1
0
Fork 0
Encrypted bootloader for your Raspberry Pi
Go to file
Bret c5d692bab5 Update 'external/package/berrybootgui2/init' 2020-11-15 04:36:06 -05:00
BerrybootGUI2.0 initial commit 2019-05-21 09:29:44 -04:00
buildroot-2018.08 initial commit 2019-05-21 09:29:44 -04:00
configs initial commit 2019-05-21 09:29:44 -04:00
external Update 'external/package/berrybootgui2/init' 2020-11-15 04:36:06 -05:00
output initial commit 2019-05-21 09:29:44 -04:00
LICENSE Update 'LICENSE' 2020-11-15 04:35:01 -05:00
README.md Update 'README.md' 2020-11-15 04:33:53 -05:00
build-berryboot.sh initial commit 2019-05-21 09:29:44 -04:00
rebuild-berryboot.sh initial commit 2019-05-21 09:29:44 -04:00
rebuild-kernel.sh initial commit 2019-05-21 09:29:44 -04:00

README.md

caffyBoot

Caffyboot's operation is extremely similar to Berryboot but eschews the GUI and menu options in favor of automatic encryption of the second partition based off of the device's serial number. This may not be the most secure method to begin with but it's a starting point for your own twisted machinations. Edit caffyboot/external/package/berrybootgui2/init's /tmp/superCereal generation to your heart's content.

Once the secondary partition has been encrypted it will then try to connect to WiFi using the wpa_supplicant configuration provided in a file under /boot/caffySupple.cdebug, and download the image from a url you provide in /boot/caffyProvision.cdebug. To enter the busybox shell before the OS is loaded, provide an empty file named /boot/caffySaysHi.cdebug.

Folders

  • buildroot - build system to create a minimal Linux operating system to run the boot menu under
  • buildroot/package/berrybootgui2/init - script that gets executed on boot, starts encryption setup

Build requirements

Caffyboot uses Buildroot to build a minimal Linux operating system to run under. Buildroot requires that the following packages are installed: http://www.buildroot.org/downloads/manual/manual.html#requirement

To build for the Raspberry Pi 2

./build-berryboot.sh device_pi2

The files in the output folder must be copied to an empty FAT formatted SD card.

To add support for a new ARM device

Create a file buildroot/berryboot-configs/device-mydevice with the buildroot configuration options to build a kernel and supporting files for your device. E.g.:

BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_GIT=y
BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/mydevice/linux.git"
BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="branch3.18"
BR2_LINUX_KERNEL_DEFCONFIG="mydevice"
# Kernel options needed by Berryboot (enables AUFS support and such)
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="../configs/kernel_config_fragment_berryboot"
# Install AUFS kernel patch
BR2_LINUX_KERNEL_EXT_AUFS=y
BR2_LINUX_KERNEL_EXT_AUFS_VERSION="aufs3.18"
BR2_LINUX_KERNEL_ZIMAGE=y
BR2_LINUX_KERNEL_IMAGE_INSTALL_NAME="kernel_mydevice_aufs.img"

AUFS kernel extension version must match kernel version. Build with:

./build-berryboot.sh device_mydevice

Berryboot expects that the kernel cmdline parameters are stored in a text file called cmdline.txt on the SD card or are stored at the end of the file uEnv.txt, and that the parameters can be edited (so may not be stored in a binary format with checksum). You must configure your bootloader to read the cmdline parameters, and boot Linux kernel kernel_mydevice_aufs.img with initramfs berryboot.img.