67 lines
2.1 KiB
Bash
67 lines
2.1 KiB
Bash
#!/bin/bash
|
|
|
|
build() {
|
|
local mod
|
|
|
|
add_module 'dm-crypt'
|
|
add_module 'dm-integrity'
|
|
if [[ $CRYPTO_MODULES ]]; then
|
|
for mod in $CRYPTO_MODULES; do
|
|
add_module "$mod"
|
|
done
|
|
else
|
|
add_all_modules '/crypto/'
|
|
fi
|
|
add_checked_modules '/drivers/char/tpm/'
|
|
|
|
map add_udev_rule \
|
|
'10-dm.rules' \
|
|
'13-dm-disk.rules' \
|
|
'60-fido-id.rules' \
|
|
'95-dm-notify.rules' \
|
|
'/usr/lib/initcpio/udev/11-dm-initramfs.rules'
|
|
|
|
map add_systemd_unit 'cryptsetup.target' \
|
|
'systemd-ask-password-console.path' \
|
|
'systemd-ask-password-console.service'
|
|
map add_binary \
|
|
'/usr/lib/systemd/system-generators/systemd-cryptsetup-generator' \
|
|
'/usr/lib/systemd/systemd-cryptsetup' \
|
|
'/usr/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so' \
|
|
'/usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so' \
|
|
'/usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so'
|
|
|
|
# cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
|
|
add_binary '/usr/lib/libgcc_s.so.1'
|
|
|
|
# cryptsetup loads the legacy provider which is required for whirlpool
|
|
add_binary '/usr/lib/ossl-modules/legacy.so'
|
|
|
|
# add libraries dlopen()ed by systemd-cryptsetup
|
|
for FILE in $(find /usr/lib/ -maxdepth 1 -name "libfido2.so*"); do
|
|
if [[ -L "${FILE}" ]]; then
|
|
add_symlink "${FILE}"
|
|
else
|
|
add_binary "${FILE}"
|
|
fi
|
|
done
|
|
|
|
# add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
|
|
add_binary 'mkswap'
|
|
|
|
[[ -f /etc/crypttab.initramfs ]] && add_file '/etc/crypttab.initramfs' '/etc/crypttab'
|
|
}
|
|
|
|
help() {
|
|
cat <<HELPEOF
|
|
This hook allows for an encrypted root device with systemd initramfs.
|
|
|
|
See the manpage of systemd-cryptsetup-generator(8) for available kernel
|
|
command line options. Alternatively, if the file /etc/crypttab.initramfs
|
|
exists, it will be added to the initramfs as /etc/crypttab. See the
|
|
crypttab(5) manpage for more information on crypttab syntax.
|
|
HELPEOF
|
|
}
|
|
|
|
# vim: set ft=sh ts=4 sw=4 et:
|