Open s3rgeym opened 1 year ago
Move ESP to another Drive. Edit fstab. Add Boot entry.
Layout:
Install sedutil-cli:
yay -S sedutil-cli
Hook that will only ask for a password if the drive is locked:
/usr/lib/initcpio/hooks/unlock-opal-drive-hook
#!/usr/bin/ash check_opal_locked() { sedutil-cli --query "$1" | grep 'Locked = Y' > /dev/null } unlock_opal_drive() { sedutil-cli --setLockingRange 0 rw "$2" "$1" \ && sedutil-cli --setMBRDone on "$2" "$1" \ && partprobe "$1" } run_hook() { while check_opal_locked /dev/nvme1n1 do printf "Enter Passphrase to Unlock Drive: " read -s p echo unlock_opal_drive /dev/nvme1n1 "$p" done }
Install hook script:
/usr/lib/initcpio/install/unlock-opal-drive-hook
#!/bin/bash build() { add_runscript }
Add sedutil-cli to binaries and add unlock-opal-drive-hook to hooks:
/etc/mkinitcpio.conf
# ... BINARIES=(/usr/bin/btrfs /usr/bin/sedutil-cli) # ... HOOKS=(base udev autodetect modconf block unlock-opal-drive-hook filesystems keyboard fsck)
Build initramfs image:
sudo mkinincpio -P
Enjoy...
Move ESP to another Drive. Edit fstab. Add Boot entry.
Layout:
Install sedutil-cli:
Hook that will only ask for a password if the drive is locked:
/usr/lib/initcpio/hooks/unlock-opal-drive-hookInstall hook script:
/usr/lib/initcpio/install/unlock-opal-drive-hookAdd sedutil-cli to binaries and add unlock-opal-drive-hook to hooks:
/etc/mkinitcpio.confBuild initramfs image:
Enjoy...