sys-boot/myinitramfs: extend to optionally autounlock

4 files changed, 36 insertions, 9 deletions

diff --git a/sys-boot/myinitramfs/files/gen.sh b/sys-boot/myinitramfs/files/gen.sh
index 958b974..136f7ff 100755
--- a/sys-boot/myinitramfs/files/gen.sh
+++ b/sys-boot/myinitramfs/files/gen.sh
@@ -8,19 +8,29 @@ cd "$(dirname "$(readlink -f "$0")")"
 
 LIST="$(mktemp)"
 
+add_exec() {
+	P="$(which "$1")"
+	echo "# $EXE" >> "$LIST"
+	echo "file $P	$P	755 0 0" >> "$LIST"
+	ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do
+		echo "file $LIB	$LIB	755 0 0" >> "$LIST"
+	done
+}
+
 # Base list
 cp baselist "$LIST"
 # Init script
 echo "file /init ./init.enc 755 0 0" >> "$LIST"
 echo >> "$LIST"
+# Executables required when USE_DMI
+if [ -n "$USE_DMI" ]; then
+	echo "file /sbin/initramfs_password ./initramfs_password 755 0 0" >> "$LIST"
+	add_exec dmidecode
+	add_exec sha512sum
+fi
 # Executables
 while read -r EXE; do
-	P="$(which "$EXE")"
-	echo "# $EXE" >> "$LIST"
-	echo "file $P	$P	755 0 0" >> "$LIST"
-	ldd "$P" | awk '{ print $3 }' | sed -n '/^[^ ]\+$/p' | while read -r LIB; do
-		echo "file $LIB	$LIB	755 0 0" >> "$LIST"
-	done
+	add_exec "$EXE"
 done <exelist
 
 # Buld initramfs
diff --git a/sys-boot/myinitramfs/files/init.enc b/sys-boot/myinitramfs/files/init.enc
index b1cd3a2..0514508 100755
--- a/sys-boot/myinitramfs/files/init.enc
+++ b/sys-boot/myinitramfs/files/init.enc
@@ -83,7 +83,11 @@ root="$(blkid | awk -v uuid="UUID=\"$uuid\"" '$2 == uuid { gsub(/:$/,"",$1); pri
 [ -e "$root" ] || fail "Root not located!"
 
 echo -e "${C_GREEN}Unlocking root...${C_NO}"
-cryptsetup open "$root" encroot || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)"
+if command -v initramfs_password >/dev/null; then
+	initramfs_password | cryptsetup open --key-file=- "$root" encroot
+else
+	cryptsetup open "$root" encroot
+fi || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)"
 
 echo -e "${C_GREEN}Mounting root...${C_NO}"
 mount -t btrfs -o "$rootflags" /dev/mapper/encroot /mnt/root \
diff --git a/sys-boot/myinitramfs/files/initramfs_password b/sys-boot/myinitramfs/files/initramfs_password
new file mode 100755
index 0000000..8ad64bb
--- /dev/null
+++ b/sys-boot/myinitramfs/files/initramfs_password
@@ -0,0 +1,6 @@
+#!/bin/sh
+{
+	dmidecode -s system-uuid 
+	dmidecode -s baseboard-serial-number
+	dmidecode -s processor-version
+} | sha512sum | cut -f1 -d ' '
diff --git a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild
index e31efdc..84be803 100644
--- a/sys-boot/myinitramfs/myinitramfs-1.4.3-r1.ebuild
+++ b/sys-boot/myinitramfs/myinitramfs-1.5.0-r1.ebuild
@@ -13,12 +13,16 @@ S="${WORKDIR}/myinitramfs-${VER}"
 LICENSE="GPLv2"
 SLOT="0"
 KEYWORDS="amd64 x86"
-IUSE=""
+IUSE="dmi"
 
 DEPEND="sys-fs/cryptsetup
 sys-fs/btrfs-progs
 sys-apps/linux-misc-apps
-sys-apps/busybox[static]"
+sys-apps/busybox[static]
+dmi? (
+	sys-apps/dmidecode
+	sys-apps/coreutils
+)"
 RDEPEND="${DEPEND}
 sys-kernel/linux[initramfs]"
 
@@ -28,6 +32,7 @@ src_unpack() {
 }
 
 src_compile() {
+	use dmi || export USE_DMI=1
 	"${FILESDIR}/gen.sh" initramfs-gentoo
 }
 
@@ -35,4 +40,6 @@ src_install() {
 	dodir /boot
 	insinto /boot
 	newins initramfs-gentoo initramfs-gentoo
+
+	dosbin "${FILESDIR}/initramfs_password"
 }