2 files changed, 32 insertions, 5 deletions

diff --git a/scripts/casper b/scripts/casper
index 4d6c1a5..545942e 100644
--- a/scripts/casper
+++ b/scripts/casper
@@ -71,6 +71,8 @@ parse_cmdline ()
                 export CASPERGETTY=1 ;;
             bootfrom=*|live-media=*)
                 export LIVEMEDIA=${x#*=} ;;
+            live-media-encryption=*|encryption=*)
+                export LIVEMEDIA_ENCRYPTION=${x#*=} ;;
             live-media-timeout=*)
                 export LIVEMEDIA_TIMEOUT=${x#live-media-timeout=} ;;
             live-media-offset=*)
@@ -132,7 +134,7 @@ is_casper_path() {
 get_backing_device() {
     case "$1" in
         *.squashfs|*.ext2)
-            echo $(setup_loop "$1" "loop" "/sys/block/loop*")
+            echo $(setup_loop "$1" "loop" "/sys/block/loop*" '0' "${LIVEMEDIA_ENCRYPTION}")
             ;;
         *.dir)
             echo "directory"
@@ -509,7 +511,7 @@ check_dev ()
     fi
 
     if [ -n "${LIVEMEDIA_OFFSET}" ]; then
-        loopdevname=$(setup_loop "${devname}" "loop" "/sys/block/loop*" "${LIVEMEDIA_OFFSET}")
+        loopdevname=$(setup_loop "${devname}" "loop" "/sys/block/loop*" "${LIVEMEDIA_OFFSET}" '')
         devname="${loopdevname}" 
     fi
 
diff --git a/scripts/casper-helpers b/scripts/casper-helpers
index 8402d93..17f7d62 100644
--- a/scripts/casper-helpers
+++ b/scripts/casper-helpers
@@ -113,6 +113,7 @@ setup_loop() {
     local module=$2
     local pattern=$3
     local offset=$4
+    local encryption=$5
 
     modprobe ${MP_QUIET} -b "$module"
     udevsettle
@@ -120,10 +121,34 @@ setup_loop() {
     for loopdev in $pattern; do
         if [ "$(cat $loopdev/size)" -eq 0 ]; then
             dev=$(sys2dev "${loopdev}")
-            if [ -n "$offset" ]; then
-                losetup -o "$offset" "$dev" "$fspath"
+            options=''
+            if [ 0 -lt "${offset}" ]; then
+                options="${options} -o ${offset}"
+            fi
+            if [ -z "${encryption}" ]; then
+                losetup ${options} "${dev}" "${fspath}"
             else
-                losetup "$dev" "$fspath"
+                # Loop AES encryption
+                while true; do
+                    echo -n "Enter passphrase for ${fspath}: " >&6
+                    read -s passphrase
+                    echo "${passphrase}" > /tmp/passphrase
+                    exec 9</tmp/passphrase
+                    /sbin/losetup ${options} -e "${encryption}" -p 9 "${dev}" "${fspath}"
+                    error=$?
+                    exec 9<&-
+                    rm -f /tmp/passphrase
+                    if [ 0 -eq ${error} ]; then
+                        unset error
+                        break
+                    fi
+                    echo -n "Something went wrong... Retry? [YES/no] " >&6
+                    read answer
+                    if [ 'no' = "${answer}" ]; then
+                        unset answer
+                        break
+                    fi
+                done
             fi
             echo "$dev"
             return 0