kxtzownsu/PicoShim
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: kxtzownsu:26ebf49b18e72f9757bdf4d380fd16af4f80b774
Branches Tags
kxtzownsu:main
..
compare: kxtzownsu:28700afa8ed6466659565afe91eb4ebf583be824
Branches Tags
kxtzownsu:main

No commits in common. "26ebf49b18e72f9757bdf4d380fd16af4f80b774" and "28700afa8ed6466659565afe91eb4ebf583be824" have entirely different histories.
26ebf49b18 ... 28700afa8e

16 changed files with 24 additions and 181 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,6 +1,3 @@
*.bin*
build/
# Prerequisites # Prerequisites
*.d *.d

2
.vscode/settings.json vendored
View File

@ -1,3 +1,3 @@
{ {
"editor.disableMonospaceOptimizations": true, "editor.largeFileOptimizations": true
} }

33
README.md
View File

@ -1,33 +0,0 @@
# PicoShim
## The smallest shim to ever come out (so far)
### THIS REQUIRES A USB AND BASIC INSTRUCTION FOLLOWING SKILLS
## How to use this
**1.** Find your board, this can be done by going to `chrome://version` and then looking for the "Platform" entry. <br />
**1a.** Once found, look at the **last** word in the line, that is your board.<br />
**2.** Download a shim at https://dl.kxtz.dev/ChromeOS/shims/PicoShim<br />
**3.** Open the Chrome Recovery Utility (or flasher of your choice) and open the file, and then select your USB.<br />
**4.** Once the image is done flashing, remove all external media (CD, USB, SD) and press ESC+REFRESH+PWR<br />
**5.** Insert your newly-flashed USB <br />
**6.** enjoy the smallest shim thats bootable with MP keys as of 9/11/24<br />
## How to compile a shim
**1.** Clone the repository with `git`, `git clone https://git.kxtz.dev/PicoShim`<br />
**1a.** If git.kxtz.dev is down, you can use <https://github.com/kxtzownsu/PicoShim><br />
**2.** cd into the newly-cloned repo with `cd PicoShim`<br />
**3.** cd into the `builder` folder<br />
**4.** Move your shim into the `builder` folder <br />
**5.** Run `sudo bash picobuilder.sh /path/to/shim.bin`<br />
**6.** Your shim should now be less than 50MiB when done.<br />
## GitHub
https://github.com/kxtzownsu/PicoShim
## Credits
kxtzownsu - writing picoshim & the builder
ading2210 (vk6) - the extract_initramfs code
BinBashBanana (OlyB) - the shim shrinking code

BIN
builder/bins/aarch64/cgpt
View File

Binary file not shown.

BIN
builder/bins/aarch64/sfdisk
View File

Binary file not shown.

0
builder/bins/x86_64/cgpt → builder/bins/cgpt.x86-64
View File

0
builder/bins/x86_64/sfdisk → builder/bins/sfdisk.x86-64
View File

BIN
builder/bootstrap/aarch64/bin/bash
View File

Binary file not shown.

0
builder/bootstrap/x86_64/bin/bash → builder/bootstrap/bin/bash Executable file → Normal file
View File

16
builder/bootstrap/noarch/bin/init
View File

@ -1,16 +0,0 @@
#!/bin/sh
VERSION="1.0.0"
printf "\033]input:on\a"
printf "\033[?25h"
bash /installbins
rm -rf /init
clear
echo "PicoShim $VERSION"
echo "this shell is PID 1 - exiting will crash your chromebook"
tty=/dev/pts/0
setsid bash -c "exec script -afqc 'while :; do /bin/bash || :; done' /dev/null <${tty} >>${tty} 2>&1"

40
builder/buildables/vboot_reference/build.sh
View File

@ -1,40 +0,0 @@
#!/bin/bash
SCRIPT_DIR=$(realpath "$(dirname "$0")")
REPO_DIR="vboot_reference"
BRANCH="release-R133-16151.B"
echo "This script was made to work with Ubuntu 22.04."
echo "By pressing ENTER, you acknowledge this"
echo "By pressing CTRL-C, you will deny this"
read -r
sudo apt install -y git wget libuuid1
if [[ ! -d "$SCRIPT_DIR/$REPO_DIR" ]]; then
git clone https://chromium.googlesource.com/chromiumos/platform/vboot_reference -b "$BRANCH" "$SCRIPT_DIR/$REPO_DIR"
else
echo "Repository already exists. Skipping clone."
fi
cd "$SCRIPT_DIR/$REPO_DIR" || exit 1
git apply ../vboot_reference.patch
CFLAGS="-fPIC" CXXFLAGS="-fPIC" make STATIC=1 TPM2_MODE=1 USE_FLASHROM=0
echo "Would you like to clean up the directory?"
read -rep "[Y/n] " cleanupChoice
if [[ "$cleanupChoice" == "y" || "$cleanupChoice" == "Y" || "$cleanupChoice" == "" ]]; then
if [[ -d "$SCRIPT_DIR/build" ]]; then
rm -rf "$SCRIPT_DIR/build"
fi
if [[ -d "$SCRIPT_DIR/$REPO_DIR/build" ]]; then
mv "$SCRIPT_DIR/$REPO_DIR/build" "$SCRIPT_DIR"
fi
find "$SCRIPT_DIR/build" -name '*.o*' -type f -delete
find "$SCRIPT_DIR/build" -type d -empty -delete
rm -rf "$SCRIPT_DIR/$REPO_DIR"
echo "Cleaned! Final build files are at $SCRIPT_DIR/build"
fi

12
builder/buildables/vboot_reference/vboot_reference.patch
View File

@ -1,12 +0,0 @@
diff --git a/Makefile b/Makefile
index ff3f88d1..94b1cee3 100644
--- a/Makefile
+++ b/Makefile
@@ -533,7 +533,6 @@ ALL_OBJS += ${UTILLIB_OBJS}
# Externally exported library for some target userspace apps to link with
# (cryptohome, updater, etc.)
-HOSTLIB = ${BUILD}/libvboot_host.so
HOSTLIB_STATIC = ${BUILD}/libvboot_host.a
# For testing purposes files contianing some libvboot_host symbols.

3
builder/lib/detect_arch.sh
View File

@ -7,8 +7,7 @@ detect_arch() {
if [ -f "$MNT_ROOT/bin/bash" ]; then if [ -f "$MNT_ROOT/bin/bash" ]; then
case "$(file -b "$MNT_ROOT/bin/bash" | awk -F ', ' '{print $2}' | tr '[:upper:]' '[:lower:]')" in case "$(file -b "$MNT_ROOT/bin/bash" | awk -F ', ' '{print $2}' | tr '[:upper:]' '[:lower:]')" in
# for now assume arm has aarch64 kernel # for now assume arm has aarch64 kernel
# theres no armv7 shims leaked so far iirc *aarch64* | *armv8* | *arm*) TARGET_ARCH=arm64 ;;
*aarch64* | *armv8* | *arm*) TARGET_ARCH=aarch64 ;;
esac esac
fi fi
echo "$TARGET_ARCH" echo "$TARGET_ARCH"

2
builder/lib/extract_initramfs.sh
View File

@ -93,7 +93,7 @@ extract_initramfs_full() {
copy_kernel $shim_path $kernel_dir copy_kernel $shim_path $kernel_dir
echo "extracting initramfs from kernel (this may take a while)" echo "extracting initramfs from kernel (this may take a while)"
if [ "$arch" = "aarch64" ]; then if [ "$arch" = "arm64" ]; then
extract_initramfs_arm $kernel_dir/kernel.bin $kernel_dir $rootfs_dir extract_initramfs_arm $kernel_dir/kernel.bin $kernel_dir $rootfs_dir
else else
extract_initramfs $kernel_dir/kernel.bin $kernel_dir $rootfs_dir extract_initramfs $kernel_dir/kernel.bin $kernel_dir $rootfs_dir

1
builder/lib/rootfs_utils.sh
View File

@ -29,7 +29,6 @@ n
+${state_size}M +${state_size}M
w w
EOF EOF
echo "y" | mkfs.ext4 "$image"p1 > /dev/null 2>&1
} }
is_ext2() { is_ext2() {

93
builder/picoshim.sh Executable file → Normal file
View File

@ -14,13 +14,13 @@ if [ "$1" == "" ]; then
fi fi
SCRIPT_DIR=$(dirname "$0") SCRIPT_DIR=$(dirname "$0")
SCRIPT_DIR=${SCRIPT_DIR:-"."}
VERSION=1 VERSION=1
ARCHITECTURE="$(uname -m)" ARCHITECTURE="$(uname -m)"
case "$ARCHITECTURE" in case "$ARCHITECTURE" in
*x86_64* | *x86-64*) ARCHITECTURE=x86_64 ;; *x86_64* | *x86-64*) ARCHITECTURE=x86_64 ;;
*aarch64* | *armv8*) ARCHITECTURE=aarch64 ;; *aarch64* | *armv8*) ARCHITECTURE=aarch64 ;;
*i[3-6]86*) ARCHITECTURE=i386 ;;
*) fail "Unsupported architecture $ARCHITECTURE" ;; *) fail "Unsupported architecture $ARCHITECTURE" ;;
esac esac
@ -32,43 +32,28 @@ echo "PicoShim builder"
echo "requires: binwalk, fdisk, cgpt, mkfs.ext2, numfmt" echo "requires: binwalk, fdisk, cgpt, mkfs.ext2, numfmt"
SHIM="$1" SHIM="$1"
initramfs="/tmp/picoshim_initramfs" initramfs="/tmp/initramfs_path"
rootfs_mnt="/tmp/picoshim_rootfsmnt" rootfs_mnt="/tmp/picoshim_rootmnt"
state_mnt="/tmp/picoshim_statemnt" loopdev=$(losetup -f)
CGPT="${SCRIPT_DIR}/bins/$ARCHITECTURE/cgpt" CGPT="${SCRIPT_DIR}/lib/bin/$ARCHITECTURE/cgpt"
SFDISK="${SCRIPT_DIR}/bins/$ARCHITECTURE/sfdisk" SFDISK="${SCRIPT_DIR}/lib/bin/$ARCHITECTURE/sfdisk"
# gets the initramfs size, e.g: 6.5M, and rounds it to the nearest whole number, e.g: 7M
# we're giving it 5 extra MBs to allow the busybox binaries to be installed
initramfs_size=$(($(du -sb "$initramfs" | awk '{print $1}' | numfmt --to=iec | awk '{print int($1) + ($1 > int($1))}') + 2))
kernsize=$(fdisk -l ${loopdev}p2 | head -n 1 | awk '{printf $3}')
# size of stateful partition in MiB # size of stateful partition in MiB
state_size="1" state_size="1"
rm -rf /tmp/kernel*
losetup -D
# cleanup previous instances of picoshim, if they existed rm -rf $initramfs # cleanup previous instances of picoshim, if they existed.
umount -R $initramfs > /dev/null 2>&1
rm -rf $initramfs
mkdir -p $initramfs mkdir -p $initramfs
umount -R $rootfs_mnt > /dev/null 2>&1 rm -rf $rootfs_mnt # cleanup previous instances of picoshim, if they existed.
rm -rf $rootfs_mnt
mkdir -p $rootfs_mnt mkdir -p $rootfs_mnt
umount -R $state_mnt > /dev/null 2>&1
rm -rf $state_mnt
mkdir -p $state_mnt
rm -rf /tmp/loop0
# the amount of headaches loop0 has caused me....
if ! $(losetup | grep loop0); then
touch /tmp/loop0
dd if=/dev/urandom of=/tmp/loop0 bs=1 count=512 status=none > /dev/null 2>&1
losetup -P /dev/loop0 /tmp/loop0
fi
loopdev=$(losetup -f)
if [ -f "$SHIM" ]; then if [ -f "$SHIM" ]; then
shrink_partitions "$SHIM" shrink_partitions "$SHIM"
losetup -P "$loopdev" "$SHIM" losetup -P "$loopdev" "$SHIM"
@ -78,17 +63,9 @@ fi
arch=$(detect_arch $loopdev) arch=$(detect_arch $loopdev)
extract_initramfs_full "$loopdev" "$initramfs" "/tmp/shim_kernel/kernel.img" "$arch" extract_initramfs_full "$loopdev" "$initramfs" "/tmp/shim_kernel/kernel.img" "$arch"
dd if="${loopdev}p2" of=/tmp/kernel-new.bin bs=1M status=none dd if="${loopdev}p2" of=/tmp/kernel-new.bin bs=1M oflag=direct status=none
# gets the initramfs size, e.g: 6.5M, and rounds it to the nearest whole number, e.g: 7M fdisk "$loopdev" <<EOF > /dev/null 2>&1
# we're giving it 5 extra MBs to allow the busybox binaries to be installed & our bootstrapped stuff
initramfs_size=$(($(du -sb "$initramfs" | awk '{print $1}' | numfmt --to=iec | awk '{print int($1) + ($1 > int($1))}') + 3))
kernsize=$(($(du -sb /tmp/kernel-new.bin | awk '{print $1}' | numfmt --to=iec | awk '{print int($1) + ($1 > int($1))}')))
# add another meg to the kernel just incase of resigning issues (:spoob:)
echo "fdisk!"
fdisk "$loopdev" <<EOF > /dev/null 2>&1
d d
3 3
p p
@ -107,7 +84,7 @@ p
w w
EOF EOF
dd if=/tmp/kernel-new.bin of="${loopdev}p2" bs=1M oflag=direct status=none conv=notrunc dd if=/tmp/kernel-new.bin of="${loopdev}p2" bs=1M oflag=direct status=none
echo "creating new filesystem on rootfs" echo "creating new filesystem on rootfs"
echo "y" | mkfs.ext2 "$loopdev"p3 -L ROOT-A > /dev/null 2>&1 echo "y" | mkfs.ext2 "$loopdev"p3 -L ROOT-A > /dev/null 2>&1
@ -115,48 +92,20 @@ echo "mounting & moving files from initramfs to rootfs"
mount "$loopdev"p3 "$rootfs_mnt" mount "$loopdev"p3 "$rootfs_mnt"
mv "$initramfs"/* "$rootfs_mnt"/ mv "$initramfs"/* "$rootfs_mnt"/
echo "bootstrapping rootfs..."
# we have to do this due to issues with the `cp` command
noarchfolders=$(ls "${SCRIPT_DIR}/bootstrap/noarch/")
for folder in $noarchfolders; do
cp -r "${SCRIPT_DIR}/bootstrap/noarch/${folder}" "$rootfs_mnt"
files=$(find "${SCRIPT_DIR}/bootstrap/noarch/${folder}" -type f)
for file in $files; do
chmod +x $file
done
done
archfolders=$(ls "${SCRIPT_DIR}/bootstrap/$arch/")
for folder in $archfolders; do
cp -r "${SCRIPT_DIR}/bootstrap/${arch}/${folder}" "$rootfs_mnt"
files=$(find "${SCRIPT_DIR}/bootstrap/${arch}/${folder}" -type f)
for file in $files; do
chmod +x $file
done
done
printf "#!/bin/busybox sh \n /bin/busybox --install /bin" > "$rootfs_mnt"/installbins
chmod +x "$rootfs_mnt"/installbins
# we do this inside the init script now
# chroot "$rootfs_mnt" "/installbins"
create_stateful "$loopdev" create_stateful "$loopdev"
mount "$loopdev"p1 "$state_mnt"
mkdir -p "$state_mnt"/dev_image/etc/
touch "$state_mnt"/dev_image/etc/lsb-factory
echo "adding kernel priorities" echo "adding kernel priorities"
"$CGPT" add "$loopdev" -i 2 -t kernel -P 15 -T 15 -S 1 -R 1 -l KERN-A "$CGPT" add "$loopdev" -i 2 -t kernel -P 1
"$CGPT" add "$loopdev" -i 3 -t rootfs -l ROOT-A "$CGPT" add "$loopdev" -i 3 -t rootfs
echo "cleaning up" echo "cleaning up"
losetup -D losetup -D
truncate_image "$SHIM" truncate_image "$SHIM"
umount "$loopdev"p3
umount "$loopdev"p1
rm -rf $initramfs rm -rf $initramfs
rm -rf $rootfs_mnt rm -rf $rootfs_mnt
umount "$loopdev"p3