meta-digi-dey: new Trustfence initramfs package

This package adds some files needed by the trustfence initramfs and that are not included in other packages. https://jira.digi.com/browse/DEL-2278 Signed-off-by: Javier Viguera <javier.viguera@digi.com>
2016-07-07 17:59:25 +02:00 · 2016-07-07 17:59:25 +02:00 · 4dd7d438af
parent 778aade696
commit 4dd7d438af
2 changed files with 102 additions and 0 deletions
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs.bb
@ -0,0 +1,28 @@
 # Copyright (C) 2016 Digi International.
 SUMMARY = "Trustfence initramfs required files"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
 SRC_URI = "file://trustfence-initramfs-init"
 S = "${WORKDIR}"
 do_install() {
 	install -d ${D}${sbindir}
 	install -m 0755 trustfence-initramfs-init ${D}/init
 }
 # Do not create debug/devel packages
 PACKAGES = "${PN}"
 FILES_${PN} = "/"
 # Runtime packages used in 'trustfence-initramfs-init'
 RDEPENDS_${PN} = " \
    cryptsetup \
    rng-tools \
    trustfence-tool \
    util-linux-findfs \
    wipe \
 "
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/trustfence-initramfs-init
@ -0,0 +1,74 @@
 #!/bin/sh
 #===============================================================================
 #
 #  trustfence-initramfs-init
 #
 #  Copyright (C) 2016 by Digi International Inc.
 #  All rights reserved.
 #
 #  This program is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU General Public License version 2 as published by
 #  the Free Software Foundation.
 #
 #
 #  !Description: Init script for Trustfence initramfs
 #
 #===============================================================================
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin
 mkdir -p /proc /sys /dev
 mount -t proc proc /proc
 mount -t sysfs sysfs /sys
 mount -t devtmpfs devtmpfs /dev
 # Set kernel console loglevel
 LOGLEVEL="$(sysctl -n kernel.printk)"
 sysctl -q -w kernel.printk=4
 # Launch 'rngd' to feed random data to kernel entropy pool
 mkdir -p /var/run && rngd
 for arg in $(cat /proc/cmdline); do
 	case "${arg}" in
 		init=*|rescue=1|root=*) eval ${arg};;
 	esac
 done
 # Jump to a rescue shell if requested
 if [ -n "${rescue}" ]; then
 	# Expand console and respawn if exited
 	while true; do
 		setsid cttyhack sh -l
 		sleep 1
 	done
 fi
 # Translate "PARTUUID=..." to real device
 root="$(findfs ${root})"
 # Open LUKS encrypted device
 TMP_KEYFILE="$(mktemp keyfile.XXXXXX)"
 trustfence-tool -f ${TMP_KEYFILE}
 if cryptsetup --key-file ${TMP_KEYFILE} open --type luks ${root} cryptroot; then
 	# Reset root variable to the decrypted mapped device
 	root="/dev/mapper/cryptroot"
 fi
 wipe -cfs ${TMP_KEYFILE}
 # Mount mapped device
 mkdir -p /newroot
 mount ${root} /newroot
 #
 # Clean-up and do the switch_root to the final rootfs
 #
 # - explicit kill 'rngd' daemon so it doesn't leak to the final rootfs
 # - restore previous kernel console loglevel
 # - umount virtual filesystems
 #
 pkill -9 rngd
 [ -n "${LOGLEVEL}" ] && sysctl -q -w kernel.printk="${LOGLEVEL}"
 mount --move /dev /newroot/dev
 umount /sys /proc
 exec switch_root /newroot ${init:-/sbin/init}