commander/alfred-linux
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity
ee7ca2a49e
alfred-linux/config/hooks/live/0170-alfred-fde.hook.chroot

126 lines
6.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# ═══════════════════════════════════════════════════════════════
# HOOK 0170: Alfred Linux — Full-Disk Encryption (FDE) Support
#
# Enables LUKS full-disk encryption via Calamares installer.
# Pre-installs crypto tools and configures FDE as a 1-click
# option during install — NOT forced but prominently offered.
#
# BUILD: v4.0+ (RC8+)
# ═══════════════════════════════════════════════════════════════
set -e
echo "╔═══════════════════════════════════════════════════════════╗"
echo "║ [0170] Full-Disk Encryption (LUKS) Support ║"
echo "╚═══════════════════════════════════════════════════════════╝"
# ═══════════════════════════════════════════════════
# 1. INSTALL CRYPTOGRAPHIC PACKAGES
# ═══════════════════════════════════════════════════
echo "[FDE-01] Installing encryption packages..."
apt-get install -y --no-install-recommends \
cryptsetup \
cryptsetup-initramfs \
keyutils \
libblockdev-crypto3 \
2>/dev/null || apt-get install -y --no-install-recommends \
cryptsetup \
cryptsetup-initramfs \
keyutils \
2>/dev/null || true
# ═══════════════════════════════════════════════════
# 2. CONFIGURE LUKS DEFAULTS
# ═══════════════════════════════════════════════════
echo "[FDE-02] Configuring LUKS defaults for strong encryption..."
mkdir -p /etc/cryptsetup-initramfs/
cat > /etc/cryptsetup-initramfs/conf-hook << 'CRYPTINIT'
CRYPTSETUP=yes
KEYFILE_PATTERN=/etc/luks/*.keyfile
ASKPASS=y
CRYPTINIT
# Strong LUKS defaults for new volumes
mkdir -p /etc/default/
if [ ! -f /etc/default/cryptsetup ]; then
cat > /etc/default/cryptsetup << 'CRYPTDEFAULT'
# Alfred Linux — strong LUKS2 defaults
CRYPTDISKS_MOUNT=""
CRYPTDISKS_CHECK=blkid
CRYPTDEFAULT
fi
# ═══════════════════════════════════════════════════
# 3. CALAMARES FDE MODULE
# ═══════════════════════════════════════════════════
echo "[FDE-03] Configuring Calamares for LUKS encryption..."
CALA_DIR="/etc/calamares"
CALA_MOD="${CALA_DIR}/modules"
mkdir -p "${CALA_MOD}"
# Set LUKS encryption module defaults
cat > "${CALA_MOD}/luksopenswaphookcfg.conf" 2>/dev/null << 'LUKSSWAP' || true
---
configFilePath: /etc/openswap.conf
LUKSSWAP
# Partition module — offer encryption checkbox
if [ -f "${CALA_MOD}/partition.conf" ]; then
# Ensure encryption options are present
if ! grep -q 'enableLuksAutomatedPartitioning' "${CALA_MOD}/partition.conf"; then
cat >> "${CALA_MOD}/partition.conf" << 'PARTCRYPT'
# Alfred Linux — FDE enabled by default in guided installer
enableLuksAutomatedPartitioning: true
PARTCRYPT
fi
else
cat > "${CALA_MOD}/partition.conf" << 'PARTCONF'
---
efiSystemPartition: "/boot/efi"
efiSystemPartitionSize: 512M
enableLuksAutomatedPartitioning: true
defaultFileSystemType: "ext4"
PARTCONF
fi
# ═══════════════════════════════════════════════════
# 4. FDE HELPER TOOL
# ═══════════════════════════════════════════════════
echo "[FDE-04] Installing encryption helper tool..."
cat > /usr/local/bin/alfred-encrypt-status << 'ENCSTATUS'
#!/bin/bash
echo ""
echo "╔════════════════════════════════════════════════════╗"
echo "║ Alfred Linux — Encryption Status ║"
echo "╚════════════════════════════════════════════════════╝"
echo ""
echo "── LUKS Volumes ──"
if command -v lsblk &>/dev/null; then
LUKS_FOUND=false
while IFS= read -r line; do
if echo "$line" | grep -q "crypt"; then
echo " $line"
LUKS_FOUND=true
fi
done < <(lsblk -o NAME,TYPE,SIZE,FSTYPE,MOUNTPOINT 2>/dev/null)
if [ "$LUKS_FOUND" = false ]; then
echo " No LUKS encrypted volumes detected."
echo " To encrypt during install: choose 'Encrypt system' in installer."
fi
fi
echo ""
echo "── Crypto Support ──"
command -v cryptsetup &>/dev/null && echo " cryptsetup: installed ($(cryptsetup --version 2>/dev/null))" || echo " cryptsetup: NOT installed"
[ -d /sys/module/dm_crypt ] && echo " dm-crypt: loaded" || echo " dm-crypt: not loaded"
echo ""
ENCSTATUS
chmod +x /usr/local/bin/alfred-encrypt-status
echo "╔═══════════════════════════════════════════════════════════╗"
echo "║ [0170] FDE Support — COMPLETE ║"
echo "║ ✓ LUKS tools installed (cryptsetup, initramfs hooks) ║"
echo "║ ✓ Strong LUKS2 defaults configured ║"
echo "║ ✓ Calamares FDE checkbox enabled ║"
echo "║ ✓ alfred-encrypt-status tool installed ║"
echo "╚═══════════════════════════════════════════════════════════╝"
Reference in New Issue View Git Blame Copy Permalink