From 9519b314e9bcdab1ecc273e0011b65b5c1c21306 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 22 Jul 2024 17:17:37 +0200 Subject: [PATCH] Added logic for luks memory cost --- scripts/encryption/storage/base.sh | 21 ++++++++++++++++----- scripts/image/setup.sh | 14 ++++++++++++-- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index fa73115..5efe0b2 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -29,12 +29,22 @@ create_luks_key_and_update_cryptab(){ info "Generate secret key under: $secret_key_path" || error if [ -f "$secret_key_path" ] then - warning "File allready exist. Overwritting!" + warning "File already exists. Overwriting!" fi sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 && - sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && - info "Opening and closing device to verify that that everything works fine..." || error - sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." + + # Check if luks_memory_cost is defined and set the luksAddKey command accordingly + # @see https://chatgpt.com/share/008ea5f1-670c-467c-8320-1ca67f25ac9a + if [ -n "$luks_memory_cost" ]; then + info "Adding key with --pbkdf-memory set to $luks_memory_cost" && + sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" --pbkdf-memory "$luks_memory_cost" && + else + info "Adding key without --pbkdf-memory parameter" && + sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && + fi + + info "Opening and closing device to verify that everything works fine..." && + sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." && sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" && sudo cryptsetup -v luksClose "$1" && info "Reading UUID..." && @@ -45,7 +55,7 @@ create_luks_key_and_update_cryptab(){ info "Adding crypttab entry..." || error if sudo grep -q "$crypttab_entry" "$crypttab_path"; then - warning "File $crypttab_path contains allready the following entry:" && + warning "File $crypttab_path already contains the following entry:" && echo "$crypttab_entry" && info "Skipped." || error @@ -59,6 +69,7 @@ create_luks_key_and_update_cryptab(){ error } + # @var $1 mapper_name # @var $2 mount_path # diff --git a/scripts/image/setup.sh b/scripts/image/setup.sh index e31adbc..c960e17 100644 --- a/scripts/image/setup.sh +++ b/scripts/image/setup.sh @@ -98,11 +98,21 @@ case "$operation_system" in question "Which Raspberry Pi will be used (e.g.: 1, 2, 3b, 3b+, 4...):" && read -r version base_download_url="http://os.archlinuxarm.org/os/"; case "$version" in - "1" | "2") + "1") image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz" + luks_memory_cost="64000" ;; - "3b" | "3b+" | "4" ) + "2") + image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz" + luks_memory_cost="128000" + ;; + "3b" | "3b+") image_name="ArchLinuxARM-rpi-aarch64-latest.tar.gz" + luks_memory_cost="128000" + ;; + "4" ) + image_name="ArchLinuxARM-rpi-aarch64-latest.tar.gz" + luks_memory_cost="256000" ;; *) error "Version $version isn't supported."