Add support for installing with FDE.

Signed-off-by: Sasha Finkelstein <[email protected]>

Author: WhatAmISupposedToPutHere

build.sh

@@ -8,6 +8,7 @@ cd "$(dirname "$0")"
 PYTHON_VER=3.9.6
 PYTHON_PKG=python-$PYTHON_VER-macos11.pkg
 PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG"
+ENCRYPTOR_URI="https://github.com/WhatAmISupposedToPutHere/encryptor/releases/download/v0.1/encryptor.tar.gz"
 
 M1N1="$PWD/m1n1"
 ARTWORK="$PWD/artwork"
@@ -44,6 +45,7 @@ echo "Downloading installer components..."
 cd "$DL"
 
 wget -Nc "$PYTHON_URI"
+wget -Nc "$ENCRYPTOR_URI"
 
 echo "Building m1n1..."
 
@@ -52,7 +54,7 @@ make -C "$M1N1" RELEASE=1 CHAINLOADING=1 -j4
 echo "Copying files..."
 
 cp -r "$SRC"/* "$PACKAGE/"
-rm "$PACKAGE/asahi_firmware"
+rm -r "$PACKAGE/asahi_firmware"
 cp -r "$AFW" "$PACKAGE/"
 cp "$ARTWORK/logos/icns/AsahiLinux_logomark.icns" "$PACKAGE/logo.icns"
 mkdir -p "$PACKAGE/boot"
@@ -81,7 +83,7 @@ cd python3.*
 rm -rf test ensurepip idlelib
 cd lib-dynload
 rm -f _test* _tkinter*
-    
+
 
 echo "Copying certificates..."
 
@@ -92,6 +94,8 @@ echo "Packaging installer..."
 
 cd "$PACKAGE"
 
+tar xf "$DL/encryptor.tar.gz"
+
 echo "$VER" > version.tag
 
 if [ "$1" == "prod" ]; then

src/main.py

@@ -239,7 +239,7 @@ def get_admin_credentials(self):
         self.admin_password = getpass.getpass(f'Password for {self.admin_user}: ')
 
     def action_install_into_container(self, avail_parts):
-        template = self.choose_os()
+        template, fde = self.choose_os()
 
         containers = {str(i): p.desc for i,p in enumerate(self.parts) if p in avail_parts}
 
@@ -253,7 +253,7 @@ def action_install_into_container(self, avail_parts):
 
         self.ins = stub.StubInstaller(self.sysinfo, self.dutil, self.osinfo)
         self.ins.load_ipsw(ipsw)
-        self.osins = osinstall.OSInstaller(self.dutil, self.data, template)
+        self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde)
         self.osins.load_package()
 
         self.do_install()
@@ -266,9 +266,9 @@ def action_wipe(self):
 
         print()
 
-        template = self.choose_os()
+        template, fde = self.choose_os()
 
-        self.osins = osinstall.OSInstaller(self.dutil, self.data, template)
+        self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde)
         self.osins.load_package()
 
         min_size = STUB_SIZE + self.osins.min_size
@@ -286,9 +286,9 @@ def action_wipe(self):
         self.do_install(os_size)
 
     def action_install_into_free(self, avail_free):
-        template = self.choose_os()
+        template, fde = self.choose_os()
 
-        self.osins = osinstall.OSInstaller(self.dutil, self.data, template)
+        self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde)
         self.osins.load_package()
 
         min_size = STUB_SIZE + self.osins.min_size
@@ -498,7 +498,10 @@ def choose_os(self):
         idx = self.choice("OS", [i["name"] for i in os_list])
         os = os_list[idx]
         logging.info(f"Chosen OS: {os['name']}")
-        return os
+        fde = False
+        if os.get("supports_fde", False) or True:
+            fde = self.yesno("Enable disk encryption?")
+        return (os, fde)
 
     def set_reduced_security(self):
         while True:

src/osinstall.py

@@ -6,7 +6,7 @@
 
 class OSInstaller(PackageInstaller):
     PART_ALIGNMENT = 1024 * 1024
-    def __init__(self, dutil, data, template):
+    def __init__(self, dutil, data, template, fde):
         super().__init__()
         self.dutil = dutil
         self.data = data
@@ -16,6 +16,7 @@ def __init__(self, dutil, data, template):
         self.efi_part = None
         self.idata_targets = []
         self.install_size = self.min_size
+        self.fde = fde
 
     @property
     def default_os_name(self):
@@ -117,6 +118,38 @@ def download_extras(self):
             ucache.flush_progress()
 
     def install(self, stub_ins):
+        if self.fde:
+            p_progress("Extracting OS image ...")
+            for part in self.template["partitions"]:
+                image = part.get("image", None)
+                if image is None:
+                    continue
+                zinfo = self.pkg.getinfo(image)
+                with self.pkg.open(image) as sfd, \
+                     open(image, "wb") as dfd:
+                    self.fdcopy(sfd, dfd, zinfo.file_size)
+            p_progress("Encrypting OS image ...")
+            args = [
+                "./encryptor/qemu-system-aarch64",
+                "-nographic",
+                "-L", "./encryptor/qemu/",
+                "-chardev", "stdio,id=term0",
+                "-serial", "chardev:term0",
+                "-cpu", "host",
+                "-smp", "cpus=8,sockets=1,cores=8,threads=1",
+                "-machine", "virt",
+                "-accel", "hvf",
+                "-m", "4096",
+                "-kernel", "./encryptor/vmlinuz-virt",
+                "-initrd", "./encryptor/initramfs",
+                "-device", "virtio-rng-pci",
+                "-monitor", "/dev/null",
+                "-append", "quiet",
+                "-drive", "if=virtio,format=raw,index=1,file=boot.img",
+                "-drive", "if=virtio,format=raw,index=2,file=root.img"
+            ]
+            subprocess.run(args, check=True)
+
         p_progress("Installing OS...")
         logging.info("OSInstaller.install()")
 
@@ -133,12 +166,21 @@ def install(self, stub_ins):
             logging.info(f"Installing partition {part!r} -> {info.name}")
             image = part.get("image", None)
             if image:
-                p_plain(f"  Extracting {image} into {info.name} partition...")
+                if self.fde:
+                    p_plain(f"  Installing {image} into {info.name} partition...")
+                else:
+                    p_plain(f"  Extracting {image} into {info.name} partition...")
                 logging.info(f"Extract: {image}")
                 zinfo = self.pkg.getinfo(image)
-                with self.pkg.open(image) as sfd, \
-                    open(f"/dev/r{info.name}", "r+b") as dfd:
-                    self.fdcopy(sfd, dfd, zinfo.file_size)
+                if self.fde:
+                    with open(image, "rb") as sfd, \
+                         open(f"/dev/r{info.name}", "r+b") as dfd:
+                        self.fdcopy(sfd, dfd, zinfo.file_size)
+                else:
+                    with self.pkg.open(image) as sfd, \
+                         open(f"/dev/r{info.name}", "r+b") as dfd:
+                        self.fdcopy(sfd, dfd, zinfo.file_size)
+
                 self.flush_progress()
             source = part.get("source", None)
             if source: