--- /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig 2020-05-03 01:25:43.388812582 +0200 +++ /usr/share/initramfs-tools/scripts/local-top/cryptroot 2020-05-03 01:25:43.392812547 +0200 @@ -123,6 +123,23 @@ fi fi + if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ]; then + # Wait for USB to settle + /bin/sleep 3 + + # Test all devices + mkdir /mnt + echo -n "Searching for cryptkey.txt on available disks... " + local partition + for partition in `cat /proc/partitions |awk '{print $4}'|tail -n +3`; do + if mount /dev/$partition /mnt 2>/dev/null; then + cat /mnt/cryptkey.txt >> /tmp/cryptkeys.txt 2>/dev/null + umount /dev/$partition + fi + done + echo "done." + fi + get_crypt_type # set CRYPTTAB_TYPE to the type of crypt device local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do @@ -130,8 +147,29 @@ # unlock via keyfile unlock_mapping "$CRYPTTAB_KEY" else - # unlock interactively or via keyscript - run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping + if [ -s /tmp/cryptkeys.txt ]; then + local keyfound + keyfound=0 + echo Trying keys from cryptkey.txt + for key in `cat /tmp/cryptkeys.txt`; do + if echo -n "$key" | unlock_mapping; then + # Found the key + echo Key found in cryptkey.txt + keyfound=1 + key="" + fi + done + # Remove traces of the key + rm /tmp/cryptkeys.txt + unset key + if [ "$keyfound" = "0" ]; then + # Fall back to manual entry + run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping + fi + else + # unlock interactively or via keyscript + run_keyscript "$CRYPTTAB_KEY" "$count" | unlock_mapping + fi fi rv=$? count=$(( $count + 1 ))