Skip to content

Commit

Permalink
dracut: 90zfs: zfs-load-key: don't load unencrypted bootfs' keylocation
Browse files Browse the repository at this point in the history
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes openzfs#11800
Closes openzfs#12108
  • Loading branch information
nabijaczleweli authored and behlendorf committed Jun 9, 2021
1 parent 998035d commit 2dde920
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions contrib/dracut/90zfs/zfs-load-key.sh.in
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,12 @@ fi
if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then
# if the root dataset has encryption enabled
ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")"
# where the key is stored (in a file or loaded via prompt)
KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")"
if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")"
# continue only if the key needs to be loaded
[ "$KEYSTATUS" = "unavailable" ] || exit 0
# if key is stored in a file, do not prompt

KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")"
if ! [ "${KEYLOCATION}" = "prompt" ]; then
zfs load-key "${ENCRYPTIONROOT}"
else
Expand Down

0 comments on commit 2dde920

Please sign in to comment.