Also unlock with TPM

so we can use the same functions everywhere just with a flag

Signed-off-by: Itxaka <itxaka@kairos.io>

main.go

@@ -55,9 +55,15 @@ func main() {
 				UsageText:   "unlock-all",
 				Usage:       "Try to unlock all LUKS partitions",
 				Description: "Typically run during initrd to unlock all the LUKS partitions found",
-				ArgsUsage:   "kcrypt unlock-all",
+				ArgsUsage:   "kcrypt [--tpm] unlock-all",
+				Flags: []cli.Flag{
+					&cli.BoolFlag{
+						Name:  "tpm",
+						Usage: "Use TPM to unlock the partition",
+					},
+				},
 				Action: func(c *cli.Context) error {
-					return lib.UnlockAll()
+					return lib.UnlockAll(c.Bool("tpm"))
 				},
 			},
 			{

pkg/lib/unlock.go

@@ -15,7 +15,7 @@ import (
 )
 
 // UnlockAll Unlocks all encrypted devices found in the system
-func UnlockAll() error {
+func UnlockAll(tpm bool) error {
 	bus.Manager.Initialize()
 
 	config, err := configpkg.GetConfiguration(configpkg.ConfigScanDirs)
@@ -52,10 +52,18 @@ func UnlockAll() error {
 				// We mount it under /dev/mapper/DEVICE, so It's pretty easy to check
 				if !utils.Exists(filepath.Join("/dev", "mapper", p.Name)) {
 					fmt.Printf("Unmounted Luks found at '%s' LABEL '%s' \n", filepath.Join("/dev", p.Name), p.FilesystemLabel)
+					if tpm {
+						out, err := utils.SH(fmt.Sprintf("/usr/lib/systemd/systemd-cryptsetup attach %s %s - tpm2-device=auto", p.Name, filepath.Join("/dev", p.Name)))
+						if err != nil {
+							fmt.Printf("Unlocking failed: '%s'\n", err.Error())
+							fmt.Printf("Unlocking failed, command output: '%s'\n", out)
+						}
+					} else {
 						err = UnlockDisk(p)
 						if err != nil {
 							fmt.Printf("Unlocking failed: '%s'\n", err.Error())
 						}
+					}
 				} else {
 					fmt.Printf("Device %s seems to be mounted at %s, skipping\n", filepath.Join("/dev", p.Name), filepath.Join("/dev", "mapper", p.Name))
 				}