Skip to content

Commit

Permalink
Add external/usb disk encryption (adds exfatprogs and e2fsprogs)
Browse files Browse the repository at this point in the history
Adds:
- e2fsprogs to support ext4 filesystem creation through mke2fs
- add /etc/mke2fs.conf so that mke2fs knows how to handle ext2/ext3/ext4
- removes mke2fs support from busybox
- bump busybox to latest version which adds cpu accelerated hash functions (not needed per se here)
- Adds exfatprogs to have mkfs.exfat and fsck.exfat
- Adds prepare_thumb_drive /etc/luks-functions to be able to prepare a thumb drive with percentage of drive assigned to LUKS, rest to exfat
- Modify most board configs to test space requirements failing
- Talos2 linux config: add staging Exfat support
- Make e2fsprogs and exfatprogs included by default unless explicitely deactivate in board configs
- Change cryptsetup calls : luksOpen to open and luksClose to close to addresss review

GOAL here is to have secure thumb drive creation which Heads will be able to use to backup/restore/use generated GPG key material in the future (next PR)
  • Loading branch information
tlaurion committed Aug 16, 2023
1 parent 68f707b commit 571bf42
Show file tree
Hide file tree
Showing 13 changed files with 505 additions and 116 deletions.
2 changes: 2 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -519,6 +519,8 @@ bin_modules-$(CONFIG_POWERPC_UTILS) += powerpc-utils
bin_modules-$(CONFIG_IO386) += io386
bin_modules-$(CONFIG_IOPORT) += ioport
bin_modules-$(CONFIG_ZSTD) += zstd
bin_modules-$(CONFIG_E2FSPROGS) += e2fsprogs
bin_modules-$(CONFIG_EXFATPROGS) += exfatprogs

$(foreach m, $(bin_modules-y), \
$(call map,initrd_bin_add,$(call bins,$m)) \
Expand Down
2 changes: 1 addition & 1 deletion boards/z220-cmt-maximized/z220-cmt-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -72,4 +72,4 @@ $(pwd)/blobs/z220/me.bin:

$(pwd)/blobs/z220/ifd.bin:
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
$(pwd)/blobs/z220/download_BIOS_clean.sh
$(pwd)/blobs/z220/download_BIOS_clean.sh
94 changes: 61 additions & 33 deletions config/busybox.config
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Busybox version: 1.33.2
# Mon Jul 3 16:24:44 2023
# Busybox version: 1.36.1
# Fri Jul 21 14:38:54 2023
#
CONFIG_HAVE_DOT_CONFIG=y

Expand Down Expand Up @@ -93,10 +93,16 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set
CONFIG_PASSWORD_MINLEN=6
CONFIG_MD5_SMALL=1
CONFIG_SHA1_SMALL=3
CONFIG_SHA1_HWACCEL=y
CONFIG_SHA256_HWACCEL=y
CONFIG_SHA3_SMALL=1
# CONFIG_FEATURE_FAST_TOP is not set
# CONFIG_FEATURE_ETC_NETWORKS is not set
# CONFIG_FEATURE_ETC_SERVICES is not set
CONFIG_FEATURE_NON_POSIX_CP=y
# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
CONFIG_FEATURE_USE_SENDFILE=y
CONFIG_FEATURE_COPYBUF_KB=4
CONFIG_MONOTONIC_SYSCALL=y
CONFIG_IOCTL_HEX2STR_ERROR=y
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
# CONFIG_FEATURE_EDITING_VI is not set
Expand All @@ -120,14 +126,9 @@ CONFIG_LAST_SUPPORTED_WCHAR=767
# CONFIG_UNICODE_BIDI_SUPPORT is not set
# CONFIG_UNICODE_NEUTRAL_TABLE is not set
# CONFIG_UNICODE_PRESERVE_BROKEN is not set
CONFIG_FEATURE_NON_POSIX_CP=y
# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
CONFIG_FEATURE_USE_SENDFILE=y
CONFIG_FEATURE_COPYBUF_KB=4
CONFIG_FEATURE_SKIP_ROOTFS=y
CONFIG_MONOTONIC_SYSCALL=y
CONFIG_IOCTL_HEX2STR_ERROR=y
CONFIG_FEATURE_HWIB=y
# CONFIG_LOOP_CONFIGURE is not set
# CONFIG_NO_LOOP_CONFIGURE is not set
CONFIG_TRY_LOOP_CONFIGURE=y

#
# Applets
Expand Down Expand Up @@ -162,6 +163,8 @@ CONFIG_FEATURE_BZIP2_DECOMPRESS=y
CONFIG_CPIO=y
CONFIG_FEATURE_CPIO_O=y
CONFIG_FEATURE_CPIO_P=y
CONFIG_FEATURE_CPIO_IGNORE_DEVNO=y
CONFIG_FEATURE_CPIO_RENUMBER_INODES=y
# CONFIG_DPKG is not set
# CONFIG_DPKG_DEB is not set
CONFIG_GZIP=y
Expand Down Expand Up @@ -197,6 +200,22 @@ CONFIG_FEATURE_LZMA_FAST=y
#
# Coreutils
#
CONFIG_FEATURE_VERBOSE=y

#
# Common options for date and touch
#
# CONFIG_FEATURE_TIMEZONE is not set

#
# Common options for cp and mv
#
CONFIG_FEATURE_PRESERVE_HARDLINKS=y

#
# Common options for df, du, ls
#
CONFIG_FEATURE_HUMAN_READABLE=y
CONFIG_BASENAME=y
CONFIG_CAT=y
CONFIG_FEATURE_CATN=y
Expand All @@ -207,11 +226,13 @@ CONFIG_CHMOD=y
# CONFIG_FEATURE_CHOWN_LONG_OPTIONS is not set
CONFIG_CHROOT=y
# CONFIG_CKSUM is not set
CONFIG_CRC32=y
# CONFIG_COMM is not set
CONFIG_CP=y
CONFIG_FEATURE_CP_LONG_OPTIONS=y
CONFIG_FEATURE_CP_REFLINK=y
CONFIG_CUT=y
CONFIG_FEATURE_CUT_REGEX=y
CONFIG_DATE=y
CONFIG_FEATURE_DATE_ISOFMT=y
# CONFIG_FEATURE_DATE_NANO is not set
Expand All @@ -223,6 +244,7 @@ CONFIG_FEATURE_DD_IBS_OBS=y
CONFIG_FEATURE_DD_STATUS=y
CONFIG_DF=y
CONFIG_FEATURE_DF_FANCY=y
CONFIG_FEATURE_SKIP_ROOTFS=y
CONFIG_DIRNAME=y
# CONFIG_DOS2UNIX is not set
# CONFIG_UNIX2DOS is not set
Expand Down Expand Up @@ -316,13 +338,13 @@ CONFIG_TEST2=y
CONFIG_FEATURE_TEST_64=y
# CONFIG_TIMEOUT is not set
CONFIG_TOUCH=y
CONFIG_FEATURE_TOUCH_NODEREF=y
CONFIG_FEATURE_TOUCH_SUSV3=y
CONFIG_TR=y
CONFIG_FEATURE_TR_CLASSES=y
CONFIG_FEATURE_TR_EQUIV=y
CONFIG_TRUE=y
CONFIG_TRUNCATE=y
CONFIG_TSORT=y
CONFIG_TTY=y
CONFIG_UNAME=y
CONFIG_UNAME_OSNAME="GNU/Linux"
Expand All @@ -342,21 +364,6 @@ CONFIG_FEATURE_WC_LARGE=y
# CONFIG_WHOAMI is not set
# CONFIG_YES is not set

#
# Common options
#
CONFIG_FEATURE_VERBOSE=y

#
# Common options for cp and mv
#
CONFIG_FEATURE_PRESERVE_HARDLINKS=y

#
# Common options for df, du, ls
#
CONFIG_FEATURE_HUMAN_READABLE=y

#
# Console Utilities
#
Expand Down Expand Up @@ -420,6 +427,7 @@ CONFIG_VI=y
CONFIG_FEATURE_VI_MAX_LEN=4096
# CONFIG_FEATURE_VI_8BIT is not set
CONFIG_FEATURE_VI_COLON=y
CONFIG_FEATURE_VI_COLON_EXPAND=y
CONFIG_FEATURE_VI_YANKMARK=y
CONFIG_FEATURE_VI_SEARCH=y
# CONFIG_FEATURE_VI_REGEX_SEARCH is not set
Expand All @@ -433,6 +441,7 @@ CONFIG_FEATURE_VI_ASK_TERMINAL=y
CONFIG_FEATURE_VI_UNDO=y
CONFIG_FEATURE_VI_UNDO_QUEUE=y
CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256
CONFIG_FEATURE_VI_VERBOSE_STATUS=y
CONFIG_FEATURE_ALLOW_EXEC=y

#
Expand All @@ -441,14 +450,19 @@ CONFIG_FEATURE_ALLOW_EXEC=y
CONFIG_FIND=y
CONFIG_FEATURE_FIND_PRINT0=y
CONFIG_FEATURE_FIND_MTIME=y
CONFIG_FEATURE_FIND_ATIME=y
CONFIG_FEATURE_FIND_CTIME=y
CONFIG_FEATURE_FIND_MMIN=y
CONFIG_FEATURE_FIND_AMIN=y
CONFIG_FEATURE_FIND_CMIN=y
CONFIG_FEATURE_FIND_PERM=y
CONFIG_FEATURE_FIND_TYPE=y
CONFIG_FEATURE_FIND_EXECUTABLE=y
CONFIG_FEATURE_FIND_XDEV=y
CONFIG_FEATURE_FIND_MAXDEPTH=y
CONFIG_FEATURE_FIND_NEWER=y
CONFIG_FEATURE_FIND_INUM=y
CONFIG_FEATURE_FIND_SAMEFILE=y
CONFIG_FEATURE_FIND_EXEC=y
CONFIG_FEATURE_FIND_EXEC_PLUS=y
CONFIG_FEATURE_FIND_USER=y
Expand Down Expand Up @@ -641,7 +655,7 @@ CONFIG_LSUSB=y
# CONFIG_FEATURE_MDEV_DAEMON is not set
# CONFIG_MESG is not set
# CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP is not set
CONFIG_MKE2FS=y
# CONFIG_MKE2FS is not set
# CONFIG_MKFS_EXT2 is not set
# CONFIG_MKFS_MINIX is not set
# CONFIG_FEATURE_MINIX2 is not set
Expand Down Expand Up @@ -739,6 +753,7 @@ CONFIG_FEATURE_VOLUMEID_XFS=y
# Miscellaneous Utilities
#
# CONFIG_ADJTIMEX is not set
CONFIG_ASCII=y
# CONFIG_BBCONFIG is not set
# CONFIG_FEATURE_COMPRESS_BBCONFIG is not set
# CONFIG_BC is not set
Expand Down Expand Up @@ -819,10 +834,12 @@ CONFIG_PARTPROBE=y
# CONFIG_RFKILL is not set
# CONFIG_RUNLEVEL is not set
# CONFIG_RX is not set
CONFIG_SEEDRNG=y
CONFIG_SETFATTR=y
CONFIG_SETSERIAL=y
CONFIG_STRINGS=y
CONFIG_TIME=y
CONFIG_TREE=y
# CONFIG_TS is not set
# CONFIG_TTYSIZE is not set
# CONFIG_UBIATTACH is not set
Expand All @@ -834,6 +851,7 @@ CONFIG_TIME=y
# CONFIG_UBIRENAME is not set
# CONFIG_VOLNAME is not set
# CONFIG_WATCHDOG is not set
# CONFIG_FEATURE_WATCHDOG_OPEN_TWICE is not set

#
# Networking Utilities
Expand All @@ -842,6 +860,9 @@ CONFIG_TIME=y
# CONFIG_FEATURE_UNIX_LOCAL is not set
# CONFIG_FEATURE_PREFER_IPV4_ADDRESS is not set
# CONFIG_VERBOSE_RESOLUTION_ERRORS is not set
# CONFIG_FEATURE_ETC_NETWORKS is not set
# CONFIG_FEATURE_ETC_SERVICES is not set
CONFIG_FEATURE_HWIB=y
# CONFIG_FEATURE_TLS_SHA1 is not set
CONFIG_ARP=y
# CONFIG_ARPING is not set
Expand All @@ -860,6 +881,7 @@ CONFIG_ARP=y
# CONFIG_HOSTNAME is not set
# CONFIG_DNSDOMAINNAME is not set
# CONFIG_HTTPD is not set
CONFIG_FEATURE_HTTPD_PORT_DEFAULT=0
# CONFIG_FEATURE_HTTPD_RANGES is not set
# CONFIG_FEATURE_HTTPD_SETUID is not set
# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set
Expand Down Expand Up @@ -952,6 +974,7 @@ CONFIG_SSL_CLIENT=y
# CONFIG_FEATURE_TELNET_WIDTH is not set
# CONFIG_TELNETD is not set
# CONFIG_FEATURE_TELNETD_STANDALONE is not set
CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0
# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
CONFIG_TFTP=y
CONFIG_FEATURE_TFTP_PROGRESS_BAR=y
Expand All @@ -972,6 +995,7 @@ CONFIG_VCONFIG=y
CONFIG_WGET=y
CONFIG_FEATURE_WGET_LONG_OPTIONS=y
# CONFIG_FEATURE_WGET_STATUSBAR is not set
CONFIG_FEATURE_WGET_FTP=y
# CONFIG_FEATURE_WGET_AUTHENTICATION is not set
CONFIG_FEATURE_WGET_TIMEOUT=y
CONFIG_FEATURE_WGET_HTTPS=y
Expand All @@ -988,6 +1012,7 @@ CONFIG_UDHCPC=y
CONFIG_FEATURE_UDHCPC_ARPING=y
CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
CONFIG_UDHCPC_DEFAULT_SCRIPT="/sbin/config-dhcp.sh"
CONFIG_UDHCPC6_DEFAULT_SCRIPT=""
# CONFIG_UDHCPC6 is not set
# CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
# CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
Expand All @@ -997,6 +1022,7 @@ CONFIG_UDHCPC_DEFAULT_SCRIPT="/sbin/config-dhcp.sh"
#
# Common options for DHCP applets
#
CONFIG_UDHCPC_DEFAULT_INTERFACE="eth0"
# CONFIG_FEATURE_UDHCP_PORT is not set
CONFIG_UDHCP_DEBUG=9
CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
Expand All @@ -1014,17 +1040,19 @@ CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS=""
#
# Mail Utilities
#
CONFIG_FEATURE_MIME_CHARSET=""
# CONFIG_MAKEMIME is not set
# CONFIG_POPMAILDIR is not set
# CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set
# CONFIG_REFORMIME is not set
# CONFIG_FEATURE_REFORMIME_COMPAT is not set
# CONFIG_SENDMAIL is not set
CONFIG_FEATURE_MIME_CHARSET=""

#
# Process Utilities
#
# CONFIG_FEATURE_FAST_TOP is not set
CONFIG_FEATURE_SHOW_THREADS=y
# CONFIG_FREE is not set
# CONFIG_FUSER is not set
# CONFIG_IOSTAT is not set
Expand Down Expand Up @@ -1063,7 +1091,6 @@ CONFIG_FEATURE_TOPMEM=y
# CONFIG_UPTIME is not set
# CONFIG_FEATURE_UPTIME_UTMP_SUPPORT is not set
# CONFIG_WATCH is not set
CONFIG_FEATURE_SHOW_THREADS=y

#
# Runit Utilities
Expand Down Expand Up @@ -1120,6 +1147,7 @@ CONFIG_ASH_EXPAND_PRMT=y
CONFIG_ASH_ECHO=y
CONFIG_ASH_PRINTF=y
CONFIG_ASH_TEST=y
CONFIG_ASH_SLEEP=y
CONFIG_ASH_HELP=y
CONFIG_ASH_GETOPTS=y
CONFIG_ASH_CMDCMD=y
Expand All @@ -1128,8 +1156,8 @@ CONFIG_ASH_CMDCMD=y
# CONFIG_SHELL_HUSH is not set
# CONFIG_HUSH_BASH_COMPAT is not set
# CONFIG_HUSH_BRACE_EXPANSION is not set
# CONFIG_HUSH_LINENO_VAR is not set
# CONFIG_HUSH_BASH_SOURCE_CURDIR is not set
# CONFIG_HUSH_LINENO_VAR is not set
# CONFIG_HUSH_INTERACTIVE is not set
# CONFIG_HUSH_SAVEHISTORY is not set
# CONFIG_HUSH_JOB is not set
Expand Down
Loading

0 comments on commit 571bf42

Please sign in to comment.