3 # $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
6 [ -d /sys/module/dm_crypt ] || modprobe dm_crypt
8 [ -d /sys/module/loop ] || modprobe loop
10 [ -f /tmp/reencrypted ] && exit 0
14 # if device name is /dev/dm-X, convert to /dev/mapper/name
15 if [ "${1##/dev/dm-}" != "$1" ]; then
16 device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
21 PARAMS="$device -T 1 --use-fsync -B 32"
22 if [ "$3" != "any" ]; then
23 PARAMS="$PARAMS -S $3"
27 PARAMS="$PARAMS --device-size $4"
31 local keypath="${1#*:}"
32 local keydev="${1%%:*}"
34 local mntp="/tmp/reencrypted-mount-tmp"
36 mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
43 local _prompt="LUKS password for REENCRYPTING $device"
45 if [ "$1" = "none" ] ; then
46 if [ "$2" != "any" ]; then
47 _prompt="$_prompt, using keyslot $2"
49 /bin/plymouth ask-for-password \
51 --command="/sbin/cryptsetup-reencrypt $PARAMS"
53 info "REENCRYPT using key $1"
54 reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
60 info "REENCRYPT $device requested"
61 # flock against other interactive activities
66 if [ $_ret -eq 0 ]; then
69 warn "Reencryption of device $device has finished successfully. Use previous"
70 warn "initramfs image (without reencrypt module) to boot the system. When"
71 warn "you leave the emergency shell, the system will reboot."
73 emergency_shell -n "(reboot)"
74 [ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
75 [ -x /sbin/shutdown ] && /sbin/shutdown -r now
78 # panic the kernel otherwise