From fdc28f072ae269ab9c3f876ed452c6c3d5a769aa Mon Sep 17 00:00:00 2001
From: lemmarathon <lemmarathon@protonmail.com>
Date: Mon, 30 Apr 2018 20:51:50 -0400
Subject: Add support for keyfiles

The "cryptkey" boot parameter enables keyfile decryption. By default,
init will look for a keyfile named "/crypto_keyfile.bin". Another file
may be specified like so: "cryptkey=/path/to/keyfile.bin". If keyfile
decryption fails, init will fall back to passphrase mode.
---
 initramfs-init.in | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'initramfs-init.in')

diff --git a/initramfs-init.in b/initramfs-init.in
index fd3c50c..df704d5 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -274,9 +274,9 @@ setup_nbd() {
 set -- $(cat /proc/cmdline)
 
 myopts="alpine_dev autodetect autoraid chart cryptroot cryptdm cryptheader cryptoffset
-	cryptdiscards debug_init dma init_args keep_apk_new modules ovl_dev pkgs quiet
-	root_size root usbdelay ip alpine_repo apkovl alpine_start splash blacklist
-	overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key"
+	cryptdiscards cryptkey debug_init dma init_args keep_apk_new modules ovl_dev
+	pkgs quiet root_size root usbdelay ip alpine_repo apkovl alpine_start splash
+	blacklist overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key"
 
 for opt; do
 	case "$opt" in
@@ -397,6 +397,11 @@ if [ -n "$KOPT_cryptroot" ]; then
 	if [ -n "$KOPT_cryptoffset" ]; then
 		cryptopts="$cryptopts -o ${KOPT_cryptoffset}"
 	fi
+	if [ "$KOPT_cryptkey" = "yes" ]; then
+		cryptopts="$cryptopts -k /crypto_keyfile.bin"
+	elif [ -n "$KOPT_cryptkey" ]; then
+		cryptopts="$cryptopts -k ${KOPT_cryptkey}"
+	fi
 fi
 
 if [ -n "$KOPT_nbd" ]; then
-- 
cgit v1.2.3