#!/bin/sh mount -t proc proc /proc mount -t sysfs sysfs /sys sleep 1 mount -t devtmpfs devtmpfs /dev mount -t tmpfs tmpfs /tmp hostname kobo ifconfig lo up echo 3 > /sys/class/graphics/fb0/rotate echo "Checking filesystems ..." echo /usr/bin/fsck.ext4 -y /dev/mmcblk0p1 /usr/bin/fsck.ext4 -y /dev/mmcblk0p2 /usr/bin/fsck.ext4 -y /dev/mmcblk0p3 /usr/bin/fsck.ext4 -y /dev/mmcblk0p4 echo # Upgrading kernel if needed mount -t ext4 /dev/mmcblk0p1 /mnt KERNEL_FLASH=`cat /mnt/flags/KERNEL_FLASH` 2>/dev/null WILL_UPDATE=`cat /mnt/flags/WILL_UPDATE` 2>/dev/null DIAGS_BOOT=`cat /mnt/flags/DIAGS_BOOT` 2>/dev/null STARTX=`cat /mnt/flags/X11_START` 2>/dev/null MOUNT_RW=`cat /mnt/flags/RW_ROOTFS` 2>/dev/null # Some mountpoints mkdir -p /rootfs-part if [ "$KERNEL_FLASH" == "true" ]; then cp /mnt/boot/uImage / sync echo "Flashing new kernel..." dd if=/uImage of=/dev/mmcblk0 bs=512 seek=2048 sync echo "false" > /mnt/flags/KERNEL_FLASH rm /mnt/boot/uImage echo "Done, rebooting..." reboot else umount /mnt evtest /dev/input/event0 > /tmp/input-log & EVTEST_PID=$! read -t 5 -n 1 -s -r -p "(initrd) Hit any key to stop auto-boot ... " KEY echo if [ "$KEY" == "" ]; then INPUT_LOG=`cat /tmp/input-log | grep value` export INPUT_LOG # Device should have been wiped and restored to a factory state # Checking if there is still a "noroot" flag in the unpartitioned space export ROOT_FLAG=`dd if=/dev/mmcblk0 bs=512 skip=79872 count=1 status=none | head -c6` if [ "$ROOT_FLAG" == "rooted" ]; then echo "Security policy not enforced; root access permitted." else mount -t ext4 -o ro /dev/mmcblk0p3 /rootfs-part losetup /dev/loop1 /rootfs-part/rootfs.squashfs mount -o ro /dev/loop1 /mnt mount -t ext4 /dev/mmcblk0p1 /mnt/boot echo "WARNING: User violated security policy!" echo "Flashing a new kernel that does not allow root access..." mkdir -p /recoveryfs mount -t ext4 /dev/mmcblk0p2 /recoveryfs dd if=/recoveryfs/opt/recovery/restore/uImage-std of=/dev/mmcblk0 bs=512 seek=2048 sync rm /mnt/etc/passwd sync cp /opt/passwd_lockdown /mnt/etc/passwd sync # We set the ALERT flag to show a GUI warning about what happened echo "true" > /mnt/boot/flags/ALERT sync echo "Done, rebooting..." reboot exit 0 fi if [ "$INPUT_LOG" == "" ]; then if [ "$DIAGS_BOOT" != "true" ]; then # If the security policy was violated, we would not be there anymore, so from now on we are booting as usual. # Splash /etc/init.d/inkbox-splash & # Root filesystem if [ "$MOUNT_RW" == "true" ]; then mount -t ext4 /dev/mmcblk0p3 /rootfs-part losetup /dev/loop1 /rootfs-part/rootfs.squashfs mount -o ro /dev/loop1 /mnt else mount -t ext4 -o ro /dev/mmcblk0p3 /rootfs-part losetup /dev/loop1 /rootfs-part/rootfs.squashfs mount -o ro /dev/loop1 /mnt fi mount -t ext4 /dev/mmcblk0p1 /mnt/boot ## User storage mount -t ext4 /dev/mmcblk0p4 /mnt/opt/storage # Config mkdir -p /mnt/opt/storage/config mkdir -p /mnt/opt/config mount --bind /mnt/opt/storage/config /mnt/opt/config # Update bundle mkdir -p /mnt/opt/storage/update mkdir -p /mnt/opt/update mount --bind /mnt/opt/storage/update /mnt/opt/update # X11/KoBox mkdir -p /mnt/opt/storage/X11/rootfs/work mkdir -p /mnt/opt/storage/X11/rootfs/write mkdir -p /mnt/opt/X11/rootfs mount /mnt/opt/storage/X11/rootfs /mnt/opt/X11/rootfs # InkBox GUI's rootfs mkdir -p /mnt/opt/storage/gui_rootfs mkdir -p /mnt/opt/gui_rootfs mount --bind /mnt/opt/storage/gui_rootfs /mnt/opt/gui_rootfs mkdir -p /mnt/opt/root mkdir -p /mnt/opt/key mkdir -p /mnt/selinux mkdir -p /mnt/modules losetup /dev/loop7 /opt/root.sqsh mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec losetup /dev/loop6 /opt/key.sqsh mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec losetup /dev/loop5 /opt/modules.sqsh mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec mount --move /proc /mnt/proc mount --move /sys /mnt/sys mount --bind /dev /mnt/dev mount -t tmpfs tmpfs /mnt/tmp mount -t tmpfs tmpfs /mnt/opt/developer mount -t selinuxfs selinuxfs /mnt/selinux 2>/dev/null # Developer key /etc/init.d/developer-key OVERRIDE_SIGNATURE_VERIFICATION=`cat /mnt/opt/developer/key/valid-key 2>/dev/null` # InkBox GUI's rootfs busybox chroot /mnt "/usr/bin/openssl" "dgst" "-sha256" "-verify" "/opt/key/public.pem" "-signature" "/opt/storage/gui_rootfs.isa.dgst" "/opt/storage/gui_rootfs.isa" if [ $? != 0 ]; then if [ "$OVERRIDE_SIGNATURE_VERIFICATION" != "true" ]; then echo "FATAL: InkBox GUI root filesystem's signature is invalid!" echo "Aborting boot and powering off ..." busybox poweroff else : fi else busybox chroot /mnt "/bin/squashfuse" "/opt/storage/gui_rootfs.isa" "/opt/gui_rootfs/read" busybox chroot /mnt "/bin/fuse-overlayfs" "-o" "lowerdir=/opt/gui_rootfs/read,upperdir=/opt/gui_rootfs/write,workdir=/opt/gui_rootfs/work" "/kobo" echo true > /mnt/kobo/inkbox/remount echo false > /mnt/boot/flags/X11_STARTED # Starting an X server if [ "$STARTX" == "true" ]; then /etc/init.d/startx fi chroot /mnt /sbin/openrc "sysinit" chroot /mnt /sbin/openrc "boot" chroot /mnt /sbin/openrc "default" exit 0 fi else echo "DIAGS_BOOT is set to 'true', booting into diagnostics..." mkdir -p /alpine mount -t ext4 /dev/mmcblk0p2 /mnt -o ro mount -t ext4 /dev/mmcblk0p1 /mnt/boot losetup /dev/loop7 /opt/root.sqsh mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec losetup /dev/loop6 /opt/key.sqsh mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec losetup /dev/loop5 /opt/modules.sqsh mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine mount --bind /proc /mnt/proc mount --bind /proc /alpine/proc mount --bind /sys /mnt/sys mount --bind /sys /alpine/sys mount -t devtmpfs devtmpfs /mnt/dev mount -t devtmpfs devtmpfs /alpine/dev mount -t tmpfs tmpfs /mnt/tmp mount -t tmpfs tmpfs /alpine/tmp mount -t tmpfs tmpfs /alpine/run chroot /alpine /sbin/openrc "sysinit" chroot /mnt /opt/bin/diagnostics_splash sleep 2 chroot /mnt /opt/recovery/launch.sh & exit 0 fi else echo "Input event caught, booting into recovery partition..." mkdir -p /alpine mount -t ext4 /dev/mmcblk0p2 /mnt -o ro mount -t ext4 /dev/mmcblk0p1 /mnt/boot losetup /dev/loop7 /opt/root.sqsh mount /dev/loop7 /mnt/opt/root -o ro,nodev,nosuid,noexec losetup /dev/loop6 /opt/key.sqsh mount /dev/loop6 /mnt/opt/key -o ro,nodev,nosuid,noexec losetup /dev/loop5 /opt/modules.sqsh mount /dev/loop5 /mnt/modules -o ro,nodev,nosuid,noexec mount /mnt/opt/recovery/restore/alpine-udev.sqsh /alpine mount --bind /proc /mnt/proc mount --bind /proc /alpine/proc mount --bind /sys /mnt/sys mount --bind /sys /alpine/sys mount -t devtmpfs devtmpfs /mnt/dev mount -t devtmpfs devtmpfs /alpine/dev mount -t tmpfs tmpfs /mnt/tmp mount -t tmpfs tmpfs /alpine/tmp mount -t tmpfs tmpfs /alpine/run chroot /alpine /sbin/openrc "sysinit" chroot /mnt /opt/bin/diagnostics_splash sleep 2 chroot /mnt /opt/recovery/launch.sh & exit 0 fi else rm /usr/sbin/chroot echo -e "#!/bin/sh\n\n/sbin/getty -L ttymxc0 115200 vt100" > /usr/sbin/chroot chmod +x /usr/sbin/chroot exit 0 fi fi kill -9 $EVTEST_PID