HomeFreeBSD

Add zfskeys rc.d script for auto-loading encryption keys

Description

Add zfskeys rc.d script for auto-loading encryption keys

ZFS in 13 supports encryption, but for the use case where keys are
available in plaintext on disk there is no mechanism for automatically
loading keys on startup.

This script will, by default, look for any dataset with encryption and
keylocation prefixed with file://. It will attempt to unlock, timing
out after 10 seconds for each dataset found.
User can optionally specify explicitly which datasets to attempt to
unlock.

Also supports (optionally by force) unmounting filesystems and unloading
associated keys.

Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D30015

Details

Provenance
ltning-freebsd_anduin.netAuthored on Jul 28 2021, 4:11 PM
allanjudeCommitted on Jul 28 2021, 4:26 PM
Differential Revision
D30015: Add zfskeys script to /etc/rc.d for auto-loading zfs keys
Parents
R10:fed248a6acb3: LinuxKPI: add read_poll_timeout()
Branches
Unknown
Tags
Unknown