2 ##############################################
3 # Script for Secure Linux Project #
4 # Copyright(c) 2005, 2006 by Roland Haeder #
5 ##############################################
6 # Purpose: Main configuration file #
7 ##############################################
8 # This software is licensed under the GNU #
9 # General Public License Version 2 or either #
10 # and comes with ABSOLUTELY NO WARRANTY #
11 # neither implied nor explicit. #
12 ##############################################
14 ######## Begin general stuff ########
15 # 1=Setup mode. If you turn this off, a username will be requested
17 # Option for cp/mkdir/rm-commands for verbose output
19 # Update switch for cp-command. You can remove this for always copy.
21 # Options for the dd-cmmand (CARE!)
23 # Use strict OpenPGP behavior for gpg commands
25 # Length of both seeds (15-25 shall be fine)
27 # 1=Forces cpio.sh to copy all given files/directories without checking sizes
29 # Which program shall I take? awk or gawk (last prefered!)
30 AWK=`which gawk | tail -n 1`
31 # Does the test go right?
32 if test "$AWK" == ""; then
33 echo "$0: Failed! The program gawk was found! We need this program"
34 echo "$0: to calculate with decimal-dotted values in functions.sh!"
37 ######## End general stuff ########
39 ########## Begin gen.sh ##########
41 # For now on this will be setup automatically
43 # For testing purposes use an image like this
44 #ASSET_DEVICE="$BASEDIR/setup/images/asset.img"
45 # For productive purposes use a "real" device here
46 ASSET_DEVICE="/dev/hdc"
47 # For productive purposes use a "real" partition here:
50 LOOP_ASSET="/dev/loop1"
51 LOOP_TEST="/dev/loop2"
52 # *Exactly* the same name(s) as you entered while gpg --gen-key for comment
53 USERS="quix0r angei junior"
54 # The master-key for creating the encrypted filesystem
55 MASTER="$BASEDIR/setup/keys/masterkey-secret.gpg"
56 # Additional keys (e.g. for your laptop) The path "BASEDIR/setup/keys" will be added!
57 EXTRA_KEYS="laptop-secret.gpg videos-secret.gpg home-secret.gpg"
58 # * 1kByte! No value means scrambling is disabled. A zero (0) together with
59 # Real device (/dev/hda; /dev/drbd0; etc.) means use shred
60 #COUNT="$((200*1024))"
63 # Use openssl or dd for scrambling disc/image? (dd=0, openssl=1)
65 # The multi-key for encrypting disc/image
66 MULTI_KEY="$BASEDIR/setup/keys/userkey-secret.gpg"
67 # The multi-key for encrypting disc/image
68 STICK_KEY="$BASEDIR/setup/keys/stick-secret.gpg"
69 MULTI_KEY_SUFFIX="secret.gpg"
70 # The first user is the "master" of this system
71 MASTER_USER=`echo $USERS | awk '{print $1}'`
72 # 1= Zero LOOP_ASSET after setting up. This will be done in gen.sh
75 ########## End gen.sh ############
77 ########## Begin initrd.sh ##########
78 BOOT_MOUNT="$BASEDIR/root/boot"
79 if test "$UMOUNT_INITRD" == ""; then
80 # Shall I umount the initrd after creation?
83 KERN_VER="2.6.8-2-386"
84 KERN_FOUND="0" # Never set it to 1 here!
85 INITRD_LOOP="/dev/loop5"
86 # Check filesystem? (will be overriden after initial creation)
88 # Relative directory for mouting stick et cetera (to /)
90 # Relative directory for storing key file(s) and seed (to /MNT)
92 ########## End initrd.sh ##########
94 ########## Begin asses.sh ###########
95 ROOM_PART="12288" # "Zero'ed" room between partitions
103 # Special mount points (e.g. for "data partition")
104 MP_DATA="$BASEDIR/root/home"
106 # Sizes for misc things (I have used a 200 GB HDD)
107 SIZE_BLOCK="4096" # Size of a block in filesystem
108 # Size of encrypted swap partition
110 SIZE_SWAP="$(( 2*1024*1024))" # = 2 GB
111 #SIZE_SWAP="$(( 20*1024))" # = 20 MB
112 # Size of unencrypted boot partition (for kernel-image, Sytem.map and initrd)
113 SIZE_BOOT="$(( 8*1024))" # = 8 MB
114 # Size of encrypted root (/) partition
116 SIZE_ROOT="$((170*1024*1024))" # = 170 GB
117 #SIZE_ROOT="$(( 110*1024))" # = 100 MB
118 SIZE_MAX="0" # Will be calculated later!
120 # Some extra space which would be left free after second partition
121 # You have to experiment with this value until it matches!
122 # You may find out if all disc space is consumed with "cfdisk ASSET_DEVICE"
123 SIZE_EXTRA="$((1024 * 9 + 231))"
125 # Offsets for the losetup command
126 OFFSET_SWAP="$(($SIZE_BOOT*1024+$ROOM_PART))"
127 OFFSET_ROOT="$(($OFFSET_SWAP+$SIZE_SWAP*1024+$ROOM_PART))"
128 OFFSET_DATA="$(($OFFSET_ROOT+$SIZE_ROOT*1024+$ROOM_PART))"
130 # This value will be overridden later
132 # 1= umount asset, 0= keep asset mounted (needed to continue with cpio.sh
134 # Count of iterations for losetup
137 # Modules needed for booting system
140 ######## End assest.sh #############
142 # Files and directories which we can to copy with cpio (do not copy all here!)
143 CPIO_FILES="/home/ /root"
145 # The target stick device (for testing place an 4MB image here)
146 #STICK_DEVICE="$BASEDIR/setup/images/stick.img"
147 # Change this to your USB stick device!
148 STICK_DEVICE="/dev/sda" # Please use the testing image above first!
149 # Size of the USB stick device in 1kBytes (will be overwritten later)
150 STICK_SIZE="$((256*1024))"
151 # This size will be used only for creating an image which has the same
152 # raw size as your USB stick has. So please check the total size of first.
153 # NOTE: If you want to change this to your real device (/dev/sda e.g.) and
154 # you already run asset.sh / stick.sh then please run asset.sh again!
156 # Otherwise your stick may take "logical" damage.
158 # The FQFN of the usb-storage module, change it to your matching version
159 USB_STORAGE="/lib/modules/$KERN_VER/kernel/drivers/usb/storage/usb-storage.ko"
161 # Is there an additional .local.sh script? (for testing)
163 if test -e ./.local.sh; then
164 # Include local configuration file
165 echo "$0: Loading .local.sh."
168 elif test -e $BASEDIR; then
169 # Use existing directory
170 echo "$0: Using $BASEDIR."
172 # Create base directory (maybe first call?)
173 mkdir $VERBOSE $BASEDIR
176 # Load additional functions
177 . $BASEDIR/include/functions.sh