API tools faq
paste
Advertisement
Guest User

work in progress - create bootable LUKS flash drive

a guest
Mar 17th, 2012
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.16 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #
  3. # DESTROY the partition table on a selected drive!!! Turn the drive into an encrypted boot disk!!!
  4. # BEWARE of the awful appearance of the drive names - /sd$13 expands into, eg, /sdb3 and the 13 is just a shock to look at
  5. # NOTE that if run FROM a HARD DRIVE it can set up a BOOT STICK
  6. # and that if run FROM a BOOT STICK it can set up a HARD DRIVE (or another boot stick)- it's reversible.
  7. #
  8. # The files for the eventual /boot are currently taken from /home/john/buildstick/b1
  9. # and for / from /home/john/buildstick/broot
  10. # Those directories might be made less specific eventually
  11. #
  12. case "$1" in
  13. "") echo "USB boot stick creator. Usage: ${0##*/} <drive letter to DESTROY eg b or c>"; exit 1;;
  14. esac
  15. #
  16. # blank the partition table and replace with vfat transfer, boot and LVM...
  17. # NOTE! if vfat isn't the first partition, Vista (eg) will ask if it can format the first partition and not auto-open the vfat
  18. #
  19. echo "partitioning /dev/sd$1..."
  20. /etc/rc.d/rc.hald stop
  21. fdisk /dev/sd$1 <<EOF
  22. o
  23. n
  24. p
  25. 1
  26.  
  27. +8G
  28. t
  29. 1
  30. b
  31. n
  32. p
  33. 2
  34.  
  35. +55M
  36. n
  37. p
  38. 3
  39.  
  40.  
  41. t
  42. 3
  43. 8e
  44. p
  45. w
  46. EOF
  47. # fdisk ended
  48. # the partition table now exists in the required state
  49. echo "formatting xfer and boot..."
  50. mkfs.vfat -n xfer /dev/sd$11
  51. mount /dev/sd$11 /mnt/b1
  52. mkfs.ext2 -L boot /dev/sd$12
  53. mount /dev/sd$12 /mnt/b2
  54. # and the partition formats are finished
  55. #
  56. # generate a hard-to-guess LVM slot 1 password and store it in open sight on the transfer partition
  57. #
  58. key=$(dd if=/dev/urandom bs=36 count=1 2>/dev/null | base64 | awk '{{gsub("/","q")} {gsub("+","J")} print $0}')
  59. echo ${key:0:23} >/mnt/b1/originalpassword.luks
  60. #
  61. # store the password and key audit for escrow
  62. #
  63. line=`udevadm info -q all -n /dev/sd$1 | grep ID_SERIAL_SHORT | sed "s/E\: ID_SERIAL_SHORT=//g"`
  64. cp /mnt/b1/originalpassword.luks /home/john/buildstick/serials/$line
  65. udevadm info -q all -n /dev/sd$1 >>/home/john/buildstick/serials/$line
  66. #
  67. # this blanking is in case the stick is being recreated, cryptsetup doesn't like seeing an existing LVM header here
  68. # create just swap - small, I don't much like the idea of swap on a stick - and a root which will hold home and var too
  69. #
  70. echo "formatting the logical volume..."
  71. #
  72. dd if=/dev/zero of=/dev/sd$13 bs=1024 count=1024 conv=notrunc
  73. cryptsetup -v -c twofish-cbc-essiv:sha256 -s 256 -y --key-file /mnt/b1/originalpassword.luks luksFormat /dev/sd$13
  74. lvmdev=`blkid | grep sd$13 | awk -F'"' '{print $2 }'`
  75. echo "lvmdev=$lvmdev"
  76. #
  77. cryptsetup --key-file /mnt/b1/originalpassword.luks luksOpen /dev/sd$13 fdp
  78. pvcreate /dev/mapper/fdp
  79. vgcreate fdv /dev/mapper/fdp
  80. lvcreate -L 4G -n swap fdv
  81. lvcreate -l 100%FREE -n root fdv
  82. vgscan --mknodes
  83. vgchange -ay
  84. mkswap /dev/fdv/swap
  85. mkfs.ext4 -L root /dev/fdv/root
  86. # end of lvm setup
  87. lvm=`blkid | grep "/dev/mapper/fdp" | awk -F'"' '{print $2 }'`
  88. echo "lvm=$lvm"
  89. mount /dev/fdv/root /mnt/broot
  90. #
  91. # the boot and root content are stored in those explicit directories to be copied now...
  92. #
  93. echo "copying boot..."
  94. time cp -a /home/john/buildstick/b2 /mnt
  95. echo "copying root..."
  96. time cp -a /home/john/buildstick/broot /mnt
  97. mount -o bind /proc /mnt/broot/proc
  98. mount -o bind /sys /mnt/broot/sys
  99. mount -o bind /dev /mnt/broot/dev
  100. #
  101. # jhlilo mounts boot, runs mkinitrd and lilo, umounts boot, self-deletes and exits...
  102. #
  103. cat >/mnt/broot/jhlilo <<EOF1
  104. mount /dev/sd$12 /boot
  105. cd /boot
  106. mkinitrd -c -k 2.6.37.6-smp -m ext4 twofish -f ext4 -r /dev/fdv/root -C UUID="$lvm" -l uk -L -K LABEL=xfer:/originalpassword.luks
  107. lilo
  108. umount /boot
  109. #rm /jhlilo
  110. exit
  111.  
  112. EOF1
  113. #
  114. cat >/mnt/broot/etc/lilo.conf <<EOF2
  115. boot = /dev/sd$1
  116. lba32
  117. compact
  118. # Append any additional kernel parameters:
  119. append=" vt.default_utf8=0 noacpi"
  120. menu-title="USB flash drive boot screen"
  121. vga = 773
  122. image = /boot/vmlinuz-generic-smp-2.6.37.6-smp
  123.   initrd = /boot/initrd.gz
  124.   root = /dev/fdv/root
  125.   label = normally
  126.   read-only  # Partitions should be mounted read-only for checking
  127.  
  128. EOF2
  129. #
  130. echo "initializing lilo..."
  131. chmod +x /mnt/broot/jhlilo
  132. chroot /mnt/broot ./jhlilo
  133. umount /mnt/broot/proc
  134. umount /mnt/broot/sys
  135. umount /mnt/broot/dev
  136. umount /mnt/b2
  137. umount /mnt/b1
  138. umount /mnt/broot
  139. #
  140. /etc/rc.d/rc.hald start
  141. echo "the stick is now ready to boot, step1 ended."
  142. #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!