msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m40s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-08-27 01:07:06 +02:00
parent 9f6e69bfba
commit 7f0298f437
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
func/cdi_4200_boot/4210_generate_crypttab.sh
View File

@@ -64,6 +64,9 @@ generate_crypttab() {
# the underlying encrypted device (LUKS/dm-crypt) passes TRIM commands to the physical drive or not. The '/etc/fstab' determines # the underlying encrypted device (LUKS/dm-crypt) passes TRIM commands to the physical drive or not. The '/etc/fstab' determines
# whether and how the file system itself generates the discard operations and sends them down through the LUKS layer. # whether and how the file system itself generates the discard operations and sends them down through the LUKS layer.
# #
# For non-ephemeral devices the respective UUID of the LUKS-device is used.
# For the ephemeral devices the respective PART UUID of the host dummy partition is used.
#
# RECOMMENDED: 'discard' enables the TRIM commands to be forwarded by the dm-crypt layer to the SSD/physical device. If ones do # RECOMMENDED: 'discard' enables the TRIM commands to be forwarded by the dm-crypt layer to the SSD/physical device. If ones do
# not specify discard in the '/etc/crypttab', dm-crypt blocks TRIM by default. This would render a discard in the '/etc/fstab' # not specify discard in the '/etc/crypttab', dm-crypt blocks TRIM by default. This would render a discard in the '/etc/fstab'
# ineffective. # ineffective.
@@ -78,6 +81,8 @@ EOF
var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}" var_encryption_label="${HMP_PATH_ENCLABEL["${var_key}"]}"
var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}" var_luks_uuid="${HMP_PATH_LUKSUUID["${var_key}"]}"
[[ "${var_key}" == "/recovery" ]] && continue
if [[ "${VAR_DROPBEAR}" == "true" ]]; then if [[ "${VAR_DROPBEAR}" == "true" ]]; then
if [[ "${var_key}" == "/" ]]; then if [[ "${var_key}" == "/" ]]; then
@@ -112,16 +117,17 @@ EOF
for var_key in "${!HMP_EPHEMERAL_ENCLABEL[@]}"; do for var_key in "${!HMP_EPHEMERAL_ENCLABEL[@]}"; do
var_ephemeral_enclabel="${HMP_EPHEMERAL_ENCLABEL["${var_key}"]}" var_ephemeral_enclabel="${HMP_EPHEMERAL_ENCLABEL["${var_key}"]}"
var_host_uuid="${HMP_PATH_FSUUID["${var_key}"]}" var_host_uuid="${HMP_PATH_PARTUUID["${var_key}"]}"
case "${var_key}" in case "${var_key}" in
SWAP) SWAP)
write_crypttab "${var_ephemeral_enclabel}" "UUID=${var_host_uuid}" "/dev/urandom" "plain,offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,discard,swap" write_crypttab "${var_ephemeral_enclabel}" "UUID=${var_host_uuid}" "/dev/random" "plain,offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,discard,swap"
;; ;;
/tmp) /tmp)
write_crypttab "${var_ephemeral_enclabel}" "UUID=${var_host_uuid}" "/dev/urandom" "plain,offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,discard,tmp=ext4" write_crypttab "${var_ephemeral_enclabel}" "UUID=${var_host_uuid}" "/dev/random" "plain,offset=2048,cipher=aes-xts-plain64,size=512,sector-size=4096,discard,tmp=ext4"
;; ;;
*) *)