Until I develop a captive portal-based mechanism for initially
configuring the WiFi on Raspberry Pi machines, the easiest way to do
initial provisioning is using the CLI via the serial console. Since the
root account has no password, and I don't want to have to specify one in
downstream projects' configurations, I've added a configuration option
to enable automatically launching a root shell connected to the serial
console instead of a login prompt. The security risks here are pretty
minimal, because someone would need phyiscal access to the device in
order to use this shell, in which case they could use any number of
other methods to get control of the system.
We set the default kernel command-line arguments to tell systemd to
spawn a debug shell on the serial console, instead of the default getty.
This will allow tests to run commands directly on the console, without
any authentication, etc.
At this point, we can generate an SD card image that is composed of an
EFI system partition, a SquashFS root partition (a), a blank root
partition (b), and a data partition. On the EFI system partition are
the Raspberry Pi firmware and device trees, U-Boot and GRUB. The
SquashFS filesystem contains the kernel and the whole filesystem tree.
A Raspberry Pi can successfully boot from an SD card containing this
image. It's not quite usable yet, because there's no writable storage
available, or indeed any way to log in.
