Extensions not loaded from read-only PBA filesystem

[Jip-Hop]

Hi all, I'm new to Tiny Core Linux

I've been following these instructions [https://fabianstumpf.de/articles/tinycore_images.htm] and successfully made an image with the sedutil-cli binary loaded as an extension. It works great and the extension is loaded fine when booting the image from a USB pendrive. But when I flash the image to the Shadow MBR of a Self Encrypting Drive, to use it as a custom Pre-Boot Authentication environment, the extensions don't load. That's because the Shadow MBR is read-only when booting from it. Manually mounting the /dev/sda1 only works if I mount it as read only. The default fstab rule tries to mount it rw and therefore doesn't seem to load the extensions during startup.

My question is: how should I proceed to make a customized Tiny Core Linux image suitable to boot from a read-only filesystem?

[curaga]

The cde path seems suitable for this, it was made for CDs which are of course read-only. Renaming the tce dir to cde and having the cde bootcode may be enough, but do check the scripts.

[Jip-Hop]

Thanks for the quick reply, much appreciated.

I did as you suggested. Renamed the tce to cde. I now have a boot directory and a cde directory. Inside cde there's onboot.lst, copy2fs.lst and the optional directory with the extensions. The contents of boot/grub/grub.cfg look like this: https://pastebin.com/raw/arnepbyn

linux /boot/vmlinuz libata.allow_tpm=1 loglevel=3 cde

Yet still the extensions aren't loaded when booted from the read-only filesystem. It works in qemu and from a pendrive.

I looked at the scripts, trying to find the condition where it would mount as read-only. It does so here: https://github.com/tinycorelinux/Core-scripts/blob/1ab533e58dc5d175d532d46bcf76123d81038d00/usr/bin/fromISOfile#L54 I tried to add the iso bootcode discussed here: http://forum.tinycorelinux.net/index.php/topic,12786.msg69982.html#msg69982 My conclusion from this is that I'd have to make a remastered ISO file, otherwise it will not mount as read-only, fail to mount and load the extensions.

Is remastering the ISO file the best way? Should I modify the filesystem in core.gz or change the contents of the cde directory?

So far my attempts to remaster the ISO file failed. Would love to know how to do it properly

[Jip-Hop]

I've tried remastering an ISO with https://github.com/elazarl/customize_tinycorelinux, the fork by gstark and this gist: https://gist.github.com/dankrause/2a9ed5ed30fa7f9aaaa2.

But the remastered iso's aren't bootable on my computer after flashing to a USB stick. I flash from balenaEtcher on MacOS and it always gives me this warning: "It looks like this is not a bootable image. The image does not appear to contain a partition table, and might not be recognized or bootable by your device." I also tried flashing with sudo dd if=tinycore.iso of=/dev/rdisk5 bs=1m.

I tried a remastered iso and VirtualBox can boot from it... so I now have the choice between a custom Tiny Linux without extensions or one which would potentially load extensions from a read-only ISO, but won't boot outside of a VM xD

[curaga]

Well, playing with isos is kinda superfluous for your purpose. I would recommend editing the initrd to do what you want, if this system never mounts anything rw, it'd be fine to edit rebuildfstab for example.

http://wiki.tinycorelinux.net/doku.php?id=wiki:remastering

[Jip-Hop]

Thanks again, that might be the right way to do it!

In the mean time I made it work in a roundabout way by loading the ISO from grub:
https://gist.github.com/Jip-Hop/75787e22aa35c3ca6674783adfb39b33

This way the extensions load and I can boot from the read-only Shadow MBR on my Self Encrypting Drive

[Jip-Hop]

I finally succeeded in (properly) making a customized Tiny Core Linux image suitable to use as PBA for a Self Encrypting Drive: https://github.com/Jip-Hop/sedunlocksrv-pba.