diff -Naur genkernel-4.0.9.orig/defaults/initrd.scripts genkernel-4.0.9/defaults/initrd.scripts --- genkernel-4.0.9.orig/defaults/initrd.scripts 2020-06-24 03:44:22.000000000 +0900 +++ genkernel-4.0.9/defaults/initrd.scripts 2020-07-14 18:41:07.064647616 +0900 @@ -1654,7 +1654,7 @@ then good_msg "ZFS pool ${ZFS_POOL} already imported." - if [ -n "${CRYPT_ROOT}" -o -n "${CRYPT_SWAP}" ] + if [ -n "${CRYPT_ROOTS}" -o -n "${CRYPT_SWAP}" ] then good_msg "LUKS detected. Reimporting ${ZFS_POOL} ..." @@ -1760,12 +1760,13 @@ ;; swap) local TYPE=SWAP + local CRYPT_INDEX=0 ;; esac - eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' + eval local LUKS_DEVICE='"${CRYPT_'${TYPE}'}"' LUKS_NAME="$1_${CRYPT_INDEX}" LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"' eval local LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"' LUKS_TRIM='"${CRYPT_'${TYPE}'_TRIM}"' - eval local OPENED_LOCKFILE='"${CRYPT_'${TYPE}'_OPENED_LOCKFILE}"' + eval local OPENED_LOCKFILE='"${CRYPT_'${TYPE}'_'${CRYPT_INDEX}'_OPENED_LOCKFILE}"' local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0 local mntkey="/mnt/key/" crypt_filter_ret= @@ -2262,9 +2263,13 @@ [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \ && sleep 6 && bootstrapKey "ROOT" - if [ -n "${CRYPT_ROOT}" ] + if [ -n "${CRYPT_ROOTS}" ] then - openLUKS "root" + CRYPT_INDEX=0 + for CRYPT_ROOT in ${CRYPT_ROOTS}; do + openLUKS "root" + let CRYPT_INDEX=${CRYPT_INDEX}+1 + done if [ -n "${REAL_ROOT}" ] then # Rescan volumes @@ -2276,7 +2281,7 @@ # same for swap, but no need to sleep if root was unencrypted [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \ - && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; } + && { [ -z "${CRYPT_ROOTS}" ] && sleep 6; bootstrapKey "SWAP"; } if [ -n "${CRYPT_SWAP}" ] then @@ -2313,7 +2318,7 @@ # isn't known yet. write_env_file \ "${CRYPT_ENV_FILE}" \ - CRYPT_ROOT \ + CRYPT_ROOTS \ CRYPT_ROOT_TRIM \ CRYPT_SILENT \ CRYPT_SWAP diff -Naur genkernel-4.0.9.orig/defaults/linuxrc genkernel-4.0.9/defaults/linuxrc --- genkernel-4.0.9.orig/defaults/linuxrc 2020-06-24 03:44:22.000000000 +0900 +++ genkernel-4.0.9/defaults/linuxrc 2020-07-14 15:04:19.510610781 +0900 @@ -245,13 +245,17 @@ ;; # Crypto crypt_root=*) - CRYPT_ROOT=${x#*=} + CRYPT_ROOTS=${x#*=} USE_CRYPTSETUP=1 ;; crypt_swap=*) CRYPT_SWAP=${x#*=} USE_CRYPTSETUP=1 ;; + crypt_roots=*) + CRYPT_ROOTS="${CRYPT_ROOTS} ${x#*=}" + USE_CRYPTSETUP=1 + ;; root_key=*) CRYPT_ROOT_KEY=${x#*=} ;; @@ -985,10 +989,10 @@ cache_cd_contents # If encrypted, find key and mount, otherwise mount as usual - if [ -n "${CRYPT_ROOT}" ] + if [ -n "${CRYPT_ROOTS}" ] then CRYPT_ROOT_KEY="$(head -n 1 "${CDROOT_PATH}"/${CDROOT_MARKER})" - CRYPT_ROOT='/dev/loop0' + CRYPT_ROOTS='/dev/loop0' good_msg 'You booted an encrypted livecd' "${CRYPT_SILENT}" losetup /dev/loop0 "${CDROOT_PATH}/${LOOPEXT}${LOOP}" @@ -1008,7 +1012,7 @@ test_success 'Mount filesystem' FS_LOCATION='mnt/livecd' # Setup the loopback mounts, if unencrypted - else # if [ -n "${CRYPT_ROOT}" ] + else # if [ -n "${CRYPT_ROOTS}" ] if [ "${LOOPTYPE}" = 'normal' ] then good_msg 'Mounting loop filesystem' @@ -1083,7 +1087,7 @@ test_success 'mount /dev/loop0 /' FS_LOCATION='mnt/livecd' fi - fi # if [ -n "${CRYPT_ROOT}" ] + fi # if [ -n "${CRYPT_ROOTS}" ] if [ "${aufs}" = '1' ] then diff -Naur genkernel-4.0.9.orig/defaults/login-remote.sh genkernel-4.0.9/defaults/login-remote.sh --- genkernel-4.0.9.orig/defaults/login-remote.sh 2020-06-24 03:44:22.000000000 +0900 +++ genkernel-4.0.9/defaults/login-remote.sh 2020-07-14 15:04:12.450582512 +0900 @@ -95,7 +95,7 @@ good_msg "${NORMAL}Be aware that it will kill your connection which means" good_msg "${NORMAL}you will no longer be able to work in this shell." - if [ -n "${CRYPT_ROOT}" ] && [ ! -f "${CRYPT_ROOT_OPENED_LOCKFILE}" ] + if [ -n "${CRYPT_ROOTS}" ] && [ ! -f "${CRYPT_ROOT_OPENED_LOCKFILE}" ] then good_msg "${NORMAL}To remote unlock LUKS-encrypted root device, run '${BOLD}unlock-luks root${NORMAL}'." fi