#!/bin/bash
#
# SPDX-FileCopyrightText: Copyright (c) 2016-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: BSD-3-Clause
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

SCRIPT_NAME=$(basename "${0}")
if [ $(id -u) -ne 0 ]; then
	echo "${SCRIPT_NAME} - ERROR: Run this script as a root user"
	exit 1
fi

is_l4tdroid=$(grep l4tdroid /proc/cmdline)
if [[ ${is_l4tdroid} =~ "l4tdroid" ]]; then
	KERNEL_VERSION=$(uname -r)
	insmod /lib/modules/"${KERNEL_VERSION}"/kernel/drivers/staging/android/ashmem_linux.ko
	insmod /lib/modules/"${KERNEL_VERSION}"/kernel/drivers/android/binder_linux.ko
fi

if [[ ${is_l4tdroid} =~ "l4tdroid" ]]; then
	# Enable unprivileged eBPF for l4tdroid
	sysctl kernel.unprivileged_bpf_disabled=0
else
	# Disable unprivileged eBPF to reduce the attack surface regarding spectre-v2 attacks
	sysctl kernel.unprivileged_bpf_disabled=1
fi

# load kdump-kernel if memroy reserved for crashkernel
is_kdump_enabled=$(grep crashkernel /proc/cmdline)
if [[ ${is_kdump_enabled} =~ "crashkernel" ]]; then
	# retrieve kernel_dtb from dtsfilename and append "-kexec" as suffix in kernel-dtb name
	dtsfilename=$(</proc/device-tree/nvidia,dtsfilename tr '\0' '\n')
	kdump_dtb=$(echo "${dtsfilename##*/}" | sed 's/.dts";/-kexec.dtb/');
	if [ -f "/boot/${kdump_dtb}" ]; then
		dtc -I dtb -O dts "/boot/${kdump_dtb}" -o /tmp/temp_kdump.dts \
			2>/dev/null
		grep "nvidia,ether-mac" /tmp/temp_running.dts | \
		while read -r line; do
			sed -i "/chosen {/a \\\t\t${line}" /tmp/temp_kdump.dts;
		done
		dtc -I dts -O dtb /tmp/temp_kdump.dts -o "/boot/${kdump_dtb}" \
			2>/dev/null
		rm /tmp/temp_kdump.dts;
		# remove "crashkernel" kernel-parameter from running kernel and pass to kdump-kernel-parameter
		kdump_kernel_parameter=$(sed "s/crashkernel=.* \(root=.*\)/\1/" /proc/cmdline)
		# load kdump-kernel with "-p" ("i" to not-check integrity) option so that kdump-kernel triggers after production kernel-panic
		kexec -ip /boot/Image --append="${kdump_kernel_parameter} \
			earlycon=uart8250,mmio32,0x0c280000 keep_bootcon" \
			--dtb="/boot/${kdump_dtb}"
	fi
fi

# mmc read ahead size
if [ -e /sys/block/mmcblk0/queue/read_ahead_kb ]; then
	echo 2048 > /sys/block/mmcblk0/queue/read_ahead_kb
fi

if [ -e /sys/block/mmcblk1/queue/read_ahead_kb ]; then
	echo 2048 > /sys/block/mmcblk1/queue/read_ahead_kb
fi

# Ensure libglx.so is not overwritten by a distribution update of Xorg
# Alternatively, package management tools could be used to prevent updates
ARCH=$(uname -m)
if [ "${ARCH}" = "aarch64" ]; then
	LIB_DIR="/usr/lib/aarch64-linux-gnu"
fi

# Add gdm in video group
getent passwd gdm > /dev/null
if [ $? -eq 0 ]; then
	adduser gdm video
fi

# Add lightdm in video group
grep "lightdm" "/etc/group" > /dev/null
if [ $? -eq 0 ]; then
	groups "lightdm" | grep "video" > /dev/null
	if [ $? -eq 1 ]; then
		addgroup "lightdm" "video"
	fi
fi

if [ -e "/var/lib/lightdm" ]; then
	sudo chown lightdm:lightdm /var/lib/lightdm -R
fi
