in src/ade.rs [216:280]
fn enable_encrypted_partition(
cli_info: &mut CliInfo,
partitions: &[distro::PartInfo],
) -> Result<()> {
let partition_path = helper::get_recovery_disk_path(cli_info);
let root_partiton_number = find_root_partition_number(partitions);
let command: String = if cli_info.ade_password.is_empty() {
// we verified earlier that the BEK does exists and is readable
mount_bek_volume()?;
mount_boot_partition(cli_info, partitions)?;
format!(
"cryptsetup luksOpen --key-file {} --header {}/luks/osluksheader {}{} rescueencrypt",
constants::RESCUE_BEK_LINUX_PASS_PHRASE_FILE_NAME,
constants::RESCUE_BEK_BOOT,
partition_path,
root_partiton_number
)
} else {
create_pass_phrase_file(&cli_info.ade_password)?;
mount_boot_partition(cli_info, partitions)?;
format!(
"cryptsetup luksOpen --key-file {} --header {}/luks/osluksheader {}{} rescueencrypt",
constants::RESCUE_TMP_LINUX_PASS_PHRASE_FILE_NAME,
constants::RESCUE_BEK_BOOT,
partition_path,
root_partiton_number
)
};
match process::Command::new("sh").arg("-c").arg(&command).status() {
Ok(status) => {
debug!("luksopen status: {}", &status);
if status.success() {
debug!("luksopen success");
} else {
debug!("luksopen failed");
if cli_info.ade_password.is_empty() {
umount_bek_volume()?;
}
umount_boot_partition()?;
close_rescueencrypt()?;
error!("Error: Enabeling the encrypted device isn't possible. Please verify that the passphrase is correct. ALAR needs to stop.");
process::exit(1);
}
}
Err(e) => {
umount_bek_volume()?;
umount_boot_partition()?;
fs::remove_file(constants::RESCUE_TMP_LINUX_PASS_PHRASE_FILE_NAME)?;
error!("Error: Enabeling the encrypted device isn't possible. ALAR needs to stop. Error detail is: {e}");
process::exit(1);
}
}
umount_boot_partition()?;
if cli_info.ade_password.is_empty() {
umount_bek_volume()?;
} else {
// for security reasons we have to clear the ADE password
cli_info.clear_password();
fs::remove_file(constants::RESCUE_TMP_LINUX_PASS_PHRASE_FILE_NAME)?;
}
Ok(())
}