diff --git a/build.sh b/build.sh index 85ed6a9..92ce1f8 100755 --- a/build.sh +++ b/build.sh @@ -8,6 +8,7 @@ cd "$(dirname "$0")" PYTHON_VER=3.9.6 PYTHON_PKG=python-$PYTHON_VER-macos11.pkg PYTHON_URI="https://www.python.org/ftp/python/$PYTHON_VER/$PYTHON_PKG" +ENCRYPTOR_URI="https://github.com/WhatAmISupposedToPutHere/encryptor/releases/download/v0.1/encryptor.tar.gz" M1N1="$PWD/m1n1" ARTWORK="$PWD/artwork" @@ -44,6 +45,7 @@ echo "Downloading installer components..." cd "$DL" wget -Nc "$PYTHON_URI" +wget -Nc "$ENCRYPTOR_URI" echo "Building m1n1..." @@ -52,7 +54,7 @@ make -C "$M1N1" RELEASE=1 CHAINLOADING=1 -j4 echo "Copying files..." cp -r "$SRC"/* "$PACKAGE/" -rm "$PACKAGE/asahi_firmware" +rm -r "$PACKAGE/asahi_firmware" cp -r "$AFW" "$PACKAGE/" cp "$ARTWORK/logos/icns/AsahiLinux_logomark.icns" "$PACKAGE/logo.icns" mkdir -p "$PACKAGE/boot" @@ -81,7 +83,7 @@ cd python3.* rm -rf test ensurepip idlelib cd lib-dynload rm -f _test* _tkinter* - + echo "Copying certificates..." @@ -92,6 +94,8 @@ echo "Packaging installer..." cd "$PACKAGE" +tar xf "$DL/encryptor.tar.gz" + echo "$VER" > version.tag if [ "$1" == "prod" ]; then diff --git a/src/main.py b/src/main.py index 2374516..9776521 100644 --- a/src/main.py +++ b/src/main.py @@ -239,7 +239,7 @@ def get_admin_credentials(self): self.admin_password = getpass.getpass(f'Password for {self.admin_user}: ') def action_install_into_container(self, avail_parts): - template = self.choose_os() + template, fde = self.choose_os() containers = {str(i): p.desc for i,p in enumerate(self.parts) if p in avail_parts} @@ -253,7 +253,7 @@ def action_install_into_container(self, avail_parts): self.ins = stub.StubInstaller(self.sysinfo, self.dutil, self.osinfo) self.ins.load_ipsw(ipsw) - self.osins = osinstall.OSInstaller(self.dutil, self.data, template) + self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde) self.osins.load_package() self.do_install() @@ -266,9 +266,9 @@ def action_wipe(self): print() - template = self.choose_os() + template, fde = self.choose_os() - self.osins = osinstall.OSInstaller(self.dutil, self.data, template) + self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde) self.osins.load_package() min_size = STUB_SIZE + self.osins.min_size @@ -286,9 +286,9 @@ def action_wipe(self): self.do_install(os_size) def action_install_into_free(self, avail_free): - template = self.choose_os() + template, fde = self.choose_os() - self.osins = osinstall.OSInstaller(self.dutil, self.data, template) + self.osins = osinstall.OSInstaller(self.dutil, self.data, template, fde) self.osins.load_package() min_size = STUB_SIZE + self.osins.min_size @@ -498,7 +498,10 @@ def choose_os(self): idx = self.choice("OS", [i["name"] for i in os_list]) os = os_list[idx] logging.info(f"Chosen OS: {os['name']}") - return os + fde = False + if os.get("supports_fde", False) or True: + fde = self.yesno("Enable disk encryption?") + return (os, fde) def set_reduced_security(self): while True: diff --git a/src/osinstall.py b/src/osinstall.py index 2160a29..8d845a5 100644 --- a/src/osinstall.py +++ b/src/osinstall.py @@ -6,7 +6,7 @@ class OSInstaller(PackageInstaller): PART_ALIGNMENT = 1024 * 1024 - def __init__(self, dutil, data, template): + def __init__(self, dutil, data, template, fde): super().__init__() self.dutil = dutil self.data = data @@ -16,6 +16,7 @@ def __init__(self, dutil, data, template): self.efi_part = None self.idata_targets = [] self.install_size = self.min_size + self.fde = fde @property def default_os_name(self): @@ -117,6 +118,38 @@ def download_extras(self): ucache.flush_progress() def install(self, stub_ins): + if self.fde: + p_progress("Extracting OS image ...") + for part in self.template["partitions"]: + image = part.get("image", None) + if image is None: + continue + zinfo = self.pkg.getinfo(image) + with self.pkg.open(image) as sfd, \ + open(image, "wb") as dfd: + self.fdcopy(sfd, dfd, zinfo.file_size) + p_progress("Encrypting OS image ...") + args = [ + "./encryptor/qemu-system-aarch64", + "-nographic", + "-L", "./encryptor/qemu/", + "-chardev", "stdio,id=term0", + "-serial", "chardev:term0", + "-cpu", "host", + "-smp", "cpus=8,sockets=1,cores=8,threads=1", + "-machine", "virt", + "-accel", "hvf", + "-m", "4096", + "-kernel", "./encryptor/vmlinuz-virt", + "-initrd", "./encryptor/initramfs", + "-device", "virtio-rng-pci", + "-monitor", "/dev/null", + "-append", "quiet", + "-drive", "if=virtio,format=raw,index=1,file=boot.img", + "-drive", "if=virtio,format=raw,index=2,file=root.img" + ] + subprocess.run(args, check=True) + p_progress("Installing OS...") logging.info("OSInstaller.install()") @@ -133,12 +166,21 @@ def install(self, stub_ins): logging.info(f"Installing partition {part!r} -> {info.name}") image = part.get("image", None) if image: - p_plain(f" Extracting {image} into {info.name} partition...") + if self.fde: + p_plain(f" Installing {image} into {info.name} partition...") + else: + p_plain(f" Extracting {image} into {info.name} partition...") logging.info(f"Extract: {image}") zinfo = self.pkg.getinfo(image) - with self.pkg.open(image) as sfd, \ - open(f"/dev/r{info.name}", "r+b") as dfd: - self.fdcopy(sfd, dfd, zinfo.file_size) + if self.fde: + with open(image, "rb") as sfd, \ + open(f"/dev/r{info.name}", "r+b") as dfd: + self.fdcopy(sfd, dfd, zinfo.file_size) + else: + with self.pkg.open(image) as sfd, \ + open(f"/dev/r{info.name}", "r+b") as dfd: + self.fdcopy(sfd, dfd, zinfo.file_size) + self.flush_progress() source = part.get("source", None) if source: