1 files changed, 31 insertions, 26 deletions

diff --git a/install-sd-encrypt b/install-sd-encrypt
index 42ee25fe98d2..ca68f53de701 100644
--- a/install-sd-encrypt
+++ b/install-sd-encrypt
@@ -3,48 +3,53 @@
 build() {
     local mod
 
-    add_module "dm-crypt"
-    add_module "dm-integrity"
+    add_module 'dm-crypt'
+    add_module 'dm-integrity'
     if [[ $CRYPTO_MODULES ]]; then
         for mod in $CRYPTO_MODULES; do
             add_module "$mod"
         done
     else
-        add_all_modules "/crypto/"
+        add_all_modules '/crypto/'
     fi
-    add_checked_modules "/drivers/char/tpm/"
+    add_checked_modules '/drivers/char/tpm/'
 
-    add_udev_rule "10-dm.rules"
-    add_udev_rule "13-dm-disk.rules"
-    add_udev_rule "60-fido-id.rules"
-    add_udev_rule "95-dm-notify.rules"
-    add_udev_rule "/usr/lib/initcpio/udev/11-dm-initramfs.rules"
+    map add_udev_rule \
+        '10-dm.rules' \
+        '13-dm-disk.rules' \
+        '60-fido-id.rules' \
+        '95-dm-notify.rules' \
+        '/usr/lib/initcpio/udev/11-dm-initramfs.rules'
 
-    add_systemd_unit "cryptsetup.target"
-    add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator"
-    add_binary "/usr/lib/systemd/systemd-cryptsetup"
-
-    add_systemd_unit "systemd-ask-password-console.path"
-    add_systemd_unit "systemd-ask-password-console.service"
+    map add_systemd_unit 'cryptsetup.target' \
+        'systemd-ask-password-console.path' \
+        'systemd-ask-password-console.service'
+    map add_binary \
+        '/usr/lib/systemd/system-generators/systemd-cryptsetup-generator' \
+        '/usr/lib/systemd/systemd-cryptsetup' \
+        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so' \
+        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so' \
+        '/usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so'
 
     # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
-    add_binary "/usr/lib/libgcc_s.so.1"
+    add_binary '/usr/lib/libgcc_s.so.1'
+
+    # cryptsetup loads the legacy provider which is required for whirlpool
+    add_binary '/usr/lib/ossl-modules/legacy.so'
 
     # add libraries dlopen()ed by systemd-cryptsetup
-    for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do
-        for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do
-            if [[ -L "${FILE}" ]]; then
-                add_symlink "${FILE}"
-            else
-                add_binary "${FILE}"
-            fi
-        done
+    for FILE in $(find /usr/lib/ -maxdepth 1 -name "libfido2.so*"); do
+        if [[ -L "${FILE}" ]]; then
+            add_symlink "${FILE}"
+        else
+            add_binary "${FILE}"
+        fi
     done
 
     # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
-    add_binary "mkswap"
+    add_binary 'mkswap'
 
-    [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab"
+    [[ -f /etc/crypttab.initramfs ]] && add_file '/etc/crypttab.initramfs' '/etc/crypttab'
 }
 
 help() {