aboutsummaryrefslogtreecommitdiff
path: root/share/config/templates/bootless
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2016-07-02 18:29:19 -0300
committerSilvio Rhatto <rhatto@riseup.net>2016-07-02 18:29:19 -0300
commitf1c55982006fa5e2a8706f7460a4cd16e9f767d3 (patch)
tree5c5eb1ad54e5205473f246aea525d60bb282c41a /share/config/templates/bootless
parenta249af014901cbe1d2ac02913d90595e1b1a8a7a (diff)
downloadhydra-f1c55982006fa5e2a8706f7460a4cd16e9f767d3.tar.gz
hydra-f1c55982006fa5e2a8706f7460a4cd16e9f767d3.tar.bz2
Bootless: FDE support
Diffstat (limited to 'share/config/templates/bootless')
-rw-r--r--share/config/templates/bootless/custom.cfg29
-rw-r--r--share/config/templates/bootless/grub.cfg52
2 files changed, 81 insertions, 0 deletions
diff --git a/share/config/templates/bootless/custom.cfg b/share/config/templates/bootless/custom.cfg
new file mode 100644
index 0000000..5eaf786
--- /dev/null
+++ b/share/config/templates/bootless/custom.cfg
@@ -0,0 +1,29 @@
+#
+# Menu appearance
+#
+set menu_color_normal=white/blue
+set menu_color_highlight=yellow/red
+
+#
+# Example: imagens stored in the USB stick: just put your images under custom/debian/images.
+#
+menuentry 'Example: Darkstar' {
+ set version=3.16.0-4
+ set source=/dev/mapper/vg-root
+ set target=root
+
+ echo 'Loading AMD64 Debian Desktop (Jessie)...'
+ linux /boot/custom/debian/vmlinuz-${version}-amd64 root=/dev/mapper/root cryptopts=target=${target},source=${source} ro quiet apparmor=1 security=apparmor
+ echo 'Loading initial ramdisk ...'
+ initrd /boot/custom/debian/initrd.img-${version}-amd64
+}
+
+#
+# Example: Full Disk Encryption: images are loaded from encrypted partition.
+#
+menuentry 'Example: Darkstar FDE' {
+ set machine=darkstar
+ set version=3.16.0-4
+
+ bootfde ${machine} ${version}
+}
diff --git a/share/config/templates/bootless/grub.cfg b/share/config/templates/bootless/grub.cfg
new file mode 100644
index 0000000..b4e9e25
--- /dev/null
+++ b/share/config/templates/bootless/grub.cfg
@@ -0,0 +1,52 @@
+#
+# Bootless: evil-maid mitigator.
+#
+
+#
+# Load environment
+#
+if [ -s $prefix/grubenv ]; then
+ load_env
+fi
+
+#
+# Basic config
+#
+set default="0"
+set timeout=5
+
+#
+# Menu appearance
+#
+set menu_color_normal=white/blue
+set menu_color_highlight=yellow/red
+
+#
+# Handles boot from fully encrypted /boot volumes.
+#
+function bootfde {
+ insmod luks
+ insmod lvm
+
+ cryptomount lvm/${1}-root
+ set root=(crypto0)
+
+ echo "Loading ${1}..."
+ linux /boot/vmlinuz-${2}-amd64 root=/dev/mapper/root cryptopts=target=root,source=/dev/mapper/${1}-root ro quiet
+ echo 'Loading initial ramdisk ...'
+ initrd /boot/initrd.img-${2}-amd64
+}
+
+#
+# Default menu entry
+#
+menuentry "Memtest86+" {
+ linux16 /boot/default/memtest/memtest86+.bin
+}
+
+#
+# Custom menu entries
+#
+if [ -e "/boot/custom/custom.cfg" ]; then
+ configfile /boot/custom/custom.cfg
+fi