From 5195a74422d3dce16e2c4f53809e6f83aef53a13 Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Wed, 5 Apr 2017 10:30:28 -0400 Subject: [PATCH] remove initrd unpacking, since Qubes dracut /etc/cryptab can be fixed --- qubes/boot.sh | 25 ++++++++++++++----------- qubes/boot.sh.asc | 14 +++++++------- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/qubes/boot.sh b/qubes/boot.sh index d09cec3c..57a2c02f 100644 --- a/qubes/boot.sh +++ b/qubes/boot.sh @@ -70,27 +70,30 @@ unseal-key \ # we know that the first 0x3400 bytes are the microcode INITRD_DIR=/tmp/initrd echo '+++ Unpacking initrd' -mkdir -p $INITRD_DIR -dd if="$INITRD" bs=256 count=52 | ( cd $INITRD_DIR ; cpio -i ) -dd if="$INITRD" bs=256 skip=52 | zcat | ( cd $INITRD_DIR ; cpio -i ) - -# Update the /etc/crypttab in the initrd and install our key -for dev in /dev/$CONFIG_QUBES_VG/*; do - uuid=`blkid $dev | cut -d\" -f2` - echo luks-$uuid /dev/disk/by-uuid/$uuid /secret.key -done > $INITRD_DIR/etc/crypttab +mkdir -p $INITRD_DIR/etc +#dd if="$INITRD" bs=256 count=52 | ( cd $INITRD_DIR ; cpio -i ) +#dd if="$INITRD" bs=256 skip=52 | zcat | ( cd $INITRD_DIR ; cpio -i ) mv /tmp/secret.key $INITRD_DIR/ +## Update the /etc/crypttab in the initrd and install our key +## This is no longer required, now that dom0 /etc/crypttab has +## the /secret.key specified. +#for dev in /dev/$CONFIG_QUBES_VG/*; do +# uuid=`blkid $dev | cut -d\" -f2` +# echo luks-$uuid /dev/disk/by-uuid/$uuid /secret.key +#done > $INITRD_DIR/etc/crypttab + echo '+++ Repacking initrd' -( cd $INITRD_DIR ; find . | cpio -H newc -o ) | gzip > /initrd.gz +( cd $INITRD_DIR ; find . | cpio -H newc -o ) > /initrd.cpio +cat "$INITRD" >> /initrd.cpio # command line arguments are include in the signature on this script, echo '+++ Loading kernel and initrd' kexec \ -l \ --module "${KERNEL} root=/dev/mapper/luks-$ROOT_UUID ro rd.qubes.hide_all_usb" \ - --module /initrd.gz \ + --module /initrd.cpio \ --command-line "no-real-mode reboot=no" \ "${XEN}" \ || recovery "kexec load failed" diff --git a/qubes/boot.sh.asc b/qubes/boot.sh.asc index 250ce215..de389498 100644 --- a/qubes/boot.sh.asc +++ b/qubes/boot.sh.asc @@ -1,10 +1,10 @@ -----BEGIN PGP SIGNATURE----- -iQEUAwUAWOK7zw+UgFLd7L5oAQJ/vwf4yf9zRGeKC2pwDJcMoBww1A4E8LbxW8FF -jdbojg8r5uvfuPeF0V7+BjnE5RItr1UiaClxryXpSwElSXNLoyQPdKbUaYr+w5R1 -jmwZpXxPkoCkUPpzsFl2JAvHe00d4isOU3rLOH6SJjN1VZDeOFGBkAeH5rr0kBpt -A0WaMW1Qe9RIFDHbyx6sxWXTzMTwHxvskqd5oJojJRiRFlgsOhPY7FGCop0ajEAA -PlYpupMtJQhJGpF4d/vF6nPTC2Trm5FSfK8lgrLwryxI4nSmPpPfXCfdscoid+2L -bJuThLvSdV/0DE1rsNcxxMZmhrPK4AnKK6tvTXA/CK3nwEkNQhgn -=OWVi +iQEVAwUAWOQaag+UgFLd7L5oAQIYMQgA1W3mnxsd6Bln0ipvZtITN0cAoAdsnuG/ +Kt/2Usabu7lzdYNpBp9h+jmGDj1Jg+5wvKBXgYQXiPG0TuPNXqeih+X1NJbeXO3S +BF6PXPEHkZlU7kDXUiPHVF9Hy2T6Kw45SQ5pEctATDYjO8SL/lVuxGRSXSiBdyW0 +PLEOHmVNh5C9LNtoGZmmRf8BkVpNc7LCZIkDWj29wNypaxBzv1AQmWBWTvWTSK3D +CkFW10DbF3nJZNrPtTY4EOV2fynRsCZYN/O3ZyN5iZ9kAm8WXWcjqMBB7K/bE3dw +KUb3E0pwyT+uAknT1pXPbcyx8hq6mvX0Fp+46UYovgx5KU+yQunItw== +=0kHU -----END PGP SIGNATURE-----