diff options
Diffstat (limited to 'core/cryptsetup/encrypt_hook')
| -rw-r--r-- | core/cryptsetup/encrypt_hook | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/core/cryptsetup/encrypt_hook b/core/cryptsetup/encrypt_hook index 0f35782c6..372b7ba57 100644 --- a/core/cryptsetup/encrypt_hook +++ b/core/cryptsetup/encrypt_hook @@ -10,20 +10,21 @@ run_hook() { IFS=: read ckdev ckarg1 ckarg2 <<EOF $cryptkey EOF - if poll_device "${ckdev}" ${rootdelay}; then + + if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then case ${ckarg1} in *[!0-9]*) # Use a file on the device # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path mkdir /ckey - mount -r -t "$ckarg1" "$ckdev" /ckey + mount -r -t "$ckarg1" "$resolved" /ckey dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1 umount /ckey ;; *) # Read raw data from the block device # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if="$ckdev" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 + dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 ;; esac fi @@ -58,13 +59,13 @@ EOF esac done - if poll_device "${cryptdev}" ${rootdelay}; then - if cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then + if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then + if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated dopassphrase=1 # If keyfile exists, try to use that if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then + if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then dopassphrase=0 else echo "Invalid keyfile. Reverting to passphrase." @@ -76,7 +77,7 @@ EOF echo "A password is required to access the ${cryptname} volume:" #loop until we get a real password - while ! eval cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do + while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do sleep 2; done fi @@ -96,7 +97,7 @@ EOF err "Non-LUKS decryption not attempted..." return 1 fi - exe="cryptsetup create $cryptname $cryptdev $cryptargs" + exe="cryptsetup create $cryptname $resolved $cryptargs" IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF $crypto EOF |