Skip to content

Commit

Permalink
Support multiple cryptroot= devices.
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbrudenell
sbrudenell committed Jun 20, 2019
1 parent bd6db5d commit 1bd35cc
Showing 1 changed file with 38 additions and 3 deletions.
41 changes: 38 additions & 3 deletions initramfs-init.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ for opt; do

for i in $myopts; do
case "$opt" in
$i=*) eval "KOPT_${i}=${opt#*=}";;
$i=*) eval "KOPT_${i}=\${KOPT_${i}:+\$KOPT_${i} }${opt#*=}";;
$i) eval "KOPT_${i}=yes";;
no$i) eval "KOPT_${i}=no";;
esac
Expand Down Expand Up @@ -422,7 +422,6 @@ fi
eend 0

if [ -n "$KOPT_cryptroot" ]; then
cryptopts="-c ${KOPT_cryptroot}"
if [ "$KOPT_cryptdiscards" = "yes" ]; then
cryptopts="$cryptopts -D"
fi
Expand All @@ -438,7 +437,39 @@ if [ -n "$KOPT_cryptroot" ]; then
if [ "$KOPT_cryptkey" = "yes" ]; then
cryptopts="$cryptopts -k /crypto_keyfile.bin"
elif [ -n "$KOPT_cryptkey" ]; then
cryptopts="$cryptopts -k ${KOPT_cryptkey}"
case "${KOPT_cryptkey}" in
*.img)
# TODO: need hotplugging for e.g. USB keyboards.
# Is there a better way to do this?
ebegin "Hotplugging devices"
nlplug-findfs -p /sbin/mdev ${KOPT_debug_init:+-d} -n
eend $?
ebegin "Unlocking shared key ${KOPT_cryptkey}"
/sbin/cryptsetup luksOpen "${KOPT_cryptkey}" __boot_key
eend $?
cryptopts="$cryptopts -k /dev/mapper/__boot_key"
;;
*) cryptopts="$cryptopts -k ${KOPT_cryptkey}";;
esac
fi
# If cryptroot is a single argument, pass it along in cryptopts for
# later use by nlplug-findfs. Otherwise, try to unlock each device
# individually.
if [ $(set -f; set -- $KOPT_cryptroot; echo $#) -eq 1 ]; then
cryptopts="$cryptopts -c ${KOPT_cryptroot}"
else
for dev in $KOPT_cryptroot; do
# Pick a mapping name for each device. This is intended
# to at least match the format luks-<uuid> used in
# dracut.
case "$dev" in
UUID=*) mapping="luks-${dev#UUID=}";;
LABEL=*) mapping="luks-${dev#LABEL=}";;
*) mapping="luks-$(echo "$dev" | sed 's/\//-/g')";;
esac
echo "Unlocking $dev as $mapping"
nlplug-findfs $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} -c "$dev" -m "$mapping" $KOPT_root
done
fi
fi

Expand All @@ -462,6 +493,10 @@ if [ -n "$KOPT_root" ]; then
nlplug-findfs $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} \
$KOPT_root

if [ -f /dev/mapper/__boot_key ]; then
/sbin/cryptsetup close __boot_key
fi

if echo "$KOPT_modules $rootfstype" | grep -qw btrfs; then
/sbin/btrfs device scan >/dev/null || \
echo "Failed to scan devices for btrfs filesystem."
Expand Down

0 comments on commit 1bd35cc

Please sign in to comment.