diff options
author | Aaron Ball <nullspoon@oper.io> | 2017-11-09 08:26:21 -0700 |
---|---|---|
committer | Aaron Ball <nullspoon@oper.io> | 2017-11-09 08:26:21 -0700 |
commit | a0c75f7dfe2d69386f74c960be9973a319eaf6fc (patch) | |
tree | ad6350a57af0ef06de33bf51b23aa18438c08cb9 | |
parent | 8ebceb15720aca0f35eb00192fa117d9260a2cb6 (diff) | |
download | mkinitramfs-a0c75f7dfe2d69386f74c960be9973a319eaf6fc.tar.gz mkinitramfs-a0c75f7dfe2d69386f74c960be9973a319eaf6fc.tar.xz |
init:added support for cryptroot directive
The cryptroot directive allows the user to specify a new root that might
appear post-decryption of the main root device. This allows users to
have encrypted devices that contain a partition table with multiple
partitions.
Updated README to reflect these changes. Also updated it to be a bit
more standard, added examples, reformatted directive descriptions, etc.
-rw-r--r-- | README | 65 | ||||
-rw-r--r-- | README.adoc | 101 | ||||
-rwxr-xr-x | init | 20 |
3 files changed, 121 insertions, 65 deletions
@@ -1,65 +0,0 @@ -README -====== - -Description ------------ - -Mkinitramfs is a shell script that will generate a cpio init ram filesystem. - -The script itself simply checks for minimum required kernel capabilities, -recursively copies in useful applications and their library dependencies -(using ldd), and uses cpio to generate an init ram filesystem. - -Note that this also includes an init script used for booting from the initrd -image, into the actual system. It includes support for dm-crypt encrypted root -volumes, as well as providing simple debugging capabilities. - - -Usage ------ - -The script, mkinitramfs, creates a new init ram filesystem. - -To use it, simply execute it, with the version of the kernel specified, and it -will create the initrd file, written to /boot/initrd-${version}. A -corresponding /boot/vmlinuz-${version} and /boot/System.map-${version} is -required. This version format is recognized by grub, so grub-mkconfig will -detect these files. - -NOTE: This will overwrite the /boot/initrd-${version} file if it exists. If -you have something there that you want to keep, be sure to back it up before -running mkinitramfs. - - -Init Arguments --------------- - -root -~~~~ -*values*: -- root=/dev/sda3 -- root=UUID=92b74fd7-6e4f-4a52-ad40-fac874410ca3 -- root=LABEL=system - -Path to the root device. Supports a dev path, LABEL, and UUID values. - - -initdebug -~~~~~~~~~ -*values*: NA - -Enables step-by-step boot mode. Each step requires the user to hit the return -key. Note that enabling this will probably make the boot process go very -slowly as it requires a user response for every step. - - -interractive -~~~~~~~~~~~~ - -Drops the user into an interractive shell, but before performing the first -mount operation, which is where most problems start to occur. This can be -useful for implementing new features in the init script, debugging problems, -checking the environment, etc. - - -// vim: set syntax=asciidoc: diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..8ea66e3 --- /dev/null +++ b/README.adoc @@ -0,0 +1,101 @@ +README +====== + +Description +----------- + +Mkinitramfs is a shell script that will generate a cpio init ram filesystem. + +The script itself simply checks for minimum required kernel capabilities, +recursively copies in useful applications and their library dependencies (using +ldd), and uses cpio to generate an init ram filesystem. + +Note that this also includes an init script used for booting from the initrd +image, into the actual system. It includes support for dm-crypt encrypted root +volumes, as well as providing simple debugging capabilities. + + +Usage +----- + +The script, mkinitramfs, creates a new init ram filesystem. + +To use it, simply execute it, with the version of the kernel specified, and it +will create the initrd file, written to /boot/initrd-${version}. A +corresponding /boot/vmlinuz-${version} and /boot/System.map-${version} is +required. This version format is recognized by grub, so grub-mkconfig will +detect these files. + +NOTE: This will overwrite the /boot/initrd-${version} file if it exists. If +you have something there that you want to keep, be sure to back it up before +running mkinitramfs. + + +Init Arguments +-------------- + +root +~~~~ +* *required*: yes +* *examples*: +** root=/dev/sda3 +** root=UUID=92b74fd7-6e4f-4a52-ad40-fac874410ca3 +** root=LABEL=system + +Path to the root device. Supports a dev path, LABEL, and UUID values. If device +is encrypted, the user will be prompted to decrypt it with a password. The +decrypted device will be mounted at _/dev/mapper/_dev_sda3_ (per the example). + +NOTE: This only works with encrypted devices where the encrypted device + contains only a filesystem. If the encrypted device contains its own + partition table, see the _cryptroot_ directive. + + +cryptroot +~~~~~~~~~ +* *required*: no +* *examples*: +** cryptroot=/dev/mapper/_sdap3 +** cryptroot=UUID=92b74fd7-6e4f-4a52-ad40-fac874410ca3 +** cryptroot=LABEL=system + +Provides an alternate root device, set after decrypting the encrypted root +device. Only useful when the root directive is set. An example of using this +might be, root specifies a cryptluks device, that once decrypted, contains its +own partition table with partitions. This directive can be used to specify +which of those partitions is the system partition, after decryption has taken +place. + +.Example +---- +root=/dev/sda3 cryptroot=/dev/mapper/_dev_sda3p1 +---- + +This example uses /dev/sda3 (which is a cryptluks device) as the original root. +The user is prompted to decrypt it with a password. After successful +decryption, the root device is reset to _dev_sda3p1, which is partition 1 of +the decrypted sda3 cryptluks device. + + +initdebug +~~~~~~~~~ +* *required*: no +* *examples*: NA + +Enables step-by-step boot mode. Each step requires the user to hit the return +key. + +NOTE: Enabling this will probably make the boot process go very slowly as it + requires a user response for every step. + + +interractive +~~~~~~~~~~~~ +* *required*: no +* *examples*: NA + +Drops the user into an interractive shell, but before performing the first +mount operation, which is where most problems start to occur. This can be +useful for implementing new features in the init script, debugging problems, +checking the environment, etc. + @@ -3,6 +3,7 @@ export DEBUG=0 export INTERACTIVE=0 export ROOTDEV='' +export CRYPTROOT='' screen_init() { # Clear screen @@ -57,6 +58,20 @@ parse_cmdline() { ROOTDEV="$(echo ${i} | cut -d '=' -f 2)" fi ;; + cryptroot=*) + if [ "${i:10:4}" == 'UUID' ]; then + # mount by uuid + local uuid=$(echo ${i} | cut -d '=' -f 3) + CRYPTROOT="$(blkid -U ${uuid})" + elif [ "${i:10:5}" == 'LABEL' ]; then + # mount by label + local label=$(echo ${i} | cut -d '=' -f 3) + CRYPTROOT="$(blkid -L ${label})" + else + # mount by dev + CRYPTROOT="$(echo ${i} | cut -d '=' -f 2)" + fi + ;; initdebug) # Enable debug mode (this is gonna be slow) DEBUG=1 @@ -194,6 +209,11 @@ main() { log "New rootdev: ${ROOTDEV}" fi + if [ ! -z "${CRYPTROOT}" ]; then + log "Cryptroot defined. Changing rootdev to '${CRYPTROOT}'" + ROOTDEV="${CRYPTROOT}" + fi + # Drop to interactive shell if requested if [ "${INTERACTIVE}" == 1 ]; then log "Interractive shell requested. Type 'exit' to continue boot sequence." |