allow key file to be specified on command line

2025-02-20 09:16:21 +00:00 · 2016-11-23 10:45:39 -05:00 · 2016-11-23 10:45:39 -05:00 · da2a6580ce
commit da2a6580ce
parent e9e6d661d3
1 changed files with 8 additions and 1 deletions
--- a/initrd/bin/unseal-key
+++ b/initrd/bin/unseal-key
@ -8,6 +8,11 @@ TPM_SIZE=312
 die() { echo >&2 "$@"; exit 1; }
 warn() { echo >&2 "$@"; }

+key_file="$1"
+if [ -z "$key_file" ]; then
+	key_file=/tmp/secret.key
+fi
+
 read -s -p "Encryption password: " tpm_password
 echo

@ -19,9 +24,11 @@ nv_readvalue \

 unsealfile \
 	-if /tmp/sealed \
-	-of /tmp/secret.key \
+	-of "$key_file" \
 	-pwdd "$tpm_password" \
 	-hk 40000000 \
 || die "Unable to unseal disk encryption key"

 rm /tmp/sealed
+
+