17 . /usr/share/initramfs-tools/hook-functions
20 local device mount type options dump pass
22 if [ ! -r /etc/fstab ]; then
26 grep '^[^#]' /etc/fstab | \
27 while read device mount type options dump pass; do
28 if [ "$mount" = "/" ]; then
35 get_resume_devices() {
36 local device opt count dupe candidates devices
39 # First, get a list of potential resume devices
42 if [ -e /etc/uswsusp.conf ]; then
43 device=$(sed -rn 's/^resume device[[:space:]]*[:=][[:space:]]*// p' /etc/uswsusp.conf)
44 if [ -n "$device" ]; then
45 candidates="$candidates $device"
50 if [ -e /etc/suspend.conf ]; then
51 device=$(sed -rn 's/^resume device[[:space:]]*[:=][[:space:]]*// p' /etc/suspend.conf)
52 if [ -n "$device" ]; then
53 candidates="$candidates $device"
58 for opt in $(cat /proc/cmdline); do
61 device="${opt#resume=}"
62 candidates="$candidates $device"
68 if [ -e /etc/initramfs-tools/conf.d/resume ]; then
69 device=$(sed -rn 's/^RESUME[[:space:]]*=[[:space:]]*// p' /etc/initramfs-tools/conf.d/resume)
70 if [ -n "$device" ]; then
71 candidates="$candidates $device"
75 # Now check the sanity of all candidates
78 for device in $candidates; do
79 # Weed out clever defaults
80 if [ "$device" = "<path_to_resume_device_file>" ]; then
86 for opt in $devices; do
87 if [ "$device" = "$opt" ]; then
91 if [ $dupe -eq 1 ]; then
95 # This device seems ok
96 devices="$devices $device"
97 count=$(( $count + 1 ))
100 if [ $count -gt 1 ]; then
101 echo "cryptsetup: WARNING: found more than one resume device candidate:" >&2
102 for device in $devices; do
107 if [ $count -gt 0 ]; then
114 node_is_in_crypttab() {
118 grep -q ^$node /etc/crypttab
123 local node deps maj min depnode
126 if [ -z $node ]; then
127 echo "cryptsetup: WARNING: get_lvm_deps - invalid arguments" >&2
131 if ! deps=$(dmsetup deps "$node" 2> /dev/null | sed 's/[^:]*: *//;s/[ (]//g;s/)/ /g'); then
132 echo "cryptsetup: WARNING: failed to find deps for $node" >&2
136 # We should now have a list of major,minor pairs, e.g. "3,2 3,3"
140 depnode=$(dmsetup ls | sed -n "s/\\([^ ]*\\) *($maj, $min)/\\1/p" | sed -e "s/[ \t]*$//")
141 if [ -z "$depnode" ]; then
144 if [ "$(dmsetup table "$depnode" 2> /dev/null | cut -d' ' -f3)" != "crypt" ]; then
145 get_lvm_deps "$depnode"
155 local target source link extraopts rootopts opt
161 if [ -z "$target" ]; then
162 echo "cryptsetup: WARNING: get_device_opts - invalid arguments" >&2
166 opt=$( grep ^$target /etc/crypttab | head -1 | sed 's/[[:space:]]\+/ /g' )
167 source=$( echo $opt | cut -d " " -f2 )
168 key=$( echo $opt | cut -d " " -f3 )
169 rootopts=$( echo $opt | cut -d " " -f4- )
171 if [ -z "$opt" ] || [ -z "$source" ] || [ -z "$key" ] || [ -z "$rootopts" ]; then
172 echo "cryptsetup: WARNING: invalid line in /etc/crypttab - $opt" >&2
176 # Sanity checks for $source
177 if [ -h "$source" ]; then
178 link=$(readlink -nqe "$source")
179 if [ -z "$link" ]; then
180 echo "cryptsetup: WARNING: $source is a dangling symlink" >&2
184 if [ "$link" != "${link#/dev/mapper/}" ]; then
185 echo "cryptsetup: NOTE: using $link instead of $source for $target" >&2
190 # Sanity checks for $key
191 if [ "$key" = "/dev/random" ] || [ "$key" = "/dev/urandom" ]; then
192 echo "cryptsetup: WARNING: target $target has a random key, skipped" >&2
196 if [ -n "$extraopts" ]; then
197 rootopts="$extraopts,$rootopts"
200 # We have all the basic options, let's go trough them
201 OPTIONS="target=$target,source=$source,key=$key"
205 for opt in $rootopts; do
208 OPTIONS="$OPTIONS,$opt"
211 OPTIONS="$OPTIONS,$opt"
215 OPTIONS="$OPTIONS,$opt"
218 OPTIONS="$OPTIONS,$opt"
221 opt=${opt#keyscript=}
222 if [ ! -x "/lib/cryptsetup/scripts/$opt" ] && [ ! -x "$opt" ]; then
223 echo "cryptsetup: WARNING: target $target has an invalid keyscript, skipped" >&2
227 OPTIONS="$OPTIONS,keyscript=/keyscripts/$(basename "$opt")"
230 OPTIONS="$OPTIONS,$opt"
236 # Presumably a non-supported option
241 # Warn for missing hash option, unless we have a LUKS partition
242 if [ -z "$HASH_FOUND" ] && [ -z "$LUKS_FOUND" ]; then
243 echo "WARNING: Option hash missing in crypttab for target $target, assuming ripemd160." >&2
244 echo " If this is wrong, this initramfs image will not boot." >&2
245 echo " Please read /usr/share/doc/cryptsetup/README.initramfs.gz and add" >&2
246 echo " the correct hash option to your /etc/crypttab." >&2
249 # If keyscript is set, the "key" is just an argument to the script
250 if [ "$key" != "none" ] && [ -z "$KEYSCRIPT" ]; then
251 echo "cryptsetup: WARNING: target $target uses a key file, skipped" >&2
256 get_device_modules() {
257 local node value cipher blockcipher ivhash
260 # Check the ciphers used by the active root mapping
261 value=$(dmsetup table "$node" | cut -d " " -f4)
262 cipher=$(echo "$value" | cut -d ":" -f1 | cut -d "-" -f1)
263 blockcipher=$(echo "$value" | cut -d ":" -f1 | cut -d "-" -f2)
264 ivhash=$(echo "$value" | cut -d ":" -s -f2)
266 if [ -n "$cipher" ]; then
272 if [ -n "$blockcipher" ] && [ "$blockcipher" != "plain" ]; then
276 if [ -n "$ivhash" ] && [ "$ivhash" != "plain" ]; then
286 altdev="${dev#LABEL=}"
287 if [ "$altdev" != "$dev" ]; then
288 dev="/dev/disk/by-label/$altdev"
291 altdev="${dev#UUID=}"
292 if [ "$altdev" != "$dev" ]; then
293 dev="/dev/disk/by-uuid/$altdev"
296 if [ -h "$dev" ]; then
297 dev=$(readlink -e "$dev")
300 altdev="${dev#/dev/mapper/}"
301 if [ "$altdev" != "$dev" ]; then
310 local node nodes opts lastopts i count
312 opts="" # Applied to all nodes
313 lastopts="" # Applied to last node
315 if [ -z "$nodes" ]; then
319 # Check that it is a node under /dev/mapper/
320 nodes=$(canonical_device "$nodes") || return 0
322 # Can we find this node in crypttab
323 if ! node_is_in_crypttab "$nodes"; then
324 # dm node but not in crypttab, is it a lvm device backed by dm-crypt nodes?
325 lvmnodes=$(get_lvm_deps "$nodes") || return 1
327 # not backed by any dm-crypt nodes; stop here
328 if [ -z "$lvmnodes" ]; then
332 # It is a lvm device!
333 lastopts="lvm=$nodes"
337 # Prepare to setup each node
338 count=$(echo "$nodes" | wc -w)
340 for node in $nodes; do
341 # Prepare the additional options
342 if [ $i -eq $count ]; then
343 if [ -z "$opts" ]; then
346 opts="$opts,$lastopts"
350 # Get crypttab root options
351 if ! get_device_opts "$node" "$opts"; then
354 echo "$OPTIONS" >> "$DESTDIR/conf/conf.d/cryptroot"
356 # If we have a keyscript, make sure it is included
357 if [ -n "$KEYSCRIPT" ]; then
358 if [ ! -d "$DESTDIR/keyscripts" ]; then
359 mkdir "$DESTDIR/keyscripts"
362 if [ -e "/lib/cryptsetup/scripts/$KEYSCRIPT" ]; then
363 copy_exec "/lib/cryptsetup/scripts/$KEYSCRIPT" /keyscripts
364 elif [ -e "$KEYSCRIPT" ]; then
365 copy_exec "$KEYSCRIPT" /keyscripts
367 echo "cryptsetup: WARNING: failed to find keyscript $KEYSCRIPT" >&2
372 # Calculate needed modules
373 modules=$(get_device_modules $node | sort | uniq)
374 if [ -z "$modules" ]; then
375 echo "cryptsetup: WARNING: failed to determine cipher modules to load for $node" >&2
388 add_crypto_modules() {
389 local mod file altmod found genericfound
394 if [ -z "$mod" ]; then
398 # We have several potential sources of modules (in order of preference):
400 # a) /lib/modules/$VERSION/kernel/arch/$ARCH/crypto/$mod-$specific.ko
401 # b) /lib/modules/$VERSION/kernel/crypto/$mod_generic.ko
402 # c) /lib/modules/$VERSION/kernel/crypto/$mod.ko
404 # and (currently ignored):
406 # d) /lib/modules/$VERSION/kernel/drivers/crypto/$specific-$mod.ko
408 for file in $(find "$MODULESDIR/kernel/arch/" -name "$mod-*.ko"); do
410 altmod="${altmod%.ko}"
411 manual_add_modules "$altmod"
415 for file in $(find "$MODULESDIR/kernel/crypto/" -name "${mod}_generic.ko"); do
417 altmod="${altmod%.ko}"
418 manual_add_modules "$altmod"
423 if [ -z "$genericfound" ]; then
424 for file in $(find "$MODULESDIR/kernel/crypto/" -name "${mod}.ko"); do
426 altmod="${altmod%.ko}"
427 manual_add_modules "$altmod"
432 if [ -z "$found" ]; then
440 # Begin real processing
447 # Find the root and resume device(s)
448 if [ -r /etc/crypttab ]; then
449 rootdev=$(get_root_device)
450 if [ -z "$rootdev" ]; then
451 echo "cryptsetup: WARNING: could not determine root device from /etc/fstab" >&2
453 resumedevs=$(get_resume_devices)
456 # Load the config opts and modules for each device
457 for dev in $rootdev $resumedevs; do
458 if ! modules=$(add_device "$dev"); then
459 echo "cryptsetup: FAILURE: could not determine configuration for $dev" >&2
464 for mod in $modules; do
465 add_crypto_modules $mod
469 # With large initramfs, we always add a basic subset of modules
470 if [ "$MODULES" != "dep" ]; then
471 for mod in aes sha256 cbc; do
472 add_crypto_modules $mod
476 # See if we need to add the basic components
477 if [ "$MODULES" != "dep" ] || [ "$setup" = "yes" ]; then
478 for mod in dm_mod dm_crypt; do
479 manual_add_modules $mod
482 copy_exec /sbin/cryptsetup
483 copy_exec /sbin/dmsetup
484 # copy_exec /lib/cryptsetup/askpass