summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <karel.koci@nic.cz>2020-02-25 17:47:58 +0100
committerKarel Kočí <karel.koci@nic.cz>2020-02-25 17:52:55 +0100
commitd6205d3a165e01d6c427e9160f36b51cfdc4e2b4 (patch)
treece631e293026850429049457aecdef226310fc06
parent67320a1307feada9e25a3f08e8aba7179004d85c (diff)
downloadgentoo-personal-overlay-d6205d3a165e01d6c427e9160f36b51cfdc4e2b4.tar.gz
gentoo-personal-overlay-d6205d3a165e01d6c427e9160f36b51cfdc4e2b4.tar.bz2
gentoo-personal-overlay-d6205d3a165e01d6c427e9160f36b51cfdc4e2b4.zip
sys-boot/myinitramfs: extend to optionally autounlock
-rwxr-xr-xsys-boot/myinitramfs/files/gen.sh22
-rwxr-xr-xsys-boot/myinitramfs/files/init.enc6
-rwxr-xr-xsys-boot/myinitramfs/files/initramfs_password6
-rw-r--r--sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild (renamed from sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild)11
4 files changed, 36 insertions, 9 deletions
diff --git a/sys-boot/myinitramfs/files/gen.sh b/sys-boot/myinitramfs/files/gen.sh
index 958b974..136f7ff 100755
--- a/sys-boot/myinitramfs/files/gen.sh
+++ b/sys-boot/myinitramfs/files/gen.sh
@@ -8,19 +8,29 @@ cd "$(dirname "$(readlink -f "$0")")"
LIST="$(mktemp)"
+add_exec() {
+ P="$(which "$1")"
+ echo "# $EXE" >> "$LIST"
+ echo "file $P $P 755 0 0" >> "$LIST"
+ ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do
+ echo "file $LIB $LIB 755 0 0" >> "$LIST"
+ done
+}
+
# Base list
cp baselist "$LIST"
# Init script
echo "file /init ./init.enc 755 0 0" >> "$LIST"
echo >> "$LIST"
+# Executables required when USE_DMI
+if [ -n "$USE_DMI" ]; then
+ echo "file /sbin/initramfs_password ./initramfs_password 755 0 0" >> "$LIST"
+ add_exec dmidecode
+ add_exec sha512sum
+fi
# Executables
while read -r EXE; do
- P="$(which "$EXE")"
- echo "# $EXE" >> "$LIST"
- echo "file $P $P 755 0 0" >> "$LIST"
- ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do
- echo "file $LIB $LIB 755 0 0" >> "$LIST"
- done
+ add_exec "$EXE"
done <exelist
# Buld initramfs
diff --git a/sys-boot/myinitramfs/files/init.enc b/sys-boot/myinitramfs/files/init.enc
index b1cd3a2..0514508 100755
--- a/sys-boot/myinitramfs/files/init.enc
+++ b/sys-boot/myinitramfs/files/init.enc
@@ -83,7 +83,11 @@ root="$(blkid | awk -v uuid="UUID=\"$uuid\"" '$2 == uuid { gsub(/:$/,"",$1); pri
[ -e "$root" ] || fail "Root not located!"
echo -e "${C_GREEN}Unlocking root...${C_NO}"
-cryptsetup open "$root" encroot || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)"
+if command -v initramfs_password >/dev/null; then
+ initramfs_password | cryptsetup open --key-file=- "$root" encroot
+else
+ cryptsetup open "$root" encroot
+fi || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)"
echo -e "${C_GREEN}Mounting root...${C_NO}"
mount -t btrfs -o "$rootflags" /dev/mapper/encroot /mnt/root \
diff --git a/sys-boot/myinitramfs/files/initramfs_password b/sys-boot/myinitramfs/files/initramfs_password
new file mode 100755
index 0000000..8ad64bb
--- /dev/null
+++ b/sys-boot/myinitramfs/files/initramfs_password
@@ -0,0 +1,6 @@
+#!/bin/sh
+{
+ dmidecode -s system-uuid
+ dmidecode -s baseboard-serial-number
+ dmidecode -s processor-version
+} | sha512sum | cut -f1 -d ' '
diff --git a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild
index e31efdc..84be803 100644
--- a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild
+++ b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild
@@ -13,12 +13,16 @@ S="${WORKDIR}/myinitramfs-${VER}"
LICENSE="GPLv2"
SLOT="0"
KEYWORDS="amd64 x86"
-IUSE=""
+IUSE="dmi"
DEPEND="sys-fs/cryptsetup
sys-fs/btrfs-progs
sys-apps/linux-misc-apps
-sys-apps/busybox[static]"
+sys-apps/busybox[static]
+dmi? (
+ sys-apps/dmidecode
+ sys-apps/coreutils
+)"
RDEPEND="${DEPEND}
sys-kernel/linux[initramfs]"
@@ -28,6 +32,7 @@ src_unpack() {
}
src_compile() {
+ use dmi || export USE_DMI=1
"${FILESDIR}/gen.sh" initramfs-gentoo
}
@@ -35,4 +40,6 @@ src_install() {
dodir /boot
insinto /boot
newins initramfs-gentoo initramfs-gentoo
+
+ dosbin "${FILESDIR}/initramfs_password"
}