summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--TODO1
-rw-r--r--mk/rootfs.mk1
-rw-r--r--package/Config.in1
-rw-r--r--package/Depends.mk1
-rw-r--r--package/Makefile1
-rwxr-xr-xpackage/base-files/extra/start (renamed from package/base-files/extra/init)1
-rw-r--r--package/cryptinit/Config.in6
-rw-r--r--package/cryptinit/Makefile42
-rw-r--r--package/cryptinit/files/initramfs_list17
-rw-r--r--package/cryptinit/src/cryptinit.c469
-rw-r--r--target/Config.in30
-rw-r--r--target/foxboard/kernel.config2
-rw-r--r--target/lemote/Makefile35
-rw-r--r--target/lemote/files/boot/boot.cfg7
-rw-r--r--target/lemote/files/etc/inittab1
-rw-r--r--target/lemote/kernel.config14
-rw-r--r--target/linux/config/Config.in.block11
-rw-r--r--target/linux/config/Config.in.crypto15
-rw-r--r--target/linux/config/Config.in.fs10
-rw-r--r--target/linux/config/Config.in.misc5
-rw-r--r--target/linux/patches/2.6.30.5/startup.patch20
-rw-r--r--target/qemu-cris/kernel.config2
-rw-r--r--target/qemu-mips/kernel.config2
-rw-r--r--target/qemu-mips64/kernel.config2
-rw-r--r--target/qemu-mips64el/kernel.config2
-rw-r--r--target/qemu-mipsel/kernel.config2
-rw-r--r--target/rb411/kernel.config2
-rw-r--r--target/rb433/kernel.config2
-rw-r--r--target/rb532/kernel.config2
-rw-r--r--target/wag54g/kernel.config2
30 files changed, 689 insertions, 19 deletions
diff --git a/TODO b/TODO
index 0726b65f4..59a4092ed 100644
--- a/TODO
+++ b/TODO
@@ -4,7 +4,6 @@
- fix init scripts pidof? vs. killall
- rpath libtool problem fix
- bind isc 9.6.1
-- check mips -mno-abicalls
- check ac_cv_func_setpgrp_void=no
- freebsd build
- win cygwin build
diff --git a/mk/rootfs.mk b/mk/rootfs.mk
index 67f2ec80c..4ab2f71e2 100644
--- a/mk/rootfs.mk
+++ b/mk/rootfs.mk
@@ -19,5 +19,6 @@ $(eval $(call rootfs_template,initramfs,INITRAMFS))
$(eval $(call rootfs_template,squashfs,SQUASHFS))
$(eval $(call rootfs_template,yaffs,YAFFS))
$(eval $(call rootfs_template,nfsroot,NFSROOT,root=/dev/nfs ip=dhcp))
+$(eval $(call rootfs_template,encrypted,ENCRYPTED))
export FS
diff --git a/package/Config.in b/package/Config.in
index a563b9a75..84f66261d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -9,6 +9,7 @@ menu "Basesystem"
source "package/base-files/Config.in"
source "package/busybox/Config.in"
source "package/cfgfs/Config.in"
+source "package/cryptinit/Config.in"
source "package/uclibc/Config.in"
source "package/glibc/Config.in"
source "package/eglibc/Config.in"
diff --git a/package/Depends.mk b/package/Depends.mk
index fc07c3ade..46fab2a02 100644
--- a/package/Depends.mk
+++ b/package/Depends.mk
@@ -16,6 +16,7 @@ cbtt-compile: uclibc++-compile
endif
cbtt-compile: mysql-compile zlib-compile
collectd-compile: libpthread-compile
+cryptinit-compile: cryptsetup-compile
cryptsetup-compile: libgcrypt-compile popt-compile e2fsprogs-compile lvm-compile
ifeq (${ADK_COMPILE_CTORRENT_WITH_UCLIBCXX},y)
ctorrent-compile: uclibc++-compile
diff --git a/package/Makefile b/package/Makefile
index cb96c5adc..92bd53aea 100644
--- a/package/Makefile
+++ b/package/Makefile
@@ -33,6 +33,7 @@ package-$(ADK_COMPILE_AXTLS) += axtls
package-$(ADK_PACKAGE_BASH) += bash
package-$(ADK_COMPILE_BC) += bc
package-$(ADK_PACKAGE_CFGFS) += cfgfs
+package-$(ADK_PACKAGE_CRYPTINIT) += cryptinit
package-$(ADK_PACKAGE_BIGREQSPROTO) += bigreqsproto
package-$(ADK_COMPILE_BIND) += bind
package-$(ADK_PACKAGE_BINUTILS) += binutils
diff --git a/package/base-files/extra/init b/package/base-files/extra/start
index f8021f286..65f33e3d6 100755
--- a/package/base-files/extra/init
+++ b/package/base-files/extra/start
@@ -1,5 +1,4 @@
#!/bin/sh
-echo "Starting system"
export PATH=/bin:/sbin:/usr/bin:/usr/sbin
mount -nt proc proc /proc
size=$(awk '/MemTotal:/ { if ($2 > 16000) { print 4096 } else { print 2048 }}' /proc/meminfo)
diff --git a/package/cryptinit/Config.in b/package/cryptinit/Config.in
new file mode 100644
index 000000000..664186378
--- /dev/null
+++ b/package/cryptinit/Config.in
@@ -0,0 +1,6 @@
+config ADK_PACKAGE_CRYPTINIT
+ prompt "cryptinit............................. crypt initramfs application"
+ tristate
+ default n
+ help
+ For encrypted root filesystems and fast bootup.
diff --git a/package/cryptinit/Makefile b/package/cryptinit/Makefile
new file mode 100644
index 000000000..f186247f7
--- /dev/null
+++ b/package/cryptinit/Makefile
@@ -0,0 +1,42 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include ${TOPDIR}/rules.mk
+
+PKG_NAME:= cryptinit
+PKG_VERSION:= 1.0.2
+PKG_RELEASE:= 1
+PKG_DESCR:= init for encrypted rootfilesystem
+PKG_SECTION:= base
+
+WRKDIST= ${WRKDIR}/${PKG_NAME}-${PKG_VERSION}
+NO_DISTFILES:= 1
+
+include ${TOPDIR}/mk/package.mk
+
+$(eval $(call PKG_template,CRYPTINIT,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
+
+BUILD_STYLE:= manual
+INSTALL_STYLE:= manual
+
+pre-configure:
+ mkdir -p ${WRKBUILD}
+
+do-build:
+ ${TARGET_CC} ${TCPPFLAGS} ${TCFLAGS} -c -o ${WRKBUILD}/cryptinit.o \
+ ./src/cryptinit.c
+ ( cd ${WRKBUILD}; \
+ ${TARGET_CC} -static -o cryptinit cryptinit.o \
+ ${STAGING_DIR}/usr/lib/libcryptsetup.a \
+ -L${STAGING_DIR}/lib -L${STAGING_DIR}/usr/lib \
+ -ldevmapper -lpthread \
+ ${STAGING_DIR}/usr/lib/libgcrypt.a \
+ ${STAGING_DIR}/usr/lib/libgpg-error.a \
+ -luuid -Wl,--rpath -Wl,${STAGING_DIR}/usr/lib \
+ );
+
+do-install:
+ $(CP) ./files/initramfs_list $(LINUX_DIR)
+ $(CP) ${WRKBUILD}/cryptinit $(LINUX_DIR)
+
+include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/cryptinit/files/initramfs_list b/package/cryptinit/files/initramfs_list
new file mode 100644
index 000000000..caa30ece3
--- /dev/null
+++ b/package/cryptinit/files/initramfs_list
@@ -0,0 +1,17 @@
+dir /dev 755 0 0
+dir /dev/mapper 755 0 0
+dir /proc 755 0 0
+dir /sys 755 0 0
+dir /mnt 755 0 0
+nod /dev/console 644 0 0 c 5 1
+nod /dev/tty 660 0 0 c 5 0
+nod /dev/tty0 600 0 0 c 4 0
+nod /dev/sda 644 0 0 b 8 0
+nod /dev/sda1 644 0 0 b 8 1
+nod /dev/sda2 644 0 0 b 8 2
+nod /dev/sda3 644 0 0 b 8 3
+nod /dev/sda4 644 0 0 b 8 4
+nod /dev/null 644 0 0 c 1 3
+nod /dev/mapper/control 644 0 0 c 10 62
+nod /dev/urandom 644 0 0 c 1 9
+file /init ./cryptinit 755 0 0
diff --git a/package/cryptinit/src/cryptinit.c b/package/cryptinit/src/cryptinit.c
new file mode 100644
index 000000000..b0d570846
--- /dev/null
+++ b/package/cryptinit/src/cryptinit.c
@@ -0,0 +1,469 @@
+/*
+ * cryptinit 1.0.2 - setup encrypted root/swap system using LUKS
+ *
+ * Copyright (C) 2009 Waldemar Brodkorb <mail@waldemar-brodkorb.de>
+ * Copyright (C) 2008 Phil Sutter <phil@nwl.cc>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * strongly based on ideas and work from Phil Sutter
+ * http://nwl.cc/cgi-bin/git/gitweb.cgi?p=initramfs-init.git;a=summary
+ * - used with cryptsetup 1.0.6 (needs a small cryptsetup-patch)
+ * - see comment at the end of file for a useful initramfs filelist
+ * - compile and link with following commands to get a static init
+ * gcc -Wall -c -o init.o cryptinit.c
+ * libtool --mode=link --tag=CC gcc -all-static -o init init.o \
+ * /usr/lib/libcryptsetup.la
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <libcryptsetup.h>
+#include <sys/mount.h>
+#include <sys/reboot.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <sys/wait.h>
+
+#define HOSTNAME "linux"
+#define DOMAINNAME "foo.bar"
+
+#define CRYPT_SWAP_DEV "/dev/sda3"
+#define CRYPT_SWAP_NAME "swap"
+#define CRYPT_ROOT_DEV "/dev/sda2"
+#define CRYPT_ROOT_NAME "root"
+
+#define PROCPATH "/proc"
+#define SYSPATH "/sys"
+#define PROCFS "proc"
+#define SYSFS "sysfs"
+
+#define DEF_KERN_CONS "/dev/console"
+#define DEF_KERN_SWAP "/dev/mapper/swap"
+#define DEF_KERN_ROOT_SRC "/dev/mapper/root"
+#define DEF_KERN_ROOT_TGT "/mnt"
+#define DEF_KERN_ROOT_FS "xfs"
+#define DEF_KERN_INIT "/start"
+#define DEF_KERN_RUNLEVEL "3"
+
+#ifndef MS_MOVE
+#define MS_MOVE 8192
+#endif
+
+/* a structure for holding options to mount() a device */
+struct mntopts {
+ char *source;
+ char *target;
+ char *fstype;
+ unsigned long flags;
+};
+
+/* a structure for holding kernel boot parameters */
+struct commandline {
+ struct mntopts root;
+ char *init;
+ char *resume;
+ char *runlevel;
+ ushort do_resume;
+ ushort debug;
+};
+
+struct commandline cmdline;
+
+void debug_printf(const char *format, ...) {
+ va_list params;
+ if(cmdline.debug) {
+ va_start(params, format);
+ vprintf(format, params);
+ va_end(params);
+ }
+}
+
+void debug_msg(const char *s) {
+ if(cmdline.debug)
+ fputs(s, stderr);
+}
+
+void log_msg(const char *s) {
+ fputs(s, stdout);
+}
+
+/* logging function from cryptsetup library */
+static void cmdLineLog(int class, char *msg) {
+ switch(class) {
+ case CRYPT_LOG_NORMAL:
+ debug_msg(msg);
+ break;
+ case CRYPT_LOG_ERROR:
+ debug_msg(msg);
+ break;
+ default:
+ fprintf(stderr, "Internal error for msg: %s", msg);
+ break;
+ }
+}
+
+int switch_root(char *console, char *newroot, char *init, char *initarg) {
+
+ if (chdir(newroot)) {
+ fprintf(stderr,"bad newroot %s\n",newroot);
+ return 1;
+ }
+ /* Overmount / with newdir and chroot into it. The chdir is needed to
+ * recalculate "." and ".." links. */
+ if (mount(".", "/", NULL, MS_MOVE, NULL) || chroot(".") || chdir("/")) {
+ fprintf(stderr,"switch_root: error moving root\n");
+ return 2;
+ }
+
+ /* If a new console specified, redirect stdin/stdout/stderr to that. */
+ if (console) {
+ close(0);
+ if(open(console, O_RDWR) < 0) {
+ fprintf(stderr,"Bad console '%s'\n",console);
+ return 4;
+ }
+ dup2(0, 1);
+ dup2(0, 2);
+ }
+
+ log_msg("Starting Linux from encrypted root disk\n");
+ /* Exec real init. (This is why we must be pid 1.) */
+ execl(init, init, (char *)NULL);
+ fprintf(stderr,"Bad init '%s'\n",init);
+ return 3;
+}
+
+char *read_cmdline(void) {
+ FILE *fp;
+ int linelen, i;
+ char *str;
+
+ if((fp=fopen("/proc/cmdline","r")) == NULL) {
+ perror("fopen()");
+ return NULL;
+ }
+ linelen = 10;
+ str = calloc(linelen, sizeof(char));
+ for(i=0;(str[i]=fgetc(fp)) != EOF; i++) {
+ if(i>linelen-1) {
+ linelen += 10;
+ if((str=realloc(str, linelen)) == NULL) {
+ perror("realloc()");
+ return NULL;
+ }
+ }
+ }
+ str[i-1] = '\0'; /* substitutes \n for \0 */
+ fclose(fp);
+ return str;
+}
+
+int parse_cmdline(char *line) {
+ int tmpnum;
+ char *tmpstr, *lstr, *rstr, *idx;
+ char *invchars[1];
+
+ tmpstr = strtok(line, " ");
+ do {
+ if((idx=strchr(tmpstr, '=')) != NULL) {
+ rstr = idx + 1;
+ idx = '\0';
+ lstr = tmpstr;
+
+ if(!strncmp(lstr, "rootfstype", 10)) {
+ cmdline.root.fstype = rstr;
+
+ } else if(!strncmp(lstr, "root", 4)) {
+ cmdline.root.source = rstr;
+
+ } else if(!strncmp(lstr, "init", 4)) {
+ cmdline.init = rstr;
+
+ } else if(!strncmp(lstr, "resume", 6)) {
+ cmdline.resume = rstr;
+ }
+
+ } else if(!strncmp(tmpstr, "noresume", 8)) {
+ cmdline.do_resume = 0;
+
+ } else if(!strncmp(tmpstr, "debug", 5)) {
+ cmdline.debug=1;
+
+ } else if(strlen(tmpstr) == 1) {
+ tmpnum = (int)strtol(tmpstr, invchars, 10);
+ if(**invchars == '\0' && tmpnum >= 0) {
+ cmdline.runlevel = tmpstr;
+ }
+ } else {
+ if(cmdline.debug)
+ printf("unknown bootparam flag %s\n",tmpstr);
+ }
+ } while((tmpstr = strtok(NULL, " ")) != NULL);
+
+ debug_printf("\n Bootparams scanned:\n");
+ debug_printf("root\t%s\nrootfstype\t%s\ninit\t%s\nresume\t%s\ndo_resume\t%i\n",
+ cmdline.root.source,cmdline.root.fstype,cmdline.init,cmdline.resume,cmdline.do_resume);
+ debug_printf("debug\t%i\nrunlevel\t%s\n\n",
+ cmdline.debug,cmdline.runlevel);
+ return 0;
+}
+
+int get_cmdline() {
+ char *str;
+
+ /* first set some useful defaults */
+ cmdline.root.source = DEF_KERN_ROOT_SRC;
+ cmdline.root.target = DEF_KERN_ROOT_TGT;
+ cmdline.root.fstype = DEF_KERN_ROOT_FS;
+ cmdline.root.flags = MS_RDONLY;
+ cmdline.init = DEF_KERN_INIT;
+ cmdline.resume = DEF_KERN_SWAP;
+ cmdline.do_resume = 1;
+ cmdline.debug = 0;
+ cmdline.runlevel = DEF_KERN_RUNLEVEL;
+
+ /* read out cmdline from /proc */
+ str = read_cmdline();
+
+ /* parse the cmdline */
+ if(parse_cmdline(str))
+ return -1;
+
+ return 0;
+}
+
+void kmsg_log(int level) {
+ FILE *fd;
+
+ debug_msg("Finetune kernel log\n");
+ if((fd = fopen("/proc/sys/kernel/printk", "r+")) == NULL) {
+ perror("fopen()");
+ return;
+ }
+ fprintf(fd, "%d", level);
+ fclose(fd);
+}
+
+void do_resume(void) {
+ FILE *fd;
+
+ debug_msg("Running tuxonice-resume\n");
+ if((fd = fopen("/sys/power/tuxonice/do_resume", "a")) == NULL) {
+ return;
+ }
+ fprintf(fd, "1\n");
+ fclose(fd);
+}
+
+void do_halt(void) {
+ int pid;
+
+ /* run sync just to be sure */
+ sync();
+
+ /* fork to prevent a kernel panic while killing init */
+ if((pid=fork()) == 0) {
+ reboot(0x4321fedc);
+ _exit(0);
+ }
+ waitpid(pid, NULL, 0);
+}
+
+int do_mount(struct mntopts o) {
+ debug_printf("do_mount: mounting %s with fstype %s\n", o.source, o.fstype);
+ if(mount(o.source, o.target, o.fstype, o.flags, NULL)) {
+ perror("mount()");
+ debug_printf("do_mount: mounting %s with fstype %s\n failed", o.source, o.fstype);
+ return errno;
+ }
+ return 0;
+}
+
+int main(void) {
+ char errormsg[100];
+ int i;
+ int wrongpass;
+ char *pass;
+ struct utsname info;
+ int ret;
+ const char hostname[20] = HOSTNAME;
+ const char domainname[20] = DOMAINNAME;
+ struct crypt_options options;
+ struct interface_callbacks cmd_icb;
+
+ struct mntopts mopts[2] = {
+ { "proc", PROCPATH, PROCFS, 0 },
+ { "sysfs", SYSPATH, SYSFS, 0 }
+ };
+
+ /* need to set callback functions, log is required */
+ cmd_icb.yesDialog = NULL;
+ cmd_icb.log = cmdLineLog;
+
+ /* first try to mount needed virtual filesystems */
+ if(do_mount(mopts[0]) || do_mount(mopts[1])) {
+ fprintf(stderr, "Error mounting %s and %s\n",
+ PROCPATH, SYSPATH);
+ exit(errno);
+ }
+
+ /* get kernel command line */
+ if(get_cmdline() == -1) {
+ fprintf(stderr, "Failed to parse kernel commandline\n");
+ exit(errno);
+ }
+
+ /* keep kernel quiet while asking for password */
+ kmsg_log(0);
+
+ /* first unlock swap partition for resume */
+ memset(&options, 0, sizeof(struct crypt_options));
+ options.name = CRYPT_SWAP_NAME;
+ options.device = CRYPT_SWAP_DEV;
+ options.icb = &cmd_icb;
+
+ ret = uname(&info);
+ if (ret < 0)
+ fprintf(stderr, "Error calling uname\n");
+
+ /* security by obscurity */
+ printf("This is %s.%s (Linux %s %s)\n", hostname, domainname, info.machine, info.release);
+ printf("%s login: ", hostname);
+ fflush(stdout);
+ while(getchar() != '\n');
+ /* unlock swap */
+ debug_msg("Unlocking Swap\n");
+ for(i=0; i<3; i++) {
+ /* ask user for password */
+ if((pass=getpass("Password: ")) == NULL) {
+ perror("getpass()");
+ return errno;
+ }
+ options.passphrase = pass;
+ /* try to unlock swap */
+ if((wrongpass=crypt_luksOpen(&options))) {
+ printf("Login incorrect\n");
+ crypt_get_error(errormsg, 99);
+ debug_printf("Error: %s\n", errormsg);
+ } else { /* success */
+ if(i > 0)
+ fprintf(stderr, "%i incorrect attempts\n",i);
+ break;
+ }
+ }
+
+ if(wrongpass) {
+ fprintf(stderr, "Panic - you are not allowed!\n");
+ sleep(3);
+ do_halt();
+ }
+
+ /* try to resume here */
+ if(cmdline.do_resume) {
+ debug_msg("Trying to resume from swap\n");
+ do_resume();
+ debug_msg("Resume failed, starting normal boot\n");
+ }
+
+ /* resume returned, starting normal boot */
+ options.name = CRYPT_ROOT_NAME;
+ options.device = CRYPT_ROOT_DEV;
+
+ /* unlock root device */
+ debug_msg("Unlocking Root\n");
+ if(crypt_luksOpen(&options)) {
+ perror("crypt_luksOpen()");
+ crypt_get_error(errormsg, 99);
+ debug_printf("Error: %s\n", errormsg);
+ }
+
+ /* mount root filesystem */
+ if(do_mount(cmdline.root)) {
+ puts("Error mounting root");
+ exit(errno);
+ }
+
+ kmsg_log(6);
+
+ /* no need for /sys anymore */
+ debug_msg("Unmounting /sys\n");
+ if(umount("/sys"))
+ perror("umount()");
+
+ /* no need for /proc anymore */
+ debug_msg("Unmounting /proc\n");
+ if(umount("/proc"))
+ perror("umount()");
+
+ /* remove password from RAM */
+ memset(pass, 0, strlen(pass)*sizeof(char));
+
+ debug_msg("Switching root\n");
+ switch_root(DEF_KERN_CONS, cmdline.root.target, cmdline.init, cmdline.runlevel);
+
+ return(0);
+}
+/*
+example initramfs file list:
+
+dir /dev 755 0 0
+dir /dev/mapper 755 0 0
+dir /proc 755 0 0
+dir /sys 755 0 0
+dir /mnt 755 0 0
+nod /dev/console 644 0 0 c 5 1
+nod /dev/tty 660 0 0 c 5 0
+nod /dev/tty0 600 0 0 c 4 0
+nod /dev/sda 644 0 0 b 8 0
+nod /dev/sda1 644 0 0 b 8 1
+nod /dev/sda2 644 0 0 b 8 2
+nod /dev/sda3 644 0 0 b 8 3
+nod /dev/sda4 644 0 0 b 8 4
+nod /dev/null 644 0 0 c 1 3
+nod /dev/mapper/control 644 0 0 c 10 62
+nod /dev/urandom 644 0 0 c 1 9
+file /init /usr/src/init 755 0 0
+
+cryptsetup patch:
+
+Index: lib/setup.c
+===================================================================
+--- lib/setup.c (revision 40)
++++ lib/setup.c (working copy)
+@@ -538,10 +538,17 @@
+ start:
+ mk=NULL;
+
+- if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags))
+- tries--;
+- else
+- tries = 0;
++ if(options->passphrase) {
++ password = NULL;
++ password = safe_alloc(512);
++ strcpy(password, options->passphrase);
++ passwordLen = strlen(password);
++ } else {
++ if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags))
++ tries--;
++ else
++ tries = 0;
++ }
+
+ if(!password) {
+ r = -EINVAL; goto out;
+*/
diff --git a/target/Config.in b/target/Config.in
index 2fff7ea52..e40674ad5 100644
--- a/target/Config.in
+++ b/target/Config.in
@@ -361,8 +361,7 @@ config ADK_TARGET_ROOTFS_INITRAMFS
ADK_LINUX_MIPSEL_QEMU || \
ADK_LINUX_MIPS64_QEMU || \
ADK_LINUX_MIPS64EL_QEMU || \
- ADK_LINUX_RESCUE || \
- ADK_LINUX_MIPS64_LEMOTE
+ ADK_LINUX_RESCUE
select ADK_KERNEL_BLK_DEV_INITRD
help
create an read-only initramfs system.
@@ -418,6 +417,33 @@ config ADK_TARGET_ROOTFS_EXT2
select ADK_KERNEL_EXT2_FS
help
Use this option if your rootfs is ext2.
+
+config ADK_TARGET_ROOTFS_ENCRYPTED
+ bool "Encrypted read-write root filesystem"
+ depends on ADK_LINUX_MIPS64_LEMOTE
+ select ADK_LINUX_INITRAMFS_BUILTIN
+ select ADK_PACKAGE_CRYPTINIT
+ select ADK_KERNEL_BLK_DEV_DM
+ select ADK_KERNEL_DM_CRYPT
+ select ADK_KERNEL_CRYPTO_AES
+ select ADK_KERNEL_CRYPTO_CBC
+ select ADK_KERNEL_CRYPTO_SHA256
+ select ADK_KERNEL_XFS_FS
+ help
+ Use this option if you want an encrypted rootfs.
+ Default is XFS filesystem. Use following commands to setup
+ your hard disk, after booting via NFS or USB:
+ cryptsetup luksFormat /dev/sda2
+ cryptsetup luksOpen /dev/sda2 crypt
+ mkfs.xfs /dev/mapper/crypt
+ mount /dev/mapper/crypt /mnt
+ tar xzvf lemote-mips-encryptedroot.tar.gz -C /mnt
+ umount /mnt
+ mount /dev/sda1 /mnt
+ cp lemote-mips-kernel /mnt/
+ mkdir /mnt/boot
+ Create boot.cfg ...
+
endchoice
config ADK_SSP
diff --git a/target/foxboard/kernel.config b/target/foxboard/kernel.config
index 3cd568a60..e4f870878 100644
--- a/target/foxboard/kernel.config
+++ b/target/foxboard/kernel.config
@@ -109,7 +109,7 @@ CONFIG_BINFMT_ELF=y
# CONFIG_HAVE_AOUT is not set
# CONFIG_BINFMT_MISC is not set
CONFIG_GENERIC_HARDIRQS=y
-CONFIG_ETRAX_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_ETRAX_CMDLINE="console=ttyS0,115200"
# CONFIG_ETRAX_WATCHDOG is not set
CONFIG_ETRAX_FAST_TIMER=y
# CONFIG_ETRAX_KMALLOCED_MODULES is not set
diff --git a/target/lemote/Makefile b/target/lemote/Makefile
index 4a4d4b78f..f354ad6a5 100644
--- a/target/lemote/Makefile
+++ b/target/lemote/Makefile
@@ -13,6 +13,15 @@ kernel-install:
$(KERNEL_CROSS)objcopy $(OSTRIP) -S $(LINUX_DIR)/vmlinux \
$(BIN_DIR)/${DEVICE}-${ARCH}-kernel
+createinit:
+ $(SED) 's#^CONFIG_INITRAMFS_SOURCE.*#CONFIG_INITRAMFS_SOURCE="./initramfs_list"#' $(LINUX_DIR)/.config
+ echo 'CONFIG_INITRAMFS_ROOT_UID=0' >> $(LINUX_DIR)/.config
+ echo 'CONFIG_INITRAMFS_ROOT_GID=0' >> $(LINUX_DIR)/.config
+ $(MAKE) -C $(LINUX_DIR) V=0 CROSS_COMPILE="$(KERNEL_CROSS)" ARCH=$(ARCH) \
+ CC="$(TARGET_CC)" $(MAKE_TRACE)
+ $(CP) $(LINUX_DIR)/arch/mips/loongson/image/vmlinuz \
+ $(BIN_DIR)/${DEVICE}-${ARCH}-kernel
+
ifeq ($(FS),nfsroot)
imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL)
@echo 'The kernel file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel'
@@ -22,6 +31,32 @@ imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL)
@echo 'PMON> load tftp://<ip-address-server>/lemote-mips-kernel'
@echo 'PMON> g no_auto_cmd root=/dev/nfs ip=dhcp init=/init'
endif
+ifeq ($(FS),encrypted)
+imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) createinit
+ @echo 'The kernel+cryptinit file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel'
+ @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL),"
+ @echo 'Boot your lemote via NFS or USB.'
+ @echo 'Then create at least three partitions with fdisk:'
+ @echo '/dev/sda1 (ext2)'
+ @echo '/dev/sda2 (encrypted root)'
+ @echo '/dev/sda3 (swap)'
+ @echo 'mkdir /mnt/{boot,root}'
+ @echo 'mke2fs /dev/sda1'
+ @echo 'mkfs.xfs /dev/sda2'
+ @echo 'cryptsetup luksFormat /dev/sda2'
+ @echo 'cryptsetup luksFormat /dev/sda3'
+ @echo 'cryptsetup luksOpen /dev/sda2 crypt'
+ @echo 'mount /dev/sda1 /mnt/boot'
+ @echo 'mount /dev/mapper/crypt /mnt/root'
+ @echo 'mkdir /mnt/boot/boot'
+ @echo
+ @echo 'Copy $(ROOTFSTARBALL) via scp to /mnt/root and extract it'
+ @echo 'cd /mnt/root ; gunzip $(ROOTFSTARBALL); tar xpvf $(ROOTFSTARBALL)'
+ @echo 'Copy ${DEVICE}-${ARCH}-kernel via scp to /mnt/boot/boot'
+ @echo 'Move boot.cfg to /mnt/boot/boot'
+ @echo 'mv /mnt/root/boot/boot.cfg /mnt/boot/boot'
+ @echo 'cd /mnt/root ; mknod -m 644 console c 5 1'
+endif
ifeq ($(FS),initramfs)
imageinstall: $(BIN_DIR)/$(INITRAMFS)
@echo 'The kernel file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel'
diff --git a/target/lemote/files/boot/boot.cfg b/target/lemote/files/boot/boot.cfg
new file mode 100644
index 000000000..63f740928
--- /dev/null
+++ b/target/lemote/files/boot/boot.cfg
@@ -0,0 +1,7 @@
+timeout 4
+default 0
+showmenu 1
+
+title Linux
+ kernel /dev/fs/ext2@wd0/boot/lemote-mips-kernel
+ args no_auto_cmd root=/dev/mapper/root resume=/dev/mapper/swap
diff --git a/target/lemote/files/etc/inittab b/target/lemote/files/etc/inittab
index b6dd0bd3b..f14e0d568 100644
--- a/target/lemote/files/etc/inittab
+++ b/target/lemote/files/etc/inittab
@@ -1,4 +1,3 @@
::sysinit:/etc/init.d/rcS
::shutdown:/etc/init.d/rcK
-tty::respawn:/sbin/getty -i -L tty 115200 vt100
tty1::respawn:/sbin/getty -i -L tty1 115200 vt100
diff --git a/target/lemote/kernel.config b/target/lemote/kernel.config
index a1fc83cc1..95d638ee4 100644
--- a/target/lemote/kernel.config
+++ b/target/lemote/kernel.config
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.30.5
-# Sat Aug 22 13:14:36 2009
+# Sat Aug 22 17:10:45 2009
#
CONFIG_MIPS=y
@@ -185,9 +185,9 @@ CONFIG_LOCALVERSION=""
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
CONFIG_HAVE_KERNEL_LZMA=y
-CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_GZIP is not set
# CONFIG_KERNEL_BZIP2 is not set
-# CONFIG_KERNEL_LZMA is not set
+CONFIG_KERNEL_LZMA=y
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
@@ -212,7 +212,11 @@ CONFIG_LOG_BUF_SHIFT=15
# CONFIG_SYSFS_DEPRECATED_V2 is not set
# CONFIG_RELAY is not set
# CONFIG_NAMESPACES is not set
-# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_INITRAMFS_SOURCE=""
+# CONFIG_RD_GZIP is not set
+# CONFIG_RD_BZIP2 is not set
+CONFIG_RD_LZMA=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
@@ -272,6 +276,7 @@ CONFIG_DEFAULT_AS=y
# CONFIG_DEFAULT_CFQ is not set
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="anticipatory"
+# CONFIG_PROBE_INITRD_HEADER is not set
CONFIG_FREEZER=y
#
@@ -1240,6 +1245,7 @@ CONFIG_GENERIC_FIND_LAST_BIT=y
CONFIG_CRC32=y
# CONFIG_CRC7 is not set
# CONFIG_LIBCRC32C is not set
+CONFIG_DECOMPRESS_LZMA=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
diff --git a/target/linux/config/Config.in.block b/target/linux/config/Config.in.block
index 5ceacf608..15c3f27d6 100644
--- a/target/linux/config/Config.in.block
+++ b/target/linux/config/Config.in.block
@@ -40,6 +40,15 @@ config ADK_KERNEL_BLK_DEV_SD
boolean
default n
+config ADK_KERNEL_DM_CRYPT
+ boolean
+ default n
+
+config ADK_KERNEL_BLK_DEV_DM
+ select ADK_KERNEL_MD
+ boolean
+ default n
+
#config ADK_KERNEL_IDE
# boolean
# default n
@@ -206,6 +215,7 @@ config ADK_KPACKAGE_KMOD_MD_RAID456
config ADK_KPACKAGE_KMOD_BLK_DEV_DM
prompt "kmod-dm........................... Device Mapper support"
select ADK_KERNEL_MD
+ depends on !ADK_KERNEL_BLK_DEV_DM
tristate
help
Device-mapper is a low level volume manager. It works by allowing
@@ -218,6 +228,7 @@ config ADK_KPACKAGE_KMOD_BLK_DEV_DM
config ADK_KPACKAGE_KMOD_DM_CRYPT
prompt "kmod-dm-crypt................... Crypt target support"
depends on ADK_KPACKAGE_KMOD_BLK_DEV_DM
+ depends on !ADK_KERNEL_DM_CRYPT
select ADK_KERNEL_MD
select ADK_KERNEL_CRYPTO
select ADK_KPACKAGE_KMOD_CRYPTO_CBC
diff --git a/target/linux/config/Config.in.crypto b/target/linux/config/Config.in.crypto
index 8a7b534ca..2b90a6028 100644
--- a/target/linux/config/Config.in.crypto
+++ b/target/linux/config/Config.in.crypto
@@ -22,6 +22,18 @@ config ADK_KERNEL_OCF_OCF
select ADK_KERNEL_OCF_FIPS
select ADK_KERNEL_OCF_CRYPTODEV
+config ADK_KERNEL_CRYPTO_AES
+ boolean
+ default n
+
+config ADK_KERNEL_CRYPTO_SHA256
+ boolean
+ default n
+
+config ADK_KERNEL_CRYPTO_CBC
+ boolean
+ default n
+
comment "Hardware cryptography"
menu "Hardware crypto devices"
@@ -136,6 +148,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER
config ADK_KPACKAGE_KMOD_CRYPTO_CBC
prompt "kmod-crypto-cbc...................... CBC support"
tristate
+ depends on !ADK_KERNEL_CRYPTO_CBC
select ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER
select ADK_KPACKAGE_KMOD_CRYPTO_MANAGER
default n
@@ -205,6 +218,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_SHA256
prompt "kmod-crypto-sha256................... SHA256 digest algorithm"
tristate
default n
+ depends on !ADK_KERNEL_CRYPTO_SHA256
select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI
select ADK_KPACKAGE_KMOD_CRYPTO_HASH
help
@@ -267,6 +281,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_AES
prompt "kmod-crypto-aes...................... AES cipher algorithms"
tristate
default n
+ depends on !ADK_KERNEL_CRYPTO_AES
select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI
help
AES cipher algorithms (FIPS-197). AES uses the Rijndael
diff --git a/target/linux/config/Config.in.fs b/target/linux/config/Config.in.fs
index 5b96e96ce..7d6a849ef 100644
--- a/target/linux/config/Config.in.fs
+++ b/target/linux/config/Config.in.fs
@@ -121,10 +121,20 @@ config ADK_KPACKAGE_KMOD_VFAT_FS
The VFAT support enlarges your kernel by about 10 KB Please read the
file <file:Documentation/filesystems/vfat.txt> for details.
+config ADK_KERNEL_EXPORTFS
+ boolean
+ default n
+
+config ADK_KERNEL_XFS_FS
+ boolean
+ select ADK_KERNEL_EXPORTFS
+ default n
+
config ADK_KPACKAGE_KMOD_XFS_FS
prompt "kmod-fs-xfs....................... XFS filesystem support"
tristate
select ADK_KPACKAGE_KMOD_EXPORTFS
+ depends on !ADK_KERNEL_XFS_FS
default n
help
XFS is a high performance journaling filesystem which originated
diff --git a/target/linux/config/Config.in.misc b/target/linux/config/Config.in.misc
index eea6ccc38..d0716cf57 100644
--- a/target/linux/config/Config.in.misc
+++ b/target/linux/config/Config.in.misc
@@ -1,3 +1,8 @@
+config ADK_LINUX_INITRAMFS_BUILTIN
+ select ADK_KERNEL_BLK_DEV_INITRD
+ boolean
+ default n
+
menu "Miscellaneous devices support"
source target/linux/config/Config.in.leds
diff --git a/target/linux/patches/2.6.30.5/startup.patch b/target/linux/patches/2.6.30.5/startup.patch
new file mode 100644
index 000000000..1ef9a3d10
--- /dev/null
+++ b/target/linux/patches/2.6.30.5/startup.patch
@@ -0,0 +1,20 @@
+diff -Nur linux-2.6.30.5.orig/init/main.c linux-2.6.30.5/init/main.c
+--- linux-2.6.30.5.orig/init/main.c 2009-08-16 23:19:38.000000000 +0200
++++ linux-2.6.30.5/init/main.c 2009-08-22 20:26:39.000000000 +0200
+@@ -811,7 +811,7 @@
+ numa_default_policy();
+
+ if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
+- printk(KERN_WARNING "Warning: unable to open an initial console.\n");
++ printk(KERN_WARNING "Starting Linux (build with OpenADK)");
+
+ (void) sys_dup(0);
+ (void) sys_dup(0);
+@@ -835,6 +835,7 @@
+ printk(KERN_WARNING "Failed to execute %s. Attempting "
+ "defaults...\n", execute_command);
+ }
++ run_init_process("/start");
+ run_init_process("/sbin/init");
+ run_init_process("/etc/init");
+ run_init_process("/bin/init");
diff --git a/target/qemu-cris/kernel.config b/target/qemu-cris/kernel.config
index 3bae4c94b..07e09d533 100644
--- a/target/qemu-cris/kernel.config
+++ b/target/qemu-cris/kernel.config
@@ -110,7 +110,7 @@ CONFIG_BINFMT_ELF=y
# CONFIG_HAVE_AOUT is not set
# CONFIG_BINFMT_MISC is not set
CONFIG_GENERIC_HARDIRQS=y
-CONFIG_ETRAX_CMDLINE="console=ttyS0,115200 init=/init"
+CONFIG_ETRAX_CMDLINE="console=ttyS0,115200"
# CONFIG_ETRAX_WATCHDOG is not set
CONFIG_ETRAX_FAST_TIMER=y
# CONFIG_ETRAX_KMALLOCED_MODULES is not set
diff --git a/target/qemu-mips/kernel.config b/target/qemu-mips/kernel.config
index d88cbf633..3a08ae870 100644
--- a/target/qemu-mips/kernel.config
+++ b/target/qemu-mips/kernel.config
@@ -889,7 +889,7 @@ CONFIG_MAGIC_SYSRQ=y
# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
#
# Security options
diff --git a/target/qemu-mips64/kernel.config b/target/qemu-mips64/kernel.config
index b92d60f06..2cd7908a5 100644
--- a/target/qemu-mips64/kernel.config
+++ b/target/qemu-mips64/kernel.config
@@ -898,7 +898,7 @@ CONFIG_TRACING_SUPPORT=y
# CONFIG_BLK_DEV_IO_TRACE is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
#
# Security options
diff --git a/target/qemu-mips64el/kernel.config b/target/qemu-mips64el/kernel.config
index 387efabbf..c2c1ca58a 100644
--- a/target/qemu-mips64el/kernel.config
+++ b/target/qemu-mips64el/kernel.config
@@ -891,7 +891,7 @@ CONFIG_MAGIC_SYSRQ=y
# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
#
# Security options
diff --git a/target/qemu-mipsel/kernel.config b/target/qemu-mipsel/kernel.config
index 8a78fd922..3f4026e9e 100644
--- a/target/qemu-mipsel/kernel.config
+++ b/target/qemu-mipsel/kernel.config
@@ -889,7 +889,7 @@ CONFIG_MAGIC_SYSRQ=y
# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
#
# Security options
diff --git a/target/rb411/kernel.config b/target/rb411/kernel.config
index e3da44dd8..489e39c54 100644
--- a/target/rb411/kernel.config
+++ b/target/rb411/kernel.config
@@ -917,7 +917,7 @@ CONFIG_MAGIC_SYSRQ=y
# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_CMDLINE="console=ttyS0,115200"
#
# Security options
diff --git a/target/rb433/kernel.config b/target/rb433/kernel.config
index faebe6b39..c212743a8 100644
--- a/target/rb433/kernel.config
+++ b/target/rb433/kernel.config
@@ -918,7 +918,7 @@ CONFIG_MAGIC_SYSRQ=y
# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_CMDLINE="console=ttyS0,115200"
#
# Security options
diff --git a/target/rb532/kernel.config b/target/rb532/kernel.config
index b5a78d466..7516f64e4 100644
--- a/target/rb532/kernel.config
+++ b/target/rb532/kernel.config
@@ -930,7 +930,7 @@ CONFIG_TRACING_SUPPORT=y
# CONFIG_BLK_DEV_IO_TRACE is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_CMDLINE="console=ttyS0,115200"
#
# Security options
diff --git a/target/wag54g/kernel.config b/target/wag54g/kernel.config
index 8949aa612..eec4f9e43 100644
--- a/target/wag54g/kernel.config
+++ b/target/wag54g/kernel.config
@@ -760,7 +760,7 @@ CONFIG_MAGIC_SYSRQ=y
# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0"
+CONFIG_CMDLINE="console=ttyS0"
#
# Security options