From 821d05477fdc09cbeec93daf9a703726ed7e2db3 2018-10-31 11:37:18 From: drtyhlpr Date: 2018-10-31 11:37:18 Subject: [PATCH] fix: QEMU with cryptfs --- diff --git a/README.md b/README.md index 6446108..f62a03e 100644 --- a/README.md +++ b/README.md @@ -464,7 +464,7 @@ Start QEMU full system emulation and output to console: qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio ``` -Start QEMU full system emulation with cryptfs, initramfs and output to console. (NOT WORKING yey!) : +Start QEMU full system emulation with cryptfs, initramfs and output to console: ```shell qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio ``` diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index f9675d9..a3c2e0c 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -91,6 +91,23 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ "$ENABLE_QEMU" = true ] ; then echo "CONFIG_FHANDLE=y" >> ${KERNEL_DIR}/.config echo "CONFIG_LBDAF=y" >> ${KERNEL_DIR}/.config + + if [ "$ENABLE_CRYPTFS" = true ] ; then + echo "CONFIG_EMBEDDED=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_EXPERT=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_DAX=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_MD=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_BLK_DEV_MD=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_MD_AUTODETECT=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_BLK_DEV_DM=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_DM_CRYPT=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_CRYPTO_BLKCIPHER=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_CRYPTO_CBC=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_CRYPTO_XTS=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_CRYPTO_SHA512=y" >> ${KERNEL_DIR}/.config + echo "CONFIG_CRYPTO_MANAGER=y" >> ${KERNEL_DIR}/.config + fi fi # Copy custom kernel configuration file diff --git a/files/initramfs/expand- b/files/initramfs/expand- new file mode 100755 index 0000000..c0c5582 --- /dev/null +++ b/files/initramfs/expand- @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +# Check for cryptdevice variable +if [ -z "$cryptdevice" ] ; then + echo "unable to get cryptdevice variable (local-premount)" + exit 1 +fi + +if [ -n "$ROOT" ] ; then + # Resize encrypted root partition + cryptsetup resize "${ROOT}" + e2fsck -fp "${ROOT}" + resize2fs -f "${ROOT}" + e2fsck -fp "${ROOT}" +fi + +exit 0 diff --git a/files/initramfs/expand_encrypted_rootfs b/files/initramfs/expand_encrypted_rootfs index e6896ba..c357b1a 100644 --- a/files/initramfs/expand_encrypted_rootfs +++ b/files/initramfs/expand_encrypted_rootfs @@ -60,15 +60,23 @@ if [ -z "$PART_START" ] ; then return 1 fi +# Get the current last sector of the root partition +PART_END=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 3 -d: | sed 's/[^0-9]//g') +if [ -z "$PART_END" ] ; then + log_warning_msg "${ROOT_DEV} unable to get last sector of the partition" + return 1 +fi + # Get the possible last sector for the root partition PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }') if [ -z "$PART_LAST" ] ; then - log_warning_msg "${ROOT_DEV} unable to get last sector of the partition" + log_warning_msg "${ROOT_DEV} unable to get last possible sector of the partition" return 1 fi ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit -fdisk /dev/${ROOT_DEV} 2> /dev/null < /dev/null <