#!/bin/sh
|
|
# devtmpfs does not get automounted for initramfs
|
/bin/mount -t devtmpfs devtmpfs /dev
|
/bin/mount -t proc proc /proc
|
/bin/mount -t sysfs sysfs /sys
|
/bin/mount -t tmpfs tmpfs /tmp
|
|
exec 1>/dev/console
|
exec 2>/dev/console
|
|
SLOT_SUFIX=
|
SYSTEM_NAME=rootfs
|
BLOCK_PATH=/sys/class/block
|
BLOCK_TYPE_SUPPORTED="
|
mmcblk
|
flash"
|
|
MSG_OUTPUT=/dev/null
|
DEBUG() {
|
echo $1 > $MSG_OUTPUT
|
}
|
|
check_device_is_supported() {
|
for i in $BLOCK_TYPE_SUPPORTED
|
do
|
if [ ! -z "$(echo $(basename $1) | grep $i)" ]; then
|
echo $1
|
return 0
|
fi
|
done
|
}
|
|
find_raw_partition() {
|
local target=$1
|
local target_dev=
|
local partname=
|
|
DEBUG "try to find block $target"
|
while true
|
do
|
for dev in ${BLOCK_PATH}/*
|
do
|
target_dev=$(check_device_is_supported $dev)
|
if [ ! -z "$target_dev" ]; then
|
partname=$(cat $target_dev/uevent | grep PARTNAME | sed "s#.*PARTNAME=##")
|
if [ "$partname" == "$target" ]; then
|
echo "$(basename $target_dev)"
|
return 0
|
fi
|
fi
|
done
|
done
|
}
|
|
DEBUG "--------------------------"
|
DEBUG "Debug For Security Ramboot"
|
DEBUG "--------------------------"
|
|
# make sure /dev/ has mounted
|
while [ ! -e /dev/mapper/control -o ! -e /proc/mounts ]
|
do
|
usleep 10000
|
echo .
|
done
|
|
# check a/b system
|
if [ ! -z "$(cat /proc/cmdline | grep android_slotsufix)" ]; then
|
SLOT_SUFIX=$(cat /proc/cmdline | sed "s#.*android_slotsufix=##" | cut -d ' ' -f 1)
|
SYSTEM_NAME=system
|
fi
|
|
DEBUG "system name is ${SYSTEM_NAME}${SLOT_SUFIX}"
|
mkdir -p /dev/block/by-name
|
BLOCK=$(find_raw_partition "${SYSTEM_NAME}${SLOT_SUFIX}")
|
DEBUG "find system -> ${BLOCK}"
|
ln -s /dev/$BLOCK /dev/block/by-name/system
|
|
OFFSET=
|
# encrypto partition should get size from dev
|
if [ -z "$OFFSET" ]; then
|
OFFSET=$(cat /sys/class/block/${BLOCK}/size)
|
fi
|
|
DEBUG "OFFSET is ${OFFSET}"
|
|
HASH=
|
CIPHER=
|
ENC_EN=
|
FORCE_KEY_WRITE=false
|
|
if [ "${ENC_EN}" = "true" ]; then
|
/usr/bin/tee-supplicant &
|
/usr/bin/keybox_app
|
if [ "$?" != 0 ] || [ "$FORCE_KEY_WRITE" = "true" ]; then
|
DEBUG "BAD KEY FETCH -> try to find misc"
|
MISC_BLOCK=$(find_raw_partition "misc")
|
DEBUG "find misc -> $MISC_BLOCK"
|
ln -s /dev/$MISC_BLOCK /dev/block/by-name/misc
|
/usr/bin/updateEngine --misc_custom read
|
if [ "$?" != 0 ]; then
|
if [ "$FORCE_KEY_WRITE" != "true" ]; then
|
DEBUG "Can't fetch key from misc, reboot !!!"
|
reboot loader &
|
while true
|
do
|
sleep 1
|
killall -15 reboot
|
done
|
exit 0
|
fi
|
else
|
mv /tmp/custom_cmdline /tmp/syspw
|
/usr/bin/updateEngine --misc_custom clean
|
/usr/bin/keybox_app write
|
echo None > /tmp/syspw
|
fi
|
/usr/bin/keybox_app
|
fi
|
KEY=`cat /tmp/syspw`
|
DEBUG "key=$KEY"
|
dmsetup create vroot --table "0 ${OFFSET} crypt ${CIPHER} ${KEY} 0 /dev/block/by-name/system 0 1 allow_discards"
|
echo None > /tmp/syspw
|
else
|
/usr/sbin/veritysetup --hash-offset=${OFFSET} create vroot /dev/block/by-name/system /dev/block/by-name/system ${HASH} > /dev/null 2>&1
|
fi
|
|
killall tee-supplicant
|
|
mount /dev/mapper/vroot /mnt
|
|
LABLE=$(dumpe2fs -h /dev/mapper/vroot | grep name | xargs -n 1 | tail -1)
|
|
if [ "$LABLE" != "rootfs" ]; then
|
mount -o remount,rw /mnt
|
resize2fs /dev/mapper/vroot && tune2fs /dev/mapper/vroot -L rootfs
|
fi
|
|
if [ -e "/mnt/init" ]; then
|
INIT=/init
|
else
|
INIT=/sbin/init
|
fi
|
# exec /sbin/init "$@"
|
|
# echo "exec busybox switch_root /mnt ${INIT}"
|
# exec busybox switch_root /mnt ${INIT}
|
exec 0</dev/console
|
exec /sbin/init "$@"
|
