From c513e63fbd81c8569751e169ca4f81117ba70e8b Mon Sep 17 00:00:00 2001 From: nils Date: Sun, 5 Jan 2025 03:12:23 +0100 Subject: [PATCH] It should work --- module-setup.sh | 16 ++++++++++++++++ zlevis.sh | 21 +++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100755 module-setup.sh create mode 100755 zlevis.sh diff --git a/module-setup.sh b/module-setup.sh new file mode 100755 index 0000000..64c5839 --- /dev/null +++ b/module-setup.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +depends() { + echo udev-rules zfs + return 0 +} + +install() { + # Install the appropriate binaries and libraries + inst_multiple /usr/bin /usr/bin/zlevis* /usr/bin/jose /usr/bin/tpm2* /usr/bin/mktemp + inst_multiple /usr/lib /usr/lib/libtss2-tcti* + + # Run the zlevis decryption hook before the 90zfs hook + inst_hook pre-mount 85 "${moddir}/zlevis.sh" + inst_simple "${moddir}/zlevis.sh" "/sbin/zlevis.sh" +} diff --git a/zlevis.sh b/zlevis.sh new file mode 100755 index 0000000..b648f76 --- /dev/null +++ b/zlevis.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +# First make sure the zfs kmod is loaded +modprobe zfs 2>/dev/null +udevadm settle + +# Inspired by Alpine Linux's mkinitfs script - +local _root_vol="${root}" +local _root_pool="${_root_vol%%/*}" + +zpool import -N -d /dev $_root_pool + +if [ $(zpool list -H -o feature@encryption $_root_pool) = "active" ]; then + local _encryption_root=$(zfs get -H -o value encryptionroot $_root_vol) + if [ "$_encryption_root" != "-" ]; then + zlevis-fetch || echo "Zlevis-fetch failed!" + fi +else + echo "Something went wrong with zlevis-dracut!" +fi +