make lemote yeelong finally usable

- moved startup script for all targets to /start
- add kernel patch to use /start
- add cryptinit package
- make an encrypted rootfilesystem as choice for lemote

TODO

@@ -4,7 +4,6 @@
 - fix init scripts pidof? vs. killall
 - rpath libtool problem fix
 - bind isc 9.6.1
-- check mips -mno-abicalls
 - check ac_cv_func_setpgrp_void=no
 - freebsd build
 - win cygwin build

mk/rootfs.mk

@@ -19,5 +19,6 @@ $(eval $(call rootfs_template,initramfs,INITRAMFS))
 $(eval $(call rootfs_template,squashfs,SQUASHFS))
 $(eval $(call rootfs_template,yaffs,YAFFS))
 $(eval $(call rootfs_template,nfsroot,NFSROOT,root=/dev/nfs ip=dhcp))
+$(eval $(call rootfs_template,encrypted,ENCRYPTED))
 
 export FS

package/Config.in

@@ -9,6 +9,7 @@ menu "Basesystem"
 source "package/base-files/Config.in"
 source "package/busybox/Config.in"
 source "package/cfgfs/Config.in"
+source "package/cryptinit/Config.in"
 source "package/uclibc/Config.in"
 source "package/glibc/Config.in"
 source "package/eglibc/Config.in"

package/Depends.mk

@@ -16,6 +16,7 @@ cbtt-compile: uclibc++-compile
 endif
 cbtt-compile: mysql-compile zlib-compile
 collectd-compile: libpthread-compile
+cryptinit-compile: cryptsetup-compile
 cryptsetup-compile: libgcrypt-compile popt-compile e2fsprogs-compile lvm-compile
 ifeq (${ADK_COMPILE_CTORRENT_WITH_UCLIBCXX},y)
 ctorrent-compile: uclibc++-compile

package/Makefile

@@ -33,6 +33,7 @@ package-$(ADK_COMPILE_AXTLS) += axtls
 package-$(ADK_PACKAGE_BASH) += bash
 package-$(ADK_COMPILE_BC) += bc
 package-$(ADK_PACKAGE_CFGFS) += cfgfs
+package-$(ADK_PACKAGE_CRYPTINIT) += cryptinit
 package-$(ADK_PACKAGE_BIGREQSPROTO) += bigreqsproto
 package-$(ADK_COMPILE_BIND) += bind
 package-$(ADK_PACKAGE_BINUTILS) += binutils

package/base-files/extra/init → package/base-files/extra/start

@@ -1,5 +1,4 @@
 #!/bin/sh
-echo "Starting system"
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin
 mount -nt proc proc /proc
 size=$(awk '/MemTotal:/ { if ($2 > 16000) { print 4096 } else { print 2048 }}' /proc/meminfo)

package/cryptinit/Config.in

@@ -0,0 +1,6 @@
+config ADK_PACKAGE_CRYPTINIT
+	prompt "cryptinit............................. crypt initramfs application"
+	tristate
+	default n
+	help
+	  For encrypted root filesystems and fast bootup.

package/cryptinit/Makefile

@@ -0,0 +1,42 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include ${TOPDIR}/rules.mk
+
+PKG_NAME:=		cryptinit
+PKG_VERSION:=		1.0.2
+PKG_RELEASE:=		1
+PKG_DESCR:=		init for encrypted rootfilesystem
+PKG_SECTION:=		base
+
+WRKDIST=		${WRKDIR}/${PKG_NAME}-${PKG_VERSION}
+NO_DISTFILES:=		1
+
+include ${TOPDIR}/mk/package.mk
+
+$(eval $(call PKG_template,CRYPTINIT,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
+
+BUILD_STYLE:=		manual
+INSTALL_STYLE:=		manual
+
+pre-configure:
+	mkdir -p ${WRKBUILD}
+
+do-build:
+	${TARGET_CC} ${TCPPFLAGS} ${TCFLAGS} -c -o ${WRKBUILD}/cryptinit.o \
+		./src/cryptinit.c
+	( cd ${WRKBUILD}; \
+	${TARGET_CC} -static -o cryptinit cryptinit.o \
+		 ${STAGING_DIR}/usr/lib/libcryptsetup.a \
+		-L${STAGING_DIR}/lib -L${STAGING_DIR}/usr/lib \
+		-ldevmapper -lpthread \
+		${STAGING_DIR}/usr/lib/libgcrypt.a \
+		${STAGING_DIR}/usr/lib/libgpg-error.a \
+		-luuid -Wl,--rpath -Wl,${STAGING_DIR}/usr/lib \
+	);
+
+do-install:
+	$(CP) ./files/initramfs_list $(LINUX_DIR)
+	$(CP) ${WRKBUILD}/cryptinit $(LINUX_DIR)
+
+include ${TOPDIR}/mk/pkg-bottom.mk

package/cryptinit/files/initramfs_list

@@ -0,0 +1,17 @@
+dir /dev 755 0 0
+dir /dev/mapper 755 0 0
+dir /proc 755 0 0
+dir /sys 755 0 0
+dir /mnt 755 0 0
+nod /dev/console 644 0 0 c 5 1
+nod /dev/tty 660 0 0 c 5 0
+nod /dev/tty0 600 0 0 c 4 0
+nod /dev/sda 644 0 0 b 8 0
+nod /dev/sda1 644 0 0 b 8 1
+nod /dev/sda2 644 0 0 b 8 2
+nod /dev/sda3 644 0 0 b 8 3
+nod /dev/sda4 644 0 0 b 8 4
+nod /dev/null 644 0 0 c 1 3
+nod /dev/mapper/control 644 0 0 c 10 62
+nod /dev/urandom 644 0 0 c 1 9
+file /init ./cryptinit 755 0 0

package/cryptinit/src/cryptinit.c

@@ -0,0 +1,469 @@
+/*
+ * cryptinit 1.0.2 - setup encrypted root/swap system using LUKS
+ *
+ * Copyright (C) 2009 Waldemar Brodkorb <mail@waldemar-brodkorb.de>
+ * Copyright (C) 2008 Phil Sutter <phil@nwl.cc>
+ *		
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * strongly based on ideas and work from Phil Sutter
+ * http://nwl.cc/cgi-bin/git/gitweb.cgi?p=initramfs-init.git;a=summary
+ *   - used with cryptsetup 1.0.6 (needs a small cryptsetup-patch)
+ *   - see comment at the end of file for a useful initramfs filelist
+ *   - compile and link with following commands to get a static init
+ *     gcc -Wall -c -o init.o cryptinit.c
+ *     libtool --mode=link --tag=CC gcc -all-static -o init init.o \
+ *	/usr/lib/libcryptsetup.la
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h> 
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <libcryptsetup.h>
+#include <sys/mount.h>
+#include <sys/reboot.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <sys/wait.h>
+
+#define HOSTNAME "linux"
+#define DOMAINNAME "foo.bar"
+
+#define CRYPT_SWAP_DEV "/dev/sda3"
+#define CRYPT_SWAP_NAME "swap"
+#define CRYPT_ROOT_DEV "/dev/sda2"
+#define CRYPT_ROOT_NAME "root"
+
+#define PROCPATH "/proc"
+#define SYSPATH "/sys"
+#define PROCFS "proc"
+#define SYSFS "sysfs"
+
+#define DEF_KERN_CONS "/dev/console"
+#define DEF_KERN_SWAP "/dev/mapper/swap"
+#define DEF_KERN_ROOT_SRC "/dev/mapper/root"
+#define DEF_KERN_ROOT_TGT "/mnt"
+#define DEF_KERN_ROOT_FS "xfs"
+#define DEF_KERN_INIT "/start"
+#define DEF_KERN_RUNLEVEL "3"
+
+#ifndef MS_MOVE
+#define MS_MOVE         8192
+#endif
+
+/* a structure for holding options to mount() a device */
+struct mntopts {
+        char *source;
+        char *target;
+        char *fstype;
+        unsigned long flags;
+};
+
+/* a structure for holding kernel boot parameters */
+struct commandline {
+        struct mntopts root;
+        char *init;
+        char *resume;
+        char *runlevel;
+        ushort do_resume;
+        ushort debug;
+};
+
+struct commandline cmdline;
+
+void debug_printf(const char *format, ...) {
+	va_list params;
+	if(cmdline.debug) {
+		va_start(params, format);
+		vprintf(format, params);
+		va_end(params);
+	}
+}
+
+void debug_msg(const char *s) {
+	if(cmdline.debug)
+		fputs(s, stderr);
+}
+
+void log_msg(const char *s) {
+	fputs(s, stdout);
+}
+
+/* logging function from cryptsetup library */
+static void cmdLineLog(int class, char *msg) {
+	switch(class) {
+	case CRYPT_LOG_NORMAL:
+		debug_msg(msg);
+		break;
+	case CRYPT_LOG_ERROR:
+		debug_msg(msg);
+		break;
+	default:
+		fprintf(stderr, "Internal error for msg: %s", msg);
+		break;
+	}
+}
+
+int switch_root(char *console, char *newroot, char *init, char *initarg) {
+
+	if (chdir(newroot)) {
+		fprintf(stderr,"bad newroot %s\n",newroot);
+		return 1;
+	}
+	/* Overmount / with newdir and chroot into it.  The chdir is needed to
+	 * recalculate "." and ".." links. */
+	if (mount(".", "/", NULL, MS_MOVE, NULL) || chroot(".") || chdir("/")) {
+		fprintf(stderr,"switch_root: error moving root\n");
+		return 2;
+	}
+
+	/* If a new console specified, redirect stdin/stdout/stderr to that. */
+	if (console) {
+		close(0);
+		if(open(console, O_RDWR) < 0) {
+			fprintf(stderr,"Bad console '%s'\n",console);
+			return 4;
+		}
+		dup2(0, 1);
+		dup2(0, 2);
+	}
+
+	log_msg("Starting Linux from encrypted root disk\n");
+	/* Exec real init.  (This is why we must be pid 1.) */
+	execl(init, init, (char *)NULL);
+	fprintf(stderr,"Bad init '%s'\n",init);
+	return 3;
+}
+
+char *read_cmdline(void) {
+	FILE *fp;
+	int linelen, i;
+	char *str;
+
+	if((fp=fopen("/proc/cmdline","r")) == NULL) {
+		perror("fopen()");
+		return NULL;
+	}
+	linelen = 10;
+	str = calloc(linelen, sizeof(char));
+	for(i=0;(str[i]=fgetc(fp)) != EOF; i++) {
+		if(i>linelen-1) {
+			linelen += 10;
+			if((str=realloc(str, linelen)) == NULL) {
+				perror("realloc()");
+				return NULL;
+			}
+		}
+	}
+	str[i-1] = '\0'; /* substitutes \n for \0 */
+	fclose(fp);
+	return str;
+}
+
+int parse_cmdline(char *line) {
+	int tmpnum;
+	char *tmpstr, *lstr, *rstr, *idx;
+	char *invchars[1];
+
+	tmpstr = strtok(line, " ");
+	do {
+		if((idx=strchr(tmpstr, '=')) != NULL) {
+			rstr = idx + 1;
+			idx = '\0';
+			lstr = tmpstr;
+
+			if(!strncmp(lstr, "rootfstype", 10)) {
+				cmdline.root.fstype = rstr;
+
+			} else if(!strncmp(lstr, "root", 4)) {
+				cmdline.root.source = rstr;
+
+			} else if(!strncmp(lstr, "init", 4)) {
+				cmdline.init = rstr;
+
+			} else if(!strncmp(lstr, "resume", 6)) {
+				cmdline.resume = rstr;
+			}
+
+		} else if(!strncmp(tmpstr, "noresume", 8)) {
+			cmdline.do_resume = 0;
+
+		} else if(!strncmp(tmpstr, "debug", 5)) {
+			cmdline.debug=1;
+
+		} else if(strlen(tmpstr) == 1) {
+			tmpnum = (int)strtol(tmpstr, invchars, 10);
+			if(**invchars == '\0' && tmpnum >= 0) {
+				cmdline.runlevel = tmpstr;
+			}
+		} else {
+			if(cmdline.debug)
+				printf("unknown bootparam flag %s\n",tmpstr);
+		}
+	} while((tmpstr = strtok(NULL, " ")) != NULL);
+
+	debug_printf("\n Bootparams scanned:\n");
+	debug_printf("root\t%s\nrootfstype\t%s\ninit\t%s\nresume\t%s\ndo_resume\t%i\n",
+			cmdline.root.source,cmdline.root.fstype,cmdline.init,cmdline.resume,cmdline.do_resume);
+	debug_printf("debug\t%i\nrunlevel\t%s\n\n",
+			cmdline.debug,cmdline.runlevel);
+	return 0;
+}
+
+int get_cmdline() {
+	char *str;
+
+	/* first set some useful defaults */
+	cmdline.root.source = DEF_KERN_ROOT_SRC;
+	cmdline.root.target = DEF_KERN_ROOT_TGT;
+	cmdline.root.fstype = DEF_KERN_ROOT_FS;
+	cmdline.root.flags = MS_RDONLY;
+	cmdline.init = DEF_KERN_INIT;
+	cmdline.resume = DEF_KERN_SWAP;
+	cmdline.do_resume = 1;
+	cmdline.debug = 0;
+	cmdline.runlevel = DEF_KERN_RUNLEVEL;
+
+	/* read out cmdline from /proc */
+	str = read_cmdline();
+
+	/* parse the cmdline */
+	if(parse_cmdline(str))
+		return -1;
+
+	return 0;
+}
+
+void kmsg_log(int level) {
+	FILE *fd;
+
+	debug_msg("Finetune kernel log\n");
+	if((fd = fopen("/proc/sys/kernel/printk", "r+")) == NULL) {
+		perror("fopen()");
+		return;
+	}
+	fprintf(fd, "%d", level);
+	fclose(fd);
+}
+
+void do_resume(void) {
+	FILE *fd;
+
+	debug_msg("Running tuxonice-resume\n");
+	if((fd = fopen("/sys/power/tuxonice/do_resume", "a")) == NULL) {
+		return;
+	}
+	fprintf(fd, "1\n");
+	fclose(fd);
+}
+
+void do_halt(void) {
+	int pid;
+
+	/* run sync just to be sure */
+	sync();
+
+	/* fork to prevent a kernel panic while killing init */
+	if((pid=fork()) == 0) {
+		reboot(0x4321fedc);
+		_exit(0);
+	}
+	waitpid(pid, NULL, 0);
+}
+
+int do_mount(struct mntopts o) {
+	debug_printf("do_mount: mounting %s with fstype %s\n", o.source, o.fstype);
+	if(mount(o.source, o.target, o.fstype, o.flags, NULL)) {
+		perror("mount()");
+		debug_printf("do_mount: mounting %s with fstype %s\n failed", o.source, o.fstype);
+		return errno;
+	}
+	return 0;
+}
+
+int main(void) {
+	char errormsg[100];
+	int i;
+	int wrongpass;
+	char *pass;
+	struct utsname info;
+	int ret;
+	const char hostname[20] = HOSTNAME;
+	const char domainname[20] = DOMAINNAME;
+	struct crypt_options options;
+	struct interface_callbacks cmd_icb; 
+
+	struct mntopts mopts[2] = {
+		{ "proc", PROCPATH, PROCFS, 0 },
+		{ "sysfs", SYSPATH, SYSFS, 0 }
+	};
+	
+	/* need to set callback functions, log is required */
+	cmd_icb.yesDialog = NULL;
+	cmd_icb.log = cmdLineLog;
+
+	/* first try to mount needed virtual filesystems */
+	if(do_mount(mopts[0]) || do_mount(mopts[1])) {
+		fprintf(stderr, "Error mounting %s and %s\n", 
+			PROCPATH, SYSPATH);
+		exit(errno);
+	}
+
+	/* get kernel command line */
+	if(get_cmdline() == -1) {
+		fprintf(stderr, "Failed to parse kernel commandline\n");
+		exit(errno);
+	}
+
+	/* keep kernel quiet while asking for password */
+	kmsg_log(0);
+
+	/* first unlock swap partition for resume */
+	memset(&options, 0, sizeof(struct crypt_options));
+	options.name = CRYPT_SWAP_NAME;
+	options.device = CRYPT_SWAP_DEV;
+	options.icb = &cmd_icb;
+
+	ret = uname(&info);
+	if (ret < 0)
+		fprintf(stderr, "Error calling uname\n");
+
+	/* security by obscurity */
+	printf("This is %s.%s (Linux %s %s)\n", hostname, domainname, info.machine, info.release);
+	printf("%s login: ", hostname);
+	fflush(stdout);
+	while(getchar() != '\n');
+	/* unlock swap */
+	debug_msg("Unlocking Swap\n");
+	for(i=0; i<3; i++) {
+		/* ask user for password */
+		if((pass=getpass("Password: ")) == NULL) {
+			perror("getpass()");
+			return errno;
+		}
+		options.passphrase = pass;
+		/* try to unlock swap */
+		if((wrongpass=crypt_luksOpen(&options))) {
+			printf("Login incorrect\n");
+			crypt_get_error(errormsg, 99);	
+			debug_printf("Error: %s\n", errormsg);
+		} else { /* success */
+			if(i > 0)
+				fprintf(stderr, "%i incorrect attempts\n",i);
+			break;
+		}
+	}
+	
+	if(wrongpass) {
+		fprintf(stderr, "Panic - you are not allowed!\n");
+		sleep(3);
+		do_halt();
+	}
+
+	/* try to resume here */
+	if(cmdline.do_resume) {
+		debug_msg("Trying to resume from swap\n");
+		do_resume();
+		debug_msg("Resume failed, starting normal boot\n");
+	}
+
+	/* resume returned, starting normal boot */
+	options.name = CRYPT_ROOT_NAME;
+	options.device = CRYPT_ROOT_DEV;
+
+	/* unlock root device */
+	debug_msg("Unlocking Root\n");
+	if(crypt_luksOpen(&options)) {
+		perror("crypt_luksOpen()");
+		crypt_get_error(errormsg, 99);
+		debug_printf("Error: %s\n", errormsg);
+	}
+	
+	/* mount root filesystem */
+	if(do_mount(cmdline.root)) {
+		puts("Error mounting root");
+		exit(errno);
+	}
+
+	kmsg_log(6);
+
+	/* no need for /sys anymore */
+	debug_msg("Unmounting /sys\n");
+	if(umount("/sys"))
+		perror("umount()");
+
+	/* no need for /proc anymore */
+	debug_msg("Unmounting /proc\n");
+	if(umount("/proc"))
+		perror("umount()");
+
+	/* remove password from RAM */
+	memset(pass, 0, strlen(pass)*sizeof(char));
+
+	debug_msg("Switching root\n");
+	switch_root(DEF_KERN_CONS, cmdline.root.target, cmdline.init, cmdline.runlevel);
+	
+	return(0);
+}
+/*
+example initramfs file list:
+ 
+dir /dev 755 0 0
+dir /dev/mapper 755 0 0
+dir /proc 755 0 0
+dir /sys 755 0 0
+dir /mnt 755 0 0
+nod /dev/console 644 0 0 c 5 1
+nod /dev/tty 660 0 0 c 5 0
+nod /dev/tty0 600 0 0 c 4 0
+nod /dev/sda 644 0 0 b 8 0
+nod /dev/sda1 644 0 0 b 8 1
+nod /dev/sda2 644 0 0 b 8 2
+nod /dev/sda3 644 0 0 b 8 3
+nod /dev/sda4 644 0 0 b 8 4
+nod /dev/null 644 0 0 c 1 3
+nod /dev/mapper/control 644 0 0 c 10 62
+nod /dev/urandom 644 0 0 c 1 9
+file /init /usr/src/init 755 0 0
+
+cryptsetup patch:
+
+Index: lib/setup.c
+===================================================================
+--- lib/setup.c	(revision 40)
++++ lib/setup.c	(working copy)
+@@ -538,10 +538,17 @@
+ start:
+ 	mk=NULL;
+ 
+-	if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file,  options->passphrase_fd, options->timeout, options->flags))
+-		tries--;
+-	else
+-		tries = 0;
++	if(options->passphrase) {
++		password = NULL;
++		password = safe_alloc(512);
++		strcpy(password, options->passphrase);
++		passwordLen = strlen(password);
++	} else {
++		if(get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->key_file,  options->passphrase_fd, options->timeout, options->flags))
++			tries--;
++		else
++			tries = 0;
++	}
+ 
+ 	if(!password) {
+ 		r = -EINVAL; goto out;
+*/

target/Config.in

@@ -361,8 +361,7 @@ config ADK_TARGET_ROOTFS_INITRAMFS
 		ADK_LINUX_MIPSEL_QEMU || \
 		ADK_LINUX_MIPS64_QEMU || \
 		ADK_LINUX_MIPS64EL_QEMU || \
-		ADK_LINUX_RESCUE || \
-		ADK_LINUX_MIPS64_LEMOTE
+		ADK_LINUX_RESCUE
 	select ADK_KERNEL_BLK_DEV_INITRD
 	help
 	  create an read-only initramfs system.
@@ -418,6 +417,33 @@ config ADK_TARGET_ROOTFS_EXT2
 	select ADK_KERNEL_EXT2_FS
 	help
 	  Use this option if your rootfs is ext2.
+
+config ADK_TARGET_ROOTFS_ENCRYPTED
+	bool "Encrypted read-write root filesystem"
+	depends on ADK_LINUX_MIPS64_LEMOTE
+	select ADK_LINUX_INITRAMFS_BUILTIN
+	select ADK_PACKAGE_CRYPTINIT
+	select ADK_KERNEL_BLK_DEV_DM
+	select ADK_KERNEL_DM_CRYPT
+	select ADK_KERNEL_CRYPTO_AES
+	select ADK_KERNEL_CRYPTO_CBC
+	select ADK_KERNEL_CRYPTO_SHA256
+	select ADK_KERNEL_XFS_FS
+	help
+	  Use this option if you want an encrypted rootfs.
+	  Default is XFS filesystem. Use following commands to setup 
+	  your hard disk, after booting via NFS or USB:
+	  cryptsetup luksFormat /dev/sda2 
+	  cryptsetup luksOpen /dev/sda2 crypt
+          mkfs.xfs /dev/mapper/crypt
+          mount /dev/mapper/crypt /mnt
+          tar xzvf lemote-mips-encryptedroot.tar.gz -C /mnt
+	  umount /mnt
+          mount /dev/sda1 /mnt
+	  cp lemote-mips-kernel /mnt/ 
+	  mkdir /mnt/boot
+	  Create boot.cfg ... 
+
 endchoice
 
 config ADK_SSP

target/foxboard/kernel.config

@@ -109,7 +109,7 @@ CONFIG_BINFMT_ELF=y
 # CONFIG_HAVE_AOUT is not set
 # CONFIG_BINFMT_MISC is not set
 CONFIG_GENERIC_HARDIRQS=y
-CONFIG_ETRAX_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_ETRAX_CMDLINE="console=ttyS0,115200"
 # CONFIG_ETRAX_WATCHDOG is not set
 CONFIG_ETRAX_FAST_TIMER=y
 # CONFIG_ETRAX_KMALLOCED_MODULES is not set

target/lemote/Makefile

@@ -13,6 +13,15 @@ kernel-install:
 	$(KERNEL_CROSS)objcopy $(OSTRIP) -S $(LINUX_DIR)/vmlinux \
 		$(BIN_DIR)/${DEVICE}-${ARCH}-kernel
 
+createinit:
+	$(SED) 's#^CONFIG_INITRAMFS_SOURCE.*#CONFIG_INITRAMFS_SOURCE="./initramfs_list"#' $(LINUX_DIR)/.config
+	echo 'CONFIG_INITRAMFS_ROOT_UID=0' >> $(LINUX_DIR)/.config
+	echo 'CONFIG_INITRAMFS_ROOT_GID=0' >> $(LINUX_DIR)/.config
+	$(MAKE) -C $(LINUX_DIR) V=0 CROSS_COMPILE="$(KERNEL_CROSS)" ARCH=$(ARCH) \
+		CC="$(TARGET_CC)" $(MAKE_TRACE)
+	$(CP) $(LINUX_DIR)/arch/mips/loongson/image/vmlinuz \
+		$(BIN_DIR)/${DEVICE}-${ARCH}-kernel
+
 ifeq ($(FS),nfsroot)
 imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL)
 	@echo 'The kernel file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel'
@@ -22,6 +31,32 @@ imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL)
 	@echo 'PMON> load tftp://<ip-address-server>/lemote-mips-kernel'
 	@echo 'PMON> g no_auto_cmd root=/dev/nfs ip=dhcp init=/init'
 endif
+ifeq ($(FS),encrypted)
+imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) createinit
+	@echo 'The kernel+cryptinit file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel'
+	@echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL),"
+	@echo 'Boot your lemote via NFS or USB.'
+	@echo 'Then create at least three partitions with fdisk:'
+	@echo '/dev/sda1 (ext2)'
+	@echo '/dev/sda2 (encrypted root)'
+	@echo '/dev/sda3 (swap)'
+	@echo 'mkdir /mnt/{boot,root}'
+	@echo 'mke2fs /dev/sda1'
+	@echo 'mkfs.xfs /dev/sda2'
+	@echo 'cryptsetup luksFormat /dev/sda2'
+	@echo 'cryptsetup luksFormat /dev/sda3'
+	@echo 'cryptsetup luksOpen /dev/sda2 crypt'
+	@echo 'mount /dev/sda1 /mnt/boot'
+	@echo 'mount /dev/mapper/crypt /mnt/root'
+	@echo 'mkdir /mnt/boot/boot'
+	@echo 
+	@echo 'Copy $(ROOTFSTARBALL) via scp to /mnt/root and extract it'
+	@echo 'cd /mnt/root ; gunzip $(ROOTFSTARBALL); tar xpvf $(ROOTFSTARBALL)'
+	@echo 'Copy ${DEVICE}-${ARCH}-kernel via scp to /mnt/boot/boot'
+	@echo 'Move boot.cfg to /mnt/boot/boot'
+	@echo 'mv /mnt/root/boot/boot.cfg /mnt/boot/boot'
+	@echo 'cd /mnt/root ; mknod -m 644 console c 5 1'
+endif
 ifeq ($(FS),initramfs)
 imageinstall: $(BIN_DIR)/$(INITRAMFS)
 	@echo 'The kernel file is: ${BIN_DIR}/${DEVICE}-${ARCH}-kernel'

target/lemote/files/boot/boot.cfg

@@ -0,0 +1,7 @@
+timeout 4
+default 0
+showmenu 1
+
+title Linux
+	kernel /dev/fs/ext2@wd0/boot/lemote-mips-kernel
+	args no_auto_cmd root=/dev/mapper/root resume=/dev/mapper/swap

target/lemote/files/etc/inittab

@@ -1,4 +1,3 @@
 ::sysinit:/etc/init.d/rcS
 ::shutdown:/etc/init.d/rcK
-tty::respawn:/sbin/getty -i -L tty 115200 vt100
 tty1::respawn:/sbin/getty -i -L tty1 115200 vt100

target/lemote/kernel.config

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.30.5
-# Sat Aug 22 13:14:36 2009
+# Sat Aug 22 17:10:45 2009
 #
 CONFIG_MIPS=y
 
@@ -185,9 +185,9 @@ CONFIG_LOCALVERSION=""
 CONFIG_HAVE_KERNEL_GZIP=y
 CONFIG_HAVE_KERNEL_BZIP2=y
 CONFIG_HAVE_KERNEL_LZMA=y
-CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_GZIP is not set
 # CONFIG_KERNEL_BZIP2 is not set
-# CONFIG_KERNEL_LZMA is not set
+CONFIG_KERNEL_LZMA=y
 CONFIG_SWAP=y
 CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
@@ -212,7 +212,11 @@ CONFIG_LOG_BUF_SHIFT=15
 # CONFIG_SYSFS_DEPRECATED_V2 is not set
 # CONFIG_RELAY is not set
 # CONFIG_NAMESPACES is not set
-# CONFIG_BLK_DEV_INITRD is not set
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_INITRAMFS_SOURCE=""
+# CONFIG_RD_GZIP is not set
+# CONFIG_RD_BZIP2 is not set
+CONFIG_RD_LZMA=y
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
 CONFIG_SYSCTL=y
 CONFIG_ANON_INODES=y
@@ -272,6 +276,7 @@ CONFIG_DEFAULT_AS=y
 # CONFIG_DEFAULT_CFQ is not set
 # CONFIG_DEFAULT_NOOP is not set
 CONFIG_DEFAULT_IOSCHED="anticipatory"
+# CONFIG_PROBE_INITRD_HEADER is not set
 CONFIG_FREEZER=y
 
 #
@@ -1240,6 +1245,7 @@ CONFIG_GENERIC_FIND_LAST_BIT=y
 CONFIG_CRC32=y
 # CONFIG_CRC7 is not set
 # CONFIG_LIBCRC32C is not set
+CONFIG_DECOMPRESS_LZMA=y
 CONFIG_HAS_IOMEM=y
 CONFIG_HAS_IOPORT=y
 CONFIG_HAS_DMA=y

target/linux/config/Config.in.block

@@ -40,6 +40,15 @@ config ADK_KERNEL_BLK_DEV_SD
 	boolean
 	default n
 
+config ADK_KERNEL_DM_CRYPT
+	boolean
+	default n
+
+config ADK_KERNEL_BLK_DEV_DM
+	select ADK_KERNEL_MD
+	boolean
+	default n
+
 #config ADK_KERNEL_IDE
 #	boolean
 #	default n
@@ -206,6 +215,7 @@ config ADK_KPACKAGE_KMOD_MD_RAID456
 config ADK_KPACKAGE_KMOD_BLK_DEV_DM
 	prompt "kmod-dm........................... Device Mapper support"
 	select ADK_KERNEL_MD
+	depends on !ADK_KERNEL_BLK_DEV_DM
 	tristate
 	help
 	  Device-mapper is a low level volume manager.  It works by allowing
@@ -218,6 +228,7 @@ config ADK_KPACKAGE_KMOD_BLK_DEV_DM
 config ADK_KPACKAGE_KMOD_DM_CRYPT
 	prompt "kmod-dm-crypt................... Crypt target support"
 	depends on ADK_KPACKAGE_KMOD_BLK_DEV_DM
+	depends on !ADK_KERNEL_DM_CRYPT
 	select ADK_KERNEL_MD
 	select ADK_KERNEL_CRYPTO
 	select ADK_KPACKAGE_KMOD_CRYPTO_CBC

target/linux/config/Config.in.crypto

@@ -22,6 +22,18 @@ config ADK_KERNEL_OCF_OCF
 	select ADK_KERNEL_OCF_FIPS
 	select ADK_KERNEL_OCF_CRYPTODEV
 
+config ADK_KERNEL_CRYPTO_AES
+	boolean
+	default n
+
+config ADK_KERNEL_CRYPTO_SHA256
+	boolean
+	default n
+
+config ADK_KERNEL_CRYPTO_CBC
+	boolean
+	default n
+	
 comment "Hardware cryptography"
 
 menu "Hardware crypto devices"
@@ -136,6 +148,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER
 config ADK_KPACKAGE_KMOD_CRYPTO_CBC
 	prompt "kmod-crypto-cbc...................... CBC support"
 	tristate
+	depends on !ADK_KERNEL_CRYPTO_CBC
 	select ADK_KPACKAGE_KMOD_CRYPTO_BLKCIPHER
 	select ADK_KPACKAGE_KMOD_CRYPTO_MANAGER
 	default n
@@ -205,6 +218,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_SHA256
 	prompt "kmod-crypto-sha256................... SHA256 digest algorithm"
 	tristate
 	default n
+	depends on !ADK_KERNEL_CRYPTO_SHA256
 	select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI
 	select ADK_KPACKAGE_KMOD_CRYPTO_HASH
 	help
@@ -267,6 +281,7 @@ config ADK_KPACKAGE_KMOD_CRYPTO_AES
 	prompt "kmod-crypto-aes...................... AES cipher algorithms"
 	tristate
 	default n
+	depends on !ADK_KERNEL_CRYPTO_AES
 	select ADK_KPACKAGE_KMOD_CRYPTO_ALGAPI
 	help
 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael 

target/linux/config/Config.in.fs

@@ -121,10 +121,20 @@ config ADK_KPACKAGE_KMOD_VFAT_FS
 	  The VFAT support enlarges your kernel by about 10 KB Please read the
 	  file <file:Documentation/filesystems/vfat.txt> for details.
 
+config ADK_KERNEL_EXPORTFS
+	boolean
+	default n
+
+config ADK_KERNEL_XFS_FS
+	boolean
+	select ADK_KERNEL_EXPORTFS
+	default n
+
 config ADK_KPACKAGE_KMOD_XFS_FS
 	prompt "kmod-fs-xfs....................... XFS filesystem support"
 	tristate
 	select ADK_KPACKAGE_KMOD_EXPORTFS
+	depends on !ADK_KERNEL_XFS_FS
 	default n
 	help
 	  XFS is a high performance journaling filesystem which originated

target/linux/config/Config.in.misc

@@ -1,3 +1,8 @@
+config ADK_LINUX_INITRAMFS_BUILTIN
+	select ADK_KERNEL_BLK_DEV_INITRD
+	boolean
+	default n
+
 menu "Miscellaneous devices support"
 
 source target/linux/config/Config.in.leds

target/linux/patches/2.6.30.5/startup.patch

@@ -0,0 +1,20 @@
+diff -Nur linux-2.6.30.5.orig/init/main.c linux-2.6.30.5/init/main.c
+--- linux-2.6.30.5.orig/init/main.c	2009-08-16 23:19:38.000000000 +0200
++++ linux-2.6.30.5/init/main.c	2009-08-22 20:26:39.000000000 +0200
+@@ -811,7 +811,7 @@
+ 	numa_default_policy();
+ 
+ 	if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
+-		printk(KERN_WARNING "Warning: unable to open an initial console.\n");
++		printk(KERN_WARNING "Starting Linux (build with OpenADK)");
+ 
+ 	(void) sys_dup(0);
+ 	(void) sys_dup(0);
+@@ -835,6 +835,7 @@
+ 		printk(KERN_WARNING "Failed to execute %s.  Attempting "
+ 					"defaults...\n", execute_command);
+ 	}
++	run_init_process("/start");
+ 	run_init_process("/sbin/init");
+ 	run_init_process("/etc/init");
+ 	run_init_process("/bin/init");

target/qemu-cris/kernel.config

@@ -110,7 +110,7 @@ CONFIG_BINFMT_ELF=y
 # CONFIG_HAVE_AOUT is not set
 # CONFIG_BINFMT_MISC is not set
 CONFIG_GENERIC_HARDIRQS=y
-CONFIG_ETRAX_CMDLINE="console=ttyS0,115200 init=/init"
+CONFIG_ETRAX_CMDLINE="console=ttyS0,115200"
 # CONFIG_ETRAX_WATCHDOG is not set
 CONFIG_ETRAX_FAST_TIMER=y
 # CONFIG_ETRAX_KMALLOCED_MODULES is not set

target/qemu-mips/kernel.config

@@ -889,7 +889,7 @@ CONFIG_MAGIC_SYSRQ=y
 # CONFIG_DYNAMIC_PRINTK_DEBUG is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
 
 #
 # Security options

target/qemu-mips64/kernel.config

@@ -898,7 +898,7 @@ CONFIG_TRACING_SUPPORT=y
 # CONFIG_BLK_DEV_IO_TRACE is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
 
 #
 # Security options

target/qemu-mips64el/kernel.config

@@ -891,7 +891,7 @@ CONFIG_MAGIC_SYSRQ=y
 # CONFIG_DYNAMIC_PRINTK_DEBUG is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
 
 #
 # Security options

target/qemu-mipsel/kernel.config

@@ -889,7 +889,7 @@ CONFIG_MAGIC_SYSRQ=y
 # CONFIG_DYNAMIC_PRINTK_DEBUG is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200 console=tty0"
+CONFIG_CMDLINE="console=ttyS0,115200 console=tty0"
 
 #
 # Security options

target/rb411/kernel.config

@@ -917,7 +917,7 @@ CONFIG_MAGIC_SYSRQ=y
 # CONFIG_DYNAMIC_PRINTK_DEBUG is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_CMDLINE="console=ttyS0,115200"
 
 #
 # Security options

target/rb433/kernel.config

@@ -918,7 +918,7 @@ CONFIG_MAGIC_SYSRQ=y
 # CONFIG_DYNAMIC_PRINTK_DEBUG is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_CMDLINE="console=ttyS0,115200"
 
 #
 # Security options

target/rb532/kernel.config

@@ -930,7 +930,7 @@ CONFIG_TRACING_SUPPORT=y
 # CONFIG_BLK_DEV_IO_TRACE is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0,115200"
+CONFIG_CMDLINE="console=ttyS0,115200"
 
 #
 # Security options

target/wag54g/kernel.config

@@ -760,7 +760,7 @@ CONFIG_MAGIC_SYSRQ=y
 # CONFIG_DYNAMIC_PRINTK_DEBUG is not set
 # CONFIG_SAMPLES is not set
 CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_CMDLINE="init=/init console=ttyS0"
+CONFIG_CMDLINE="console=ttyS0"
 
 #
 # Security options