From a79a6c00eb252de8c2581744894c8173a34b2f92 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Mon, 2 Sep 2024 16:11:13 -0400
Subject: [PATCH] encryption-at-rest: Ensure required kernel modules are
 installed

---
 ehdd/create_hdd.sh | 1 +
 ehdd/ehdd_funcs.sh | 8 ++++++++
 ehdd/mount.sh      | 1 +
 3 files changed, 10 insertions(+)

diff --git a/ehdd/create_hdd.sh b/ehdd/create_hdd.sh
index 5ed43988..dd327dd0 100755
--- a/ehdd/create_hdd.sh
+++ b/ehdd/create_hdd.sh
@@ -44,6 +44,7 @@ if [ ! -e "$EHDD_IMG" ]; then
         echo ""
         echo "NOTE: You will need to reenter your drive encryption password"
     fi
+    assert_kernel_modules
     cryptsetup luksOpen $(keyfile_option) $loop $EHDD_LUKS_NAME  # map device to /dev/mapper/NAME
     mke2fs -j /dev/mapper/$EHDD_LUKS_NAME
     # sleep a brief time to avoid "device busy"
diff --git a/ehdd/ehdd_funcs.sh b/ehdd/ehdd_funcs.sh
index 5593b781..ea605c1d 100644
--- a/ehdd/ehdd_funcs.sh
+++ b/ehdd/ehdd_funcs.sh
@@ -17,10 +17,18 @@ if [ -z "${STORAGE_ROOT:-}" ]; then
     fi
 fi
 
+
 EHDD_IMG="$STORAGE_ROOT.HDD"
 EHDD_MOUNTPOINT="$STORAGE_ROOT"
 EHDD_LUKS_NAME="c1"
 
+assert_kernel_modules() {
+    local check="$(lsmod | awk '$1=="dm_crypt" {print "yes"}')"
+    if [ "$check" != "yes" ]; then
+        echo "Required kernel modules for encryption-at-rest are not loaded. Cannot continue"
+        exit 1
+    fi
+}
 
 find_unused_loop() {
     losetup -f
diff --git a/ehdd/mount.sh b/ehdd/mount.sh
index 5ff44270..f3c59c49 100755
--- a/ehdd/mount.sh
+++ b/ehdd/mount.sh
@@ -21,6 +21,7 @@ if is_mounted; then
     exit 0
 fi
 
+assert_kernel_modules
 loop=$(find_unused_loop)
 losetup $loop "$EHDD_IMG" || exit 1
 # map device to /dev/mapper/NAME