--- /usr/share/genkernel/generic/initrd.scripts 2007-03-12 21:43:44.000000000 +0100 +++ /usr/share/genkernel/generic/initrd.scripts.NEW 2007-03-12 21:47:18.000000000 +0100 @@ -597,57 +597,164 @@ # Open a LUKS device # $1 LUKS device # $2 LUKS name +# $2 LUKS key (relative path on device) +# $2 LUKS keydevice (containing the key) openLUKS() { + local cryptsetup_options LUKS_DEVICE="$1" LUKS_NAME="$2" - if [ -e /sbin/cryptsetup ] + LUKS_KEY="$3" + LUKS_KEYDEV="$4" + if [ ! -e /sbin/cryptsetup ] then + bad_msg "The initrd does not support LUKS" + else while [ 1 ] do - if [ "${LUKS_DEVICE}" = '' ] + if [ "${LUKS_DEVICE}" = 'error' ] then # LUKS device could not be opened. Prompt user for device. bad_msg "The LUKS ${LUKS_NAME} block device is not detected." echo " Please specify a ${LUKS_NAME} LUKS device to open, "q" to skip, or "shell" for a shell..." - echo -n "LUKS ${LUKS_NAME}() :: " + echo -n "LUKS ${LUKS_NAME}($1) :: " read LUKS_DEVICE + [ -z $LUKS_DEVICE ] && LUKS_DEVICE="$1" + continue + elif [ "${LUKS_KEY}" = 'error' ] + then + # LUKS key_device could not be opened. Prompt user for device. + bad_msg "The LUKS ${LUKS_KEY} is not found." + echo " Please specify the correct key, "q" to skip, or "shell" for a shell..." + echo -n "LUKS ${LUKS_NAME}($3) :: " + read LUKS_KEY + [ -z $LUKS_KEY ] && LUKS_KEY="$3" continue - elif [ "${LUKS_DEVICE}" = 'shell' ] + elif [ "${LUKS_KEYDEV}" = 'error' ] then + # LUKS key_device could not be opened. Prompt user for device. + bad_msg "The LUKS ${LUKS_KEYDEV} device is not detected," + bad_msg "unable to mount or not the one containing the key" + echo " Please specify the correct key device, "q" to skip, or "shell" for a shell..." + echo -n "LUKS ${LUKS_NAME}($4) :: " + read LUKS_KEYDEV + [ -z $LUKS_KEYDEV ] && LUKS_KEYDEV="$4" + continue + elif [ "${LUKS_DEVICE}" = 'shell' -o "${LUKS_KEY}" = 'shell' -o "${LUKS_KEYDEV}" = 'shell' ] + then + echo "To leave and try again just press +D" + LUKS_DEVICE="$1" + LUKS_KEY="$3" + LUKS_KEYDEV="$4" run_shell - - LUKS_DEVICE='' continue - elif [ "${LUKS_DEVICE}" = 'q' ] + elif [ "${LUKS_DEVICE}" = 'q' -o "${LUKS_KEY}" = 'q' -o "${LUKS_KEYDEV}" = 'q' ] then break else - if cryptsetup isLuks ${LUKS_DEVICE} + cryptsetup isLuks ${LUKS_DEVICE} + if [ ! "$?" -eq '0' ] then + bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" + LUKS_DEVICE='error' + continue + else + # Handle keys + if [ -n "$LUKS_KEY" ]; then + # handle key on removable device + if [ -n "$LUKS_KEYDEV" ]; then + # check for and continue on device presence + if [ -e "$LUKS_KEYDEV" ] + then + good_msg "Removable device ${LUKS_KEYDEV} detected." + else + echo "Please insert removable device ${LUKS_KEYDEV} for ${LUKS_NAME}" +# # abort after 20 secs + count=20 + while [ $count -gt 0 ] + do + count=$((count-1)) + sleep 1 + if [ -e "$LUKS_KEYDEV" ] + then + good_msg "Removable device ${LUKS_KEYDEV} detected." + break + fi + done + if [ ! -e "$LUKS_KEYDEV" ]; then + LUKS_KEYDEV='error' + bad_msg "Removable device ${LUKS_KEYDEV} not found." + continue + fi + fi + + # temp directory to mount removable device + local mntkey=/mnt/keydev + + [ ! -d "$mntkey" ] && mkdir -p ${mntkey} 2>/dev/null >/dev/null + mount -n -o ro ${LUKS_KEYDEV} ${mntkey} 2>/dev/null >/dev/null + if [ ! "$?" -eq '0' ] + then + LUKS_KEYDEV='error' + bad_msg "Mounting device ${LUKS_KEYDEV} failed." + echo " Make sure you inserted the right device." + continue + else + good_msg "Removable device ${LUKS_KEYDEV} mounted." + sleep 2 + # keyfile exists? + if [ ! -e "${mntkey}${LUKS_KEY}" ]; then + umount -n ${mntkey} 2>/dev/null >/dev/null + rmdir ${mntkey} 2>/dev/null >/dev/null + LUKS_KEY='error' + LUKS_KEYDEV='error' + bad_msg "Key {LUKS_KEY} on device ${LUKS_KEYDEV} not found." + continue + else + good_msg "${LUKS_KEY} on device ${LUKS_KEYDEV} found" + LUKS_KEY="${mntkey}${LUKS_KEY}" + fi + fi + + else # keyfile ! on removable device + if [ ! -e "$LUKS_KEY" ]; then + LUKS_KEY='error' + bad_msg "Reason: keyfile ${LUKS_KEY} does not exist." + continue + else + good_msg "${LUKS_KEY} found" + fi + fi + fi + good_msg "Opening LUKS device ${LUKS_DEVICE}" - cryptsetup luksOpen ${LUKS_DEVICE} ${LUKS_NAME} - if [ ! "$?" -eq '0' ] + if [ -n "$LUKS_KEY" ]; then + cryptsetup_options="-d ${LUKS_KEY}" + fi + cryptsetup ${cryptsetup_options} luksOpen "${LUKS_DEVICE}" "${LUKS_NAME}" + if [ "$?" -eq '0' ] then - bad_msg "Failed open LUKS device ${LUKS_DEVICE}" - else + good_msg "LUKS device ${LUKS_DEVICE} opened" break + else + bad_msg "Failed open LUKS device ${LUKS_DEVICE}" fi - else - bad_msg "The LUKS device ${LUKS_DEVICE} does not contain a LUKS header" fi fi - LUKS_DEVICE='' + LUKS_DEVICE='error' done - else - bad_msg "The initrd does not support LUKS" + + if [ -d "$mntkey" ]; then + umount -n ${mntkey} 2>/dev/null >/dev/null + rmdir ${mntkey} 2>/dev/null >/dev/null + fi fi } startLUKS() { if [ -n "${LUKS_ROOT}" ] then - openLUKS "${LUKS_ROOT}" "root" + openLUKS "${LUKS_ROOT}" "root" "${LUKS_ROOT_KEY}" "${LUKS_ROOT_KEYDEV}" if [ -n "${REAL_ROOT}" ] then # Rescan volumes @@ -658,8 +765,12 @@ fi if [ -n "${LUKS_SWAP}" ] then - openLUKS "${LUKS_SWAP}" "swap" - break + openLUKS "${LUKS_SWAP}" "swap" "${LUKS_SWAP_KEY}" "${LUKS_SWAP_KEYDEV}" + if [ -z "${REAL_RESUME}" ] + then + # Resume from swap as default + REAL_RESUME="/dev/mapper/swap" + fi fi } @@ -788,6 +899,13 @@ fi } +swsusp_resume() { +### determine swap resume partition + local device=$(ls -l "${REAL_RESUME}" | sed 's/\ */ /g' | cut -d \ -f 6-7 | sed 's/,\ */:/') + echo "${device}" > /sys/power/resume + return 0 +} + suspend_resume() { [ -x /sbin/resume ] || return 0 /sbin/resume --- /usr/share/genkernel/generic/linuxrc 2007-03-12 21:43:44.000000000 +0100 +++ /usr/share/genkernel/generic/linuxrc.NEW 2007-03-12 21:46:55.000000000 +0100 @@ -179,6 +179,24 @@ crypt_swap\=*) LUKS_SWAP=`parse_opt "${x}"` ;; + root_key\=*) + LUKS_ROOT_KEY=`parse_opt "${x}"` + ;; + swap_key\=*) + LUKS_SWAP_KEY=`parse_opt "${x}"` + ;; + root_keydev\=*) + LUKS_ROOT_KEYDEV=`parse_opt "${x}"` + ;; + swap_keydev\=*) + LUKS_SWAP_KEYDEV=`parse_opt "${x}"` + ;; + real_resume\=*) + REAL_RESUME=`parse_opt "${x}"` + ;; + noresume) + NORESUME=1 + ;; real_rootflags\=*) REAL_ROOTFLAGS=`parse_opt "${x}"` ;; @@ -250,8 +268,12 @@ # Run debug shell if requested rundebugshell -suspend_resume -suspend2_resume +if [ "${NORESUME}" -ne '1' ] +then + swsusp_resume + suspend_resume + suspend2_resume +fi if [ "${CDROOT}" -eq '1' ] then