#!/bin/bash -e # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: # # Copyright (c) 2016 Red Hat, Inc. # Author: Nathaniel McCallum # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # . clevis-luks-common-functions SUMMARY="Unlocks a LUKS volume" function usage() { exec >&2 echo echo "Usage: clevis luks unlock -d DEV [-n NAME] [-t SLT]" echo echo "$SUMMARY": echo echo " -d DEV The LUKS device on which to perform unlocking" echo echo " -n NAME The name of the unlocked device node" echo echo " -t SLT Test the passphrase for the given slot without unlocking" echo " the device" echo exit 2 } if [ $# -eq 1 ] && [ "$1" == "--summary" ]; then echo "$SUMMARY" exit 0 fi while getopts ":d:n:t:" o; do case "$o" in d) DEV="$OPTARG";; n) NAME="$OPTARG";; t) SLT="$OPTARG";; *) usage;; esac done if [ -z "$DEV" ]; then echo "Did not specify a device!" >&2 usage fi if ! cryptsetup isLuks "$DEV"; then echo "$DEV is not a LUKS device!" >&2 exit 1 fi NAME="${NAME:-luks-"$(cryptsetup luksUUID "$DEV")"}" if [ -n "$SLT" ]; then if ! clevis_luks_unlock_device_by_slot "${DEV}" "${SLT}" >/dev/null; then echo "Test for token slot ${SLT} on device ${DEV} failed." >&2 exit 1 fi else if ! pt=$(clevis_luks_unlock_device "${DEV}"); then echo "${DEV} could not be opened." >&2 exit 1 fi echo -n "${pt}" | cryptsetup open -d- "${DEV}" "${NAME}" fi