From 247b674abb4a218dceea08576ec79033d6358f55 Mon Sep 17 00:00:00 2001 From: Chrysostomus Date: Sun, 14 Apr 2019 12:35:56 +0300 Subject: [PATCH] Fix lvm+luks fde bootloader --- lib/util-base.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/util-base.sh b/lib/util-base.sh index 5b36015..aa8f467 100644 --- a/lib/util-base.sh +++ b/lib/util-base.sh @@ -417,6 +417,7 @@ pacman -S --noconfirm grub-theme-manjaro" > ${MOUNTPOINT}/usr/bin/grub_installer ln -s /hostlvm /run/lvm pacman -S --noconfirm --needed grub efibootmgr dosfstools grub-btrfs findmnt | awk '/^\/ / {print $3}' | grep -q btrfs && sed -e '/GRUB_SAVEDEFAULT/ s/^#*/#/' -i /etc/default/grub +lsblk -ino TYPE,MOUNTPOINT | grep " /$" | grep -q lvm && sed -e '/GRUB_SAVEDEFAULT/ s/^#*/#/' -i /etc/default/grub grub-install --target=x86_64-efi --efi-directory=${UEFI_MOUNT} --bootloader-id=${bootid} --recheck pacman -S --noconfirm grub-theme-manjaro" > ${MOUNTPOINT}/usr/bin/grub_installer.sh fi @@ -440,9 +441,7 @@ pacman -S --noconfirm grub-theme-manjaro" > ${MOUNTPOINT}/usr/bin/grub_installer # If Full disk encryption is used, use a keyfile if $fde; then echo "Full disk encryption enabled" - sed -i '/noconfirm grub-theme-manjaro/d' ${MOUNTPOINT}/usr/bin/grub_installer.sh - echo 'grep -q "^GRUB_ENABLE_CRYPTODISK=y" /etc/default/grub || sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /etc/default/grub' >> ${MOUNTPOINT}/usr/bin/grub_installer.sh - echo "pacman -S --noconfirm grub-theme-manjaro" >> ${MOUNTPOINT}/usr/bin/grub_installer.sh + sed -i '3a\grep -q "^GRUB_ENABLE_CRYPTODISK=y" /etc/default/grub || sed -i "s/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/" /etc/default/grub' ${MOUNTPOINT}/usr/bin/grub_installer.sh fi #install grub arch_chroot "grub_installer.sh" 2>$ERR @@ -506,13 +505,17 @@ install_refind() sed -i "s|\"$|\ $rootflag\"|g" /mnt/boot/refind_linux.conf fi - # LUKS + # LUKS and lvm with LUKS if [[ $LUKS == 1 ]]; then mapper_name="$(mount | awk '/\/mnt / {print $1}')" luks_opt=$(cat /tmp/.luks_dev) - sed -i '/Boot with minimal options/d' /mnt/boot/refind_linux.conf sed -i "s|root=.* |$luks_opt root=$mapper_name |g" /mnt/boot/refind_linux.conf sed -i '/Boot with minimal options/d' /mnt/boot/refind_linux.conf + # Lvm without LUKS + elif [[ $(lsblk -i | sed -r 's/^[^[:alnum:]]+//' | grep "/mnt$" | awk '{print $6}') == lvm ]]; then + mapper_name="$(mount | awk '/\/mnt / {print $1}')" + sed -i "s|root=.* |root=$mapper_name |g" /mnt/boot/refind_linux.conf + sed -i '/Boot with minimal options/d' /mnt/boot/refind_linux.conf fi # Figure out microcode rootsubvol=$(findmnt -o TARGET,SOURCE | awk '/\/mnt / {print $2}' | grep -o "\[.*\]" | cut -d "[" -f2 | cut -d "]" -f1 | sed 's/^\///') @@ -728,7 +731,7 @@ setup_luks_keyfile() { root_name=$(mount | awk '/\/mnt / {print $1}' | sed s~/dev/mapper/~~g | sed s~/dev/~~g) root_part=$(lsblk -i | tac | sed -r 's/^[^[:alnum:]]+//' | sed -n -e "/$root_name/,/part/p" | awk '/part/ {print $1}' | tr -cd '[:alnum:]') numberoflukskeys=$(cryptsetup luksDump /dev/"$root_part" | grep "ENABLED" | wc -l) - if [[ "$numberoflukskeys" -lt 2 ]]; then + if [[ "$numberoflukskeys" -lt 4 ]]; then # Create a keyfile [[ -e /mnt/crypto_keyfile.bin ]] || dd bs=512 count=4 if=/dev/urandom of=/mnt/crypto_keyfile.bin && echo "Generating a keyfile" chmod 000 /mnt/crypto_keyfile.bin