feat(crypt): check if pkcs11 module is needed in hostonly mode

In hostonly mode, include the pkcs11 module if any encrypted volumes are configured to be decrypted using pkcs11.
2 years ago · 56f4fb6cb7
1 changed files with 6 additions and 3 deletions
--- a/modules.d/90crypt/module-setup.sh
+++ b/modules.d/90crypt/module-setup.sh
@ -21,12 +21,15 @@ depends() {
				@@ -21,12 +21,15 @@ depends() {
    local deps
    deps="dm rootfs-block"
    if [[ $hostonly && -f "$dracutsysrootdir"/etc/crypttab ]]; then
-        if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then
-            deps+=" tpm2-tss"
-        fi
        if grep -q -e "fido2-device=" -e "fido2-cid=" "$dracutsysrootdir"/etc/crypttab; then
            deps+=" fido2"
        fi
+        if grep -q "pkcs11-uri" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" pkcs11"
+        fi
+        if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" tpm2-tss"
+        fi
    fi
    echo "$deps"
    return 0