Author: glen
Date: Wed Nov 12 22:24:07 2008
New Revision: 9983
Modified:
geninitrd/trunk/geninitrd
Log:
- luks: add keyfile sypport
- luks: process lukstab by device name not LUKSNAME as these might not match
- luks: load aes and cbc modules
Modified: geninitrd/trunk/geninitrd
==============================================================================
--- geninitrd/trunk/geninitrd (original)
+++ geninitrd/trunk/geninitrd Wed Nov 12 22:24:07 2008
@@ -835,6 +835,10 @@
findmodule "dm-crypt"
+ # TODO: autodetect
+ findmodule "aes"
+ findmodule "cbc"
+
have_luks=yes
# recurse
@@ -1279,7 +1283,7 @@
while read dst src key opt; do
[ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
- [ "$dst" != "$LUKSNAME" ] && continue
+ [ "$src" != "$LUKSDEV" ] && continue
if [ -n "$key" -a "x$key" != "xnone" ]; then
if test -e "$key" ; then
@@ -1305,7 +1309,17 @@
if [ -n "$opt" ]; then
warn "$dst: options are invalid for LUKS
partitions, ignoring them"
fi
- echo "cryptsetup ${key:+-d $key} luksOpen '$src' '$dst'
<&1" | add_linuxrc
+ if [ "$key" ]; then
+ keyfile=/etc/luks-$LUKSNAME.key
+ inst $key $keyfile
+ fi
+
+ debug "+ cryptsetup ${keyfile:+-d $keyfile} luksOpen
'$src' '$dst'"
+ add_linuxrc <<-EOF
+ cryptsetup ${keyfile:+-d $keyfile} luksOpen '$src'
'$dst' <&1
+
+ debugshell
+ EOF
else
die "$dst: only LUKS encryption supported"
fi
@@ -1324,6 +1338,7 @@
mount_sys
initrd_gen_devices
+ debug "luks: process /etc/crypttab $LUKSNAME $LUKSDEV"
luks_crypttab $LUKSNAME $LUKSDEV
}
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
