@@ -838,15 +838,15 if [ "$ENABLE_CRYPTFS" = true ] ; then | |||||
838 | # Initialize encrypted partition |
|
838 | # Initialize encrypted partition | |
839 | cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password |
|
839 | cryptsetup --verbose --debug -q luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -h "${CRYPTFS_HASH}" -s "${CRYPTFS_XTSKEYSIZE}" .password | |
840 |
|
840 | |||
841 | # Update temporary loop device |
|
|||
842 | ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" |
|
|||
843 |
|
||||
844 | # Open encrypted partition and setup mapping |
|
841 | # Open encrypted partition and setup mapping | |
845 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" |
|
842 | cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}" | |
846 |
|
843 | |||
847 | # Secure delete password keyfile |
|
844 | # Secure delete password keyfile | |
848 | shred -zu .password |
|
845 | shred -zu .password | |
849 |
|
846 | |||
|
847 | # Update temporary loop device | |||
|
848 | ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}" | |||
|
849 | ||||
850 | # Wipe encrypted partition (encryption cipher is used for randomness) |
|
850 | # Wipe encrypted partition (encryption cipher is used for randomness) | |
851 | dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" |
|
851 | dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")" | |
852 | fi |
|
852 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant