#!/bin/sh # devtmpfs does not get automounted for initramfs /bin/mount -t devtmpfs devtmpfs /dev /bin/mount -t proc proc /proc /bin/mount -t sysfs sysfs /sys /bin/mount -t tmpfs tmpfs /tmp exec 1>/dev/console exec 2>/dev/console SLOT_SUFIX= SYSTEM_NAME=rootfs BLOCK_PATH=/sys/class/block BLOCK_TYPE_SUPPORTED=" mmcblk flash" MSG_OUTPUT=/dev/null DEBUG() { echo $1 > $MSG_OUTPUT } check_device_is_supported() { for i in $BLOCK_TYPE_SUPPORTED do if [ ! -z "$(echo $(basename $1) | grep $i)" ]; then echo $1 return 0 fi done } find_raw_partition() { local target=$1 local target_dev= local partname= DEBUG "try to find block $target" while true do for dev in ${BLOCK_PATH}/* do target_dev=$(check_device_is_supported $dev) if [ ! -z "$target_dev" ]; then partname=$(cat $target_dev/uevent | grep PARTNAME | sed "s#.*PARTNAME=##") if [ "$partname" == "$target" ]; then echo "$(basename $target_dev)" return 0 fi fi done done } DEBUG "--------------------------" DEBUG "Debug For Security Ramboot" DEBUG "--------------------------" # make sure /dev/ has mounted while [ ! -e /dev/mapper/control -o ! -e /proc/mounts ] do usleep 10000 echo . done # check a/b system if [ ! -z "$(cat /proc/cmdline | grep android_slotsufix)" ]; then SLOT_SUFIX=$(cat /proc/cmdline | sed "s#.*android_slotsufix=##" | cut -d ' ' -f 1) SYSTEM_NAME=system fi DEBUG "system name is ${SYSTEM_NAME}${SLOT_SUFIX}" mkdir -p /dev/block/by-name BLOCK=$(find_raw_partition "${SYSTEM_NAME}${SLOT_SUFIX}") DEBUG "find system -> ${BLOCK}" ln -s /dev/$BLOCK /dev/block/by-name/system OFFSET= # encrypto partition should get size from dev if [ -z "$OFFSET" ]; then OFFSET=$(cat /sys/class/block/${BLOCK}/size) fi DEBUG "OFFSET is ${OFFSET}" HASH= CIPHER= ENC_EN= FORCE_KEY_WRITE=false if [ "${ENC_EN}" = "true" ]; then /usr/bin/tee-supplicant & /usr/bin/keybox_app if [ "$?" != 0 ] || [ "$FORCE_KEY_WRITE" = "true" ]; then DEBUG "BAD KEY FETCH -> try to find misc" MISC_BLOCK=$(find_raw_partition "misc") DEBUG "find misc -> $MISC_BLOCK" ln -s /dev/$MISC_BLOCK /dev/block/by-name/misc /usr/bin/updateEngine --misc_custom read if [ "$?" != 0 ]; then if [ "$FORCE_KEY_WRITE" != "true" ]; then DEBUG "Can't fetch key from misc, reboot !!!" reboot loader & while true do sleep 1 killall -15 reboot done exit 0 fi else mv /tmp/custom_cmdline /tmp/syspw /usr/bin/updateEngine --misc_custom clean /usr/bin/keybox_app write echo None > /tmp/syspw fi /usr/bin/keybox_app fi KEY=`cat /tmp/syspw` DEBUG "key=$KEY" dmsetup create vroot --table "0 ${OFFSET} crypt ${CIPHER} ${KEY} 0 /dev/block/by-name/system 0 1 allow_discards" echo None > /tmp/syspw else /usr/sbin/veritysetup --hash-offset=${OFFSET} create vroot /dev/block/by-name/system /dev/block/by-name/system ${HASH} > /dev/null 2>&1 fi killall tee-supplicant mount /dev/mapper/vroot /mnt LABLE=$(dumpe2fs -h /dev/mapper/vroot | grep name | xargs -n 1 | tail -1) if [ "$LABLE" != "rootfs" ]; then mount -o remount,rw /mnt resize2fs /dev/mapper/vroot && tune2fs /dev/mapper/vroot -L rootfs fi if [ -e "/mnt/init" ]; then INIT=/init else INIT=/sbin/init fi # exec /sbin/init "$@" # echo "exec busybox switch_root /mnt ${INIT}" # exec busybox switch_root /mnt ${INIT} exec 0