2 ##############################################
3 # Script for Secure Linux Project #
4 # Copyright(c) 2005, 2006 by Roland Haeder #
5 ##############################################
6 # Purpose: Main configuration file #
7 ##############################################
8 # This software is licensed under the GNU #
9 # General Public License Version 2 or either #
10 # and comes with ABSOLUTELY NO WARRANTY #
11 # neither implied nor explicit. #
12 ##############################################
14 ######## Begin general stuff ########
15 # 1=Setup mode. If you turn this off, a username will be requested
17 # Option for cp/mkdir/rm-commands for verbose output
19 # Update switch for cp-command. You can remove this for always copy.
21 # Options for the dd-cmmand (CARE!)
23 # Use strict OpenPGP behavior for gpg commands
25 # Length of all seeds (15-25 shall be fine)
27 # Length of the random password
29 # 1=Forces cpio.sh to copy all given files/directories without checking sizes
31 # Which program shall I take? awk or gawk (last prefered!)
32 AWK=`which gawk | tail -n 1`
33 # Does the test go right?
34 if test "$AWK" == ""; then
35 echo "$0: Failed! The program gawk was found! We need this program"
36 echo "$0: to calculate with decimal-dotted values in functions.sh!"
39 ######## End general stuff ########
41 ########## Begin gen.sh ##########
43 # For now on this will be setup automatically
45 # For testing purposes use an image like this
46 #ASSET_DEVICE="$BASEDIR/setup/images/asset.img"
47 # For productive purposes use a "real" device here
48 ASSET_DEVICE="/dev/hda"
49 # For productive purposes use a "real" partition here:
52 SECRETS="$BASEDIR/secrets"
53 STICK="$BASEDIR/stick"
54 LOOP_ASSET="/dev/loop1"
55 LOOP_TEST="/dev/loop2"
56 # *Exactly* the same name(s) as you entered while gpg --gen-key for comment
57 USERS="quix0r angei junior"
58 # The master-key for creating the encrypted filesystem
59 MASTER="$BASEDIR/setup/keys/masterkey-secret.gpg"
60 # Additional keys (e.g. for your laptop) The path "BASEDIR/setup/keys" will be added!
61 EXTRA_KEYS="laptop-secret.gpg videos-secret.gpg home-secret.gpg"
62 # * 1kByte! No value means scrambling is disabled. A zero (0) together with
63 # Real device (/dev/hda; /dev/drbd0; etc.) means use shred
64 #COUNT="$((200*1024))"
67 # Use openssl or dd for scrambling disc/image? (dd=0, openssl=1)
69 # The multi-key for encrypting disc/image
70 MULTI_KEY="$BASEDIR/setup/keys/userkey-secret.gpg"
71 # The multi-key for encrypting disc/image
72 STICK_KEY="$BASEDIR/setup/keys/stick-secret.gpg"
73 MULTI_KEY_SUFFIX="secret.gpg"
74 # The first user is the "master" of this system
75 MASTER_USER=`echo $USERS | awk '{print $1}'`
76 # 1= Zero LOOP_ASSET after setting up. This will be done in gen.sh
79 ########## End gen.sh ############
81 ########## Begin initrd.sh ##########
82 BOOT_DEVICE="$ASSET_DEVICE"1
83 BOOT_MOUNT="$BASEDIR/root/boot"
84 if test "$UMOUNT_INITRD" == ""; then
85 # Shall I umount the initrd after creation?
88 KERN_VER="2.6.8-2-386"
89 KERN_FOUND="0" # Never set it to 1 here!
90 INITRD_LOOP="/dev/loop5"
91 # Check filesystem? (will be overriden after initial creation)
93 # Relative directory for mouting stick et cetera (to /)
95 # Relative directory for storing key file(s) and seed (to /MNT)
97 ########## End initrd.sh ##########
99 ########## Begin asses.sh ###########
100 ROOM_PART="12288" # "Zero'ed" room between partitions
108 # Special mount points (e.g. for "data partition")
109 MP_DATA="$BASEDIR/root/home"
111 # Sizes for misc things (I have used a 200 GB HDD)
112 SIZE_BLOCK="4096" # Size of a block in filesystem
113 # Size of encrypted swap partition
115 SIZE_SWAP="$(( 2*1024*1024))" # = 2 GB
116 #SIZE_SWAP="$(( 20*1024))" # = 20 MB
117 # Size of unencrypted boot partition (for kernel-image, Sytem.map and initrd)
118 SIZE_BOOT="$(( 8*1024))" # = 8 MB
119 # Size of encrypted root (/) partition
121 SIZE_ROOT="$((170*1024*1024))" # = 170 GB
122 #SIZE_ROOT="$(( 110*1024))" # = 100 MB
123 SIZE_MAX="0" # Will be calculated later!
125 # Some extra space which would be left free after second partition
126 # You have to experiment with this value until it matches!
127 # You may find out if all disc space is consumed with "cfdisk ASSET_DEVICE"
128 SIZE_EXTRA="$((1024 * 9 + 231))"
130 # Offsets for the losetup command
131 OFFSET_SWAP="$(($SIZE_BOOT*1024+$ROOM_PART))"
132 OFFSET_ROOT="$(($OFFSET_SWAP+$SIZE_SWAP*1024+$ROOM_PART))"
133 OFFSET_DATA="$(($OFFSET_ROOT+$SIZE_ROOT*1024+$ROOM_PART))"
135 # This value will be overridden later
137 # 1= umount asset, 0= keep asset mounted (needed to continue with cpio.sh
139 # Count of iterations for losetup
142 # Modules needed for booting system
145 ######## End assest.sh #############
147 # Files and directories which we can to copy with cpio (do not copy all here!)
148 CPIO_FILES="/home/ /root"
150 # The target stick device (for testing place an 4MB image here)
151 #STICK_DEVICE="$BASEDIR/setup/images/stick.img"
152 # Change this to your USB stick device!
153 STICK_DEVICE="/dev/sda" # Please use the testing image above first!
154 # Size of the USB stick device in 1kBytes (will be overwritten later)
155 STICK_SIZE="$((256*1024))"
156 # This size will be used only for creating an image which has the same
157 # raw size as your USB stick has. So please check the total size of first.
158 # NOTE: If you want to change this to your real device (/dev/sda e.g.) and
159 # you already run asset.sh / stick.sh then please run asset.sh again!
161 # Otherwise your stick may take "logical" damage.
163 # The FQFN of the usb-storage module, change it to your matching version
164 USB_STORAGE="/lib/modules/$KERN_VER/kernel/drivers/usb/storage/usb-storage.ko"
166 # Shall I zero the sticks before creating partitions on it? (solves some problems with parted)
167 STICK_ZERO="1" # 0=Disabled
169 # Is there an additional .local.sh script? (for testing)
171 if test -e ./.local.sh; then
172 # Include local configuration file
173 echo "$0: Loading .local.sh."
176 elif test -e $BASEDIR; then
177 # Use existing directory
178 echo "$0: Using $BASEDIR."
180 # Create base directory (maybe first call?)
181 mkdir $VERBOSE $BASEDIR
184 # Load additional functions
185 . $BASEDIR/include/functions.sh