From 5894783ace355ca935f98e051ffb2e7064b835bb Mon Sep 17 00:00:00 2001
From: Jan Schintag <jan.schintag@de.ibm.com>
Date: Tue, 18 Apr 2023 15:43:39 +0200
Subject: [PATCH] 40ignition-ostree/ignition-ostree-growfs: Fix Secure
 Execution firstboot error

Do not try to mount disk when running in Secure Execution mode.

Fixes: https://github.com/openshift/os/issues/1264

Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>
---
 .../40ignition-ostree/ignition-ostree-growfs.sh      | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
index 862cace7d5..2bda69befe 100755
--- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
@@ -5,6 +5,12 @@ set -euo pipefail
 # partition, unless it determines that either the rootfs was moved or the
 # partition was already resized (e.g. via Ignition).
 
+# In the IBM Secure Execution case we use Ignition to grow and reencrypt rootfs
+# see overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
+if [[ -f /run/coreos/secure-execution ]]; then
+    exit 0
+fi
+
 # This is copied from ignition-ostree-transposefs.sh.
 # Sometimes, for some reason the by-label symlinks aren't updated. Detect these
 # cases, and explicitly `udevadm trigger`.
@@ -42,12 +48,6 @@ path=/sysroot
 src=/dev/disk/by-label/root
 mount "${src}" "${path}"
 
-# In the IBM Secure Execution case we use Ignition to grow and reencrypt rootfs
-# see overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
-if [[ -f /run/coreos/secure-execution ]]; then
-    exit 0
-fi
-
 if [ ! -f "${saved_partstate}" ]; then
     partition=$(realpath /dev/disk/by-label/root)
 else