From c20cb473b55a72fcfc56a98b666f2bd25bc71412 Mon Sep 17 00:00:00 2001 From: Bohan Yang Date: Tue, 5 Feb 2019 13:15:57 +0800 Subject: [PATCH] Full disk encryption feature --- README.md | 1 + netboot.sh | 21 ++++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2353356..38dcc19 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ sudo sh -c "$(wget -qO- https://github.com/brentybh/debian-netboot/raw/master/ne - `-upgrade full-upgrade` Whether to upgrade packages after debootstrap (`none`, `safe-upgrade`, `full-upgrade`) - `-s http://security.debian.org/debian-security` Custom URL for security repository mirror - `-fs ext4` Filesystem for partition + - `-crypto` Full disk encryption (Can't be fully automated at current. Need connection to VNC to go through the steps) - `-ip 192.168.1.42` Configure network manually with an IP address **(the following** `-cidr`**,** `-gw` **and** `-dns` **options only work when an IP address is specified)** - `-cidr 255.255.255.0` Netmask for manual network configuration - `-gw 192.168.1.1` Gateway for manual network configuration diff --git a/netboot.sh b/netboot.sh index 07036dd..d6c069a 100644 --- a/netboot.sh +++ b/netboot.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # Copyright 2018 Brent, Yang Bohan @@ -99,6 +99,9 @@ while [ $# -gt 0 ]; do -dry-run) DRYRUN=true ;; + -crypto) + DISKCRYPTO="crypto" + ;; *) echo "Illegal option $1" exit 1 @@ -128,6 +131,7 @@ NTP=${NTP:-pool.ntp.org} UPGRADE=${UPGRADE:-full-upgrade} DNS=${DNS:-8.8.8.8 8.8.4.4} FILESYS=${FILESYS:-ext4} +DISKCRYPTO=${DISKCRYPTO:-regular} if [ -z "$SECURITY" ]; then SECURITY=http://security.debian.org/debian-security @@ -173,6 +177,7 @@ cat >> preseed.cfg << EOF # TIME_ZONE: 5 # NTP: 5 # FILESYS: 6 +# DISKCRYPTO: 6 # SECURITY: 8 # INCLUDE: 9 # UPGRADE: 9 @@ -255,13 +260,22 @@ d-i clock-setup/ntp-server string {{-NTP-}} # 6. Partitioning: FILESYS d-i partman-basicfilesystems/no_swap boolean false -d-i partman-auto/method string regular +d-i partman/default_filesystem string {{-FILESYS-}} +d-i partman-auto/method string {{-DISKCRYPTO-}} d-i partman-lvm/device_remove_lvm boolean true d-i partman-md/device_remove_md boolean true d-i partman-lvm/confirm boolean true d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-auto/expert_recipe string naive :: 0 1 -1 {{-FILESYS-}} $primary{ } $bootable{ } method{ format } format{ } use_filesystem{ } filesystem{ {{-FILESYS-}} } mountpoint{ / } . +EOF + +if [ "$DISKCRYPTO" = "regular" ]; then +cat >> preseed.cfg << EOF +d-i partman-auto/expert_recipe string naive :: 0 1 -1 $default_filesystem $primary{ } $bootable{ } method{ format } format{ } use_filesystem{ } $default_filesystem{ } mountpoint{ / } . d-i partman-auto/choose_recipe select naive +EOF +fi + +cat >> preseed.cfg << EOF d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true @@ -313,6 +327,7 @@ sed -i 's/{{-NTP-}}/'"$NTP"'/g' preseed.cfg sed -i 's/{{-SECURITY-}}/'$(echo "$SECURITY" | sed 's/\//\\\//g')'/g' preseed.cfg sed -i 's/{{-UPGRADE-}}/'"$UPGRADE"'/g' preseed.cfg sed -i 's/{{-FILESYS-}}/'"$FILESYS"'/g' preseed.cfg +sed -i 's/{{-DISKCRYPTO-}}/'"$DISKCRYPTO"'/g' preseed.cfg if [ "$DRYRUN" != true ]; then