Encrypted bootloader for your Raspberry Pi
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Bret R. Human 9c7dec7d90 initial commit 4 weeks ago
BerrybootGUI2.0 initial commit 4 weeks ago
buildroot-2018.08 initial commit 4 weeks ago
configs initial commit 4 weeks ago
external initial commit 4 weeks ago
output initial commit 4 weeks ago
LICENSE initial commit 4 weeks ago
README.md initial commit 4 weeks ago
build-berryboot.sh initial commit 4 weeks ago
rebuild-berryboot.sh initial commit 4 weeks ago
rebuild-kernel.sh initial commit 4 weeks ago

README.md

caffyBoot

Caffyboot’s operation is extremely similar to Berryboot but eschews the GUI and menu options in favor of automatic encryption of the second partition based off of the device’s serial number. This may not be the most secure method to begin with but it’s a starting point for your own twisted machinations. Edit caffyboot/external/package/berrybootgui2/init’s /tmp/superCereal generation to your heart’s content.

Once the secondary partition has been encrypted it will then try to connect to WiFi using the wpa_supplicant configuration provided in a file under /boot/caffySupple.cdebug, and download the image from a url you provide in /boot/caffyProvision.cdebug. To enter the busybox shell before the OS is loaded, provide an empty file named /boot/caffySaysHi.cdebug.

Folders

  • buildroot - build system to create a minimal Linux operating system to run the boot menu under
  • buildroot/package/berrybootgui2/init - script that gets executed on boot, starts encryption setup

Build requirements

Caffyboot uses Buildroot to build a minimal Linux operating system to run under. Buildroot requires that the following packages are installed: http://www.buildroot.org/downloads/manual/manual.html#requirement

To build for the Raspberry Pi 2

./build-berryboot.sh device_pi2

The files in the output folder must be copied to an empty FAT formatted SD card.

To add support for a new ARM device

Create a file buildroot/berryboot-configs/device-mydevice with the buildroot configuration options to build a kernel and supporting files for your device. E.g.:

BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/mydevice/linux.git"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="branch3.18"
BR2_LINUX_KERNEL_DEFCONFIG="mydevice"
# Kernel options needed by Berryboot (enables AUFS support and such)
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="../configs/kernel_config_fragment_berryboot"
# Install AUFS kernel patch
BR2_LINUX_KERNEL_EXT_AUFS=y
BR2_LINUX_KERNEL_EXT_AUFS_VERSION="aufs3.18"
BR2_LINUX_KERNEL_ZIMAGE=y
BR2_LINUX_KERNEL_IMAGE_INSTALL_NAME="kernel_mydevice_aufs.img"

AUFS kernel extension version must match kernel version. Build with:

./build-berryboot.sh device_mydevice

Berryboot expects that the kernel cmdline parameters are stored in a text file called cmdline.txt on the SD card or are stored at the end of the file uEnv.txt, and that the parameters can be edited (so may not be stored in a binary format with checksum). You must configure your bootloader to read the cmdline parameters, and boot Linux kernel kernel_mydevice_aufs.img with initramfs berryboot.img.