OpenZFS: using an encrypted dataset without a prompt for its passphrase
Ryan Moeller
freqlabs at FreeBSD.org
Sat Oct 17 07:40:39 UTC 2020
On 10/17/20 1:54 AM, Graham Perrin wrote:
> root at momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e
> creation -e key -e crypt
> Transcend/VirtualBox creation Wed Sep 2 19:02 2020 -
> Transcend/VirtualBox encryption aes-256-gcm -
> Transcend/VirtualBox keylocation prompt local
> Transcend/VirtualBox keyformat passphrase -
> Transcend/VirtualBox encryptionroot Transcend/VirtualBox -
> Transcend/VirtualBox keystatus unavailable -
> root at momh167-gjp4-8570p:~ #
>
> I was prompted in early September but since then, no prompts.
>
> I can export and import the pool (Transcend) without entering the
> passphrase.
>
> Is this intended behaviour and if so: how does the pool – or the
> computer to which I connect the device (a mobile hard disk drive) –
> know that entry of the phrase is unnecessary?
This is intentional. The pool can be imported but the filesystem is not
mounted until the key is loaded.
See zfs-load-key(8)
-Ryan
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to
> "freebsd-current-unsubscribe at freebsd.org"
More information about the freebsd-current
mailing list