forked from vianney/arch-luks-suspend
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathencrypt-on-suspend
executable file
·116 lines (97 loc) · 2.69 KB
/
encrypt-on-suspend
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/bin/sh
set -u
cryptname="${1}"
max_tries=5
unlocked=1
prompt="Please unlock disk sda_crypt:"
base_errmsg="Passphrase was incorrect. ? attempts to unlock remaining."
shutdownmsg="Too many attempts to unlock, shutting down ..."
power_off() {
echo "o" > /proc/sysrq-trigger
}
pre_suspend() {
# Start udev from initramfs
/lib/systemd/systemd-udevd --daemon --resolve-names=never &>/dev/null
# run dummy cryptsetup to make sure we have all the needed kernel modules
# loaded before doing an actual suspend
[ -z "${cryptname}" ] || cryptsetup luksOpen "${cryptname}" --test-passphrase &>/dev/null || :
# Synchronize filesystems before luksSuspend
sync
# Lock root volume
[ -z "${cryptname}" ] || cryptsetup luksSuspend "${cryptname}"
}
resume_plymouth() {
if [ -z "${cryptname}" ] ; then
return
fi
plymouthd --mode=resume --tty=`tty | sed -e "s:.*dev.*/\(.*\):\1:"`
plymouth --show-splash
# Allow max_tries attempts to unlock the volume. We loop
# here instead of using --number-of-tries so we can
# provide an error message on unsuccessful attempts.
i=0 ; while [ $i -lt $max_tries ] ; do
$(plymouth ask-for-password --number-of-tries=1 \
--command="cryptsetup luksResume ${cryptname} --tries=1" \
--prompt="$prompt")
if [ $? -eq 0 ] ; then
unlocked=0
break
fi
i=$((i+1))
if [ $i -lt $max_tries ] ; then
errmsg=`echo ${base_errmsg} | sed -e "s:\?:$((max_tries-i)):"`
plymouth display-message --text="$errmsg"
fi
done
if [ $unlocked -eq 1 ] ; then
clear
plymouth display-message --text="$shutdownmsg"
sleep 1
power_off
fi
ppid=$(pidof plymouthd)
plymouth quit
wait $ppid
}
resume() {
if [ -z "${cryptname}" ] ; then
return
fi
i=0 ; while [ $i -lt $max_tries ] ; do
clear
if [ $i -gt 0 ] ; then
errmsg=`echo ${base_errmsg} | sed -e "s:\?:$((max_tries-i)):"`
echo $errmsg
fi
cryptsetup luksResume "${cryptname}" --tries=1 2>/dev/null
if [ $? -eq 0 ] ; then
unlocked=0
break
fi
i=$((i+1))
done
if [ $unlocked -eq 1 ] ; then
clear
echo $shutdownmsg
sleep 1
power_off
fi
}
#### main loop
for i in "$@" ; do
case $i in
-g|--gui)
USE_PLYMOUTH="true"
;;
esac
done
pre_suspend
# Suspend the system
echo mem > /sys/power/state
# Resume root device
if tty>/dev/null && [ -x $(which plymouthd) ] && [ ${USE_PLYMOUTH="false"} = "true" ] ; then
resume_plymouth
else
resume
fi
return 0