-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathsupport-detached-header.patch
64 lines (61 loc) · 2.3 KB
/
support-detached-header.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
diff --git a/hooks-encrypt b/hooks-encrypt-dh
index 882d5fb..5343fc1 100644
--- a/hooks-encrypt
+++ b/hooks-encrypt-dh
@@ -33,6 +33,40 @@ EOF
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
+ # Get detached header file if specified
+ cheaderfile="/crypto_header"
+ if [ -n "$cryptheader" ]; then
+ IFS=: read chdev charg1 charg2 <<EOF
+$cryptheader
+EOF
+
+ if [ "$chdev" = "rootfs" ]; then
+ cheaderfile=$charg1
+ elif resolved=$(resolve_device "${chdev}" ${rootdelay}); then
+ case ${charg1} in
+ *[!0-9]*)
+ # Use a file on the device
+ # charg1 is not numeric: charg1=filesystem, charg2=path
+ mkdir /cheader
+ mount -r -t "$charg1" "$resolved" /cheader
+ dd if="/cheader/$charg2" of="$cheaderfile" >/dev/null 2>&1
+ umount /cheader
+ ;;
+ *)
+ # Read raw data from the block device
+ # charg1 is numeric: charg1=offset, charg2=length
+ dd if="$resolved" of="$cheaderfile" bs=1 skip="$charg1" count="$charg2" >/dev/null 2>&1
+ ;;
+ esac
+ fi
+
+ if [ -f ${cheaderfile} ]; then
+ cryptargs="${cryptargs} --header ${cheaderfile}"
+ else
+ echo "Detached header could not be opened. Ignoring."
+ fi
+ fi
+
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
IFS=: read cryptdev cryptname cryptoptions <<EOF
@@ -67,7 +101,7 @@ EOF
done
if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
- if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
+ if (cryptsetup isLuks ${resolved} >/dev/null 2>&1 || cryptsetup isLuks ${cheaderfile} >/dev/null 2>&1); then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
@@ -138,7 +172,8 @@ EOF
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
- rm -f ${ckeyfile}
+
+ rm -f ${ckeyfile} ${cheaderfile}
}
# vim: set ft=sh ts=4 sw=4 et: