21 lines
737 B
Bash
Executable file
21 lines
737 B
Bash
Executable file
#!/bin/sh
|
|
|
|
# First make sure the zfs kmod is loaded
|
|
modprobe zfs 2>/dev/null
|
|
udevadm settle
|
|
|
|
# Inspired by Alpine Linux's mkinitfs script - search for encrypted pool's by means of the cmdline root atribute
|
|
local _root_vol="${root}"
|
|
local _root_pool="${_root_vol%%/*}"
|
|
|
|
# Import the root pool
|
|
zpool import -N -d /dev $_root_pool
|
|
|
|
# If the pool is encrypted run `zlevis decrypt` to obtain the key stored in the tpm2 and load it
|
|
if [ $(zpool list -H -o feature@encryption $_root_pool) = "active" ]; then
|
|
local _encryption_root=$(zfs get -H -o value encryptionroot $_root_vol)
|
|
if [ "$_encryption_root" != "-" ]; then
|
|
zlevis decrypt $_root_pool | zfs load-key -L prompt "$_root_pool" || echo "zlevis failed to unlock $_root_pool"
|
|
fi
|
|
fi
|
|
|