#!/bin/sh

BOOTPARTSZ=512M
BOOTLABEL="antievilmaid"

if [ $# != 3 ] ; then
    echo
    echo "usage: $0 <target device> <target boot part #> <current boot dir>"
    echo "This will:"
    echo "0) Format your <target boot part>"
    echo "1) Install TrustedGRUB into <target device>'s MBR and <target boot partition>"
    echo "2) Copy your current boot images from <current boot dir> onto the <target boot partition>"
    echo "3) Copy some additional files needed for Anti Evil Maid onto <target boot partition>"
    echo
    echo "e.g. $0 /dev/sdc 1 /boot"
    echo
    echo "Note: <target boot part #> is counted from 1, which corresonds to /dev/sdX1, and so on."
    echo "Note: <target device> should typically be a removable device"
    echo "Note: You should ensure that <target boot part #> has bootable flag turned on (use e.g. fdisk)"
    echo
    exit 0
fi

ID=$(id -ur)
if [ $ID != 0 ] ; then
    echo "This script should be run as root."
    exit 1
fi

TARGET_DEV=$1
TARGET_BOOT_PARTNO=$2
CURRENT_BOOT_PART=$3

if ! [ -b $TARGET_DEV ] ; then
    echo Wrong target device: $TARGET_DEV
    exit 1
fi

if ! [ -d $CURRENT_BOOT_PART/grub2 ] ; then
    echo "$CURRENT_BOOT_PART doesn't seem to be a boot directory..."
    exit 1
fi

TARGET_PART=${TARGET_DEV}${TARGET_BOOT_PARTNO}
if ! [ -b $TARGET_PART ] ; then
    echo "Boot partition doesn't exist: $TARGET_PART!"
    exit 1
fi

TMP_DIR=`mktemp -d /tmp/antievilmaid-XXXXXXX`

echo "About to format device: $TARGET_PART..."
echo "ALL DATA WILL BE ERASED on this partition!"
echo -n "Type uppercase 'yes' in order to proceed... "

read PROMPT
if [ $PROMPT != "YES" ] ; then
    exit 1
fi

echo "--> Formatting as ext4..."
mkfs.ext4 -q $TARGET_PART

echo "--> Labeling as '$BOOTLABEL'..."
e2label $TARGET_PART $BOOTLABEL

echo "--> Mounting new boot partition..."
MNT=$TMP_DIR/mnt
mkdir $MNT
mount $TARGET_PART $MNT || exit 1


unmount_and_die () {
    umount $MNT && rm -fr $MNT || exit 1
    rm -fr $TMP_DIR
    exit 1
}

echo "--> Copying your boot images..."
for f in $CURRENT_BOOT_PART/* ; do
    [ -d $f ] && continue
    echo "Copying $f"
    cp $f $MNT/ || unmount_and_die
done

echo "--> Rebuilding initramfs modules"
for initramfs in $MNT/initramfs-*.img ; do
    initramfs=`basename $initramfs`
    kernelver=`echo $initramfs | sed 's/initramfs-\(.*\).img/\1/'`
    echo "Generating initramfs $initramfs for kernel $kernelver"
    dracut --force $MNT/$initramfs $kernelver
done

echo "--> Copying grub themes..."
mkdir -p $MNT/grub2/themes/
for d in $CURRENT_BOOT_PART/grub2/themes/* ; do
    echo "Copying theme "`basename $d`
    cp -r $d $MNT/grub2/themes/
done

echo "--> Copying TPM files..."
mkdir $MNT/antievilmaid/
if ! [ -f /var/lib/tpm/system.data ] ; then
    echo "No /var/lib/tpm/system.data file found."
    echo "Seems like you havn't taken ownership of your TPM device..."
    echo "You can use tpm_takeownership to do this."
    unmount_and_die
fi
cp /var/lib/tpm/system.data $MNT/antievilmaid/ || unmount_and_die

echo "--> Installing GRUB2 on the target device..."
grub2-install --boot-directory=$MNT $TARGET_DEV

echo "--> Unmounting new boot partition..."
umount $MNT && rm -fr $MNT || exit 1

echo "--> Switching boot partition to antievilmaid..."
umount $CURRENT_BOOT_PART
mount $TARGET_PART $CURRENT_BOOT_PART

echo "--> Disabling vanilla generation of tboot entries polluting the grub configuration"
chmod -x /etc/grub.d/20_linux_tboot
chmod -x /etc/grub.d/20_linux_xen_tboot

echo "--> Generating grub configuration..."
grub2-mkconfig -o $CURRENT_BOOT_PART/grub2/grub.cfg

echo "--> Reswitching boot partition..."
umount $CURRENT_BOOT_PART
mount $CURRENT_BOOT_PART

#echo "(hd0) $TARGET_DEV" > $TMP_DIR/devices.map
#/usr/lib/antievilmaid/trustedgrub/grub --device-map=$TMP_DIR/devices.map --batch <<EOF
#root (hd0,$(($TARGET_BOOT_PARTNO-1)))
#setup (hd0)
#quit
#EOF
#
rm -fr $TMP_DIR || exit 1
