From 444822b15d26f0bbf480280260cdf6676a5719ad Mon Sep 17 00:00:00 2001 From: Sasha Finkelstein Date: Sat, 25 Nov 2023 14:42:37 +0100 Subject: [PATCH] Add support for installing with FDE. Signed-off-by: Sasha Finkelstein --- build.sh | 8 ++++++-- src/main.py | 17 ++++++++++------- src/osinstall.py | 29 ++++++++++++++++++++++++++++- 3 files changed, 44 insertions(+), 10 deletions(-) diff --git a/build.sh b/build.sh index 9d5de9b..4da4ef8 100755 --- a/build.sh +++ b/build.sh @@ -8,6 +8,7 @@ cd "$(dirname "$0")" PYTHON_VER=3.9.6 PYTHON_PKG=python-$PYTHON_VER-macos11.pkg PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG" +ENCRYPTOR_URI="https://github.com/WhatAmISupposedToPutHere/encryptor/releases/download/v0.1/encryptor.tar.gz" M1N1="$PWD/m1n1" ARTWORK="$PWD/artwork" @@ -44,6 +45,7 @@ echo "Downloading installer components..." cd "$DL" wget -Nc "$PYTHON_URI" +wget -Nc "$ENCRYPTOR_URI" echo "Building m1n1..." @@ -54,7 +56,7 @@ make -C "$M1N1" RELEASE=1 CHAINLOADING=1 -j4 echo "Copying files..." cp -r "$SRC"/* "$PACKAGE/" -rm "$PACKAGE/asahi_firmware" +rm -r "$PACKAGE/asahi_firmware" cp -r "$AFW" "$PACKAGE/" cp "$ARTWORK/logos/icns/AsahiLinux_logomark.icns" "$PACKAGE/logo.icns" mkdir -p "$PACKAGE/boot" @@ -83,7 +85,7 @@ cd python3.* rm -rf test ensurepip idlelib cd lib-dynload rm -f _test* _tkinter* - + echo "Copying certificates..." @@ -94,6 +96,8 @@ echo "Packaging installer..." cd "$PACKAGE" +tar xf "$DL/encryptor.tar.gz" + echo "$VER" > version.tag if [ "$1" == "prod" ]; then diff --git a/src/main.py b/src/main.py index b506a2c..67c46ef 100644 --- a/src/main.py +++ b/src/main.py @@ -239,7 +239,7 @@ def get_admin_credentials(self): self.admin_password = getpass.getpass(f'Password for {self.admin_user}: ') def action_install_into_container(self, avail_parts): - template = self.choose_os() + template, fde = self.choose_os() containers = {str(i): p.desc for i,p in enumerate(self.parts) if p in avail_parts} @@ -253,7 +253,7 @@ def action_install_into_container(self, avail_parts): self.ins = stub.StubInstaller(self.sysinfo, self.dutil, self.osinfo) self.ins.load_ipsw(ipsw) - self.osins = osinstall.OSInstaller(self.dutil, self.data, template) + self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde) self.osins.load_package() self.do_install() @@ -266,9 +266,9 @@ def action_wipe(self): print() - template = self.choose_os() + template, fde = self.choose_os() - self.osins = osinstall.OSInstaller(self.dutil, self.data, template) + self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde) self.osins.load_package() min_size = STUB_SIZE + self.osins.min_size @@ -286,9 +286,9 @@ def action_wipe(self): self.do_install(os_size) def action_install_into_free(self, avail_free): - template = self.choose_os() + template, fde = self.choose_os() - self.osins = osinstall.OSInstaller(self.dutil, self.data, template) + self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde) self.osins.load_package() min_size = STUB_SIZE + self.osins.min_size @@ -498,7 +498,10 @@ def choose_os(self): idx = self.choice("OS", [i["name"] for i in os_list]) os = os_list[idx] logging.info(f"Chosen OS: {os['name']}") - return os + fde = False + if os.get("supports_fde", False) or True: + fde = self.yesno("Enable disk encryption?") + return (os, fde) def set_reduced_security(self): while True: diff --git a/src/osinstall.py b/src/osinstall.py index 731add2..2236398 100644 --- a/src/osinstall.py +++ b/src/osinstall.py @@ -6,7 +6,7 @@ class OSInstaller(PackageInstaller): PART_ALIGNMENT = 1024 * 1024 - def __init__(self, dutil, data, template): + def __init__(self, dutil, data, template, fde): super().__init__() self.dutil = dutil self.data = data @@ -16,6 +16,7 @@ def __init__(self, dutil, data, template): self.efi_part = None self.idata_targets = [] self.install_size = self.min_size + self.fde = fde @property def default_os_name(self): @@ -131,6 +132,7 @@ def install(self, stub_ins): self.extract_file(icon, stub_ins.icon_path) self.flush_progress() + raw_images = [] for part, info in zip(self.template["partitions"], self.part_info): logging.info(f"Installing partition {part!r} -> {info.name}") image = part.get("image", None) @@ -160,11 +162,36 @@ def install(self, stub_ins): data_path = os.path.join(mountpoint, "asahi") os.makedirs(data_path, exist_ok=True) self.idata_targets.append(data_path) + if not (source or part.get("copy_firmware", False) or part.get("copy_installer_data", False)): + raw_images.append(info.name) if "extras" in self.template: assert self.efi_part is not None self.download_extras() + if self.fde: + p_progress("Encrypting OS image ...") + args = [ + "./encryptor/qemu-system-aarch64", + "-nographic", + "-L", "./encryptor/qemu/", + "-chardev", "stdio,id=term0", + "-serial", "chardev:term0", + "-cpu", "host", + "-smp", "cpus=8,sockets=1,cores=8,threads=1", + "-machine", "virt", + "-accel", "hvf", + "-m", "4096", + "-kernel", "./encryptor/vmlinuz-virt", + "-initrd", "./encryptor/initramfs", + "-device", "virtio-rng-pci", + "-monitor", "/dev/null", + "-append", "quiet" + ] + for i, name in enumerate(raw_images): + args.extend(["-drive", f"if=virtio,format=raw,index={i + 1},file=/dev/{name}"]) + subprocess.run(args, check=True) + p_progress("Preparing to finish installation...") logging.info(f"Building boot object")