diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2022-05-24 13:34:54 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2022-05-24 13:34:54 -0700 |
| commit | edefa80c999972b0dffdc5c9cf9d880156e6e0db (patch) | |
| tree | 895cb2bb1364702ce171dce6e032d8d8f2cffdd5 /defaults/linuxrc | |
| parent | arch: Copy s390 config to s390x (it's 64bit anyway!) (diff) | |
| parent | genkernel: add keyctl support for loading LUKS passphrase into a keyring (diff) | |
| download | genkernel-edefa80c999972b0dffdc5c9cf9d880156e6e0db.tar.gz genkernel-edefa80c999972b0dffdc5c9cf9d880156e6e0db.tar.bz2 genkernel-edefa80c999972b0dffdc5c9cf9d880156e6e0db.zip | |
add keyctl support for loading LUKS passphrase into a keyring
Merges: https://github.com/gentoo/genkernel/pull/10
Closes: https://github.com/gentoo/genkernel/pull/10
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to 'defaults/linuxrc')
| -rw-r--r-- | defaults/linuxrc | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/defaults/linuxrc b/defaults/linuxrc index 15fbf7cc..5ee78044 100644 --- a/defaults/linuxrc +++ b/defaults/linuxrc @@ -272,6 +272,15 @@ do swap_keydev_fstype=*) CRYPT_SWAP_KEYDEV_FSTYPE=${x#*=} ;; + keyctl_keydesc=*) + KEYCTL_KEYDESC=${x#*=} + ;; + keyctl_keytimeout=*) + KEYCTL_KEYTIMEOUT=${x#*=} + ;; + keyctl_keykeep) + KEYCTL_KEYKEEP=1 + ;; real_resume=*|resume=*) REAL_RESUME=${x#*=} ;; @@ -656,10 +665,23 @@ then start_sshd fi +keyctl_keyadd + # Initialize LUKS root device except for livecd's if [ "${CDROOT}" != '1' ] then - start_LUKS + if ( [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] ) || \ + ( [ -n "${CRYPT_SWAP_HEADER}" ] && [ -z "${CRYPT_SWAP_HEADERDEV}" ] ) + then + # the swap key or header might be on the root fs so start it first in this case + start_LUKS_root + luks_root_started=1 + start_LUKS_swap + else + # we don't need to start the root at all if we are resuming from suspend + start_LUKS_swap + fi + if [ "${NORESUME}" != '1' ] && [ -n "${REAL_RESUME}" ] then case "${REAL_RESUME}" in @@ -691,6 +713,11 @@ then do_resume fi + + if [ -z "${luks_root_started}" ] + then + start_LUKS_root + fi fi run mkdir -p "${NEW_ROOT}" @@ -1060,7 +1087,8 @@ then losetup /dev/loop0 "${CDROOT_PATH}/${LOOPEXT}${LOOP}" test_success 'Preparing loop filesystem' - start_LUKS + start_LUKS_root + start_LUKS_swap case ${LOOPTYPE} in normal) @@ -1302,6 +1330,8 @@ else fi fi # if [ "${CDROOT}" = '1' ] +keyctl_keyremove + # Re-run to ensure $NEWROOT/etc/initramfs.mounts was processed at least once process_initramfs_mounts |