From 73e97e5a40cbd961b9be9deea0510a1c096f2e43 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Thu, 28 Jul 2011 17:06:01 +0200 Subject: add smartcard support --- package/cryptinit/Makefile | 11 +++++-- package/cryptinit/src/cryptinitsc | 65 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 2 deletions(-) create mode 100755 package/cryptinit/src/cryptinitsc (limited to 'package/cryptinit') diff --git a/package/cryptinit/Makefile b/package/cryptinit/Makefile index bc9d4f122..6ee1ff5bb 100644 --- a/package/cryptinit/Makefile +++ b/package/cryptinit/Makefile @@ -8,13 +8,16 @@ PKG_VERSION:= 2.0 PKG_RELEASE:= 1 PKG_DESCR:= init for encrypted rootfilesystem PKG_SECTION:= base -PKG_DEPENDS:= cryptsetup opensc pcsc-lite +PKG_DEPENDS:= cryptsetup PKG_CFLINE_CRYPTINIT:= select BUSYBOX_STTY@ PKG_CFLINE_CRYPTINIT+= select BUSYBOX_SWITCH_ROOT@ -PKG_FLAVOURS_CRYPTINIT:=NO_GRUB +PKG_FLAVOURS_CRYPTINIT:=SC NO_GRUB PKGFD_NO_GRUB:= predefine root/swap partition (without grub) +PKGFD_SC:= with smartcard support +PKGFS_SC:= ccid openct opensc pcsc-lite +PKGFB_SC:= ccid openct opensc pcsc-lite PKG_FLAVOURS_STRING_CRYPTINIT:= ROOT SWAP PKGFD_ROOT:= root partition @@ -39,6 +42,10 @@ do-install: $(INSTALL_DIR) $(IDIR_CRYPTINIT)/sbin $(TARGET_CC) $(TARGET_CFLAGS) -Wall -o $(IDIR_CRYPTINIT)/sbin/p \ ./src/p.c +ifeq ($(ADK_PACKAGE_CRYPTINIT_SC),y) + $(INSTALL_BIN) ./src/cryptinitsc $(IDIR_CRYPTINIT)/cryptinit +else $(INSTALL_BIN) ./src/cryptinit $(IDIR_CRYPTINIT)/ +endif include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/cryptinit/src/cryptinitsc b/package/cryptinit/src/cryptinitsc new file mode 100755 index 000000000..f8d101877 --- /dev/null +++ b/package/cryptinit/src/cryptinitsc @@ -0,0 +1,65 @@ +#!/bin/sh + +load_modules() { + (sed "s,^[^#][^[:space:]]*,insmod /lib/modules/$(uname -r)/&.ko," $* | sh 2>&- || :) +} + +echo -n "Kernel currently running: " +uname -rsmo +echo -n "Kernel parameters: "; cat /proc/cmdline +for word in $(cat /proc/cmdline) ; do + case $word in + [a-z]*=*) + eval "export $word" + ;; + esac +done + +echo 0 > /proc/sys/kernel/printk + +load_modules /etc/modules +for f in /etc/modules.d/*; do + [[ -e $f ]] && load_modules /etc/modules.d/* + break +done + +mount /dev/sda1 /boot +mkdir -p /var/run/openct +openct-control init +pcscd -f & +sleep 2 + +fail=0 +count=0 +while true; do + pkcs15-crypt --decipher --input /boot/key --pkcs1 --raw >/tmp/skey + cryptsetup -d /tmp/skey --batch-mode luksOpen $swap swapcrypt + if [ $? = 0 ];then + break + fi + if [ $count = 2 ];then + echo "You are not allowed" + sleep 3 + fail=1 + break + fi + count=$(($count+1)) +done + +if [ $fail -eq 1 ];then + echo "Poweroff." + p +fi + +echo "Try to resume from hibernation" +echo "254:0" > /sys/power/resume + +cryptsetup -d /tmp/skey --batch-mode luksOpen $root rootcrypt +swapon /dev/mapper/swapcrypt +mount /dev/mapper/rootcrypt /mnt +umount /proc +umount /sys +umount /dev/pts +rm /tmp/skey +pkill pcscd +umount /tmp -- cgit v1.2.3