summarylogtreecommitdiffstats
path: root/install-sd-encrypt
diff options
context:
space:
mode:
Diffstat (limited to 'install-sd-encrypt')
-rw-r--r--install-sd-encrypt61
1 files changed, 61 insertions, 0 deletions
diff --git a/install-sd-encrypt b/install-sd-encrypt
new file mode 100644
index 000000000000..42ee25fe98d2
--- /dev/null
+++ b/install-sd-encrypt
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+build() {
+ local mod
+
+ add_module "dm-crypt"
+ add_module "dm-integrity"
+ if [[ $CRYPTO_MODULES ]]; then
+ for mod in $CRYPTO_MODULES; do
+ add_module "$mod"
+ done
+ else
+ add_all_modules "/crypto/"
+ fi
+ add_checked_modules "/drivers/char/tpm/"
+
+ add_udev_rule "10-dm.rules"
+ add_udev_rule "13-dm-disk.rules"
+ add_udev_rule "60-fido-id.rules"
+ add_udev_rule "95-dm-notify.rules"
+ add_udev_rule "/usr/lib/initcpio/udev/11-dm-initramfs.rules"
+
+ add_systemd_unit "cryptsetup.target"
+ add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator"
+ add_binary "/usr/lib/systemd/systemd-cryptsetup"
+
+ add_systemd_unit "systemd-ask-password-console.path"
+ add_systemd_unit "systemd-ask-password-console.service"
+
+ # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
+ add_binary "/usr/lib/libgcc_s.so.1"
+
+ # add libraries dlopen()ed by systemd-cryptsetup
+ for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do
+ for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do
+ if [[ -L "${FILE}" ]]; then
+ add_symlink "${FILE}"
+ else
+ add_binary "${FILE}"
+ fi
+ done
+ done
+
+ # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
+ add_binary "mkswap"
+
+ [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab"
+}
+
+help() {
+ cat <<HELPEOF
+This hook allows for an encrypted root device with systemd initramfs.
+
+See the manpage of systemd-cryptsetup-generator(8) for available kernel
+command line options. Alternatively, if the file /etc/crypttab.initramfs
+exists, it will be added to the initramfs as /etc/crypttab. See the
+crypttab(5) manpage for more information on crypttab syntax.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et: