Enable additional cryptographic kernel options required for using
AES-CTR via the AF_ALG userspace interface in future features:
- CONFIG_CRYPTO_PCRYPT: parallel crypto wrapper for symmetric ciphers
- CONFIG_CRYPTO_USER_API_SKCIPHER: AF_ALG user API for skcipher
- CONFIG_CRYPTO_AES_NI_INTEL: AES-NI accelerated AES implementation on x86_64
These options prepare the kernel for an AF_ALG-based AES-CTR PRNG and
other potential AF_ALG-backed cryptographic functionality in nwipe.
Allow to append a FAT16 partition image when building an ISO in hybrid mode.
This allows to add an extra writeable partition for when the ISO is burned to USB.
This feature is experimental and disabled by default.
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
The EFI partition for hybrid ISOs does not reliably show on all Windows systems, so we cannot use our "hack" of writing the configurations/PDFs to it. Reverted instead to a sane-sized EFI partition which is used just for booting. Added a note to the README that some tools such as Rufus support an ISO-mode to add a writeable partition at burning-time.
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
It is more convenient to not have to search for configuration files in different directories, and also helpful to see the standard configuration files, so move all ShredOS configurations into board/shredos.
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
Helps GRUB find the ShredOS volume when it otherwise cannot (such as when the IMG is used with Ventoy in BIOS)
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
This adds a configuration for a jack-of-all-trades ISO, which allows BIOS and UEFI booting, being written to CD/DVD-ROM and USB drives, as well as having a writeable partition when being used from an USB drive. It basically combines the functionality of all prior release versions into one single ISO (per architecture).
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
Post-processing used a static (outdated?) GRUB image for USB image generation, but it is better to use the GRUB image produced as part of the building process, which ensures that the actual compiled GRUB version is used as bootloader in our images and not an outdated one.
Post-processing previously embedded the 64-bit EFI bootloader to 32-bit builds, as no architecture checks were in place. This was changed to check for architecture and embed the correct EFI bootloader for the respective target architecture instead.
The GRUB configuration was changed to use a menu, to allow the user to choose between standard and nomodeset parameters, while also allowing the user to edit the command line to append other kernel parameters they may need for their systems.
The vanity kernel image name was returned to bzImage to clearly mark the image for what it is, and to remain consistent with the ISO file generation where we have no direct control over the image now.
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
As the board is now using a GRUB menu, replacing these messages no longer makes sense (most users will never see them), so the additional patch is better removed.
Signed-off-by: desertwitch <24509509+desertwitch@users.noreply.github.com>
When nwipe has completed erasing the drives and the user
hits return to exit which then creates the PDF certificates,
the PDF and log files are then either automatically transferred
to a USB stick, assuming that's where you booted ShredOS from
or the files are transferred to a network server, if the ShredOS
grub.cfg files were configured to do that.
However, say there was a network failure or somebody inadvertently
removed the USB drive, the PDF files & logs would not get saved.
Previously you would have had to manually copy the files using the
command line.
Now when you get to the stage where ShredOS asks whether you want
to reboot, shutdown or restart nwipe, if there are any PDF files
that have not been saved a new options 'a' archive to USB will
be available. This option will only show up if there are PDFs that
have not been saved. So the message will read:
r=reboot, s=shutdown, a=archive to USB, spacebar=restart nwipe
Apart from the above scenario, this feature may also prove useful
to somebody, wiping many computers while using a single USB stick.
For those that don't know, it's not necessary to keep the USB stick
plugged into the computer. Once nwipe has appeared you can pull
the USB stick out and use it to boot another computer. Returning it
to the first computer when the wipes have completed and you want to
save the PDFs to USB.
This patch also standardises the date format used in the ShredOS
logs so it matches the nwipe format.
Various fixes to do with tftp/ftp transfers.
Fixes#242 Pauses for upto 30 seconds before launching nwipe
if ftp/tftp transfers are being used. This is because if the
user specified shredos_config="..." on the kernel command line
in order to retrieve the nwipe.conf and nwipe_customers.csv
files from a local ftp/tftp server, the server needs to be
online before nwipe is launched. On some systems/networks the
ethernet hardware initialisation and then DHCP requests can be
slower than nwipe launching hence why we now ping the server
to makesure it's online before launching nwipe.
Lots of improvements to error detection and handling for tftp
Improvments to the "shredos_autoreboot=enable" option. When this
option is placed on the kernel command line shredos will reboot
upon completion of wipes. --nowait option is appled by the scipt
to nwipe so nwipe doesn't wait for user interaction before exiting.
If the shredos_config="..." or shredos_output="..." kernel command
line options have been added by the user, autoreboot and also
autoshutdown will wait after exiting nwipe if any ftp/tftp errors
occurred so the user can review the transfer log and decide on a
course of action if necessary.
1. Debug tftp transfers for restoring config files and outputing
pdfs and logs.
2. Added a ping status delay for the ftp/tftp that only proceeds
with launching nwipe if ftp/tftp servers have been configured on
the kernel command line. The delay has a 30 second timeout upon
which nwipe will launch. This fixes a problem where nwipe launches
before the ethernet hardware is active and a IP address had not
been obtained. This caused nwipe to not be able to read the
config files from the ftp/tftp server.
3. Removed 4 second countdown on restarting nwipe.
When the user types Control C to exit nwipe after the wipes
have completed or to abort nwipe before wipes complete, previously
ShredOS provided only one option which was press the spacebar to
restart nwipe. The user could also have pressed the power button to
shutdown the computer.
This commit now provides the option to reboot or shutdown using the
keyboard. The following message is displayed after nwipe exits.
"Paused, press r to reboot, s to shutdown, spacebar to restart nwipe"
As before if auto shutdown has been selected via the kernel command
line then auto shutdown overrides this new message.
This commit allows the user to exclude the fat
formatted USB flash drive that ShredOS was booted from.
Reasons why the user might want to do this are:
a:) avoid the possibility of accidently selecting the
USB FAT formatted boot drive for erasure in interactive mode
b:) Stop the USB FAT formatted boot drive being erased in
autonuke mode.
There are two methods available to do this. You should currently
not manually add -e, --exclude=DEVICES on the kernel command line
if using either method described below as the results may be
unpredictable as nwipe doesn't currently combine two -e or --exclude
options. A patch to nwipe will fix this in due course. Further to
this, ShredOS will only exclude ONE FAT formatted USB drive. If you
plugged multiple FAT formatted drives into the system it will only
exclude the first drive it comes across that it either recognises
as a ShredOS boot drive or is explicitly excluded by using the empty
file /etc/shredos/shredos_exclude_disc. This file will take precedence
over ShredOS attempting to detect a boot drive by examining version
information.
The two methods to exclude a FAT formatted boot drive from being wiped
are described below. Even though a drive is excluded from the wipe it
will still have reports and logs transferred to it unless some other
transfer method has been selected such as lftp.
1. The user can now place a empty file called
/etc/shredos/shredos_exclude_disc on the FAT formatted drive.
This will cause ShredOS to use the nwipe exclude option to
exclude the drive from being displayed in nwipe's interactive
mode or erased in nwipe's autonuke mode. This is particularly
userful for Ventoy users as they would not need to edit the
ShredOS .img file or build the modified ShredOS .iso as required
by method 2 below when making changes to grub.cfg.
However this method is not only limited to Ventoy users but can
also be used on a ShredOS USB created by dd or Rufus.
2. The user can place the text string shredos_exclude_boot_disc
on the kernel command line in /boot/grub/grub.cfg and /EFI/BOOT/grub.cfg
As with the first method this will cause ShredOS to exclude the FAT
formatted boot drive from appearing in nwipe's interactive mode or
being erased in nwipe's autonuke mode.
In addition to the above features various improvements were made to
the log messages include prefixing with date.
Add fat16 to existing fat32 & exfat disc formats
We now accept fat16 as well as fat32 and exfat formats for
USB devices that can have the config files restored from &
sent to as well as saving PDF files.
The main purpose of this commit is to allow the developer
or tester the ability to specify /dev/loop0 .. /dev/loopn on the
kernel command line in /boot/grub/grub.cfg and /EFI/BOOT/grub.cfg
where n is unlimited, although it is recommended that no more
than 20-30 loop devices are specified. The loop devices are of a
fixed size alternating between 500Kbytes and 1 MByte in size. Due
to their small size you would typically select 500 or 1000 rounds
when testing. To create loop devices append the following to
grub.cfg nwipe_options='--nousb /dev/loop0 /dev/loop1 ... /dev/loopn'
loop devices should be sequential starting at loop0, any break in
the sequence will cause creation of loop devices to stop.
This commit also includes a ffmpeg module
+BR2_PACKAGE_FFMPEG_SWSCALE=y for creation of
videos of the display. This may be useful for creating
training material, youtube videos etc using the command
ffmpeg -f fbdev -framerate 30 -i /dev/fb0 output.mp4
Initial work was started on excluding the boot disc if
the following shredos_exclude_boot_disc is appended
to the kernel command line.
discs including Ventoy.
2. The delay ShredOS introduces while it waits for USB devices to initialise
previously printed a period symbol every second to show somethink was
happening, instead, it now counts down numerically from 30. Most USB
devices have initialised after about 10-15 seconds.
3. Two new kernel command line options are introduced. The first allows the
user to determine whether PDF, log and dmesg files are sent using tftp or
ftp protocols.
i.e shredos_config=ftp:192.168.0.2:/home/joe/ftpdata/:jo:488993d:d
4. The second kernel command line option is:
shredos_output=ftp:192.168.0.2:/home/joe/ftpdata/:jo:488993d:d which
determines where the nwipe config files are retrieved from on ShredOS boot
and saved on nwipe exit.
5. Added package openssh for sftp support
6. Added package telnetd which had inadvertently been removed on the last update.
