V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-07 10:00:50 +02:00
parent 16be92c0af
commit 5ae49b8e38
6 changed files with 28 additions and 22 deletions
--- a/func/cdi_4200_boot/4210_generate_crypttab.sh
+++ b/func/cdi_4200_boot/4210_generate_crypttab.sh
@@ -41,9 +41,9 @@ write_crypttab() {
 #   HMP_PATH_FSUUID
 #   HMP_PATH_LUKSUUID
 #   TARGET
+#   VAR_DROPBEAR
 #   VAR_NUKE
 #   VAR_VERSION
-#   dropbear_boot
 # Arguments:
 #  None
 # Returns:
@@ -53,6 +53,8 @@ generate_crypttab() {
  ### Declare Arrays, HashMaps, and Variables.
  declare     var_key="" var_encryption_label="" var_luks_uuid="" var_ephemeral_enclabel="" var_host_uuid=""

+  ensure_lowercase "VAR_DROPBEAR"
+
  ### Generate '${TARGET}/etc/crypttab' header.
  : >| "${TARGET}/etc/crypttab"
  chmod 0600 "${TARGET}/etc/crypttab"
@@ -94,9 +96,17 @@ EOF
    var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}"
    var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}"

-    if [[ "${dropbear_boot,,}" == "true" ]]; then
+    if [[ "${VAR_DROPBEAR}" == "true" ]]; then

-      write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
+      if [[ "${var_key}" == "/" ]]; then
+
+        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/unlock_wrapper.sh"
+
+      else
+
+        write_crypttab "${var_encryption_label}" "UUID=${var_luks_uuid}" "none" "luks,discard,initramfs"
+
+      fi

    else

--- a/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
+++ b/func/cdi_4200_boot/4250_update_grub_bootparameter.sh
@@ -31,7 +31,7 @@ guard_sourcing
 #######################################
 update_grub_bootparameter() {
  ### Declare Arrays, HashMaps, and Variables.
-  declare     var_nuke_string="" var_param=""
+  declare     var_nuke_string="" var_param="" var_label=""

  grub_extract_current_string

@@ -47,14 +47,19 @@ update_grub_bootparameter() {
      continue
    fi

-    VAR_GRUB_CMDLINE_LINUX_DEFAULT+=" ${var_param}"
+    VAR_GRUB_CMDLINE_LINUX_DEFAULT="${VAR_GRUB_CMDLINE_LINUX_DEFAULT} ${var_param}"

  done

+  if [[ "${VAR_DROPBEAR}" == "true" ]]; then
+    var_label="${HMP_PATH_ENCLABEL["/"]}"
+    VAR_GRUB_CMDLINE_LINUX+="${VAR_GRUB_CMDLINE_LINUX} cryptdevice=${VAR_CRYPT_ROOT}:cryptroot root=/dev/mapper/${var_label}"
+  fi
+
  if [[ "${VAR_NUKE}" == "true" ]]; then
    var_nuke_string="nuke=${VAR_NUKE_HASH}"
    # shellcheck disable=SC2034
-    VAR_GRUB_CMDLINE_LINUX+=" ${var_nuke_string}"
+    VAR_GRUB_CMDLINE_LINUX="${VAR_GRUB_CMDLINE_LINUX} ${var_nuke_string}"
  fi

  grub_finalize_string