🔥码云GVP开源项目 12k star Uniapp+ElementUI 功能强大 支持多语言、二开方便! 广告
# 定制Chromebook镜像 针对开发者,如下的文档描述我们创建**个性化的Kali Linux Samsung chromebook ARM镜像**的方法.如果你想安装预发的Kali image,查阅我们的文档[在三星Chromebook安装Kali](http://cn.docs.kali.org/armel-armhf-cn/%e5%9c%a8%e4%b8%89%e6%98%9fchromebook%e5%ae%89%e8%a3%85kali "Install Kali Samsung Chromebook"). 本文档中,我们创建一个镜像(包含两种引导分区) – 一种分区包含了强制从SD卡引导的内核,另一种包含了强制从USB引导的内核.根据你的USB存储媒介的类型,确保你在用dd把镜像克隆到USB设备后(本指南最后的命令),用更高的优先权标志相关的引导分区. #### 01\. 创建Kali rootfs 开始创建我们文档中描述的[Kali rootfs](http://cn.docs.kali.org/development-cn/%e5%87%86%e5%a4%87kali-linux-arm-chroot "Kali ARM rootfs")使用armhf架构.到文档的最后,在**~/arm-stuff/rootfs/kali-armhf**目录里应该有一个里面包含很多文件的**rootfs**目录. #### 02\. 创建镜像文件 下一步,我们创建用于存放我们Chromebook rootfs和引导镜像的物理镜像文件. ``` apt-get install kpartx xz-utils gdisk uboot-mkimage u-boot-tools vboot-kernel-utils vboot-utils cgpt cd ~ mkdir -p arm-stuff cd arm-stuff/ mkdir -p images cd images dd if=/dev/zero of=kali-custom-chrome.img bs=1MB count=5000 ``` #### 03\. 分区和挂载镜像文件 ``` parted kali-custom-chrome.img --script -- mklabel msdos parted kali-custom-chrome.img --script -- mktable gpt gdisk kali-custom-chrome.img << EOF x l 8192 m n 1 +16M 7f00 n 2 +16M 7f00 n 3 w y EOF ``` ``` loopdevice=`losetup -f --show kali-custom-chrome.img` device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/1/g' | head -1` device="/dev/mapper/${device}" bootp1=${device}p1 bootp2=${device}p2 rootp=${device}p3 mkfs.ext4 $rootp mkdir -p root mount $rootp root ``` #### 04\. 复制和修改Kali rootfs 用**rsync**递归复制先前挂载的Kali rootfs镜像. ``` cd ~/arm-stuff/images/ rsync -HPavz ~/arm-stuff/rootfs/kali-armhf/ root echo nameserver 8.8.8.8 > root/etc/resolv.conf mkdir -p root/etc/X11/xorg.conf.d/ cat << EOF > root/etc/X11/xorg.conf.d/50-touchpad.conf Section "InputClass" Identifier "touchpad" MatchIsTouchpad "on" Option "FingerHigh" "5" Option "FingerLow" "5" EndSection EOF ``` #### 05\. 编译三星Chromium内核和模块 如果你不是使用ARM硬件作为开发环境,为了编译ARM内核和模块你应该先建立[ARM交叉编译环境](http://cn.docs.kali.org/development-cn/arm%e4%ba%a4%e5%8f%89%e7%bc%96%e8%af%91 "ARM Cross Compilation").完成后,用如下命令继续. 获取Chromium内核源代码并放到我们的开发树结构中: ``` cd ~/arm-stuff mkdir -p kernel cd kernel git clone http://git.chromium.org/chromiumos/third_party/kernel.git -b chromeos-3.4 chromeos cd chromeos ``` ``` cat << EOF > kernel.its /dts-v1/; / { description = "Chrome OS kernel image with one or more FDT blobs"; #address-cells = <1>; images { kernel@1{ description = "kernel"; data = /incbin/("arch/arm/boot/zImage"); type = "kernel_noload"; arch = "arm"; os = "linux"; compression = "none"; load = <0>; entry = <0>; }; fdt@1{ description = "exynos5250-snow.dtb"; data = /incbin/("arch/arm/boot/exynos5250-snow.dtb"); type = "flat_dt"; arch = "arm"; compression = "none"; hash@1{ algo = "sha1"; }; }; }; configurations { default = "conf@1"; conf@1{ kernel = "kernel@1"; fdt = "fdt@1"; }; }; }; EOF ``` 为内核打补丁,我们以打无线注入补丁为例. ``` mkdir -p ../patches wget http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch -O ../patches/mac80211.patch wget http://patches.aircrack-ng.org/channel-negative-one-maxim.patch -O ../patches/negative.patch patch -p1 < ../patches/negative.patch patch -p1 < ../patches/mac80211.patch ``` 配置,然后像下面一样交叉编译Chromium内核. ``` export ARCH=arm export CROSS_COMPILE=~/arm-stuff/kernel/toolchains/arm-eabi-linaro-4.6.2/bin/arm-eabi- ./chromeos/scripts/prepareconfig chromeos-exynos5 # Disable LSM sed -i 's/CONFIG_SECURITY_CHROMIUMOS=y/# CONFIG_SECURITY_CHROMIUMOS is not set/g' .config # If cross compiling, do this once: sed -i 's/if defined(__linux__)/if defined(__linux__) ||defined(__KERNEL__) /g' include/drm/drm.h make menuconfig make -j$(cat /proc/cpuinfo|grep processor|wc -l) make dtbs cp ./scripts/dtc/dtc /usr/bin/ mkimage -f kernel.its kernel.itb make modules_install INSTALL_MOD_PATH=~/arm-stuff/images/root/ # copy over firmware. Ideally use the original firmware (/lib/firmware) from the Chromebook. git clone git://git.kernel.org/pub/scm/linux/kernel/git/dwmw2/linux-firmware.git cp -rf linux-firmware/* ~/arm-stuff/images/root/lib/firmware/ rm -rf linux-firmware ``` ``` echo "console=tty1 debug verbose root=/dev/mmcblk1p3 rootwait rw rootfstype=ext4" > /tmp/config-sd echo "console=tty1 debug verbose root=/dev/sda3 rootwait rw rootfstype=ext4" > /tmp/config-usb vbutil_kernel --pack /tmp/newkern-sd --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk --config=/tmp/config-sd --vmlinuz kernel.itb --arch arm vbutil_kernel --pack /tmp/newkern-usb --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk --config=/tmp/config-usb --vmlinuz kernel.itb --arch arm ``` #### 06\. 准备引导分区 ``` dd if=/tmp/newkern-sd of=$bootp1 # first boot partition for SD dd if=/tmp/newkern-usb of=$bootp2 # second boot partition for USB umount $rootp kpartx -dv $loopdevice losetup -d $loopdevice ``` #### 07\. 用dd克隆镜像然后标记USB为可引导 ``` dd if=kali-custom-chrome.img of=/dev/sdb bs=512k cgpt repair /dev/sdb ``` 这里,你要给分区1还是分区2标记更高的优先权.数字大则有更高的优先权.如下的例子将把第一个分区(用-i参数)的优先权设置成10,因为我们要从SD卡引导. ``` cgpt add -i 1 -S 1 -T 5 -P 10 -l KERN-A /dev/sdb cgpt add -i 2 -S 1 -T 5 -P 5 -l KERN-B /dev/sdb ``` 使用**cgpt show**命令查看分区的列表和引导顺序. ``` root@kali:~# cgpt show /dev/sdb start size part contents 0 1 PMBR 1 1 Pri GPT header 2 32 Pri GPT table 8192 32768 1 Label: "KERN-A" Type: ChromeOS kernel UUID: 63AD6EC9-AD94-4B42-80E4-798BBE6BE46C Attr: priority=10 tries=5 successful=1 40960 32768 2 Label: "KERN-B" Type: ChromeOS kernel UUID: 37CE46C9-0A7A-4994-80FC-9C0FFCB4FDC1 Attr: priority=5 tries=5 successful=1 73728 3832490 3 Label: "Linux filesystem" Type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 UUID: E9E67EE1-C02E-481C-BA3F-18E721515DBB 125045391 32 Sec GPT table 125045423 1 Sec GPT header root@kali:~# ``` 这个操作完成后,插入SD卡/U盘启动Chromebook(不要插在蓝色的USB口!).在开发者引导提示里按CTRL + ALT + U引导进入到Kali Linux.用(root / toor)登录到Kali,然后运行startx.