serene

cpey · Aug 13, 2021 · dbef923 · dbef923
commit dbef923
Show file tree

Hide file tree

Showing 12 changed files with 282 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+rootfs/
+src/
+build/
+initramfs/
+*.sw?
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule "src/linux"]
+	path = src/linux
+	url = git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
+[submodule "src/dropbear"]
+	path = src/dropbear
+	url = [email protected]:mkj/dropbear.git
+[submodule "src/busybox"]
+	path = src/busybox
+	url = git://git.busybox.net/busybox
diff --git a/README.md b/README.md
@@ -0,0 +1,50 @@
+# serene
+Collection of scripts to automate VM creation for testing Linux kernel builds.
+
+## Workflow example
+
+1. Pull the Linux source code
+
+  > $ git submodule update --init -- src/linux
+
+2. Create rootfs and local configurations
+
+  > $ ./tools/create-rootfs.sh
+
+3. Make default kernel config 
+
+  > $ ./tools/make-defconfig.sh
+
+4. Build the Linux kernel
+
+  > $ ./tools/build-kernel.sh
+
+5. Start VM
+
+  > $ ./tools/start-vm.sh
+
+6. SSH into vm
+
+  > $ ssh test
+
+7. Stop VM
+
+  > $ ./tools/stop-vm.sh
+
+## Arguments to the VM
+
+Optional arguments to `start-vm.sh`:
+
+> -c: CPU security related parameters (smep, smap)
+> -k: Kernel security (kpti=1, kaslr)
+
+Examples:
+
+> $ ./tools/start-vm.sh -c smep
+> $ ./tools/start-vm.sh -c smap
+> $ ./tools/start-vm.sh -c smep,smap
+> $ ./tools/start-vm.sh -k kpti=1
+> $ ./tools/start-vm.sh -k kaslr
+> $ ./tools/start-vm.sh -k kpti=1,kaslr
+> $ ./tools/start-vm.sh -c smep,smap -k kpti=1,kaslr
+
diff --git a/tools/build-kernel.sh b/tools/build-kernel.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+TOOLS_DIR=$(echo $0 | sed  "s/\(.*\)\(\/.*\)/\1/g")
+LINUX_SRC=$TOOLS_DIR/../src/linux
+CWD=$(pwd)
+
+cd $LINUX_SRC
+make -j`nproc`
+if [[ ! $? -eq 0 ]]; then
+    exit -1
+fi
+
+cd $CWD
+$TOOLS_DIR/copy-linux-build.sh
+$TOOLS_DIR/stop-vm.sh
+$TOOLS_DIR/start-vm.sh
diff --git a/tools/config.sh b/tools/config.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+USER=test
+PASSWD=test
+VM_NAME=test
+VM_PORT=6022
+SSH_KEY_NAME=id_ed25519_ktest
+VM_ARCH=amd64
+DEBIAN_VERSION=buster
+ROOTFS_IMG=qemu-image.img
diff --git a/tools/copy-linux-build.sh b/tools/copy-linux-build.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+TOOLS_DIR=$(echo $0 | sed  "s/\(.*\)\(\/.*\)/\1/g")
+LINUX_SRC=$TOOLS_DIR/../src/linux
+LINUX_IMG=$LINUX_SRC/arch/x86_64/boot/bzImage
+BUILD_DIR=$TOOLS_DIR/../build
+OUTDIR=$BUILD_DIR/linux/arch/x86_64/boot
+
+if [[ -d $OUTDIR ]]; then
+    rm -r $OUTDIR
+fi
+
+mkdir -p $OUTDIR
+cp $LINUX_IMG $OUTDIR
diff --git a/tools/create-initramfs.sh b/tools/create-initramfs.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+TOOLS_DIR=$(echo $0 | sed  "s/\(.*\)\(\/.*\)/\1/g")
+INITRAMFS_DIR=$TOOLS_DIR/../initramfs/
+INITRAMFS_TREE=$INITRAMFS_DIR/x86-busybox
+INITRAMFS_CPIO=initramfs-busybox-x86.cpio.gz
+BUSYBOX=$TOOLS_DIR/../src/busybox/_install
+
+# initramfs
+rm -r $INITRAMFS_TREE
+mkdir -p $INITRAMFS_TREE
+cd $INITRAMFS_TREE
+mkdir -pv {bin,sbin,etc,proc,sys,usr/{bin,sbin}}
+cp -av $BUSYBOX/* .
+
+# init
+cat > $INITRAMFS_TREE/init << EOF
+#!/bin/sh
+
+mount -t proc none /proc
+mount -t sysfs none /sys
+
+echo -e "\nBoot took $(cut -d' ' -f1 /proc/uptime) seconds\n"
+
+exec /bin/sh
+EOF
+chmod +x $INITRAMFS_TREE/init
+
+# generate cpio
+find . -print0 \
+    | cpio --null -ov --format=newc \
+    | gzip -9 > $INITRAMFS_DIR/$INITRAMFS_CPIO
diff --git a/tools/create-rootfs.sh b/tools/create-rootfs.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+set -x
+TOOLS_DIR=$(echo $0 | sed  "s/\(.*\)\(\/.*\)/\1/g")
+source $TOOLS_DIR/config.sh
+BASE=$TOOLS_DIR/../rootfs
+IMG=$BASE/$ROOTFS_IMG
+DIR=$BASE/mount-point.dir
+HASHED_PASSWD=$(openssl passwd -crypt $PASSWD)
+
+if [[ ! -d $BASE ]]; then
+    mkdir $BASE
+fi
+
+if [[ ! -d $DIR ]]; then
+    mkdir $DIR
+fi
+
+# Setup SSH key
+SSH_KEY=~/.ssh/$SSH_KEY_NAME
+SSH_CONFIG=$(cat <<-EOM
+
+Host $VM_NAME
+    Hostname localhost
+    Port $VM_PORT
+    User $USER
+    IdentityFile $SSH_KEY
+EOM
+)
+
+if [[ ! -e $SSH_KEY ]]; then
+    ssh-keygen -t ed25519 -f $SSH_KEY -N ''
+    cp ~/.ssh/config ~/.ssh/config.old
+    echo "$SSH_CONFIG" >> ~/.ssh/config
+fi
+SSH_KEY_PUB=$(cat $SSH_KEY.pub)
+
+# Create image
+qemu-img create $IMG 1g
+mkfs.ext4 $IMG
+sudo mount -o loop $IMG $DIR
+sudo debootstrap --arch $VM_ARCH $DEBIAN_VERSION $DIR
+
+# Configure the image
+CONFIG_CMDS=(
+    "passwd"
+    "adduser --disabled-password --gecos \"\" $USER"
+    "echo $USER:$PASSWD | chpasswd"
+    "apt install openssh-server sudo net-tools"
+    "usermod -aG sudo $USER"
+    "echo \"$USER    ALL= NOPASSWD: ALL\" >> /etc/sudoers"
+    "echo -e \"allow-hotplug enp0s3\niface enp0s3 inet dhcp\" >> /etc/network/interfaces"
+    "mkdir /home/$USER/.ssh"
+    "echo $SSH_KEY_PUB > /home/$USER/.ssh/authorized_keys"
+)
+
+for cmd in "${CONFIG_CMDS[@]}"; do
+    sudo chroot $DIR /bin/bash -c "$cmd"
+done
+
+sudo umount $DIR
+rmdir $DIR
diff --git a/tools/install-module.sh b/tools/install-module.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+MODULE=$1
+DEVICE=$2
+
+if [[ ! -n $MODULE ]]; then
+    echo "Please specify the module you wish to install"
+    exit 1
+fi
+
+ssh test "sudo insmod $MODULE"
+
+if [[ -n $DEVICE ]]; then
+    ssh test "sudo chmod 666 $DEVICE"
+fi
diff --git a/tools/make-defconfig.sh b/tools/make-defconfig.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+TOOLS_DIR=$(echo $0 | sed  "s/\(.*\)\(\/.*\)/\1/g")
+LINUX_SRC=$TOOLS_DIR/../src/linux
+
+CWD=`pwd`
+
+cd $LINUX_SRC
+make defconfig
+make x86_64_defconfig
+make kvm_guest.config
diff --git a/tools/start-vm.sh b/tools/start-vm.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+# Optional arguments:
+#  ./start-vm.sh -c smep
+#  ./start-vm.sh -c smap
+#  ./start-vm.sh -c smep,smap
+#  ./start-vm.sh -k kpti=1
+#  ./start-vm.sh -k kaslr
+#  ./start-vm.sh -k kpti=1,kaslr
+#  ./start-vm.sh -c smep,smap -k kpti=1,kaslr
+
+TOOLS_DIR=$(echo $0 | sed  "s/\(.*\)\(\/.*\)/\1/g")
+source $TOOLS_DIR/config.sh
+KERNEL_BUILD=$TOOLS_DIR/../build/linux/arch/x86_64/boot/bzImage 
+ROOTFS=$TOOLS_DIR/../rootfs/$ROOTFS_IMG
+
+CPU="kvm64"
+CMD_LINE="root=/dev/sda rw console=ttyS0"
+
+POSITIONAL=()
+while [[ $# -gt 0 ]]
+do
+key="$1"
+case $key in
+    -c|--cpu-sec)
+    MITIGATION="$2"
+    CPU=$CPU,$MITIGATION
+    shift # past argument
+    shift # past value
+    ;;
+    -k|--kernel-sec)
+    MITIGATION=`echo "$2" | sed "s/,/ /g"`
+    CMD_LINE="$CMD_LINE $MITIGATION"
+    shift # past argument
+    shift # past value
+    ;;
+    --default)
+    DEFAULT=YES
+    shift # past argument
+    ;;
+    *)    # unknown option
+    POSITIONAL+=("$1") # save it in an array for later
+    shift # past argument
+    ;;
+esac
+done
+
+qemu-system-x86_64 \
+    -kernel $KERNEL_BUILD \
+    -cpu $CPU \
+    -drive file=$ROOTFS,index=0,media=disk,format=raw \
+    -enable-kvm \
+    -append "$CMD_LINE" \
+    -nographic \
+    -netdev user,id=net0,hostfwd=tcp::$VM_PORT-:22 \
+    -device e1000,netdev=net0 &
diff --git a/tools/stop-vm.sh b/tools/stop-vm.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ssh test "sudo /usr/sbin/shutdown -h now"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		ssh test "sudo /usr/sbin/shutdown -h now"