39 lines
888 B
Bash
Executable File
39 lines
888 B
Bash
Executable File
#!/bin/bash
|
|
source /init_functions.sh
|
|
|
|
install_url="/tmp/detee_install_url"
|
|
install_sha="/tmp/detee_install_sha"
|
|
root_keyfile="/tmp/detee_root_keyfile"
|
|
ssh_key_file="/tmp/detee_ssh_key"
|
|
snp_key_file="/tmp/detee_luks_hotkey"
|
|
|
|
create_mounts
|
|
load_modules
|
|
setup_network
|
|
|
|
# load this module again cause it fails the first time
|
|
modprobe sev_guest
|
|
|
|
snp_key="$(GET_DERIVATION_KEY=yes guest_api)"
|
|
[[ -n $snp_key ]] && echo $snp_key > $snp_key_file
|
|
|
|
try_hot_decrypt || {
|
|
create_certs
|
|
guest_api
|
|
if [[ -f "$install_url" ]]; then
|
|
install_os
|
|
else
|
|
cryptsetup open -d $root_keyfile /dev/vda1 root
|
|
mount /dev/mapper/root /mnt
|
|
fi
|
|
cryptsetup luksKillSlot -d $root_keyfile /dev/vda1 1
|
|
[[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
|
|
--key-file $root_keyfile \
|
|
--new-keyfile $snp_key_file /dev/vda1
|
|
}
|
|
|
|
github_ssh_key
|
|
detee_ssh_key
|
|
|
|
exec switch_root /mnt /sbin/init "$@"
|