zfskeys: if location is prompt then prompt during boot
ClosedPublic
Actions

Authored by ambrisko on Aug 8 2022, 6:42 PM.

Details

Reviewers

allanjude
0mp
jhb

Commits

rG408087f128fe: zfskeys: allow prompt to entered during boot up

Summary

Sometimes, prompting for the key is needed. If the ZFS key is to be
entered during boot, then prompt and accept the key during boot.

Test Plan

Tested with a ZFS encryption using a file for key and another test to prompt for key.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

ambrisko created this revision.Aug 8 2022, 6:42 PM

Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptAug 8 2022, 6:42 PM

ambrisko requested review of this revision.Aug 8 2022, 6:42 PM

Harbormaster completed remote builds in B46790: Diff 109018.Aug 8 2022, 6:42 PM

ambrisko edited the test plan for this revision. (Show Details)Aug 8 2022, 6:46 PM

ambrisko added a reviewer: allanjude.

Do docs need to be updated?
Otherwise, I like it.

libexec/rc/rc.d/zfskeys
51	kl == prompt, so why obfuscate by expanding it here?

allanjude added a reviewer: 0mp.Aug 20 2022, 2:19 AM

In D36081#823478, @imp wrote:

Do docs need to be updated?

The rc.conf manual page does not document any of that at the moment. We probably should reference zfs-load-key(8) somewhere at least. This is not part of this revision though I'd say.

Otherwise, I like it.

I'm not sure if I don't understand the purpose of the /dev/tty redirects. Could you explain a bit the reason behind that construct?

Otherwise, seems OK as well

libexec/rc/rc.d/zfskeys
51	What's the reason for `< /dev/tty > /dev/tty 2>/dev/tty`?

This revision now requires changes to proceed.Sep 16 2022, 12:14 PM

ambrisko added inline comments.Sep 16 2022, 10:40 PM

libexec/rc/rc.d/zfskeys

Combining both questions.

I don't understand the "kl == prompt" question, if the key was set to prompt then we need to read the key from console. If is in not prompt mode then read the key from a file like the original code did. So when the ZFS key is set in prompt mode then it needs to read from /dev/tty etc. or it dies:

ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
Key prompt for hdd_zfs_data_1/encrypted.
Key load error: encryption failure
 Key failed to load for hdd_zfs_data_1/encrypted.
    ....
Mounting /etc/fstab filesystems failed, startup aborted
ERROR: ABORTING BOOT (sending SIGTERM to parent)!

with /dev/tty:

ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
Key prompt for hdd_zfs_data_1/encrypted.
Enter passphrase for 'hdd_zfs_data_1/encrypted':
<ZFS password entered>
Key loaded for hdd_zfs_data_1/encrypted.
Starting file system checks:
  ....
FreeBSD/amd64 (p15s) (ttyu0)

login:

/dev/tty makes it read and write to the console so the key can be entered.

jhb accepted this revision.Apr 18 2023, 10:08 PM

grahamperrin added a subscriber: grahamperrin.Apr 22 2023, 3:05 PM

This revision was not accepted when it landed; it landed in state Needs Revision.Sep 12 2024, 4:35 PM

Closed by commit rG408087f128fe: zfskeys: allow prompt to entered during boot up (authored by ambrisko). · Explain Why

This revision was automatically updated to reflect the committed changes.

ambrisko added a commit: rG408087f128fe: zfskeys: allow prompt to entered during boot up.