summarylogtreecommitdiffstats
path: root/multiencrypt_install
blob: 3a67244eb9fcc3acb7483abae014791765b74ff9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash

build() {
    local mod

    add_module dm-crypt
    if [[ $CRYPTO_MODULES ]]; then
        for mod in $CRYPTO_MODULES; do
            add_module "$mod"
        done
    else
        add_all_modules '/crypto/'
    fi

    add_binary "cryptsetup"
    add_binary "dmsetup"
    add_binary "tr"

    add_file "/usr/lib/udev/rules.d/10-dm.rules"
    add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
    add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
    add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"

    add_runscript
}

help() {
    cat <<HELPEOF
This hook allows for multiple encrypted devices that are opened in the
initramfs. This is useful for example if you have multiple encrypted lvm pv's
that you need to unlock before booting to root. The scripts asks for a
passphrase once and tries  to reuse it for all the devices. If it fails on one
device, it asks for a password again.

Devices are specified on the kernel command line:
cryptdevices=device1:dmname1[:options1];device2:dmname2[:options2];...

Options are optional and separated by commata (,). Currently only one option is
supported:
allow-discards	adds --allow-discards to cryptsetup (see man 8 cryptsetup)

Unlocking via keyfile is currently not supported.

You will be prompted for the password at runtime.  This means you must have a
keyboard available to input it, and you may need the keymap hook as well to
ensure that the keyboard is using the layout you expect.
HELPEOF
}

# vim: set ft=sh ts=4 sw=4 et: