1957081c12
For a while I was keeping a private branch where there were a lot of non-public things included, and that became the de-facto branch while this one lagged. This one is now up-to-date, all private stuff is dealt with via config files which are not committed.
32 lines
754 B
Bash
Executable File
32 lines
754 B
Bash
Executable File
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
# This assumes that /proc/cmdline contains a cryptdevice with a UUID identifier,
|
|
# like:
|
|
#
|
|
# cryptdevice=UUID=1ff1d6f7-7540-4500-8011-1abe1e9ac00d:cryptroot
|
|
uuid=$(cat /proc/cmdline | \
|
|
tr ' ' '\n' | \
|
|
grep cryptdevice | \
|
|
cut -d= -f3 | \
|
|
cut -d: -f1)
|
|
|
|
device=$(lsblk -o PATH,UUID | grep "$uuid" | awk '{print $1}')
|
|
echo "Root device is $device"
|
|
|
|
echo -n "Enter root key: "
|
|
read -s pw
|
|
echo ""
|
|
|
|
# This will check if the key is right, and cause the process to exit if not due
|
|
# to the "set -e"
|
|
echo "Checking key..."
|
|
echo "$pw" | sudo cryptsetup open --test-passphrase "$device"
|
|
|
|
echo "Good job, writing /boot/keyfile..."
|
|
echo -n "$pw" | sudo tee /boot/keyfile >/dev/null
|
|
|
|
echo "Shutting down..."
|
|
sudo systemctl poweroff
|