Skip to content

Instantly share code, notes, and snippets.

@e-minguez

e-minguez/crypt.diff

Last active May 14, 2020
Embed
What would you like to do?
manjaro-arm-installer crypt diff
diff --git a/manjaro-arm-installer b/manjaro-arm-installer
index 43e9fe1..98f43a0 100755
--- a/manjaro-arm-installer
+++ b/manjaro-arm-installer
@@ -197,6 +197,8 @@ create_install() {
elif [[ "$EDITION" = "cubocore" ]]; then
cp $TMPDIR/root/usr/share/applications/corestuff.desktop $TMPDIR/root/etc/xdg/autostart/
fi
+
+ [ ! -z "$CRYPT" ] && tweakinitrd_crypt
info "Cleaning install for unwanted files..."
umount $TMPDIR/root/var/cache/pacman/pkg
@@ -231,12 +233,24 @@ prepare_card () {
parted -s $SDCARD mkpart primary ext4 "${END_SECTOR}s" 100% 1> /dev/null 2>&1
partprobe $SDCARD 1> /dev/null 2>&1
mkfs.vfat "${SDCARD}${SDDEV}1" -n BOOT_MNJRO 1> /dev/null 2>&1
- mkfs.ext4 -O ^metadata_csum,^64bit "${SDCARD}${SDDEV}2" -L ROOT_MNJRO 1> /dev/null 2>&1
+
+ if [ -z "$CRYPT" ]; then
+ mkfs.ext4 -O ^metadata_csum,^64bit "${SDCARD}${SDDEV}2" -L ROOT_MNJRO 1> /dev/null 2>&1
+ else
+ cryptsetup luksFormat -q "${SDCARD}${SDDEV}2"
+ cryptsetup open "${SDCARD}${SDDEV}2" ROOT_MNJRO
+ mkfs.ext4 -O ^metadata_csum,^64bit /dev/mapper/ROOT_MNJRO 1> /dev/null 2>&1
+ fi
mkdir -p $TMPDIR/root
mkdir -p $TMPDIR/boot
mount ${SDCARD}${SDDEV}1 $TMPDIR/boot
- mount ${SDCARD}${SDDEV}2 $TMPDIR/root
+ if [ -z "$CRYPT" ]; then
+ mount ${SDCARD}${SDDEV}2 $TMPDIR/root
+ else
+ [ ! -e /dev/mapper/ROOT_MNJRO ] && cryptsetup open "${SDCARD}${SDDEV}2" ROOT_MNJRO
+ mount /dev/mapper/ROOT_MNJRO $TMPDIR/root
+ fi
}
cleanup () {
@@ -271,13 +285,52 @@ cleanup () {
;;
esac
+ [ ! -z "$CRYPT" ] && post_crypt
+
#clean up
umount $TMPDIR/root
umount $TMPDIR/boot
rm -r $TMPDIR/root $TMPDIR/boot
+ if [ ! -z "$CRYPT" ]; then
+ cryptsetup close /dev/mapper/ROOT_MNJRO
+ fi
partprobe $SDCARD 1> /dev/null 2>&1
}
+tweakinitrd_crypt () {
+ case "$DEVICE" in
+ pbpro)
+ # Use the proper mkinitcpio.
+ # NOTE: I've tried to modify only the HOOKS but it seems some kernel modules are required for the display to show stuff
+ cat << EOF > ${TMPDIR}/root/etc/mkinitcpio.conf
+MODULES=(panfrost rockchipdrm drm_kms_helper hantro_vpu analogix_dp rockchip_rga panel_simple arc_uart cw2015_battery i2c-hid icp iscsi_boot_sysfs jsm pwm_bl spl uhid)
+BINARIES=()
+FILES=()
+HOOKS=(base udev keyboard autodetect keymap modconf block encrypt lvm2 filesystems fsck)
+COMPRESSION="cat"
+EOF
+
+ # Install lvm2, this will trigger the cpio rebuild
+ $NSPAWN $TMPDIR/root pacman -Syyu lvm2 --noconfirm
+ ;;
+ esac
+}
+
+post_crypt () {
+ # Get the UUID
+ UUID=$(blkid -s UUID -o value "${SDCARD}${SDDEV}2")
+
+ # Modify the /boot/extlinux/extlinux.conf to match our needs
+ case "$DEVICE" in
+ pbpro)
+ # NOTE: I've tried to only modify the cryptdevice and root parameters but bootsplash and console=ttyS2 prevents to show the password prompt
+ sed -i -e "s!APPEND.*!APPEND initrd=/initramfs-linux.img console=tty1 cryptdevice=UUID=${UUID}:ROOT_MNJRO root=/dev/mapper/ROOT_MNJRO rw rootwait video=eDP-1:1920x1080@60 video=HDMI-A-1:1920x1080@60!g" ${TMPDIR}/boot/extlinux/extlinux.conf
+ ;;
+ esac
+
+ # Generate the /etc/crypttab file
+ echo "ROOT_MNJRO UUID=${UUID} none luks,discard" > ${TMPDIR}/root/etc/crypttab
+}
# Using Dialog to ask for user input for variables
DEVICE=$(dialog --clear --title "Manjaro ARM Installer" \
$ export CRYPT="y"
$ manjaro-arm-installer

It will ask the crypt password twice (first to create it, the second one to open the device)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment