Unset encryption passphrases as soon as we are done

This commit is contained in:
seiichiro 2021-09-17 17:09:10 +02:00
parent 2315d8851f
commit 34206c291c

View file

@ -111,6 +111,7 @@ if [[ "${systype}" == "x86_64-efi" ]]; then
extrapkgs="efibootmgr" extrapkgs="efibootmgr"
partprobe "${device}" partprobe "${device}"
sleep 2
mkfs.fat -F32 -n EFI "${part_esp}" mkfs.fat -F32 -n EFI "${part_esp}"
else else
parted -s "$device" \ parted -s "$device" \
@ -119,20 +120,21 @@ else
set 1 bios_grub on \ set 1 bios_grub on \
mkpart arch 2MiB 100% mkpart arch 2MiB 100%
partprobe "${device}"
sleep 2
part_root="/dev/disk/by-partlabel/arch" part_root="/dev/disk/by-partlabel/arch"
fi fi
# Wait for Partitions
sleep 2
if [ $encryption -eq 1 ]; then if [ $encryption -eq 1 ]; then
echo "Creating Encrypted Root Partition" echo "Creating Encrypted Root Partition"
read -s -r -p "Please Enter the Encryption Passhprase: " lukspw read -s -r -p "Please Enter the Encryption Passhprase: " lukspw
echo "" echo ""
read -s -r -p "Please Verify the Encryption Passhprase: " lukspw2 read -s -r -p "Please Verify the Encryption Passhprase: " lukspw2
echo ""
[ "$lukspw" != "$lukspw2" ] && echo "Passphrases don't match!" && exit 1 [ "$lukspw" != "$lukspw2" ] && echo "Passphrases don't match!" && exit 1
echo -n "$lukspw" | cryptsetup luksFormat --type luks1 --cipher aes-xts-plain64 --hash sha512 --key-size 512 "${part_root}" - echo -n "$lukspw" | cryptsetup luksFormat --type luks1 --cipher aes-xts-plain64 --hash sha512 --key-size 512 "${part_root}" -
echo -n "$lukspw" | cryptsetup open --key-file - "${part_root}" "cryptroot" echo -n "$lukspw" | cryptsetup open --key-file - "${part_root}" "cryptroot"
unset lukspw lukspw2
root_dev="/dev/mapper/cryptroot" root_dev="/dev/mapper/cryptroot"
else else
root_dev="${part_root}" root_dev="${part_root}"