95 lines
2.1 KiB
Perl
95 lines
2.1 KiB
Perl
|
#!/usr/bin/perl
|
||
|
#
|
||
|
# PreBoot Authentication Image Creator for
|
||
|
# Unlocking Self Encrypting Drive
|
||
|
#
|
||
|
|
||
|
use strict;
|
||
|
use warnings;
|
||
|
|
||
|
use File::Path qw(make_path remove_tree);
|
||
|
use File::Temp qw(tempdir);
|
||
|
use File::Copy qw(copy);
|
||
|
|
||
|
die "no sedutil module for dracut, stopped" unless (`dracut --list-modules 2>/dev/null` =~ /\bsedutil\b/);
|
||
|
|
||
|
my $kver = `uname -r`;
|
||
|
chomp $kver;
|
||
|
my $scratch = tempdir('mkpba-XXXXX') or die "$!, stopped";
|
||
|
my $bdir = "boot";
|
||
|
my $gdir = "$bdir/grub";
|
||
|
my $initrd = "initrd-$kver";
|
||
|
my $kern = "vmlinuz-$kver";
|
||
|
my $cfg = "grub.cfg";
|
||
|
my $iso = "linuxpba-$kver.iso";
|
||
|
my $rescue = "sedutil-rescue-$kver.iso";
|
||
|
my $keep = 0;
|
||
|
|
||
|
make_path("$scratch/$bdir", "$scratch/$gdir", {verbose => 1}) == 2
|
||
|
or die "$!, stopped";
|
||
|
|
||
|
system ("dracut", "--force", "-m", "sedutil base", "$scratch/$bdir/$initrd") == 0
|
||
|
or die "stopped";
|
||
|
|
||
|
copy("/$bdir/$kern", "$scratch/$bdir")
|
||
|
or die "$!, stopped";
|
||
|
|
||
|
open(CFG, ">", "$scratch/$gdir/$cfg")
|
||
|
or die "$!, stopped";
|
||
|
|
||
|
print CFG <<"END";
|
||
|
set gfxpayload=keep
|
||
|
|
||
|
ext=""
|
||
|
if [ x\$grub_platform = xefi ]; then
|
||
|
ext=efi
|
||
|
fi
|
||
|
|
||
|
echo 'Loading Linux $kver ...'
|
||
|
linux\$ext /$bdir/$kern libata.allow_tpm=1 quiet rd.hostonly=0 linuxpba
|
||
|
echo 'Loading sedutilpba-$kver.img ...'
|
||
|
initrd\$ext /$bdir/$initrd
|
||
|
echo 'Boot ...'
|
||
|
boot
|
||
|
END
|
||
|
|
||
|
close(CFG);
|
||
|
|
||
|
system ("grub2-script-check", "--verbose", "$scratch/$gdir/$cfg") == 0
|
||
|
or die "stopped";
|
||
|
|
||
|
system ("grub2-mkrescue", "-o", $iso, $scratch) == 0
|
||
|
or die "stopped";
|
||
|
|
||
|
system ("dracut", "--force", "-m", "sedutil base", "--include", "./$iso", "/$iso", "$scratch/$bdir/$initrd") == 0
|
||
|
or die "stopped";
|
||
|
|
||
|
open(CFG, ">", "$scratch/$gdir/$cfg")
|
||
|
or die "$!, stopped";
|
||
|
|
||
|
print CFG <<"END";
|
||
|
set gfxpayload=keep
|
||
|
|
||
|
ext=""
|
||
|
if [ x\$grub_platform = xefi ]; then
|
||
|
ext=efi
|
||
|
fi
|
||
|
|
||
|
echo 'Loading Linux $kver ...'
|
||
|
linux\$ext /$bdir/$kern libata.allow_tpm=1 quiet rd.hostonly=0 rd.break=cmdline
|
||
|
echo 'Loading sedutilpba-$kver.img ...'
|
||
|
initrd\$ext /$bdir/$initrd
|
||
|
echo 'Boot ...'
|
||
|
boot
|
||
|
END
|
||
|
|
||
|
close(CFG);
|
||
|
|
||
|
system ("grub2-script-check", "--verbose", "$scratch/$gdir/$cfg") == 0
|
||
|
or die "stopped";
|
||
|
|
||
|
system ("grub2-mkrescue", "-o", $rescue, $scratch) == 0
|
||
|
or die "stopped";
|
||
|
|
||
|
remove_tree($scratch, {verbose => 1}) unless ($keep);
|