mirror of
https://github.com/ItsDrike/dotfiles.git
synced 2024-12-26 13:14:35 +00:00
Add initcpio script to autodetect external luks root key
This commit is contained in:
parent
caef6a84c5
commit
4929c281d2
27
root/etc/initcpio/hooks/lukskeyfile
Normal file
27
root/etc/initcpio/hooks/lukskeyfile
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/ash
|
||||||
|
|
||||||
|
run_hook() {
|
||||||
|
if [ -n "$lukskeyfile" ]; then
|
||||||
|
# This is a needed kernel parameter for this hook
|
||||||
|
modprobe -a -q loop dm-crypt >/dev/null 2>&1
|
||||||
|
# Refer to help from `mkinitcpio -H lukskeyfile`.
|
||||||
|
IFS=: read rootKeyDev rootKey cryptkeyLoc <<EOF
|
||||||
|
$lukskeyfile
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -z "${cryptkeyLoc}" ]; then
|
||||||
|
cryptkeyLoc=/crypto_keyfile.bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
if resoleved=$(resolve_device "${rootKeyDev}" $rootdelay); then
|
||||||
|
if mount -o noatime "${rootKeyDev}" /mnt>/dev/null 2>&1; then
|
||||||
|
cat "/mnt/${rootKey}" > "${cryptkeyLoc}"
|
||||||
|
else
|
||||||
|
echo "Failed to mount ${rootKeyDev} on /mnt"
|
||||||
|
/bin/sh
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Failed to find ${rootKeyDev} containing LUKS root key."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
27
root/etc/initcpio/install/lukskeyfile
Normal file
27
root/etc/initcpio/install/lukskeyfile
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
build() {
|
||||||
|
add_dir "/mnt"
|
||||||
|
add_module loop
|
||||||
|
add_module dm-crypt
|
||||||
|
add_runscript
|
||||||
|
}
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat <<EOF
|
||||||
|
Open root partition with LUKS root key present on internal
|
||||||
|
or external accessible non-encrypted partition.
|
||||||
|
To use this hook, specify lukskeyfile in kernel parameters.
|
||||||
|
This hook is designed to copy over the specified key file into
|
||||||
|
initramfs internal path designated as cryptkey by encrypt hook.
|
||||||
|
|
||||||
|
lukskeyfile=rootKeyDev:rootKey[:cryptkeyLoc]
|
||||||
|
|
||||||
|
rootKeyDev = /path/to/rootKeyDev, UUID=uuid-of-rootKeyDev
|
||||||
|
rootKey = /path/to/rootKey in rootKeyDev
|
||||||
|
cryptkeyLoc = /path/to/cryptkey in initramfs.
|
||||||
|
|
||||||
|
Default values
|
||||||
|
cryptkeyLoc=/crypto_keyfile.bin
|
||||||
|
EOF
|
||||||
|
}
|
|
@ -51,7 +51,7 @@ FILES=()
|
||||||
# usr, fsck and shutdown hooks.
|
# usr, fsck and shutdown hooks.
|
||||||
#
|
#
|
||||||
## Edits applied: numlock (requires mkinitcpio-numlock (AUR)), encrypt
|
## Edits applied: numlock (requires mkinitcpio-numlock (AUR)), encrypt
|
||||||
HOOKS=(base udev autodetect keyboard numlock modconf block encrypt filesystems fsck)
|
HOOKS=(base udev autodetect keyboard numlock modconf block lukskeyfile encrypt filesystems fsck)
|
||||||
|
|
||||||
# COMPRESSION
|
# COMPRESSION
|
||||||
# Use this to compress the initramfs image. By default, zstd compression
|
# Use this to compress the initramfs image. By default, zstd compression
|
||||||
|
|
Loading…
Reference in a new issue