Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / estoraged / refs/heads/master
commit0c920103d191105ff8df03a32a720a15abfe7b70[log] [tgz]
authorKyle Nieman <kyle.nieman@fii-na.com>Wed Feb 04 11:01:35 2026 -0600
committerKyle Nieman <kyle.nieman@fii-na.com>Tue Feb 24 13:19:23 2026 -0600
tree03d9606e4987c9576c56d6b2022ee3534de9b546
parent5731a4a5f4a67a347f3f23edd5f3b28ee80225fd [diff]
Re-encrypt if unable to mount fs on unlock

Summary:
If the partition can be decrypted but not mounted, the partition will
end up in an unrecoverable state. Failure to mount could be due to
either filesystem corruption, or the filesystem being non-existent.
```
eStoraged[1575]: Starting unlock
eStoraged[1575]: Activating LUKS dev /dev/mmcblk0
eStoraged[1575]: Successfully activated LUKS dev /dev/mmcblk0
eStoraged[2755]: fsck from util-linux 2.39.3
eStoraged[2756]: fsck.ext4: Bad magic number in super-block while trying to open /dev/mapper/luks-mmcblk0
eStoraged[2756]: /dev/mapper/luks-mmcblk0:
eStoraged[2756]: The superblock could not be read or does not describe a valid ext2/ext3/ext4
eStoraged[2756]: filesystem.  If the device is valid and it really contains an ext2/ext3/ext4
eStoraged[2756]: filesystem (and not swap or ufs or something else), then the superblock
eStoraged[2756]: is corrupt, and you might try running e2fsck with an alternate superblock:
eStoraged[2756]:     e2fsck -b 8193 <device>
eStoraged[2756]:  or
eStoraged[2756]:     e2fsck -b 32768 <device>
eStoraged[1575]: The fsck command failed: 2048
eStoraged[1575]: Failed to mount filesystem: -1
eStoraged[1575]: Starting unlock
eStoraged[1575]: Activating LUKS dev /dev/mmcblk0
eStoraged[1575]: Device luks-mmcblk0 already exists.
eStoraged[1575]: Failed to activate LUKS dev: -17
```

Lock the partition so that reformatting the partition's filesystem will
succeed.

Tested:
Successfully reformatted the partition after failing to unlock and
mount the partition.
```
eStoraged[1954]: Starting unlock
eStoraged[1954]: Activating LUKS dev /dev/mmcblk0
eStoraged[1954]: Successfully activated LUKS dev /dev/mmcblk0
eStoraged[3310]: fsck from util-linux 2.39.3
eStoraged[3311]: fsck.ext4: Bad magic number in super-block while trying to open /dev/mapper/luks-mmcblk0
eStoraged[3311]: /dev/mapper/luks-mmcblk0:
eStoraged[3311]: The superblock could not be read or does not describe a valid ext2/ext3/ext4
eStoraged[3311]: filesystem.  If the device is valid and it really contains an ext2/ext3/ext4
eStoraged[3311]: filesystem (and not swap or ufs or something else), then the superblock
eStoraged[3311]: is corrupt, and you might try running e2fsck with an alternate superblock:
eStoraged[3311]:     e2fsck -b 8193 <device>
eStoraged[3311]:  or
eStoraged[3311]:     e2fsck -b 32768 <device>
eStoraged[1954]: The fsck command failed: 2048
eStoraged[1954]: Deactivating LUKS device /dev/mmcblk0
eStoraged[1954]: device-mapper: remove ioctl on luks-mmcblk0  failed: Device or resource busy
eStoraged[1954]: Successfully deactivated LUKS device /dev/mmcblk0
eStoraged[1954]: Starting format
eStoraged[1954]: Formatting device /dev/mmcblk0
eStoraged[1954]: Encrypted device /dev/mmcblk0 successfully formatted
eStoraged[1954]: Activating LUKS dev /dev/mmcblk0
eStoraged[1954]: Successfully activated LUKS dev /dev/mmcblk0
eStoraged[3800]: mke2fs 1.47.0 (5-Feb-2023)
eStoraged[3800]: [510B blob data]
eStoraged[3800]: Creating filesystem with 7649216 4k blocks and 1913184 inodes
eStoraged[3800]: Filesystem UUID: b70b1da7-50c1-409c-a692-0c075fad5973
eStoraged[3800]: Superblock backups stored on blocks:
eStoraged[3800]:         32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
eStoraged[3800]:         4096000
eStoraged[3800]: [57B blob data]
eStoraged[3800]: [54B blob data]
eStoraged[3800]: Creating journal (32768 blocks): done
eStoraged[3800]: [91B blob data]
eStoraged[1954]: Successfully created filesystem for /dev/mapper/luks-mmcblk0
eStoraged[3850]: fsck from util-linux 2.39.3
eStoraged[3852]: /dev/mapper/luks-mmcblk0: clean, 12/1913184 files, 164647/7649216 blocks
eStoraged[1954]: Successfully mounted filesystem at /mnt/luks-mmcblk0_fs
```

All unit tests passed when tested on a unit.
```
[ RUN      ] EStoragedTest.FormatMountFail
<6> Change HS_TIMING for testfile with 12345678

GMOCK WARNING:
Uninteresting mock function call - returning default value.
    Function call: ioctl(3225989888, 0x7fc2535440)
          Returns: 0
NOTE: You can safely ignore the above warning unless this call should not happen.  Do not suppress it by blindly adding an EXPECT_CALL() if you don't mean to enforce the call.  See https://github.com/google/googletest/blob/main/docs/gmock_cook_book.md#knowing-when-to-expect-useoncall for details.
<6> BKOPS is not supported for testfile

GMOCK WARNING:
Uninteresting mock function call - returning default value.
    Function call: cryptLoad(0x55b3e916f0, 0x557df5d5a0 pointing to "LUKS2", NULL)
          Returns: 0
NOTE: You can safely ignore the above warning unless this call should not happen.  Do not suppress it by blindly adding an EXPECT_CALL() if you don't mean to enforce the call.  See https://github.com/google/googletest/blob/main/docs/gmock_cook_book.md#knowing-when-to-expect-useoncall for details.

GMOCK WARNING:
Uninteresting mock function call - returning default value.
    Function call: cryptLoad(0x55b3e92d10, 0x557df5d5a0 pointing to "LUKS2", NULL)
          Returns: 0
NOTE: You can safely ignore the above warning unless this call should not happen.  Do not suppress it by blindly adding an EXPECT_CALL() if you don't mean to enforce the call.  See https://github.com/google/googletest/blob/main/docs/gmock_cook_book.md#knowing-when-to-expect-useoncall for details.
<6> Starting format
<6> Formatting device testfile
<6> Encrypted device testfile successfully formatted
<6> Activating LUKS dev testfile
<6> Successfully activated LUKS dev testfile
<6> Successfully created filesystem for /tmp/testfile_luksDev
<3> Failed to mount filesystem: -1
[       OK ] EStoragedTest.FormatMountFail (15 ms)
[----------] 1 test from EStoragedTest (15 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test suite ran. (15 ms total)
[  PASSED  ] 1 test.

[ RUN      ] EStoragedTest.UnlockMountFail
<6> Change HS_TIMING for testfile with 12345678

GMOCK WARNING:
Uninteresting mock function call - returning default value.
    Function call: ioctl(3225989888, 0x7fc70eb810)
          Returns: 0
NOTE: You can safely ignore the above warning unless this call should not happen.  Do not suppress it by blindly adding an EXPECT_CALL() if you don't mean to enforce the call.  See https://github.com/google/googletest/blob/main/docs/gmock_cook_book.md#knowing-when-to-expect-useoncall for details.
<6> BKOPS is not supported for testfile

GMOCK WARNING:
Uninteresting mock function call - returning default value.
    Function call: cryptLoad(0x55887606f0, 0x556c18d5a0 pointing to "LUKS2", NULL)
          Returns: 0
NOTE: You can safely ignore the above warning unless this call should not happen.  Do not suppress it by blindly adding an EXPECT_CALL() if you don't mean to enforce the call.  See https://github.com/google/googletest/blob/main/docs/gmock_cook_book.md#knowing-when-to-expect-useoncall for details.

GMOCK WARNING:
Uninteresting mock function call - returning default value.
    Function call: cryptLoad(0x5588761d10, 0x556c18d5a0 pointing to "LUKS2", NULL)
          Returns: 0
NOTE: You can safely ignore the above warning unless this call should not happen.  Do not suppress it by blindly adding an EXPECT_CALL() if you don't mean to enforce the call.  See https://github.com/google/googletest/blob/main/docs/gmock_cook_book.md#knowing-when-to-expect-useoncall for details.
<6> Starting unlock
<6> Activating LUKS dev testfile
<6> Successfully activated LUKS dev testfile
<3> The fsck command failed: -1
<6> Deactivating LUKS device testfile
<6> Successfully deactivated LUKS device testfile
<6> Starting format
<6> Formatting device testfile
<6> Encrypted device testfile successfully formatted
<6> Activating LUKS dev testfile
<6> Successfully activated LUKS dev testfile
<6> Successfully created filesystem for /tmp/testfile_luksDev
<6> Successfully mounted filesystem at /mnt/testfile_luksDev_fs
[       OK ] EStoragedTest.UnlockMountFail (18 ms)
[----------] 1 test from EStoragedTest (18 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test suite ran. (19 ms total)
[  PASSED  ] 1 test.
```

Change-Id: Ia9c40099d5582a0903525d4f30cb4f02b46d803b
Signed-off-by: Kyle Nieman <kyle.nieman@fii-na.com>
3 files changed
tree: 03d9606e4987c9576c56d6b2022ee3534de9b546
  1. include/
  2. service_files/
  3. src/
  4. subprojects/
  5. .clang-format
  6. .clang-tidy
  7. .gitignore
  8. LICENSE
  9. meson.build
  10. meson.options
  11. OWNERS
  12. README.md
README.md

eStoraged

This daemon serves as an abstraction for an encrypted storage device, encapsulating the security functionality and providing a D-Bus interface to manage the encrypted filesystem on the device. Using the D-Bus interface, other software components can interact with eStoraged to do things like create a new encrypted filesystem, wipe its contents, lock/unlock the device, or change the password.