cryptsetup/trunk/install-encrypt

   1 #!/bin/bash
   2
   3 build() {
   4     local mod
   5
   6     add_module 'dm-crypt'
   7     add_module 'dm-integrity'
   8     if [[ $CRYPTO_MODULES ]]; then
   9         for mod in $CRYPTO_MODULES; do
  10             add_module "$mod"
  11         done
  12     else
  13         add_all_modules '/crypto/'
  14     fi
  15
  16     add_binary 'cryptsetup'
  17
  18     map add_udev_rule \
  19         '10-dm.rules' \
  20         '13-dm-disk.rules' \
  21         '95-dm-notify.rules' \
  22         '/usr/lib/initcpio/udev/11-dm-initramfs.rules'
  23
  24     # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
  25     add_binary '/usr/lib/libgcc_s.so.1'
  26
  27     add_runscript
  28 }
  29
  30 help() {
  31     cat <<HELPEOF
  32 This hook allows for an encrypted root device. Users should specify the device
  33 to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
  34 where 'device' is the path to the raw device, and 'dmname' is the name given to
  35 the device after unlocking, and will be available as /dev/mapper/dmname.
  36
  37 For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
  38 the kernel cmdline, where 'device' represents the raw block device where the key
  39 exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
  40 the absolute path of the keyfile within the device.
  41
  42 Without specifying a keyfile, you will be prompted for the password at runtime.
  43 This means you must have a keyboard available to input it, and you may need
  44 the keymap hook as well to ensure that the keyboard is using the layout you
  45 expect.
  46 HELPEOF
  47 }
  48
  49 # vim: set ft=sh ts=4 sw=4 et: