Skip to content

Commit cf56f03

Browse files
Add support for installing with FDE.
Signed-off-by: Sasha Finkelstein <[email protected]>
1 parent 56fc1ba commit cf56f03

3 files changed

Lines changed: 63 additions & 14 deletions

File tree

build.sh

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ cd "$(dirname "$0")"
88
PYTHON_VER=3.9.6
99
PYTHON_PKG=python-$PYTHON_VER-macos11.pkg
1010
PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG"
11+
ENCRYPTOR_URI="https://github.com/WhatAmISupposedToPutHere/encryptor/releases/download/v0.1/encryptor.tar.gz"
1112

1213
M1N1="$PWD/m1n1"
1314
ARTWORK="$PWD/artwork"
@@ -44,6 +45,7 @@ echo "Downloading installer components..."
4445
cd "$DL"
4546

4647
wget -Nc "$PYTHON_URI"
48+
wget -Nc "$ENCRYPTOR_URI"
4749

4850
echo "Building m1n1..."
4951

@@ -52,7 +54,7 @@ make -C "$M1N1" RELEASE=1 CHAINLOADING=1 -j4
5254
echo "Copying files..."
5355

5456
cp -r "$SRC"/* "$PACKAGE/"
55-
rm "$PACKAGE/asahi_firmware"
57+
rm -r "$PACKAGE/asahi_firmware"
5658
cp -r "$AFW" "$PACKAGE/"
5759
cp "$ARTWORK/logos/icns/AsahiLinux_logomark.icns" "$PACKAGE/logo.icns"
5860
mkdir -p "$PACKAGE/boot"
@@ -81,7 +83,7 @@ cd python3.*
8183
rm -rf test ensurepip idlelib
8284
cd lib-dynload
8385
rm -f _test* _tkinter*
84-
86+
8587

8688
echo "Copying certificates..."
8789

@@ -92,6 +94,8 @@ echo "Packaging installer..."
9294

9395
cd "$PACKAGE"
9496

97+
tar xf "$DL/encryptor.tar.gz"
98+
9599
echo "$VER" > version.tag
96100

97101
if [ "$1" == "prod" ]; then

src/main.py

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -239,7 +239,7 @@ def get_admin_credentials(self):
239239
self.admin_password = getpass.getpass(f'Password for {self.admin_user}: ')
240240

241241
def action_install_into_container(self, avail_parts):
242-
template = self.choose_os()
242+
template, fde = self.choose_os()
243243

244244
containers = {str(i): p.desc for i,p in enumerate(self.parts) if p in avail_parts}
245245

@@ -253,7 +253,7 @@ def action_install_into_container(self, avail_parts):
253253

254254
self.ins = stub.StubInstaller(self.sysinfo, self.dutil, self.osinfo)
255255
self.ins.load_ipsw(ipsw)
256-
self.osins = osinstall.OSInstaller(self.dutil, self.data, template)
256+
self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde)
257257
self.osins.load_package()
258258

259259
self.do_install()
@@ -266,9 +266,9 @@ def action_wipe(self):
266266

267267
print()
268268

269-
template = self.choose_os()
269+
template, fde = self.choose_os()
270270

271-
self.osins = osinstall.OSInstaller(self.dutil, self.data, template)
271+
self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde)
272272
self.osins.load_package()
273273

274274
min_size = STUB_SIZE + self.osins.min_size
@@ -286,9 +286,9 @@ def action_wipe(self):
286286
self.do_install(os_size)
287287

288288
def action_install_into_free(self, avail_free):
289-
template = self.choose_os()
289+
template, fde = self.choose_os()
290290

291-
self.osins = osinstall.OSInstaller(self.dutil, self.data, template)
291+
self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde)
292292
self.osins.load_package()
293293

294294
min_size = STUB_SIZE + self.osins.min_size
@@ -498,7 +498,10 @@ def choose_os(self):
498498
idx = self.choice("OS", [i["name"] for i in os_list])
499499
os = os_list[idx]
500500
logging.info(f"Chosen OS: {os['name']}")
501-
return os
501+
fde = False
502+
if os.get("supports_fde", False) or True:
503+
fde = self.yesno("Enable disk encryption?")
504+
return (os, fde)
502505

503506
def set_reduced_security(self):
504507
while True:

src/osinstall.py

Lines changed: 47 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
class OSInstaller(PackageInstaller):
88
PART_ALIGNMENT = 1024 * 1024
9-
def __init__(self, dutil, data, template):
9+
def __init__(self, dutil, data, template, fde):
1010
super().__init__()
1111
self.dutil = dutil
1212
self.data = data
@@ -16,6 +16,7 @@ def __init__(self, dutil, data, template):
1616
self.efi_part = None
1717
self.idata_targets = []
1818
self.install_size = self.min_size
19+
self.fde = fde
1920

2021
@property
2122
def default_os_name(self):
@@ -117,6 +118,38 @@ def download_extras(self):
117118
ucache.flush_progress()
118119

119120
def install(self, stub_ins):
121+
if self.fde:
122+
p_progress("Extracting OS image ...")
123+
for part in self.template["partitions"]:
124+
image = part.get("image", None)
125+
if image is None:
126+
continue
127+
zinfo = self.pkg.getinfo(image)
128+
with self.pkg.open(image) as sfd, \
129+
open(image, "wb") as dfd:
130+
self.fdcopy(sfd, dfd, zinfo.file_size)
131+
p_progress("Encrypting OS image ...")
132+
args = [
133+
"./encryptor/qemu-system-aarch64",
134+
"-nographic",
135+
"-L", "./encryptor/qemu/",
136+
"-chardev", "stdio,id=term0",
137+
"-serial", "chardev:term0",
138+
"-cpu", "host",
139+
"-smp", "cpus=8,sockets=1,cores=8,threads=1",
140+
"-machine", "virt",
141+
"-accel", "hvf",
142+
"-m", "4096",
143+
"-kernel", "./encryptor/vmlinuz-virt",
144+
"-initrd", "./encryptor/initramfs",
145+
"-device", "virtio-rng-pci",
146+
"-monitor", "/dev/null",
147+
"-append", "quiet",
148+
"-drive", "if=virtio,format=raw,index=1,file=boot.img",
149+
"-drive", "if=virtio,format=raw,index=2,file=root.img"
150+
]
151+
subprocess.run(args, check=True)
152+
120153
p_progress("Installing OS...")
121154
logging.info("OSInstaller.install()")
122155

@@ -133,12 +166,21 @@ def install(self, stub_ins):
133166
logging.info(f"Installing partition {part!r} -> {info.name}")
134167
image = part.get("image", None)
135168
if image:
136-
p_plain(f" Extracting {image} into {info.name} partition...")
169+
if self.fde:
170+
p_plain(f" Installing {image} into {info.name} partition...")
171+
else:
172+
p_plain(f" Extracting {image} into {info.name} partition...")
137173
logging.info(f"Extract: {image}")
138174
zinfo = self.pkg.getinfo(image)
139-
with self.pkg.open(image) as sfd, \
140-
open(f"/dev/r{info.name}", "r+b") as dfd:
141-
self.fdcopy(sfd, dfd, zinfo.file_size)
175+
if self.fde:
176+
with open(image, "rb") as sfd, \
177+
open(f"/dev/r{info.name}", "r+b") as dfd:
178+
self.fdcopy(sfd, dfd, zinfo.file_size)
179+
else:
180+
with self.pkg.open(image) as sfd, \
181+
open(f"/dev/r{info.name}", "r+b") as dfd:
182+
self.fdcopy(sfd, dfd, zinfo.file_size)
183+
142184
self.flush_progress()
143185
source = part.get("source", None)
144186
if source:

0 commit comments

Comments
 (0)