From 8cb208392eb091a7c84eef453a8949fa3338e036 2019-10-27 21:45:30 From: Unknown Date: 2019-10-27 21:45:30 Subject: [PATCH] 0 --- diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 897d3b3..a67ad40 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -837,9 +837,6 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then # Initialize encrypted partition cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password - - # Update temporary loop device - ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" # Open encrypted partition and setup mapping cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" @@ -847,6 +844,9 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then # Secure delete password keyfile shred -zu .password + # Update temporary loop device + ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" + # Wipe encrypted partition (encryption cipher is used for randomness) dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" fi