Skip to content

GitLab

Open
Created by nico@incognico

modloop verification fails with apline usb drive when local disk partition has a alpine installation

Version: edge

  • Generate Alpine USB drive with a aports/scripts/mkimg.* script (my test includes one custom apkovl)
  • Boot from the USB Stick

On a clean HDD: Everything works as expected

On a HDD with some local alpine installation (installed via setup-bootable): Verification of modloop fails and the system boots into a broken state

It seems the modloop script at boot just scans the harddisks/mounts (probably before the usb stick itself) and thus chooses the wrong modloop file or at least it fails verification because some files from the local alpine install are used instead of those on the USB stick.

The error message at boot is "Failed to verify signature of !", which indicates $img in openrc/modloop.initd is empty at the time when it is failing. Right before the error it explcitly showing that it is using the modloop file on /media/sda1/boot/modloop-lts which obviously is not existent. The USB Stick is sdb.

There is no way to restrict the USB alpine to not scan the local HDD. Initially I thought I could achieve this by setting the boot params to something like alpine_dev=UUID=XXX-USBSTICK:vfat but nothing works and openrc/modloop.initd also does not care about this parameter. Also wrongly I thought the problem was that only the wrong apkovl (local one) is used and because of that I played around with loads of boot parameters like alpine_dev, ovl_dev, apkovl and also combinations of those but nothing helped.

More details:

USB Stick created with:

profile_blah() {
	profile_standard
	profile_abbrev="blah"
	title="blah"
	desc="blah"
	hostname="blah"
	arch="x86_64"
	kernel_addons=""
	kernel_cmdline=""

	local _k _a
	for _k in $kernel_flavors; do
		apks="$apks linux-$_k"
	done

	apks="$apks linux-firmware"
	apks="$apks bash cfdisk dialog dosfstools e2fsprogs findutils kbd-bkeymaps openssh-keygen parted syslinux tar vim"
	apkovl="genapkovl-blah.sh"
}

syslinux part:

	MENU LABEL blah
	KERNEL /boot/vmlinuz-lts
	APPEND initrd=/boot/initramfs-lts modloop=/boot/modloop-lts modules=loop,squashfs,sd-mod,usb-storage waitusb=3 quiet

The alpine 3.1 with linux3.x.x-grsec locally is installed on /dev/sda1, vfat. USB stick is also vfat.

The (painful) workaround for me is to just delete the local partition table. But I would have to do that with another medium for obvious reasons.

Edited by nico
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information