From 6cd5b12aa5a62d6bf4afb78ec1a7787ff01b54ce Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Tue, 2 Dec 2014 18:49:29 +0100 Subject: [PATCH] cryptsetup-generator: Add support for UUID-specific key files on kernel command line --- man/systemd-cryptsetup-generator.xml | 11 ++++++++--- src/cryptsetup/cryptsetup-generator.c | 17 ++++++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index ff94e88f9..d4a9cc73e 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -165,11 +165,16 @@ luks.key= rd.luks.key= - Takes a password file as argument. + Takes a password file name as argument or + a LUKS super block UUID followed by a '=' and a password + file name. + For those entries specified with rd.luks.uuid= or luks.uuid=, - the password file will be set to the password file specified by - rd.luks.key= or luks.key + the password file will be set to the one specified by + rd.luks.key= or luks.key= + of the corresponding UUID, or the password file that was specified + without a UUID. rd.luks.key= is honored only by initial RAM disk (initrd) while diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index c1581ef9c..efbcb3afb 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -36,6 +36,7 @@ typedef struct crypto_device { char *uuid; + char *keyfile; char *options; bool create; } crypto_device; @@ -264,6 +265,7 @@ static void free_arg_disks(void) { while ((d = hashmap_steal_first(arg_disks))) { free(d->uuid); + free(d->keyfile); free(d->options); free(d); } @@ -284,7 +286,7 @@ static crypto_device *get_crypto_device(const char *uuid) { return NULL; d->create = false; - d->options = NULL; + d->keyfile = d->options = NULL; d->uuid = strdup(uuid); if (!d->uuid) { @@ -348,7 +350,16 @@ static int parse_proc_cmdline_item(const char *key, const char *value) { } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) { - if (free_and_strdup(&arg_default_keyfile, value)) + r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); + if (r == 2) { + d = get_crypto_device(uuid); + if (!d) + return log_oom(); + + free(d->keyfile); + d->keyfile = uuid_value; + uuid_value = NULL; + } else if (free_and_strdup(&arg_default_keyfile, value)) return log_oom(); } @@ -455,7 +466,7 @@ static int add_proc_cmdline_devices(void) { else options = "timeout=0"; - r = create_disk(name, device, arg_default_keyfile, options); + r = create_disk(name, device, d->keyfile ?: arg_default_keyfile, options); if (r < 0) return r; } -- 2.30.2