Commit c412a980 authored by Chrysostomus's avatar Chrysostomus

Fix full disk encryption for grub

parent 948ff95f
......@@ -436,6 +436,11 @@ pacman -S --noconfirm grub-theme-manjaro" > ${MOUNTPOINT}/usr/bin/grub_installer
echo "sed -i \"s~GRUB_CMDLINE_LINUX=.*~GRUB_CMDLINE_LINUX=\"$(cat /tmp/.luks_dev)\"~g" /etc/default/grub\" >> ${MOUNTPOINT}/usr/bin/grub_installer.sh
echo "pacman -S --noconfirm grub-theme-manjaro" >> ${MOUNTPOINT}/usr/bin/grub_installer.sh
fi
# If Full disk encryption is used, use a keyfile
if $fde; then
echo 'grep -q "^GRUB_ENABLE_CRYPTODISK=y" /etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /etc/default/grub' >> ${MOUNTPOINT}/usr/bin/grub_installer.sh
fi
#install grub
arch_chroot "grub_installer.sh" 2>$ERR
boot_encrypted_setting
......@@ -643,6 +648,11 @@ pacman -S --noconfirm grub-theme-manjaro" > ${MOUNTPOINT}/usr/bin/grub_installer
echo "sed -i \"s~GRUB_CMDLINE_LINUX=.*~GRUB_CMDLINE_LINUX=\"$(cat /tmp/.luks_dev)\"~g" /etc/default/grub\" >> ${MOUNTPOINT}/usr/bin/grub_installer.sh
echo "pacman -S --noconfirm grub-theme-manjaro" >> ${MOUNTPOINT}/usr/bin/grub_installer.sh
fi
# If Full disk encryption is used, use a keyfile
if $fde; then
echo 'grep -q "^GRUB_ENABLE_CRYPTODISK=y" /etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /etc/default/grub' >> ${MOUNTPOINT}/usr/bin/grub_installer.sh
fi
# Remove os-prober if not selected
if ! cat ${PACKAGES} | grep -q os-prober ; then
......@@ -745,37 +755,31 @@ boot_encrypted_setting() {
root_name=$(mount | awk '/\/mnt / {print $1}' | sed s~/dev/mapper/~~g | sed s~/dev/~~g)
# Check if root is encrypted
if [[ "$LUKS" == 1 ]]; then
grep -q "^GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /mnt/etc/default/grub
fde=true
setup_luks_keyfile
elif $(lsblk "/dev/mapper/$root_name" | grep -q 'crypt' ); then
grep -q "^GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /mnt/etc/default/grub
fde=true
setup_luks_keyfile
elif $(lsblk | grep "/mnt$" | grep -q 'crypt' ); then
grep -q "^GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /mnt/etc/default/grub
fde=true
setup_luks_keyfile
# Check if root is on encrypted lvm volume
elif $(lsblk -i | tac | sed -r 's/^[^[:alnum:]]+//' | sed -n -e "/$root_name/,/disk/p" | awk '{print $6}' | grep -q crypt); then
grep -q "^GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /mnt/etc/default/grub
fde=true
setup_luks_keyfile
fi
else
# There is a separate /boot. Check if it is encrypted
boot_name=$(mount | awk '/\/mnt\/boot / {print $1}' | sed s~/dev/mapper/~~g | sed s~/dev/~~g)
if $(lsblk | grep '/mnt/boot' | grep -q 'crypt' ); then
grep -q "GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/etc/default/grub
fde=true
setup_luks_keyfile
# Check if the /boot is inside encrypted lvm volume
elif $(lsblk -i | tac | sed -r 's/^[^[:alnum:]]+//' | sed -n -e "/$boot_name/,/disk/p" | awk '{print $6}' | grep -q crypt); then
grep -q "^GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /mnt/etc/default/grub
fde=true
setup_luks_keyfile
elif $(lsblk "/dev/mapper/$boot_name" | grep -q 'crypt' ); then
grep -q "^GRUB_ENABLE_CRYPTODISK=y" /mnt/etc/default/grub || \
sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /mnt/etc/default/grub
fde=true
setup_luks_keyfile
fi
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment