trustfence-initramfs: do not boot non-encrypted rootfs if encryption is enabled

Allowing to boot a non-encrypted rootfs when encryption is enable is a security hole: if an attacker can somehow write (offline) to the media, he could flash a custom unencrypted rootfs and break into the system. If the system is configured to use encryption, only encrypted rootfs will boot. Trying to boot a non-encrypted rootfs will fail and power off the device. https://jira.digi.com/browse/DEL-3829 Signed-off-by: Tatiana Leon <tatiana.leon@digi.com>
2017-03-14 13:42:13 +01:00 · 2017-03-14 13:42:13 +01:00 · f510a438df
parent d441f8401e
commit f510a438df
1 changed files with 11 additions and 0 deletions
--- a/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init
+++ b/meta-digi-dey/recipes-core/trustfence/trustfence-initramfs/ccimx6sbc/trustfence-initramfs-init
@ -15,6 +15,15 @@
 #
 #===============================================================================

+POWEROFF_TIME="10"
+
+error() {
+	[ "${#}" != "0" ] && printf "\n[ERROR]: %s\n\n" "${1}"
+	echo "The system will poweroff in ${POWEROFF_TIME} seconds"
+	sleep "${POWEROFF_TIME}"
+	sync && poweroff -f
+}
+
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin

 mkdir -p /proc /sys /dev
@ -51,6 +60,8 @@ fi
 if trustfence-tool ${root} cryptroot; then
 	# Reset root variable to the decrypted mapped device
 	root="/dev/mapper/cryptroot"
+else
+	error "unable to open encrypted partition."
 fi

 # Mount mapped device