xref: /OK3568_Linux_fs/buildroot/board/rockchip/common/security-ramdisk-overlay/init.in (revision 4882a59341e53eb6f0b4789bf948001014eff981)

#!/bin/sh

# devtmpfs does not get automounted for initramfs
/bin/mount -t devtmpfs devtmpfs /dev
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t tmpfs tmpfs /tmp

exec 1>/dev/console
exec 2>/dev/console

SLOT_SUFIX=
SYSTEM_NAME=rootfs
BLOCK_PATH=/sys/class/block
BLOCK_TYPE_SUPPORTED="
mmcblk
flash"

MSG_OUTPUT=/dev/null
DEBUG() {
	echo $1 > $MSG_OUTPUT
}

check_device_is_supported() {
	for i in $BLOCK_TYPE_SUPPORTED
	do
		if [ ! -z "$(echo $(basename $1) | grep $i)" ]; then
			echo $1
			return 0
		fi
	done
}

find_raw_partition() {
	local target=$1
	local target_dev=
	local partname=

	DEBUG "try to find block $target"
	while true
	do
		for dev in ${BLOCK_PATH}/*
		do
			target_dev=$(check_device_is_supported $dev)
			if [ ! -z "$target_dev" ]; then
				partname=$(cat $target_dev/uevent | grep PARTNAME | sed "s#.*PARTNAME=##")
				if [ "$partname" == "$target" ]; then
					echo "$(basename $target_dev)"
					return 0
				fi
			fi
		done
	done
}

DEBUG "--------------------------"
DEBUG "Debug For Security Ramboot"
DEBUG "--------------------------"

# make sure /dev/ has mounted
while [ ! -e /dev/mapper/control -o ! -e /proc/mounts ]
do
	usleep 10000
	echo .
done

# check a/b system
if [ ! -z "$(cat /proc/cmdline | grep android_slotsufix)" ]; then
	SLOT_SUFIX=$(cat /proc/cmdline | sed "s#.*android_slotsufix=##" | cut -d ' ' -f 1)
	SYSTEM_NAME=system
fi

DEBUG "system name is ${SYSTEM_NAME}${SLOT_SUFIX}"
mkdir -p /dev/block/by-name
BLOCK=$(find_raw_partition "${SYSTEM_NAME}${SLOT_SUFIX}")
DEBUG "find system -> ${BLOCK}"
ln -s /dev/$BLOCK /dev/block/by-name/system

OFFSET=
# encrypto partition should get size from dev
if [ -z "$OFFSET" ]; then
	OFFSET=$(cat /sys/class/block/${BLOCK}/size)
fi

DEBUG "OFFSET is ${OFFSET}"

HASH=
CIPHER=
ENC_EN=
FORCE_KEY_WRITE=false

if [ "${ENC_EN}" = "true" ]; then
	/usr/bin/tee-supplicant &
	/usr/bin/keybox_app
	if [ "$?" != 0 ] || [ "$FORCE_KEY_WRITE" = "true" ]; then
		DEBUG "BAD KEY FETCH -> try to find misc"
		MISC_BLOCK=$(find_raw_partition "misc")
		DEBUG "find misc -> $MISC_BLOCK"
		ln -s /dev/$MISC_BLOCK /dev/block/by-name/misc
		/usr/bin/updateEngine --misc_custom read
		if [ "$?" != 0 ]; then
			if [ "$FORCE_KEY_WRITE" != "true" ]; then
				DEBUG "Can't fetch key from misc, reboot !!!"
				reboot loader &
				while true
				do
					sleep 1
					killall -15 reboot
				done
				exit 0
			fi
		else
			mv /tmp/custom_cmdline /tmp/syspw
			/usr/bin/updateEngine --misc_custom clean
			/usr/bin/keybox_app write
			echo None > /tmp/syspw
		fi
		/usr/bin/keybox_app
	fi
	KEY=`cat /tmp/syspw`
	DEBUG "key=$KEY"
	dmsetup create vroot --table "0 ${OFFSET} crypt ${CIPHER} ${KEY} 0 /dev/block/by-name/system 0 1 allow_discards"
	echo None > /tmp/syspw
else
	/usr/sbin/veritysetup --hash-offset=${OFFSET} create vroot /dev/block/by-name/system  /dev/block/by-name/system ${HASH} > /dev/null 2>&1
fi

killall tee-supplicant

mount /dev/mapper/vroot /mnt

LABLE=$(dumpe2fs -h /dev/mapper/vroot | grep name | xargs -n 1 | tail -1)

if [ "$LABLE" != "rootfs" ]; then
	mount -o remount,rw /mnt
	resize2fs /dev/mapper/vroot && tune2fs /dev/mapper/vroot -L rootfs
fi

if [ -e "/mnt/init" ]; then
	INIT=/init
else
	INIT=/sbin/init
fi
# exec /sbin/init "$@"

# echo "exec busybox switch_root /mnt ${INIT}"
# exec busybox switch_root /mnt ${INIT}
exec 0</dev/console
exec /sbin/init "$@"