2 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
3 # ex: ts=8 sw=4 sts=4 et filetype=sh
5 PATH
=/usr
/sbin
:/usr
/bin
:/sbin
:/bin
6 NEWROOT
=${NEWROOT:-"/sysroot"}
8 # do not ask, if we already have root
9 [ -f $NEWROOT/proc
] && exit 0
13 # default luksname - luks-UUID
16 # check if destination already exists
17 [ -b /dev
/mapper
/luksname
] && exit 0
19 # we already asked for this device
20 asked_file
=/tmp
/cryptroot-asked-
$luksname
21 [ -f $asked_file ] && exit 0
23 # load dm_crypt if it is not already loaded
24 [ -d /sys
/module
/dm_crypt
] || modprobe dm_crypt
26 .
/lib
/dracut-crypt-lib.sh
28 # fallback to passphrase
31 # if device name is /dev/dm-X, convert to /dev/mapper/name
32 if [ "${1##/dev/dm-}" != "$1" ]; then
33 device
="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
38 # default luksname - luks-UUID
44 # TODO: improve to support what cmdline does
45 if [ -f /etc
/crypttab
] && getargbool
1 rd.luks.crypttab
-d -n rd_NO_CRYPTTAB
; then
46 while read name dev luksfile luksoptions
; do
47 # ignore blank lines and comments
48 if [ -z "$name" -o "${name#\#}" != "$name" ]; then
52 # UUID used in crypttab
53 if [ "${dev%%=*}" = "UUID" ]; then
54 if [ "luks-${dev##UUID=}" = "$luksname" ]; then
59 # path used in crypttab
61 cdev
=$
(readlink
-f $dev)
62 mdev
=$
(readlink
-f $device)
63 if [ "$cdev" = "$mdev" ]; then
72 # check if destination already exists
73 [ -b /dev
/mapper
/$luksname ] && exit 0
75 # we already asked for this device
76 [ -f /tmp
/cryptroot-asked-
$luksname ] && exit 0
78 # load dm_crypt if it is not already loaded
79 [ -d /sys
/module
/dm_crypt
] || modprobe dm_crypt
81 .
/lib
/dracut-crypt-lib.sh
87 info
"luksOpen $device $luksname $luksfile $luksoptions"
94 while [ $# -gt 0 ]; do
109 allowdiscards
="--allow-discards"
114 # parse for allow-discards
115 if strstr
"$(cryptsetup --help)" "allow-discards"; then
116 if discarduuids
=$
(getargs
"rd.luks.allow-discards"); then
117 discarduuids
=$
(str_replace
"$discarduuids" 'luks-' '')
118 if strstr
" $discarduuids " " ${luksdev##luks-}"; then
119 allowdiscards
="--allow-discards"
121 elif getargbool
0 rd.luks.allow-discards
; then
122 allowdiscards
="--allow-discards"
126 if strstr
"$(cryptsetup --help)" "allow-discards"; then
127 cryptsetupopts
="$cryptsetupopts $allowdiscards"
132 # fallback to passphrase
135 if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
136 if cryptsetup
--key-file "$luksfile" $cryptsetupopts luksOpen
"$device" "$luksname"; then
140 while [ -n "$(getarg rd.luks.key)" ]; do
141 if tmp
=$
(getkey
/tmp
/luks.keys
$device); then
145 if [ $numtries -eq 0 ]; then
146 warn
"No key found for $device. Fallback to passphrase mode."
150 info
"No key found for $device. Will try $numtries time(s) more later."
151 initqueue
--unique --onetime --settled \
152 --name cryptroot-ask-
$luksname \
153 $
(command -v cryptroot-ask
) "$device" "$luksname" "$(($numtries-1))"
158 info
"Using '$keypath' on '$keydev'"
159 readkey
"$keypath" "$keydev" "$device" \
160 | cryptsetup
-d - $cryptsetupopts luksOpen
"$device" "$luksname"
167 if [ $ask_passphrase -ne 0 ]; then
168 luks_open
="$(command -v cryptsetup) $cryptsetupopts luksOpen"
169 ask_for_password
--ply-tries 5 \
170 --ply-cmd "$luks_open -T1 $device $luksname" \
171 --ply-prompt "Password ($device)" \
173 --tty-cmd "$luks_open -T5 $device $luksname"
177 unset device luksname luksfile
179 # mark device as asked