Bug 256483 - zfs doesn't automount encrypted datasets
Summary: zfs doesn't automount encrypted datasets
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-fs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-08 15:01 UTC by Justin Hibbits
Modified: 2021-06-12 01:26 UTC (History)
3 users (show)

See Also:


Attachments
Patch to add knob to rc.conf to automount zfs filesystems (1.08 KB, patch)
2021-06-11 22:26 UTC, David Schlachter
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Hibbits freebsd_committer 2021-06-08 15:01:08 UTC
Since at least the import of ZoL/new OpenZFS, zfs has supported encrypted datasets, with password or file keys.  These can be mounted via 'zfs mount -l' or 'zfs load-key -a'.  This isn't automatically done at boot, but could be by adding the '-l' flag to the zfs mount command in the rc script.
Comment 1 David Schlachter 2021-06-11 22:26:03 UTC
Created attachment 225750 [details]
Patch to add knob to rc.conf to automount zfs filesystems

Here's a patch that adds a flag to rc.conf ("zfs_mount_encrypted") that, if enabled, will load keys and automount encrypted ZFS filesystems on boot. By default the option would be disabled to maintain existing behaviour. The patch also includes documentation for the rc.conf man page.
Comment 2 Alan Somers freebsd_committer 2021-06-11 22:36:27 UTC
Comment on attachment 225750 [details]
Patch to add knob to rc.conf to automount zfs filesystems

Does this work with both keylocations, prompt and file?
Comment 3 David Schlachter 2021-06-11 22:48:33 UTC
(In reply to Alan Somers from comment #2)

Good point! I tested this with a file key only. I imagine the desired behavior with passphrase would be to prompt at boot like when using GELI on root. I'll take a look at this tonight.
Comment 4 Graham Perrin 2021-06-12 00:48:11 UTC
Also: 

⚙ D30015 Add zfskeys script to /etc/rc.d for auto-loading zfs keys
<https://reviews.freebsd.org/D30015>
Comment 5 David Schlachter 2021-06-12 01:26:18 UTC
Comment on attachment 225750 [details]
Patch to add knob to rc.conf to automount zfs filesystems

(In reply to Graham Perrin from comment #4)

Yes, that looks much more complete! Once it's merged I think this issue should be closed.