summaryrefslogtreecommitdiffstats
path: root/hooks/encrypt
blob: 741fba77a12e50bfb9a2a0f2f7e138a61d2d9401 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# vim: set ft=sh:
# TODO this one needs some work to work with lots of different
#       encryption schemes
run_hook ()
{
    mkdevice () { /bin/mknod "/dev/mapper/control" c ${1} ${2}; }
    if [ -e "/sys/class/misc/device-mapper" ]; then
        /bin/modprobe -a -q dm-crypt >/dev/null 2>&1
        read dev_t < /sys/class/misc/device-mapper/dev
        OLDIFS=$IFS; IFS=:
        mkdevice $dev_t
        IFS=$OLDIFS

        if /bin/cryptsetup isLuks ${root} >/dev/null 2>&1; then
            echo ""
            echo "A password is required to access the root filesystem:"
            echo -n "password: "
            /bin/cryptsetup luksOpen ${root} root
            if [ $? -ne 0 ]; then
                err "Password verification failed, aborting..."
                exit 1
            else
                if [ -e "/dev/mapper/root" ]; then
                    export root="/dev/mapper/root"
                else
                    err "Password succeeded, but root creation failed, aborting..."
                    exit 1
                fi
            fi
        else
            do_oldcrypto ()
            {
                exe="/bin/cryptsetup create root ${root}"
                [ "x${1}" != "x" ] && exe="$exe --hash \"${1}\""
                [ "x${2}" != "x" ] && exe="$exe --cipher \"${2}\""
                [ "x${3}" != "x" ] && exe="$exe --key-size \"${3}\""
                [ "x${4}" != "x" ] && exe="$exe --offset \"${4}\""
                [ "x${5}" != "x" ] && exe="$exe --skip \"${5}\""
                echo ""
                echo "A password is required to access the root filesystem:"
                echo -n "password: "
                eval "${exe}"
            }
            msg "Non-LUKS encrypted device found..."
            if [ "x${crypto}" != "x" ]; then
                do_oldcrypt ${crypto}
                if [ $? -ne 0 ]; then
                    err "Password verification failed, aborting..."
                    err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
                    exit 1
                else
                    if [ -e "/dev/mapper/root" ]; then
                        export root="/dev/mapper/root"
                    else
                        err "Password succeeded, but root creation failed, aborting..."
                        exit 1
                    fi
                fi
            fi
        fi
    fi
}