Remove dev shim support from initramfs.

init

 #!/bin/sh -x
 
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # /init script for use in factory install shim.  Requires busybox in
 # /bin/busybox, and a symlink from /bin/sh -> busybox.
 
 # USB card partition and mount point.
 USB_DEVS="sdb3 sdc3 mmcblk1p3"
-USB_SHIM_DEVS="sdb1 sdc1 mmcblk1p1"
 USB_MNT=/usb
 REAL_USB_DEV=
 DM_NAME=
 
 DST=
 
 STATEFUL_MNT=/stateful
 STATE_DEV=
 
 LOG_DEV=
 LOG_FILE="/log/recovery.log"
 
 TPM_B_LOCKED=
 TPM_PP_LOCKED=
 
-# Developer script to run
-SHIM_SCRIPT="$STATEFUL_MNT/userdir/runme"
-SHIM_VBLOCK="$STATEFUL_MNT/userdir/runme.vblock"
-
 KERN_B_VBLOCK="$STATEFUL_MNT/vmlinuz_hd.vblock"
 REAL_KERN_B_HASH=
 
 MOVE_MOUNTS="/sys /proc /dev"
 
 # To be updated to keep logging after move_mounts.
 TTY_PATH="/dev/tty"
 TAIL_PID=
 
 # Used to ensure the factory check only occurs with
@@ skipping 126 matching lines @@
   dmsetup remove "$DM_NAME"
 
   # If we found a valid rootfs earlier, then we're done.
   USB_DEV="$REAL_USB_DEV"
   [ -z "$USB_DEV" ] && return 1
   set_unofficial_root || return 1
   mount_usb || return 1
   return 0
 }
 
-# If this kernel image has been placed on a drive with only a
-# stateful partition, root detection will rightly fail.  However,
-# we can still run a developer supplied script so we will pretend
-# stateful is the root (USB_DEV).
-find_shim_root() {
-  # Lock the TPM prior to using an untrusted root.
-  lock_tpm || return 1
-  plog "\nSearching for an alternate recovery image . . ."
-  dlog -n "Waiting for $USB_SHIM_DEVS to appear"
-  for try in $(seq 20); do
-    plog " ."
-    for dev in $USB_SHIM_DEVS; do
-      if [ -b "/dev/${dev}" ]; then
-        USB_DEV="/dev/${dev}"
-        REAL_USB_DEV="$USB_DEV"
-        dlog "Found $USB_DEV"
-        set_unofficial_root || on_error
-        mount_usb || return 1
-        return 0
-      fi
-    done
-    sleep 1
-  done
-  return 1
-}
-
 # If we have a verified recovery root, ensure all blocks are valid before
 # handing it off to the installer.
 validate_recovery_root() {
   # Allow test recovery roots that are unverified.
   [ "$USB_DEV" = "/dev/dm-0" ] || return 0
   is_unofficial_root && return 0
 
   plog "Validating official recovery image . . . "
   # Ensure the verified rootfs is fully intact or fail with no USB_DEV.
   # REAL_USB_DEV is left intact.
@@ skipping 208 matching lines @@
     verify_kernel_signature "$kdev" "/tmp/kern.keyblock" || continue
     log " done."
     return 0
   done
 
   log " failed."
   dev_wait_or_error
   return 0
 }
 
-# Never returns on success.
-attempt_shim_script() {
-  # TODO(wad) Add static root of trust validation then remove the next line.
-  #           http://crosbug/8390
-  is_developer_mode || return 1
-
-  # Now we will either install a colocated Chromium OS image by
-  # checking the keys on KERN-B against any on disk (KERN-[ABC])
-  # or by checking a signed script on stateful.
-  dlog "Checking for a shim script . . ."
-  [ -x "$SHIM_SCRIPT" ] || return 1
-  [ -f "$SHIM_VBLOCK" ] || return 1
-  log "Shim script and signing file found!"
-
-  plog "Verifying the signature on the script . . ."
-  # Extract pubkey and check signature
-  if ! dev_sign_file --verify "$SHIM_SCRIPT" \
-                     --vblock "$SHIM_VBLOCK" \
-                     --keyblock /tmp/shim.keyblock; then
-    log " failed."
-  fi
-  log " done."
-
-  # If we're not in developer mode, this will be terminal on failure.
-  check_key_or_wait /tmp/shim.keyblock
-
-  # Run the user supplied script. It is done in the current environment
-  # to avoid needing anything other than the script/program on the partition.
-  log "Executing shim script . . ."
-
-  dlog "calling $SHIM_SCRIPT with exec"
-  # Fix up the input/output
-  stop_log_file
-  set +x
-  exec &> "$TTY_PATH"1
-  exec < "$TTY_PATH"1
-  # Call the script!
-  exec "$SHIM_SCRIPT"
-
-  # Never reached.
-  save_log_file
-  return 0
-}
-
 get_kern_b_device() {
   # TODO(wad) By changing boot priority, could we end up
   # checking the recovery image or the recovery image could not
   # be in slot A. In that case, it should fail in normal mode.
   KERN_B_DEV=${REAL_USB_DEV%[0-9]*}4
   if [ ! -b "${KERN_B_DEV}" ]; then
     return 1
   fi
   return 0
 }
@@ skipping 123 matching lines @@
 set_unofficial_root() {
   UNOFFICIAL_ROOT=1
   return 0
 }
 
 recover_system() {
   local source=$(strip_partition "$REAL_USB_DEV")
   dlog "Beginning system recovery from $source"
 
   recovery_wait
-
-  if is_unofficial_root; then
-    dlog "Attempting to use shim  . . ."
-    # Mounting read only so a journal is not needed.
-    # If it fails, we can still proceed on a normal recovery path.
-    mount -n -o ro -t ext2 "$STATE_DEV" "$STATEFUL_MNT"
-    attempt_shim_script  # never returns on success.
-    umount "$STATEFUL_MNT"
-  fi
-
+  
   # If we're not running a developer script then we're either
   # installing a developer image or an official one. If we're
   # in normal recovery mode, then we require that the KERN-B
   # on the recovery image matches the hash on the command line.
   # In developer mode, we will just check the keys.
   verify_install_kernel || return 1
 
   # Only clear on full installs. Shim scripts can call tpmc if they
   # like.  Only bGlobalLock will be in place in advance.
   clear_tpm || return 1
@@ skipping 100 matching lines @@
   export_args $(cat /proc/cmdline | sed -e 's/"[^"]*"/DROPPED/g')
 
   if is_developer_mode; then
     log "! Your computer's developer mode switch is in the ENABLED position."
     log "!"
     log "! If this is unintentional, you should power off and toggle it back "
     log "! after recovery is completed."
     log ""
   fi
 
-  if find_official_root || find_developer_root || find_shim_root; then
+  if find_official_root || find_developer_root; then
     log " found."
   else
     log " not found."
     on_error
   fi
 
   # Extract the real boot source which may be masked by dm-verity.
   get_stateful_dev || on_error
 
   # Check if we want to run from RAM, in the factory.
@@ skipping 16 matching lines @@
 
   # Always lock the TPM.  If a NVRAM reset is ever needed, we can change it.
   lock_tpm || on_error
 
   # Perform a full device mapper root validation to avoid any unexpected
   # failures during postinst.  It also allows us to detect if the root is
   # intentionally mismatched - such as during Chromium OS recovery with a
   # Chrome OS recovery kernel.
   if ! validate_recovery_root; then
     is_developer_mode || on_error
-    find_developer_root || find_shim_root || on_error
+    find_developer_root || on_error
     log " found."
     # This logic is duplicated to avoid double validating factory media.  It
     # will only be hit if a verified root can be mounted but is actually not
     # intact.
     get_stateful_dev || on_error
   fi
 
   get_dst || on_error
 
   recover_system || on_error
@@ skipping 16 matching lines @@
   exit 0
 }
 
 # Make this source-able for testing.
 if [ "$0" = "/init" ]; then
   main "$@"
   # Should never reach here.
   exit 1
 fi