2 files changed, 12 insertions, 5 deletions

diff --git a/contrib/dracut/90zfs/mount-zfs.sh.in b/contrib/dracut/90zfs/mount-zfs.sh.in
index 23f7e3e29..73300a9b6 100755
--- a/contrib/dracut/90zfs/mount-zfs.sh.in
+++ b/contrib/dracut/90zfs/mount-zfs.sh.in
@@ -62,11 +62,15 @@ if import_pool "${ZFS_POOL}" ; then
 		# if the root dataset has encryption enabled
 		ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${ZFS_DATASET}")"
 		if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
-			# decrypt them
-			ask_for_password \
-				--tries 5 \
-				--prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}: " \
-				--cmd "zfs load-key '${ENCRYPTIONROOT}'"
+			KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")"
+			# if the key needs to be loaded
+			if [ "$KEYSTATUS" = "unavailable" ]; then
+				# decrypt them
+				ask_for_password \
+					--tries 5 \
+					--prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}: " \
+					--cmd "zfs load-key '${ENCRYPTIONROOT}'"
+			fi
 		fi
 	fi
 	# Let us tell the initrd to run on shutdown.
diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in
index 3f466798e..88f43b6ed 100755
--- a/contrib/dracut/90zfs/zfs-load-key.sh.in
+++ b/contrib/dracut/90zfs/zfs-load-key.sh.in
@@ -38,6 +38,9 @@ if [ "$(zpool list -H -o feature@encryption $(echo "${BOOTFS}" | awk -F\/ '{prin
     # if the root dataset has encryption enabled
     ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot "${BOOTFS}")
     if ! [ "${ENCRYPTIONROOT}" = "-" ]; then
+        KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")"
+        # continue only if the key needs to be loaded
+        [ "$KEYSTATUS" = "unavailable" ] || exit 0
         # decrypt them
         TRY_COUNT=5
         while [ $TRY_COUNT -gt 0 ]; do