From d6205d3a165e01d6c427e9160f36b51cfdc4e2b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
Date: Tue, 25 Feb 2020 17:47:58 +0100
Subject: sys-boot/myinitramfs: extend to optionally autounlock

---
 sys-boot/myinitramfs/files/gen.sh                | 22 ++++++++----
 sys-boot/myinitramfs/files/init.enc              |  6 +++-
 sys-boot/myinitramfs/files/initramfs_password    |  6 ++++
 sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild | 38 --------------------
 sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild | 45 ++++++++++++++++++++++++
 5 files changed, 72 insertions(+), 45 deletions(-)
 create mode 100755 sys-boot/myinitramfs/files/initramfs_password
 delete mode 100644 sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild
 create mode 100644 sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild

diff --git a/sys-boot/myinitramfs/files/gen.sh b/sys-boot/myinitramfs/files/gen.sh
index 958b974..136f7ff 100755
--- a/sys-boot/myinitramfs/files/gen.sh
+++ b/sys-boot/myinitramfs/files/gen.sh
@@ -8,19 +8,29 @@ cd "$(dirname "$(readlink -f "$0")")"
 
 LIST="$(mktemp)"
 
+add_exec() {
+	P="$(which "$1")"
+	echo "# $EXE" >> "$LIST"
+	echo "file $P	$P	755 0 0" >> "$LIST"
+	ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do
+		echo "file $LIB	$LIB	755 0 0" >> "$LIST"
+	done
+}
+
 # Base list
 cp baselist "$LIST"
 # Init script
 echo "file /init ./init.enc 755 0 0" >> "$LIST"
 echo >> "$LIST"
+# Executables required when USE_DMI
+if [ -n "$USE_DMI" ]; then
+	echo "file /sbin/initramfs_password ./initramfs_password 755 0 0" >> "$LIST"
+	add_exec dmidecode
+	add_exec sha512sum
+fi
 # Executables
 while read -r EXE; do
-	P="$(which "$EXE")"
-	echo "# $EXE" >> "$LIST"
-	echo "file $P	$P	755 0 0" >> "$LIST"
-	ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do
-		echo "file $LIB	$LIB	755 0 0" >> "$LIST"
-	done
+	add_exec "$EXE"
 done <exelist
 
 # Buld initramfs
diff --git a/sys-boot/myinitramfs/files/init.enc b/sys-boot/myinitramfs/files/init.enc
index b1cd3a2..0514508 100755
--- a/sys-boot/myinitramfs/files/init.enc
+++ b/sys-boot/myinitramfs/files/init.enc
@@ -83,7 +83,11 @@ root="$(blkid | awk -v uuid="UUID=\"$uuid\"" '$2 == uuid { gsub(/:$/,"",$1); pri
 [ -e "$root" ] || fail "Root not located!"
 
 echo -e "${C_GREEN}Unlocking root...${C_NO}"
-cryptsetup open "$root" encroot || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)"
+if command -v initramfs_password >/dev/null; then
+	initramfs_password | cryptsetup open --key-file=- "$root" encroot
+else
+	cryptsetup open "$root" encroot
+fi || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)"
 
 echo -e "${C_GREEN}Mounting root...${C_NO}"
 mount -t btrfs -o "$rootflags" /dev/mapper/encroot /mnt/root \
diff --git a/sys-boot/myinitramfs/files/initramfs_password b/sys-boot/myinitramfs/files/initramfs_password
new file mode 100755
index 0000000..8ad64bb
--- /dev/null
+++ b/sys-boot/myinitramfs/files/initramfs_password
@@ -0,0 +1,6 @@
+#!/bin/sh
+{
+	dmidecode -s system-uuid 
+	dmidecode -s baseboard-serial-number
+	dmidecode -s processor-version
+} | sha512sum | cut -f1 -d ' '
diff --git a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild b/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild
deleted file mode 100644
index e31efdc..0000000
--- a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# TODO support encrytion and btrfs only as option
-
-EAPI=6
-
-VER="${PV%-r*}"
-
-DESCRIPTION="My personal initramfs (verry simple with encryption support)"
-S="${WORKDIR}/myinitramfs-${VER}"
-
-LICENSE="GPLv2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE=""
-
-DEPEND="sys-fs/cryptsetup
-sys-fs/btrfs-progs
-sys-apps/linux-misc-apps
-sys-apps/busybox[static]"
-RDEPEND="${DEPEND}
-sys-kernel/linux[initramfs]"
-
-src_unpack() {
-	# Well we have no sources so just create empty directory
-	mkdir -p "${S}"
-}
-
-src_compile() {
-	"${FILESDIR}/gen.sh" initramfs-gentoo
-}
-
-src_install() {
-	dodir /boot
-	insinto /boot
-	newins initramfs-gentoo initramfs-gentoo
-}
diff --git a/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild
new file mode 100644
index 0000000..84be803
--- /dev/null
+++ b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# TODO support encrytion and btrfs only as option
+
+EAPI=6
+
+VER="${PV%-r*}"
+
+DESCRIPTION="My personal initramfs (verry simple with encryption support)"
+S="${WORKDIR}/myinitramfs-${VER}"
+
+LICENSE="GPLv2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="dmi"
+
+DEPEND="sys-fs/cryptsetup
+sys-fs/btrfs-progs
+sys-apps/linux-misc-apps
+sys-apps/busybox[static]
+dmi? (
+	sys-apps/dmidecode
+	sys-apps/coreutils
+)"
+RDEPEND="${DEPEND}
+sys-kernel/linux[initramfs]"
+
+src_unpack() {
+	# Well we have no sources so just create empty directory
+	mkdir -p "${S}"
+}
+
+src_compile() {
+	use dmi || export USE_DMI=1
+	"${FILESDIR}/gen.sh" initramfs-gentoo
+}
+
+src_install() {
+	dodir /boot
+	insinto /boot
+	newins initramfs-gentoo initramfs-gentoo
+
+	dosbin "${FILESDIR}/initramfs_password"
+}
-- 
cgit v1.2.3