Converting read-only initramfs-tools pre-mount script into regular live-boot script.

3 files changed, 29 insertions, 0 deletions

diff --git a/scripts/boot.sh b/scripts/boot.sh
index 5a64d70..eeaa4dc 100755
--- a/scripts/boot.sh
+++ b/scripts/boot.sh
@@ -472,6 +472,14 @@ mountroot ()
 
 	Arguments
 
+	# make sure all harddisk devices are read-only
+	# this is important for forensic investigations
+	case "${READ_ONLY}" in
+		true)
+			Read_only
+			;;
+	esac
+
 	maybe_break live-premount
 	log_begin_msg "Running /scripts/live-premount"
 	run_scripts /scripts/live-premount
diff --git a/scripts/boot/arguments.sh b/scripts/boot/arguments.sh
index 6b4e553..c526b9a 100755
--- a/scripts/boot/arguments.sh
+++ b/scripts/boot/arguments.sh
@@ -10,6 +10,10 @@ Arguments ()
 	for ARGUMENT in $(cat /proc/cmdline)
 	do
 		case "${ARGUMENT}" in
+			read-only)
+				READ_ONLY="true"
+				;;
+
 			skipconfig)
 				NOACCESSIBILITY="Yes"
 				NOFASTBOOT="Yes"
diff --git a/scripts/boot/read-only.sh b/scripts/boot/read-only.sh
new file mode 100755
index 0000000..c8990df
--- /dev/null
+++ b/scripts/boot/read-only.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+#set -e
+
+Read_only ()
+{
+	# Marking the usual block devices for harddisks read-only
+	for _DEVICE in /dev/sd* /dev/vd*
+	do
+		if [ -b "${_DEVICE}" ]
+		then
+			printf "Setting device %-9s to read-only mode:" ${_DEVICE} > /dev/console
+
+			blockdev --setro ${_DEVICE} && printf " done [ execute \"blockdev --setrw %-9s\" to unlock]\n" ${_DEVICE} > /dev/console || printf "failed\n" > /dev/console
+		fi
+	done
+}