dracut-systemd/dracut-initqueue: only start service if really needed
[dracut.git] / modules.d / 97masterkey / masterkey.sh
blob53aa20e777cc2c989e0012813078359f96a57bb6
1 #!/bin/sh
3 # Licensed under the GPLv2
5 # Copyright (C) 2011 Politecnico di Torino, Italy
6 # TORSEC group -- http://security.polito.it
7 # Roberto Sassu <roberto.sassu@polito.it>
9 MASTERKEYSCONFIG="${NEWROOT}/etc/sysconfig/masterkey"
10 MULTIKERNELMODE="NO"
11 PCRLOCKNUM=11
13 load_masterkey()
15 # read the configuration from the config file
16 [ -f "${MASTERKEYSCONFIG}" ] && \
17 . ${MASTERKEYSCONFIG}
19 # override the kernel master key path name from the 'masterkey=' parameter
20 # in the kernel command line
21 MASTERKEYARG=$(getarg masterkey=)
22 [ $? -eq 0 ] && \
23 MASTERKEY=${MASTERKEYARG}
25 # override the kernel master key type from the 'masterkeytype=' parameter
26 # in the kernel command line
27 MASTERKEYTYPEARG=$(getarg masterkeytype=)
28 [ $? -eq 0 ] && \
29 MASTERKEYTYPE=${MASTERKEYTYPEARG}
31 # set default values
32 [ -z "${MASTERKEYTYPE}" ] && \
33 MASTERKEYTYPE="trusted"
35 if [ -z "${MASTERKEY}" ]; then
36 # append the kernel version to the default masterkey path name
37 # if MULTIKERNELMODE is set to YES
38 if [ "${MULTIKERNELMODE}" = "YES" ]; then
39 MASTERKEY="/etc/keys/kmk-${MASTERKEYTYPE}-$(uname -r).blob"
40 else
41 MASTERKEY="/etc/keys/kmk-${MASTERKEYTYPE}.blob"
45 # set the kernel master key path name
46 MASTERKEYPATH="${NEWROOT}${MASTERKEY}"
48 # check for kernel master key's existence
49 if [ ! -f "${MASTERKEYPATH}" ]; then
50 if [ "${RD_DEBUG}" = "yes" ]; then
51 info "masterkey: kernel master key file not found: ${MASTERKEYPATH}"
53 return 1
56 # read the kernel master key blob
57 KEYBLOB=$(cat ${MASTERKEYPATH})
59 # add the 'load' prefix if the key type is 'trusted'
60 [ "${MASTERKEYTYPE}" = "trusted" ] && \
61 KEYBLOB="load ${KEYBLOB} pcrlock=${PCRLOCKNUM}"
63 # load the kernel master key
64 info "Loading the kernel master key"
65 keyctl add "${MASTERKEYTYPE}" "kmk-${MASTERKEYTYPE}" "${KEYBLOB}" @u >/dev/null || {
66 info "masterkey: failed to load the kernel master key: kmk-${MASTERKEYTYPE}";
67 return 1;
70 return 0
73 load_masterkey