02:21 <Dylanger> Wow, its like, impossible to statically compile cryptsetup lol

02:21 <Dylanger> 🙃

04:05 <steev> i think you need to build a static lvm2 and then it should

06:45 <Dylanger> Anyone have an idea why this is failing?

06:54 <Dylanger> Compiling cryptsetup statically is surprisingly difficult

07:06 <Dylanger> `cannot find -ludev: No such file or directory`

07:06 <Dylanger> I wonder if I need to compile udev statically too

12:09 <Dylanger> https://gitlab.com/cryptsetup/cryptsetup/-/issues/655

12:10 <Dylanger> Okay cool, so it's not just me

12:10 <Dylanger> I think right now, it's not possible to compile cryptsetup statically for aarch64

12:43 <Dylanger> It's a shame there's no direct way for the kernel to ask for password input, avoiding initramfs all together

12:47 <alpernebbi> Dylanger: I remember getting Debian's kernel/initramfs working for booting on LUKS/LVM etc. with Depthcharge but its size limit is the big problem

12:48 <Dylanger> For the moment, I'm trying amstan's hack, just created a normal ext4 partition, then gonna try point init= to that partition

12:48 <Dylanger> Then do pivot_root

12:48 <Dylanger> After everything is up

12:48 <Dylanger> Should only need busybox + cryptsetup statically compiled

12:49 <Dylanger> Shouldn't be over ~15MB?

12:49 <alpernebbi> do you have a lazor? guessing from a previous link

12:49 <Dylanger> Homestar (Duet 5)

12:49 <Dylanger> Same baseboard as Lazor tho I think

12:49 <Dylanger> strongbad

12:50 <alpernebbi> I think those are new enough to have switched to a 512MiB limit

12:51 <alpernebbi> arm64 boards had 32MiB, older arms 16MiB I think

12:52 <alpernebbi> IIRC you just gotta put it in the FIT and that works

12:53 <Dylanger> 32MB should be enough for a tiiiny shim

12:54 <Dylanger> I wish either

12:54 <Dylanger> A) There was a super smol rust bin that just did the thing and pivoted

12:54 <Dylanger> B) Kernel did the thing (yayyay more attack surface)

12:54 <alpernebbi> oh and you can compress the kernel before putting it inside the FIT, which gives you a lot of room

12:55 <alyssa> alpernebbi: Oh hi there

12:55 <alpernebbi> hello :D

12:56 <alyssa> Dylanger: I do have debian initramfs cryptsetup + debian kernel under the 32MB limit, following alpernebbi 's surface

12:56 <alyssa> though dunno if that's still possible

13:03 <alpernebbi> tbh my main motivation in working on u-boot was to get rid of that restriction

13:04 <alpernebbi> I'm also somewhat in the "whatever makes it boot" team

13:06 <Dylanger> I agree, whatever gets it to finish, without an initramfs the whole process would be much more elegant, wouldn't it?

13:08 <alpernebbi> not sure, initramfs is a powerful construct, like debian-installer completely runs as an initramfs

13:14 <alpernebbi> macc24: There's "coreboot" defconfigs for u-boot but they're x86-only, I guess the stuff those use needs porting to arm64 and into a new "coreboot_arm64" defconfig

13:16 <alpernebbi> and coreboot's build system also has to be modified to have u-boot as a choice for arm64 with that defconfig (instead of the specific board's defconfig like I did)

13:17 <macc24> alpernebbi: yea i'll tinker around it

13:17 <alpernebbi> I also tried to build it with tianocore once, but gave up when I noticed it was using x86 compilers...

13:17 <Dylanger> Does anyone know what Google's reasoning was for dropping U-Boot for Depthcharge?

13:18 <macc24> a

13:34 <alyssa> Dylanger: moar speed?

13:43 <Dylanger> Ah yeah fair enough

17:49 <gwolf> Dylanger: Well, if it's hard to compile statically... maybe it is a sign you should port cryptsetup to Rust! ;-)

17:51 <hexdump0815> Dylanger: i'm running luks encrypted root fs on all my chromebooks - i hope this will help you to get it working for you as well: https://github.com/hexdump0815/imagebuilder/blob/main/info/generic/install-to-emmc-with-luks-full-disk-encryption.txt#L160-L190

17:53 <amstan> what is this 32MB limit people are talking about for depthcharge?

17:53 <hexdump0815> essentially the trick is to get below 32mb for kernel and initrd which is possible by heavily compressing them - works well without any extra effort on a plain debian or ubuntu system

17:54 <hexdump0815> amstan: it looks like depthcharge does not load anything larger than 32mb from the kernel partition

17:54 <amstan> that sounds like a bug

17:54 <hexdump0815> 16mb for armv7 32bit systems and maybe the limit is lifted for newer chromebooks

17:55 <amstan> i mean, i know the partition sizes are around there, you one could always make them bigger

17:55 <hexdump0815> amstan: i think the 16mb for early systems was even kind of documented somewhere

17:55 <hexdump0815> yes, but if you make them bigger booting will only work as long as the kpart is below 32/16mb

17:56 <hexdump0815> "16mb will be enough for ever" :)

17:58 <amstan> i'm pretty sure i was using kparts in arch above 32MB before i figured out how to compress them

17:59 <macc24> amstan: huh?

17:59 <macc24> i remember not getting >16mb kernel to boot on veyron

17:59 <amstan> this was lazor

17:59 <macc24> on lazor too then

18:04 <amstan> http://tardis.tiny-vps.com/aarm/packages/l/linux-aarch64-rc-chromebook/

18:04 <hexdump0815> as robclark mentioned: it looks like lazor and newer seems to have lifted the limed maybe - but i also verified the limit on oak and kukui to be in place still

18:04 <amstan> see linux-aarch64-rc-chromebook-5.12.rc3-3-aarch64.pkg.tar.xz

18:04 <amstan> vs linux-aarch64-rc-chromebook-5.12.rc3-2-aarch64.pkg.tar.xz

18:06 <hexdump0815> for the armv7 chromebooks its not a big deal as there is a chainloadable u-boot for nearly all of them and you can just use that for loading the initrd

18:08 <macc24> imagine needing an initrd

18:08 <hexdump0815> for aarch64 it works quite well with 32mb limit too with compression - there is still a bit of headroom, even if the initrd has a lot of modules in it etc.

18:09 <macc24> with lz4 compressed kernel i have 12mb/32mb kernel partition space used

18:09 <hexdump0815> macc24: if you want encrypt your rootfs (which makes a lot of sense for a portable device) anything without initrd is getting painful easily as Dylanger found out as well now :)

18:09 <macc24> hexdump0815: hold my beer ;)

18:56 <alpernebbi> amstan: the size limit is CONFIG_KERNEL_SIZE in Depthcharge

19:17 <alpernebbi> hexdump0815: you might want to know that I'm trying to automate the chainloading images, see https://github.com/alpernebbi/u-boot/releases/ if you'd like to test

19:31 <hexdump0815> alpernebbi: i have that on my radar already, but it might take a bit until i get to playing around with those as for now i already have my own chainload u-boot builds for all i need

19:31 <hexdump0815> but i was very happy to see this, especially the new things like gru :)

20:27 <steev> hmm

20:27 <steev> i wonder if those nyan ones could bring mine back to life

20:27 <steev> i miss it

21:05 <alpernebbi> steev: probably not, they're meant to run from the original firmware, I didn't consider SPI ROM images as I didn't know if they'd be useful

21:06 <steev> alpernebbi: hm, well my nyan still has the original firmwares

21:07 <steev> now that it's eol, i just wanna make it easier to run "real" linux instead of cros

21:07 <steev> and also not have to deal with the 30 second timeout and beep

21:23 <hexdump0815> steev: this should help you to get rid of the beep etc. (the setting gbb flags section): https://github.com/hexdump0815/linux-mainline-on-arm-chromebooks

21:24 <hexdump0815> this should boot (after maybe choosing the proper u-boot version and setting the dtb from/in the 3rd boot partition): https://github.com/hexdump0815/imagebuilder/releases/tag/211114-01

21:25 <hexdump0815> here is hopefully all the info you need to get it working yourself in case you prefer that: https://github.com/hexdump0815/imagebuilder/tree/main/systems/chromebook_nyan

21:25 <hexdump0815> but i think we are getting a bit off topic :)

21:31 <alpernebbi> I looked around in my u-boot build dir but couldn't find anything like a SPI ROM image for it

23:28 <Dylanger> <hexdump0815> "macc24: if you want encrypt your..." <- Yes, but it's sort of useless for the crypto directive

23:28 <Dylanger> From what I can tell the cmdline was added for verity

23:28 <Dylanger> Who wants to shove their key into cmdline 🤮

23:34 <hexdump0815> Dylanger: the key then gets asked on screen on bootup, so no key on cmdline required

23:48 <Dylanger> 🤯 are you sure?

23:50 <hexdump0815> Dylanger: at least on debian and ubuntu there are hooks for that in the update-initramfs - not sure how other distros are handling this

23:51 <hexdump0815> the password is either asked on the console or with plymouth enabled with a nice graphical screen

23:51 <Dylanger> Ah sorry I thought you meant no initramfs at all

23:51 <Dylanger> <Dylanger> "https://www.kernel.org/doc/html..."; <- With this

23:53 <hexdump0815> i looked for options to make encrypted root working on chromebooks and none of the alternative solutions to using initramfs did really convince me: they were either very cumbersome to use/setup or not working at all (like having the passphrase in /proc/cmdline :) )

23:53 <Dylanger> <hexdump0815> "Dylanger: i'm running luks..." <- How are you generating the actual initramfs image itself?

23:55 <hexdump0815> on debian/ubuntu its done via the update-initramfs command and one needs some extra options to make it use heavy compression

23:56 <hexdump0815> see the install-to-emmc-with-luks-full-disk-encryption.txt notes i linked above

23:56 <Dylanger> Thank you!

23:56 <Dylanger> I'll try this today

23:58 <hexdump0815> let me know if anything is unclear - those notes of me are often not really proper documentation :) ... but they should give a clear idea how it is supposed to work