blob: f07cde6fa595e9087b1bb7d2b2e2a1b79a89bb35 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#!/usr/bin/env bash
set -e
# This assumes that /proc/cmdline contains a cryptdevice with a UUID identifier,
# like:
#
# cryptdevice=UUID=1ff1d6f7-7540-4500-8011-1abe1e9ac00d:cryptroot
uuid=$(cat /proc/cmdline | \
tr ' ' '\n' | \
grep cryptdevice | \
cut -d= -f3 | \
cut -d: -f1)
device=$(lsblk -o PATH,UUID | grep "$uuid" | awk '{print $1}')
echo "Root device is $device"
echo -n "Enter root key: "
read -s pw
echo ""
# This will check if the key is right, and cause the process to exit if not due
# to the "set -e"
echo "Checking key..."
echo "$pw" | sudo cryptsetup open --test-passphrase "$device"
echo "Good job, writing /boot/keyfile..."
echo -n "$pw" | sudo tee /boot/keyfile >/dev/null
echo "Shutting down..."
sudo systemctl poweroff
|