kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

luks key on ext dev - wait for luks 

This asks for the luks passphrase if key is not found for defined time (if defined with rd.luks.tout cmd line):

 modules.d/90crypt/cryptroot-ask.sh |   21 ++++++++++++++++++---
 modules.d/90crypt/parse-crypt.sh   |    5 +++--
 2 files changed, 21 insertions(+), 5 deletions(-)
master
Przemysław Rudy 2011-06-07 20:22:51 +02:00 committed by Harald Hoyer
parent 07aeaae356
commit c70f6415f8
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules.d/90crypt/cryptroot-ask.sh
View File

@ -22,6 +22,9 @@ NEWROOT=${NEWROOT:-"/sysroot"}
# default luksname - luks-UUID # default luksname - luks-UUID
luksname=$2 luksname=$2


# fallback to passphrase
ask_passphrase=1

# if device name is /dev/dm-X, convert to /dev/mapper/name # if device name is /dev/dm-X, convert to /dev/mapper/name
if [ "${1##/dev/dm-}" != "$1" ]; then if [ "${1##/dev/dm-}" != "$1" ]; then
device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")" device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
@ -63,12 +66,21 @@ fi


info "luksOpen $device $luksname" info "luksOpen $device $luksname"


if [ -n "$(getarg rd.luks.key)" ]; then while [ -n "$(getarg rd.luks.key)" ]; do
if tmp=$(getkey /tmp/luks.keys $device); then if tmp=$(getkey /tmp/luks.keys $device); then
keydev="${tmp%%:*}" keydev="${tmp%%:*}"
keypath="${tmp#*:}" keypath="${tmp#*:}"
else
if [ $# -eq 3 ]; then
if [ $3 -eq 0 ]; then
info "No key found for $device. Fallback to passphrase mode."
break
fi
info "No key found for $device. Will try $3 time(s) more later."
set -- "$1" "$2" "$(($3 - 1))"
else else
info "No key found for $device. Will try later." info "No key found for $device. Will try later."
fi
initqueue --unique --onetime --settled \ initqueue --unique --onetime --settled \
--name cryptroot-ask-$luksname \ --name cryptroot-ask-$luksname \
$(command -v cryptroot-ask) "$@" $(command -v cryptroot-ask) "$@"
@ -80,7 +92,10 @@ if [ -n "$(getarg rd.luks.key)" ]; then
readkey "$keypath" "$keydev" "$device" \ readkey "$keypath" "$keydev" "$device" \
| cryptsetup -d - luksOpen "$device" "$luksname" | cryptsetup -d - luksOpen "$device" "$luksname"
unset keypath keydev unset keypath keydev
else ask_passphrase=0
break
done
if [ $ask_passphrase -ne 0 ]; then
luks_open="$(command -v cryptsetup) luksOpen" luks_open="$(command -v cryptsetup) luksOpen"
ask_for_password --ply-tries 5 \ ask_for_password --ply-tries 5 \
--ply-cmd "$luks_open -T1 $device $luksname" \ --ply-cmd "$luks_open -T1 $device $luksname" \

5
modules.d/90crypt/parse-crypt.sh
View File

@ -11,6 +11,7 @@ else
} > /etc/udev/rules.d/70-luks.rules.new } > /etc/udev/rules.d/70-luks.rules.new


LUKS=$(getargs rd.luks.uuid rd_LUKS_UUID) LUKS=$(getargs rd.luks.uuid rd_LUKS_UUID)
tout=$(getarg rd.luks.tout)


if [ -n "$LUKS" ]; then if [ -n "$LUKS" ]; then
for luksid in $LUKS; do for luksid in $LUKS; do
@ -20,7 +21,7 @@ else
printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
printf -- 'RUN+="%s --unique --onetime ' $(command -v initqueue) printf -- 'RUN+="%s --unique --onetime ' $(command -v initqueue)
printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask) printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask)
printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID}"\n' printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new


printf -- '[ -e /dev/disk/by-uuid/*%s* ]\n' $luksid \ printf -- '[ -e /dev/disk/by-uuid/*%s* ]\n' $luksid \
@ -34,7 +35,7 @@ else
{ {
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue) printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
printf -- '--unique --onetime --name cryptroot-ask-%%k ' printf -- '--unique --onetime --name cryptroot-ask-%%k '
printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $(command -v cryptroot-ask) printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout
} >> /etc/udev/rules.d/70-luks.rules.new } >> /etc/udev/rules.d/70-luks.rules.new
fi fi