diff options
| author | наб <[email protected]> | 2021-05-23 16:39:58 +0200 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2021-06-04 14:01:08 -0700 |
| commit | c38bc221b28a104dc05f825492062638b7f92d86 (patch) | |
| tree | 032e4046d4da672a0acb5d3b68c1a04d5bc26254 /contrib | |
| parent | cfc8dd198368dbf4e76c21731ebab35789d2fdd1 (diff) | |
dracut: 90zfs: zfs-load-key: don't load unencrypted bootfs' keylocation
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11800
Closes #12108
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/dracut/90zfs/zfs-load-key.sh.in | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index 8fd3e5fd5..2f0c7ea0b 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -36,13 +36,12 @@ fi if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")" - # where the key is stored (in a file or loaded via prompt) - KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")" # continue only if the key needs to be loaded [ "$KEYSTATUS" = "unavailable" ] || exit 0 - # if key is stored in a file, do not prompt + + KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${KEYLOCATION}" = "prompt" ]; then if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then systemctl start network-online.target |