99 lines
2.4 KiB
Bash
99 lines
2.4 KiB
Bash
#!/bin/sh
|
|
#===============================================================================
|
|
#
|
|
# trustfence-initramfs-init
|
|
#
|
|
# Copyright (C) 2016 by Digi International Inc.
|
|
# All rights reserved.
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License version 2 as published by
|
|
# the Free Software Foundation.
|
|
#
|
|
#
|
|
# !Description: Init script for Trustfence initramfs
|
|
#
|
|
#===============================================================================
|
|
|
|
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
|
|
|
|
mkdir -p /proc /sys /dev
|
|
mount -t proc proc /proc
|
|
mount -t sysfs sysfs /sys
|
|
mount -t devtmpfs devtmpfs /dev
|
|
|
|
# Set kernel console loglevel
|
|
LOGLEVEL="$(sysctl -n kernel.printk)"
|
|
sysctl -q -w kernel.printk=4
|
|
|
|
for arg in $(cat /proc/cmdline); do
|
|
case "${arg}" in
|
|
init=*|rescue=1|root=*|trustfence_install=*) eval ${arg};;
|
|
trustfence_fskey*)
|
|
tf_fskey_bool=true;
|
|
eval ${arg};;
|
|
esac
|
|
done
|
|
|
|
# Translate "PARTUUID=..." to real device
|
|
root="/dev/$(findfs ${root})"
|
|
|
|
rescue_shell () {
|
|
# Expand console and respawn if exited
|
|
while true; do
|
|
setsid cttyhack sh -l
|
|
sleep 1
|
|
done
|
|
}
|
|
|
|
# Jump to a rescue shell if requested
|
|
if [ -n "${rescue}" ]; then
|
|
rescue_shell
|
|
fi
|
|
|
|
if [ -n "${tf_fskey_bool}" ]; then
|
|
# Program key if trustfence_fskey kernel parameter exists
|
|
if [ -n "${trustfence_fskey}" ]; then
|
|
# trustfence_fskey not empty - use provided key
|
|
printf "\nUsing provided key\n"
|
|
trustfence-tool --newkey=${trustfence_fskey}
|
|
if [ "${?}" != "0" ]; then
|
|
error "trustfence-tool: key generation"
|
|
fi
|
|
else
|
|
# trustfence_fskey empty - use random key
|
|
printf "\nGenerating new random key\n"
|
|
trustfence-tool --newkey
|
|
if [ "${?}" != "0" ]; then
|
|
error "trustfence-tool: key generation"
|
|
fi
|
|
fi
|
|
printf "\nFile system encryption key changed.\n"
|
|
printf "A system reboot is needed for the kernel to use it.\n"
|
|
rescue_shell
|
|
fi
|
|
|
|
# Run install script if "trustfence_install" kernel parameter exists
|
|
if [ -n "${trustfence_install}" ]; then
|
|
trustfence-install.sh ${trustfence_install}
|
|
sleep 1
|
|
echo ">> Rebooting the system"
|
|
sleep 1
|
|
sync && reboot -f
|
|
fi
|
|
|
|
# Mount device
|
|
mkdir -p /newroot
|
|
mount -t "ubifs" ${root} /newroot
|
|
|
|
#
|
|
# Clean-up and do the switch_root to the final rootfs
|
|
#
|
|
# - restore previous kernel console loglevel
|
|
# - umount virtual filesystems
|
|
#
|
|
[ -n "${LOGLEVEL}" ] && sysctl -q -w kernel.printk="${LOGLEVEL}"
|
|
mount --move /dev /newroot/dev
|
|
umount /sys /proc
|
|
exec switch_root /newroot ${init:-/sbin/init}
|