Skip to content

Instantly share code, notes, and snippets.

@polymorphm

polymorphm/kernel-flash

Last active November 22, 2019 19:50
Show Gist options
  • Save polymorphm/ba7a1063f19d08f7b2f48bc03425f76b to your computer and use it in GitHub Desktop.
Save polymorphm/ba7a1063f19d08f7b2f48bc03425f76b to your computer and use it in GitHub Desktop.
Download ZIP
running kernel from a flash; and verifying that boot files are still okay
Raw
kernel-flash
#!/usr/bin/bash
kernel_flash_name='plm-notebook'
boot_path='/boot'
kernel_vmlinuz_file='vmlinuz-linux'
kernel_img_files=('intel-ucode.img' 'amd-ucode.img' 'initramfs-linux.img')
kernel_cmdline="\\kernels\\$kernel_flash_name\\$kernel_vmlinuz_file.efi initrd=\\kernels\\$kernel_flash_name\\intel-ucode.img initrd=\\kernels\\$kernel_flash_name\\amd-ucode.img initrd=\\kernels\\$kernel_flash_name\\initramfs-linux.img root=UUID=6581314d-6709-416e-9c61-166211b7163e rw rootflags=subvol=arch1-root rd.luks.name=e85a4aea-f191-431c-b6f8-93ba70d95d73=root loglevel=3 quiet"
flash_path='/dev/disk/by-id/usb-SanDisk__Cruzer_Fit_4C530000240815113164-0:0'
flash_part_path="$flash_path-part1"
run_path="/run/$kernel_flash_name.kernel-flash"
mnt_path="$run_path/mnt"
efi_shell_file='BOOTX64.EFI'
efi_shell_hash='423bcc767fe4f03ef18fa2423769e9465c11c86c3959d231ab8e7d67181c9ce8 *-'
check_flash_parts () {
echo 'check_flash_parts: ls...'
if [ "x$(ls -1 -- "$flash_path"-part*)" != "x$flash_part_path" ]
then
echo 'check_flash_parts: ls error' 1>&2
return 1
fi
}
check_efi_shell () {
echo 'check_efi_shell: sha256sum...'
local mnt_efi_shell_hash="$(sha256sum -b <"$mnt_path/EFI/BOOT/$efi_shell_file")"
if [ "x$mnt_efi_shell_hash" != "x$efi_shell_hash" ]
then
echo "check_efi_shell: sha256sum error: $mnt_efi_shell_hash $efi_shell_hash" 1>&2
return 1
fi
}
do_mkdirs () {
echo 'do_mkdirs: mkdir run...'
if ! mkdir -m0700 -- "$run_path"
then
echo 'do_mkdirs: mkdir run error' 1>&2
return 1
fi
echo 'do_mkdirs: mkdir mnt...'
if ! mkdir -- "$mnt_path"
then
echo 'do_mkdirs: mkdir mnt error' 1>&2
return 1
fi
}
do_rmdirs () {
if [ -d "$mnt_path" ]
then
echo 'do_rmdirs: rmdir mnt...'
if ! rmdir -- "$mnt_path"
then
echo 'do_rmdirs: rmdir mnt error' 1>&2
return 1
fi
fi
if [ -d "$run_path" ]
then
echo 'do_rmdirs: rmdir run...'
if ! rmdir -- "$run_path"
then
echo 'do_rmdirs: rmdir run error' 1>&2
return 1
fi
fi
}
do_mount () {
echo 'do_mount: mount...'
if ! mount -tvfat -- "$flash_part_path" "$mnt_path"
then
echo 'do_mount: mount error' 1>&2
return 1
fi
}
do_umount () {
echo 'do_umount: umount...'
if ! umount -- "$mnt_path"
then
echo 'do_umount: umount error' 1>&2
return 1
fi
}
do_sync_files () {
if [ ! -d "$mnt_path/kernels" ]
then
echo 'do_sync_files: mkdir kernels...'
if ! mkdir -- "$mnt_path/kernels"
then
echo 'do_sync_files: mkdir kernels error' 1>&2
return 1
fi
fi
if [ -d "$mnt_path/kernels/$kernel_flash_name.new" ]
then
echo 'do_sync_files: rm prev new...'
if ! rm -rf -- "$mnt_path/kernels/$kernel_flash_name.new"
then
echo 'do_sync_files: rm prev new error' 1>&2
return 1
fi
fi
echo 'do_sync_files: mkdir new...'
if ! mkdir -- "$mnt_path/kernels/$kernel_flash_name.new"
then
echo 'do_sync_files: mkdir new error' 1>&2
return 1
fi
echo 'do_sync_files: cp vmlinuz...'
if ! cp --no-preserve=timestamps -- "$boot_path/$kernel_vmlinuz_file" \
"$mnt_path/kernels/$kernel_flash_name.new/$kernel_vmlinuz_file.efi"
then
echo 'do_sync_files: cp vmlinuz error' 1>&2
return 1
fi
for kernel_img_file in "${kernel_img_files[@]}"
do
echo "do_sync_files: cp img: $kernel_img_file..."
if ! cp --no-preserve=timestamps -- "$boot_path/$kernel_img_file" \
"$mnt_path/kernels/$kernel_flash_name.new/$kernel_img_file"
then
echo "do_sync_files: cp img error: $kernel_img_file" 1>&2
return 1
fi
done
echo 'do_sync_files: writing nsh...'
if ! echo "$kernel_cmdline" >"$mnt_path/kernels/$kernel_flash_name.new/boot.nsh"
then
echo 'do_sync_files: writing nsh error' 1>&2
return 1
fi
echo 'do_sync_files: sha256sum origin boot...'
if ! (cd -- "$boot_path" && find -type f -exec sha256sum -b -- '{}' '+') \
>"$mnt_path/kernels/$kernel_flash_name.new/origin-boot.sha256"
then
echo 'do_sync_files: sha256sum origin boot error' 1>&2
return 1
fi
if [ -d "$mnt_path/kernels/$kernel_flash_name.old" ]
then
echo 'do_sync_files: rm prev old...'
if ! rm -rf -- "$mnt_path/kernels/$kernel_flash_name.old"
then
echo 'do_sync_files: rm prev old error' 1>&2
return 1
fi
fi
if [ -d "$mnt_path/kernels/$kernel_flash_name" ]
then
echo 'do_sync_files: mv curr to old...'
if ! mv -- "$mnt_path/kernels/$kernel_flash_name" "$mnt_path/kernels/$kernel_flash_name.old"
then
echo 'do_sync_files: mv curr to old error' 1>&2
return 1
fi
fi
echo 'do_sync_files: mv new to curr...'
if ! mv -- "$mnt_path/kernels/$kernel_flash_name.new" "$mnt_path/kernels/$kernel_flash_name"
then
echo 'do_sync_files: mv new to curr error' 1>&2
return 1
fi
if [ -d "$mnt_path/kernels/$kernel_flash_name.old" ]
then
echo 'do_sync_files: rm old...'
if ! rm -rf -- "$mnt_path/kernels/$kernel_flash_name.old"
then
echo 'do_sync_files: rm old error' 1>&2
return 1
fi
fi
}
do_verify_files () {
local rv='0'
echo "do_verify_files: reading nsh..."
if [ "x$(cat "$mnt_path/kernels/$kernel_flash_name/boot.nsh")" != "x$kernel_cmdline" ]
then
echo "do_verify_files: reading nsh error" 1>&2
rv='1'
fi
echo "do_verify_files: sha256sum vmlinuz..."
local mnt_file_hash="$(sha256sum -b <"$mnt_path/kernels/$kernel_flash_name/$kernel_vmlinuz_file.efi")"
local boot_file_hash="$(sha256sum -b <"$boot_path/$kernel_vmlinuz_file")"
if [ "x$mnt_file_hash" != "x$boot_file_hash" ]
then
echo "do_verify_files: sha256sum vmlinuz error: $mnt_file_hash $boot_file_hash" 1>&2
rv='1'
fi
for kernel_img_file in "${kernel_img_files[@]}"
do
echo "do_verify_files: sha256sum: $kernel_img_file..."
local mnt_file_hash="$(sha256sum -b <"$mnt_path/kernels/$kernel_flash_name/$kernel_img_file")"
local boot_file_hash="$(sha256sum -b <"$boot_path/$kernel_img_file")"
if [ "x$mnt_file_hash" != "x$boot_file_hash" ]
then
echo "do_verify_files: sha256sum error: $kernel_img_file $mnt_file_hash $boot_file_hash" 1>&2
rv='1'
fi
done
if [ "x$rv" == 'x0' ]
then
echo 'verification kernel flash successful!'
else
echo 'verification kernel flash failure!'
fi
echo 'do_verify_files: sha256sum checking origin boot...'
if ! (cd -- "$boot_path" && sha256sum -c) \
<"$mnt_path/kernels/$kernel_flash_name/origin-boot.sha256"
then
echo 'do_verify_files: sha256sum checking origin boot error' 1>&2
rv='1'
fi
if [ "x$rv" == 'x0' ]
then
echo 'verification kernel flash and origin boot successful!'
else
echo 'verification kernel flash or/and origin boot failure!'
fi
return -- "$rv"
}
do_sync () {
if ! check_flash_parts
then
return 1
fi
if ! do_mkdirs
then
do_rmdirs
return 1
fi
if ! do_mount
then
do_rmdirs
return 1
fi
if ! check_efi_shell
then
do_umount
do_rmdirs
return 1
fi
if ! do_sync_files
then
do_umount
do_rmdirs
return 1
fi
if ! do_umount
then
do_rmdirs
return 1
fi
if ! do_rmdirs
then
return 1
fi
}
do_verify () {
if ! check_flash_parts
then
return 1
fi
if ! do_mkdirs
then
do_rmdirs
return 1
fi
if ! do_mount
then
do_rmdirs
return 1
fi
if ! check_efi_shell
then
do_umount
do_rmdirs
return 1
fi
if ! do_verify_files
then
do_umount
do_rmdirs
return 1
fi
if ! do_umount
then
do_rmdirs
return 1
fi
if ! do_rmdirs
then
return 1
fi
}
if [ "x$(id -u)" != 'x0' ]
then
echo 'error: run the utility as root' 1>&2
exit 1
fi
if [ "x$#" == "x1" ] && [ "x$1" == 'xsync' ]
then
do_sync
exit
fi
if [ "x$#" == "x1" ] && [ "x$1" == 'xverify' ]
then
do_verify
exit
fi
echo 'invalid arguments'
exit 2
# vi:ts=4:sw=4:et
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment