3 PATH
=/usr
/sbin
:/usr
/bin
:/sbin
:/bin
4 NEWROOT
=${NEWROOT:-"/sysroot"}
6 # do not ask, if we already have root
7 [ -f $NEWROOT/proc
] && exit 0
11 # if device name is /dev/dm-X, convert to /dev/mapper/name
12 if [ "${1##/dev/dm-}" != "$1" ]; then
13 device
="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
18 # default luksname - luks-UUID
24 # TODO: improve to support what cmdline does
25 if [ -f /etc
/crypttab
] && getargbool
1 rd.luks.crypttab
-d -n rd_NO_CRYPTTAB
; then
26 while read name dev luksfile luksoptions ||
[ -n "$name" ]; do
27 # ignore blank lines and comments
28 if [ -z "$name" -o "${name#\#}" != "$name" ]; then
32 # PARTUUID used in crypttab
33 if [ "${dev%%=*}" = "PARTUUID" ]; then
34 if [ "luks-${dev##PARTUUID=}" = "$luksname" ]; then
39 # UUID used in crypttab
40 elif [ "${dev%%=*}" = "UUID" ]; then
41 if [ "luks-${dev##UUID=}" = "$luksname" ]; then
47 elif [ "${dev%%=*}" = "ID" ]; then
48 if [ "luks-${dev##ID=}" = "$luksname" ]; then
53 # path used in crypttab
55 cdev
=$
(readlink
-f $dev)
56 mdev
=$
(readlink
-f $device)
57 if [ "$cdev" = "$mdev" ]; then
66 # check if destination already exists
67 [ -b /dev
/mapper
/$luksname ] && exit 0
69 # we already asked for this device
70 asked_file
=/tmp
/cryptroot-asked-
$luksname
71 [ -f $asked_file ] && exit 0
73 # load dm_crypt if it is not already loaded
74 [ -d /sys
/module
/dm_crypt
] || modprobe dm_crypt
76 .
/lib
/dracut-crypt-lib.sh
82 info
"luksOpen $device $luksname $luksfile $luksoptions"
89 while [ $# -gt 0 ]; do
104 allowdiscards
="--allow-discards"
107 cryptsetupopts
="${cryptsetupopts} --${1}"
113 # parse for allow-discards
114 if strstr
"$(cryptsetup --help)" "allow-discards"; then
115 if discarduuids
=$
(getargs
"rd.luks.allow-discards"); then
116 discarduuids
=$
(str_replace
"$discarduuids" 'luks-' '')
117 if strstr
" $discarduuids " " ${luksdev##luks-}"; then
118 allowdiscards
="--allow-discards"
120 elif getargbool
0 rd.luks.allow-discards
; then
121 allowdiscards
="--allow-discards"
125 if strstr
"$(cryptsetup --help)" "allow-discards"; then
126 cryptsetupopts
="$cryptsetupopts $allowdiscards"
131 # fallback to passphrase
134 if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
135 if cryptsetup
--key-file "$luksfile" $cryptsetupopts luksOpen
"$device" "$luksname"; then
139 while [ -n "$(getarg rd.luks.key)" ]; do
140 if tmp
=$
(getkey
/tmp
/luks.keys
$device); then
144 if [ $numtries -eq 0 ]; then
145 warn
"No key found for $device. Fallback to passphrase mode."
149 info
"No key found for $device. Will try $numtries time(s) more later."
150 initqueue
--unique --onetime --settled \
151 --name cryptroot-ask-
$luksname \
152 $
(command -v cryptroot-ask
) "$device" "$luksname" "$(($numtries-1))"
157 info
"Using '$keypath' on '$keydev'"
158 readkey
"$keypath" "$keydev" "$device" \
159 | cryptsetup
-d - $cryptsetupopts luksOpen
"$device" "$luksname" \
166 if [ $ask_passphrase -ne 0 ]; then
167 luks_open
="$(command -v cryptsetup) $cryptsetupopts luksOpen"
168 _timeout
=$
(getargs
"rd.luks.timeout")
169 _timeout
=${_timeout:-0}
170 ask_for_password
--ply-tries 5 \
171 --ply-cmd "$luks_open -T1 $device $luksname" \
172 --ply-prompt "Password ($device)" \
174 --tty-cmd "$luks_open -T5 -t $_timeout $device $luksname"
179 unset device luksname luksfile
181 # mark device as asked