r1999 - in trunk/utils/initrd-tools: . debian
Martin Michlmayr
tbm@haydn.debian.org
Wed, 15 Dec 2004 06:10:02 -0700
Author: tbm
Date: 2004-12-15 06:09:38 -0700 (Wed, 15 Dec 2004)
New Revision: 1999
Modified:
trunk/utils/initrd-tools/debian/changelog
trunk/utils/initrd-tools/mkinitrd
Log:
Add support for encrypted root filesystems using dm-crypt and cryptsetup.
Patch provided by Wesley W. Terpstra, with modifications and testing by
Loic Minier and me (Closes: #247054).
Modified: trunk/utils/initrd-tools/debian/changelog
===================================================================
--- trunk/utils/initrd-tools/debian/changelog 2004-12-15 04:17:00 UTC (rev 1998)
+++ trunk/utils/initrd-tools/debian/changelog 2004-12-15 13:09:38 UTC (rev 1999)
@@ -5,6 +5,10 @@
modules in /proc/scsi. (closes: #285301)
- Also fix in that same workaround a possible problem with module names
with hyphens that get flattened to underscores in 2.6.
+ * Martin Michlmayr
+ - Add support for encrypted root filesystems using dm-crypt and
+ cryptsetup. Patch provided by Wesley W. Terpstra, with modifications
+ and testing by Loic Minier and me (Closes: #247054).
-- Joshua Kwan <joshk@triplehelix.org> Sun, 12 Dec 2004 17:17:11 -0800
Modified: trunk/utils/initrd-tools/mkinitrd
===================================================================
--- trunk/utils/initrd-tools/mkinitrd 2004-12-15 04:17:00 UTC (rev 1998)
+++ trunk/utils/initrd-tools/mkinitrd 2004-12-15 13:09:38 UTC (rev 1999)
@@ -322,8 +322,90 @@
fi
}
+dmcrypt() {
+ local cipher_mode devname submajor subminor
+
+ if ! command -v cryptsetup > /dev/null 2>&1; then
+ echo Root is on a DM crypt device, but cryptsetup not installed >&2
+ fi
+
+ cipher_mode=$(dmsetup table $dmname | cut -d" " -f4)
+
+ echo dm-crypt
+ echo $cipher_mode | cut -d- -f1
+
+ devname=$(grep -m 1 "^$dmname[[:space:]]" /etc/crypttab | sed 's/^[^[:space:]]*[[:space:]]*\([^[:space:]]*\).*/\1/')
+ if [ ! -b ${devname:-/dev/null} ]; then
+ echo \'$dmname\' does not have a valid block device in /etc/crypttab >&2
+ exit 1
+ fi
+
+ eval "$(stat -c 'submajor=$((0x%t)); subminor=$((0x%T))' $(readlink -f "$devname"))"
+
+ if [ $submajor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\), \([0-9]*\))$/\1/') \
+ -o $subminor != $(dmsetup deps $dmname | sed 's/^.*(\([0-9]*\), \([0-9]*\))$/\2/') ]; then
+ echo /etc/crypttab entry for \'$dmname\' does not agree with dmsetup >&2
+ exit 1
+ fi
+
+ getroot $devname
+
+ cat <<EOF >&5
+mount_tmpfs dev2
+
+save_rootdev="\$rootdev"
+save_ROOT="\$ROOT"
+rootdev=$(($submajor*256+$subminor))
+ROOT="$devname"
+get_device
+rootdev="\$save_rootdev"
+ROOT="\$save_ROOT"
+
+export device
+export dmname="$dmname"
+export cipher_mode="$cipher_mode"
+for i in /keyscripts/*; do
+ [ -f "\$i" ] || continue
+ case "\$i" in
+ *.sh)
+ (. \$i)
+ ;;
+ *)
+ \$i
+ ;;
+ esac
+done
+[ -b /dev/mapper/\$dmname ] || \\
+ /sbin/cryptsetup -c \$cipher_mode create \$dmname \$device
+
+umount -n dev2
+EOF
+ {
+ echo /sbin/cryptsetup
+ echo /lib/libdevmapper.so.1.00
+ echo /lib/libpopt.so.0
+ } >&6
+}
+
dm() {
- if command -v lvmiopversion > /dev/null 2>&1; then
+ local dmname
+
+ if ! command -v dmsetup > /dev/null 2>&1; then
+ echo Root is on a DM device, but dmsetup not installed >&2
+ exit 1
+ fi
+
+ dmdev=$(printf "(%d, %d)" $major $minor)
+
+ if ! dmsetup ls | grep -q "$dmdev\$"; then
+ echo Unknown DM device $major:$minor >&2
+ exit 1
+ fi
+
+ dmname=$(dmsetup ls | grep "$dmdev\$" | sed 's/^\([^[:space:]]*\).*$/\1/')
+ if dmsetup table $dmname | grep -q crypt; then
+ dmcrypt
+ elif command -v lvmiopversion > /dev/null 2>&1; then
lvm
elif [ ! -x /etc/mkinitrd/scripts/evms ]; then
echo Unknown DM device $major:$minor >&2
@@ -1143,7 +1225,7 @@
mv script initrd
cd initrd
- mkdir -p dev2 devfs etc mnt proc scripts sys tmp var
+ mkdir -p dev2 devfs etc keyscripts mnt proc scripts sys tmp var
> etc/mtab