|Issue 313484||mount_gpt_image.sh: add ability to mount /var|
|Starred by 1 user||Project Member Reported by firstname.lastname@example.org, Oct 31 2013||Back to list|
Sometimes builds fail in VMTest, in such a way that we can't ssh into the the VM. We'd like to be able to diagnose these problems, by examining the log files from the VM disk image. mount_gpt_image.sh seems like the right tool for the job, but it isn't quite complete. This is because although /var is on stateful, most of stateful is actually encrypted. We can get at the logs by booting the VM image, but that's a bit clunkier than being able to navigate the filesystem directly. Also, booting the image will change the logs.
Oct 31 2013,
@keescook: Do you have a pointer to how encrypted /var can be mounted?
Oct 31 2013,
The chromeos_startup script calls out to mount-encrypted to do the work. Since mount-encrypted really like validating its environment, it can be a little weird to set up, but is possible to mount externally if the conditions are correct. The main problem is that mount-encrypted uses characteristics of the device it runs on to do the mounting. So, it might not be possible for one to mount the encrypted stateful partition when off that device. I assume that under VMTest, there is no TPM and not CrOS firmware? In this case, mount-encrypted will attempt to read /proc/cmdline for "encrypted-stateful-key=NNNN...", and failing that, will use the contents of /sys/class/dmi/id/product_uuid. Failing that, it will use a static key of "default unsafe static key". So, once you identify which key mount-encrypted is using on VMTest, and you can reconstruct that environment on the machine you want to mount on, this procedure should work: BLOCK=/path/to/stateful-partition/block-dev WORK="/tmp/test-root" mkdir -p $WORK/var mkdir -p $WORK/home/chronos mkdir -p $WORK/mnt/stateful_partition mount -n -t ext4 -o loop,noatime,commit=600 $BLOCK $WORK/mnt/stateful_partition MOUNT_ENCRYPTED_ROOT=$WORK mount-encrypted *examine $WORK/var here* MOUNT_ENCRYPTED_ROOT=$WORK mount-encrypted umount umount -n $WORK/mnt/stateful_partition/
Oct 31 2013,
@keescook, yep, no TPM an no CrOS firmware. I'll give your instructions a shot. Thanks!
Nov 5 2013,
Mar 26 2016,
This issue has been available for more than 365 days, and should be re-evaluated. Hotlist-Recharge-Cold label is added for tracking. Please re-triage this issue. For more details visit https://sites.google.com/a/chromium.org/dev/issue-tracking/autotriage - Your friendly Sheriffbot
|► Sign in to add a comment|