fix chrome os unenrolled persistence

This commit is contained in:
ading2210 2024-06-20 22:37:05 -07:00
parent 645e03cfd8
commit 91486b067f
2 changed files with 10 additions and 14 deletions

View File

@ -94,7 +94,7 @@ move_mounts() {
print_license() { print_license() {
cat << EOF cat << EOF
Shimboot v1.1.0 Shimboot v1.1.1
ading2210/shimboot: Boot desktop Linux from a Chrome OS RMA shim. ading2210/shimboot: Boot desktop Linux from a Chrome OS RMA shim.
Copyright (C) 2023 ading2210 Copyright (C) 2023 ading2210
@ -184,18 +184,6 @@ get_selection() {
return 1 return 1
} }
contains_word() {
local substr="$1"
local str="$2"
for word in $str; do
if [ "$word" = "$substr" ]; then
return 0
fi
done
return 1
}
copy_progress() { copy_progress() {
local source="$1" local source="$1"
local destination="$2" local destination="$2"
@ -326,11 +314,14 @@ boot_chromeos() {
echo "patching chrome os rootfs" echo "patching chrome os rootfs"
cat /newroot/etc/ui_use_flags.txt | sed "/reven_branding/d" | sed "/os_install_service/d" > /newroot/tmp/ui_use_flags.txt cat /newroot/etc/ui_use_flags.txt | sed "/reven_branding/d" | sed "/os_install_service/d" > /newroot/tmp/ui_use_flags.txt
mount -o bind /newroot/tmp/ui_use_flags.txt /newroot/etc/ui_use_flags.txt mount -o bind /newroot/tmp/ui_use_flags.txt /newroot/etc/ui_use_flags.txt
cp /opt/mount-encrypted /newroot/tmp/mount-encrypted
cp /newroot/usr/sbin/mount-encrypted /newroot/tmp/mount-encrypted.real
mount -o bind /newroot/tmp/mount-encrypted /newroot/usr/sbin/mount-encrypted
if [ "$use_crossystem" = "y" ]; then if [ "$use_crossystem" = "y" ]; then
echo "patching crossystem" echo "patching crossystem"
cp /opt/crossystem /newroot/tmp/crossystem cp /opt/crossystem /newroot/tmp/crossystem
if [ "$invalid_hwid" ]; then if [ "$invalid_hwid" = "y" ]; then
sed -i 's/block_devmode/hwid/' /newroot/tmp/crossystem sed -i 's/block_devmode/hwid/' /newroot/tmp/crossystem
fi fi

5
bootloader/opt/mount-encrypted Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
#this fixes chrome os persistence by adding the "--unsafe" flag to all invocations of mount-encrypted
/tmp/mount-encrypted.real "$@" --unsafe 2>&1 | tee -a /tmp/mount-encrypted.log