Support for multiple partitions

[terra-yuri]

Hi,

I have a case of 3 partitions (boot/system/data) instead of 2 (boot/system) in the OS image.

Will the provisioner support it as-is, and LUKS encrypt both the system+data partitions? if not, what should be changed to add this functionality?

Thank you!

[tdewey-rpi]

This isn't explicitly supported today - but I'm planning to add a storage-description document that would give structure to this idea and introduce native support.

If you cannot wait for that, I'd suggest modifying the partition mounts and Fastboot command set:

Partition mounts, which I'd suggest you expand to include all partitions you want to flash. Immediately after this site is a good place to perform in-flight modifications - another future change I'm expecting to introduce.

rpi-sb-provisioner/service/rpi-sb-provisioner.sh

Line 642 in b8dfe15

announce_start "OS Image Mounting"

Then the fastboot partitioning options. Here, I'd suggest using the same guidance available on StackOverflow: https://unix.stackexchange.com/questions/482590/how-can-i-create-multiple-partitions-in-a-luks-container-using-a-gpt-mbr-partiti

And have 'partinit' run a second time inside the LUKS container created by 'cryptinit/cryptopen'.

rpi-sb-provisioner/service/rpi-sb-provisioner.sh

Line 825 in b8dfe15

[ -z "${DEMO_MODE_ONLY}" ] && fastboot erase "${RPI_DEVICE_STORAGE_TYPE}"

Finally, you'll need to get your data into the correct location. Do this by modifying the Fastboot command set, and don't forget to update the device-mapper names to reflect your new partitions:

rpi-sb-provisioner/service/rpi-sb-provisioner.sh

Line 857 in b8dfe15

announce_start "Writing OS images"

As mentioned, as part of the work we're doing in rpi-image-gen, I expect to introduce infrastructure to formalise this process.

[torntrousers]

This isn't explicitly supported today - but I'm planning to add a storage-description document that would give structure to this idea and introduce native support.

might that then enable something like A/B partitions and OTA updates of the OS?

[terra-yuri]

A/B partitions and OTA updates sounds like a considerably larger change than what I'm talking about (though very welcome).

@tdewey-rpi - thank you for the information!

[tdewey-rpi]

This isn't explicitly supported today - but I'm planning to add a storage-description document that would give structure to this idea and introduce native support.

might that then enable something like A/B partitions and OTA updates of the OS?

Among other storage topologies, yes. Under the current scheme you can use the apt-based upgrade mechanism and in-place updates as usual - however for high-availability deployments and ones where you need to provide trivial device reset, these new storage layouts might offer performance or flexibility benefits.

Expect more information in this area soon, but also take a look at rpi-image-gen to see what we're thinking about.

[terra-yuri]

Is the plan to add such support to this project, to 'rpi-image-gen' or to both?

[tdewey-rpi]

Both projects will get modifications:

• rpi-image-gen to create a description of provisioning actions (partitioning, LUKS formatting, etc)
• rpi-sb-provisioner to read this description and expand support to fit the description format.