]>
Commit | Line | Data |
---|---|---|
ab83e0a6 | 1 | #!/bin/sh |
cc02093d HH |
2 | # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- |
3 | # ex: ts=8 sw=4 sts=4 et filetype=sh | |
ab83e0a6 | 4 | |
fb59f4c9 | 5 | PATH=/usr/sbin:/usr/bin:/sbin:/bin |
8234b92d | 6 | NEWROOT=${NEWROOT:-"/sysroot"} |
fb59f4c9 | 7 | |
5966b1b1 | 8 | # do not ask, if we already have root |
8234b92d | 9 | [ -f $NEWROOT/proc ] && exit 0 |
5966b1b1 HH |
10 | |
11 | # check if destination already exists | |
ab83e0a6 | 12 | [ -b /dev/mapper/$2 ] && exit 0 |
5966b1b1 HH |
13 | |
14 | # we already asked for this device | |
15 | [ -f /tmp/cryptroot-asked-$2 ] && exit 0 | |
16 | ||
2974f382 VL |
17 | # load dm_crypt if it is not already loaded |
18 | [ -d /sys/module/dm_crypt ] || modprobe dm_crypt | |
19 | ||
8844cd6b | 20 | . /lib/dracut-crypt-lib.sh |
349bac42 | 21 | |
bb2200ff | 22 | # default luksname - luks-UUID |
349bac42 | 23 | luksname=$2 |
bb2200ff | 24 | |
c70f6415 PR |
25 | # fallback to passphrase |
26 | ask_passphrase=1 | |
27 | ||
bb2200ff HH |
28 | # if device name is /dev/dm-X, convert to /dev/mapper/name |
29 | if [ "${1##/dev/dm-}" != "$1" ]; then | |
30 | device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")" | |
31 | else | |
32 | device="$1" | |
33 | fi | |
34 | ||
8844cd6b | 35 | # TODO: improve to support what cmdline does |
fa7ada31 | 36 | if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -n rd_NO_CRYPTTAB; then |
349bac42 | 37 | while read name dev rest; do |
2926b5b3 AŻ |
38 | # ignore blank lines and comments |
39 | if [ -z "$name" -o "${name#\#}" != "$name" ]; then | |
40 | continue | |
41 | fi | |
42 | ||
43 | # UUID used in crypttab | |
44 | if [ "${dev%%=*}" = "UUID" ]; then | |
45 | if [ "luks-${dev##UUID=}" = "$2" ]; then | |
46 | luksname="$name" | |
47 | break | |
48 | fi | |
3b403b32 | 49 | |
2926b5b3 AŻ |
50 | # path used in crypttab |
51 | else | |
52 | cdev=$(readlink -f $dev) | |
53 | mdev=$(readlink -f $device) | |
54 | if [ "$cdev" = "$mdev" ]; then | |
55 | luksname="$name" | |
56 | break | |
57 | fi | |
58 | fi | |
349bac42 | 59 | done < /etc/crypttab |
bb2200ff | 60 | unset name dev rest |
349bac42 HH |
61 | fi |
62 | ||
2926b5b3 AŻ |
63 | # |
64 | # Open LUKS device | |
65 | # | |
66 | ||
013986a8 | 67 | info "luksOpen $device $luksname" |
2926b5b3 | 68 | |
c70f6415 | 69 | while [ -n "$(getarg rd.luks.key)" ]; do |
8844cd6b | 70 | if tmp=$(getkey /tmp/luks.keys $device); then |
91f4d45f HH |
71 | keydev="${tmp%%:*}" |
72 | keypath="${tmp#*:}" | |
8844cd6b | 73 | else |
c70f6415 PR |
74 | if [ $# -eq 3 ]; then |
75 | if [ $3 -eq 0 ]; then | |
76 | info "No key found for $device. Fallback to passphrase mode." | |
77 | break | |
78 | fi | |
79 | info "No key found for $device. Will try $3 time(s) more later." | |
80 | set -- "$1" "$2" "$(($3 - 1))" | |
81 | else | |
82 | info "No key found for $device. Will try later." | |
83 | fi | |
fb59f4c9 | 84 | initqueue --unique --onetime --settled \ |
8844cd6b | 85 | --name cryptroot-ask-$luksname \ |
fb59f4c9 | 86 | $(command -v cryptroot-ask) "$@" |
8844cd6b AŻ |
87 | exit 0 |
88 | fi | |
89 | unset tmp | |
90 | ||
3909d7ed AŻ |
91 | info "Using '$keypath' on '$keydev'" |
92 | readkey "$keypath" "$keydev" "$device" \ | |
93 | | cryptsetup -d - luksOpen "$device" "$luksname" | |
94 | unset keypath keydev | |
c70f6415 PR |
95 | ask_passphrase=0 |
96 | break | |
97 | done | |
98 | if [ $ask_passphrase -ne 0 ]; then | |
3909d7ed AŻ |
99 | luks_open="$(command -v cryptsetup) luksOpen" |
100 | ask_for_password --ply-tries 5 \ | |
101 | --ply-cmd "$luks_open -T1 $device $luksname" \ | |
102 | --ply-prompt "Password ($device)" \ | |
103 | --tty-tries 1 \ | |
104 | --tty-cmd "$luks_open -T5 $device $luksname" | |
105 | unset luks_open | |
2926b5b3 | 106 | fi |
ab83e0a6 | 107 | |
7254c24a MS |
108 | unset device luksname |
109 | ||
5966b1b1 HH |
110 | # mark device as asked |
111 | >> /tmp/cryptroot-asked-$2 | |
112 | ||
7254c24a MS |
113 | udevsettle |
114 | ||
ed2de829 | 115 | exit 0 |