From f510a438df7b03b5606ec2fa7918c0642a399f6d Mon Sep 17 00:00:00 2001 From: Tatiana Leon Date: Tue, 14 Mar 2017 13:42:13 +0100 Subject: [PATCH] trustfence-initramfs: do not boot non-encrypted rootfs if encryption is enabled Allowing to boot a non-encrypted rootfs when encryption is enable is a security hole: if an attacker can somehow write (offline) to the media, he could flash a custom unencrypted rootfs and break into the system. If the system is configured to use encryption, only encrypted rootfs will boot. Trying to boot a non-encrypted rootfs will fail and power off the device. https://jira.digi.com/browse/DEL-3829 Signed-off-by: Tatiana Leon --- .../ccimx6sbc/trustfence-initramfs-init | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init index 5759d3bd3..d1d352671 100644 --- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init +++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init @@ -15,6 +15,15 @@ # #=============================================================================== +POWEROFF_TIME="10" + +error() { + [ "${#}" != "0" ] && printf "\n[ERROR]: %s\n\n" "${1}" + echo "The system will poweroff in ${POWEROFF_TIME} seconds" + sleep "${POWEROFF_TIME}" + sync && poweroff -f +} + export PATH=/bin:/sbin:/usr/bin:/usr/sbin mkdir -p /proc /sys /dev @@ -51,6 +60,8 @@ fi if trustfence-tool ${root} cryptroot; then # Reset root variable to the decrypted mapped device root="/dev/mapper/cryptroot" +else + error "unable to open encrypted partition." fi # Mount mapped device