blob: d276ef688de02b80dd957b79526af5f8644c0d39 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#!/usr/bin/ash
run_hook() {
modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
IFS=: read cryptdev cryptname <<EOF
$cryptdevice
EOF
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
# This may happen if third party hooks do the crypt setup
if [ -b "/dev/mapper/${cryptname}" ]; then
echo "Device ${cryptname} already exists, not doing any crypt setup."
return 0
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
}
if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume"
#loop until we get a real password
while ! [ -b "/dev/mapper/${cryptname}" ]; do
unl0kr | cryptsetup open "${cryptdev}" "${cryptname}"
export CRYPTTAB_TRIED=1
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
return 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume."
fi
fi
}
|