# vim: set ft=sh: # TODO this one needs some work to work with lots of different # encryption schemes run_hook () { mkdevice () { /bin/mknod "/dev/mapper/control" c ${1} ${2}; } /bin/modprobe -a -q dm-crypt >/dev/null 2>&1 if [ -e "/sys/class/misc/device-mapper" ]; then read dev_t < /sys/class/misc/device-mapper/dev OLDIFS=$IFS; IFS=: mkdevice $dev_t IFS=$OLDIFS if /bin/cryptsetup isLuks ${root} >/dev/null 2>&1; then if [ "x${cryptokeydev}" != "x" ]; then if [ "x${cryptokeyfile}" == "x" ]; then err "cryptokeydev was given on command line, but cryptokeyfile was not" # Carry on in the hope that another slot has a "normal" password else export cryptokeyfile="/mnt/${cryptokeyfile}" mount_dev () { for try in 10 9 8 7 6 5 4 3 2 1; do if [ "x${2}" == "x" ]; then /bin/mount "${1}" /mnt && return else /bin/mount -t "${2}" "${1}" /mnt && return fi if [ "${try}" == "1" ]; then err "Could not mount ${cryptokeydev}" # Carry on in the hope that another slot has a "normal" password export cryptokeyfile= else sleep 1 fi done } OLDIFS=$IFS; IFS=: mount_dev ${cryptokeydev} IFS=$OLDIFS if [ "x${cryptokeyfile}" != "x" ] && [ ! -e "${cryptokeyfile}" ]; then err "Could not find ${cryptokeyfile} on ${cryptokeydev}" # Carry on in the hope that another slot has a "normal" password /bin/umount /mnt 2>/dev/null export cryptokeyfile= fi fi fi if [ "x${cryptokeyfile}" != "x" ]; then if [ -e "${cryptokeyfile}" ]; then if ! /bin/cryptsetup --key-file "${cryptokeyfile}" luksOpen ${root} root; then err "Failed to setup root device with the specified key file." # Carry on in the hope that another slot has a "normal" password fi [ "x${cryptokeydev}" != "x" ] && /bin/umount /mnt 2>/dev/null fi fi if [ ! -e "/dev/mapper/root" ]; then echo "" echo "A password is required to access the root filesystem:" #loop until we get a real password while ! /bin/cryptsetup luksOpen ${root} root; do sleep 2; done fi if [ -e "/dev/mapper/root" ]; then export root="/dev/mapper/root" else err "Password succeeded, but root creation failed, aborting..." exit 1 fi elif [ "x${crypto}" != "x" ]; then do_oldcrypto () { if [ $# -ne 5 ]; then err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" err "Non-LUKS decryption not attempted..." else exe="/bin/cryptsetup create root ${root}" [ "x${1}" != "x" ] && exe="$exe --hash \"${1}\"" [ "x${2}" != "x" ] && exe="$exe --cipher \"${2}\"" [ "x${3}" != "x" ] && exe="$exe --key-size \"${3}\"" [ "x${4}" != "x" ] && exe="$exe --offset \"${4}\"" [ "x${5}" != "x" ] && exe="$exe --skip \"${5}\"" echo "" echo "A password is required to access the root filesystem:" eval "${exe}" fi } msg "Non-LUKS encrypted device found..." OLDIFS=$IFS; IFS=: do_oldcrypt ${crypto} IFS=$OLDIFS if [ $? -ne 0 ]; then err "Non-LUKS device decryption failed. verify format: " err " crypto=hash:cipher:keysize:offset:skip" exit 1 else if [ -e "/dev/mapper/root" ]; then export root="/dev/mapper/root" else err "Password succeeded, but root creation failed, aborting..." exit 1 fi fi fi fi }