2 files changed, 37 insertions, 0 deletions

diff --git a/debian/initramfs/conf-hook b/debian/initramfs/conf-hook
new file mode 100644
index 0000000..81de87e
--- /dev/null
+++ b/debian/initramfs/conf-hook
@@ -0,0 +1,28 @@
+#
+# Configuration file for the cryptroot initramfs hook.
+#
+
+#
+# KEYFILE_PATTERN: ...
+#
+# The value of this variable is interpreted as a shell pattern.
+# Matching key files from the crypttab(5) are included in the initramfs
+# image.  The associated devices can then be unlocked without manual
+# intervention.  (For instance if /etc/crypttab lists two key files
+# /etc/keys/{root,swap}.key, you can set KEYFILE_PATTERN="/etc/keys/*.key"
+# to add them to the initrd.)
+#
+# If KEYFILE_PATTERN if null or unset (default) then no key file is
+# copied to the initramfs image.
+#
+# Note that the glob(7) is not expanded for crypttab(5) entries with a
+# 'keyscript=' option.  In that case, the field is not treated as a file
+# name but given as argument to the keyscript.
+#
+# WARNING: If the initramfs image is to include private key material,
+# you'll want to create it with a restrictive umask in order to keep
+# non-privileged users at bay.  For instance, set UMASK=0077 in
+# /etc/initramfs-tools/initramfs.conf
+#
+
+#KEYFILE_PATTERN=
diff --git a/debian/initramfs/conf-hooks.d/cryptsetup b/debian/initramfs/conf-hooks.d/cryptsetup
new file mode 100644
index 0000000..883c1ba
--- /dev/null
+++ b/debian/initramfs/conf-hooks.d/cryptsetup
@@ -0,0 +1,9 @@
+# This will setup non-us keyboards in early userspace,
+# necessary for punching in passphrases.
+KEYMAP=y
+
+# force busybox on initramfs
+BUSYBOX=y
+
+# and for systems using plymouth instead, use the new option
+FRAMEBUFFER=y