From f6fa1db3977d4fcf786af1d3f59b049ded71818c Mon Sep 17 00:00:00 2001 From: fdupoux Date: Sun, 17 May 2020 10:04:41 +0100 Subject: [PATCH 1/3] Add tools required to use encrypted devices to the initramfs --- airootfs/etc/initcpio/install/findroot | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/airootfs/etc/initcpio/install/findroot b/airootfs/etc/initcpio/install/findroot index 5c5cab7..42e996f 100644 --- a/airootfs/etc/initcpio/install/findroot +++ b/airootfs/etc/initcpio/install/findroot @@ -1,7 +1,16 @@ #!/bin/bash build() { - add_binary "/usr/bin/lsblk" "/usr/bin/lsblk" + add_module "dm-crypt" + add_module "dm-integrity" + add_all_modules "/crypto/" + + add_binary "lsblk" + add_binary "cryptsetup" + add_binary "dmsetup" + + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" add_runscript } From 88a82c06626bafaf752eb0e8b2b8d08524d6fbf0 Mon Sep 17 00:00:00 2001 From: fdupoux Date: Sun, 17 May 2020 11:39:50 +0100 Subject: [PATCH 2/3] Added support for booting from luks encrpyted devices in findroot --- ChangeLog | 2 +- airootfs/etc/initcpio/hooks/findroot | 30 +++++++++++++++++++++++++++- syslinux/sysresccd_sys.cfg | 2 +- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e1620b4..f8d6aff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,7 @@ SystemRescueCd ChangeLog ------------------------------------------------------------------------------- 6.1.4 (YYYY-MM-DD): ------------------------------------------------------------------------------- -* Added an option in the boot menu to start from a Linux OS installed on the disk +* Added an entry in the boot menu to start from a Linux OS installed on the disk ------------------------------------------------------------------------------- 6.1.3 (2020-04-18): diff --git a/airootfs/etc/initcpio/hooks/findroot b/airootfs/etc/initcpio/hooks/findroot index 2339ba8..fdeccc8 100644 --- a/airootfs/etc/initcpio/hooks/findroot +++ b/airootfs/etc/initcpio/hooks/findroot @@ -1,14 +1,42 @@ run_hook() { grep -q 'findroot' /proc/cmdline || return + # Initialisation local newroot="/new_root" local rootdev="" + modprobe -a -q dm-crypt >/dev/null 2>&1 echo "Searching for block devices ..." + sleep 2 + + # Prepare access to luks encrypted block devices + local cryptdev="$(blkid -t TYPE='crypto_LUKS' -o device)" + for curdev in ${cryptdev} + do + if cryptsetup isLuks ${curdev} >/dev/null 2>&1 + then + echo "A passphrase is required to access device ${curdev}:" + local cryptname="${curdev##*/}" + local cryptargs="" + while ! eval cryptsetup open --type luks ${curdev} ${cryptname} ${cryptargs} + do + sleep 2; + done + if [ ! -e "/dev/mapper/${cryptname}" ] + then + err "Password succeeded but ${cryptname} creation failed, aborting..." + launch_interactive_shell --exec + fi + echo "Have successfully prepared access to encrypted device ${curdev}" + fi + done + + # Show list of accessible block devices echo "=====================================================================" - /usr/bin/lsblk --list --paths --output=name,fssize,fstype,label,uuid + /usr/bin/lsblk --list --paths --output=name,fssize,fstype,label echo "=====================================================================" sleep 5 + # Attempt to find a filesystem which contains /sbin/init local devlist=$(/usr/bin/lsblk --list --noheadings --paths --output=name) for curdev in ${devlist} do diff --git a/syslinux/sysresccd_sys.cfg b/syslinux/sysresccd_sys.cfg index 87ff16c..afe575f 100644 --- a/syslinux/sysresccd_sys.cfg +++ b/syslinux/sysresccd_sys.cfg @@ -31,7 +31,7 @@ LABEL sysresccd_findroot TEXT HELP Boot from a Linux operating system installed on the disk ENDTEXT -MENU LABEL Automatically detect any installed Linux system on disk and start it +MENU LABEL Boot from a Linux operating system installed on the disk LINUX boot/%ISO_ARCH%/vmlinuz INITRD boot/intel_ucode.img,boot/amd_ucode.img,boot/%ISO_ARCH%/sysresccd.img APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% findroot From 3760fed011edd778d61b2ce41b0f87b6cb5cb299 Mon Sep 17 00:00:00 2001 From: fdupoux Date: Sun, 17 May 2020 15:28:35 +0100 Subject: [PATCH 3/3] Allow the user to choose which device to boot from if there are multiple systems found --- airootfs/etc/initcpio/hooks/findroot | 37 +++++++++++++++++++------- airootfs/etc/initcpio/install/findroot | 1 + 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/airootfs/etc/initcpio/hooks/findroot b/airootfs/etc/initcpio/hooks/findroot index fdeccc8..705d2bb 100644 --- a/airootfs/etc/initcpio/hooks/findroot +++ b/airootfs/etc/initcpio/hooks/findroot @@ -4,6 +4,8 @@ run_hook() { # Initialisation local newroot="/new_root" local rootdev="" + local rootcount=0 + local menuchoices="" modprobe -a -q dm-crypt >/dev/null 2>&1 echo "Searching for block devices ..." sleep 2 @@ -32,12 +34,12 @@ run_hook() { # Show list of accessible block devices echo "=====================================================================" - /usr/bin/lsblk --list --paths --output=name,fssize,fstype,label + lsblk --list --paths --output=name,size,fstype,label echo "=====================================================================" sleep 5 # Attempt to find a filesystem which contains /sbin/init - local devlist=$(/usr/bin/lsblk --list --noheadings --paths --output=name) + local devlist=$(lsblk --list --noheadings --paths --output=name) for curdev in ${devlist} do echo "Checking for ${init} on device ${curdev} ..." @@ -46,26 +48,41 @@ run_hook() { if test -x ${newroot}/${init} then echo "Found ${init} on device ${curdev}" - rootdev="${curdev}" - break + rootcount=$((rootcount + 1)) + menuchoices="${menuchoices} ${curdev} ${curdev}" fi umount ${newroot} fi done - if [ -z ${rootdev} ] + + # Fail if no root filesystem has been found + if [ ${rootcount} -eq 0 ] then err "Failed to find ${init} on any block device, cannot continue" launch_interactive_shell --exec fi - echo "Remounting device ${rootdev} in read-write mode ..." - if ! mount -o remount,rw ${rootdev} ${newroot} + + # Get the user to select the device from which to start + rootdev=$(whiptail --nocancel --title "Boot Linux OS from the disk" \ + --fb --menu "From which device do you want to boot ?" \ + --noitem 15 60 4 ${menuchoices} 3>&1 1>&2 2>&3) + + # Make sure the choice is a valid block device + if ! lsblk --nodeps ${rootdev} >/dev/null 2>/dev/null then - err "Failed to remount ${rootdev} in read-only mode" + err "Choice ${rootdev} is not a valid block device" + launch_interactive_shell --exec + fi + + read -p "Press enter to boot from ${rootdev}" + + echo "Mounting device ${rootdev} ..." + if ! mount ${rootdev} ${newroot} + then + err "Failed to mount ${rootdev} in read-write mode" launch_interactive_shell --exec fi - echo "About to boot from ${rootdev} ..." - sleep 15 rdlogger_stop exec env -i "TERM=$TERM" /usr/bin/switch_root ${newroot} ${init} "$@" } diff --git a/airootfs/etc/initcpio/install/findroot b/airootfs/etc/initcpio/install/findroot index 42e996f..a097f97 100644 --- a/airootfs/etc/initcpio/install/findroot +++ b/airootfs/etc/initcpio/install/findroot @@ -6,6 +6,7 @@ build() { add_all_modules "/crypto/" add_binary "lsblk" + add_binary "whiptail" add_binary "cryptsetup" add_binary "dmsetup"