From da2a6580ce918232355e3258d66e2f03f8608971 Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Wed, 23 Nov 2016 10:45:39 -0500
Subject: [PATCH] allow key file to be specified on command line

---
 initrd/bin/unseal-key | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/initrd/bin/unseal-key b/initrd/bin/unseal-key
index 774d70de..387cd135 100755
--- a/initrd/bin/unseal-key
+++ b/initrd/bin/unseal-key
@@ -8,6 +8,11 @@ TPM_SIZE=312
 die() { echo >&2 "$@"; exit 1; }
 warn() { echo >&2 "$@"; }
 
+key_file="$1"
+if [ -z "$key_file" ]; then
+	key_file=/tmp/secret.key
+fi
+
 read -s -p "Encryption password: " tpm_password
 echo
 
@@ -19,9 +24,11 @@ nv_readvalue \
 
 unsealfile \
 	-if /tmp/sealed \
-	-of /tmp/secret.key \
+	-of "$key_file" \
 	-pwdd "$tpm_password" \
 	-hk 40000000 \
 || die "Unable to unseal disk encryption key"
 
 rm /tmp/sealed
+
+