fix bios boot issue and try to add secureboot suport

This commit is contained in:
manuel 2024-11-07 12:46:38 -01:00
parent 4e1a26843b
commit 1e289dc7a8
7 changed files with 178 additions and 312 deletions

View File

@ -74,7 +74,7 @@ build_variant() {
IMG=pep-live-${ARCH}-${DATE}-${variant}.iso
GRUB_PKGS="grub-i386-efi grub-x86_64-efi"
A11Y_PKGS="espeakup void-live-audio brltty"
PKGS="dialog octoxbps cryptsetup lvm2 mdadm void-docs-browse xtools-minimal xmirror chrony void-repo-nonfree void-repo-multilib void-repo-multilib-nonfree $A11Y_PKGS $GRUB_PKGS"
PKGS="dialog octoxbps cryptsetup lvm2 mdadm rsync void-docs-browse xtools-minimal xmirror chrony void-repo-nonfree void-repo-multilib void-repo-multilib-nonfree $A11Y_PKGS $GRUB_PKGS"
XORG_PKGS="xorg xorg-input-drivers xorg-video-drivers setxkbmap xauth font-misc-misc terminus-font dejavu-fonts-ttf orca"
SERVICES="sshd chronyd"

View File

@ -25,7 +25,6 @@ sequence:
- displaymanager
- networkcfg
- hwclock
# - services-runit
- grubcfg
- bootloader
- postcfg

View File

@ -1,167 +1,157 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
#
# === This file is part of Calamares - <http://github.com/calamares> ===
#
# Copyright 2014 - 2019, Philip Müller <philm@manjaro.org>
# Copyright 2016, Artoo <artoo@manjaro.org>
#
# Calamares is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Calamares is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Calamares. If not, see <http://www.gnu.org/licenses/>.
import libcalamares
import subprocess
from shutil import copy2
from distutils.dir_util import copy_tree
from os.path import join, exists
from libcalamares.utils import target_env_call
from libcalamares.utils import target_env_process_output
from libcalamares.utils import check_target_env_output
from libcalamares.utils import target_env_call, target_env_process_output
def pretty_name():
return ("Misc post-install configurations")
return "Misc post-install configurations"
status = ("Misc post-install configurations")
status = "Misc post-install configurations"
def pretty_status_message():
return status
class ConfigController:
def __init__(self):
try:
self.__root = libcalamares.globalstorage.value("rootMountPoint")
except Exception as e:
print(f"Error initializing root mount point: {e}")
raise
@property
def root(self):
return self.__root
def terminate(self, proc):
try:
target_env_call(['killall', '-9', proc])
except Exception as e:
print(f"Error terminating process '{proc}': {e}")
def copy_file(self, file):
try:
if exists("/" + file):
copy2("/" + file, join(self.root, file))
except Exception as e:
print(f"Error copying file '{file}': {e}")
def copy_folder(self, source, target):
try:
if exists("/" + source):
copy_tree("/" + source, join(self.root, target))
except Exception as e:
print(f"Error copying folder from '{source}' to '{target}': {e}")
def is_pkg_installed(self, pkg):
""" Checks if a package is installed in the target environment. """
try:
result = target_env_process_output(['xbps-query', pkg])
return result is not None # Package exists if query returns any result
except Exception as e:
print(f"Error checking if package '{pkg}' is installed: {e}")
return False
def remove_pkg(self, pkg):
libcalamares.utils.target_env_process_output(['xbps-remove', '-Ry', pkg])
try:
target_env_process_output(['xbps-remove', '-Ry', pkg])
except Exception as e:
print(f"Error removing package '{pkg}': {e}")
def umount(self, mp):
try:
subprocess.call(["umount", "-l", join(self.root, mp)])
except Exception as e:
print(f"Error unmounting '{mp}': {e}")
def mount(self, mp):
try:
subprocess.call(["mount", "-B", "/" + mp, join(self.root, mp)])
except Exception as e:
print(f"Error mounting '{mp}': {e}")
def rmdir(self, dir):
try:
subprocess.call(["rm", "-Rf", join(self.root, dir)])
except Exception as e:
print(f"Error removing directory '{dir}': {e}")
def mkdir(self, dir):
try:
subprocess.call(["mkdir", "-p", join(self.root, dir)])
except Exception as e:
print(f"Error creating directory '{dir}': {e}")
def run(self):
status = ("Removing CLI installer")
try:
# Remove CLI installers
if exists(join(self.root, "usr/sbin/void-installer")):
libcalamares.utils.target_env_process_output(["rm", "-fv", "usr/sbin/void-installer"])
target_env_process_output(["rm", "-fv", "usr/sbin/void-installer"])
if exists(join(self.root, "usr/sbin/pep-installer")):
libcalamares.utils.target_env_process_output(["rm", "-fv", "usr/sbin/pep-installer"])
target_env_process_output(["rm", "-fv", "usr/sbin/pep-installer"])
status = ("Initializing package manager databases")
# Initialize package manager databases
if libcalamares.globalstorage.value("hasInternet"):
libcalamares.utils.target_env_process_output(["xbps-install", "-Syy"])
target_env_process_output(["xbps-install", "-Syy"])
# Remove calamares
status = ("Removing Calamares from target")
# Remove Calamares from target
self.remove_pkg("calamares")
if exists(join(self.root, "usr/share/applications/calamares.desktop")):
target_env_call(["rm", "-fv", "usr/share/applications/calamares.desktop"])
# Remove Breeze if Plasma is not installed
if exists(join(self.root, "usr/bin/startplasma-x11")):
print("Plasma is installed, not removing Breeze")
else:
status = ("Removing Breeze")
self.remove_pkg("breeze")
# If Plasma or LXQt are installed, remove Qt5ct
if exists(join(self.root, "usr/bin/startplasma-x11")):
status = ("Removing Qt5ct")
self.remove_pkg("qt5ct")
elif exists(join(self.root, "usr/bin/startlxqt")):
status = ("Removing Qt5ct")
self.remove_pkg("qt5ct")
# Remove Emptty if LightDM is present
if exists(join(self.root, "etc/lightdm/lightdm.conf")):
if exists(join(self.root, "usr/bin/emptty")):
status = ("Removing Emptty")
libcalamares.utils.target_env_process_output(["rm", "-fv" , "etc/runit/runsvdir/default/emptty"])
libcalamares.utils.target_env_process_output(["rm" , "-rfv", "etc/emptty"])
target_env_process_output(["rm", "-fv", "etc/runit/runsvdir/default/emptty"])
target_env_process_output(["rm", "-rfv", "etc/emptty"])
self.remove_pkg("emptty")
# Copy skel to root
status = ("Copying skel to root")
self.copy_folder('etc/skel', 'root')
# Update grub.cfg
status = ("Updating GRUB")
if exists(join(self.root, "usr/bin/update-grub")):
libcalamares.utils.target_env_process_output(["update-grub"])
target_env_process_output(["update-grub"])
# Enable 'menu_auto_hide' when supported in grubenv
# Enable `menu_auto_hide` in grubenv if supported
if exists(join(self.root, "usr/bin/grub-set-bootflag")):
target_env_call(["grub-editenv", "-", "set", "menu_auto_hide=1", "boot_success=1"])
# # Enable plymouth
# status = ("Enabling Plymouth on target")
# libcalamares.utils.target_env_process_output(["plymouth-set-default-theme", "-R", "simply"])
# Replace /etc/issue msg from live
if exists(join(self.root, "etc/issue.new")):
libcalamares.utils.target_env_process_output(["mv", "etc/issue.new", "etc/issue"])
# If doas installed on target, enable it
# Enable doas if installed on target
if exists(join(self.root, "usr/bin/doas")):
doasconf = "permit nopass :root ||\npermit persist :wheel"
with open(join(self.root, "etc/doas.conf"), 'w') as conf:
conf.write(doasconf)
# Override default XFCE wallpaper
if exists(join(self.root, "usr/share/backgrounds/xfce/xfce-shapes.png")):
libcalamares.utils.target_env_process_output(["rm", "-fv", "usr/share/backgrounds/xfce/xfce-shapes.png"])
libcalamares.utils.target_env_process_output(["ln", "-frsv", "usr/share/backgrounds/wallpaper4.png", "usr/share/backgrounds/xfce/xfce-shapes.png"])
# Mark current kernel as automatically installed
target_env_process_output(["xbps-pkgdb", "-m", "auto", "linux6.1"])
# Mark current kernel as automatically installed (this allows to remove old LTS kernels as orphaned packages).
libcalamares.utils.target_env_process_output(["xbps-pkgdb", "-m", "auto", "linux6.1"])
# Remove linux-headers package if installed and ignore it in updates
if self.is_pkg_installed("linux-headers"):
self.remove_pkg("linux-headers")
else:
print("Package 'linux-headers' not installed, skipping removal.")
# Remove linux-headers meta-package
status = ("Removing linux-headers from target")
libcalamares.utils.target_env_process_output(["xbps-remove", "-RFyv", "linux-headers"])
ignorepkg = "ignorepkg=linux-headers"
self.mkdir("etc/xbps.d/")
with open(join(self.root, "etc/xbps.d/00-ignore.conf"), 'w') as conf:
conf.write(ignorepkg)
# Reconfigure all target packages to ensure everything is ok
status = ("Reconfiguring all target packages")
libcalamares.utils.target_env_process_output(["xbps-reconfigure", "-fa"])
# Reconfigure all target packages
target_env_process_output(["xbps-reconfigure", "-fa"])
except Exception as e:
print(f"Error during run process: {e}")
raise
def run():
""" Misc post-install configurations """
try:
config = ConfigController()
return config.run()
except Exception as e:
print(f"Error in main run function: {e}")
return None

View File

@ -23,22 +23,22 @@ MENU COLOR sel * #ffffffff #FF5255FF *
LABEL linux
MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@
LABEL linuxram
MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ (RAM)
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ rd.live.ram
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ rd.live.ram
LABEL linuxa11y
MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ with ^speech
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin
LABEL linuxa11yram
MENU LABEL @@BOOT_TITLE@@ @@KERNVER@@ @@ARCH@@ with speech (^RAM)
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP-LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin rd.live.ram
APPEND initrd=/boot/initrd root=live:CDLABEL=PEP_LIVE init=/sbin/init ro rd.luks=0 rd.md=0 rd.dm=0 loglevel=4 vconsole.unicode=1 vconsole.keymap=@@KEYMAP@@ locale.LANG=@@LOCALE@@ @@BOOT_CMDLINE@@ live.accessibility live.autologin rd.live.ram
LABEL c
MENU LABEL Boot first HD found by BIOS

View File

@ -1,193 +0,0 @@
import sys
import subprocess
from PyQt5.QtWidgets import (QApplication, QMainWindow, QVBoxLayout, QLabel, QPushButton,
QWidget, QComboBox, QLineEdit, QProgressBar, QMessageBox,
QStackedWidget, QHBoxLayout, QFormLayout)
from PyQt5.QtGui import QPixmap, QFont
from PyQt5.QtCore import Qt
class InstallerWindow(QMainWindow):
def __init__(self):
super().__init__()
self.setWindowTitle("Void Linux Installer")
self.setGeometry(300, 200, 800, 600)
# Widget com layout empilhado para etapas de instalação
self.stack = QStackedWidget()
self.setCentralWidget(self.stack)
# Fontes e estilos básicos
self.title_font = QFont("Arial", 18, QFont.Bold)
self.normal_font = QFont("Arial", 12)
# Etapas do instalador
self.create_welcome_page()
self.create_partition_page()
self.create_user_page()
self.create_install_page()
# Layout para os botões de navegação
self.nav_layout = QHBoxLayout()
self.prev_button = QPushButton("Anterior")
self.prev_button.clicked.connect(self.prev_page)
self.prev_button.setEnabled(False) # Desativado na primeira página
self.next_button = QPushButton("Próximo")
self.next_button.clicked.connect(self.next_page)
self.nav_layout.addWidget(self.prev_button)
self.nav_layout.addWidget(self.next_button)
# Adicionar os botões de navegação no final
nav_widget = QWidget()
nav_widget.setLayout(self.nav_layout)
layout = QVBoxLayout()
layout.addWidget(self.stack)
layout.addWidget(nav_widget)
container = QWidget()
container.setLayout(layout)
self.setCentralWidget(container)
def create_welcome_page(self):
"""Página de boas-vindas."""
page = QWidget()
layout = QVBoxLayout()
welcome_label = QLabel("Bem-vindo ao Instalador do Void Linux")
welcome_label.setFont(self.title_font)
layout.addWidget(welcome_label, alignment=Qt.AlignCenter)
img_label = QLabel()
img = QPixmap("image.png") # Certifique-se de que o caminho da imagem esteja correto
img_label.setPixmap(img.scaled(300, 300, Qt.KeepAspectRatio))
layout.addWidget(img_label, alignment=Qt.AlignCenter)
page.setLayout(layout)
self.stack.addWidget(page)
def create_partition_page(self):
"""Página de seleção de partição."""
page = QWidget()
layout = QVBoxLayout()
title = QLabel("Seleção de Partição")
title.setFont(self.title_font)
layout.addWidget(title)
form_layout = QFormLayout()
self.partition_combo = QComboBox()
self.partition_combo.addItems(self.get_partitions())
form_layout.addRow("Escolha uma partição:", self.partition_combo)
# Botão para abrir GParted
gparted_button = QPushButton("Abrir GParted para Particionamento")
gparted_button.clicked.connect(self.open_gparted)
layout.addLayout(form_layout)
layout.addWidget(gparted_button)
page.setLayout(layout)
self.stack.addWidget(page)
def create_user_page(self):
"""Página de configuração de usuário e senha."""
page = QWidget()
layout = QVBoxLayout()
title = QLabel("Configuração do Usuário")
title.setFont(self.title_font)
layout.addWidget(title)
form_layout = QFormLayout()
self.user_input = QLineEdit()
self.password_input = QLineEdit()
self.password_input.setEchoMode(QLineEdit.Password)
form_layout.addRow("Nome do usuário:", self.user_input)
form_layout.addRow("Senha:", self.password_input)
layout.addLayout(form_layout)
page.setLayout(layout)
self.stack.addWidget(page)
def create_install_page(self):
"""Página de instalação com barra de progresso."""
page = QWidget()
layout = QVBoxLayout()
title = QLabel("Instalação do Sistema")
title.setFont(self.title_font)
layout.addWidget(title)
self.progress_bar = QProgressBar()
self.progress_bar.setAlignment(Qt.AlignCenter)
layout.addWidget(self.progress_bar)
install_button = QPushButton("Iniciar Instalação")
install_button.clicked.connect(self.start_installation)
layout.addWidget(install_button, alignment=Qt.AlignCenter)
page.setLayout(layout)
self.stack.addWidget(page)
def get_partitions(self):
"""Função para listar partições do sistema."""
partitions = subprocess.getoutput("lsblk -nd -o NAME").splitlines()
return [f"/dev/{p}" for p in partitions]
def open_gparted(self):
"""Abre o GParted para particionamento de disco."""
try:
subprocess.Popen(["gparted"])
except FileNotFoundError:
QMessageBox.critical(self, "Erro", "GParted não está instalado.")
def start_installation(self):
"""Inicia a instalação e atualiza a barra de progresso."""
partition = self.partition_combo.currentText()
username = self.user_input.text()
password = self.password_input.text()
if not partition or not username or not password:
QMessageBox.warning(self, "Erro", "Por favor, preencha todos os campos.")
return
try:
self.progress_bar.setValue(0)
subprocess.run(["./mklive.sh"], check=True)
self.progress_bar.setValue(25)
subprocess.run(["./mkrootfs.sh"], check=True)
self.progress_bar.setValue(50)
subprocess.run(["./mkimage.sh"], check=True)
self.progress_bar.setValue(75)
subprocess.run(["./installer.sh", partition, username, password], check=True)
self.progress_bar.setValue(100)
QMessageBox.information(self, "Sucesso", "Instalação concluída com sucesso!")
except subprocess.CalledProcessError as e:
QMessageBox.critical(self, "Erro", f"Ocorreu um erro: {e}")
def next_page(self):
"""Avançar para a próxima página."""
current_index = self.stack.currentIndex()
if current_index < self.stack.count() - 1:
self.stack.setCurrentIndex(current_index + 1)
self.prev_button.setEnabled(True)
# Alterar o texto do botão para "Instalar" na última página
if current_index == self.stack.count() - 2:
self.next_button.setText("Instalar")
else:
self.next_button.setText("Próximo")
def prev_page(self):
"""Voltar para a página anterior."""
current_index = self.stack.currentIndex()
if current_index > 0:
self.stack.setCurrentIndex(current_index - 1)
self.next_button.setText("Próximo")
if current_index == 1:
self.prev_button.setEnabled(False)
if __name__ == "__main__":
app = QApplication(sys.argv)
window = InstallerWindow()
window.show()
sys.exit(app.exec_())

View File

@ -585,6 +585,9 @@ generate_isolinux_boot
print_step "Generating GRUB support for EFI systems..."
generate_grub_efi_boot
#print_step "Configuring Secure Boot and TPM support..."
#source ./secureboot_tpm_setup.sh
print_step "Cleaning up rootfs..."
cleanup_rootfs

67
secureboot_tpm_setup.sh Executable file
View File

@ -0,0 +1,67 @@
#!/bin/bash
# secureboot_tpm_setup.sh - Script to set up Secure Boot and TPM during ISO build
set -e
# Paths and filenames
KEY_DIR="/etc/secureboot"
GRUB_PATH="/boot/EFI/BOOT/BOOTX64.EFI"
KERNEL_PATH="/boot/vmlinuz"
SIGNED_KERNEL_PATH="/boot/vmlinuz-signed"
SIGNED_GRUB_PATH="/boot/EFI/BOOT/BOOTX64.EFI.signed"
CONF_PATH="/etc/xbps.d"
# Create directory for storing Secure Boot keys
mkdir -p "$KEY_DIR"
chmod 700 "$KEY_DIR"
# Generate Secure Boot Keys
echo "Generating Secure Boot keys..."
openssl req -new -x509 -newkey rsa:2048 -keyout "$KEY_DIR/db.key" -out "$KEY_DIR/db.crt" -nodes -days 3650 -subj "/CN=Void Linux Secure Boot/"
openssl x509 -in "$KEY_DIR/db.crt" -outform DER -out "$KEY_DIR/db.der"
# Install required tools
echo "Installing required tools..."
xbps-install -S -y efitools sbsigntool tpm-tools tpm2-tools
# Sign the GRUB EFI binary
echo "Signing GRUB..."
sbsign --key "$KEY_DIR/db.key" --cert "$KEY_DIR/db.crt" --output "$SIGNED_GRUB_PATH" "$GRUB_PATH"
mv "$SIGNED_GRUB_PATH" "$GRUB_PATH"
# Sign the kernel
echo "Signing kernel..."
sbsign --key "$KEY_DIR/db.key" --cert "$KEY_DIR/db.crt" --output "$SIGNED_KERNEL_PATH" "$KERNEL_PATH"
mv "$SIGNED_KERNEL_PATH" "$KERNEL_PATH"
# Configure GRUB to load the signed kernel
echo "Configuring GRUB for signed kernel..."
cat << EOF > /etc/grub.d/40_custom
menuentry "Void Linux" {
insmod gzio
insmod part_gpt
insmod ext2
set root='hd0,gpt1'
linux /vmlinuz root=/dev/sdX ro
initrd /initramfs.img
}
EOF
# Regenerate GRUB configuration
echo "Generating GRUB configuration..."
grub-mkconfig -o /boot/grub/grub.cfg
# Set up TPM (optional, for integrity checks)
echo "Configuring TPM..."
echo "GRUB_CMDLINE_LINUX='tpm_tis.force=1'" >> /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg
# Disable linux-headers to avoid conflicts with Secure Boot
echo "Disabling linux-headers package..."
mkdir -p "$CONF_PATH"
echo "ignorepkg=linux-headers" > "$CONF_PATH/00-ignore.conf"
# Clean up key files (optional, to avoid storing keys in ISO)
rm -rf "$KEY_DIR"
echo "Secure Boot and TPM setup completed."