From 5962d2f882ca109870b6754d4612e31ea8235021 Mon Sep 17 00:00:00 2001
From: Fierelier <fierelier@gmail.com>
Date: Wed, 21 Sep 2022 11:43:59 +0200
Subject: [PATCH] Add support for disk-encryption

---
 mods/live-installer/data/bin/login | 58 +++++++++++++++++++++++++++++-
 mods/live-installer/data/chroot    |  1 +
 mods/live-installer/modscript      |  2 +-
 3 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100755 mods/live-installer/data/chroot

diff --git a/mods/live-installer/data/bin/login b/mods/live-installer/data/bin/login
index bd9a6c1..ee20e73 100755
--- a/mods/live-installer/data/bin/login
+++ b/mods/live-installer/data/bin/login
@@ -58,6 +58,38 @@ while true; do
 				fi
 			done
 			
+			# Ask for encryption
+			WDVN_ENCRYPT=""
+			WDVN_ENCRYPT_PASS=""
+			while true; do
+				read -p "Encrypt the disk? You will have to share a passphrase if you plan to share the computer [y,n]: " WDVN_ENCRYPT
+				WDVN_ENCRYPT="$(echo "$WDVN_ENCRYPT" | tr "[:upper:]" "[:lower:]")"
+				if [ "$WDVN_ENCRYPT" == "y" ]; then
+					apt -y install cryptsetup
+					echo ""
+					source /etc/default/keyboard
+					loadkeys us
+					echo "WARNING: Temporarily switching to US keyboard. Ignore this, type your password as you would on your regular keyboard."
+					while true; do
+						echo ""
+						read -s -p "Encryption password: " WDVN_ENCRYPT_PASS
+						echo ""
+						read -s -p "Confirm password: " WDVN_ENCRYPT_PASS_CONFIRM
+						echo ""
+						if [ "$WDVN_ENCRYPT_PASS" == "$WDVN_ENCRYPT_PASS_CONFIRM" ]; then
+							break
+						fi
+						echo "Passwords don't match."
+					done
+					loadkeys "$XKBLAYOUT"
+					break
+				fi
+				
+				if [ "$WDVN_ENCRYPT" == "n" ]; then
+					break
+				fi
+			done
+			
 			# Create partitions
 			echo "Creating partitions ..."
 			wipefs --all "$DEVICE"
@@ -67,9 +99,16 @@ while true; do
 			sgdisk --hybrid=1:2:3 "$DEVICE"
 			PART_EFI="$(echo "${DEVICE}"*2)"
 			PART_DATA="$(echo "${DEVICE}"*3)"
+			DEV_DATA="$PART_DATA"
 			
 			# Format partitions
 			echo "Formatting partitions ..."
+			if [ "$WDVN_ENCRYPT" == "y" ]; then
+				echo "$WDVN_ENCRYPT_PASS" | cryptsetup luksFormat --type luks1 "$PART_DATA"
+				echo "$WDVN_ENCRYPT_PASS" | cryptsetup luksOpen "$PART_DATA" system
+				
+				PART_DATA="/dev/mapper/system"
+			fi
 			mkfs.fat -F32 "$PART_EFI"
 			mkfs.ext4 "$PART_DATA"
 			
@@ -91,19 +130,36 @@ while true; do
 			echo "Adding files ..."
 			unsquashfs -f -d "/media/install" "/lib/live/mount/medium/live/filesystem.squashfs"
 			
+			if [ "$WDVN_ENCRYPT" == "y" ]; then
+				echo "GRUB_ENABLE_CRYPTODISK=y" > "/media/install/etc/default/grub.d/cryptodisk.cfg"
+			fi
+			
 			# Set hostname
 			echo "Setting hostname ..."
 			echo "$(head -c4 </dev/urandom|xxd -p -u)" >"/media/install/etc/hostname"
 			
 			# Write fstab
+			UUID_PART_DATA="$(blkid -o value -s UUID "$PART_DATA")"
+			UUID_DEV_DATA="$(blkid -o value -s UUID "$DEV_DATA")"
+			
 			echo "Writing fstab ..."
-			echo "UUID=$(blkid -o value -s UUID "$PART_DATA") / ext4 errors=remount-ro 0 1" >>"/media/install/etc/fstab"
+			if [ "$WDVN_ENCRYPT" == "y" ]; then
+				echo "GRUB_CMDLINE_LINUX=\"\$GRUB_CMDLINE_LINUX cryptdevice=UUID=$UUID_DEV_DATA root=UUID=$UUID_PART_DATA\"" >> "/media/install/etc/default/grub.d/cryptodisk.cfg"
+			fi
+			
+			if [ "$WDVN_ENCRYPT" == "y" ]; then
+				echo "system UUID=$UUID_DEV_DATA none luks" >"media/install/etc/crypttab"
+			fi
+			echo "UUID=$UUID_PART_DATA / ext4 errors=remount-ro 0 1" >>"/media/install/etc/fstab"
 			echo "/swap none swap sw 0 0" >>"/media/install/etc/fstab"
 			
 			# Remove live-specific packages
 			echo "Removing live-specific packages ..."
 			wdvn-chroot "/media/install" apt -y remove live-boot live-boot-initramfs-tools
 			wdvn-chroot "/media/install" apt -y autoremove
+			if [ "$WDVN_ENCRYPT" == "y" ]; then
+				wdvn-chroot "/media/install" apt -y install cryptsetup-initramfs
+			fi
 			wdvn-chroot "/media/install" update-initramfs -u
 			rm "/media/install/bin/login"
 			mv "/media/install/bin/login.oobe" "/media/install/bin/login"
diff --git a/mods/live-installer/data/chroot b/mods/live-installer/data/chroot
new file mode 100755
index 0000000..b465e31
--- /dev/null
+++ b/mods/live-installer/data/chroot
@@ -0,0 +1 @@
+apt install -y --download-only cryptsetup cryptsetup-initramfs
\ No newline at end of file
diff --git a/mods/live-installer/modscript b/mods/live-installer/modscript
index f47ae55..609e325 100644
--- a/mods/live-installer/modscript
+++ b/mods/live-installer/modscript
@@ -1,4 +1,4 @@
 #!/bin/bash
-export WDVN_PACKAGES="$WDVN_PACKAGES gdisk dosfstools squashfs-tools"
+export WDVN_PACKAGES="$WDVN_PACKAGES gdisk dosfstools squashfs-tools console-data"
 export WDVN_REMOVE="$WDVN_REMOVE dosfstools squashfs-tools"
 cp "$1/bin/login" "$1/bin/login.oobe"
\ No newline at end of file