-
Notifications
You must be signed in to change notification settings - Fork 2
/
multiencrypt_install
52 lines (40 loc) · 1.59 KB
/
multiencrypt_install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "tr"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
}
help() {
cat <<HELPEOF
This hook allows for multiple encrypted devices that are opened in the
initramfs. This is useful for example if you have multiple encrypted lvm pv's
that you need to unlock before booting to root. The scripts asks for a
passphrase once and tries to reuse it for all the devices. If it fails on one
device, it asks for a password again.
Devices are specified on the kernel command line:
cryptdevices="device1:dmname1[:options1];device2:dmname2[:options2];..."
Don't forget the quotes here, otherwise it will not work correctly.
Options are optional and separated by commata (,). Currently only one option is
supported:
allow-discards adds --allow-discards to cryptsetup (see man 8 cryptsetup)
Unlocking via keyfile is currently not supported.
You will be prompted for the password at runtime. This means you must have a
keyboard available to enter it, and you may need the keymap hook as well to
ensure that the keyboard is using the layout you are expecting.
HELPEOF
}
# vim: set ft=sh ts=4 sw=4 et: