a3696962e8
* Add initcpio hook and install script * Make PIN optional * Add README for initcpio * Fix PKGBUILD, add install of initcpio * Fix README for initcpio
56 lines
1.4 KiB
Bash
56 lines
1.4 KiB
Bash
#!/usr/bin/ash
|
|
|
|
run_hook() {
|
|
modprobe -a -q dm-crypt >/dev/null 2>&1
|
|
. /etc/fido2luks.conf
|
|
|
|
if [ -z "$cryptdevice" ]; then
|
|
device="$FIDO2LUKS_DEVICE"
|
|
dmname="$FIDO2LUKS_MAPPER_NAME"
|
|
else
|
|
IFS=: read cryptdev dmname _cryptoptions <<EOF
|
|
$cryptdevice
|
|
EOF
|
|
if ! device=$(resolve_device "${cryptdev}" ${rootdelay}); then
|
|
return 1
|
|
fi
|
|
fi
|
|
|
|
options="--salt $FIDO2LUKS_SALT"
|
|
|
|
if [ "$FIDO2LUKS_ASK_PIN" == 1 ]; then
|
|
options="$options --pin"
|
|
fi
|
|
|
|
if [ -n "$FIDO2LUKS_DEVICE_SLOT" ]; then
|
|
options="$options --slot $FIDO2LUKS_DEVICE_SLOT"
|
|
fi
|
|
|
|
if [ -n "$FIDO2LUKS_DEVICE_AWAIT" ]; then
|
|
options="$options --await-dev $FIDO2LUKS_DEVICE_AWAIT"
|
|
fi
|
|
|
|
# HACK: /dev/tty is hardcoded in rpassword, but not accessible from the ramdisk
|
|
# Temporary link it to /dev/tty1
|
|
mv /dev/tty /dev/tty.back
|
|
ln -s /dev/tty1 /dev/tty
|
|
|
|
printf "\nAuthentication is required to access the $dmname volume at $device\n"
|
|
|
|
if [ -z "$FIDO2LUKS_CREDENTIAL_ID" ]; then
|
|
fido2luks open-token $device $dmname $options
|
|
else
|
|
fido2luks open $device $dmname $FIDO2LUKS_CREDENTIAL_ID $options
|
|
fi
|
|
exit_code=$?
|
|
|
|
# Restore /dev/tty
|
|
mv /dev/tty.back /dev/tty
|
|
|
|
if [ $exit_code -ne 0 ]; then
|
|
printf '\n'
|
|
read -s -p 'Press Enter to continue'
|
|
printf '\n'
|
|
fi
|
|
}
|