From f181d1b8f0ce8ba89a718fefe92121e2eb172142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sun, 23 May 2021 16:39:58 +0200 Subject: [PATCH] dracut: 90zfs: zfs-load-key: don't load unencrypted bootfs' keylocation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ahelenia ZiemiaƄska Closes #11800 --- contrib/dracut/90zfs/zfs-load-key.sh.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index 8fd3e5fd52c8..2f0c7ea0b61c 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -36,13 +36,12 @@ fi if [ "$(zpool list -H -o feature@encryption "$(echo "${BOOTFS}" | awk -F/ '{print $1}')")" = 'active' ]; then # if the root dataset has encryption enabled ENCRYPTIONROOT="$(zfs get -H -o value encryptionroot "${BOOTFS}")" - # where the key is stored (in a file or loaded via prompt) - KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${ENCRYPTIONROOT}" = "-" ]; then KEYSTATUS="$(zfs get -H -o value keystatus "${ENCRYPTIONROOT}")" # continue only if the key needs to be loaded [ "$KEYSTATUS" = "unavailable" ] || exit 0 - # if key is stored in a file, do not prompt + + KEYLOCATION="$(zfs get -H -o value keylocation "${ENCRYPTIONROOT}")" if ! [ "${KEYLOCATION}" = "prompt" ]; then if ! [ "${KEYLOCATION#http}" = "${KEYLOCATION}" ]; then systemctl start network-online.target