Want more features on Pastebin? Sign Up, it's FREE!
Guest

work in progress - create bootable LUKS flash drive

By: a guest on Mar 17th, 2012  |  syntax: Bash  |  size: 4.16 KB  |  views: 30  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/bin/bash
  2. #
  3. # DESTROY the partition table on a selected drive!!! Turn the drive into an encrypted boot disk!!!
  4. # BEWARE of the awful appearance of the drive names - /sd$13 expands into, eg, /sdb3 and the 13 is just a shock to look at
  5. # NOTE that if run FROM a HARD DRIVE it can set up a BOOT STICK
  6. # and that if run FROM a BOOT STICK it can set up a HARD DRIVE (or another boot stick)- it's reversible.
  7. #
  8. # The files for the eventual /boot are currently taken from /home/john/buildstick/b1
  9. # and for / from /home/john/buildstick/broot
  10. # Those directories might be made less specific eventually
  11. #
  12. case "$1" in
  13. "") echo "USB boot stick creator. Usage: ${0##*/} <drive letter to DESTROY eg b or c>"; exit 1;;
  14. esac
  15. #
  16. # blank the partition table and replace with vfat transfer, boot and LVM...
  17. # NOTE! if vfat isn't the first partition, Vista (eg) will ask if it can format the first partition and not auto-open the vfat
  18. #
  19. echo "partitioning /dev/sd$1..."
  20. /etc/rc.d/rc.hald stop
  21. fdisk /dev/sd$1 <<EOF
  22. o
  23. n
  24. p
  25. 1
  26.  
  27. +8G
  28. t
  29. 1
  30. b
  31. n
  32. p
  33. 2
  34.  
  35. +55M
  36. n
  37. p
  38. 3
  39.  
  40.  
  41. t
  42. 3
  43. 8e
  44. p
  45. w
  46. EOF
  47. # fdisk ended
  48. # the partition table now exists in the required state
  49. echo "formatting xfer and boot..."
  50. mkfs.vfat -n xfer /dev/sd$11
  51. mount /dev/sd$11 /mnt/b1
  52. mkfs.ext2 -L boot /dev/sd$12
  53. mount /dev/sd$12 /mnt/b2
  54. # and the partition formats are finished
  55. #
  56. # generate a hard-to-guess LVM slot 1 password and store it in open sight on the transfer partition
  57. #
  58. key=$(dd if=/dev/urandom bs=36 count=1 2>/dev/null | base64 | awk '{{gsub("/","q")} {gsub("+","J")} print $0}')
  59. echo ${key:0:23} >/mnt/b1/originalpassword.luks
  60. #
  61. # store the password and key audit for escrow
  62. #
  63. line=`udevadm info -q all -n /dev/sd$1 | grep ID_SERIAL_SHORT | sed "s/E\: ID_SERIAL_SHORT=//g"`
  64. cp /mnt/b1/originalpassword.luks /home/john/buildstick/serials/$line
  65. udevadm info -q all -n /dev/sd$1 >>/home/john/buildstick/serials/$line
  66. #
  67. # this blanking is in case the stick is being recreated, cryptsetup doesn't like seeing an existing LVM header here
  68. # create just swap - small, I don't much like the idea of swap on a stick - and a root which will hold home and var too
  69. #
  70. echo "formatting the logical volume..."
  71. #
  72. dd if=/dev/zero of=/dev/sd$13 bs=1024 count=1024 conv=notrunc
  73. cryptsetup -v -c twofish-cbc-essiv:sha256 -s 256 -y --key-file /mnt/b1/originalpassword.luks luksFormat /dev/sd$13
  74. lvmdev=`blkid | grep sd$13 | awk -F'"' '{print $2 }'`
  75. echo "lvmdev=$lvmdev"
  76. #
  77. cryptsetup --key-file /mnt/b1/originalpassword.luks luksOpen /dev/sd$13 fdp
  78. pvcreate /dev/mapper/fdp
  79. vgcreate fdv /dev/mapper/fdp
  80. lvcreate -L 4G -n swap fdv
  81. lvcreate -l 100%FREE -n root fdv
  82. vgscan --mknodes
  83. vgchange -ay
  84. mkswap /dev/fdv/swap
  85. mkfs.ext4 -L root /dev/fdv/root
  86. # end of lvm setup
  87. lvm=`blkid | grep "/dev/mapper/fdp" | awk -F'"' '{print $2 }'`
  88. echo "lvm=$lvm"
  89. mount /dev/fdv/root /mnt/broot
  90. #
  91. # the boot and root content are stored in those explicit directories to be copied now...
  92. #
  93. echo "copying boot..."
  94. time cp -a /home/john/buildstick/b2 /mnt
  95. echo "copying root..."
  96. time cp -a /home/john/buildstick/broot /mnt
  97. mount -o bind /proc /mnt/broot/proc
  98. mount -o bind /sys /mnt/broot/sys
  99. mount -o bind /dev /mnt/broot/dev
  100. #
  101. # jhlilo mounts boot, runs mkinitrd and lilo, umounts boot, self-deletes and exits...
  102. #
  103. cat >/mnt/broot/jhlilo <<EOF1
  104. mount /dev/sd$12 /boot
  105. cd /boot
  106. mkinitrd -c -k 2.6.37.6-smp -m ext4 twofish -f ext4 -r /dev/fdv/root -C UUID="$lvm" -l uk -L -K LABEL=xfer:/originalpassword.luks
  107. lilo
  108. umount /boot
  109. #rm /jhlilo
  110. exit
  111.  
  112. EOF1
  113. #
  114. cat >/mnt/broot/etc/lilo.conf <<EOF2
  115. boot = /dev/sd$1
  116. lba32
  117. compact
  118. # Append any additional kernel parameters:
  119. append=" vt.default_utf8=0 noacpi"
  120. menu-title="USB flash drive boot screen"
  121. vga = 773
  122. image = /boot/vmlinuz-generic-smp-2.6.37.6-smp
  123.   initrd = /boot/initrd.gz
  124.   root = /dev/fdv/root
  125.   label = normally
  126.   read-only  # Partitions should be mounted read-only for checking
  127.  
  128. EOF2
  129. #
  130. echo "initializing lilo..."
  131. chmod +x /mnt/broot/jhlilo
  132. chroot /mnt/broot ./jhlilo
  133. umount /mnt/broot/proc
  134. umount /mnt/broot/sys
  135. umount /mnt/broot/dev
  136. umount /mnt/b2
  137. umount /mnt/b1
  138. umount /mnt/broot
  139. #
  140. /etc/rc.d/rc.hald start
  141. echo "the stick is now ready to boot, step1 ended."
  142. #
clone this paste RAW Paste Data