Run zfs load-key if needed in dracut

'zfs load-key -a' will only be called if needed.  If a dataset not
needed for boot does not have its key loaded (home directories for
example) boot can still continue.

zfs:AUTO was not working via dracut, so we still need the generator
script to do its thing.

Reviewed-by: Richard Yao <[email protected]>
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: loli10K <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #6982 
Closes #7004 

1 files changed, 27 insertions, 0 deletions

diff --git a/contrib/dracut/90zfs/mount-zfs.sh.in b/contrib/dracut/90zfs/mount-zfs.sh.in
index e7f217736..36f07d667 100755
--- a/contrib/dracut/90zfs/mount-zfs.sh.in
+++ b/contrib/dracut/90zfs/mount-zfs.sh.in
@@ -56,6 +56,33 @@ ZFS_DATASET="${ZFS_DATASET:-${root#zfs:}}"
 ZFS_POOL="${ZFS_DATASET%%/*}"
 
 if import_pool "${ZFS_POOL}" ; then
+	# Load keys if we can or if we need to
+	if [ $(zpool list -H -o feature@encryption $(echo "${ZFS_POOL}" | awk -F\/ '{print $1}')) == 'active' ]; then
+		# if the root dataset has encryption enabled
+		if $(zfs list -H -o encryption "${ZFS_DATASET}" | grep -q -v off); then
+			# figure out where the root dataset has its key, the keylocation should not be none
+			while true; do
+				if [[ $(zfs list -H -o keylocation "${ZFS_DATASET}") == 'none' ]]; then
+					ZFS_DATASET=$(echo -n "${ZFS_DATASET}" | awk 'BEGIN{FS=OFS="/"}{NF--; print}')
+					if [[ "${ZFS_DATASET}" == '' ]]; then
+						rootok=0
+						break
+					fi
+				else
+					rootok=1
+					break
+				fi
+			done
+			[[ "${rootok}" -eq 0 ]]&& return 1
+			# decrypt them
+			TRY_COUNT=5
+			while [ $TRY_COUNT != 0 ]; do
+				zfs load-key "${ZFS_DATASET}"
+				[ $? == 0 ] && break
+				((TRY_COUNT-=1))
+			done
+		fi
+	fi
 	# Let us tell the initrd to run on shutdown.
 	# We have a shutdown hook to run
 	# because we imported the pool.