1 files changed, 27 insertions, 0 deletions

diff --git a/contrib/dracut/90zfs/mount-zfs.sh.in b/contrib/dracut/90zfs/mount-zfs.sh.in
index e7f217736..36f07d667 100755
--- a/contrib/dracut/90zfs/mount-zfs.sh.in
+++ b/contrib/dracut/90zfs/mount-zfs.sh.in
@@ -56,6 +56,33 @@ ZFS_DATASET="${ZFS_DATASET:-${root#zfs:}}"
 ZFS_POOL="${ZFS_DATASET%%/*}"
 
 if import_pool "${ZFS_POOL}" ; then
+	# Load keys if we can or if we need to
+	if [ $(zpool list -H -o feature@encryption $(echo "${ZFS_POOL}" | awk -F\/ '{print $1}')) == 'active' ]; then
+		# if the root dataset has encryption enabled
+		if $(zfs list -H -o encryption "${ZFS_DATASET}" | grep -q -v off); then
+			# figure out where the root dataset has its key, the keylocation should not be none
+			while true; do
+				if [[ $(zfs list -H -o keylocation "${ZFS_DATASET}") == 'none' ]]; then
+					ZFS_DATASET=$(echo -n "${ZFS_DATASET}" | awk 'BEGIN{FS=OFS="/"}{NF--; print}')
+					if [[ "${ZFS_DATASET}" == '' ]]; then
+						rootok=0
+						break
+					fi
+				else
+					rootok=1
+					break
+				fi
+			done
+			[[ "${rootok}" -eq 0 ]]&& return 1
+			# decrypt them
+			TRY_COUNT=5
+			while [ $TRY_COUNT != 0 ]; do
+				zfs load-key "${ZFS_DATASET}"
+				[ $? == 0 ] && break
+				((TRY_COUNT-=1))
+			done
+		fi
+	fi
 	# Let us tell the initrd to run on shutdown.
 	# We have a shutdown hook to run
 	# because we imported the pool.