aboutsummaryrefslogtreecommitdiffstats
path: root/pre-partman.sh
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-10-07 06:31:59 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 04:27:28 +0200
commit6ffad46704d417b7a84cd5088849d77964f99580 (patch)
treede4ec90a25ac09ab0ddecfbeebc3d0a91714bbda /pre-partman.sh
parent4b8973dce870473fb15b9cf4776bb80cee5176ac (diff)
Encryption, LVM.
Diffstat (limited to 'pre-partman.sh')
-rwxr-xr-xpre-partman.sh36
1 files changed, 34 insertions, 2 deletions
diff --git a/pre-partman.sh b/pre-partman.sh
index 527299a..de391dd 100755
--- a/pre-partman.sh
+++ b/pre-partman.sh
@@ -29,8 +29,6 @@ while read k rest; do /sbin/modinfo -F filename "$k"; done < /proc/modules \
| sed -nr "s@^/lib/modules/`uname -r`/kernel/(arch|drivers/(ata|scsi))(/.*)?/([^/]+)\.ko\$@\4@p" \
> /tmp/initramfs-modules
-anna-install cryptsetup-udeb
-
##############################################################################
# Slurp encryption key
@@ -198,3 +196,37 @@ parted -a optimal -sm $dev mkpart system ${offset}s $(( $offset2 - 1))s
system=${dev}$(parted -sm $dev p | grep -m 1 '^[1-9][0-9]*:.*:system:[^:]*;$' | sed 's/:.*//')
parted -sm $dev align-check opt ${system#$dev}
+
+##############################################################################
+# Encryption
+
+anna-install cryptsetup-udeb crypto-dm-modules
+
+arch=$(uname -m)
+if [ x"$arch" = x"x86_64" ]; then
+ keysize=256
+ hash=sha512
+elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
+ keysize=128
+ hash=sha256
+fi
+# Notes: 1/ XTS requires the key size to be doubled, 2/ We use AES128
+# and SHA-256 on 32-bits platforms, and AES256 and SHA-512 on 64-bits
+# platforms.
+# TODO: Note: Generating key... (this may take a while)
+/sbin/cryptsetup -q --align-payload $grain \
+ --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
+ --iter-time 5000 --use-random --key-file="$keyfile" \
+ luksFormat $system
+/sbin/cryptsetup luksOpen --key-file="$keyfile" $system system_crypt
+rm "$keyfile" # We are on a ramdisk, so it's good enough to unlink(2)
+
+
+##############################################################################
+# LVM
+
+/sbin/pvcreate /dev/mapper/system_crypt
+db_get netcfg/get_hostname
+/sbin/vgcreate "$RET" /dev/mapper/system_crypt
+
+# TODO: Point the installer at the partitions we created