1 files changed, 15 insertions, 3 deletions

diff --git a/src/initrd/grok-block b/src/initrd/grok-block
index f44ed19..efe46d8 100755
--- a/src/initrd/grok-block
+++ b/src/initrd/grok-block
@@ -87,11 +87,24 @@ retry_mount()
   done
 }
 
+Gpg2()
+{
+    gpg2 --lock-never --no-permission-warning --no-auto-check-trustdb --no-options "$@"
+}
+
 gpg_verify()
 {
+  [ -e "$1" ] || return
   bootwait samizdat-gpg
   export GNUPGHOME=/gpg/gnupghome
-  gpg2 --lock-never --no-permission-warning --no-auto-check-trustdb --no-options --verify "$1"
+  Gpg2 --verify "$1"
+}
+
+gpg_can_decrypt()
+{
+  [ -e "$1" ] || return
+  bootwait samizdat-gpg
+  Gpg2 --decrypt "$1" | Gpg2 --decrypt "$1" >/dev/null
 }
 
 is_lvm()
@@ -186,8 +199,7 @@ grok_block()
       # TODO: And what if we create partitions and then reboot the machine mid-install?
 
   elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then
-    # TODO: First ensure we can decrypt the key
-    if [ -e "$mountpoint"/disk.key ]; then
+    if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then
       addmenu_choose_native_root "$(parent_device "$DEVNAME")"
     fi
     umount "$mountpoint"