-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrenewTrustHashKey
executable file
·33 lines (33 loc) · 1.6 KB
/
renewTrustHashKey
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/bash
if [ ! -f /tmp/keyHash ] && [ ! -f /tmp/keyHashRequestRegen ]; then
echo "hash trust key has been expired, please reboot to renew the system state and the key to create LUKS Volume"
echo "However if you are insisting to do so you can add flag to /tmp/keyHashRequestRegen, it is not recommended"
exit
else
echo $(bash /encryptStorageTrustTool/hwswhashd > /dev/null 2>&1 ) &
fi
echo "Please prepare your backup keys and reenter it on the next prompt"
echo "It is required to unlock the disk first then we able to add the hash trust key"
cd /encryptStorageTrustTool
for configuration in $(ls $(pwd)/diskConfig); do
. $(pwd)/diskConfig/${configuration}
echo "Loading configuration from ${configuration}"
echo "for Disk or Partition ${diskUUID}"
#echo "$(cat /tmp/keyHash)" | cryptsetup luksAddKey /dev/disk/by-uuid/${diskUUID} -
#https://unix.stackexchange.com/questions/225108/how-to-automate-cryptsetup-luksaddkey-with-passphrase
# cryptstup luksAddKey /dev/disk/by-uuid/${diskUUID} newkey < backupkey
#echo -n "Disk Data Password for ${diskUUID} : "
#read -s backupPasswordInput
#echo "Loading..."
set -e
#cryptsetup luksAddKey /dev/disk/by-uuid/${diskUUID} "$(cat /tmp/keyHash)" < ${backupPasswordInput}
cryptsetup luksDump /dev/disk/by-uuid/${diskUUID}
echo "for Disk or Partition ${diskUUID}"
echo "name : ${sessionName}"
cryptsetup luksAddKey /dev/disk/by-uuid/${diskUUID} /tmp/keyHash
#cryptsetup -v luksKillSlot /dev/nvme0n1p4 8 this is how you remove keySlot
echo "Adding trust keyHash"
done
echo "If everything goes pretty well then you can reboot or wait for a while to get reauthenticated..."
echo "exiting..."
exit