diff options
30 files changed, 689 insertions, 19 deletions
@@ -4,7 +4,6 @@ - fix init scripts pidof? vs. killall - rpath libtool problem fix - bind isc 9.6.1 -- check mips -mno-abicalls - check ac_cv_func_setpgrp_void=no - freebsd build - win cygwin build diff --git a/mk/rootfs.mk b/mk/rootfs.mk index 67f2ec80c..4ab2f71e2 100644 --- a/mk/rootfs.mk +++ b/mk/rootfs.mk @@ -19,5 +19,6 @@ $(eval $(call rootfs_template,initramfs,INITRAMFS)) $(eval $(call rootfs_template,squashfs,SQUASHFS)) $(eval $(call rootfs_template,yaffs,YAFFS)) $(eval $(call rootfs_template,nfsroot,NFSROOT,root=/dev/nfs ip=dhcp)) +$(eval $(call rootfs_template,encrypted,ENCRYPTED)) export FS diff --git a/package/Config.in b/package/Config.in index a563b9a75..84f66261d 100644 --- a/package/Config.in +++ b/package/Config.in @@ -9,6 +9,7 @@ menu "Basesystem" source "package/base-files/Config.in" source "package/busybox/Config.in" source "package/cfgfs/Config.in" +source "package/cryptinit/Config.in" source "package/uclibc/Config.in" source "package/glibc/Config.in" source "package/eglibc/Config.in" diff --git a/package/Depends.mk b/package/Depends.mk index fc07c3ade..46fab2a02 100644 --- a/package/Depends.mk +++ b/package/Depends.mk @@ -16,6 +16,7 @@ cbtt-compile: uclibc++-compile endif cbtt-compile: mysql-compile zlib-compile collectd-compile: libpthread-compile +cryptinit-compile: cryptsetup-compile cryptsetup-compile: libgcrypt-compile popt-compile e2fsprogs-compile lvm-compile ifeq (${ADK_COMPILE_CTORRENT_WITH_UCLIBCXX},y) ctorrent-compile: uclibc++-compile diff --git a/package/Makefile b/package/Makefile index cb96c5adc..92bd53aea 100644 --- a/package/Makefile +++ b/package/Makefile @@ -33,6 +33,7 @@ package-$(ADK_COMPILE_AXTLS) += axtls package-$(ADK_PACKAGE_BASH) += bash package-$(ADK_COMPILE_BC) += bc package-$(ADK_PACKAGE_CFGFS) += cfgfs +package-$(ADK_PACKAGE_CRYPTINIT) += cryptinit package-$(ADK_PACKAGE_BIGREQSPROTO) += bigreqsproto package-$(ADK_COMPILE_BIND) += bind package-$(ADK_PACKAGE_BINUTILS) += binutils diff --git a/package/base-files/extra/init b/package/base-files/extra/start index f8021f286..65f33e3d6 100755 --- a/package/base-files/extra/init +++ b/package/base-files/extra/start @@ -1,5 +1,4 @@ #!/bin/sh -echo "Starting system" export PATH=/bin:/sbin:/usr/bin:/usr/sbin mount -nt proc proc /proc size=$(awk '/MemTotal:/ { if ($2 > 16000) { print 4096 } else { print 2048 }}' /proc/meminfo) diff --git a/package/cryptinit/Config.in b/package/cryptinit/Config.in new file mode 100644 index 000000000..664186378 --- /dev/null +++ b/package/cryptinit/Config.in @@ -0,0 +1,6 @@ +config ADK_PACKAGE_CRYPTINIT + prompt "cryptinit............................. crypt initramfs application" + tristate + default n + help + For encrypted root filesystems and fast bootup. diff --git a/package/cryptinit/Makefile b/package/cryptinit/Makefile new file mode 100644 index 000000000..f186247f7 --- /dev/null +++ b/package/cryptinit/Makefile @@ -0,0 +1,42 @@ +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include ${TOPDIR}/rules.mk + +PKG_NAME:= cryptinit +PKG_VERSION:= 1.0.2 +PKG_RELEASE:= 1 +PKG_DESCR:= init for encrypted rootfilesystem +PKG_SECTION:= base + +WRKDIST= ${WRKDIR}/${PKG_NAME}-${PKG_VERSION} +NO_DISTFILES:= 1 + +include ${TOPDIR}/mk/package.mk + +$(eval $(call PKG_template,CRYPTINIT,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) + +BUILD_STYLE:= manual +INSTALL_STYLE:= manual + +pre-configure: + mkdir -p ${WRKBUILD} + +do-build: + ${TARGET_CC} ${TCPPFLAGS} ${TCFLAGS} -c -o ${WRKBUILD}/cryptinit.o \ + ./src/cryptinit.c + ( cd ${WRKBUILD}; \ + ${TARGET_CC} -static -o cryptinit cryptinit.o \ + ${STAGING_DIR}/usr/lib/libcryptsetup.a \ + -L${STAGING_DIR}/lib -L${STAGING_DIR}/usr/lib \ + -ldevmapper -lpthread \ + ${STAGING_DIR}/usr/lib/libgcrypt.a \ + ${STAGING_DIR}/usr/lib/libgpg-error.a \ + -luuid -Wl,--rpath -Wl,${STAGING_DIR}/usr/lib \ + ); + +do-install: + $(CP) ./files/initramfs_list $(LINUX_DIR) + $(CP) ${WRKBUILD}/cryptinit $(LINUX_DIR) + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/cryptinit/files/initramfs_list b/package/cryptinit/files/initramfs_list new file mode 100644 index 000000000..caa30ece3 --- /dev/null +++ b/package/cryptinit/files/initramfs_list @@ -0,0 +1,17 @@ +dir /dev 755 0 0 +dir /dev/mapper 755 0 0 +dir /proc 755 0 0 +dir /sys 755 0 0 +dir /mnt 755 0 0 +nod /dev/console 644 0 0 c 5 1 +nod /dev/tty 660 0 0 c 5 0 +nod /dev/tty0 600 0 0 c 4 0 +nod /dev/sda 644 0 0 b 8 0 +nod /dev/sda1 644 0 0 b 8 1 +nod /dev/sda2 644 0 0 b 8 2 +nod /dev/sda3 644 0 0 b 8 3 +nod /dev/sda4 644 0 0 b 8 4 +nod /dev/null 644 0 0 c 1 3 +nod /dev/mapper/control 644 0 0 c 10 62 +nod /dev/urandom 644 0 0 c 1 9 +file /init ./cryptinit 755 0 0 diff --git a/package/cryptinit/src/cryptinit.c b/package/cryptinit/src/cryptinit.c new file mode 100644 index 000000000..b0d570846 --- /dev/null +++ b/package/cryptinit/src/cryptinit.c @@ -0,0 +1,469 @@ +/* + * cryptinit 1.0.2 - setup encrypted root/swap system using LUKS + * + * Copyright (C) 2009 Waldemar Brodkorb <mail@waldemar-brodkorb.de> + * Copyright (C) 2008 Phil Sutter <phil@nwl.cc> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * strongly based on ideas and work from Phil Sutter + * http://nwl.cc/cgi-bin/git/gitweb.cgi?p=initramfs-init.git;a=summary + * - used with cryptsetup 1.0.6 (needs a small cryptsetup-patch) + * - see comment at the end of file for a useful initramfs filelist + * - compile and link with following commands to get a static init + * gcc -Wall -c -o init.o cryptinit.c + * libtool --mode=link --tag=CC gcc -all-static -o init init.o \ + * /usr/lib/libcryptsetup.la + */ + +#include <errno.h> +#include <fcntl.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <libcryptsetup.h> +#include <sys/mount.h> +#include <sys/reboot.h> +#include <sys/types.h> +#include <sys/utsname.h> +#include <sys/wait.h> + +#define HOSTNAME "linux" +#define DOMAINNAME "foo.bar" + +#define CRYPT_SWAP_DEV "/dev/sda3" +#define CRYPT_SWAP_NAME "swap" +#define CRYPT_ROOT_DEV "/dev/sda2" +#define CRYPT_ROOT_NAME "root" + +#define PROCPATH "/proc" +#define SYSPATH "/sys" +#define PROCFS "proc" +#define SYSFS "sysfs" + +#define DEF_KERN_CONS "/dev/console" +#define DEF_KERN_SWAP "/dev/mapper/swap" +#define DEF_KERN_ROOT_SRC "/dev/mapper/root" +#define DEF_KERN_ROOT_TGT "/mnt" +#define DEF_KERN_ROOT_FS "xfs" +#define DEF_KERN_INIT "/start" +#define DEF_KERN_RUNLEVEL "3" + +#ifndef MS_MOVE +#define MS_MOVE 8192 +#endif + +/* a structure for holding options to mount() a device */ +struct mntopts { + char *source; + char *target; + char *fstype; + unsigned long flags; +}; + +/* a structure for holding kernel boot parameters */ +struct commandline { + struct mntopts root; + char *init; + char *resume; + char *runlevel; + ushort do_resume; + ushort debug; +}; + +struct commandline cmdline; + +void debug_printf(const char *format, ...) { + va_list params; + if(cmdline.debug) { + va_start(params, format); + vprintf(format, params); + va_end(params); + } +} + +void debug_msg(const char *s) { + if(cmdline.debug) + fputs(s, stderr); +} + +void log_msg(const char *s) { + fputs(s, stdout); +} + +/* logging function from cryptsetup library */ +static void cmdLineLog(int class, char *msg) { + switch(class) { + case CRYPT_LOG_NORMAL: + debug_msg(msg); + break; + case CRYPT_LOG_ERROR: + debug_msg(msg); + break; + default: + fprintf(stderr, "Internal error for msg: %s", msg); + break; + } +} + +int switch_root(char *console, char *newroot, char *init, char *initarg) { + + if (chdir(newroot)) { + fprintf(stderr,"bad newroot %s\n",newroot); + return 1; + } + /* Overmount / with newdir and chroot into it. The chdir is needed to + * recalculate "." and ".." links. */ + if (mount(".", "/", NULL, MS_MOVE, NULL) || chroot(".") || chdir("/")) { + fprintf(stderr,"switch_root: error moving root\n"); + return 2; + } + + /* If a new console specified, redirect stdin/stdout/stderr to that. */ + if (console) { + close(0); + if(open(console, O_RDWR) < 0) { + fprintf(stderr,"Bad console '%s'\n",console); + return 4; + } + dup2(0, 1); + dup2(0, 2); + } + + log_msg("Starting Linux from encrypted root disk\n"); + /* Exec real init. (This is why we must be pid 1.) */ + execl(init, init, (char *)NULL); + fprintf(stderr,"Bad init '%s'\n",init); + return 3; +} + +char *read_cmdline(void) { + FILE *fp; + int linelen, i; + char *str; + + if((fp=fopen("/proc/cmdline","r")) == NULL) { + perror("fopen()"); + return NULL; + } + linelen = 10; + str = calloc(linelen, sizeof(char)); + for(i=0;(str[i]=fgetc(fp)) != EOF; i++) { + if(i>linelen-1) { + linelen += 10; + if((str=realloc(str, linelen)) == NULL) { + perror("realloc()"); + return NULL; + } + } + } + str[i-1] = '\0'; /* substitutes \n for \0 */ + fclose(fp); + return str; +} + +int parse_cmdline(char *line) { + int tmpnum; + char *tmpstr, *lstr, *rstr, *idx; + char *invchars[1]; + + tmpstr = strtok(line, " "); + do { + if((idx=strchr(tmpstr, '=')) != NULL) { + rstr = idx + 1; + idx = '\0'; + lstr = tmpstr; + + if(!strncmp(lstr, "rootfstype", 10)) { + cmdline.root.fstype = rstr; + + } else if(!strncmp(lstr, "root", 4)) { + cmdline.root.source = rstr; + + } else if(!strncmp(lstr, "init", 4)) { + cmdline.init = rstr; + + } else if(!strncmp(lstr, "resume", 6)) { + cmdline.resume = rstr; + } + + } else if(!strncmp(tmpstr, "noresume", 8)) { + cmdline.do_resume = 0; + + } else if(!strncmp(tmpstr, "debug", 5)) { + cmdline.debug=1; + + } else if(strlen(tmpstr) == 1) { + tmpnum = (int)strtol(tmpstr, invchars, 10); + if(**invchars == '\0' && tmpnum >= 0) { + cmdline.runlevel = tmpstr; + } + } else { + if(cmdline.debug) + printf("unknown bootparam flag %s\n",tmpstr); + } + } while((tmpstr = strtok(NULL, " ")) != NULL); + + debug_printf("\n Bootparams scanned:\n"); + debug_printf("root\t%s\nrootfstype\t%s\ninit\t%s\nresume\t%s\ndo_resume\t%i\n", + cmdline.root.source,cmdline.root.fstype,cmdline.init,cmdline.resume,cmdline.do_resume); + debug_printf("debug\t%i\nrunlevel\t%s\n\n", + cmdline.debug,cmdline.runlevel); + return 0; +} + +int get_cmdline() { + char *str; + + /* first set some useful defaults */ + cmdline.root.source = DEF_KERN_ROOT_SRC; + cmdline.root.target = DEF_KERN_ROOT_TGT; + cmdline.root.fstype = DEF_KERN_ROOT_FS; + cmdline.root.flags = MS_RDONLY; + cmdline.init = DEF_KERN_INIT; + cmdline.resume = DEF_KERN_SWAP; + cmdline.do_resume = 1; + cmdline.debug = 0; + cmdline.runlevel = DEF_KERN_RUNLEVEL; + + /* read out cmdline from /proc */ + str = read_cmdline(); + + /* parse the cmdline */ + if(parse_cmdline(str)) + return -1; + + return 0; +} + +void kmsg_log(int level) { + FILE *fd; + + debug_msg("Finetune kernel log\n"); + if((fd = fopen("/proc/sys/kernel/printk", "r+")) == NULL) { + perror("fopen()"); + return; + } + fprintf(fd, "%d", level); + fclose(fd); +} + +void do_resume(void) { + FILE *fd; + + debug_msg("Running tuxonice-resume\n"); + if((fd = fopen("/sys/power/tuxonice/do_resume", "a")) == NULL) { + return; + } + fprintf(fd, "1\n"); + fclose(fd); +} + +void do_halt(void) { + int pid; + + /* run sync just to be sure */ + sync(); + + /* fork to prevent a kernel panic while killing init */ + if((pid=fork()) == 0) { + reboot(0x4321fedc); + _exit(0); + } + waitpid(pid, NULL, 0); +} + +int do_mount(struct mntopts o) { + debug_printf("do_mount: mounting %s with fstype %s\n", o.source, o.fstype); + if(mount(o.source, o.target, o.fstype, o.flags, NULL)) { + perror("mount()"); + debug_printf("do_mount: mounting %s with fstype %s\n failed", o.source, o.fstype); + return errno; + } + return 0; +} + +int main(void) { + char errormsg[100]; + int i; + int wrongpass; + char *pass; + struct utsname info; + int ret; + const char hostname[20] = HOSTNAME; + const char domainname[20] = DOMAINNAME; + struct crypt_options options; + struct interface_callbacks cmd_icb; + + struct mntopts mopts[2] = { + { "proc", PROCPATH, PROCFS, 0 }, + { "sysfs", SYSPATH, SYSFS, 0 } + }; + + /* need to set callback functions, log is required */ + cmd_icb.yesDialog = NULL; + cmd_icb.log = cmdLineLog; + + /* first try to mount needed virtual filesystems */ + if(do_mount(mopts[0]) || do_mount(mopts[1])) { + fprintf(stderr, "Error mounting %s and %s\n", + PROCPATH, SYSPATH); + exit(errno); + } + + /* get kernel command line */ + if(get_cmdline() == -1) { + fprintf(stderr, "Failed to parse kernel commandline\n"); + exit(errno); + } + + /* keep kernel quiet while asking for password */ + kmsg_log(0); + + /* first unlock swap partition for resume */ + memset(&options, 0, sizeof(struct crypt_options)); + options.name = CRYPT_SWAP_NAME; + options.device = CRYPT_SWAP_DEV; + options.icb = &cmd_icb; + + ret = uname(&info); + if (ret < 0) + fprintf(stderr, "Error calling uname\n"); + + /* security by obscurity */ + printf("This is %s.%s (Linux %s %s)\n", hostname, domainname, info.machine, info.release); + printf("%s login: ", hostname); + fflush(stdout); + while(getchar() != '\n'); + /* unlock swap */ + debug_msg("Unlocking Swap\n"); + for(i=0; i<3; i++) { + /* ask user for password */ + if((pass=getpass("Password: ")) == NULL) { + perror("getpass()"); + return errno; + } + options.passphrase = pass; + /* try to unlock swap */ + if((wrongpass=crypt_luksOpen(&options))) { + printf("Login incorrect\n"); + crypt_get_error(errormsg, 99); + debug_printf("Error: %s\n", errormsg); + } else { /* success */ + if(i > 0) + fprintf(stderr, "%i incorrect attempts\n",i); + break; + } + } + + if(wrongpass) { + fprintf(stderr, "Panic - you are not allowed!\n"); + sleep(3); + do_halt(); + } + + /* try to resume here */ + if(cmdline.do_resume) { + debug_msg("Trying to resume from swap\n"); + do_resume(); + debug_msg("Resume failed, starting normal boot\n"); + } + + /* resume returned, starting normal boot */ + options.name = CRYPT_ROOT_NAME; + options.device = CRYPT_ROOT_DEV; + + /* unlock root device */ + debug_msg("Unlocking Root\n"); + if(crypt_luksOpen(&options)) { + perror("crypt_luksOpen()"); + crypt_get_error(errormsg, 99); + debug_printf("Error: %s\n", errormsg); + } + + /* mount root filesystem */ + if(do_mount(cmdline.root)) { + puts("Error mounting root"); + exit(errno); + } + + kmsg_log(6); + + /* no need for /sys anymore */ + debug_msg("Unmounting /sys\n"); + if(umount("/sys")) + perror("umount()"); + + /* no need for /proc anymore */ + debug_msg("Unmounting /proc\n"); + if(umount("/proc")) + perror("umount()"); + + /* remove password from RAM */ + memset(pass, 0, strlen(pass)*sizeof(char)); + + debug_msg("Switching root\n"); + switch_root(DEF_KERN_CONS, cmdline.root.target, cmdline.init, cmdline.runlevel); + + return(0); +} +/* +example initramfs file list: + +dir /dev 755 0 0 +dir /dev/mapper 755 0 0 +dir /proc 755 0 0 +dir /sys 755 0 0 +dir /mnt 755 0 0 +nod /dev/console 644 0 0 c 5 1 +nod /dev/tty 660 0 0 c 5 0 +nod /dev/tty0 600 0 0 c 4 0 +nod /dev/sda 644 0 0 b 8 0 +nod /dev/sda1 644 0 0 b 8 1 +nod /dev/sda2 644 0 0 b 8 2 +nod /dev/sda3 644 0 0 b 8 3 +nod /dev/sda4 644 0 0 b 8 4 +nod /dev/null 644 0 0 c 1 3 +nod /dev/mapper/control 644 0 0 c 10 62 +nod /dev/urandom 644 0 0 c 1 9 +file /init /usr/src/init 755 0 0 + +cryptsetup patch: + +Index: lib/setup.c +=================================================================== +--- lib/setup.c (revision 40) ++++ lib/setup.c (working copy) +@@ -538,10 +538,17 @@ + start: + mk=NULL; + +- if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags)) +- tries--; +- else +- tries = 0; ++ if(options->passphrase) { ++ password = NULL; ++ password = safe_alloc(512); ++ strcpy(password, options->passphrase); ++ passwordLen = strlen(password); ++ } else { ++ if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags)) ++ tries--; ++ else ++ tries = 0; ++ } + + if(!password) { + r = -EINVAL; goto out; +*/ diff --git a/target/Config.in b/target/Config.in index 2fff7ea52..e40674ad5 100644 --- a/target/Config.in +++ b/target/Config.in @@ -361,8 +361,7 @@ config ADK_TARGET_ROOTFS_INITRAMFS ADK_LINUX_MIPSEL_QEMU || \ ADK_LINUX_MIPS64_QEMU || \ ADK_LINUX_MIPS64EL_QEMU || \ - ADK_LINUX_RESCUE || \ - ADK_LINUX_MIPS64_LEMOTE + ADK_LINUX_RESCUE select ADK_KERNEL_BLK_DEV_INITRD help create an read-only initramfs system. @@ -418,6 +417,33 @@ config ADK_TARGET_ROOTFS_EXT2 select ADK_KERNEL_EXT2_FS help Use this option if your rootfs is ext2. + +config ADK_TARGET_ROOTFS_ENCRYPTED + bool "Encrypted read-write root filesystem" + depends on ADK_LINUX_MIPS64_LEMOTE + select ADK_LINUX_INITRAMFS_BUILTIN + select ADK_PACKAGE_CRYPTINIT + select ADK_KERNEL_BLK_DEV_DM + select ADK_KERNEL_DM_CRYPT + select ADK_KERNEL_CRYPTO_AES + select ADK_KERNEL_CRYPTO_CBC + select ADK_KERNEL_CRYPTO_SHA256 + select ADK_KERNEL_XFS_FS + help + Use this option if you want an encrypted rootfs. + Default is XFS filesystem. Use following commands to setup + your hard disk, after booting via NFS or USB: + cryptsetup luksFormat /dev/sda2 + cryptsetup luksOpen /dev/sda2 crypt + mkfs.xfs /dev/mapper/crypt + mount /dev/mapper/crypt /mnt + tar xzvf lemote-mips-encryptedroot.tar.gz -C /mnt + umount /mnt + mount /dev/sda1 /mnt + cp lemote-mips-kernel /mnt/ + mkdir /mnt/boot + Create boot.cfg ... + endchoice config ADK_SSP diff --git a/target/foxboard/kernel.config b/target/foxboard/kernel.config index 3cd568a60..e4f870878 100644 --- a/target/foxboard/kernel.config +++ b/target/foxboard/kernel.config @@ -109,7 +109,7 @@ CONFIG_BINFMT_ELF=y # CONFIG_HAVE_AOUT is not set # CONFIG_BINFMT_MISC is not set CONFIG_GENERIC_HARDIRQS=y -CONFIG_ETRAX_CMDLINE="init=/init console=ttyS0,115200" +CONFIG_ETRAX_CMDLINE="console=ttyS0,115200" # CONFIG_ETRAX_WATCHDOG is not set CONFIG_ETRAX_FAST_TIMER=y # CONFIG_ETRAX_KMALLOCED_MODULES is not set diff --git a/target/lemote/Makefile b/target/lemote/Makefile index 4a4d4b78f..f354ad6a5 100644 --- a/target/lemote/Makefile +++ b/target/lemote/Makefile @@ -13,6 +13,15 @@ kernel-install: $(KERNEL_CROSS)objcopy $(OSTRIP) -S $(LINUX_DIR)/vmlinux \ $(BIN_DIR)/${DEVICE}-${ARCH}-kernel +createinit: + $(SED) 's#^CONFIG_INITRAMFS_SOURCE.*#CONFIG_INITRAMFS_SOURCE="./initramfs_list"#' $(LINUX_DIR)/.config + echo 'CONFIG_INITRAMFS_ROOT_UID=0' >> $(LINUX_DIR)/.config + echo 'CONFIG_INITRAMFS_ROOT_GID=0' >> $(LINUX_DIR)/.config + $(MAKE) -C $(LINUX_DIR) V=0 CROSS_COMPILE="$(KERNEL_CROSS)" ARCH=$(ARCH) \ + CC="$(TARGET_CC)" $(MAKE_TRACE) + $(CP) $(LINUX_DIR)/arch/mips/loongson/image/vmlinuz \ + $(BIN_DIR)/${DEVICE}-${ARCH}-kernel + ifeq ($(FS),nfsroot) imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) @echo 'The kernel file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel' @@ -22,6 +31,32 @@ imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) @echo 'PMON> load tftp://<ip-address-server>/lemote-mips-kernel' @echo 'PMON> g no_auto_cmd root=/dev/nfs ip=dhcp init=/init' endif +ifeq ($(FS),encrypted) +imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) createinit + @echo 'The kernel+cryptinit file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel' + @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)," + @echo 'Boot your lemote via NFS or USB.' + @echo 'Then create at least three partitions with fdisk:' + @echo '/dev/sda1 (ext2)' + @echo '/dev/sda2 (encrypted root)' + @echo '/dev/sda3 (swap)' + @echo 'mkdir /mnt/{boot,root}' + @echo 'mke2fs /dev/sda1' + @echo 'mkfs.xfs /dev/sda2' + @echo 'cryptsetup luksFormat /dev/sda2' + @echo 'cryptsetup luksFormat /dev/sda3' + @echo 'cryptsetup luksOpen /dev/sda2 crypt' + @echo 'mount /dev/sda1 /mnt/boot' + @echo 'mount /dev/mapper/crypt /mnt/root' + @echo 'mkdir /mnt/boot/boot' + @echo + @echo 'Copy $(ROOTFSTARBALL) via scp to /mnt/root and extract it' + @echo 'cd /mnt/root ; gunzip $(ROOTFSTARBALL); tar xpvf $(ROOTFSTARBALL)' + @echo 'Copy ${DEVICE}-${ARCH}-kernel via scp to /mnt/boot/boot' + @echo 'Move boot.cfg to /mnt/boot/boot' + @echo 'mv /mnt/root/boot/boot.cfg /mnt/boot/boot' + @echo 'cd /mnt/root ; mknod -m 644 console c 5 1' +endif ifeq ($(FS),initramfs) imageinstall: $(BIN_DIR)/$(INITRAMFS) @echo 'The kernel file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel' diff --git a/target/lemote/files/boot/boot.cfg b/target/lemote/files/boot/boot.cfg new file mode 100644 index 000000000..63f740928 --- /dev/null +++ b/target/lemote/files/boot/boot.cfg @@ -0,0 +1,7 @@ +timeout 4 +default 0 +showmenu 1 + +title Linux + kernel /dev/fs/ext2@wd0/boot/lemote-mips-kernel + args no_auto_cmd root=/dev/mapper/root resume=/dev/mapper/swap diff --git a/target/lemote/files/etc/inittab b/target/lemote/files/etc/inittab index b6dd0bd3b..f14e0d568 100644 --- a/target/lemote/files/etc/inittab +++ b/target/lemote/files/etc/inittab @@ -1,4 +1,3 @@ ::sysinit:/etc/init.d/rcS ::shutdown:/etc/init.d/rcK -tty::respawn:/sbin/getty -i -L tty 115200 vt100 tty1::respawn:/sbin/getty -i -L tty1 115200 vt100 diff --git a/target/lemote/kernel.config b/target/lemote/kernel.config index a1fc83cc1..95d638ee4 100644 --- a/target/lemote/kernel.config +++ b/target/lemote/kernel.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.30.5 -# Sat Aug 22 13:14:36 2009 +# Sat Aug 22 17:10:45 2009 # CONFIG_MIPS=y @@ -185,9 +185,9 @@ CONFIG_LOCALVERSION="" CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y CONFIG_HAVE_KERNEL_LZMA=y -CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_BZIP2 is not set -# CONFIG_KERNEL_LZMA is not set +CONFIG_KERNEL_LZMA=y CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y @@ -212,7 +212,11 @@ CONFIG_LOG_BUF_SHIFT=15 # CONFIG_SYSFS_DEPRECATED_V2 is not set # CONFIG_RELAY is not set # CONFIG_NAMESPACES is not set -# CONFIG_BLK_DEV_INITRD is not set +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +# CONFIG_RD_GZIP is not set +# CONFIG_RD_BZIP2 is not set +CONFIG_RD_LZMA=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y @@ -272,6 +276,7 @@ CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" +# CONFIG_PROBE_INITRD_HEADER is not set CONFIG_FREEZER=y # @@ -1240,6 +1245,7 @@ CONFIG_GENERIC_FIND_LAST_BIT=y CONFIG_CRC32=y # CONFIG_CRC7 is not set # CONFIG_LIBCRC32C is not set +CONFIG_DECOMPRESS_LZMA=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y diff --git a/target/linux/config/Config.in.block b/target/linux/config/Config.in.block index 5ceacf608..15c3f27d6 100644 --- a/target/linux/config/Config.in.block +++ b/target/linux/config/Config.in.block @@ -40,6 +40,15 @@ config ADK_KERNEL_BLK_DEV_SD boolean default n +config ADK_KERNEL_DM_CRYPT + boolean + default n + +config ADK_KERNEL_BLK_DEV_DM + select ADK_KERNEL_MD + boolean + default n + #config ADK_KERNEL_IDE # boolean # default n @@ -206,6 +215,7 @@ config ADK_KPACKAGE_KMOD_MD_RAID456 config ADK_KPACKAGE_KMOD_BLK_DEV_DM prompt "kmod-dm........................... Device Mapper support" select ADK_KERNEL_MD + depends on !ADK_KERNEL_BLK_DEV_DM tristate help Device-mapper is a low level volume manager. It works by allowing @@ -218,6 +228,7 @@ config ADK_KPACKAGE_KMOD_BLK_DEV_DM config ADK_KPACKAGE_KMOD_DM_CRYPT prompt "kmod-dm-crypt................... Crypt target support" depends on ADK_KPACKAGE_KMOD_BLK_DEV_DM + depends on !ADK_KERNEL_DM_CRYPT select ADK_KERNEL_MD select ADK_KERNEL_CRYPTO select ADK_KPACKAGE_KMOD_CRYPTO_CBC diff --git a/target/linux/config/Config.in.crypto b/target/linux/config/Config.in.crypto index 8a7b534ca..2b90a6028 100644 --- a/target/linux/config/Config.in.crypto +++ b/target/linux/config/Config.in.crypto @@ -22,6 +22,18 @@ config ADK_KERNEL_OCF_OCF select ADK_KERNEL_OCF_FIPS select ADK_KERNEL_OCF_CRYPTODEV +config ADK_KERNEL_CRYPTO_AES + boolean + default n + +config ADK_KERNEL_CRYPTO_SHA256 + boolean + default n + +config ADK_KERNEL_CRYPTO_CBC + boolean + default n + comment "Hardware cryptography" menu "Hardware crypto devices" @@ -136,6 +148,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER config ADK_KPACKAGE_KMOD_CRYPTO_CBC prompt "kmod-crypto-cbc...................... CBC support" tristate + depends on !ADK_KERNEL_CRYPTO_CBC select ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER select ADK_KPACKAGE_KMOD_CRYPTO_MANAGER default n @@ -205,6 +218,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_SHA256 prompt "kmod-crypto-sha256................... SHA256 digest algorithm" tristate default n + depends on !ADK_KERNEL_CRYPTO_SHA256 select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI select ADK_KPACKAGE_KMOD_CRYPTO_HASH help @@ -267,6 +281,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_AES prompt "kmod-crypto-aes...................... AES cipher algorithms" tristate default n + depends on !ADK_KERNEL_CRYPTO_AES select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI help AES cipher algorithms (FIPS-197). AES uses the Rijndael diff --git a/target/linux/config/Config.in.fs b/target/linux/config/Config.in.fs index 5b96e96ce..7d6a849ef 100644 --- a/target/linux/config/Config.in.fs +++ b/target/linux/config/Config.in.fs @@ -121,10 +121,20 @@ config ADK_KPACKAGE_KMOD_VFAT_FS The VFAT support enlarges your kernel by about 10 KB Please read the file <file:Documentation/filesystems/vfat.txt> for details. +config ADK_KERNEL_EXPORTFS + boolean + default n + +config ADK_KERNEL_XFS_FS + boolean + select ADK_KERNEL_EXPORTFS + default n + config ADK_KPACKAGE_KMOD_XFS_FS prompt "kmod-fs-xfs....................... XFS filesystem support" tristate select ADK_KPACKAGE_KMOD_EXPORTFS + depends on !ADK_KERNEL_XFS_FS default n help XFS is a high performance journaling filesystem which originated diff --git a/target/linux/config/Config.in.misc b/target/linux/config/Config.in.misc index eea6ccc38..d0716cf57 100644 --- a/target/linux/config/Config.in.misc +++ b/target/linux/config/Config.in.misc @@ -1,3 +1,8 @@ +config ADK_LINUX_INITRAMFS_BUILTIN + select ADK_KERNEL_BLK_DEV_INITRD + boolean + default n + menu "Miscellaneous devices support" source target/linux/config/Config.in.leds diff --git a/target/linux/patches/2.6.30.5/startup.patch b/target/linux/patches/2.6.30.5/startup.patch new file mode 100644 index 000000000..1ef9a3d10 --- /dev/null +++ b/target/linux/patches/2.6.30.5/startup.patch @@ -0,0 +1,20 @@ +diff -Nur linux-2.6.30.5.orig/init/main.c linux-2.6.30.5/init/main.c +--- linux-2.6.30.5.orig/init/main.c 2009-08-16 23:19:38.000000000 +0200 ++++ linux-2.6.30.5/init/main.c 2009-08-22 20:26:39.000000000 +0200 +@@ -811,7 +811,7 @@ + numa_default_policy(); + + if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0) +- printk(KERN_WARNING "Warning: unable to open an initial console.\n"); ++ printk(KERN_WARNING "Starting Linux (build with OpenADK)"); + + (void) sys_dup(0); + (void) sys_dup(0); +@@ -835,6 +835,7 @@ + printk(KERN_WARNING "Failed to execute %s. Attempting " + "defaults...\n", execute_command); + } ++ run_init_process("/start"); + run_init_process("/sbin/init"); + run_init_process("/etc/init"); + run_init_process("/bin/init"); diff --git a/target/qemu-cris/kernel.config b/target/qemu-cris/kernel.config index 3bae4c94b..07e09d533 100644 --- a/target/qemu-cris/kernel.config +++ b/target/qemu-cris/kernel.config @@ -110,7 +110,7 @@ CONFIG_BINFMT_ELF=y # CONFIG_HAVE_AOUT is not set # CONFIG_BINFMT_MISC is not set CONFIG_GENERIC_HARDIRQS=y -CONFIG_ETRAX_CMDLINE="console=ttyS0,115200 init=/init" +CONFIG_ETRAX_CMDLINE="console=ttyS0,115200" # CONFIG_ETRAX_WATCHDOG is not set CONFIG_ETRAX_FAST_TIMER=y # CONFIG_ETRAX_KMALLOCED_MODULES is not set diff --git a/target/qemu-mips/kernel.config b/target/qemu-mips/kernel.config index d88cbf633..3a08ae870 100644 --- a/target/qemu-mips/kernel.config +++ b/target/qemu-mips/kernel.config @@ -889,7 +889,7 @@ CONFIG_MAGIC_SYSRQ=y # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0" +CONFIG_CMDLINE="console=ttyS0,115200 console=tty0" # # Security options diff --git a/target/qemu-mips64/kernel.config b/target/qemu-mips64/kernel.config index b92d60f06..2cd7908a5 100644 --- a/target/qemu-mips64/kernel.config +++ b/target/qemu-mips64/kernel.config @@ -898,7 +898,7 @@ CONFIG_TRACING_SUPPORT=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0" +CONFIG_CMDLINE="console=ttyS0,115200 console=tty0" # # Security options diff --git a/target/qemu-mips64el/kernel.config b/target/qemu-mips64el/kernel.config index 387efabbf..c2c1ca58a 100644 --- a/target/qemu-mips64el/kernel.config +++ b/target/qemu-mips64el/kernel.config @@ -891,7 +891,7 @@ CONFIG_MAGIC_SYSRQ=y # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0" +CONFIG_CMDLINE="console=ttyS0,115200 console=tty0" # # Security options diff --git a/target/qemu-mipsel/kernel.config b/target/qemu-mipsel/kernel.config index 8a78fd922..3f4026e9e 100644 --- a/target/qemu-mipsel/kernel.config +++ b/target/qemu-mipsel/kernel.config @@ -889,7 +889,7 @@ CONFIG_MAGIC_SYSRQ=y # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0" +CONFIG_CMDLINE="console=ttyS0,115200 console=tty0" # # Security options diff --git a/target/rb411/kernel.config b/target/rb411/kernel.config index e3da44dd8..489e39c54 100644 --- a/target/rb411/kernel.config +++ b/target/rb411/kernel.config @@ -917,7 +917,7 @@ CONFIG_MAGIC_SYSRQ=y # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200" +CONFIG_CMDLINE="console=ttyS0,115200" # # Security options diff --git a/target/rb433/kernel.config b/target/rb433/kernel.config index faebe6b39..c212743a8 100644 --- a/target/rb433/kernel.config +++ b/target/rb433/kernel.config @@ -918,7 +918,7 @@ CONFIG_MAGIC_SYSRQ=y # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200" +CONFIG_CMDLINE="console=ttyS0,115200" # # Security options diff --git a/target/rb532/kernel.config b/target/rb532/kernel.config index b5a78d466..7516f64e4 100644 --- a/target/rb532/kernel.config +++ b/target/rb532/kernel.config @@ -930,7 +930,7 @@ CONFIG_TRACING_SUPPORT=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0,115200" +CONFIG_CMDLINE="console=ttyS0,115200" # # Security options diff --git a/target/wag54g/kernel.config b/target/wag54g/kernel.config index 8949aa612..eec4f9e43 100644 --- a/target/wag54g/kernel.config +++ b/target/wag54g/kernel.config @@ -760,7 +760,7 @@ CONFIG_MAGIC_SYSRQ=y # CONFIG_DYNAMIC_PRINTK_DEBUG is not set # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y -CONFIG_CMDLINE="init=/init console=ttyS0" +CONFIG_CMDLINE="console=ttyS0" # # Security options |