##// END OF EJS Templates
fix: QEMU with cryptfs
drtyhlpr -
r263:821d05477fdc
parent child
Show More
@@ -0,0 +1,19
1 #!/bin/sh
2
3 set -e
4
5 # Check for cryptdevice variable
6 if [ -z "$cryptdevice" ] ; then
7 echo "unable to get cryptdevice variable (local-premount)"
8 exit 1
9 fi
10
11 if [ -n "$ROOT" ] ; then
12 # Resize encrypted root partition
13 cryptsetup resize "${ROOT}"
14 e2fsck -fp "${ROOT}"
15 resize2fs -f "${ROOT}"
16 e2fsck -fp "${ROOT}"
17 fi
18
19 exit 0
@@ -464,7 +464,7 Start QEMU full system emulation and output to console:
464 464 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
465 465 ```
466 466
467 Start QEMU full system emulation with cryptfs, initramfs and output to console. (NOT WORKING yey!) :
467 Start QEMU full system emulation with cryptfs, initramfs and output to console:
468 468 ```shell
469 469 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
470 470 ```
@@ -91,6 +91,23 if [ "$BUILD_KERNEL" = true ] ; then
91 91 if [ "$ENABLE_QEMU" = true ] ; then
92 92 echo "CONFIG_FHANDLE=y" >> ${KERNEL_DIR}/.config
93 93 echo "CONFIG_LBDAF=y" >> ${KERNEL_DIR}/.config
94
95 if [ "$ENABLE_CRYPTFS" = true ] ; then
96 echo "CONFIG_EMBEDDED=y" >> ${KERNEL_DIR}/.config
97 echo "CONFIG_EXPERT=y" >> ${KERNEL_DIR}/.config
98 echo "CONFIG_DAX=y" >> ${KERNEL_DIR}/.config
99 echo "CONFIG_MD=y" >> ${KERNEL_DIR}/.config
100 echo "CONFIG_BLK_DEV_MD=y" >> ${KERNEL_DIR}/.config
101 echo "CONFIG_MD_AUTODETECT=y" >> ${KERNEL_DIR}/.config
102 echo "CONFIG_BLK_DEV_DM=y" >> ${KERNEL_DIR}/.config
103 echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> ${KERNEL_DIR}/.config
104 echo "CONFIG_DM_CRYPT=y" >> ${KERNEL_DIR}/.config
105 echo "CONFIG_CRYPTO_BLKCIPHER=y" >> ${KERNEL_DIR}/.config
106 echo "CONFIG_CRYPTO_CBC=y" >> ${KERNEL_DIR}/.config
107 echo "CONFIG_CRYPTO_XTS=y" >> ${KERNEL_DIR}/.config
108 echo "CONFIG_CRYPTO_SHA512=y" >> ${KERNEL_DIR}/.config
109 echo "CONFIG_CRYPTO_MANAGER=y" >> ${KERNEL_DIR}/.config
110 fi
94 111 fi
95 112
96 113 # Copy custom kernel configuration file
@@ -60,15 +60,23 if [ -z "$PART_START" ] ; then
60 60 return 1
61 61 fi
62 62
63 # Get the current last sector of the root partition
64 PART_END=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 3 -d: | sed 's/[^0-9]//g')
65 if [ -z "$PART_END" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
67 return 1
68 fi
69
63 70 # Get the possible last sector for the root partition
64 71 PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
65 72 if [ -z "$PART_LAST" ] ; then
66 log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
73 log_warning_msg "${ROOT_DEV} unable to get last possible sector of the partition"
67 74 return 1
68 75 fi
69 76
70 77 ### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
71 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
78 if [ $PART_END != $PART_LAST ] ; then
79 fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
72 80 p
73 81 d
74 82 $PART_NUM
@@ -81,5 +89,8 p
81 89 w
82 90 EOF2
83 91
84 partprobe
85 log_success_msg "Root partition successfully resized."
92 partprobe
93 log_success_msg "Root partition successfully resized."
94 else
95 log_success_msg "Root partition already resized."
96 fi
@@ -526,7 +526,9 fi
526 526 # Configure qemu compatible kernel
527 527 if [ "$ENABLE_QEMU" = true ] ; then
528 528 KERNEL_DEFCONFIG="vexpress_defconfig"
529 KERNEL_OLDDEFCONFIG=true
529 if [ "$KERNEL_MENUCONFIG" = false ] ; then
530 KERNEL_OLDDEFCONFIG=true
531 fi
530 532 fi
531 533
532 534 # Execute bootstrap scripts
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant