--- /usr/share/genkernel/defaults/initrd.scripts 2011-03-14 23:52:50.409039604 +0100 +++ /usr/share/genkernel/defaults/initrd.scripts 2011-03-14 23:27:33.906815366 +0100 @@ -940,6 +940,39 @@ fi } +startTrousers() +{ + /sbin/ifconfig lo 127.0.0.1 up + chown tss:tss /dev/tpm0 + chmod 600 /dev/tpm0 + /sbin/tcsd + if [ "$?" -eq '0' ] + then + good_msg "Starting Trousers" + else + bad_msg "Can't starting trousers" + fi +} + +startTpmCrypt() +{ + #Starting Trousers + startTrousers + + #Starting tpmcrypt keyprovider daemon + if [ ! -e /var/run/tpmcrypt/server.socket ] + then + /sbin/tpmcrypt_keyproviderd -p + good_msg "TpmCrypt Enviroment started successfully" + else + bad_msg "Can't start TpmCrypt Enviroment" + exec sh + fi + + #Starting Login + /bin/tpmcrypt_mount +} + sdelay() { # Sleep a specific number of seconds if SDELAY is set if [ "${SDELAY}" ] --- /usr/share/genkernel/defaults/linuxrc 2011-03-14 23:52:50.409039604 +0100 +++ /usr/share/genkernel/defaults/linuxrc 2011-03-14 23:27:19.606794399 +0100 @@ -181,6 +181,10 @@ iscsi_noibft) ISCSI_NOIBFT=1 ;; + #TpmCrypt and Trousers + tpmcrypt) + TPMCRYPT=1 + ;; # Crypto crypt_root\=*) CRYPT_ROOT=`parse_opt "${x}"` @@ -354,6 +358,17 @@ mkdir -p "${NEW_ROOT}" CHROOT="${NEW_ROOT}" +if [ "${CDROOT}" != 1 ] +then + if [ "${TPMCRYPT}" = '1' ] + then + startTpmCrypt + fi +fi + +#LVM Rescan +startVolumes + # Run debug shell if requested rundebugshell --- /usr/share/genkernel/gen_cmdline.sh 2011-03-14 23:52:50.439039648 +0100 +++ /usr/share/genkernel/gen_cmdline.sh 2011-03-14 23:26:55.186758582 +0100 @@ -92,6 +92,7 @@ echo " ramdisk" echo " --luks Include LUKS support" echo " --> 'emerge cryptsetup-luks' with USE=-dynamic" + echo " --tpmcrypt Include TpmCrypt support" echo " --gpg Include GPG-armored LUKS key support" echo " --no-busybox Do not include busybox in the initramfs." echo " --unionfs Include support for unionfs" @@ -520,6 +521,10 @@ CMD_LUKS=1 print_info 2 "CMD_LUKS: ${CMD_LUKS}" ;; + --tpmcrypt) + CMD_TPMCRYPT=1 + print_info 2 "CMD_TPMCRYPT: ${CMD_TPMCRYPT}" + ;; --gpg) CMD_GPG=1 print_info 2 "CMD_GPG: ${CMD_GPG}" --- /usr/share/genkernel/gen_determineargs.sh 2011-03-14 23:52:50.449039674 +0100 +++ /usr/share/genkernel/gen_determineargs.sh 2011-03-14 23:37:53.607724288 +0100 @@ -112,11 +112,12 @@ set_config_with_override 1 DMRAID CMD_DMRAID set_config_with_override 1 ISCSI CMD_ISCSI set_config_with_override 1 BUSYBOX CMD_BUSYBOX "yes" - set_config_with_override 1 UNIONFS CMD_UNIONFS - set_config_with_override 1 NETBOOT CMD_NETBOOT - set_config_with_override 2 REAL_ROOT CMD_REAL_ROOT + set_config_with_override 1 UNIONFS CMD_UNIONFS + set_config_with_override 1 NETBOOT CMD_NETBOOT + set_config_with_override 2 REAL_ROOT CMD_REAL_ROOT set_config_with_override 1 DISKLABEL CMD_DISKLABEL set_config_with_override 1 LUKS CMD_LUKS + set_config_with_override 1 TPMCRYPT CMD_TPMCRYPT set_config_with_override 1 GPG CMD_GPG set_config_with_override 1 MDADM CMD_MDADM set_config_with_override 1 MULTIPATH CMD_MULTIPATH --- /usr/share/genkernel/gen_initramfs.sh 2011-03-14 23:52:50.459039681 +0100 +++ /usr/share/genkernel/gen_initramfs.sh 2011-03-14 23:48:31.428659765 +0100 @@ -435,6 +435,58 @@ rm -r "${TEMP}/initramfs-luks-temp/" } +append_tpmcrypt() { + if [ -d "${TEMP}/initramfs-tpmcrypt-temp" ] + then + rm -r "${TEMP}/initramfs-tpmcrypt-temp" + fi + + mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/sbin" + mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/bin" + mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/lib/" + mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/etc/tpmcrypt" + mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/var/run/tpmcrypt" + mkdir -p "${TEMP}/initramfs-tpmcrypt-temp/var/log/" + + cd "${TEMP}/initramfs-tpmcrypt-temp" + + if isTrue ${TPMCRYPT} + then + if [ -e /usr/sbin/tcsd ] + then + print_info 1 "Including TrouSers support" + cp /usr/sbin/tcsd ${TEMP}/initramfs-tpmcrypt-temp/sbin + chmod +x "${TEMP}/initramfs-tpmcrypt-temp/sbin/tcsd" + sed '/^system_ps_file/ d' /etc/tcsd.conf > ${TEMP}/initramfs-tpmcrypt-temp/etc/tcsd.conf + echo "system_ps_file = /etc/tpmcrypt/tpmcrypt.data" >> ${TEMP}/initramfs-tpmcrypt-temp/etc/tcsd.conf + if is_static /bin/tpmcrypt_mount && is_static /sbin/tpmcrypt_keyproviderd + then + print_info 1 "Not implemented" + else + print_info 1 "Including TpmCrypt support" + cp /usr/bin/tpmcrypt_mount ${TEMP}/initramfs-tpmcrypt-temp/bin/ + chmod +x "${TEMP}/initramfs-tpmcrypt-temp/bin/tpmcrypt_mount" + cp /usr/sbin/tpmcrypt_keyproviderd ${TEMP}/initramfs-tpmcrypt-temp/sbin/ + chmod +x "${TEMP}/initramfs-tpmcrypt-temp/sbin/tpmcrypt_keyproviderd" + cp /var/log/tpmcrypt.log ${TEMP}/initramfs-tpmcrypt-temp/var/log/ + chmod 660 "${TEMP}/initramfs-tpmcrypt-temp/var/log/tpmcrypt.log" + cp -a -L /usr/lib/libtspi.so.1 ${TEMP}/initramfs-tpmcrypt-temp/lib/ + cp -a -L /usr/lib/libgmp.so.3 ${TEMP}/initramfs-tpmcrypt-temp/lib/ + fi + else + print_info 1 "No TrouSers found" + print_info 1 "Not including TpmCrypt and TrouSers" + + fi + fi + + find . -print | cpio ${CPIO_ARGS} --append -F "${CPIO}" \ + || gen_die "appending TpmCrypt to cpio" + + cd "${TEMP}" + rm -r "${TEMP}/initramfs-tpmcrypt-temp/" +} + append_firmware() { if [ -z "${FIRMWARE_FILES}" -a ! -d "${FIRMWARE_DIR}" ] then @@ -672,6 +724,7 @@ append_data 'evms' "${EVMS}" append_data 'mdadm' "${MDADM}" append_data 'luks' "${LUKS}" + append_data 'tpmcrypt' "${TPMCRYPT}" append_data 'multipath' "${MULTIPATH}" append_data 'gpg' "${GPG}"