#!/bin/bash # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 # SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. # SPDX-PackageName: CISS.debian.installer # SPDX-Security-Contact: security@coresecret.eu ### Remarks # lsinitramfs /boot/initrd.img-"$(uname -r)" | grep -E 'bin/(bash|sha|reboot|sync|sleep|sh)' # readelf -h /bin/busybox | grep Type # command="/usr/local/bin/unlock_wrapper.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-ed25519 ... # /usr/share/initramfs-tools/scripts/init-premount # /dev/sdaN: UUID="468ad656-0e2f-4fff-9501-c691bab9f553" TYPE="crypto_LUKS" PARTLABEL="crypt_system" PARTUUID="78c0f711-f84f-425e-9455-a46430f40794" # GRUB_CMDLINE_LINUX="cryptdevice=UUID=468ad656-0e2f-4fff-9501-c691bab9f553:cryptroot root=/dev/mapper/vg_system-root" # declare var_nic_module; var_nic_module=$(lspci -k | grep -A2 -i ethernet | grep 'Kernel driver in use' | awk '{print $5}') # echo "${var_nic_module}" ### Nuke Hints # /usr/share/cryptsetup/initramfs/bin/cryptroot-unlock # Before (Default) # ASKPASS=/lib/cryptsetup/askpass # After # ASKPASS=/lib/cryptsetup/askpass.cryptsetup # apt-get cryptsetup-nuke-password # dpkg-reconfigure cryptsetup-nuke-password #debconf-set-selections << END #cryptsetup-nuke-password cryptsetup-nuke-password/password string Th3Pa$$w0rd #cryptsetup-nuke-password cryptsetup-nuke-password/password-again string Th3Pa$$w0rd #END #sudo dpkg-reconfigure -f noninteractive cryptsetup-nuke-password