#!/bin/bash
#
# Copyright (C) 2020  Johannes Kepler University Linz, Institute of Networks and Security
# Copyright (C) 2020  CDL Digidow <https://www.digidow.eu/>
#
# Licensed under the EUPL, Version 1.2 or – as soon they will be approved by
# the European Commission - subsequent versions of the EUPL (the "Licence").
# You may not use this work except in compliance with the Licence.
#
# You should have received a copy of the European Union Public License along
# with this program.  If not, you may obtain a copy of the Licence at:
# <https://joinup.ec.europa.eu/software/page/eupl>
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the Licence is distributed on an "AS IS" basis,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the Licence for the specific language governing permissions and
# limitations under the Licence.
#

set -e

cp -vf ./passphrase-from-tpm.sh /usr/sbin/ || exit 1
cp -vf ./update-luks-tpm.sh /usr/sbin || exit 1
cp -vf ./update-kernel.sh /usr/sbin || exit 1
cp -vf ./create-luks-tpm.sh /usr/sbin || exit 1

cp -vf ./tpm2-hook.sh /etc/initramfs-tools/hooks/ || exit 2
awk -i inplace '/luks/{print $0 ",discard,initramfs,keyscript=/usr/sbin/passphrase-from-tpm.sh"}' /etc/crypttab

cp -vf ./kernel-command-line.txt /boot/ || exit 3
/usr/sbin/create-luks-tpm.sh
/usr/sbin/update-kernel.sh
efibootmgr --create --disk /dev/nvme0n1 --part 1 --label "ubuntu unified" --loader "\EFI\Linux\Linux.efi" --verbose
echo "Installed successfully! Please reboot and execute update-luks-tpm.sh afterwards"