diff --git a/dracut/fido2luks.sh b/dracut/fido2luks.sh index d5a3457..f16b326 100644 --- a/dracut/fido2luks.sh +++ b/dracut/fido2luks.sh @@ -1,6 +1,6 @@ #!/bin/sh -LUKS_UUIDS="$(getargs rd.fido2luks.uuid | tr ' ' '\n'| cut -d '-' -f 2-)" +LUKS_DEVICES="$(getargs rd.fido2luks.devices | tr ' ' '\n'| cut -d '-' -f 2-)" CREDENTIAL_ID="$(getargs rd.fido2luks.credentialid)" SALT="$(getargs rd.fido2luks.salt)" @@ -21,7 +21,7 @@ hide_msg () { plymouth hide-message --text="$MSG" & } -handle_authenticator () { +handle_authenticator() { while ! /bin/f2l connected; do display_msg_timeout "Please connect your authenicator" @@ -31,15 +31,19 @@ handle_authenticator () { export FIDO2LUKS_CREDENTIAL_ID="$CREDENTIAL_ID" export FIDO2LUKS_SALT="${SALT:-Ask}" export FIDO2LUKS_PASSWORD_HELPER="/usr/bin/systemd-ask-password --no-tty 'Disk 2fa password'" - for UUID in $LUKS_UUIDS ; do - export FIDO2LUKS_UUID="$UUID" - export FIDO2LUKS_MAPPER_NAME="${MAPPER_NAME:-luks-$FIDO2LUKS_UUID}" + for DEV in $LUKS_DEVICES ; do + export FIDO2LUKS_DEVICE="$DEV" + export FIDO2LUKS_MAPPER_NAME="${MAPPER_NAME:-luks-$DEV}" display_msg_timeout "Watch your authenicator" ERR="$(/bin/f2l open -e 2>&1)" if [ "$?" -eq 1 ]; then display_msg_timeout "Failed to unlock: $ERR" - sleep 15 + sleep 5 + else + exit 1 fi done } + +handle_authenticator diff --git a/src/config.rs b/src/config.rs index 1cb24a3..1484649 100644 --- a/src/config.rs +++ b/src/config.rs @@ -14,7 +14,7 @@ use std::process::Command; #[derive(Debug, Deserialize, Serialize)] pub struct EnvConfig { credential_id: String, - uuid: String, + device: String, salt: String, mapper_name: String, password_helper: String, @@ -24,7 +24,7 @@ impl Into for EnvConfig { fn into(self) -> Config { Config { credential_id: self.credential_id, - device: format!("/dev/disk/by-uuid/{}", self.uuid).into(), + device: self.device.into(), mapper_name: self.mapper_name, password_helper: PasswordHelper::Script(self.password_helper), input_salt: if PathBuf::from(&self.salt).exists() {