|
|
|---|
# Open a LUKS device | # Open a LUKS device |
# $1 LUKS device | # $1 LUKS device |
# $2 LUKS name | # $2 LUKS name |
|
# $2 LUKS key (relative path on device) |
|
# $2 LUKS keydevice (containing the key) |
openLUKS() { | openLUKS() { |
|
local cryptsetup_options |
LUKS_DEVICE="$1" | LUKS_DEVICE="$1" |
LUKS_NAME="$2" | LUKS_NAME="$2" |
if [ -e /sbin/cryptsetup ] |
LUKS_KEY="$3" |
|
LUKS_KEYDEV="$4" |
|
if [ ! -e /sbin/cryptsetup ] |
then | then |
|
bad_msg "The initrd does not support LUKS" |
|
else |
while [ 1 ] | while [ 1 ] |
do | do |
if [ "${LUKS_DEVICE}" = '' ] |
if [ "${LUKS_DEVICE}" = 'error' ] |
then | then |
# LUKS device could not be opened. Prompt user for device. | # LUKS device could not be opened. Prompt user for device. |
bad_msg "The LUKS ${LUKS_NAME} block device is not detected." | bad_msg "The LUKS ${LUKS_NAME} block device is not detected." |
echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..." | echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..." |
echo -n "LUKS ${LUKS_NAME}() :: " |
echo -n "LUKS ${LUKS_NAME}($1) :: " |
read LUKS_DEVICE | read LUKS_DEVICE |
|
[ -z $LUKS_DEVICE ] && LUKS_DEVICE="$1" |
|
continue |
|
elif [ "${LUKS_KEY}" = 'error' ] |
|
then |
|
# LUKS key_device could not be opened. Prompt user for device. |
|
bad_msg "The LUKS ${LUKS_KEY} is not found." |
|
echo " Please specify the correct key, "q" to skip, or "shell" for a shell..." |
|
echo -n "LUKS ${LUKS_NAME}($3) :: " |
|
read LUKS_KEY |
|
[ -z $LUKS_KEY ] && LUKS_KEY="$3" |
continue | continue |
elif [ "${LUKS_DEVICE}" = 'shell' ] |
elif [ "${LUKS_KEYDEV}" = 'error' ] |
then | then |
|
# LUKS key_device could not be opened. Prompt user for device. |
|
bad_msg "The LUKS ${LUKS_KEYDEV} device is not detected," |
|
bad_msg "unable to mount or not the one containing the key" |
|
echo " Please specify the correct key device, "q" to skip, or "shell" for a shell..." |
|
echo -n "LUKS ${LUKS_NAME}($4) :: " |
|
read LUKS_KEYDEV |
|
[ -z $LUKS_KEYDEV ] && LUKS_KEYDEV="$4" |
|
continue |
|
elif [ "${LUKS_DEVICE}" = 'shell' -o "${LUKS_KEY}" = 'shell' -o "${LUKS_KEYDEV}" = 'shell' ] |
|
then |
|
echo "To leave and try again just press <Ctrl>+D" |
|
LUKS_DEVICE="$1" |
|
LUKS_KEY="$3" |
|
LUKS_KEYDEV="$4" |
run_shell | run_shell |
|
|
LUKS_DEVICE='' |
|
continue | continue |
elif [ "${LUKS_DEVICE}" = 'q' ] |
elif [ "${LUKS_DEVICE}" = 'q' -o "${LUKS_KEY}" = 'q' -o "${LUKS_KEYDEV}" = 'q' ] |
then | then |
break | break |
else | else |
if cryptsetup isLuks ${LUKS_DEVICE} |
cryptsetup isLuks ${LUKS_DEVICE} |
|
if [ ! "$?" -eq '0' ] |
then | then |
|
bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" |
|
LUKS_DEVICE='error' |
|
continue |
|
else |
|
# Handle keys |
|
if [ -n "$LUKS_KEY" ]; then |
|
# handle key on removable device |
|
if [ -n "$LUKS_KEYDEV" ]; then |
|
# check for and continue on device presence |
|
if [ -e "$LUKS_KEYDEV" ] |
|
then |
|
good_msg "Removable device ${LUKS_KEYDEV} detected." |
|
else |
|
echo "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" |
|
# # abort after 20 secs |
|
count=20 |
|
while [ $count -gt 0 ] |
|
do |
|
count=$((count-1)) |
|
sleep 1 |
|
if [ -e "$LUKS_KEYDEV" ] |
|
then |
|
good_msg "Removable device ${LUKS_KEYDEV} detected." |
|
break |
|
fi |
|
done |
|
if [ ! -e "$LUKS_KEYDEV" ]; then |
|
LUKS_KEYDEV='error' |
|
bad_msg "Removable device ${LUKS_KEYDEV} not found." |
|
continue |
|
fi |
|
fi |
|
|
|
# temp directory to mount removable device |
|
local mntkey=/mnt/keydev |
|
|
|
[ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null |
|
mount -n -o ro ${LUKS_KEYDEV} ${mntkey} 2>/dev/null >/dev/null |
|
if [ ! "$?" -eq '0' ] |
|
then |
|
LUKS_KEYDEV='error' |
|
bad_msg "Mounting device ${LUKS_KEYDEV} failed." |
|
echo " Make sure you inserted the right device." |
|
continue |
|
else |
|
good_msg "Removable device ${LUKS_KEYDEV} mounted." |
|
sleep 2 |
|
# keyfile exists? |
|
if [ ! -e "${mntkey}${LUKS_KEY}" ]; then |
|
umount -n ${mntkey} 2>/dev/null >/dev/null |
|
rmdir ${mntkey} 2>/dev/null >/dev/null |
|
LUKS_KEY='error' |
|
LUKS_KEYDEV='error' |
|
bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." |
|
continue |
|
else |
|
good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" |
|
LUKS_KEY="${mntkey}${LUKS_KEY}" |
|
fi |
|
fi |
|
|
|
else # keyfile ! on removable device |
|
if [ ! -e "$LUKS_KEY" ]; then |
|
LUKS_KEY='error' |
|
bad_msg "Reason: keyfile ${LUKS_KEY} does not exist." |
|
continue |
|
else |
|
good_msg "${LUKS_KEY} found" |
|
fi |
|
fi |
|
fi |
|
|
good_msg "Opening LUKS device ${LUKS_DEVICE}" | good_msg "Opening LUKS device ${LUKS_DEVICE}" |
| |
cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME} |
if [ -n "$LUKS_KEY" ]; then |
if [ ! "$?" -eq '0' ] |
cryptsetup_options="-d ${LUKS_KEY}" |
|
fi |
|
cryptsetup ${cryptsetup_options} luksOpen "${LUKS_DEVICE}" "${LUKS_NAME}" |
|
if [ "$?" -eq '0' ] |
then | then |
bad_msg "Failed open LUKS device ${LUKS_DEVICE}" |
good_msg "LUKS device ${LUKS_DEVICE} opened" |
else |
|
break | break |
|
else |
|
bad_msg "Failed open LUKS device ${LUKS_DEVICE}" |
fi | fi |
else |
|
bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" |
|
fi | fi |
fi | fi |
LUKS_DEVICE='' |
LUKS_DEVICE='error' |
done | done |
else |
|
bad_msg "The initrd does not support LUKS" |
if [ -d "$mntkey" ]; then |
|
umount -n ${mntkey} 2>/dev/null >/dev/null |
|
rmdir ${mntkey} 2>/dev/null >/dev/null |
|
fi |
fi | fi |
} | } |
| |
startLUKS() { | startLUKS() { |
if [ -n "${LUKS_ROOT}" ] | if [ -n "${LUKS_ROOT}" ] |
then | then |
openLUKS "${LUKS_ROOT}" "root" |
openLUKS "${LUKS_ROOT}" "root" "${LUKS_ROOT_KEY}" "${LUKS_ROOT_KEYDEV}" |
if [ -n "${REAL_ROOT}" ] | if [ -n "${REAL_ROOT}" ] |
then | then |
# Rescan volumes | # Rescan volumes |
|
|
|---|
fi | fi |
if [ -n "${LUKS_SWAP}" ] | if [ -n "${LUKS_SWAP}" ] |
then | then |
openLUKS "${LUKS_SWAP}" "swap" |
openLUKS "${LUKS_SWAP}" "swap" "${LUKS_SWAP_KEY}" "${LUKS_SWAP_KEYDEV}" |
break |
if [ -z "${REAL_RESUME}" ] |
|
then |
|
# Resume from swap as default |
|
REAL_RESUME="/dev/mapper/swap" |
|
fi |
fi | fi |
} | } |
| |
|
|
|---|
fi | fi |
} | } |
| |
|
swsusp_resume() { |
|
### determine swap resume partition |
|
local device=$(ls -l "${REAL_RESUME}" | sed 's/\ */ /g' | cut -d \ -f 6-7 | sed 's/,\ */:/') |
|
echo "${device}" > /sys/power/resume |
|
return 0 |
|
} |
|
|
suspend_resume() { | suspend_resume() { |
[ -x /sbin/resume ] || return 0 | [ -x /sbin/resume ] || return 0 |
/sbin/resume | /sbin/resume |
|
|
|---|
crypt_swap\=*) | crypt_swap\=*) |
LUKS_SWAP=`parse_opt "${x}"` | LUKS_SWAP=`parse_opt "${x}"` |
;; | ;; |
|
root_key\=*) |
|
LUKS_ROOT_KEY=`parse_opt "${x}"` |
|
;; |
|
swap_key\=*) |
|
LUKS_SWAP_KEY=`parse_opt "${x}"` |
|
;; |
|
root_keydev\=*) |
|
LUKS_ROOT_KEYDEV=`parse_opt "${x}"` |
|
;; |
|
swap_keydev\=*) |
|
LUKS_SWAP_KEYDEV=`parse_opt "${x}"` |
|
;; |
|
real_resume\=*) |
|
REAL_RESUME=`parse_opt "${x}"` |
|
;; |
|
noresume) |
|
NORESUME=1 |
|
;; |
real_rootflags\=*) | real_rootflags\=*) |
REAL_ROOTFLAGS=`parse_opt "${x}"` | REAL_ROOTFLAGS=`parse_opt "${x}"` |
;; | ;; |
|
|
|---|
# Run debug shell if requested | # Run debug shell if requested |
rundebugshell | rundebugshell |
| |
suspend_resume |
if [ "${NORESUME}" -ne '1' ] |
suspend2_resume |
then |
|
swsusp_resume |
|
suspend_resume |
|
suspend2_resume |
|
fi |
| |
if [ "${CDROOT}" -eq '1' ] | if [ "${CDROOT}" -eq '1' ] |
then | then |
