# 定制Chromebook鏡像 針對開發者,如下的文檔描述我們創建**個性化的Kali Linux Samsung chromebook ARM鏡像**的方法.如果你想安裝預發的Kali image,查閱我們的文檔[在三星Chromebook安裝Kali](http://cn.docs.kali.org/armel-armhf-cn/%e5%9c%a8%e4%b8%89%e6%98%9fchromebook%e5%ae%89%e8%a3%85kali "Install Kali Samsung Chromebook"). 本文檔中,我們創建一個鏡像(包含兩種引導分區) – 一種分區包含了強制從SD卡引導的內核,另一種包含了強制從USB引導的內核.根據你的USB存儲媒介的類型,確保你在用dd把鏡像克隆到USB設備后(本指南最后的命令),用更高的優先權標志相關的引導分區. #### 01\. 創建Kali rootfs 開始創建我們文檔中描述的[Kali rootfs](http://cn.docs.kali.org/development-cn/%e5%87%86%e5%a4%87kali-linux-arm-chroot "Kali ARM rootfs")使用armhf架構.到文檔的最后,在**~/arm-stuff/rootfs/kali-armhf**目錄里應該有一個里面包含很多文件的**rootfs**目錄. #### 02\. 創建鏡像文件 下一步,我們創建用于存放我們Chromebook rootfs和引導鏡像的物理鏡像文件. ``` apt-get install kpartx xz-utils gdisk uboot-mkimage u-boot-tools vboot-kernel-utils vboot-utils cgpt cd ~ mkdir -p arm-stuff cd arm-stuff/ mkdir -p images cd images dd if=/dev/zero of=kali-custom-chrome.img bs=1MB count=5000 ``` #### 03\. 分區和掛載鏡像文件 ``` parted kali-custom-chrome.img --script -- mklabel msdos parted kali-custom-chrome.img --script -- mktable gpt gdisk kali-custom-chrome.img << EOF x l 8192 m n 1 +16M 7f00 n 2 +16M 7f00 n 3 w y EOF ``` ``` loopdevice=`losetup -f --show kali-custom-chrome.img` device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/1/g' | head -1` device="/dev/mapper/${device}" bootp1=${device}p1 bootp2=${device}p2 rootp=${device}p3 mkfs.ext4 $rootp mkdir -p root mount $rootp root ``` #### 04\. 復制和修改Kali rootfs 用**rsync**遞歸復制先前掛載的Kali rootfs鏡像. ``` cd ~/arm-stuff/images/ rsync -HPavz ~/arm-stuff/rootfs/kali-armhf/ root echo nameserver 8.8.8.8 > root/etc/resolv.conf mkdir -p root/etc/X11/xorg.conf.d/ cat << EOF > root/etc/X11/xorg.conf.d/50-touchpad.conf Section "InputClass" Identifier "touchpad" MatchIsTouchpad "on" Option "FingerHigh" "5" Option "FingerLow" "5" EndSection EOF ``` #### 05\. 編譯三星Chromium內核和模塊 如果你不是使用ARM硬件作為開發環境,為了編譯ARM內核和模塊你應該先建立[ARM交叉編譯環境](http://cn.docs.kali.org/development-cn/arm%e4%ba%a4%e5%8f%89%e7%bc%96%e8%af%91 "ARM Cross Compilation").完成后,用如下命令繼續. 獲取Chromium內核源代碼并放到我們的開發樹結構中: ``` cd ~/arm-stuff mkdir -p kernel cd kernel git clone http://git.chromium.org/chromiumos/third_party/kernel.git -b chromeos-3.4 chromeos cd chromeos ``` ``` cat << EOF > kernel.its /dts-v1/; / { description = "Chrome OS kernel image with one or more FDT blobs"; #address-cells = <1>; images { kernel@1{ description = "kernel"; data = /incbin/("arch/arm/boot/zImage"); type = "kernel_noload"; arch = "arm"; os = "linux"; compression = "none"; load = <0>; entry = <0>; }; fdt@1{ description = "exynos5250-snow.dtb"; data = /incbin/("arch/arm/boot/exynos5250-snow.dtb"); type = "flat_dt"; arch = "arm"; compression = "none"; hash@1{ algo = "sha1"; }; }; }; configurations { default = "conf@1"; conf@1{ kernel = "kernel@1"; fdt = "fdt@1"; }; }; }; EOF ``` 為內核打補丁,我們以打無線注入補丁為例. ``` mkdir -p ../patches wget http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch -O ../patches/mac80211.patch wget http://patches.aircrack-ng.org/channel-negative-one-maxim.patch -O ../patches/negative.patch patch -p1 < ../patches/negative.patch patch -p1 < ../patches/mac80211.patch ``` 配置,然后像下面一樣交叉編譯Chromium內核. ``` export ARCH=arm export CROSS_COMPILE=~/arm-stuff/kernel/toolchains/arm-eabi-linaro-4.6.2/bin/arm-eabi- ./chromeos/scripts/prepareconfig chromeos-exynos5 # Disable LSM sed -i 's/CONFIG_SECURITY_CHROMIUMOS=y/# CONFIG_SECURITY_CHROMIUMOS is not set/g' .config # If cross compiling, do this once: sed -i 's/if defined(__linux__)/if defined(__linux__) ||defined(__KERNEL__) /g' include/drm/drm.h make menuconfig make -j$(cat /proc/cpuinfo|grep processor|wc -l) make dtbs cp ./scripts/dtc/dtc /usr/bin/ mkimage -f kernel.its kernel.itb make modules_install INSTALL_MOD_PATH=~/arm-stuff/images/root/ # copy over firmware. Ideally use the original firmware (/lib/firmware) from the Chromebook. git clone git://git.kernel.org/pub/scm/linux/kernel/git/dwmw2/linux-firmware.git cp -rf linux-firmware/* ~/arm-stuff/images/root/lib/firmware/ rm -rf linux-firmware ``` ``` echo "console=tty1 debug verbose root=/dev/mmcblk1p3 rootwait rw rootfstype=ext4" > /tmp/config-sd echo "console=tty1 debug verbose root=/dev/sda3 rootwait rw rootfstype=ext4" > /tmp/config-usb vbutil_kernel --pack /tmp/newkern-sd --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk --config=/tmp/config-sd --vmlinuz kernel.itb --arch arm vbutil_kernel --pack /tmp/newkern-usb --keyblock /usr/share/vboot/devkeys/kernel.keyblock --version 1 --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk --config=/tmp/config-usb --vmlinuz kernel.itb --arch arm ``` #### 06\. 準備引導分區 ``` dd if=/tmp/newkern-sd of=$bootp1 # first boot partition for SD dd if=/tmp/newkern-usb of=$bootp2 # second boot partition for USB umount $rootp kpartx -dv $loopdevice losetup -d $loopdevice ``` #### 07\. 用dd克隆鏡像然后標記USB為可引導 ``` dd if=kali-custom-chrome.img of=/dev/sdb bs=512k cgpt repair /dev/sdb ``` 這里,你要給分區1還是分區2標記更高的優先權.數字大則有更高的優先權.如下的例子將把第一個分區(用-i參數)的優先權設置成10,因為我們要從SD卡引導. ``` cgpt add -i 1 -S 1 -T 5 -P 10 -l KERN-A /dev/sdb cgpt add -i 2 -S 1 -T 5 -P 5 -l KERN-B /dev/sdb ``` 使用**cgpt show**命令查看分區的列表和引導順序. ``` root@kali:~# cgpt show /dev/sdb start size part contents 0 1 PMBR 1 1 Pri GPT header 2 32 Pri GPT table 8192 32768 1 Label: "KERN-A" Type: ChromeOS kernel UUID: 63AD6EC9-AD94-4B42-80E4-798BBE6BE46C Attr: priority=10 tries=5 successful=1 40960 32768 2 Label: "KERN-B" Type: ChromeOS kernel UUID: 37CE46C9-0A7A-4994-80FC-9C0FFCB4FDC1 Attr: priority=5 tries=5 successful=1 73728 3832490 3 Label: "Linux filesystem" Type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 UUID: E9E67EE1-C02E-481C-BA3F-18E721515DBB 125045391 32 Sec GPT table 125045423 1 Sec GPT header root@kali:~# ``` 這個操作完成后,插入SD卡/U盤啟動Chromebook(不要插在藍色的USB口!).在開發者引導提示里按CTRL + ALT + U引導進入到Kali Linux.用(root / toor)登錄到Kali,然后運行startx.