rjl6789/cp_keys

## cp_keys
#!/bin/sh
PREREQ=""
prereqs()
{
   echo "$PREREQ"
}

case $1 in
prereqs)
   prereqs
   exit 0
   ;;
esac

. /usr/share/initramfs-tools/hook-functions
# Begin real processing below this line

copy_exec /etc/luks-keys/zfsBuster /etc/luks-keys/ >&2
copy_exec /etc/luks-keys/zfsBoot /etc/luks-keys/ >&2
copy_exec /etc/luks-keys/swap /etc/luks-keys/ >&2

## crypttab
# <target name> <source device>         <key file>      <options>
ZFSbuster       UUID=a big long uuid number       /etc/luks-keys/zfsBuster        luks,discard,keyscript=/bin/cat,initramfs
cboot           UUID=a big long uuid number       /etc/luks-keys/zfsBoot          luks,discard,keyscript=/bin/cat,initramfs


#cryptoswap      /dev/disk/by-partlabel/swap                     /dev/urandom            swap,cipher=aes-xts-plain64,size=256
cryptData       UUID=a big long uuid number       /etc/luks-keys/mbp-data luks,discard

# get UUID e.g lsblk -n -o UUID  or blkid -s UUID -o value /dev/sdaX

## grub
# /etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="root=ZFS=rpool/ROOT/debian cryptopts=source=/dev/disk/by-partlabel/scratch,target=ZFSbuster,hash=sha256,size=512,cipher=aes-xts-plain64,keyscript=/bin/cat,key=/etc/luks-keys/zfsBuster cryptopts=source=/dev/disk/by-partlabel/bootC,target=cboot,hash=sha256,size=512,cipher=aes-xts-plain64,keyscript=/bin/cat,key=/etc/luks-keys/zfsBoot cryptopts=source=/dev/disk/by-partlabel/swap,target=cryptSWAP,keyscript=/bin/cat,key=/etc/luks-keys/swap,hash=sha256,size=512,cipher=aes-xts-plain64 resume=/dev/mapper/cryptSWAP"
GRUB_ENABLE_CRYPTODISK=y
GRUB_DISABLE_OS_PROBER=true
GRUB_DISABLE_SUBMENU=y
GRUB_FONT=/boot/grub/fonts/terminus_32.pf2
GRUB_BACKGROUND=/boot/grub/backgrounds/debian10.png
	#!/bin/sh
	PREREQ=""
	prereqs()
	{
	echo "$PREREQ"
	}

	case $1 in
	prereqs)
	prereqs
	exit 0
	;;
	esac

	. /usr/share/initramfs-tools/hook-functions
	# Begin real processing below this line

	copy_exec /etc/luks-keys/zfsBuster /etc/luks-keys/ >&2
	copy_exec /etc/luks-keys/zfsBoot /etc/luks-keys/ >&2
	copy_exec /etc/luks-keys/swap /etc/luks-keys/ >&2
	# <target name> <source device> <key file> <options>
	ZFSbuster UUID=a big long uuid number /etc/luks-keys/zfsBuster luks,discard,keyscript=/bin/cat,initramfs
	cboot UUID=a big long uuid number /etc/luks-keys/zfsBoot luks,discard,keyscript=/bin/cat,initramfs


	#cryptoswap /dev/disk/by-partlabel/swap /dev/urandom swap,cipher=aes-xts-plain64,size=256
	cryptData UUID=a big long uuid number /etc/luks-keys/mbp-data luks,discard

	# get UUID e.g lsblk -n -o UUID or blkid -s UUID -o value /dev/sdaX
	# /etc/default/grub
	# If you change this file, run 'update-grub' afterwards to update
	# /boot/grub/grub.cfg.
	# For full documentation of the options in this file, see:
	# info -f grub -n 'Simple configuration'

	GRUB_DEFAULT=0
	GRUB_TIMEOUT=5
	GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null \|\| echo Debian`
	GRUB_CMDLINE_LINUX_DEFAULT="quiet"
	GRUB_CMDLINE_LINUX="root=ZFS=rpool/ROOT/debian cryptopts=source=/dev/disk/by-partlabel/scratch,target=ZFSbuster,hash=sha256,size=512,cipher=aes-xts-plain64,keyscript=/bin/cat,key=/etc/luks-keys/zfsBuster cryptopts=source=/dev/disk/by-partlabel/bootC,target=cboot,hash=sha256,size=512,cipher=aes-xts-plain64,keyscript=/bin/cat,key=/etc/luks-keys/zfsBoot cryptopts=source=/dev/disk/by-partlabel/swap,target=cryptSWAP,keyscript=/bin/cat,key=/etc/luks-keys/swap,hash=sha256,size=512,cipher=aes-xts-plain64 resume=/dev/mapper/cryptSWAP"
	GRUB_ENABLE_CRYPTODISK=y
	GRUB_DISABLE_OS_PROBER=true
	GRUB_DISABLE_SUBMENU=y
	GRUB_FONT=/boot/grub/fonts/terminus_32.pf2
	GRUB_BACKGROUND=/boot/grub/backgrounds/debian10.png