1#!/bin/sh 2 3# devtmpfs does not get automounted for initramfs 4/bin/mount -t devtmpfs devtmpfs /dev 5/bin/mount -t proc proc /proc 6/bin/mount -t sysfs sysfs /sys 7/bin/mount -t tmpfs tmpfs /tmp 8 9exec 1>/dev/console 10exec 2>/dev/console 11 12SLOT_SUFIX= 13SYSTEM_NAME=rootfs 14BLOCK_PATH=/sys/class/block 15BLOCK_TYPE_SUPPORTED=" 16mmcblk 17flash" 18 19MSG_OUTPUT=/dev/null 20DEBUG() { 21 echo $1 > $MSG_OUTPUT 22} 23 24check_device_is_supported() { 25 for i in $BLOCK_TYPE_SUPPORTED 26 do 27 if [ ! -z "$(echo $(basename $1) | grep $i)" ]; then 28 echo $1 29 return 0 30 fi 31 done 32} 33 34find_raw_partition() { 35 local target=$1 36 local target_dev= 37 local partname= 38 39 DEBUG "try to find block $target" 40 while true 41 do 42 for dev in ${BLOCK_PATH}/* 43 do 44 target_dev=$(check_device_is_supported $dev) 45 if [ ! -z "$target_dev" ]; then 46 partname=$(cat $target_dev/uevent | grep PARTNAME | sed "s#.*PARTNAME=##") 47 if [ "$partname" == "$target" ]; then 48 echo "$(basename $target_dev)" 49 return 0 50 fi 51 fi 52 done 53 done 54} 55 56DEBUG "--------------------------" 57DEBUG "Debug For Security Ramboot" 58DEBUG "--------------------------" 59 60# make sure /dev/ has mounted 61while [ ! -e /dev/mapper/control -o ! -e /proc/mounts ] 62do 63 usleep 10000 64 echo . 65done 66 67# check a/b system 68if [ ! -z "$(cat /proc/cmdline | grep android_slotsufix)" ]; then 69 SLOT_SUFIX=$(cat /proc/cmdline | sed "s#.*android_slotsufix=##" | cut -d ' ' -f 1) 70 SYSTEM_NAME=system 71fi 72 73DEBUG "system name is ${SYSTEM_NAME}${SLOT_SUFIX}" 74mkdir -p /dev/block/by-name 75BLOCK=$(find_raw_partition "${SYSTEM_NAME}${SLOT_SUFIX}") 76DEBUG "find system -> ${BLOCK}" 77ln -s /dev/$BLOCK /dev/block/by-name/system 78 79OFFSET= 80# encrypto partition should get size from dev 81if [ -z "$OFFSET" ]; then 82 OFFSET=$(cat /sys/class/block/${BLOCK}/size) 83fi 84 85DEBUG "OFFSET is ${OFFSET}" 86 87HASH= 88CIPHER= 89ENC_EN= 90FORCE_KEY_WRITE=false 91 92if [ "${ENC_EN}" = "true" ]; then 93 /usr/bin/tee-supplicant & 94 /usr/bin/keybox_app 95 if [ "$?" != 0 ] || [ "$FORCE_KEY_WRITE" = "true" ]; then 96 DEBUG "BAD KEY FETCH -> try to find misc" 97 MISC_BLOCK=$(find_raw_partition "misc") 98 DEBUG "find misc -> $MISC_BLOCK" 99 ln -s /dev/$MISC_BLOCK /dev/block/by-name/misc 100 /usr/bin/updateEngine --misc_custom read 101 if [ "$?" != 0 ]; then 102 if [ "$FORCE_KEY_WRITE" != "true" ]; then 103 DEBUG "Can't fetch key from misc, reboot !!!" 104 reboot loader & 105 while true 106 do 107 sleep 1 108 killall -15 reboot 109 done 110 exit 0 111 fi 112 else 113 mv /tmp/custom_cmdline /tmp/syspw 114 /usr/bin/updateEngine --misc_custom clean 115 /usr/bin/keybox_app write 116 echo None > /tmp/syspw 117 fi 118 /usr/bin/keybox_app 119 fi 120 KEY=`cat /tmp/syspw` 121 DEBUG "key=$KEY" 122 dmsetup create vroot --table "0 ${OFFSET} crypt ${CIPHER} ${KEY} 0 /dev/block/by-name/system 0 1 allow_discards" 123 echo None > /tmp/syspw 124else 125 /usr/sbin/veritysetup --hash-offset=${OFFSET} create vroot /dev/block/by-name/system /dev/block/by-name/system ${HASH} > /dev/null 2>&1 126fi 127 128killall tee-supplicant 129 130mount /dev/mapper/vroot /mnt 131 132LABLE=$(dumpe2fs -h /dev/mapper/vroot | grep name | xargs -n 1 | tail -1) 133 134if [ "$LABLE" != "rootfs" ]; then 135 mount -o remount,rw /mnt 136 resize2fs /dev/mapper/vroot && tune2fs /dev/mapper/vroot -L rootfs 137fi 138 139if [ -e "/mnt/init" ]; then 140 INIT=/init 141else 142 INIT=/sbin/init 143fi 144# exec /sbin/init "$@" 145 146# echo "exec busybox switch_root /mnt ${INIT}" 147# exec busybox switch_root /mnt ${INIT} 148exec 0</dev/console 149exec /sbin/init "$@" 150