Unset encryption passphrases as soon as we are done
This commit is contained in:
parent
2315d8851f
commit
34206c291c
1 changed files with 5 additions and 3 deletions
|
@ -111,6 +111,7 @@ if [[ "${systype}" == "x86_64-efi" ]]; then
|
|||
extrapkgs="efibootmgr"
|
||||
|
||||
partprobe "${device}"
|
||||
sleep 2
|
||||
mkfs.fat -F32 -n EFI "${part_esp}"
|
||||
else
|
||||
parted -s "$device" \
|
||||
|
@ -119,20 +120,21 @@ else
|
|||
set 1 bios_grub on \
|
||||
mkpart arch 2MiB 100%
|
||||
|
||||
partprobe "${device}"
|
||||
sleep 2
|
||||
part_root="/dev/disk/by-partlabel/arch"
|
||||
fi
|
||||
|
||||
# Wait for Partitions
|
||||
sleep 2
|
||||
|
||||
if [ $encryption -eq 1 ]; then
|
||||
echo "Creating Encrypted Root Partition"
|
||||
read -s -r -p "Please Enter the Encryption Passhprase: " lukspw
|
||||
echo ""
|
||||
read -s -r -p "Please Verify the Encryption Passhprase: " lukspw2
|
||||
echo ""
|
||||
[ "$lukspw" != "$lukspw2" ] && echo "Passphrases don't match!" && exit 1
|
||||
echo -n "$lukspw" | cryptsetup luksFormat --type luks1 --cipher aes-xts-plain64 --hash sha512 --key-size 512 "${part_root}" -
|
||||
echo -n "$lukspw" | cryptsetup open --key-file - "${part_root}" "cryptroot"
|
||||
unset lukspw lukspw2
|
||||
root_dev="/dev/mapper/cryptroot"
|
||||
else
|
||||
root_dev="${part_root}"
|
||||
|
|
Loading…
Reference in a new issue