3D"auto">will lead to the same issues with the exception that the sy=
stem will require you to provide the passphrase during boot.</p>
<p dir=3D"auto">If that's the case, the task is to find the kexec/kernel bu=
g report and check what can be done, or if there is no report - create one.=
As I said, I can't do it right now, but I would be grateful for any info o=
n this.</p>
<p style=3D"font-size: small; -webkit-text-size-adjust: none; color: #666;"=
—<br />Reply to this email directly, <a href=3D"https://github.com/p=
hantom-node/cryptreboot/issues/9#issuecomment-2558061647" target=3D"_blank"=
rel=3D"noopener noreferrer">view it on GitHub</a>, or <a href=3D"https://g=
ithub.com/notifications/unsubscribe-auth/AEO3VCY7MOLQPPFOWL46G6D2GUXP7AVCNF=
SM6AAAAABT6B52ISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJYGA3DCNRUG4" t=
arget=3D"_blank" rel=3D"noopener noreferrer">unsubscribe</a>.<br />You are =
receiving this because you were mentioned.<img src=3D"cid:17355836116772e77=
***@***.***" width=3D"1" height=3D"1" /><span style=3D"col=
or: transparent; font-size: 0; display: none; visibility: hidden; overflow:=
hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-=
hide: all;">Message ID: <span><phantom-node/cryptreboot/issues/9/2558061=
647</span><span>@</span><span>github</span><span>.</span><span>com></spa=
n></span></p>
</div>
</blockquote>
<p><br /></p>
</body></html>
…--=_637fc5e2c72c1e152410526cf1c70c9e
Content-Transfer-Encoding: base64
Content-ID: ***@***.***>
Content-Type: image/gif;
name=blocked.gif
Content-Disposition: inline;
filename=blocked.gif;
size=118
R0lGODlhZAAyAIAAAPrOzgAAACH5BAAAAAAALAAAAABkADIAAAJNhI+py+0Po5y02ouz3rz7D4bi
SJbmiabqyrbuC8fyTNf2jef6zvf+DwwKh8Si8YhMKpfMpvMJjUqn1Kr1is1qt9yu9wsOi8fksvls
KwAAOw==
--=_637fc5e2c72c1e152410526cf1c70c9e--
--=_2ebed78bd1ce747ee22407c72349b943--
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is an awesome idea and is likely to be a very desirable feature, especially for platform engineers, DevOps, and IT admins. Thank you for publishing.
Environment:
OS: Ubuntu 24 Server (Noble) minimal install.
Physical hardware (intel based).
Ran the following to install (0 issues reported):
sudo apt install --no-install-recommends cryptsetup-initramfs kexec-tools ruby strace systemd
sudo gem install crypt_reboot
first pass:
system reboots as expected, however the console shows nothing (kvm directly attached). The system however is accessible via ssh. Reports it was rebooted checking uptime.
Then while checking dmesg over ssh shows page fault:
system otherwise seems functional aside from console hung/unresponsive. a second attempt at a reboot, and the system becomes entirely inaccessible (both console and ssh).
hard reboot (power button) and system is normal.
i was hoping to use this for automated reboots as part of ansible playbook, to which i already have an install task defined, and an asynch reboot/poll task which appears to work once only.
this occurs whether i manually type the reboot over ssh, or have ansible doing it.
The text was updated successfully, but these errors were encountered: