mirror of
https://github.com/ItsDrike/dotfiles.git
synced 2024-12-25 12:44:35 +00:00
Add initcpio script to autodetect external luks root key
This commit is contained in:
parent
caef6a84c5
commit
4929c281d2
27
root/etc/initcpio/hooks/lukskeyfile
Normal file
27
root/etc/initcpio/hooks/lukskeyfile
Normal file
|
@ -0,0 +1,27 @@
|
|||
#!/bin/ash
|
||||
|
||||
run_hook() {
|
||||
if [ -n "$lukskeyfile" ]; then
|
||||
# This is a needed kernel parameter for this hook
|
||||
modprobe -a -q loop dm-crypt >/dev/null 2>&1
|
||||
# Refer to help from `mkinitcpio -H lukskeyfile`.
|
||||
IFS=: read rootKeyDev rootKey cryptkeyLoc <<EOF
|
||||
$lukskeyfile
|
||||
EOF
|
||||
|
||||
if [ -z "${cryptkeyLoc}" ]; then
|
||||
cryptkeyLoc=/crypto_keyfile.bin
|
||||
fi
|
||||
|
||||
if resoleved=$(resolve_device "${rootKeyDev}" $rootdelay); then
|
||||
if mount -o noatime "${rootKeyDev}" /mnt>/dev/null 2>&1; then
|
||||
cat "/mnt/${rootKey}" > "${cryptkeyLoc}"
|
||||
else
|
||||
echo "Failed to mount ${rootKeyDev} on /mnt"
|
||||
/bin/sh
|
||||
fi
|
||||
else
|
||||
echo "Failed to find ${rootKeyDev} containing LUKS root key."
|
||||
fi
|
||||
fi
|
||||
}
|
27
root/etc/initcpio/install/lukskeyfile
Normal file
27
root/etc/initcpio/install/lukskeyfile
Normal file
|
@ -0,0 +1,27 @@
|
|||
#!/bin/bash
|
||||
|
||||
build() {
|
||||
add_dir "/mnt"
|
||||
add_module loop
|
||||
add_module dm-crypt
|
||||
add_runscript
|
||||
}
|
||||
|
||||
help() {
|
||||
cat <<EOF
|
||||
Open root partition with LUKS root key present on internal
|
||||
or external accessible non-encrypted partition.
|
||||
To use this hook, specify lukskeyfile in kernel parameters.
|
||||
This hook is designed to copy over the specified key file into
|
||||
initramfs internal path designated as cryptkey by encrypt hook.
|
||||
|
||||
lukskeyfile=rootKeyDev:rootKey[:cryptkeyLoc]
|
||||
|
||||
rootKeyDev = /path/to/rootKeyDev, UUID=uuid-of-rootKeyDev
|
||||
rootKey = /path/to/rootKey in rootKeyDev
|
||||
cryptkeyLoc = /path/to/cryptkey in initramfs.
|
||||
|
||||
Default values
|
||||
cryptkeyLoc=/crypto_keyfile.bin
|
||||
EOF
|
||||
}
|
|
@ -51,7 +51,7 @@ FILES=()
|
|||
# usr, fsck and shutdown hooks.
|
||||
#
|
||||
## Edits applied: numlock (requires mkinitcpio-numlock (AUR)), encrypt
|
||||
HOOKS=(base udev autodetect keyboard numlock modconf block encrypt filesystems fsck)
|
||||
HOOKS=(base udev autodetect keyboard numlock modconf block lukskeyfile encrypt filesystems fsck)
|
||||
|
||||
# COMPRESSION
|
||||
# Use this to compress the initramfs image. By default, zstd compression
|
||||
|
|
Loading…
Reference in a new issue