From f1c55982006fa5e2a8706f7460a4cd16e9f767d3 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 2 Jul 2016 18:29:19 -0300
Subject: Bootless: FDE support

---
 doc/todo.rst                               |  3 ++
 share/config/templates/bootless/custom.cfg | 29 +++++++++++++++++
 share/config/templates/bootless/grub.cfg   | 52 ++++++++++++++++++++++++++++++
 share/hydra/bootless                       | 40 +++--------------------
 4 files changed, 88 insertions(+), 36 deletions(-)
 create mode 100644 share/config/templates/bootless/custom.cfg
 create mode 100644 share/config/templates/bootless/grub.cfg

diff --git a/doc/todo.rst b/doc/todo.rst
index 94d8e77..98431b1 100644
--- a/doc/todo.rst
+++ b/doc/todo.rst
@@ -4,6 +4,8 @@ TODO
 - docs.
 - deploy:
  - lockfile.
+ - one-step ssh+sudo deployment.
+ - simple deployer using just rsync.
  - check for sudo config at the remote site.
 - compile:
   - per-node compiled file.
@@ -14,3 +16,4 @@ TODO
   - $APP_BASE/share/{hydra,hydractl}
   - /usr/local/share/{hydra,hydractl}
   - {hydra,hydract}-action (like git plugins)
+- bootless: per-device hash/verification.
diff --git a/share/config/templates/bootless/custom.cfg b/share/config/templates/bootless/custom.cfg
new file mode 100644
index 0000000..5eaf786
--- /dev/null
+++ b/share/config/templates/bootless/custom.cfg
@@ -0,0 +1,29 @@
+#
+# Menu appearance
+#
+set menu_color_normal=white/blue
+set menu_color_highlight=yellow/red
+
+#
+# Example: imagens stored in the USB stick: just put your images under custom/debian/images.
+#
+menuentry 'Example: Darkstar' {
+  set    version=3.16.0-4
+  set    source=/dev/mapper/vg-root
+  set    target=root
+
+	echo	 'Loading AMD64 Debian Desktop (Jessie)...'
+  linux  /boot/custom/debian/vmlinuz-${version}-amd64 root=/dev/mapper/root cryptopts=target=${target},source=${source} ro quiet apparmor=1 security=apparmor
+  echo   'Loading initial ramdisk ...'
+  initrd /boot/custom/debian/initrd.img-${version}-amd64
+}
+
+#
+# Example: Full Disk Encryption: images are loaded from encrypted partition.
+#
+menuentry 'Example: Darkstar FDE' {
+  set machine=darkstar
+  set version=3.16.0-4
+
+  bootfde ${machine} ${version}
+}
diff --git a/share/config/templates/bootless/grub.cfg b/share/config/templates/bootless/grub.cfg
new file mode 100644
index 0000000..b4e9e25
--- /dev/null
+++ b/share/config/templates/bootless/grub.cfg
@@ -0,0 +1,52 @@
+#
+# Bootless: evil-maid mitigator.
+#
+
+#
+# Load environment
+#
+if [ -s $prefix/grubenv ]; then
+  load_env
+fi
+
+#
+# Basic config
+#
+set default="0"
+set timeout=5
+
+#
+# Menu appearance
+#
+set menu_color_normal=white/blue
+set menu_color_highlight=yellow/red
+
+#
+# Handles boot from fully encrypted /boot volumes.
+#
+function bootfde {
+  insmod luks
+  insmod lvm
+
+  cryptomount lvm/${1}-root
+  set root=(crypto0)
+
+	echo	 "Loading ${1}..."
+  linux  /boot/vmlinuz-${2}-amd64 root=/dev/mapper/root cryptopts=target=root,source=/dev/mapper/${1}-root ro quiet
+  echo   'Loading initial ramdisk ...'
+  initrd /boot/initrd.img-${2}-amd64
+}
+
+#
+# Default menu entry
+#
+menuentry "Memtest86+" {
+  linux16 /boot/default/memtest/memtest86+.bin
+}
+
+#
+# Custom menu entries
+#
+if [ -e "/boot/custom/custom.cfg" ]; then
+  configfile /boot/custom/custom.cfg
+fi
diff --git a/share/hydra/bootless b/share/hydra/bootless
index 7f7de0f..67f1b96 100755
--- a/share/hydra/bootless
+++ b/share/hydra/bootless
@@ -215,9 +215,9 @@ function hydra_bootless_init {
 
   # Create a fresh repository
   mkdir -p $HYDRA_FOLDER/bootless/{default,custom,grub}
-  mkdir -p $HYDRA_FOLDER/bootless/default/{debian,memtest,ubuntu}
+  mkdir -p $HYDRA_FOLDER/bootless/custom/{debian,memtest}
   touch $HYDRA_FOLDER/bootless/{default,custom,grub}/.empty
-  touch $HYDRA_FOLDER/bootless/default/{debian,memtest,ubuntu}/.empty
+  touch $HYDRA_FOLDER/bootless/default/{debian,memtest}/.empty
   ( cd $HYDRA_FOLDER/bootless && ln -s . boot)
 
   if [ -f "/boot/memtest86+.bin" ]; then
@@ -228,40 +228,8 @@ function hydra_bootless_init {
   fi
 
   # Grub configuration
-  cat > $HYDRA_FOLDER/bootless/grub/grub.cfg <<-EOF    
-# This is grub.cfg for use with Bootless Management System
-
-### BEGIN header ###
-if [ -s $prefix/grubenv ]; then
-  load_env
-fi
-set default="0"
-if [ "${prev_saved_entry}" ]; then
-  set saved_entry="${prev_saved_entry}"
-  save_env saved_entry
-  set prev_saved_entry=
-  save_env prev_saved_entry
-  set boot_once=true
-fi
-
-function savedefault {
-  if [ -z "${boot_once}" ]; then
-    saved_entry="${chosen}"
-    save_env saved_entry
-  fi
-}
-
-function load_video {
-}
-
-set timeout=5
-### END header ###
-
-### BEGIN debian_theme ###
-set menu_color_normal=white/blue
-set menu_color_highlight=yellow/red
-### END debian_theme ###
-EOF
+  cp $HYDRA_FOLDER/config/templates/bootless/grub.cfg   $HYDRA_FOLDER/bootless/grub/
+  cp $HYDRA_FOLDER/config/templates/bootless/custom.cfg $HYDRA_FOLDER/bootless/custom/
 
   # Initialize git repository
   (
-- 
cgit v1.2.3