diff options
| author | наб <[email protected]> | 2021-05-23 16:39:58 +0200 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2021-06-09 13:05:34 -0700 |
| commit | 2dde9202d9a6097f76cdcde0a7ffac14d825b884 (patch) | |
| tree | cc73c19178024650049b29503566322f1cee329a | |
| parent | 998035d534bfa7c827168fc7a7f4bfec504ac5d5 (diff) | |
dracut: 90zfs: zfs-load-key: don't load unencrypted bootfs' keylocation
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11800
Closes #12108
| -rwxr-xr-x | contrib/dracut/90zfs/zfs-load-key.sh.in | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index f8d664b71..9407ae461 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -36,13 +36,12 @@ fi if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")" - # where the key is stored (in a file or loaded via prompt) - KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")" # continue only if the key needs to be loaded [ "$KEYSTATUS" = "unavailable" ] || exit 0 - # if key is stored in a file, do not prompt + + KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${KEYLOCATION}" = "prompt" ]; then zfs load-key "${ENCRYPTIONROOT}" else |