4 # Standard initramfs preamble
8 # Make sure that cryptroot is run last in local-top
9 for req in /scripts/local-top/*; do
11 if [ $script != cryptroot ]; then
30 if [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
31 usplash_write "TEXT-URGENT $@"
43 if [ -z "$cryptopts" ]; then
48 cryptcipher=aes-cbc-essiv:sha256
55 cryptkey="" # This is only used as an argument to an eventual keyscript
59 for x in $cryptopts; do
68 cryptcipher=${x#cipher=}
71 crypttarget=${x#target=}
74 cryptsource=${x#source=}
75 if [ ${cryptsource#UUID=} != $cryptsource ]; then
76 cryptsource="/dev/disk/by-uuid/${cryptsource#UUID=}"
77 elif [ ${cryptsource#LABEL=} != $cryptsource ]; then
78 cryptsource="/dev/disk/by-label/${cryptsource#LABEL=}"
85 cryptkeyscript=${x#keyscript=}
88 if [ "${x#key=}" != "none" ]; then
93 crypttries="${x#tries=}"
103 if [ -z "$cryptsource" ]; then
104 message "cryptsetup: source parameter missing"
113 vg="${1#/dev/mapper/}"
116 if [ ! -x /sbin/lvm ] || [ "$vg" = "$1" ]; then
120 # Make sure that the device contains at least one dash
121 if [ "${vg%%-*}" = "$vg" ]; then
125 # Split volume group from logical volume.
126 vg=$(echo ${vg} | sed -e 's#\(.*\)\([^-]\)-[^-].*#\1\2#')
128 # Reduce padded --'s to -'s
129 vg=$(echo ${vg} | sed -e 's#--#-#g')
131 lvm vgchange -ay ${vg}
138 dev="${1#/dev/evms/}"
141 if [ ! -x /sbin/evms_activate ] || [ "$dev" = "$1" ]; then
145 # Load modules used by evms
146 for module in dm-mod linear raid0 raid1 raid10 raid5 raid6; do
147 /sbin/modprobe -q $module
157 local opts count cryptcreate cryptremove NEWROOT
160 if [ -z "$opts" ]; then
164 parse_options "$opts" || return 1
166 if [ -n "$cryptkeyscript" ] && [ ! -x "$cryptkeyscript" ]; then
167 message "cryptsetup: error - script \"$cryptkeyscript\" missing"
171 # The same target can be specified multiple times
172 # e.g. root and resume lvs-on-lvm-on-crypto
173 if [ -e "/dev/mapper/$crypttarget" ]; then
177 /sbin/modprobe -q dm_crypt
179 # Make sure the cryptsource device is available
180 if [ ! -e $cryptsource ]; then
181 activate_vg $cryptsource
182 activate_evms $cryptsource
185 /sbin/udevadm settle --timeout=30
187 if [ ! -e $cryptsource ]; then
188 message "cryptsetup: source device $cryptsource not found"
193 if /sbin/cryptsetup isLuks $cryptsource > /dev/null 2>&1; then
194 cryptcreate="/sbin/cryptsetup -T 1 luksOpen $cryptsource $crypttarget"
196 cryptcreate="/sbin/cryptsetup -T 1 -c $cryptcipher -s $cryptsize -h $crypthash create $crypttarget $cryptsource"
198 cryptremove="/sbin/cryptsetup remove $crypttarget"
199 NEWROOT="/dev/mapper/$crypttarget"
201 # Try to get a satisfactory password $crypttries times
203 while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do
204 count=$(( $count + 1 ))
206 if [ $count -gt 1 ]; then
210 if [ $crypttries -gt 0 ] && [ $count -gt $crypttries ]; then
211 message "cryptsetup: maximum number of tries exceeded for $crypttarget"
215 if [ -z "$cryptkeyscript" ]; then
216 cryptkeyscript="/lib/cryptsetup/askpass"
217 cryptkey="Enter passphrase to unlock the disk $cryptsource ($crypttarget): "
221 if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \
222 $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then
223 message "cryptsetup: cryptsetup failed, bad password or options?"
227 if [ ! -e "$NEWROOT" ]; then
228 message "cryptsetup: unknown error setting up device mapping"
233 eval $(fstype < "$NEWROOT")
235 # See if we need to setup lvm on the crypto device
236 if [ "$FSTYPE" = "lvm" ] || [ "$FSTYPE" = "lvm2" ]; then
237 if [ -z "$cryptlvm" ]; then
238 message "cryptsetup: lvm fs found but no lvm configured"
240 elif ! activate_vg "/dev/mapper/$cryptlvm"; then
241 message "cryptsetup: failed to setup lvm device"
245 NEWROOT="/dev/mapper/$cryptlvm"
246 eval $(fstype < "$NEWROOT")
249 if [ -z "$FSTYPE" ] || [ "$FSTYPE" = "unknown" ]; then
250 message "cryptsetup: unknown fstype, bad password or options?"
255 message "cryptsetup: $crypttarget setup successfully"
259 /sbin/udevadm settle --timeout=30
264 # Begin real processing
267 # Do we have any kernel boot arguments?
269 for opt in $(cat /proc/cmdline); do
273 setup_mapping "${opt#cryptopts=}"
278 if [ -n "$found" ]; then
282 # Do we have any settings from the /conf/conf.d/cryptroot file?
283 if [ -r /conf/conf.d/cryptroot ]; then
284 while read mapping <&3; do
285 setup_mapping "$mapping"
286 done 3< /conf/conf.d/cryptroot