aboutsummaryrefslogtreecommitdiffstats
path: root/initramfs-init.in
diff options
context:
space:
mode:
authorlemmarathon <lemmarathon@protonmail.com>2018-04-30 20:51:50 -0400
committerNatanael Copa <ncopa@alpinelinux.org>2018-06-12 17:34:46 +0000
commitfdc28f072ae269ab9c3f876ed452c6c3d5a769aa (patch)
tree15961c7ab86722293264aa6a149bd13145e4c277 /initramfs-init.in
parent7e7fed4fee4c2e0bafd4a9714649b185b8696921 (diff)
downloadmkinitfs-fdc28f072ae269ab9c3f876ed452c6c3d5a769aa.tar.bz2
mkinitfs-fdc28f072ae269ab9c3f876ed452c6c3d5a769aa.tar.xz
Add support for keyfiles
The "cryptkey" boot parameter enables keyfile decryption. By default, init will look for a keyfile named "/crypto_keyfile.bin". Another file may be specified like so: "cryptkey=/path/to/keyfile.bin". If keyfile decryption fails, init will fall back to passphrase mode.
Diffstat (limited to 'initramfs-init.in')
-rwxr-xr-xinitramfs-init.in11
1 files changed, 8 insertions, 3 deletions
diff --git a/initramfs-init.in b/initramfs-init.in
index fd3c50c..df704d5 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -274,9 +274,9 @@ setup_nbd() {
set -- $(cat /proc/cmdline)
myopts="alpine_dev autodetect autoraid chart cryptroot cryptdm cryptheader cryptoffset
- cryptdiscards debug_init dma init_args keep_apk_new modules ovl_dev pkgs quiet
- root_size root usbdelay ip alpine_repo apkovl alpine_start splash blacklist
- overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key"
+ cryptdiscards cryptkey debug_init dma init_args keep_apk_new modules ovl_dev
+ pkgs quiet root_size root usbdelay ip alpine_repo apkovl alpine_start splash
+ blacklist overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key"
for opt; do
case "$opt" in
@@ -397,6 +397,11 @@ if [ -n "$KOPT_cryptroot" ]; then
if [ -n "$KOPT_cryptoffset" ]; then
cryptopts="$cryptopts -o ${KOPT_cryptoffset}"
fi
+ if [ "$KOPT_cryptkey" = "yes" ]; then
+ cryptopts="$cryptopts -k /crypto_keyfile.bin"
+ elif [ -n "$KOPT_cryptkey" ]; then
+ cryptopts="$cryptopts -k ${KOPT_cryptkey}"
+ fi
fi
if [ -n "$KOPT_nbd" ]; then