diff --git a/Makefile b/Makefile index 3d4d5be7..d7d2af44 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,12 @@ all: coreboot force: -rm $(linux_dir)/arch/x86/boot/bzImage +# uclibc must be built after the kernel, +# since 'make headers_install' must be run to generate the +# headers that uclibc needs. +uclibc_url := https://uclibc.org/downloads/uClibc-0.9.33.tar.xz + + kexec_version := 2.0.12 kexec_dir := kexec-tools-$(kexec_version) kexec_tar := kexec-tools-$(kexec_version).tar.gz @@ -22,6 +28,32 @@ kexec: $(kexec_dir) make -C "$(kexec_dir)" -j 8 +qrencode_dir := qrencode-3.4.4 +qrencode_tar := qrencode-3.4.4.tar.gz +qrencode_url := https://fukuchi.org/works/qrencode/$(qrencode_tar) +qrencode_canary := $(qrencode_dir)/.canary + +$(qrencode_tar): + wget $(qrencode_url) + +qrencode_lib := $(qrencode_dir)/.libs/libqrencode.so +$(qrencode_canary): $(qrencode_tar) + tar xvf "$<" + touch "$@" + +$(qrencode_lib): $(qrencode_canary) + cd $(qrencode_dir) ; ./configure --without-tools + make -C "$(qrencode_dir)" + + +initrd/bin/unsealtotp: $(qrencode_lib) + make -C tpmtotp unsealtotp + cp tpmtotp/unsealtotp "$@" +initrd/bin/sealtotp: $(qrencode_lib) + make -C tpmtotp sealtotp + cp tpmtotp/sealtotp "$@" + + busybox_version := 1.25.0 busybox_dir := busybox-$(busybox_version) busybox_tar := busybox-$(busybox_version).tar.bz2 diff --git a/initrd/init b/initrd/init index 359609a6..24ba5d3c 100755 --- a/initrd/init +++ b/initrd/init @@ -1,4 +1,11 @@ #!/bin/ash +# First thing it is vital to mount the /dev and other system directories +mkdir /proc /sys /dev /tmp /boot 2>&- 1>&- +mount -t devtmpfs none /dev +mount -t proc none /proc +mount -t sysfs none /sys + +# Now it is safe to print a banner echo '=====================================================' echo ' _ _ _ ____ ___ __ __ ' echo '| | | | ___ __ _ __| |___ _ | _ \ / _ \| \/ |' @@ -8,19 +15,23 @@ echo '|_| |_|\___|\__,_|\__,_|___/ (_) |_| \_\\___/|_| |_|' echo '' echo '=====================================================' -# Mount the system directories -mkdir /proc /sys /dev /tmp /boot 2>/dev/null - -mount -t proc none /proc -mount -t sysfs none /sys -mount -t devtmpfs none /dev - -## Ensure that we load libraries from our directory -#export LD_LIBRARY_PATH=/lib64 - -# Start an interactive shell +echo echo "Run './start-xen' to load the hypervisor" echo "Run 'kexec -e' to boot it" echo +# Load the date from the hardware clock, setting it in local time +hwclock -l -s + +# Verify the user's TPM secret +date +if [ -r /secret.totp ]; then + echo + echo -n "Verify TPM PCR: " + unsealtotp /secret.totp + echo +fi + + +# Start an interactive shell exec /bin/ash