Skip to content
rcS-root 5.23 KiB
Newer Older
Nicolas Mailloux's avatar
Nicolas Mailloux committed
#!/bin/sh

mount -t proc proc /proc
mount -t sysfs sysfs /sys
sleep 1
mount -t devtmpfs devtmpfs /dev
Nicolas Mailloux's avatar
Nicolas Mailloux committed
hostname kobo
ifconfig lo up
echo 3 > /sys/class/graphics/fb0/rotate

# Upgrading kernel if needed
Nicolas Mailloux's avatar
Nicolas Mailloux committed
mount -t ext4 /dev/mmcblk0p1 /mnt
KERNEL_FLASH=`cat /mnt/flags/KERNEL_FLASH` 2>/dev/null
WILL_UPDATE=`cat /mnt/flags/WILL_UPDATE` 2>/dev/null
DIAGS_BOOT=`cat /mnt/flags/DIAGS_BOOT` 2>/dev/null
STARTX=`cat /mnt/flags/X11_START` 2>/dev/null
Nicolas Mailloux's avatar
Nicolas Mailloux committed

if [ "$KERNEL_FLASH" == "true" ]; then
	cp /mnt/boot/uImage /
	sync
	echo "Flashing new kernel..."
	dd if=/uImage of=/dev/mmcblk0 bs=512 seek=2048
	sync
	echo "false" > /mnt/flags/KERNEL_FLASH
	rm /mnt/boot/uImage
	echo "Done, rebooting..."
	reboot
else
	umount /mnt
	evtest /dev/input/event0 > /tmp/input-log &
	EVTEST_PID=$!
Nicolas Mailloux's avatar
Nicolas Mailloux committed

Nicolas Mailloux's avatar
Nicolas Mailloux committed
	read -t 5 -n 1 -s -r -p "(initrd) Hit any key to stop auto-boot... " KEY
Nicolas Mailloux's avatar
Nicolas Mailloux committed

	if [ "$KEY" == "" ]; then
		INPUT_LOG=`cat /tmp/input-log | grep value`
		export INPUT_LOG

		# Device should have been wiped and restored to a factory state
		# Checking if there is still a "noroot" flag in the unpartitioned space
		export ROOT_FLAG=`dd if=/dev/mmcblk0 bs=512 skip=79872 count=1 status=none | head -c6`
		if [ "$ROOT_FLAG" == "rooted" ]; then
Nicolas Mailloux's avatar
Nicolas Mailloux committed
			echo "Security policy not enforced; root access permitted."
		else
Nicolas Mailloux's avatar
Nicolas Mailloux committed
			mount -t ext4 /dev/mmcblk0p3 /mnt
			mount -t ext4 /dev/mmcblk0p1 /mnt/boot
			mount -t ext4 /dev/mmcblk0p4 /mnt/opt/storage
Nicolas Mailloux's avatar
Nicolas Mailloux committed

			echo "WARNING: User violated security policy!"
			echo "Flashing a new kernel that does not allow root access..."
			mkdir -p /recoveryfs
Nicolas Mailloux's avatar
Nicolas Mailloux committed
			mount -t ext4 /dev/mmcblk0p2 /recoveryfs
Nicolas Mailloux's avatar
Nicolas Mailloux committed
			dd if=/recoveryfs/opt/recovery/restore/uImage-std of=/dev/mmcblk0 bs=512 seek=2048
			sync
			rm /mnt/etc/passwd
			sync
			cp /opt/passwd_lockdown /mnt/etc/passwd
			sync
			# We set the ALERT flag to show a GUI warning about what happened
                        echo "true" > /mnt/boot/flags/ALERT
			sync
			echo "Done, rebooting..."
			reboot
			exit 0
		fi

		if [ "$INPUT_LOG" == "" ]; then
			if [ "$DIAGS_BOOT" != "true" ]; then
				# If the security policy was violated, we would not be there anymore, so from now on we are booting as usual.
				# Splash
				/etc/init.d/inkbox-splash &

Nicolas Mailloux's avatar
Nicolas Mailloux committed
				mount -t ext4 /dev/mmcblk0p3 /mnt
				mount -t ext4 /dev/mmcblk0p1 /mnt/boot
Nicolas Mailloux's avatar
Nicolas Mailloux committed
				mkdir -p /mnt/opt/root
				mkdir -p /mnt/opt/key
				mkdir -p /mnt/selinux
				mkdir -p /mnt/modules
Nicolas Mailloux's avatar
Nicolas Mailloux committed
				losetup /dev/loop7 /opt/root.sqsh
				mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
				losetup /dev/loop6 /opt/key.sqsh
				mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
				losetup /dev/loop5 /opt/modules.sqsh
				mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec
Nicolas Mailloux's avatar
Nicolas Mailloux committed

				mount --move /proc /mnt/proc
				mount --move /sys /mnt/sys
				mount --bind /dev /mnt/dev
Nicolas Mailloux's avatar
Nicolas Mailloux committed
				mount -t tmpfs tmpfs /mnt/tmp
				mount -t selinuxfs selinuxfs /mnt/selinux

				echo true > /mnt/kobo/inkbox/remount
Nicolas Mailloux's avatar
Nicolas Mailloux committed
				echo false > /mnt/boot/flags/X11_STARTED
Nicolas Mailloux's avatar
Nicolas Mailloux committed
				# Starting an X server
				if [ "$STARTX" == "true" ]; then
					/etc/init.d/startx
				fi

				chroot /mnt /sbin/openrc "sysinit"
				chroot /mnt /sbin/openrc "boot"
				chroot /mnt /sbin/openrc "default"
				exit 0
			else
				echo "DIAGS_BOOT is set to 'true', booting into diagnostics..."
				mkdir -p /alpine
Nicolas Mailloux's avatar
Nicolas Mailloux committed
				mount -t ext4 /dev/mmcblk0p2 /mnt -o ro
				mount -t ext4 /dev/mmcblk0p1 /mnt/boot
Nicolas Mailloux's avatar
Nicolas Mailloux committed

				losetup /dev/loop7 /opt/root.sqsh
				mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
				losetup /dev/loop6 /opt/key.sqsh
				mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
				losetup /dev/loop5 /opt/modules.sqsh
				mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec
Nicolas Mailloux's avatar
Nicolas Mailloux committed

				mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
				mount --bind /proc /mnt/proc
				mount --bind /proc /alpine/proc
				mount --bind /sys /mnt/sys
				mount --bind /sys /alpine/sys
				mount -t devtmpfs devtmpfs /mnt/dev
				mount -t devtmpfs devtmpfs /alpine/dev
				mount -t tmpfs tmpfs /mnt/tmp
				mount -t tmpfs tmpfs /alpine/tmp
				mount -t tmpfs tmpfs /alpine/run
				chroot /alpine /sbin/openrc "sysinit"
				chroot /mnt /opt/bin/diagnostics_splash
				sleep 2
				chroot /mnt /opt/recovery/launch.sh &
				exit 0
			fi
		else
			echo "Input event caught, booting into recovery partition..."
			mkdir -p /alpine
Nicolas Mailloux's avatar
Nicolas Mailloux committed
			mount -t ext4 /dev/mmcblk0p2 /mnt -o ro
			mount -t ext4 /dev/mmcblk0p1 /mnt/boot
Nicolas Mailloux's avatar
Nicolas Mailloux committed

			losetup /dev/loop7 /opt/root.sqsh
			mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec
			losetup /dev/loop6 /opt/key.sqsh
			mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec
			losetup /dev/loop5 /opt/modules.sqsh
			mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec
Nicolas Mailloux's avatar
Nicolas Mailloux committed

			mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine
			mount --bind /proc /mnt/proc
			mount --bind /proc /alpine/proc
			mount --bind /sys /mnt/sys
			mount --bind /sys /alpine/sys
			mount -t devtmpfs devtmpfs /mnt/dev
			mount -t devtmpfs devtmpfs /alpine/dev
			mount -t tmpfs tmpfs /mnt/tmp
			mount -t tmpfs tmpfs /alpine/tmp
			mount -t tmpfs tmpfs /alpine/run
			chroot /alpine /sbin/openrc "sysinit"
			chroot /mnt /opt/bin/diagnostics_splash
			sleep 2
			chroot /mnt /opt/recovery/launch.sh &
			exit 0
		fi
	else
		rm /usr/sbin/chroot
		echo -e "#!/bin/sh\n\n/sbin/getty -L ttymxc0 115200 vt100" > /usr/sbin/chroot
		chmod +x /usr/sbin/chroot
		exit 0
	fi
fi

kill -9 $EVTEST_PID