From a61a66718fc4df5ec53dae0c38f2d41b02605e3f Mon Sep 17 00:00:00 2001
From: Hal Emmerich <hal@halemmerich.com>
Date: Tue, 17 Sep 2019 20:50:27 -0500
Subject: [PATCH] Add initramfs to image to enable root encryption

---
 resources/BuildResources/cmdline        |  2 +-
 resources/BuildResources/config         |  6 ++-
 resources/BuildResources/initramfs-init | 51 +++++++++++++++++++++++++
 scripts/buildFilesystem.sh              | 46 ++++++++++++++++++----
 4 files changed, 95 insertions(+), 10 deletions(-)
 create mode 100644 resources/BuildResources/initramfs-init

diff --git a/resources/BuildResources/cmdline b/resources/BuildResources/cmdline
index 03de9f1..a5469cf 100644
--- a/resources/BuildResources/cmdline
+++ b/resources/BuildResources/cmdline
@@ -1 +1 @@
-console=tty1 init=/sbin/init root=PARTUUID=%U/PARTNROFF=1 rootfstype=ext4 rootwait ro net.ifnames=0 console=ttyS2,115200n8 earlyprintk=ttyS2,115200n8
\ No newline at end of file
+console=tty1 ramdisk_size=51200 initrd=/PrawnOS-initramfs.cpio.gz root=PARTUUID=%U/PARTNROFF=1 rootfstype=ext4 rootwait ro net.ifnames=0 console=ttyS2,115200n8 earlyprintk=ttyS2,115200n8
\ No newline at end of file
diff --git a/resources/BuildResources/config b/resources/BuildResources/config
index 544e87e..f24cc3f 100644
--- a/resources/BuildResources/config
+++ b/resources/BuildResources/config
@@ -1464,10 +1464,12 @@ CONFIG_ZRAM=y
 # CONFIG_ZRAM_MEMORY_TRACKING is not set
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
-# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+CONFIG_BLK_DEV_CRYPTOLOOP=y
 # CONFIG_BLK_DEV_DRBD is not set
 # CONFIG_BLK_DEV_NBD is not set
-# CONFIG_BLK_DEV_RAM is not set
+CONFIG_BLK_DEV_RAM=y
+CONFIG_BLK_DEV_RAM_COUNT=16
+CONFIG_BLK_DEV_RAM_SIZE=4096
 # CONFIG_CDROM_PKTCDVD is not set
 # CONFIG_ATA_OVER_ETH is not set
 # CONFIG_BLK_DEV_RBD is not set
diff --git a/resources/BuildResources/initramfs-init b/resources/BuildResources/initramfs-init
new file mode 100644
index 0000000..3576425
--- /dev/null
+++ b/resources/BuildResources/initramfs-init
@@ -0,0 +1,51 @@
+#!/bin/busybox sh
+
+
+cmdline() {
+    local value
+    value=" $(cat /proc/cmdline) "
+    value="${value##* ${1}=}"
+    value="${value%% *}"
+    [ "${value}" != "" ] && echo "${value}"
+}
+
+rootpartuuid() {
+    local value
+    value=$1
+    value="${value%/*}"
+    value="${value#*=}"
+    [ "${value}" != "" ] && echo "${value}"
+}
+
+# mount the bare necesities 
+mount -n -t proc     proc      /proc
+mount -n -t sysfs    sysfs     /sys
+mount -n -t devtmpfs devtmpfs  /dev
+mount -n -t tmpfs    tmpfs     /run
+
+# get the root device, so we can find the boot partiton
+UNPARSED=$(cmdline root)
+ROOT_PARTUUID=$(rootpartuuid $UNPARSED)
+echo ${ROOT_PARTUUID}
+BLKID=$(/bin/blkid | grep $ROOT_PARTUUID )
+echo ${BLKID}
+#If its an mmcblk device, the partiton will p1. If it is a usb device, the partiton will just be 1
+#Just want everything before the 1: so this will work
+ROOT_DEV="${BLKID%1:*}"
+
+echo ${ROOT_DEV}
+
+
+# we use this to change what cmdline options get passed into
+# the next boot stage, aka to enable root encryption
+CMDLINE='cat /proc/cmdline'
+
+# mount new root
+[ -d /newroot ] || mkdir -p /newroot
+mount ${ROOT_DEV}3 /newroot
+
+umount /sys
+umount /proc
+
+#swith to the new rootfs
+exec swith_root /newroot "/sbin/init" ${CMDLINE}
\ No newline at end of file
diff --git a/scripts/buildFilesystem.sh b/scripts/buildFilesystem.sh
index fb5a40c..5ce6834 100755
--- a/scripts/buildFilesystem.sh
+++ b/scripts/buildFilesystem.sh
@@ -62,23 +62,35 @@ cleanup() {
 
 trap cleanup INT TERM EXIT
 
-
+#layout the partitons and write filesystem information
 create_image() {
-  # it's a sparse file - that's how we fit a 16GB image inside a 3GB one
   dd if=/dev/zero of=$1 bs=$3 count=$4 conv=sparse
   parted --script $1 mklabel gpt
   cgpt create $1
   cgpt add -i 1 -t kernel -b 8192 -s 65536 -l Kernel -S 1 -T 5 -P 10 $1
-  start=$((8192 + 65536))
+  boot_start=$((8192 + 65536))
+  boot_end=`cgpt show $1 | grep 'Sec GPT table' | awk '{print $1}'`
+  size=$(($boot_end - $boot_start))
+  #create the initramfs partiton, aka /boot
+  boot_start=$(($start + $size))
+  boot_size=409600 # 200 MB
+  cgpt add -i 2 -t data -b $boot_start -s $boot_size -l Boot $1
+  #Now the main filesystem
+  root_start=$(($boot_start + $boot_size))
   end=`cgpt show $1 | grep 'Sec GPT table' | awk '{print $1}'`
-  size=$(($end - $start))
-  cgpt add -i 2 -t data -b $start -s $size -l Root $1
+  root_size=$(($end - $root_start))
+  cgpt add -i 3 -t data -b $start -s $size -l Root $1
   # $size is in 512 byte blocks while ext4 uses a block size of 1024 bytes
   losetup -P $2 $1
-  mkfs.ext4 -F -b 1024 -m 0 ${2}p2 $(($size / 2))
+  mkfs.ext4 -F -b 1024 -m 0 ${2}p2 $(($boot_size / 2))
+  mkfs.ext4 -F -b 1024 -m 0 ${2}p3 $(($root_size / 2))
 
   # mount the / partition
   mount -o noatime ${2}p2 $5
+
+  # mount the /boot partiton
+  mkdir -p $5/boot
+  mount -o noatime ${2}p2 $5/boot
 }
 
 # use buster if no suite is specified
@@ -152,7 +164,27 @@ chroot $outmnt locale-gen
 
 #Install the base packages
 chroot $outmnt apt update
-chroot $outmnt apt install -y initscripts udev kmod net-tools inetutils-ping traceroute iproute2 isc-dhcp-client wpasupplicant iw alsa-utils cgpt vim-tiny less psmisc netcat-openbsd ca-certificates bzip2 xz-utils ifupdown nano apt-utils git kpartx gdisk parted rsync
+chroot $outmnt apt install -y initscripts udev kmod net-tools inetutils-ping traceroute iproute2 isc-dhcp-client wpasupplicant iw alsa-utils cgpt vim-tiny less psmisc netcat-openbsd ca-certificates bzip2 xz-utils ifupdown nano apt-utils git kpartx gdisk parted rsync busybox-static
+
+#make the initramfs image that gets copied to partiton 2
+#make a skeleton filesystem
+initramfs_src=/usr/src/initramfs
+chroot $outmnt mkdir -p $initramfs_src
+chroot $outmnt mkdir $initramfs_src/{bin,dev,etc,newroot,proc,sys,sbin,run,lib,lib/arm-linux-gnueabihf}
+#install the few tools we need
+chroot $outmnt cp /bin/busybox /sbin/cryptsetup $initramfs_src/bin/
+chroot $outmnt cp /lib/arm-linux-gnueabihf/{libblkid.so.1,libc.so.6,libuuid.so.1} $initramfs_src/lib/arm-linux-gnueabihf/
+chroot $outmnt cp /lib/ld-linux-armhf.so.3 $initramfs_src/lib/
+chroot $outmnt cp /sbin/blkid $initramfs_src/bin/
+
+#add the init script
+cp $build_resources/initramfs-init $outmnt/$initramfs_src/init
+chroot $outmnt chmod +x $initramfs_src/init
+
+#compress and install
+#TODO, make this correct
+chroot $outmnt find $initramfs_src -print0 | cpio --null --create --verbose --format=newc | gzip --best > /boot/PrawnOS-initramfs.cpio.gz 
+
 
 #add the live-boot fstab
 cp -f $build_resources/external_fstab $outmnt/etc/fstab