summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/boot.sh8
-rwxr-xr-xscripts/boot/arguments.sh4
-rwxr-xr-xscripts/boot/read-only.sh17
3 files changed, 29 insertions, 0 deletions
diff --git a/scripts/boot.sh b/scripts/boot.sh
index 5a64d70..eeaa4dc 100755
--- a/scripts/boot.sh
+++ b/scripts/boot.sh
@@ -472,6 +472,14 @@ mountroot ()
Arguments
+ # make sure all harddisk devices are read-only
+ # this is important for forensic investigations
+ case "${READ_ONLY}" in
+ true)
+ Read_only
+ ;;
+ esac
+
maybe_break live-premount
log_begin_msg "Running /scripts/live-premount"
run_scripts /scripts/live-premount
diff --git a/scripts/boot/arguments.sh b/scripts/boot/arguments.sh
index 6b4e553..c526b9a 100755
--- a/scripts/boot/arguments.sh
+++ b/scripts/boot/arguments.sh
@@ -10,6 +10,10 @@ Arguments ()
for ARGUMENT in $(cat /proc/cmdline)
do
case "${ARGUMENT}" in
+ read-only)
+ READ_ONLY="true"
+ ;;
+
skipconfig)
NOACCESSIBILITY="Yes"
NOFASTBOOT="Yes"
diff --git a/scripts/boot/read-only.sh b/scripts/boot/read-only.sh
new file mode 100755
index 0000000..c8990df
--- /dev/null
+++ b/scripts/boot/read-only.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+#set -e
+
+Read_only ()
+{
+ # Marking the usual block devices for harddisks read-only
+ for _DEVICE in /dev/sd* /dev/vd*
+ do
+ if [ -b "${_DEVICE}" ]
+ then
+ printf "Setting device %-9s to read-only mode:" ${_DEVICE} > /dev/console
+
+ blockdev --setro ${_DEVICE} && printf " done [ execute \"blockdev --setrw %-9s\" to unlock]\n" ${_DEVICE} > /dev/console || printf "failed\n" > /dev/console
+ fi
+ done
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-04 00:38:18 +0000