Add initcpio script to autodetect external luks root key

2025-06-29 12:10:42 +00:00 · 2021-11-24 00:04:32 +01:00 · 2021-11-24 00:04:32 +01:00 · 4929c281d2
commit 4929c281d2
parent caef6a84c5
3 changed files with 55 additions and 1 deletions
--- a/root/etc/initcpio/hooks/lukskeyfile
+++ b/root/etc/initcpio/hooks/lukskeyfile
@ -0,0 +1,27 @@
+#!/bin/ash
+
+run_hook() {
+    if [ -n "$lukskeyfile" ]; then
+        # This is a needed kernel parameter for this hook
+        modprobe -a -q loop dm-crypt >/dev/null 2>&1
+        # Refer to help from `mkinitcpio -H lukskeyfile`.
+        IFS=: read rootKeyDev rootKey cryptkeyLoc <<EOF
+$lukskeyfile
+EOF
+
+        if [ -z "${cryptkeyLoc}" ]; then
+            cryptkeyLoc=/crypto_keyfile.bin
+        fi
+
+        if resoleved=$(resolve_device "${rootKeyDev}" $rootdelay); then
+            if mount -o noatime "${rootKeyDev}" /mnt>/dev/null 2>&1; then
+                cat "/mnt/${rootKey}" > "${cryptkeyLoc}"
+            else
+                echo "Failed to mount ${rootKeyDev} on /mnt"
+                /bin/sh
+            fi
+        else
+            echo "Failed to find ${rootKeyDev} containing LUKS root key."
+        fi
+    fi
+}