From 16a46f9a9c92cb028ec8cbcb76fd074aef7d6d53 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Fri, 2 Sep 2011 16:55:39 +0200 Subject: [PATCH] Use proper dracut module and conf files... ... instead of the ugly and incompatible /usr/share/qubes/regenerate_initramfs.sh script --- dom0/aux-tools/regenerate_initramfs.sh | 17 ----------------- .../luks-aesni-missing-drivers.conf | 4 ++++ dom0/dracut/dracut.conf.d/qubes-pciback.conf | 5 +++++ dom0/dracut/modules.d/90qubes-pciback/install | 5 +++++ .../modules.d/90qubes-pciback/installkernel | 2 ++ .../modules.d/90qubes-pciback/qubes-pciback.sh | 8 ++++++++ rpm_spec/core-dom0.spec | 11 +++++++++-- 7 files changed, 33 insertions(+), 19 deletions(-) delete mode 100755 dom0/aux-tools/regenerate_initramfs.sh create mode 100644 dom0/dracut/dracut.conf.d/luks-aesni-missing-drivers.conf create mode 100644 dom0/dracut/dracut.conf.d/qubes-pciback.conf create mode 100755 dom0/dracut/modules.d/90qubes-pciback/install create mode 100755 dom0/dracut/modules.d/90qubes-pciback/installkernel create mode 100755 dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh diff --git a/dom0/aux-tools/regenerate_initramfs.sh b/dom0/aux-tools/regenerate_initramfs.sh deleted file mode 100755 index 1458838b..00000000 --- a/dom0/aux-tools/regenerate_initramfs.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -KERNEL_VER=$1 -if [ -z "$KERNEL_VER" ]; then - KERNEL_VER=`uname -r` -fi - -#Find all network devices -HIDE_PCI=`lspci -mm -n | grep '^[^ ]* "02'|awk '{ ORS="";print "(" $1 ")";}'` - -echo "# This file is autogenerated by kernel post-install script" > /etc/modprobe.d/pciback.conf -echo "# DO NOT EDIT" >> /etc/modprobe.d/pciback.conf -echo "" >> /etc/modprobe.d/pciback.conf -echo "options pciback hide=$HIDE_PCI" >> /etc/modprobe.d/pciback.conf - -dracut --force --add-drivers 'xts aesni-intel aes-x86_64 crc32c-intel fpu ghash-clmulni-intel salsa20-x86_64 twofish-x86_64 pciback' \ - /boot/initramfs-$KERNEL_VER.img $KERNEL_VER diff --git a/dom0/dracut/dracut.conf.d/luks-aesni-missing-drivers.conf b/dom0/dracut/dracut.conf.d/luks-aesni-missing-drivers.conf new file mode 100644 index 00000000..558e89eb --- /dev/null +++ b/dom0/dracut/dracut.conf.d/luks-aesni-missing-drivers.conf @@ -0,0 +1,4 @@ +# Apprently some of the drivers required when using a processor with AESNI for LUKS +# are missing in the initramfs, so lets include them manually here: + +add_drivers="xts aesni-intel aes-x86_64 crc32c-intel fpu ghash-clmulni-intel salsa20-x86_64 twofish-x86_64" diff --git a/dom0/dracut/dracut.conf.d/qubes-pciback.conf b/dom0/dracut/dracut.conf.d/qubes-pciback.conf new file mode 100644 index 00000000..18c3bc00 --- /dev/null +++ b/dom0/dracut/dracut.conf.d/qubes-pciback.conf @@ -0,0 +1,5 @@ +# This is to include Qubes-specific dracut module that takes care of +# detecting and hiding all networking devices at boot time +# so that Dom0 doesn't load drivers for them... + +add_dracutmodules="qubes-pciback" diff --git a/dom0/dracut/modules.d/90qubes-pciback/install b/dom0/dracut/modules.d/90qubes-pciback/install new file mode 100755 index 00000000..686910bc --- /dev/null +++ b/dom0/dracut/modules.d/90qubes-pciback/install @@ -0,0 +1,5 @@ +#!/bin/bash +inst_hook cmdline 02 "$moddir/qubes-pciback.sh" +inst lspci +inst grep +inst awk diff --git a/dom0/dracut/modules.d/90qubes-pciback/installkernel b/dom0/dracut/modules.d/90qubes-pciback/installkernel new file mode 100755 index 00000000..e360576f --- /dev/null +++ b/dom0/dracut/modules.d/90qubes-pciback/installkernel @@ -0,0 +1,2 @@ +#!/bin/bash +instmods pciback diff --git a/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh b/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh new file mode 100755 index 00000000..cc76ea39 --- /dev/null +++ b/dom0/dracut/modules.d/90qubes-pciback/qubes-pciback.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Find all networking devices currenly installed... +HIDE_PCI=`lspci -mm -n | grep '^[^ ]* "02'|awk '{ ORS="";print "(" $1 ")";}'` + +# ... and hide them so that Dom0 doesn't load drivers for them +modprobe pciback hide=$HIDE_PCI + diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index b553d2e9..2f5aa087 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -92,7 +92,6 @@ cp aux-tools/convert_dirtemplate2vm.sh $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/create_apps_for_appvm.sh $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/remove_appvm_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/reset_vm_configs.py $RPM_BUILD_ROOT/usr/lib/qubes -cp aux-tools/regenerate_initramfs.sh $RPM_BUILD_ROOT/usr/lib/qubes cp aux-tools/sync_rpmdb_updatevm.sh $RPM_BUILD_ROOT/usr/lib/qubes/ cp qmemman/server.py $RPM_BUILD_ROOT/usr/lib/qubes/qmemman_daemon.py cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes/ @@ -175,6 +174,12 @@ install -d $RPM_BUILD_ROOT/etc/xdg/autostart install -m 0644 qubes-guid.desktop $RPM_BUILD_ROOT/etc/xdg/autostart/ install -m 0644 qubes-update-watch.desktop $RPM_BUILD_ROOT/etc/xdg/autostart/ +mkdir -p $RPM_BUILD_ROOT/etc/dracut.conf.d +cp dracut/dracut.conf.d/* $RPM_BUILD_ROOT/etc/dracut.conf.d/ + +mkdir -p $RPM_BUILD_ROOT/usr/share/dracut/modules.d +cp -r dracut/modules.d/* $RPM_BUILD_ROOT/usr/share/dracut/modules.d/ + %post # Create NetworkManager configuration if we do not have it @@ -305,7 +310,6 @@ fi /usr/lib/qubes/qmemman_daemon.py* /usr/lib/qubes/meminfo-writer /usr/lib/qubes/qfile-daemon-dvm* -/usr/lib/qubes/regenerate_initramfs.sh /usr/lib/qubes/sync_rpmdb_updatevm.sh /usr/lib/qubes/qubes-receive-updates %attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker @@ -363,3 +367,6 @@ fi /etc/xdg/autostart/qubes-update-watch.desktop /etc/security/limits.d/99-qubes.conf /etc/yum/post-actions/qubes_sync_rpmdb_updatevm.action +%dir /etc/dracut.conf.d/* +%dir /usr/share/dracut/modules.d/ +%dir /usr/share/dracut/modules.d/90qubes-pciback/*