Gentoo Attachment #123127 for bug #174294

View | Details | Raw Unified
Collapse All | Expand All

(-) genkernel/trunk/generic/initrd.scripts (-6 / +20 lines)

Lines 109-126	Link Here

                        if [ -b "${x}" ]

                        if [ -b "${x}" ]

                        then

                        then

                                good_msg "Attempting to mount key media:- ${x}"

                                good_msg "Attempting to mount key media:- ${x}"

                                mount -r -t auto ${x} ${NEW_ROOT}/mnt/key \

                                mount -r -t auto ${x} ${NEW_ROOT}/mnt/keydev \

                                                > /dev/null 2>&1

                                                > /dev/null 2>&1

fi

                                if [ "$?" = '0' ]

                                if [ "$?" = '0' ]

                                then

                                then

                                        # Check for the key

                                        # Check for the key

                                        if [ -e ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} ]

                                        if [ -e ${NEW_ROOT}/mnt/keydev/${SUBDIR}/${KEYNAME} ]

                                        then

                                        then

                                                KEY_ROOT="${x}"

                                                LUKS_ROOT_KEYDEV="${x}"

						umount ${NEW_ROOT}/mnt/keydev

                                                break

                                                break

                                        else

                                        else

                                                umount ${NEW_ROOT}/mnt/key

                                                umount ${NEW_ROOT}/mnt/keydev

fi

fi

fi

fi

fi

fi

Lines 658-663	Link Here

do

do

			if [ "${LUKS_DEVICE}" = '' ]

			if [ "${LUKS_DEVICE}" = '' ]

			then

			then

				if [ ${LUKS_SILENT} ]

				then

					echo 'System booted'

					run_shell

fi

			elif [ 1 ]

			then

				# LUKS device could not be opened. Prompt user for device.

				# LUKS device could not be opened. Prompt user for device.

				bad_msg "The LUKS ${LUKS_NAME} block device is not detected."

				bad_msg "The LUKS ${LUKS_NAME} block device is not detected."

				echo "   Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."

				echo "   Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..."

Lines 677-688	Link Here

				setup_md_device ${LUKS_DEVICE}

				setup_md_device ${LUKS_DEVICE}

				if cryptsetup isLuks ${LUKS_DEVICE}

				if cryptsetup isLuks ${LUKS_DEVICE}

				then

				then

					good_msg "Opening LUKS device ${LUKS_DEVICE}"

					if [ "${LUKS_SILENT}" = '' ]

					then

						good_msg "Opening LUKS device ${LUKS_DEVICE}"

fi

					cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}

					cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME}

					if [ ! "$?" -eq '0' ]

					if [ ! "$?" -eq '0' ]

					then

					then

						bad_msg "Failed open LUKS device ${LUKS_DEVICE}"

						bad_msg "Failed open LUKS device ${LUKS_DEVICE}"

					elif [ "${LUKS_SILENT}" ]

					then

						run_shell

					else

					else

						break

						break

fi

fi

(-) genkernel/trunk/generic/linuxrc (-29 / +36 lines)

Lines 72-87	Link Here

			CDROOT=1

			CDROOT=1

			CDROOT_DEV=`parse_opt "${x}"`

			CDROOT_DEV=`parse_opt "${x}"`

;;

;;

		# Start livecd loop, looptype options and encryption

		# Start livecd loop, looptype options

		loop\=*)

		loop\=*)

			LOOP=`parse_opt "${x}"`

			LOOP=`parse_opt "${x}"`

;;

;;

		looptype\=*)

		looptype\=*)

			LOOPTYPE=`parse_opt "${x}"`

			LOOPTYPE=`parse_opt "${x}"`

;;

;;

		loop_crypt\=*)

			LOOP_CRYPT=`parse_opt "${x}"`

;;

		# Start Device Manager options

		# Start Device Manager options

		devfs)

		devfs)

			USE_DEVFS_NORMAL=1

			USE_DEVFS_NORMAL=1

Lines 182-187	Link Here

		crypt_swap\=*)

		crypt_swap\=*)

			LUKS_SWAP=`parse_opt "${x}"`

			LUKS_SWAP=`parse_opt "${x}"`

;;

;;

		crypt_silent\=*)

			LUKS_SILENT=`parse_opt "${x}"`

;;

		real_rootflags\=*)

		real_rootflags\=*)

			REAL_ROOTFLAGS=`parse_opt "${x}"`

			REAL_ROOTFLAGS=`parse_opt "${x}"`

;;

;;

Lines 236-243	Link Here

# Scan volumes

# Scan volumes

startVolumes

startVolumes

# Initialize LUKS root device

# Initialize LUKS root device except for livecd's

startLUKS

if [ "${CDROOT}" -ne '1' ]

then

	startLUKS

fi

# Set up unionfs

# Set up unionfs

mkdir -p ${NEW_ROOT}

mkdir -p ${NEW_ROOT}

Lines 264-270	Link Here

		mount -t tmpfs tmpfs ${NEW_ROOT}

		mount -t tmpfs tmpfs ${NEW_ROOT}

fi

fi

	for i in dev mnt mnt/cdrom mnt/livecd mnt/key tmp tmp/.initrd mnt/gentoo sys

	for i in dev mnt mnt/cdrom mnt/livecd mnt/keydev tmp tmp/.initrd mnt/gentoo sys

do

do

		mkdir -p ${NEW_ROOT}/$i

		mkdir -p ${NEW_ROOT}/$i

		chmod 755 ${NEW_ROOT}/$i

		chmod 755 ${NEW_ROOT}/$i

Lines 496-532	Link Here

        # If encrypted, find key and mount, otherwise mount as usual

        # If encrypted, find key and mount, otherwise mount as usual

	if [ "${LOOP_CRYPT}" != '' ]

	if [ "${LUKS_ROOT}" != '' ]

	then

	then

		good_msg 'You booted an encrypted livecd'

		if [ "${LUKS_SILENT}" = '' ]

		KEYNAME=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)

		then

			good_msg 'You booted an encrypted livecd'

fi

		if [ "${KEYNAME}" = '' ]

		LUKS_ROOT_KEY=$(head -n 1 ${NEW_ROOT}/mnt/cdrom/livecd)

		then

			good_msg 'It's not locked with a gpg key, attempting to decrypt manually'

			losetup -e ${LOOP_CRYPT} /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}

		else

		if [ "${LUKS_ROOT_KEY}" ]

			good_msg 'Livecd locked with gpg key'

		then

			bootstrapKey

			bootstrapKey

			good_msg 'Attempting to decrypt with key'

			losetup -K ${NEW_ROOT}/mnt/key/${SUBDIR}/${KEYNAME} -e ${LOOP_CRYPT} /dev/loop1 \

				${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}

fi

fi

		test_success 'Unencrypting loop'

		losetup /dev/loop1 ${NEW_ROOT}/mnt/cdrom/${LOOPEXT}${LOOP}

		test_success 'Preparing loop filesystem'

		LUKS_ROOT='/dev/loop1'

		startLUKS

		case ${LOOPTYPE} in

		case ${LOOPTYPE} in

			squashfs)

				MOUNTTYPE="squashfs"

			normal)

			normal)

				MOUNTTYPE="ext2"

				MOUNTTYPE="ext2"

		esac

;;

*)

				MOUNTTYPE="${LOOPTYPE}"

;;

		esac

		mount -t ${MOUNTTYPE} -o ro /dev/loop1 ${NEW_ROOT}/mnt/livecd

		mount -t ${MOUNTTYPE} -o ro /dev/mapper/root ${NEW_ROOT}/mnt/livecd

		test_success 'Mount filesystem, checking key'

		test_success 'Mount filesystem'

		FS_LOCATION='mnt/livecd'

		FS_LOCATION='mnt/livecd'

Lines 590-596	Link Here

			test_success 'mount /dev/loop0 /'

			test_success 'mount /dev/loop0 /'

			FS_LOCATION='mnt/livecd'

			FS_LOCATION='mnt/livecd'

fi

fi

fi

# End cdrom looptype determination and mounting if necessary

# End cdrom looptype determination and mounting if necessary

Attachment #123127: Luks version, without keys. Extra boot option for added security for bug #174294