Add initramfs to image to enable root encryption

2019-09-17 20:50:27 -05:00 · 2019-09-17 20:50:27 -05:00 · a61a66718f
commit a61a66718f
parent d16b6ce588
4 changed files with 95 additions and 10 deletions
--- a/resources/BuildResources/cmdline
+++ b/resources/BuildResources/cmdline
@ -1 +1 @@
-console=tty1 init=/sbin/init root=PARTUUID=%U/PARTNROFF=1 rootfstype=ext4 rootwait ro net.ifnames=0 console=ttyS2,115200n8 earlyprintk=ttyS2,115200n8
+console=tty1 ramdisk_size=51200 initrd=/PrawnOS-initramfs.cpio.gz root=PARTUUID=%U/PARTNROFF=1 rootfstype=ext4 rootwait ro net.ifnames=0 console=ttyS2,115200n8 earlyprintk=ttyS2,115200n8
--- a/resources/BuildResources/config
+++ b/resources/BuildResources/config
@ -1464,10 +1464,12 @@ CONFIG_ZRAM=y
 # CONFIG_ZRAM_MEMORY_TRACKING is not set
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
-# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+CONFIG_BLK_DEV_CRYPTOLOOP=y
 # CONFIG_BLK_DEV_DRBD is not set
 # CONFIG_BLK_DEV_NBD is not set
-# CONFIG_BLK_DEV_RAM is not set
+CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_COUNT=16
 CONFIG_BLK_DEV_RAM_SIZE=4096
 # CONFIG_CDROM_PKTCDVD is not set
 # CONFIG_ATA_OVER_ETH is not set
 # CONFIG_BLK_DEV_RBD is not set
--- a/resources/BuildResources/initramfs-init
+++ b/resources/BuildResources/initramfs-init
@ -0,0 +1,51 @@
 #!/bin/busybox sh
 cmdline() {
    local value
    value=" $(cat /proc/cmdline) "
    value="${value##* ${1}=}"
    value="${value%% *}"
    [ "${value}" != "" ] && echo "${value}"
 }
 rootpartuuid() {
    local value
    value=$1
    value="${value%/*}"
    value="${value#*=}"
    [ "${value}" != "" ] && echo "${value}"
 }
 # mount the bare necesities 
 mount -n -t proc     proc      /proc
 mount -n -t sysfs    sysfs     /sys
 mount -n -t devtmpfs devtmpfs  /dev
 mount -n -t tmpfs    tmpfs     /run
 # get the root device, so we can find the boot partiton
 UNPARSED=$(cmdline root)
 ROOT_PARTUUID=$(rootpartuuid $UNPARSED)
 echo ${ROOT_PARTUUID}
 BLKID=$(/bin/blkid | grep $ROOT_PARTUUID )
 echo ${BLKID}
 #If its an mmcblk device, the partiton will p1. If it is a usb device, the partiton will just be 1
 #Just want everything before the 1: so this will work
 ROOT_DEV="${BLKID%1:*}"
 echo ${ROOT_DEV}
 # we use this to change what cmdline options get passed into
 # the next boot stage, aka to enable root encryption
 CMDLINE='cat /proc/cmdline'
 # mount new root
 [ -d /newroot ] || mkdir -p /newroot
 mount ${ROOT_DEV}3 /newroot
 umount /sys
 umount /proc
 #swith to the new rootfs
 exec swith_root /newroot "/sbin/init" ${CMDLINE}
--- a/scripts/buildFilesystem.sh
+++ b/scripts/buildFilesystem.sh
@ -62,23 +62,35 @@ cleanup() {
 trap cleanup INT TERM EXIT
-
+#layout the partitons and write filesystem information
 create_image() {
  # it's a sparse file - that's how we fit a 16GB image inside a 3GB one
  dd if=/dev/zero of=$1 bs=$3 count=$4 conv=sparse
  parted --script $1 mklabel gpt
  cgpt create $1
  cgpt add -i 1 -t kernel -b 8192 -s 65536 -l Kernel -S 1 -T 5 -P 10 $1
-  start=$((8192 + 65536))
+  boot_start=$((8192 + 65536))
  boot_end=`cgpt show $1 | grep 'Sec GPT table' | awk '{print $1}'`
  size=$(($boot_end - $boot_start))
  #create the initramfs partiton, aka /boot
  boot_start=$(($start + $size))
  boot_size=409600 # 200 MB
  cgpt add -i 2 -t data -b $boot_start -s $boot_size -l Boot $1
  #Now the main filesystem
  root_start=$(($boot_start + $boot_size))
  end=`cgpt show $1 | grep 'Sec GPT table' | awk '{print $1}'`
-  size=$(($end - $start))
+  root_size=$(($end - $root_start))
-  cgpt add -i 2 -t data -b $start -s $size -l Root $1
+  cgpt add -i 3 -t data -b $start -s $size -l Root $1
  # $size is in 512 byte blocks while ext4 uses a block size of 1024 bytes
  losetup -P $2 $1
-  mkfs.ext4 -F -b 1024 -m 0 ${2}p2 $(($size / 2))
+  mkfs.ext4 -F -b 1024 -m 0 ${2}p2 $(($boot_size / 2))
  mkfs.ext4 -F -b 1024 -m 0 ${2}p3 $(($root_size / 2))
  # mount the / partition
  mount -o noatime ${2}p2 $5
  # mount the /boot partiton
  mkdir -p $5/boot
  mount -o noatime ${2}p2 $5/boot
 }
 # use buster if no suite is specified
@ -152,7 +164,27 @@ chroot $outmnt locale-gen
 #Install the base packages
 chroot $outmnt apt update
-chroot $outmnt apt install -y initscripts udev kmod net-tools inetutils-ping traceroute iproute2 isc-dhcp-client wpasupplicant iw alsa-utils cgpt vim-tiny less psmisc netcat-openbsd ca-certificates bzip2 xz-utils ifupdown nano apt-utils git kpartx gdisk parted rsync
+chroot $outmnt apt install -y initscripts udev kmod net-tools inetutils-ping traceroute iproute2 isc-dhcp-client wpasupplicant iw alsa-utils cgpt vim-tiny less psmisc netcat-openbsd ca-certificates bzip2 xz-utils ifupdown nano apt-utils git kpartx gdisk parted rsync busybox-static
 #make the initramfs image that gets copied to partiton 2
 #make a skeleton filesystem
 initramfs_src=/usr/src/initramfs
 chroot $outmnt mkdir -p $initramfs_src
 chroot $outmnt mkdir $initramfs_src/{bin,dev,etc,newroot,proc,sys,sbin,run,lib,lib/arm-linux-gnueabihf}
 #install the few tools we need
 chroot $outmnt cp /bin/busybox /sbin/cryptsetup $initramfs_src/bin/
 chroot $outmnt cp /lib/arm-linux-gnueabihf/{libblkid.so.1,libc.so.6,libuuid.so.1} $initramfs_src/lib/arm-linux-gnueabihf/
 chroot $outmnt cp /lib/ld-linux-armhf.so.3 $initramfs_src/lib/
 chroot $outmnt cp /sbin/blkid $initramfs_src/bin/
 #add the init script
 cp $build_resources/initramfs-init $outmnt/$initramfs_src/init
 chroot $outmnt chmod +x $initramfs_src/init
 #compress and install
 #TODO, make this correct
 chroot $outmnt find $initramfs_src -print0 | cpio --null --create --verbose --format=newc | gzip --best > /boot/PrawnOS-initramfs.cpio.gz 
 #add the live-boot fstab
 cp -f $build_resources/external_fstab $outmnt/etc/fstab
		`@ -1 +1 @@`
			`console=tty1 init=/sbin/init root=PARTUUID=%U/PARTNROFF=1 rootfstype=ext4 rootwait ro net.ifnames=0 console=ttyS2,115200n8 earlyprintk=ttyS2,115200n8`				`console=tty1 ramdisk_size=51200 initrd=/PrawnOS-initramfs.cpio.gz root=PARTUUID=%U/PARTNROFF=1 rootfstype=ext4 rootwait ro net.ifnames=0 console=ttyS2,115200n8 earlyprintk=ttyS2,115200n8`