|
Lines 265-275
generate_grub_cfg() {
Link Here
|
| 265 |
local crypto_uuids |
265 |
local crypto_uuids |
| 266 |
crypto_uuids="$(grub-probe --target=cryptodisk_uuid "$boot_directory/grub")" \ |
266 |
crypto_uuids="$(grub-probe --target=cryptodisk_uuid "$boot_directory/grub")" \ |
| 267 |
|| die $EXIT_PREFLIGHT "failed to determine cryptodisk UUIDs via grub-probe" |
267 |
|| die $EXIT_PREFLIGHT "failed to determine cryptodisk UUIDs via grub-probe" |
| 268 |
local uuid |
268 |
|
|
|
269 |
local sealed_tpm esp_uuid use_tpm2 uuid |
| 270 |
sealed_tpm="/boot/efi/EFI/altlinux/sealed.tpm" |
| 271 |
use_tpm2= |
| 272 |
|
| 273 |
if [ -f "$sealed_tpm" ]; then |
| 274 |
esp_uuid="$(grub-probe --target=fs_uuid /boot/efi)" \ |
| 275 |
|| die $EXIT_PREFLIGHT "failed to determine ESP UUID via grub-probe" |
| 276 |
|
| 277 |
if [ -n "$esp_uuid" ]; then |
| 278 |
use_tpm2=1 |
| 279 |
crypto_content="${crypto_content}search.fs_uuid ${esp_uuid} esp |
| 280 |
tpm2_key_protector_init -T (\$esp)/EFI/altlinux/sealed.tpm |
| 281 |
" |
| 282 |
fi |
| 283 |
fi |
| 284 |
|
| 269 |
if [ -n "$crypto_uuids" ]; then |
285 |
if [ -n "$crypto_uuids" ]; then |
| 270 |
while IFS= read -r uuid; do |
286 |
while IFS= read -r uuid; do |
| 271 |
crypto_content="${crypto_content}cryptomount -A -u ${uuid} |
287 |
if [ -n "$use_tpm2" ]; then |
|
|
288 |
crypto_content="${crypto_content}cryptomount -A -u ${uuid} -P tpm2 |
| 272 |
" |
289 |
" |
|
|
290 |
else |
| 291 |
crypto_content="${crypto_content}cryptomount -A -u ${uuid} |
| 292 |
" |
| 293 |
fi |
| 273 |
done <<< "$crypto_uuids" |
294 |
done <<< "$crypto_uuids" |
| 274 |
fi |
295 |
fi |
| 275 |
fi |
296 |
fi |
| 276 |
- |
|
|
