53 lines
1.6 KiB
Bash
53 lines
1.6 KiB
Bash
#!/bin/bash
|
|
|
|
build() {
|
|
local mod
|
|
|
|
add_module 'dm-crypt'
|
|
add_module 'dm-integrity'
|
|
if [[ $CRYPTO_MODULES ]]; then
|
|
for mod in $CRYPTO_MODULES; do
|
|
add_module "$mod"
|
|
done
|
|
else
|
|
add_all_modules '/crypto/'
|
|
fi
|
|
|
|
add_binary 'cryptsetup'
|
|
|
|
map add_udev_rule \
|
|
'10-dm.rules' \
|
|
'13-dm-disk.rules' \
|
|
'95-dm-notify.rules' \
|
|
'/usr/lib/initcpio/udev/11-dm-initramfs.rules'
|
|
|
|
# cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
|
|
add_binary '/usr/lib/libgcc_s.so.1'
|
|
|
|
# cryptsetup loads the legacy provider which is required for whirlpool
|
|
add_binary '/usr/lib/ossl-modules/legacy.so'
|
|
|
|
add_runscript
|
|
}
|
|
|
|
help() {
|
|
cat <<HELPEOF
|
|
This hook allows for an encrypted root device. Users should specify the device
|
|
to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
|
|
where 'device' is the path to the raw device, and 'dmname' is the name given to
|
|
the device after unlocking, and will be available as /dev/mapper/dmname.
|
|
|
|
For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
|
|
the kernel cmdline, where 'device' represents the raw block device where the key
|
|
exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
|
|
the absolute path of the keyfile within the device.
|
|
|
|
Without specifying a keyfile, you will be prompted for the password at runtime.
|
|
This means you must have a keyboard available to input it, and you may need
|
|
the keymap hook as well to ensure that the keyboard is using the layout you
|
|
expect.
|
|
HELPEOF
|
|
}
|
|
|
|
# vim: set ft=sh ts=4 sw=4 et:
|