From 0f2cfe6b9d2b44485f2a278228f957e37a26b8fe Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 7 Sep 2012 13:15:55 -0700 Subject: [PATCH] mod_image_for_recovery: add flag to decrypt stateful When building the recovery image, add a flag file for triggering the decryption of the stateful partition. BUG=chromium-os:34199 TEST=parrot recovery Change-Id: I43c6a8469d7fad1b9d5b85aae9aaf525b1588ed5 Signed-off-by: Kees Cook Reviewed-on: https://gerrit.chromium.org/gerrit/32597 Reviewed-by: Will Drewry Commit-Ready: Will Drewry --- mod_image_for_recovery.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/mod_image_for_recovery.sh b/mod_image_for_recovery.sh index 09587fda32..1094562fdb 100755 --- a/mod_image_for_recovery.sh +++ b/mod_image_for_recovery.sh @@ -45,6 +45,8 @@ DEFINE_string keys_dir "/usr/share/vboot/devkeys" \ "directory containing the signing keys" DEFINE_boolean verbose $FLAGS_FALSE \ "log all commands to stdout" v +DEFINE_boolean decrypt_stateful $FLAGS_FALSE \ + "request a decryption of the stateful partition (implies --nominimize_image)" # Parse command line FLAGS "$@" || exit 1 @@ -59,6 +61,12 @@ if [ $FLAGS_verbose -eq $FLAGS_TRUE ]; then set -x fi +# We need space for copying decrypted files to the recovery image, so force +# --nominimize_image when using --decrypt_stateful. +if [ $FLAGS_decrypt_stateful -eq $FLAGS_TRUE ]; then + FLAGS_minimize_image=$FLAGS_FALSE +fi + # Load board options. . "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1 EMERGE_BOARD_CMD="emerge-$BOARD" @@ -422,6 +430,16 @@ trap cleanup EXIT maybe_resize_stateful # Also copies the image if needed. +if [ $FLAGS_decrypt_stateful -eq $FLAGS_TRUE ]; then + stateful_mnt=$(mktemp -d) + offset=$(partoffset "${RECOVERY_IMAGE}" 1) + sudo mount -o loop,offset=$(( offset * 512 )) \ + "${RECOVERY_IMAGE}" "${stateful_mnt}" + echo -n "1" | sudo tee "${stateful_mnt}"/decrypt_stateful >/dev/null + sudo umount "$stateful_mnt" + rmdir "$stateful_mnt" +fi + install_recovery_kernel okboat