blob: 6aa695c136e29c259dd56912e9853db1debb6780 [file] [log] [blame] [edit]
#!/bin/bash
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This grows a signed recovery image's stateful partition to
# --statefulfs_sectors, and adds the decryption flag file. It is designed
# to be run from outside of the chroot.
SCRIPT_ROOT=$(readlink -f $(dirname $(readlink -f "$0"))/../../../../scripts)
. "${SCRIPT_ROOT}/build_library/build_common.sh" || exit 1
. "${SCRIPT_ROOT}/build_library/disk_layout_util.sh" || exit 1
assert_inside_chroot
# Default to 3GB stateful for decryption. 2097152 is 1GB.
DEFINE_integer statefulfs_sectors 6291456 \
"number of sectors in stateful filesystem when growing"
DEFINE_string image "" \
"source image to use (${CHROMEOS_IMAGE_NAME} if empty)"
DEFINE_string to "" \
"emit recovery image to path/file (${CHROMEOS_RECOVERY_IMAGE_NAME} if empty)"
DEFINE_boolean verbose ${FLAGS_FALSE} \
"log all commands to stdout" v
# Parse command line
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"
# Only now can we die on error. shflags functions leak non-zero error codes,
# so will die prematurely if 'switch_to_strict_mode' is specified before now.
switch_to_strict_mode
if [[ ${FLAGS_verbose} -eq ${FLAGS_TRUE} ]]; then
# Make debugging with -v easy.
set -x
fi
resize_stateful() {
# Rebuild the image with larger stateful.
local err=0
local large_stateful=$(mktemp)
truncate --size $(( $FLAGS_statefulfs_sectors * 512 )) "${large_stateful}"
trap "rm ${large_stateful}" RETURN
/sbin/mkfs.ext4 -F -b 4096 "${large_stateful}" 1>&2
# Create a recovery image of the right size
# TODO(wad) Make the developer script case create a custom GPT with
# just the kernel image and stateful.
update_partition_table "${FLAGS_image}" "${large_stateful}" \
"${FLAGS_statefulfs_sectors}" "${RECOVERY_IMAGE}" 1>&2
return $err
}
install_decryption_flag() {
stateful_mnt=$(mktemp -d)
offset=$(partoffset "${RECOVERY_IMAGE}" 1)
sudo mount -o loop,offset=$(( offset * 512 )) \
"${RECOVERY_IMAGE}" "${stateful_mnt}"
echo -n "1" | sudo_clobber "${stateful_mnt}"/decrypt_stateful >/dev/null
sudo umount "${stateful_mnt}"
rmdir "${stateful_mnt}"
}
cleanup() {
set +e
if [[ "${FLAGS_image}" != "${RECOVERY_IMAGE}" ]]; then
rm "${RECOVERY_IMAGE}"
fi
}
# Main process begins here.
set -u
# No image was provided, use standard latest image path.
if [[ -z "${FLAGS_image}" ]]; then
echo "--image required" >&2
exit 1
fi
# Abort early if we can't find the image.
if [[ ! -f "${FLAGS_image}" ]]; then
die_notrace "Image not found: ${FLAGS_image}"
fi
# Turn path into an absolute path.
FLAGS_image=$(readlink -f "${FLAGS_image}")
IMAGE_DIR="$(dirname "${FLAGS_image}")"
IMAGE_NAME="$(basename "${FLAGS_image}")"
RECOVERY_IMAGE="${FLAGS_to:-$IMAGE_DIR/$CHROMEOS_RECOVERY_IMAGE_NAME}"
STATEFUL_DIR="${IMAGE_DIR}/stateful_partition"
echo "Creating decryption recovery image from ${FLAGS_image}"
trap cleanup EXIT
resize_stateful
install_decryption_flag
okboat
echo "Decryption recovery image created at ${RECOVERY_IMAGE}"
print_time_elapsed
trap - EXIT