recovery-initramfs: automatically set an encryption key if needed

Before using the encrypted partition functionality, users have to manually
install the encryption key in the system. Failing to install said key will
result in errors later on.

Even though the installation isn't a difficult operation from a user's point of
view, the recovery script has the necessary logic to detect cases where a
partition is going to be encrypted with no key installed. Automatically
generate a key in these cases to avoid undesired behavior and to improve the
overall user experience.

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>

meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init

@@ -705,6 +705,19 @@ fi
 # Remove leading/trailing whitespaces from the new encrypted partitions list.
 encrypt_partitions=$(echo "${encrypt_partitions}" | xargs)
 
+# Automatically program a random encryption key if there is none and we're
+# about to encrypt at least one partition.
+if [ -n "${ENC_DIFF}" -a -z "${encryption_key_bool}" ]; then
+	trustfence-tool --key-check >/dev/null 2>&1
+	RETVAL="$?"
+	if [ "${RETVAL}" = "1" ]; then
+		log "No encryption key detected, generating a random one"
+		encryption_key_bool=true
+	elif [ "${RETVAL}" != "0" ]; then
+		quit_with_error "Unable to check if encryption key is set in the system"
+	fi
+fi
+
 # Check if encryption key command is configured.
 if [ -n "${encryption_key_bool}" ]; then
 	log "Trustfence encryption key setup requested (new key: ${encryption_key:-random})"