New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 313484 link

Starred by 0 users

Issue metadata

Status: Untriaged
Owner: ----
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug

Sign in to add a comment add ability to mount /var

Project Member Reported by, Oct 31 2013

Issue description

Sometimes builds fail in VMTest, in such a way that we can't ssh into the the VM. We'd like to be able to diagnose these problems, by examining the log files from the VM disk image. seems like the right tool for the job, but it isn't quite complete. This is because although /var is on stateful, most of stateful is actually encrypted.

We can get at the logs by booting the VM image, but that's a bit clunkier than being able to navigate the filesystem directly. Also, booting the image will change the logs.

Comment 1 by, Oct 31 2013

@keescook: Do you have a pointer to how encrypted /var can be mounted?
The chromeos_startup script calls out to mount-encrypted to do the work. Since mount-encrypted really like validating its environment, it can be a little weird to set up, but is possible to mount externally if the conditions are correct.

The main problem is that mount-encrypted uses characteristics of the device it runs on to do the mounting. So, it might not be possible for one to mount the encrypted stateful partition when off that device.

I assume that under VMTest, there is no TPM and not CrOS firmware? In this case, mount-encrypted will attempt to read /proc/cmdline for "encrypted-stateful-key=NNNN...", and failing that, will use the contents of /sys/class/dmi/id/product_uuid. Failing that, it will use a static key of "default unsafe static key".

So, once you identify which key mount-encrypted is using on VMTest, and you can reconstruct that environment on the machine you want to mount on, this procedure should work:


mkdir -p $WORK/var
mkdir -p $WORK/home/chronos
mkdir -p $WORK/mnt/stateful_partition

mount -n -t ext4 -o loop,noatime,commit=600 $BLOCK $WORK/mnt/stateful_partition


*examine $WORK/var here*

MOUNT_ENCRYPTED_ROOT=$WORK mount-encrypted umount
umount -n $WORK/mnt/stateful_partition/

Comment 3 by, Oct 31 2013

Status: Available
@keescook, yep, no TPM an no CrOS firmware. I'll give your instructions a shot. Thanks!
Labels: Gardening
Project Member

Comment 5 by, Mar 26 2016

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been available for more than 365 days, and should be re-evaluated. Hotlist-Recharge-Cold label is added for tracking. Please re-triage this issue.

For more details visit - Your friendly Sheriffbot

Sign in to add a comment