Gentoo: shielding Linux Startup Information

1. Shield grub Information

On Gentoo, the version of amd64 grub is 0.97-r12. You need to modify the source code to block screen printing.

-Create a local overlay:/usr/local/portage/xxx-overlay and add the following content: portdir_overlay = "/usr/local/portage/xxx-overlay" to/etc/make. conf.

-Create sys-boot-xxx/grub in the local overlay directory and copy the grub-0.97-r12.ebuild (from the Gentoo official portage tree) and metadata. xml here

-Modify the ebuild. Because we need to add our own patches

Epatch_suffix = "patch" epatch "$ {workdir}"/patch

Add the following sentence:

Epatch "$ {filesdir}/<your patch FILENAME>. Patch"

-Create the files directory under the Local overlay directory and put our patch file. Here, my patch file is (which eliminates all normal output ):

diff -u -d -r grub-0.97.bak/stage1/stage1.S grub-0.97/stage1/stage1.S--- grub-0.97.bak/stage1/stage1.S    2012-12-21 19:13:16.864283386 +0800+++ grub-0.97/stage1/stage1.S    2012-12-21 19:41:52.792201571 +0800@@ -151,7 +151,7 @@     pushw    %dx      /* print a notification message on the screen */-    MSG(notification_string)+    /* MSG(notification_string) */      /* do not probe LBA if the drive is a floppy */     testb    $STAGE1_BIOS_HD_FLAG, %dldiff -u -d -r grub-0.97.bak/stage2/boot.c grub-0.97/stage2/boot.c--- grub-0.97.bak/stage2/boot.c    2012-12-21 19:13:16.855282243 +0800+++ grub-0.97/stage2/boot.c    2012-12-21 19:15:08.341435413 +0800@@ -280,8 +280,8 @@     errnum = ERR_WONT_FIT;       else     {-      grub_printf ("   [Linux-%s, setup=0x%x, size=0x%x]\n",-               (big_linux ? "bzImage" : "zImage"), data_len, text_len);+      /* grub_printf ("   [Linux-%s, setup=0x%x, size=0x%x]\n",+               (big_linux ? "bzImage" : "zImage"), data_len, text_len); */        /* Video mode selection support. What a mess!  */       /* NOTE: Even the word "mess" is not still enough todiff -u -d -r grub-0.97.bak/stage2/cmdline.c grub-0.97/stage2/cmdline.c--- grub-0.97.bak/stage2/cmdline.c    2012-12-21 19:13:16.861283005 +0800+++ grub-0.97/stage2/cmdline.c    2012-12-21 19:14:47.768836881 +0800@@ -232,12 +232,12 @@       builtin = find_command (heap);       if (! builtin)     {-      grub_printf ("%s\n", old_entry);+      /* grub_printf ("%s\n", old_entry); */       continue;     } -      if (! (builtin->flags & BUILTIN_NO_ECHO))-    grub_printf ("%s\n", old_entry);+      /* if (! (builtin->flags & BUILTIN_NO_ECHO))+    grub_printf ("%s\n", old_entry); */        /* If BUILTIN cannot be run in the command-line, skip it.  */       if (! (builtin->flags & BUILTIN_CMDLINE))diff -u -d -r grub-0.97.bak/stage2/disk_io.c grub-0.97/stage2/disk_io.c--- grub-0.97.bak/stage2/disk_io.c    2012-12-21 19:13:16.858282624 +0800+++ grub-0.97/stage2/disk_io.c    2012-12-21 19:22:50.732885018 +0800@@ -1351,7 +1351,7 @@ {   if (! do_completion)     {-      printf (" Filesystem type ");+      /* printf (" Filesystem type ");              if (fsys_type != NUM_FSYS)     printf ("is %s, ", fsys_table[fsys_type].name);@@ -1361,7 +1361,8 @@       if (current_partition == 0xFFFFFF)     printf ("using whole disk\n");       else-    printf ("partition type 0x%x\n", current_slice & 0xFF);+    printf ("partition type 0x%x\n", current_slice & 0xFF); */+      return;     } } #endif /* STAGE1_5 */diff -u -d -r grub-0.97.bak/stage2/stage1_5.c grub-0.97/stage2/stage1_5.c--- grub-0.97.bak/stage2/stage1_5.c    2012-12-21 19:13:16.862283132 +0800+++ grub-0.97/stage2/stage1_5.c    2012-12-21 19:24:14.499534514 +0800@@ -30,7 +30,7 @@ void cmain (void) {-  grub_printf ("\n\nGRUB loading, please wait...\n");+  /* grub_printf ("\n\nGRUB loading, please wait...\n"); */    /*    *  Here load the true second-stage boot-loader.diff -u -d -r grub-0.97.bak/stage2/stage2.c grub-0.97/stage2/stage2.c--- grub-0.97.bak/stage2/stage2.c    2012-12-21 19:13:16.857282497 +0800+++ grub-0.97/stage2/stage2.c    2012-12-21 20:02:25.576707562 +0800@@ -288,8 +288,8 @@           grub_timeout--;                      /* Print a message.  */-          grub_printf ("\rPress `ESC' to enter the menu... %d   ",-               grub_timeout);+          /* grub_printf ("\rPress `ESC' to enter the menu... %d   ",+               grub_timeout); */         }     }     }@@ -730,11 +730,11 @@      while (1)     {-      if (config_entries)+      /* if (config_entries)     printf ("  Booting \'%s\'\n\n",         get_entry (menu_entries, first_entry + entryno, 0));       else-    printf ("  Booting command-list\n\n");+    printf ("  Booting command-list\n\n"); */        if (! cur_entry)     cur_entry = get_entry (config_entries, first_entry + entryno, 1);diff -u -d -r grub-0.97.bak/stage2/start.S grub-0.97/stage2/start.S--- grub-0.97.bak/stage2/start.S    2012-12-21 19:13:16.857282497 +0800+++ grub-0.97/stage2/start.S    2012-12-21 20:18:41.119650361 +0800@@ -67,7 +67,7 @@      /* print a notification message on the screen */     pushw    %si-    MSG(notification_string)+    /* MSG(notification_string) */     popw    %si          /* this sets up for the first run through "bootloop" */@@ -293,7 +293,7 @@     /* restore addressing regs and print a dot with correct DS         (MSG modifies SI, which is saved, and unused AX and BX) */     popw    %ds-    MSG(notification_step)+    /* MSG(notification_step) */     popa      /* check if finished with this dataset */@@ -310,7 +310,7 @@  bootit:     /* print a newline */-    MSG(notification_done)+    /* MSG(notification_done) */     popw    %dx    /* this makes sure %dl is our "boot" drive */ #ifdef STAGE1_5     ljmp    $0, $0x2200

-Ebuild grub-0.97-r12.ebuild manifest

-The category of the grub package we created earlier is sys-boot-xxx, which is used to differentiate the system's sys-boot/grub and facilitate emerge's grub. To enable this category to be recognized by emerge, create the profiles directory under our overlay root directory (/usr/local/portage/xxx-overlay, create a new file categories under profiles and enter the file SYS-boot-xxx.

-Emerge-C sys-boot/GRUB

-Emerge-AVT sys-boot-xxx/GRUB, the last one. We made this patch based on the official grub + patch, otherwise the patch won't work ).

-Grub compilation and installation are complete. Run: grub -- no-floppy, And then: Root (hd0, 0)-> setup (hd0)-> quit

-Edit/boot/GRUB/grub. conf and add a line: hiddenmenu, so that the GRUB menu will not appear. If you only set timeout to 0, there is still a flashing screen, so the menu is not allowed here.

-Done. Restart and try again.

 

2. Shielding kernel and Linux Startup information (information generated after init execution)

This is much simpler. It is said on the Internet that adding the kernel Command Option: Console =/dev/null or console =/dev/ttys0 is not blocked, for example, the initial Uncompressing kernel .... Therefore, my approach is to directly turn off all the consoles, that is, the VGA Console (X86 architecture) and framebuffer console, and make menuconfig is easy to handle. You must first enable config_expert. Otherwise, the VGA console defaults to enable and cannot be changed.

 

Done. Now there is nothing except BIOS information.