rename: src/zlevis-module and src/zlevis-module-setup
This commit is contained in:
parent
978545f313
commit
69c83cf170
3 changed files with 50 additions and 20 deletions
|
|
@ -1,16 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
depends() {
|
||||
echo udev-rules zfs
|
||||
return 0
|
||||
}
|
||||
|
||||
install() {
|
||||
# Install the appropriate binaries and libraries
|
||||
inst_multiple /usr/bin /usr/bin/zlevis* /usr/bin/jose /usr/bin/tpm2* /usr/bin/mktemp
|
||||
inst_multiple /usr/lib /usr/lib/libtss2-tcti*
|
||||
|
||||
# Run the zlevis decryption hook before the 90zfs hook
|
||||
inst_hook pre-mount 85 "${moddir}/zlevis.sh"
|
||||
inst_simple "${moddir}/zlevis.sh" "/sbin/zlevis.sh"
|
||||
}
|
||||
|
|
@ -1,21 +1,35 @@
|
|||
#!/bin/sh
|
||||
|
||||
# First make sure the zfs kmod is loaded
|
||||
# Exit immediately if a command exits with a non-zero status
|
||||
set -e
|
||||
|
||||
# Summary of the script's functionality
|
||||
summary="The dracut module of zlevis"
|
||||
|
||||
# Display summary if requested
|
||||
if [ "$1" = "--summary" ]; then
|
||||
echo "$summary"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Load the ZFS kernel module
|
||||
modprobe zfs 2>/dev/null
|
||||
udevadm settle
|
||||
|
||||
# Inspired by Alpine Linux's mkinitfs script - search for encrypted pool's by means of the cmdline root atribute
|
||||
# Search for encrypted pool's by means of the cmdline root atribute
|
||||
local _root_vol="${root}"
|
||||
local _root_pool="${_root_vol%%/*}"
|
||||
|
||||
# Import the root pool
|
||||
zpool import -N -d /dev $_root_pool
|
||||
|
||||
# If the pool is encrypted run `zlevis decrypt` to obtain the key stored in the tpm2 and load it
|
||||
# If the pool is encrypted run `zlevis decrypt` to obtain the key stored in the TPM and load the key
|
||||
if [ $(zpool list -H -o feature@encryption $_root_pool) = "active" ]; then
|
||||
local _encryption_root=$(zfs get -H -o value encryptionroot $_root_vol)
|
||||
if [ "$_encryption_root" != "-" ]; then
|
||||
zlevis decrypt $_root_pool | zfs load-key -L prompt "$_root_pool" || echo "zlevis failed to unlock $_root_pool"
|
||||
zlevis decrypt $_root_pool | zfs load-key -L prompt "$_root_pool" || echo "Failed to unlock $_root_pool with TPM"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Exit with the status of the last command
|
||||
exit $?
|
||||
32
src/zlevis-module-setup
Executable file
32
src/zlevis-module-setup
Executable file
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Exit immediately if a command exits with a non-zero status
|
||||
set -e
|
||||
|
||||
# Summary of the script's functionality
|
||||
summary="The setup of the dracut module of zlevis"
|
||||
|
||||
# Display summary if requested
|
||||
if [ "$1" = "--summary" ]; then
|
||||
echo "$summary"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Depend on udev-rules and zfs
|
||||
depends() {
|
||||
echo udev-rules zfs
|
||||
return 0
|
||||
}
|
||||
|
||||
install() {
|
||||
# Install the appropriate binaries and libraries
|
||||
inst_multiple /usr/bin /usr/bin/zlevis /usr/bin/zlevis-decrypt /usr/bin/jose /usr/bin/tpm2*
|
||||
inst_multiple /usr/lib /usr/lib/libtss2-tcti*
|
||||
|
||||
# Run the zlevis decryption hook before the 90zfs hook
|
||||
inst_hook pre-mount 85 "${moddir}/zlevis-module"
|
||||
inst_simple "${moddir}/zlevis-module" "/sbin/zlevis-module"
|
||||
}
|
||||
|
||||
# Exit with the status of the last command
|
||||
exit $?
|
||||
Loading…
Add table
Add a link
Reference in a new issue