diff options
| author | Witaut Bajaryn <[email protected]> | 2019-11-08 23:34:07 +0100 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2019-11-08 14:34:07 -0800 |
| commit | 6c7023a5326cc999cfaced931ee2498642d5e63f (patch) | |
| tree | 973cb3e4852c0c4f84134b0d0b6142c8a2743755 /contrib/dracut | |
| parent | 734de7ced12f376e8f07ad8cec3ccc1abf9779b1 (diff) | |
Skip loading already loaded key
Don't ask for the password / try to load the key if the key for the
encryptionroot is already loaded. The user might have loaded the key
manually or by other means before the scripts get called.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Tom Caputi <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Signed-off-by: Witaut Bajaryn <[email protected]>
Closes #9495
Closes #9529
Diffstat (limited to 'contrib/dracut')
| -rwxr-xr-x | contrib/dracut/90zfs/mount-zfs.sh.in | 14 | ||||
| -rwxr-xr-x | contrib/dracut/90zfs/zfs-load-key.sh.in | 3 |
2 files changed, 12 insertions, 5 deletions
diff --git a/contrib/dracut/90zfs/mount-zfs.sh.in b/contrib/dracut/90zfs/mount-zfs.sh.in index 23f7e3e29..73300a9b6 100755 --- a/contrib/dracut/90zfs/mount-zfs.sh.in +++ b/contrib/dracut/90zfs/mount-zfs.sh.in @@ -62,11 +62,15 @@ if import_pool "${ZFS_POOL}" ; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${ZFS_DATASET}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then - # decrypt them - ask_for_password \ - --tries 5 \ - --prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}: " \ - --cmd "zfs load-key '${ENCRYPTIONROOT}'" + KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")" + # if the key needs to be loaded + if [ "$KEYSTATUS" = "unavailable" ]; then + # decrypt them + ask_for_password \ + --tries 5 \ + --prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}: " \ + --cmd "zfs load-key '${ENCRYPTIONROOT}'" + fi fi fi # Let us tell the initrd to run on shutdown. diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index 3f466798e..88f43b6ed 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -38,6 +38,9 @@ if [ "$(zpool list -H -o feature@encryption $(echo "${BOOTFS}" | awk -F\/ '{prin # if the root dataset has encryption enabled ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot "${BOOTFS}") if ! [ "${ENCRYPTIONROOT}" = "-" ]; then + KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")" + # continue only if the key needs to be loaded + [ "$KEYSTATUS" = "unavailable" ] || exit 0 # decrypt them TRY_COUNT=5 while [ $TRY_COUNT -gt 0 ]; do |