diff options
Diffstat (limited to 'include/partition.sh')
| -rwxr-xr-x | include/partition.sh | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/include/partition.sh b/include/partition.sh index 35f259a..02695f5 100755 --- a/include/partition.sh +++ b/include/partition.sh @@ -91,9 +91,11 @@ part_swap= part_system= # Create boot and system partitions for d in $device; do - p=$( fripost_mkpart $d boot 64M ) - part_boot="${part_boot:+$part_boot }$p" - + if [ $encrypt = true ]; then + # Don't use a separate partition for /boot if the disk is unencrypted + p=$( fripost_mkpart $d boot 256M ) + part_boot="${part_boot:+$part_boot }$p" + fi p=$( fripost_mkpart $d swap 1G ) # FIXME part_swap="${part_swap:+$part_swap }$p" /sbin/parted -s $d align-check opt ${p#$d} \ @@ -111,10 +113,12 @@ done if [ ${raidLevel:-} ]; then [ -d /dev/md ] || mkdir /dev/md - devices="$part_boot" - part_boot=/dev/md/boot - fripost_mdadm_create "$part_boot" -f -R -l $raidLevel \ - ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices + if [ "${part_boot:-}" ]; then + devices="$part_boot" + part_boot=/dev/md/boot + fripost_mdadm_create "$part_boot" -f -R -l $raidLevel \ + ${raidNumActiveDevices:+-n $raidNumActiveDevices} $devices + fi devices="$part_swap" part_swap=/dev/md/swap @@ -156,10 +160,18 @@ if [ $encrypt = true ]; then hash=sha256 fi # Note: XTS requires the key size to be doubled. - fripost_encrypt $part_system system_crypt \ - --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ - --iter-time 5000 --use-random - part_system=/dev/mapper/system_crypt + fripost_encrypt $part_system luksRoot \ + --cipher=aes-xts-plain64 --key-size=$(( $keysize * 2 )) --hash=$hash \ + --iter-time=5000 --use-random + part_system=/dev/mapper/luksRoot + + /lib/cryptsetup/scripts/decrypt_derived luksRoot \ + | cryptsetup luksFormat $part_swap --cipher=aes-xts-plain64 --hash=$hash --key-file=- + /lib/cryptsetup/scripts/decrypt_derived luksRoot \ + | cryptsetup luksOpen $part_swap luksSwap --key-file=- + + fripost_crypttab_addentry luksSwap "$part_swap" luksRoot luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived + part_swap=/dev/mapper/luksSwap fi |