Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding remote root filesystem decryption initcpio hook #261

Merged
merged 2 commits into from Aug 11, 2018

Conversation

Projects
None yet
2 participants
@ArnCo
Copy link

ArnCo commented Jul 12, 2018

Here's a patch to allow the init process to continue if an encrypted root partition is unlocked via SSH on boot.
Once the unlock via SSH is done, the "zfs load-key" process needs to be killed. Then, the condition [ "$(zfs get -H -o value keystatus "${encryptionroot}")" != "available" ] becomes false and breaks the loop.
I'll develop an external initcpio hook to implement remote unlocking via this repo: https://github.com/grazzolini/mkinitcpio-utils as it already implements a similar system for LUKS.

@ArnCo

This comment has been minimized.

Copy link
Author

ArnCo commented Aug 1, 2018

I opened an issue at grazzolini/mkinitcpio-utils, but I'm not sure if the maintainer is still active. Could it be a possibility to integrate the hook in the archzfs repo @minextu ?

@minextu

This comment has been minimized.

Copy link
Member

minextu commented Aug 1, 2018

That would be an option. Though I won't have time to test/merge this week.

@ArnCo

This comment has been minimized.

Copy link
Author

ArnCo commented Aug 1, 2018

There's no hurry :) . I won't have time to submit it this week neither... I'll keep you updated.

@ArnCo ArnCo force-pushed the ArnCo:master branch 2 times, most recently from 61dfa4b to 11aae3b Aug 7, 2018

@ArnCo

This comment has been minimized.

Copy link
Author

ArnCo commented Aug 7, 2018

Hey @minextu , I just pushed the changes. Let me know if I can do something more to help :)

Cheers, ArnCo

@ArnCo ArnCo changed the title Added loop condition in initcpio hook to be able to unlock encrypted root over SSH Adding remote root filesystem decryption initcpio hook Aug 7, 2018

@minextu minextu merged commit 036669a into archzfs:master Aug 11, 2018

@minextu

This comment has been minimized.

Copy link
Member

minextu commented Aug 11, 2018

Awesome thanks! I changed it a bit to work without bootfs and without requiring Bash. It will be included when I next update packages.

@minextu

This comment has been minimized.

Copy link
Member

minextu commented Aug 11, 2018

Commits I added:
106f3de
715074f

@ArnCo

This comment has been minimized.

Copy link
Author

ArnCo commented Aug 12, 2018

That's awesome, clever way to get rid of the bootfs flag, and well done for the hook signature.

Keep up the great work :)

ArnCo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.