From 737230a2f4ca1debb7caa30b73f6d70de8f3e9e2 Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Thu, 20 May 2021 16:40:28 +0200 Subject: [PATCH] recovery-initramfs: automatically set an encryption key if needed Before using the encrypted partition functionality, users have to manually install the encryption key in the system. Failing to install said key will result in errors later on. Even though the installation isn't a difficult operation from a user's point of view, the recovery script has the necessary logic to detect cases where a partition is going to be encrypted with no key installed. Automatically generate a key in these cases to avoid undesired behavior and to improve the overall user experience. Signed-off-by: Gabriel Valcazar --- .../recovery-initramfs/recovery-initramfs-init | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init index b936bc61c..ca43f83cb 100644 --- a/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init +++ b/meta-digi-dey/recipes-core/recovery/recovery-initramfs/recovery-initramfs-init @@ -705,6 +705,19 @@ fi # Remove leading/trailing whitespaces from the new encrypted partitions list. encrypt_partitions=$(echo "${encrypt_partitions}" | xargs) +# Automatically program a random encryption key if there is none and we're +# about to encrypt at least one partition. +if [ -n "${ENC_DIFF}" -a -z "${encryption_key_bool}" ]; then + trustfence-tool --key-check >/dev/null 2>&1 + RETVAL="$?" + if [ "${RETVAL}" = "1" ]; then + log "No encryption key detected, generating a random one" + encryption_key_bool=true + elif [ "${RETVAL}" != "0" ]; then + quit_with_error "Unable to check if encryption key is set in the system" + fi +fi + # Check if encryption key command is configured. if [ -n "${encryption_key_bool}" ]; then log "Trustfence encryption key setup requested (new key: ${encryption_key:-random})"