zfs icon indicating copy to clipboard operation
zfs copied to clipboard
verified publisher icon openzfs

initramfs: allow user to supply their own unlock mechanism

Open akorn opened this issue 3 years ago • 0 comments

Closes #13757.

The user can set org.openzfs:zfs-initramfs:user-decrypt-function to true and supply a decrypt_fs_user function in /etc/zfs/zfs-user-functions, which will then be called and is expected to load the decryption key. If it succeeds, further prompts for the key are skipped.

Signed-off-by: András Korn [email protected]

Motivation and Context

This is my attempt to close #13757.

Description

The user can set org.openzfs:zfs-initramfs:user-decrypt-function to true and supply a decrypt_fs_user function in /etc/zfs/zfs-user-functions, which will then be called by decrypt_fs in initramfs and is expected to load the decryption key. If it succeeds, further prompts for the key are skipped.

How Has This Been Tested?

I haven't tested it; I would first like to have an opinion on whether the approach as such is valid and acceptable.

That said, the code is so minimal and trivial that I'm fairly confident it will work (barring typos).

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Performance enhancement (non-breaking change which improves efficiency)
  • [ ] Code cleanup (non-breaking change which makes code smaller or more readable)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)
  • [ ] Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • [ ] Documentation (a change to man pages or other documentation)

Checklist:

  • [x] My code follows the OpenZFS code style requirements. (Doesn't really apply as I only added shell code, not C.)
  • [x] I have updated the documentation accordingly.
  • [x] I have read the contributing document.
  • [ ] I have added tests to cover my changes. (I don't know how to do that, especially not for this kind of change.)
  • [ ] I have run the ZFS Test Suite with this change applied. (I don't think the test suite tests initramfs at all?)
  • [x] All commit messages are properly formatted and contain Signed-off-by.

akorn avatar Aug 10 '22 09:08 akorn