Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/defaults/unlock-zfs.sh
blob: c22a21469dd0904be9a77aa72e07009c680eece3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#!/bin/sh

. /etc/initrd.defaults
. /etc/initrd.scripts

GK_INIT_LOG_PREFIX=${0}
if [ -n "${SSH_CLIENT_IP}" ] && [ -n "${SSH_CLIENT_PORT}" ]
then
	GK_INIT_LOG_PREFIX="${0}[${SSH_CLIENT_IP}:${SSH_CLIENT_PORT}]"
fi

if [ -f "${ZFS_ENC_ENV_FILE}" ]
then
	. "${ZFS_ENC_ENV_FILE}"
else
	bad_msg "${ZFS_ENC_ENV_FILE} does not exist! Did you boot without 'dozfs' kernel command-line parameter?"
	exit 1
fi

main() {
	if ! hash zfs >/dev/null 2>&1
	then
		bad_msg "zfs program is missing. Was initramfs built without --zfs parameter?"
		exit 1
	elif ! hash zpool >/dev/null 2>&1
	then
		bad_msg "zpool program is missing. Was initramfs built without --zfs parameter?"
		exit 1
	elif [ -z "${ROOTFSTYPE}" ]
	then
		bad_msg "Something went wrong. ROOTFSTYPE is not set!"
		exit 1
	elif [ "${ROOTFSTYPE}" != "zfs" ]
	then
		bad_msg "ROOTFSTYPE of 'zfs' required but '${ROOTFSTYPE}' detected!"
		exit 1
	elif [ -z "${REAL_ROOT}" ]
	then
		bad_msg "Something went wrong. REAL_ROOT is not set!"
		exit 1
	fi

	if [ "$(zpool list -H -o feature@encryption "${REAL_ROOT%%/*}" 2>/dev/null)" != 'active' ]
	then
		bad_msg "Root device ${REAL_ROOT} is not encrypted!"
		exit 1
	fi

	local ZFS_ENCRYPTIONROOT="$(get_zfs_property "${REAL_ROOT}" encryptionroot)"
	if [ "${ZFS_ENCRYPTIONROOT}" = '-' ]
	then
		bad_msg "Failed to determine encryptionroot for ${REAL_ROOT}!"
		exit 1
	fi

	local ZFS_KEYSTATUS=
	while true
	do
		if [ -e "${ZFS_ENC_OPENED_LOCKFILE}" ]
		then
			good_msg "${REAL_ROOT} device meanwhile was opened by someone else."
			break
		fi

		zfs load-key "${ZFS_ENCRYPTIONROOT}"

		ZFS_KEYSTATUS="$(get_zfs_property "${REAL_ROOT}" keystatus)"
		if [ "${ZFS_KEYSTATUS}" = 'available' ]
		then
			run touch "${ZFS_ENC_OPENED_LOCKFILE}"
			good_msg "ZFS device ${REAL_ROOT} opened"
			break
		else
			bad_msg "Failed to open ZFS device ${REAL_ROOT}"

			# We need to stop here with a non-zero exit code to prevent
			# a loop when invalid keyfile was sent.
			exit 1
		fi
	done

	if [ "${ZFS_KEYSTATUS}" = 'available' ]
	then
		# Kill any running load-key prompt.
		run pkill -f "load-key" >/dev/null 2>&1
	fi
}

main

exit 0