moparisthebest
/
archlinux_encrypthook
mirror of https://github.com/moparisthebest/archlinux_encrypthook
1
0
Fork 0
Code Issues Releases Wiki Activity

Add readme and encrypt_install

This commit is contained in:
Travis Burtrum 2016-11-24 00:31:25 -05:00
parent 74747ee9da
commit 3040652984
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
encrypt_install Normal file
View File

@ -0,0 +1,49 @@
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_binary "cryptsetup"
add_binary "dmsetup"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
}
help() {
cat <<HELPEOF
This hook allows for multiple encrypted root devices. Users should specify the
device to be unlocked using 'cryptdevice=device:dmname' on the kernel command
line, where 'device' is the path to the raw device, and 'dmname' is the name
given to the device after unlocking, and will be available as /dev/mapper/dmname.
Subsequent devices must be specified the same way, but with cryptdevice1=,
cryptdevice2= and so on, in order. Passwords will be cached and attempted to
re-use them on the next device, and if that fails, a new password will be asked
for.
For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
the kernel cmdline, where 'device' represents the raw block device where the key
exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
the absolute path of the keyfile within the device.
Without specifying a keyfile, you will be prompted for the password at runtime.
This means you must have a keyboard available to input it, and you may need
the keymap hook as well to ensure that the keyboard is using the layout you
expect.
HELPEOF
}
# vim: set ft=sh ts=4 sw=4 et:

5
readme.md Normal file
View File

@ -0,0 +1,5 @@
This is the standard archlinux encrypt hook extended to support multiple encrypted devices via cryptsetup= cryptsetup1= cryptsetup2= etc.
Hopefully one day it will be merged with the normal archlinux cryptsetup package (ask for it [here](https://bugs.archlinux.org/task/23182)), until then it will be available via the aur here:
https://aur.archlinux.org/packages/cryptsetup-multidisk/