tpmtotp and qrencode deps

osresearch · osresearch · commit b3786d256a9b · 2016-07-31T22:39:07.000-04:00
diff --git a/Makefile b/Makefile
@@ -3,6 +3,12 @@ all: coreboot
 force:
 	-rm $(linux_dir)/arch/x86/boot/bzImage
 
+# uclibc must be built after the kernel,
+# since 'make headers_install' must be run to generate the
+# headers that uclibc needs.
+uclibc_url := https://uclibc.org/downloads/uClibc-0.9.33.tar.xz
+
+
 kexec_version := 2.0.12
 kexec_dir := kexec-tools-$(kexec_version)
 kexec_tar := kexec-tools-$(kexec_version).tar.gz
@@ -22,6 +28,32 @@ kexec: $(kexec_dir)
 	make -C "$(kexec_dir)" -j 8
 
 
+qrencode_dir := qrencode-3.4.4
+qrencode_tar := qrencode-3.4.4.tar.gz
+qrencode_url := https://fukuchi.org/works/qrencode/$(qrencode_tar)
+qrencode_canary := $(qrencode_dir)/.canary
+
+$(qrencode_tar):
+	wget $(qrencode_url)
+
+qrencode_lib := $(qrencode_dir)/.libs/libqrencode.so
+$(qrencode_canary): $(qrencode_tar)
+	tar xvf "$<"
+	touch "$@"
+
+$(qrencode_lib): $(qrencode_canary)
+	cd $(qrencode_dir) ; ./configure --without-tools
+	make -C "$(qrencode_dir)"
+
+
+initrd/bin/unsealtotp: $(qrencode_lib)
+	make -C tpmtotp unsealtotp
+	cp tpmtotp/unsealtotp "$@"
+initrd/bin/sealtotp: $(qrencode_lib)
+	make -C tpmtotp sealtotp
+	cp tpmtotp/sealtotp "$@"
+
+
 busybox_version := 1.25.0
 busybox_dir := busybox-$(busybox_version)
 busybox_tar := busybox-$(busybox_version).tar.bz2
diff --git a/initrd/init b/initrd/init
@@ -1,4 +1,11 @@
 #!/bin/ash
+# First thing it is vital to mount the /dev and other system directories
+mkdir /proc /sys /dev /tmp /boot 2>&- 1>&-
+mount -t devtmpfs none /dev
+mount -t proc none /proc
+mount -t sysfs none /sys
+
+# Now it is safe to print a banner
 echo '====================================================='
 echo ' _   _                _           ____   ___  __  __ '
 echo '| | | | ___  __ _  __| |___   _  |  _ \ / _ \|  \/  |'
@@ -8,19 +15,23 @@ echo '|_| |_|\___|\__,_|\__,_|___/ (_) |_| \_\\___/|_|  |_|'
 echo ''
 echo '====================================================='
 
-# Mount the system directories
-mkdir /proc /sys /dev /tmp /boot 2>/dev/null
-
-mount -t proc none /proc
-mount -t sysfs none /sys
-mount -t devtmpfs none /dev
-
-## Ensure that we load libraries from our directory
-#export LD_LIBRARY_PATH=/lib64
-
-# Start an interactive shell
+echo
 echo "Run './start-xen' to load the hypervisor"
 echo "Run 'kexec -e' to boot it"
 echo
 
+# Load the date from the hardware clock, setting it in local time
+hwclock -l -s
+
+# Verify the user's TPM secret
+date
+if [ -r /secret.totp ]; then
+	echo
+	echo -n "Verify TPM PCR: "
+	unsealtotp /secret.totp
+	echo
+fi
+	
+
+# Start an interactive shell
 exec /bin/ash
