Hi,
I have an 21.10 installation with ZFS and Disk Encryption. I want to disable the encryption for a while (just remote access).
On my previous machiens (arch with btrfs) I just add the keyfile to luks and to the boot cmdline and I'm fine. This is obviously not possible with ZFS.
Did anyone now, how to achive that?
What I already try:
- create keyfile: dd if=/dev/urandom of=/boot/boot.key bs=1024 count=4
- add it to zd0: cryptsetup luksAddKey /dev/zd0 /boot/boot.key
- use blkid to get UUID of ZD0 (0b3f3e27-8270-4030-b4d5-6ad337dfb57d)
- add it to /etc/crypttab: keystore-rpool UUID="0b3f3e27-8270-4030-b4d5-6ad337dfb57d" /boot/boot.key luks,discard,initramfs
- re-generate initramfs: update-initramfs -u -k all
If I extract the initram, I find /cryptroot/crypttab and /cryptroot/keyfiles/keystor-rpool.key in it.
The initramf-crypttab looks like: keystore-rpool UUID="0b3f3e27-8270-4030-b4d5-6ad337dfb57d" /cryptroot/keyfiles/keystor-rpool.key luks,discard
But if I reboot, I still get asked for the Password for device 0b3f3e27-8270-4030-b4d5-6ad337dfb57d. I entered 3 times a wrong one to get into the initram-shell and take a look.
/cryptroot/keyfiles/keystor-rpool.key still exist, but the crypttab is an other. It contains now: keystore-rpool /dev/zvol/rpool/keystore none luks,discard
What did I wrong/forget?
Thanks