Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # DESTROY the partition table on a selected drive!!! Turn the drive into an encrypted boot disk!!!
- # BEWARE of the awful appearance of the drive names - /sd$13 expands into, eg, /sdb3 and the 13 is just a shock to look at
- # NOTE that if run FROM a HARD DRIVE it can set up a BOOT STICK
- # and that if run FROM a BOOT STICK it can set up a HARD DRIVE (or another boot stick)- it's reversible.
- #
- # The files for the eventual /boot are currently taken from /home/john/buildstick/b1
- # and for / from /home/john/buildstick/broot
- # Those directories might be made less specific eventually
- #
- case "$1" in
- "") echo "USB boot stick creator. Usage: ${0##*/} <drive letter to DESTROY eg b or c>"; exit 1;;
- esac
- #
- # blank the partition table and replace with vfat transfer, boot and LVM...
- # NOTE! if vfat isn't the first partition, Vista (eg) will ask if it can format the first partition and not auto-open the vfat
- #
- echo "partitioning /dev/sd$1..."
- /etc/rc.d/rc.hald stop
- fdisk /dev/sd$1 <<EOF
- o
- n
- p
- 1
- +8G
- t
- 1
- b
- n
- p
- 2
- +55M
- n
- p
- 3
- t
- 3
- 8e
- p
- w
- EOF
- # fdisk ended
- # the partition table now exists in the required state
- echo "formatting xfer and boot..."
- mkfs.vfat -n xfer /dev/sd$11
- mount /dev/sd$11 /mnt/b1
- mkfs.ext2 -L boot /dev/sd$12
- mount /dev/sd$12 /mnt/b2
- # and the partition formats are finished
- #
- # generate a hard-to-guess LVM slot 1 password and store it in open sight on the transfer partition
- #
- key=$(dd if=/dev/urandom bs=36 count=1 2>/dev/null | base64 | awk '{{gsub("/","q")} {gsub("+","J")} print $0}')
- echo ${key:0:23} >/mnt/b1/originalpassword.luks
- #
- # store the password and key audit for escrow
- #
- line=`udevadm info -q all -n /dev/sd$1 | grep ID_SERIAL_SHORT | sed "s/E\: ID_SERIAL_SHORT=//g"`
- cp /mnt/b1/originalpassword.luks /home/john/buildstick/serials/$line
- udevadm info -q all -n /dev/sd$1 >>/home/john/buildstick/serials/$line
- #
- # this blanking is in case the stick is being recreated, cryptsetup doesn't like seeing an existing LVM header here
- # create just swap - small, I don't much like the idea of swap on a stick - and a root which will hold home and var too
- #
- echo "formatting the logical volume..."
- #
- dd if=/dev/zero of=/dev/sd$13 bs=1024 count=1024 conv=notrunc
- cryptsetup -v -c twofish-cbc-essiv:sha256 -s 256 -y --key-file /mnt/b1/originalpassword.luks luksFormat /dev/sd$13
- lvmdev=`blkid | grep sd$13 | awk -F'"' '{print $2 }'`
- echo "lvmdev=$lvmdev"
- #
- cryptsetup --key-file /mnt/b1/originalpassword.luks luksOpen /dev/sd$13 fdp
- pvcreate /dev/mapper/fdp
- vgcreate fdv /dev/mapper/fdp
- lvcreate -L 4G -n swap fdv
- lvcreate -l 100%FREE -n root fdv
- vgscan --mknodes
- vgchange -ay
- mkswap /dev/fdv/swap
- mkfs.ext4 -L root /dev/fdv/root
- # end of lvm setup
- lvm=`blkid | grep "/dev/mapper/fdp" | awk -F'"' '{print $2 }'`
- echo "lvm=$lvm"
- mount /dev/fdv/root /mnt/broot
- #
- # the boot and root content are stored in those explicit directories to be copied now...
- #
- echo "copying boot..."
- time cp -a /home/john/buildstick/b2 /mnt
- echo "copying root..."
- time cp -a /home/john/buildstick/broot /mnt
- mount -o bind /proc /mnt/broot/proc
- mount -o bind /sys /mnt/broot/sys
- mount -o bind /dev /mnt/broot/dev
- #
- # jhlilo mounts boot, runs mkinitrd and lilo, umounts boot, self-deletes and exits...
- #
- cat >/mnt/broot/jhlilo <<EOF1
- mount /dev/sd$12 /boot
- cd /boot
- mkinitrd -c -k 2.6.37.6-smp -m ext4 twofish -f ext4 -r /dev/fdv/root -C UUID="$lvm" -l uk -L -K LABEL=xfer:/originalpassword.luks
- lilo
- umount /boot
- #rm /jhlilo
- exit
- EOF1
- #
- cat >/mnt/broot/etc/lilo.conf <<EOF2
- boot = /dev/sd$1
- lba32
- compact
- # Append any additional kernel parameters:
- append=" vt.default_utf8=0 noacpi"
- menu-title="USB flash drive boot screen"
- vga = 773
- image = /boot/vmlinuz-generic-smp-2.6.37.6-smp
- initrd = /boot/initrd.gz
- root = /dev/fdv/root
- label = normally
- read-only # Partitions should be mounted read-only for checking
- EOF2
- #
- echo "initializing lilo..."
- chmod +x /mnt/broot/jhlilo
- chroot /mnt/broot ./jhlilo
- umount /mnt/broot/proc
- umount /mnt/broot/sys
- umount /mnt/broot/dev
- umount /mnt/b2
- umount /mnt/b1
- umount /mnt/broot
- #
- /etc/rc.d/rc.hald start
- echo "the stick is now ready to boot, step1 ended."
- #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement