tzpfms/initrd/dracut/module-setup.sh

#!/bin/sh
# SPDX-License-Identifier: MIT
# shellcheck disable=SC2086


#include "../install.h"


_get_backend() {
	OIFS="$IFS"
	IFS='
'
	rootfses="$(awk '$2 ~ "^(/|/etc|/bin|/lib|/lib??|/libx32|/usr)$" && $3 == "zfs" {print $1}' /etc/mtab)"
	[ -z "$rootfses" ] && IFS="$OIFS" && return 1

	eroots="$(zfs get encryptionroot -Ho value $rootfses | sort -u | grep -vFxe '' -e '-')"
	[ -z "$eroots" ] && IFS="$OIFS" && return 1

	backends="$(zfs-tpm-list -H $eroots | cut -f2 | sort -u)"
	[ -z "$backends" ] && IFS="$OIFS" && return 1

	IFS="$OIFS"
	return 0
}

_install_tpm2() {
	inst_binary zfs-tpm2-load-key
	inst_libdir_file 'libtss2-tcti*.so*'
	command -v tpm2_dictionarylockout > /dev/null && inst_binary tpm2_dictionarylockout
}

_install_tpm1x() {
	inst_binary zfs-tpm1x-load-key
	INSTALL_TPM1X{inst_binary tcsd; inst_binary ip; inst_binary ss, initdir, inst_simple, inst_simple, inst_simple, inst_libdir_file}
	command -v tpm_resetdalock > /dev/null && inst_binary tpm_resetdalock
}


check() {
	require_binaries zfs-tpm-list || return

	# shellcheck disable=SC2154
	if [ -n "$hostonly" ]; then
		_get_backend || return

		for backend in $backends; do
			[ "$backend" = "TPM2"   ] && command -v zfs-tpm2-load-key  > /dev/null && return 0
			[ "$backend" = "TPM1.X" ] && command -v zfs-tpm1x-load-key > /dev/null && return 0
		done

		return 1
	fi

	return 0
}


depends() {
	echo zfs
}


installkernel() {
	instmods '=drivers/char/tpm'
}


install() {
	inst_binary zfs-tpm-list

	if [ -n "$hostonly" ]; then
		_get_backend

		for backend in $backends; do
			[ "$backend" = "TPM2"   ] && _install_tpm2
			[ "$backend" = "TPM1.X" ] && _install_tpm1x
		done
	else
		command -v zfs-tpm2-load-key  > /dev/null && _install_tpm2
		command -v zfs-tpm1x-load-key > /dev/null && _install_tpm1x
	fi

	inst_hook pre-mount 89 "${moddir:-}/tzpfms-load-key.sh"  # zfs installs with 90, we *must* run beforehand
}