#!/bin/sh . ../lib/common.sh cleanup() { umount "${tmpdir}/root" || : cryptsetup close "$name" || : qemu-nbd -d "$nbd" || : rm -rf "$tmpdir" } command -v cryptsetup > /dev/null || exit 222 set -ef trap cleanup EXIT INT nbd=${NBD:-/dev/nbd2} devmgr=${DEVMGR:-proc} arch=${ARCH:-$(uname -m)} kernel=${KERNEL:-$(uname -r)} vmlinuz=${VMLINUZ:-"/boot/vmlinuz-${kernel}"} mkdir -p "${tmpdir:=${TMPDIR:-/tmp}/${0##*/}.$$}" name="luks$$" root="${tmpdir}/root" config="${tmpdir}/config" image="${tmpdir}/root.qcow2" initrd="${tmpdir}/initramfs-$(uname -r)" qemu-img create -f qcow2 "$image" 1G qemu-nbd -c "$nbd" "$image" sleep 1 # o: Create MBR table. # n: Add new partition to table. # p: Primary partition. # 1: Partition number. # newline: Use default value for first sector. # newline: Use default value for last sector. # w: Write changes and re-read partition table. fdisk "$nbd" << EOF o n p 1 w EOF dd bs=512 count=1 if=/dev/urandom of="${tmpdir}/key" cryptsetup -qd "${tmpdir}/key" --pbkdf=pbkdf2 luksFormat "${nbd}p1" cryptsetup -d "${tmpdir}/key" open "${nbd}p1" "$name" cat > "$config" << EOF hooks=$devmgr,luks root=LABEL=root luks_root=UUID=$(cryptsetup luksUUID "${nbd}p1") luks_key=${tmpdir}/key EOF mkdir -p "$root" mkfs.ext4 -L root "/dev/mapper/${name}" mount "/dev/mapper/${name}" "$root" ( tmpdir=$root; cd "$tmpdir" mkdir -p \ dev sys tmp run proc \ root usr/lib usr/bin ln -s usr/lib lib ln -s usr/bin bin ln -s usr/bin sbin ln -s bin usr/sbin copy_exec sh copy_exec e2label cat > sbin/init << EOF #!/bin/sh exec e2label /dev/disk/by-label/root success EOF chmod +x sbin/init ) umount "$root" cryptsetup close "$name" qemu-nbd -d "$nbd" (cd .. && ./tinyramfs -lk "$kernel" -c "$config" "$initrd") set -- \ -no-reboot \ -initrd "$initrd" \ -kernel "$vmlinuz" \ -device virtio-scsi \ -drive file="$image",if=virtio if [ -c /dev/kvm ]; then set -- -enable-kvm -cpu host "$@" fi if [ "$DEBUG" ]; then set -- -append 'panic=-1 rdpanic debug rddebug console=ttyS0' -nographic "$@" else set -- -append 'panic=-1 rdpanic' -display none "$@" fi "qemu-system-${arch}" "$@" qemu-nbd -c "$nbd" "$image" sleep 1 # Re-read partition table. fdisk "$nbd" << EOF w EOF cryptsetup -d "${tmpdir}/key" open "${nbd}p1" "$name" [ "$(e2label "/dev/mapper/${name}")" = success ]