modules.d/90crypt/module-setup.sh

   1 #!/bin/bash
   2
   3 # called by dracut
   4 check() {
   5     local _rootdev
   6     # if cryptsetup is not installed, then we cannot support encrypted devices.
   7     require_any_binary $systemdutildir/systemd-cryptsetup cryptsetup || return 1
   8
   9     [[ $hostonly ]] || [[ $mount_needs ]] && {
  10         for fs in "${host_fs_types[@]}"; do
  11             [[ $fs = "crypto_LUKS" ]] && return 0
  12         done
  13         return 255
  14     }
  15
  16     return 0
  17 }
  18
  19 # called by dracut
  20 depends() {
  21     echo dm rootfs-block
  22     return 0
  23 }
  24
  25 # called by dracut
  26 installkernel() {
  27     hostonly="" instmods drbg
  28     arch=$(uname -m)
  29     [[ $arch == x86_64 ]] && arch=x86
  30     [[ $arch == s390x ]] && arch=s390
  31     [[ $arch == aarch64 ]] && arch=arm64
  32     instmods dm_crypt =crypto =drivers/crypto =arch/$arch/crypto
  33 }
  34
  35 # called by dracut
  36 cmdline() {
  37     local dev UUID
  38     for dev in "${!host_fs_types[@]}"; do
  39         [[ "${host_fs_types[$dev]}" != "crypto_LUKS" ]] && continue
  40
  41         UUID=$(
  42             blkid -u crypto -o export $dev \
  43                 | while read line || [ -n "$line" ]; do
  44                 [[ ${line#UUID} = $line ]] && continue
  45                 printf "%s" "${line#UUID=}"
  46                 break
  47             done
  48         )
  49         [[ ${UUID} ]] || continue
  50         printf "%s" " rd.luks.uuid=luks-${UUID}"
  51     done
  52 }
  53
  54 # called by dracut
  55 install() {
  56
  57     if [[ $hostonly_cmdline == "yes" ]]; then
  58         local _cryptconf=$(cmdline)
  59         [[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf"
  60     fi
  61
  62     inst_hook cmdline 30 "$moddir/parse-crypt.sh"
  63     if ! dracut_module_included "systemd"; then
  64         inst_multiple cryptsetup rmdir readlink umount
  65         inst_script "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
  66         inst_script "$moddir"/probe-keydev.sh /sbin/probe-keydev
  67         inst_hook cmdline 10 "$moddir/parse-keydev.sh"
  68         inst_hook cleanup 30 "$moddir/crypt-cleanup.sh"
  69     fi
  70
  71     if [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/crypttab ]]; then
  72         # filter /etc/crypttab for the devices we need
  73         while read _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
  74             [[ $_mapper = \#* ]] && continue
  75             [[ $_dev ]] || continue
  76
  77             [[ $_dev == PARTUUID=* ]] && \
  78                 _dev="/dev/disk/by-partuuid/${_dev#PARTUUID=}"
  79
  80             [[ $_dev == UUID=* ]] && \
  81                 _dev="/dev/disk/by-uuid/${_dev#UUID=}"
  82
  83             [[ $_dev == ID=* ]] && \
  84                 _dev="/dev/disk/by-id/${_dev#ID=}"
  85
  86             echo "$_dev $(blkid $_dev -s UUID -o value)" >> "${initdir}/etc/block_uuid.map"
  87
  88             # loop through the options to check for the force option
  89             luksoptions=${_luksoptions}
  90             OLD_IFS="${IFS}"
  91             IFS=,
  92             set -- ${luksoptions}
  93             IFS="${OLD_IFS}"
  94
  95             while [ $# -gt 0 ]; do
  96                 case $1 in
  97                     force)
  98                         forceentry="yes"
  99                         break
 100                         ;;
 101                 esac
 102                 shift
 103             done
 104
 105             # include the entry regardless
 106             if [ "${forceentry}" = "yes" ]; then
 107                 echo "$_mapper $_dev $_luksfile $_luksoptions"
 108             else
 109                 for _hdev in "${!host_fs_types[@]}"; do
 110                     [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
 111                     if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
 112                         echo "$_mapper $_dev $_luksfile $_luksoptions"
 113                         break
 114                     fi
 115                 done
 116             fi
 117         done < $dracutsysrootdir/etc/crypttab > $initdir/etc/crypttab
 118         mark_hostonly /etc/crypttab
 119     fi
 120
 121     inst_simple "$moddir/crypt-lib.sh" "/lib/dracut-crypt-lib.sh"
 122
 123     if dracut_module_included "systemd"; then
 124         inst_multiple -o \
 125                       $systemdutildir/system-generators/systemd-cryptsetup-generator \
 126                       $systemdutildir/systemd-cryptsetup \
 127                       $systemdsystemunitdir/systemd-ask-password-console.path \
 128                       $systemdsystemunitdir/systemd-ask-password-console.service \
 129                       $systemdsystemunitdir/cryptsetup.target \
 130                       $systemdsystemunitdir/sysinit.target.wants/cryptsetup.target \
 131                       systemd-ask-password systemd-tty-ask-password-agent
 132         inst_script "$moddir"/crypt-run-generator.sh /sbin/crypt-run-generator
 133     fi
 134
 135     dracut_need_initqueue
 136 }