diff options
| author | Aaron Ball <nullspoon@oper.io> | 2023-03-04 15:07:12 -0700 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2023-03-04 15:07:12 -0700 |
| commit | f19c940859ec2d0feca22f10c8dbcb419c154e46 (patch) | |
| tree | f937fd0cdaeeddd378d677c49a5d2b7790d0275e | |
| parent | 5d652eb46cab242d999db7077ee943462e71c680 (diff) | |
| parent | 98b1a3fb560c8e33c89e9cc644c5ceaa6b243a21 (diff) | |
| download | mkinitramfs-f19c940859ec2d0feca22f10c8dbcb419c154e46.tar.gz mkinitramfs-f19c940859ec2d0feca22f10c8dbcb419c154e46.tar.xz | |
Merge branch 'support-modular-dmcrypt'
| -rwxr-xr-x | init | 16 | ||||
| -rwxr-xr-x | mkinitramfs | 29 |
2 files changed, 28 insertions, 17 deletions
@@ -182,10 +182,12 @@ wait_dev() { # main() { # Mount the /proc and /sys filesystems. - mount -t tmpfs none /run - mount -t devtmpfs none /dev - mount -t sysfs -o nodev,noexec,nosuid sysfs /sys - mount -t proc -o nodev,noexec,nosuid proc /proc + mount -t tmpfs none /run + mount -t sysfs -o nodev,noexec,nosuid sysfs /sys + mount -t proc -o nodev,noexec,nosuid proc /proc + mount -t devtmpfs none /dev + mount -t devpts devpts /dev/pts + mount -t tmpfs shm /dev/shm local fakeroot='/mnt/root' @@ -212,6 +214,12 @@ main() { /bin/bash -i fi + # Modprobe atkbd to ensure user can type password + for i in dm-crypt i8042 atkbd; do + printf 'Loading required module [%s]\n' "${i}" + modprobe "${i}" || printf 'Failed loading %s\n' "${i}" + done + if cryptsetup isLuks "${ROOTDEV}"; then # Set new rootdev location (/dev/mapper/something). This will update it to # the decrypted block device path. diff --git a/mkinitramfs b/mkinitramfs index 69c5289..52e0165 100755 --- a/mkinitramfs +++ b/mkinitramfs @@ -1,6 +1,6 @@ #!/usr/bin/env bash # Mkinitramfs creates a basic init ram fs with encryption support. -# Copyright (C) 2016 Aaron Ball <nullspoon@oper.io> +# Copyright (C) 2023 Aaron Ball <nullspoon@oper.io> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. - # Hash of fully-qualified binaries declare -a fqbins @@ -148,16 +147,21 @@ function cache_dir_setup { function check_crypto_support { [[ -z ${1} ]] && echo "Kernel version required." && exit 1 local version=${1} + local buf='' builtinpath=/lib/modules/${version}/modules.builtin - - # Check for encryption support - if [[ ! $(grep dm-crypt ${builtinpath}) ]]; then - echo -e "\n\nWarning: Static encryption support not found." - echo " Module dm-crypt not found in modules.builtin." - echo "Press enter to continue, or Ctrl+c to exit and resolve." - read - fi + + mkdir -p ${cache}/lib/modules/ + cp -vr "/lib/modules/${version}/" "${cache}/lib/modules/${version}" + + # Strip out kernel modules not required for bootstrapping + for i in virt net sound drivers/gpu drivers/bluetooth drivers/video; do + buf="${cache}/lib/modules/${version}/kernel/${i}" + if [ -d "${buf}" ]; then + printf 'Stripping %s from initramfs\n' "${buf}" + rm -r "${buf:?}" + fi + done } @@ -201,8 +205,8 @@ function main { # List of binaries to exist in the new initramfs resolve_bins \ bash cat echo ls cryptsetup chmod chown mount sleep umount clear cut \ - grep less tr which blkid partprobe reboot shutdown switch_root - + grep less tr which blkid partprobe reboot shutdown switch_root modprobe \ + rmmod # Set up the archive source dir. cache_dir_setup ${cache} @@ -237,5 +241,4 @@ function main { mkcpio ${cache} ${version} } - main ${@} |