code.delx.au - monosys/blob - reboot-no-passphrase

   1 #!/bin/bash
   2
   3 # When using the Arch Linux mkinitcpio encrypt if the file /crypto_keyfile.bin
   4 # exists in the initramfs then it will be used to attempt unlocking.
   5 # 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512
   6 # 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf
   7 # 3. mkinitcpio -p linux
   8 # 4. Enable the disable-crypto_keyfiles@<root-disk-uuid>.service
   9 # 5. Run this script when you want to reboot without a passphrase
  10
  11
  12 crypto_keyfile="/crypto_keyfile.bin"
  13 reboot_cmd="${1:-sudo reboot}"
  14
  15 if [ ! -f "$crypto_keyfile" ]; then
  16     echo "Failed to find $crypto_keyfile"
  17     exit 1
  18 fi
  19
  20 disk_uuid="$(ls /etc/systemd/system/basic.target.wants/disable-crypto_keyfile@*.service | cut -d'@' -f2 | cut -d. -f1)"
  21 device_filename="/dev/disk/by-uuid/${disk_uuid}"
  22 if [ -z "$device_filename" ]; then
  23     echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled."
  24     exit 1
  25 fi
  26
  27 set -ex
  28 sudo cryptsetup luksAddKey "$device_filename" "$crypto_keyfile" --key-slot 7
  29 $reboot_cmd