31 lines
764 B
Bash
Executable File
31 lines
764 B
Bash
Executable File
#!/bin/sh
|
|
set -a
|
|
. /etc/fido2luks.conf
|
|
|
|
# Set Defaults
|
|
if [ -z "$FIDO2LUKS_USE_TOKEN" ]; then
|
|
FIDO2LUKS_USE_TOKEN=0
|
|
fi
|
|
|
|
if [ -z "$FIDO2LUKS_PASSWORD_FALLBACK" ]; then
|
|
FIDO2LUKS_PASSWORD_FALLBACK=1
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "$FIDO2LUKS_PASSWORD_HELPER" ]; then
|
|
MSG="FIDO2 password salt for $CRYPTTAB_NAME"
|
|
export FIDO2LUKS_PASSWORD_HELPER="plymouth ask-for-password --prompt '$MSG'"
|
|
fi
|
|
|
|
if [ "$FIDO2LUKS_USE_TOKEN" -eq 1 ]; then
|
|
export FIDO2LUKS_CREDENTIAL_ID="$FIDO2LUKS_CREDENTIAL_ID,$(fido2luks token list --csv $CRYPTTAB_SOURCE)"
|
|
fi
|
|
|
|
fido2luks print-secret --bin
|
|
|
|
# Fall back to passphrase-based unlock if fido2luks fails
|
|
if [ "$?" -gt 0 ] && [ "$FIDO2LUKS_PASSWORD_FALLBACK" -eq 1 ]; then
|
|
plymouth ask-for-password --prompt "Password for $CRYPTTAB_SOURCE"
|
|
fi
|