Attachment #265903 for bug #358967

View | Details | Raw Unified | Return to bug 358967
Collapse All | Expand All




	fi
}

startTrousers()
{
        /sbin/ifconfig lo 127.0.0.1 up
        chown tss:tss /dev/tpm0
        chmod 600 /dev/tpm0
        /sbin/tcsd
        if [ "$?" -eq '0' ]
        then
	        good_msg "Starting Trousers"
	else
	        bad_msg "Can't starting trousers"
	fi
}

startTpmCrypt()
{
	#Starting Trousers
	startTrousers

	#Starting tpmcrypt keyprovider daemon
	if [ ! -e /var/run/tpmcrypt/server.socket ]
	then
		/sbin/tpmcrypt_keyproviderd -p
		good_msg "TpmCrypt Enviroment started successfully"
	else
		bad_msg "Can't start TpmCrypt Enviroment"
		exec sh
	fi
	
	#Starting Login
	/bin/tpmcrypt_mount
}

sdelay() {
	# Sleep a specific number of seconds if SDELAY is set
	if [ "${SDELAY}" ]

Lines 181-186 Link Here

(-)/usr/share/genkernel/defaults/linuxrc (+15 lines)
181	iscsi_noibft)	181	iscsi_noibft)
182	ISCSI_NOIBFT=1	182	ISCSI_NOIBFT=1
183	;;	183	;;
		184	#TpmCrypt and Trousers
		185	tpmcrypt)
		186	TPMCRYPT=1
		187	;;
184	# Crypto	188	# Crypto
185	crypt_root\=*)	189	crypt_root\=*)
186	CRYPT_ROOT=`parse_opt "${x}"`	190	CRYPT_ROOT=`parse_opt "${x}"`
Lines 354-359 Link Here
354	mkdir -p "${NEW_ROOT}"	358	mkdir -p "${NEW_ROOT}"
355	CHROOT="${NEW_ROOT}"	359	CHROOT="${NEW_ROOT}"
356		360
		361	if [ "${CDROOT}" != 1 ]
		362	then
		363	if [ "${TPMCRYPT}" = '1' ]
		364	then
		365	startTpmCrypt
		366	fi
		367	fi
		368
		369	#LVM Rescan
		370	startVolumes
		371
357	# Run debug shell if requested	372	# Run debug shell if requested
358	rundebugshell	373	rundebugshell
359		374

Lines 92-97 Link Here

(-)/usr/share/genkernel/gen_cmdline.sh (+5 lines)
92	echo " ramdisk"	92	echo " ramdisk"
93	echo " --luks Include LUKS support"	93	echo " --luks Include LUKS support"
94	echo " --> 'emerge cryptsetup-luks' with USE=-dynamic"	94	echo " --> 'emerge cryptsetup-luks' with USE=-dynamic"
		95	echo " --tpmcrypt Include TpmCrypt support"
95	echo " --gpg Include GPG-armored LUKS key support"	96	echo " --gpg Include GPG-armored LUKS key support"
96	echo " --no-busybox Do not include busybox in the initramfs."	97	echo " --no-busybox Do not include busybox in the initramfs."
97	echo " --unionfs Include support for unionfs"	98	echo " --unionfs Include support for unionfs"
Lines 520-525 Link Here
520	CMD_LUKS=1	521	CMD_LUKS=1
521	print_info 2 "CMD_LUKS: ${CMD_LUKS}"	522	print_info 2 "CMD_LUKS: ${CMD_LUKS}"
522	;;	523	;;
		524	--tpmcrypt)
		525	CMD_TPMCRYPT=1
		526	print_info 2 "CMD_TPMCRYPT: ${CMD_TPMCRYPT}"
		527	;;
523	--gpg)	528	--gpg)
524	CMD_GPG=1	529	CMD_GPG=1
525	print_info 2 "CMD_GPG: ${CMD_GPG}"	530	print_info 2 "CMD_GPG: ${CMD_GPG}"




	set_config_with_override 1 DMRAID               CMD_DMRAID
	set_config_with_override 1 ISCSI                CMD_ISCSI
	set_config_with_override 1 BUSYBOX              CMD_BUSYBOX              "yes"
	set_config_with_override 1 UNIONFS		CMD_UNIONFS
	set_config_with_override 1 NETBOOT		CMD_NETBOOT
	set_config_with_override 2 REAL_ROOT		CMD_REAL_ROOT
	set_config_with_override 1 DISKLABEL            CMD_DISKLABEL
	set_config_with_override 1 LUKS                 CMD_LUKS
	set_config_with_override 1 TPMCRYPT             CMD_TPMCRYPT
	set_config_with_override 1 GPG                  CMD_GPG
	set_config_with_override 1 MDADM                CMD_MDADM
	set_config_with_override 1 MULTIPATH            CMD_MULTIPATH




	rm -r "${TEMP}/initramfs-luks-temp/"
}

append_tpmcrypt() {
	if [ -d "${TEMP}/initramfs-tpmcrypt-temp" ]	
	then
		rm -r "${TEMP}/initramfs-tpmcrypt-temp"
	fi

	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/sbin"
	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/bin"
	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/lib/"
	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/etc/tpmcrypt"
	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/var/run/tpmcrypt"
	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/var/log/"

	cd "${TEMP}/initramfs-tpmcrypt-temp"

	if isTrue ${TPMCRYPT}
	then	
		if [ -e /usr/sbin/tcsd ]
		then
			print_info 1 "Including TrouSers support"
	        	cp /usr/sbin/tcsd ${TEMP}/initramfs-tpmcrypt-temp/sbin
	        	chmod +x "${TEMP}/initramfs-tpmcrypt-temp/sbin/tcsd"
			sed '/^system_ps_file/ d' /etc/tcsd.conf > ${TEMP}/initramfs-tpmcrypt-temp/etc/tcsd.conf
			echo "system_ps_file = /etc/tpmcrypt/tpmcrypt.data" >> ${TEMP}/initramfs-tpmcrypt-temp/etc/tcsd.conf						
		                if is_static /bin/tpmcrypt_mount && is_static /sbin/tpmcrypt_keyproviderd
		                then
		                        print_info 1 "Not implemented"
		                else
					print_info 1 "Including TpmCrypt support"
					cp /usr/bin/tpmcrypt_mount ${TEMP}/initramfs-tpmcrypt-temp/bin/
					chmod +x "${TEMP}/initramfs-tpmcrypt-temp/bin/tpmcrypt_mount"
					cp /usr/sbin/tpmcrypt_keyproviderd ${TEMP}/initramfs-tpmcrypt-temp/sbin/
					chmod +x "${TEMP}/initramfs-tpmcrypt-temp/sbin/tpmcrypt_keyproviderd"
					cp /var/log/tpmcrypt.log ${TEMP}/initramfs-tpmcrypt-temp/var/log/
					chmod 660 "${TEMP}/initramfs-tpmcrypt-temp/var/log/tpmcrypt.log"
					cp -a -L /usr/lib/libtspi.so.1 ${TEMP}/initramfs-tpmcrypt-temp/lib/
					cp -a -L /usr/lib/libgmp.so.3 ${TEMP}/initramfs-tpmcrypt-temp/lib/
				fi
		else
			print_info 1 "No TrouSers found"
			print_info 1 "Not including TpmCrypt and TrouSers"

		fi
	fi

	find . -print | cpio ${CPIO_ARGS} --append -F "${CPIO}" \
	                 || gen_die "appending TpmCrypt to cpio"

        cd "${TEMP}"
        rm -r "${TEMP}/initramfs-tpmcrypt-temp/"
}

append_firmware() {
	if [ -z "${FIRMWARE_FILES}" -a ! -d "${FIRMWARE_DIR}" ]
	then

	append_data 'evms' "${EVMS}"
	append_data 'mdadm' "${MDADM}"
	append_data 'luks' "${LUKS}"
	append_data 'tpmcrypt' "${TPMCRYPT}"
	append_data 'multipath' "${MULTIPATH}"
	append_data 'gpg' "${GPG}"


Return to bug 358967

Lines 940-945 Link Here

(-)/usr/share/genkernel/defaults/initrd.scripts (+33 lines)
940	fi	940	fi
941	}	941	}
942		942
		943	startTrousers()
		944	{
		945	/sbin/ifconfig lo 127.0.0.1 up
		946	chown tss:tss /dev/tpm0
		947	chmod 600 /dev/tpm0
		948	/sbin/tcsd
		949	if [ "$?" -eq '0' ]
		950	then
		951	good_msg "Starting Trousers"
		952	else
		953	bad_msg "Can't starting trousers"
		954	fi
		955	}
		956
		957	startTpmCrypt()
		958	{
		959	#Starting Trousers
		960	startTrousers
		961
		962	#Starting tpmcrypt keyprovider daemon
		963	if [ ! -e /var/run/tpmcrypt/server.socket ]
		964	then
		965	/sbin/tpmcrypt_keyproviderd -p
		966	good_msg "TpmCrypt Enviroment started successfully"
		967	else
		968	bad_msg "Can't start TpmCrypt Enviroment"
		969	exec sh
		970	fi
		971
		972	#Starting Login
		973	/bin/tpmcrypt_mount
		974	}
		975
943	sdelay() {	976	sdelay() {
944	# Sleep a specific number of seconds if SDELAY is set	977	# Sleep a specific number of seconds if SDELAY is set
945	if [ "${SDELAY}" ]	978	if [ "${SDELAY}" ]

Lines 112-122 Link Here

(-)/usr/share/genkernel/gen_determineargs.sh (-3 / +4 lines)
112	set_config_with_override 1 DMRAID CMD_DMRAID	112	set_config_with_override 1 DMRAID CMD_DMRAID
113	set_config_with_override 1 ISCSI CMD_ISCSI	113	set_config_with_override 1 ISCSI CMD_ISCSI
114	set_config_with_override 1 BUSYBOX CMD_BUSYBOX "yes"	114	set_config_with_override 1 BUSYBOX CMD_BUSYBOX "yes"
115	set_config_with_override 1 UNIONFS CMD_UNIONFS	115	set_config_with_override 1 UNIONFS CMD_UNIONFS
116	set_config_with_override 1 NETBOOT CMD_NETBOOT	116	set_config_with_override 1 NETBOOT CMD_NETBOOT
117	set_config_with_override 2 REAL_ROOT CMD_REAL_ROOT	117	set_config_with_override 2 REAL_ROOT CMD_REAL_ROOT
118	set_config_with_override 1 DISKLABEL CMD_DISKLABEL	118	set_config_with_override 1 DISKLABEL CMD_DISKLABEL
119	set_config_with_override 1 LUKS CMD_LUKS	119	set_config_with_override 1 LUKS CMD_LUKS
		120	set_config_with_override 1 TPMCRYPT CMD_TPMCRYPT
120	set_config_with_override 1 GPG CMD_GPG	121	set_config_with_override 1 GPG CMD_GPG
121	set_config_with_override 1 MDADM CMD_MDADM	122	set_config_with_override 1 MDADM CMD_MDADM
122	set_config_with_override 1 MULTIPATH CMD_MULTIPATH	123	set_config_with_override 1 MULTIPATH CMD_MULTIPATH

Lines 435-440 Link Here

(-)/usr/share/genkernel/gen_initramfs.sh (+53 lines)
435	rm -r "${TEMP}/initramfs-luks-temp/"	435	rm -r "${TEMP}/initramfs-luks-temp/"
436	}	436	}
437		437
		438	append_tpmcrypt() {
		439	if [ -d "${TEMP}/initramfs-tpmcrypt-temp" ]
		440	then
		441	rm -r "${TEMP}/initramfs-tpmcrypt-temp"
		442	fi
		443
		444	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/sbin"
		445	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/bin"
		446	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/lib/"
		447	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/etc/tpmcrypt"
		448	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/var/run/tpmcrypt"
		449	mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/var/log/"
		450
		451	cd "${TEMP}/initramfs-tpmcrypt-temp"
		452
		453	if isTrue ${TPMCRYPT}
		454	then
		455	if [ -e /usr/sbin/tcsd ]
		456	then
		457	print_info 1 "Including TrouSers support"
		458	cp /usr/sbin/tcsd ${TEMP}/initramfs-tpmcrypt-temp/sbin
		459	chmod +x "${TEMP}/initramfs-tpmcrypt-temp/sbin/tcsd"
		460	sed '/^system_ps_file/ d' /etc/tcsd.conf > ${TEMP}/initramfs-tpmcrypt-temp/etc/tcsd.conf
		461	echo "system_ps_file = /etc/tpmcrypt/tpmcrypt.data" >> ${TEMP}/initramfs-tpmcrypt-temp/etc/tcsd.conf
		462	if is_static /bin/tpmcrypt_mount && is_static /sbin/tpmcrypt_keyproviderd
		463	then
		464	print_info 1 "Not implemented"
		465	else
		466	print_info 1 "Including TpmCrypt support"
		467	cp /usr/bin/tpmcrypt_mount ${TEMP}/initramfs-tpmcrypt-temp/bin/
		468	chmod +x "${TEMP}/initramfs-tpmcrypt-temp/bin/tpmcrypt_mount"
		469	cp /usr/sbin/tpmcrypt_keyproviderd ${TEMP}/initramfs-tpmcrypt-temp/sbin/
		470	chmod +x "${TEMP}/initramfs-tpmcrypt-temp/sbin/tpmcrypt_keyproviderd"
		471	cp /var/log/tpmcrypt.log ${TEMP}/initramfs-tpmcrypt-temp/var/log/
		472	chmod 660 "${TEMP}/initramfs-tpmcrypt-temp/var/log/tpmcrypt.log"
		473	cp -a -L /usr/lib/libtspi.so.1 ${TEMP}/initramfs-tpmcrypt-temp/lib/
		474	cp -a -L /usr/lib/libgmp.so.3 ${TEMP}/initramfs-tpmcrypt-temp/lib/
		475	fi
		476	else
		477	print_info 1 "No TrouSers found"
		478	print_info 1 "Not including TpmCrypt and TrouSers"
		479
		480	fi
		481	fi
		482
		483	find . -print \| cpio ${CPIO_ARGS} --append -F "${CPIO}" \
		484	\|\| gen_die "appending TpmCrypt to cpio"
		485
		486	cd "${TEMP}"
		487	rm -r "${TEMP}/initramfs-tpmcrypt-temp/"
		488	}
		489
438	append_firmware() {	490	append_firmware() {
439	if [ -z "${FIRMWARE_FILES}" -a ! -d "${FIRMWARE_DIR}" ]	491	if [ -z "${FIRMWARE_FILES}" -a ! -d "${FIRMWARE_DIR}" ]
440	then	492	then
Lines 672-677 Link Here
672	append_data 'evms' "${EVMS}"	724	append_data 'evms' "${EVMS}"
673	append_data 'mdadm' "${MDADM}"	725	append_data 'mdadm' "${MDADM}"
674	append_data 'luks' "${LUKS}"	726	append_data 'luks' "${LUKS}"
		727	append_data 'tpmcrypt' "${TPMCRYPT}"
675	append_data 'multipath' "${MULTIPATH}"	728	append_data 'multipath' "${MULTIPATH}"
676	append_data 'gpg' "${GPG}"	729	append_data 'gpg' "${GPG}"
677		730