Added logic for luks memory cost

This commit is contained in:
Kevin Veen-Birkenbach 2024-07-22 17:17:37 +02:00
parent 826aa42565
commit 9519b314e9
2 changed files with 28 additions and 7 deletions

View File

@ -29,12 +29,22 @@ create_luks_key_and_update_cryptab(){
info "Generate secret key under: $secret_key_path" || error info "Generate secret key under: $secret_key_path" || error
if [ -f "$secret_key_path" ] if [ -f "$secret_key_path" ]
then then
warning "File allready exist. Overwritting!" warning "File already exists. Overwriting!"
fi fi
sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 && sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 &&
# Check if luks_memory_cost is defined and set the luksAddKey command accordingly
# @see https://chatgpt.com/share/008ea5f1-670c-467c-8320-1ca67f25ac9a
if [ -n "$luks_memory_cost" ]; then
info "Adding key with --pbkdf-memory set to $luks_memory_cost" &&
sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" --pbkdf-memory "$luks_memory_cost" &&
else
info "Adding key without --pbkdf-memory parameter" &&
sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" &&
info "Opening and closing device to verify that that everything works fine..." || error fi
sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1."
info "Opening and closing device to verify that everything works fine..." &&
sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." &&
sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" && sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" &&
sudo cryptsetup -v luksClose "$1" && sudo cryptsetup -v luksClose "$1" &&
info "Reading UUID..." && info "Reading UUID..." &&
@ -45,7 +55,7 @@ create_luks_key_and_update_cryptab(){
info "Adding crypttab entry..." || error info "Adding crypttab entry..." || error
if sudo grep -q "$crypttab_entry" "$crypttab_path"; if sudo grep -q "$crypttab_entry" "$crypttab_path";
then then
warning "File $crypttab_path contains allready the following entry:" && warning "File $crypttab_path already contains the following entry:" &&
echo "$crypttab_entry" && echo "$crypttab_entry" &&
info "Skipped." || info "Skipped." ||
error error
@ -59,6 +69,7 @@ create_luks_key_and_update_cryptab(){
error error
} }
# @var $1 mapper_name # @var $1 mapper_name
# @var $2 mount_path # @var $2 mount_path
# #

View File

@ -98,11 +98,21 @@ case "$operation_system" in
question "Which Raspberry Pi will be used (e.g.: 1, 2, 3b, 3b+, 4...):" && read -r version question "Which Raspberry Pi will be used (e.g.: 1, 2, 3b, 3b+, 4...):" && read -r version
base_download_url="http://os.archlinuxarm.org/os/"; base_download_url="http://os.archlinuxarm.org/os/";
case "$version" in case "$version" in
"1" | "2") "1")
image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz" image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz"
luks_memory_cost="64000"
;; ;;
"3b" | "3b+" | "4" ) "2")
image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz"
luks_memory_cost="128000"
;;
"3b" | "3b+")
image_name="ArchLinuxARM-rpi-aarch64-latest.tar.gz" image_name="ArchLinuxARM-rpi-aarch64-latest.tar.gz"
luks_memory_cost="128000"
;;
"4" )
image_name="ArchLinuxARM-rpi-aarch64-latest.tar.gz"
luks_memory_cost="256000"
;; ;;
*) *)
error "Version $version isn't supported." error "Version $version isn't supported."