Skip to content
Snippets Groups Projects
Commit 52266f62 authored by Mattias Barthel's avatar Mattias Barthel
Browse files

Add new package - bcm-fscrypt-key-migration

This preinit script package will migrate fsencrypted overlay
partition if the new key, key_dev_specific_512_grypt_salt,
exists in DTS.
From the old key, key_dev_specific_512, to the new key.

(cherry picked from commit eab64a95)
parent a0cee16d
Branches
Tags
1 merge request!40Add new package - bcm-fscrypt-key-migration
include $(TOPDIR)/rules.mk
PKG_NAME:=bcm-fscrypt-key-migration
PKG_RELEASE:=1
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
PKG_LICENSE:=GPL-2.0-only
include $(INCLUDE_DIR)/package.mk
define Package/bcm-fscrypt-key-migration
CATEGORY:=Base system
TITLE:=Broadcom Fscrypt Key Migration
endef
define Package/bcm-fscrypt-key-migration/description
Broadcom Fscrypt Key Migration
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
$(CP) ./files/* $(PKG_BUILD_DIR)/
endef
define Build/Compile
endef
define Package/bcm-fscrypt-key-migration/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,bcm-fscrypt-key-migration))
# Copyright (C) 2006 OpenWrt.org
# Copyright (C) 2010 Vertical Communications
do_bcm_fscrypt_key_migration() {
bcm_fscrypt_key_migration
}
boot_hook_add preinit_main do_bcm_fscrypt_key_migration
#!/bin/sh
. /lib/functions/preinit.sh
. /lib/functions/iopsys-system-layout.sh
is_migrated() {
local overlay_mount="${1:-/overlay}"
local data_dir="$overlay_mount/data"
local key_desc="$(get_board_specific_encryption_key_desc)"
local data_dir_key_desc="$(fscryptctl get_policy $data_dir | grep Descriptor | awk '{print $3}')"
if [ "$data_dir_key_desc" = "$key_desc" ]; then
return 0
else
return 1
fi
}
migrate_overlay() {
local overlay_mount="${1:-/overlay}"
local data_dir="$overlay_mount/data"
local tmp_data_dir="$overlay_mount/data.tmp"
local new_desc="$(get_board_specific_encryption_key_desc)"
echo "$0 migrating overlay" >> /dev/console
mkdir -p "$tmp_data_dir"
fscryptctl set_policy "$new_desc" "$tmp_data_dir"
#migrate files, if any
mv "$data_dir/*" "$tmp_data_dir/" 2>/dev/null
mv "$data_dir" "$data_dir.old"
mv "$tmp_data_dir" "$data_dir"
rm -rf "$data_dir.old"
}
encryption_init_kernel_keyring_old_key() {
if [ -f /proc/device-tree/key_dev_specific_512 ]; then
local key="$(cat /proc/device-tree/key_dev_specific_512)"
[ -z "$key" ] || echo -n "$key" | fscryptctl insert_key > /dev/null
else
echo "Old key key_dev_specific_512 not found!" >> /dev/stderr
fi
}
bcm_fscrypt_key_migration() {
local overlay_mount="/overlay"
use_overlay_encryption || return
get_system_layout_info_in_global_var
encryption_init_kernel_keyring
mount_overlay_partition current "$overlay_mount"
if is_migrated "$overlay_mount"; then
umount $overlay_mount
return
fi
encryption_init_kernel_keyring_old_key
migrate_overlay "$overlay_mount"
umount $overlay_mount
}
bcm_fscrypt_key_migration
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment