deviantintegral/zfs-unlock

## zfs-unlock
#!/bin/sh

# Place this in /etc/initramfs-tools/scripts/init-premount/zfs-unlock and
# run update-initramfs -u to include the script.
#
# This initramfs script handles mounting encrypted pools from a keyfile
# and not a passphrase. The main use case is keeping datasets encrypted so
# disks can be safely discarded if they partially fail and can't be easily
# wiped.
#
# The keyfile is placed on a USB key with the label KEYS, and is unmounted
# when done.
#
# root-on-zfs hasn't been tested yet.

# Change to the name of your pool.
POOL="pool"

PREREQ="udev zfs"
prereqs()
{
   echo "$PREREQ"
}

case $1 in
prereqs)
   prereqs
   exit 0
   ;;
esac

. /scripts/functions
. /etc/zfs/zfs-functions

exec >/run/initramfs/initramfs-zfs.debug 2>&1
set -x

# Custom content starts here.
# ------------
# Source the default setup variables.
[ -r '/etc/default/zfs' ] && . /etc/default/zfs

# ------------
# Support debug option
if grep -qiE '(^|[^\\](\\\\)* )(zfs_debug|zfs\.debug|zfsdebug)=(on|yes|1)( |$)' /proc/cmdline
then
	ZFS_DEBUG=1
	mkdir /var/log
	exec 2> /var/log/boot.debug
	set -x
fi

# ------------
# Load ZFS module etc.
if ! load_module_initrd; then
	disable_plymouth
	echo ""
	echo "Failed to load ZFS modules."
	/sbin/modprobe zfs || panic "modprobe zfs failed. Manually load the modules and exit."
fi

zfs_log_begin_msg "Mounting keys."
mkdir -p /media/keys
mount -o ro,umask=0377 /dev/disk/by-label/KEYS /media/keys
zfs_log_end_msg

zfs_log_begin_msg "Loading keys and pools..."
# Don't mount file systems to prevent locks when we pivot root.
zpool import -N $POOL || panic "zpool import failed."
zfs load-key -a || panic "zfs load-key import failed."
zfs_log_end_msg

umount /media/keys
	#!/bin/sh

	# Place this in /etc/initramfs-tools/scripts/init-premount/zfs-unlock and
	# run update-initramfs -u to include the script.
	#
	# This initramfs script handles mounting encrypted pools from a keyfile
	# and not a passphrase. The main use case is keeping datasets encrypted so
	# disks can be safely discarded if they partially fail and can't be easily
	# wiped.
	#
	# The keyfile is placed on a USB key with the label KEYS, and is unmounted
	# when done.
	#
	# root-on-zfs hasn't been tested yet.

	# Change to the name of your pool.
	POOL="pool"

	PREREQ="udev zfs"
	prereqs()
	{
	echo "$PREREQ"
	}

	case $1 in
	prereqs)
	prereqs
	exit 0
	;;
	esac

	. /scripts/functions
	. /etc/zfs/zfs-functions

	exec >/run/initramfs/initramfs-zfs.debug 2>&1
	set -x

	# Custom content starts here.
	# ------------
	# Source the default setup variables.
	[ -r '/etc/default/zfs' ] && . /etc/default/zfs

	# ------------
	# Support debug option
	if grep -qiE '(^\|[^\\](\\\\)* )(zfs_debug\|zfs\.debug\|zfsdebug)=(on\|yes\|1)( \|$)' /proc/cmdline
	then
	ZFS_DEBUG=1
	mkdir /var/log
	exec 2> /var/log/boot.debug
	set -x
	fi

	# ------------
	# Load ZFS module etc.
	if ! load_module_initrd; then
	disable_plymouth
	echo ""
	echo "Failed to load ZFS modules."
	/sbin/modprobe zfs \|\| panic "modprobe zfs failed. Manually load the modules and exit."
	fi

	zfs_log_begin_msg "Mounting keys."
	mkdir -p /media/keys
	mount -o ro,umask=0377 /dev/disk/by-label/KEYS /media/keys
	zfs_log_end_msg

	zfs_log_begin_msg "Loading keys and pools..."
	# Don't mount file systems to prevent locks when we pivot root.
	zpool import -N $POOL \|\| panic "zpool import failed."
	zfs load-key -a \|\| panic "zfs load-key import failed."
	zfs_log_end_msg

	umount /media/keys