80 lines
2.5 KiB
Diff
80 lines
2.5 KiB
Diff
From f855f9daafe8f5f53c5bf78188587a18e9aca142 Mon Sep 17 00:00:00 2001
|
|
From: Leho Kraav <leho@kraav.com>
|
|
Date: Tue, 24 Jul 2012 15:08:53 +0300
|
|
Subject: [PATCH] 91crypt-loop: open root device with a key inside encrypted
|
|
loop container
|
|
|
|
---
|
|
modules.d/91crypt-loop/crypt-loop-lib.sh | 40 ++++++++++++++++++++++++++++++++
|
|
modules.d/91crypt-loop/module-setup.sh | 14 +++++++++++
|
|
2 files changed, 54 insertions(+)
|
|
create mode 100644 modules.d/91crypt-loop/crypt-loop-lib.sh
|
|
create mode 100644 modules.d/91crypt-loop/module-setup.sh
|
|
|
|
diff --git a/modules.d/91crypt-loop/crypt-loop-lib.sh b/modules.d/91crypt-loop/crypt-loop-lib.sh
|
|
new file mode 100644
|
|
index 0000000..63a553c
|
|
--- /dev/null
|
|
+++ b/modules.d/91crypt-loop/crypt-loop-lib.sh
|
|
@@ -0,0 +1,40 @@
|
|
+#!/bin/sh
|
|
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
|
+# ex: ts=4 sw=4 sts=0 et filetype=sh
|
|
+
|
|
+command -v ask_for_password >/dev/null || . /lib/dracut-crypt-lib.sh
|
|
+
|
|
+# loop_decrypt mnt_point keypath keydev device
|
|
+#
|
|
+# Decrypts symmetrically encrypted key to standard output.
|
|
+#
|
|
+# mnt_point - mount point where <keydev> is already mounted
|
|
+# keypath - LUKS encrypted loop file path relative to <mnt_point>
|
|
+# keydev - device on which key resides; only to display in prompt
|
|
+# device - device to be opened by cryptsetup; only to display in prompt
|
|
+loop_decrypt() {
|
|
+ local mntp="$1"
|
|
+ local keypath="$2"
|
|
+ local keydev="$3"
|
|
+ local device="$4"
|
|
+
|
|
+ local key="/dev/mapper/$(basename $mntp)"
|
|
+
|
|
+ if [ ! -b $key ]; then
|
|
+ info "Keyfile has .img suffix, treating it as LUKS-encrypted loop keyfile container to unlock $device"
|
|
+
|
|
+ local loopdev=$(losetup -f "${mntp}/${keypath}" --show)
|
|
+ local opts="-d - luksOpen $loopdev $(basename $key)"
|
|
+
|
|
+ ask_for_password \
|
|
+ --cmd "cryptsetup $opts" \
|
|
+ --prompt "Password ($keypath on $keydev for $device)" \
|
|
+ --tty-echo-off
|
|
+
|
|
+ [ -b $key ] || die "Tried setting it up, but keyfile block device was still not found!"
|
|
+ else
|
|
+ info "Existing keyfile found, re-using it for $device"
|
|
+ fi
|
|
+
|
|
+ cat $key
|
|
+}
|
|
diff --git a/modules.d/91crypt-loop/module-setup.sh b/modules.d/91crypt-loop/module-setup.sh
|
|
new file mode 100644
|
|
index 0000000..8170694
|
|
--- /dev/null
|
|
+++ b/modules.d/91crypt-loop/module-setup.sh
|
|
@@ -0,0 +1,14 @@
|
|
+check() {
|
|
+ type -P losetup >/dev/null || return 1
|
|
+
|
|
+ return 255
|
|
+}
|
|
+
|
|
+depends() {
|
|
+ echo crypt
|
|
+}
|
|
+
|
|
+install() {
|
|
+ dracut_install losetup
|
|
+ inst "$moddir/crypt-loop-lib.sh" "/lib/dracut-crypt-loop-lib.sh"
|
|
+}
|