[Pkg-zfsonlinux-devel] Bug#972132: Bug#972132: zfs-initramfs: Fails to boot when / is on zfs encryption=on dataset
John Goerzen
jgoerzen at complete.org
Wed Oct 14 14:31:43 BST 2020
On Mon, Oct 12 2020, Richard Laager wrote:
> On 10/12/20 9:29 PM, John Goerzen wrote:
>> I have set up this system to use ZFS crypto rather than my more
>> conventional zfs-atop-LUKS.
>
> Can you explain a little bit more about how you setup your
> system?
>
> This (root-on-ZFS with native encryption) already works for me
> on Buster
> (with ZFS from buster-backports) using the upstream HOWTO (that
> I maintain):
> https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Buster%20Root%20on%20ZFS.html
Hi Richard,
That HOWTO is fantastic and I wish that it would have turned up
when I did my search! I have pretty much done similar things with
my setup.
The main thing that occurs to me is I hadn't figured out the -O
encryption=on for the zpool create, so I have a top-level rpool
that is unencrypted, and under that rpool/crypt that is encrypted,
and everything on the system is under rpool/crypt.
/boot is not on ZFS.
# zfs list -o name,mountpoint
NAME MOUNTPOINT
rpool /rpool
rpool/crypt /rpool/crypt
rpool/crypt/debian-1 /
rpool/crypt/debian-1/home /home
and so forth.
I don't have a separate bpool due to /boot being ext2 so there's
not that issue for me. I made no modification to systemd unit
files, or the zfs-list.cache.
Thanks,
John
More information about the Pkg-zfsonlinux-devel
mailing list