-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreateLUKSVolume
executable file
·67 lines (67 loc) · 2.95 KB
/
createLUKSVolume
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# use reencrypt
#https://superuser.com/questions/216879/encrypt-an-existing-partition-in-linux-while-preserving-its-data
#https://unix.stackexchange.com/questions/444931/is-there-a-way-to-encrypt-disk-without-formatting-it
if [ ! -f /tmp/keyHash ] && [ ! -f /tmp/keyHashRequestRegen ]; then
echo "hash trust key has been expired, please reboot to renew the system state and the key to create LUKS Volume"
echo "However if you are insisting to do so you can add flag to /tmp/keyHashRequestRegen, it is not recommended"
exit
else
echo $(bash /encryptStorageTrustTool/hwswhashd > /dev/null 2>&1 ) &
fi
reset
#cryptsetup reencrypt --encrypt /dev/sdXY --reduce-device-size 32M
echo "caching keyHash"
echo "Check your partition UUID"
echo "======"
lsblk
echo "======"
echo -n "partition/Volume Device Path to encrypt (/dev/sdb /dev/sda etc):"
set -e
read diskPATH
echo ""
echo -n "What will you name the Volume? :"
read sessionName
echo -n "What is the Volume mounting point on the system? :"
read mountingpoint
if [ -z "${diskPATH}" ] && [ -z "${sessionName}" ] && [ -z "${mountingpoint}" ]; then
echo "A blank required Input detected..."
echo "Setup is cancelled"
exit
fi
echo "[0/4] Enter or Define your backup password for renewing the Trust Hash key later"
echo -n "User-defined Backup Password : "
read -s uBPassword
echo ""
currentsessionUUID=$(uuidgen)
set +e
echo ${uBPassword} | cryptsetup reencrypt --encrypt ${diskPATH} --reduce-device-size 32M ${currentsessionUUID} -
echo ${uBPassword} | cryptsetup luksOpen ${diskPATH} ${currentsessionUUID} - #/dev/mapper/${currentsessionUUID}
echo "[1/4] Correcting Filesystem Size..."
fsck /dev/mapper/${currentsessionUUID} -f -p
resize2fs /dev/mapper/${currentsessionUUID} -f
echo "[2/4] Checking for any Filesystem Errors"
fsck /dev/mapper/${currentsessionUUID} -f -p
cryptsetup luksClose ${currentsessionUUID}
echo "[3/4] generating configuration cross compatible UUID from diskPath to the diskConfig..."
namefile=/encryptStorageTrustTool/diskConfig/${currentsessionUUID}_volume_autoGenerated.conf
if [ ! -d /encryptStorageTrustTool/diskConfig ]; then
mkdir /encryptStorageTrustTool/diskConfig
fi
cryptsetup luksDump ${diskPATH}
# https://unix.stackexchange.com/questions/270212/how-do-i-get-the-uuid-of-a-partition-and-define-a-bash-variable-as-being-equal-t
#====
echo '# this is configuration for mounting the disk or partition' > ${namefile}
echo "sessionName=${sessionName}" >> ${namefile}
echo "diskUUID=$(lsblk -no UUID ${diskPATH})" >> ${namefile}
#echo "diskPATH=${diskPATH}" >> ${namefile}
echo "mountingpoint=${mountingpoint}" >> ${namefile}
echo "mountingoption=" >> ${namefile}
echo "# This configuration is autogenerated by the setup at $(date)" >> ${namefile}
#====
echo "[4/4] Recalling Hash key daemon"
echo $(bash /encryptStorageTrustTool/hwswhashd > /dev/null 2>&1 ) &
bash /encryptStorageTrustTool/renewTrustHashKey
echo "Finished!"
echo "To get the disk Automatically Authenticated you can try to reboot your machine or environment"
exit