How do I automatically import a non-root encrypted ZFS pool on boot-up?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
6
down vote

favorite












I’m running an updated version of Arch Linux with the stock kernel, version 4.9.6, and ZoL version 0.7.0, and I want to import an encrypted non-root pool on boot. The pool is a raid 1 mirror.



The encrypted containers were made via:



cryptsetup -y -v luksFormat /dev/nvme0n1p3


and



cryptsetup -y -v luksFormat /dev/nvme1n1p3


I used the same passphrase for each.



I can manually open the containers and import the pool via:



cryptsetup open /dev/nvme0n1p3 enc0 
cryptsetup open /dev/nvme1n1p3 enc1
zpool import -d /dev/mapper zeb


The cryptosetup commands prompt me for, and accept, my password.



My mkinitcpio file contains the systemd, zfs, and sd-encrypt hooks. It also contains the modules dm_mod, dm_crypt, aes_x86_64 and raid1. These are somewhat of a shot in the dark based on bit’s and pieces I’ve found online.



I’m using systemd-boot, but it seems like the key lies in getting the mkinitcpio configuration set up correctly. My boot partition is not encrypted.



Again, my only goal here is to automatically (with prompt for passphrase) import my encrypted ZFS pool on boot. I have no problem doing this with non-encrypted pools.










share|improve this question

























    up vote
    6
    down vote

    favorite












    I’m running an updated version of Arch Linux with the stock kernel, version 4.9.6, and ZoL version 0.7.0, and I want to import an encrypted non-root pool on boot. The pool is a raid 1 mirror.



    The encrypted containers were made via:



    cryptsetup -y -v luksFormat /dev/nvme0n1p3


    and



    cryptsetup -y -v luksFormat /dev/nvme1n1p3


    I used the same passphrase for each.



    I can manually open the containers and import the pool via:



    cryptsetup open /dev/nvme0n1p3 enc0 
    cryptsetup open /dev/nvme1n1p3 enc1
    zpool import -d /dev/mapper zeb


    The cryptosetup commands prompt me for, and accept, my password.



    My mkinitcpio file contains the systemd, zfs, and sd-encrypt hooks. It also contains the modules dm_mod, dm_crypt, aes_x86_64 and raid1. These are somewhat of a shot in the dark based on bit’s and pieces I’ve found online.



    I’m using systemd-boot, but it seems like the key lies in getting the mkinitcpio configuration set up correctly. My boot partition is not encrypted.



    Again, my only goal here is to automatically (with prompt for passphrase) import my encrypted ZFS pool on boot. I have no problem doing this with non-encrypted pools.










    share|improve this question























      up vote
      6
      down vote

      favorite









      up vote
      6
      down vote

      favorite











      I’m running an updated version of Arch Linux with the stock kernel, version 4.9.6, and ZoL version 0.7.0, and I want to import an encrypted non-root pool on boot. The pool is a raid 1 mirror.



      The encrypted containers were made via:



      cryptsetup -y -v luksFormat /dev/nvme0n1p3


      and



      cryptsetup -y -v luksFormat /dev/nvme1n1p3


      I used the same passphrase for each.



      I can manually open the containers and import the pool via:



      cryptsetup open /dev/nvme0n1p3 enc0 
      cryptsetup open /dev/nvme1n1p3 enc1
      zpool import -d /dev/mapper zeb


      The cryptosetup commands prompt me for, and accept, my password.



      My mkinitcpio file contains the systemd, zfs, and sd-encrypt hooks. It also contains the modules dm_mod, dm_crypt, aes_x86_64 and raid1. These are somewhat of a shot in the dark based on bit’s and pieces I’ve found online.



      I’m using systemd-boot, but it seems like the key lies in getting the mkinitcpio configuration set up correctly. My boot partition is not encrypted.



      Again, my only goal here is to automatically (with prompt for passphrase) import my encrypted ZFS pool on boot. I have no problem doing this with non-encrypted pools.










      share|improve this question













      I’m running an updated version of Arch Linux with the stock kernel, version 4.9.6, and ZoL version 0.7.0, and I want to import an encrypted non-root pool on boot. The pool is a raid 1 mirror.



      The encrypted containers were made via:



      cryptsetup -y -v luksFormat /dev/nvme0n1p3


      and



      cryptsetup -y -v luksFormat /dev/nvme1n1p3


      I used the same passphrase for each.



      I can manually open the containers and import the pool via:



      cryptsetup open /dev/nvme0n1p3 enc0 
      cryptsetup open /dev/nvme1n1p3 enc1
      zpool import -d /dev/mapper zeb


      The cryptosetup commands prompt me for, and accept, my password.



      My mkinitcpio file contains the systemd, zfs, and sd-encrypt hooks. It also contains the modules dm_mod, dm_crypt, aes_x86_64 and raid1. These are somewhat of a shot in the dark based on bit’s and pieces I’ve found online.



      I’m using systemd-boot, but it seems like the key lies in getting the mkinitcpio configuration set up correctly. My boot partition is not encrypted.



      Again, my only goal here is to automatically (with prompt for passphrase) import my encrypted ZFS pool on boot. I have no problem doing this with non-encrypted pools.







      linux boot systemd encryption zfs






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 4 '17 at 6:12









      airhuff

      539321




      539321




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote



          +150










          I don't have 50 reputation to comment, so I'll post my questions here.
          Your rootfs is not encrypted? So when you boot, you don't receive any cryptsetup prompts?
          If you don't receive any passwords promts, I'd suggest you unpacking your initramfs and modify init file, and add the following lines, somewhere after mounting rootfs.
          cryptsetup open /dev/nvme0n1p3 enc0 && cryptsetup open /dev/nvme1n1p3 enc1 && zpool import -d /dev/mapper zeb



          Sometime ago I needed to add remote ssh unlock of LUKS-encrypted ROOTFS with ZFS on a remote server. I have no way but modify init file and add dropbear to it, launch it, and modify cryptsetup command to accept password from fifo. I made a bash script for that, so when I update initramfs, this bash script unpacks initramfs, put my changes, and packs it back.
          But I am using gentoo and it's beautiful genkernel. Genkernel includes hooks for ZFS and cryptsetup, if you specify it. I don't know how it is in arch linux, maybe you have also an option to build kernel with genkernel/dracut, that way you can easily include cryptsetup and zfs hooks in initramfs, if it is not already included.
          Anyway it is easily doable by modifying init file, try it and post your results here.
          your initramfs maybe compressed using different methods, so find how to uncompress it in archlinux. On my side, I modified genkernel to generate it as cpio, and use cpio commands to unpack/pack back.



          UPDATE:
          You need to edit your mkinitcpio.conf and add 2 hooks
          "encrypt zfs" before "filesystems" in HOOKS
          next you need to define your luks devices, needed for unlocking in
          /etc/crypttab.initramfs # (google crypttab)
          This file will be included in next generation of initramfs, so now we are unlocking them at least.
          Maybe ZFS will do autoimport on next reboot, but if not, do the following:



          create file /usr/lib/initcpio/install/zfsmount



          #!/bin/bash

          build()
          add_runscript



          create file /usr/lib/initcpio/hooks/zfsmount



          #!/usr/bin/ash

          run_hook()
          zpool import mypool



          and in mkinitcpio.conf add "zfsmount" in HOOKS somewhere in the end, before or after "filesystems"



          And, of course, regenerate your initramfs with mkinitcpio



          Refs:
          https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS



          https://wiki.archlinux.org/index.php/mkinitcpio






          share|improve this answer






















          • Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
            – airhuff
            Feb 15 '17 at 17:58










          • Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
            – airhuff
            Feb 15 '17 at 18:20










          • Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
            – Ural
            Feb 16 '17 at 6:19










          • For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
            – Ural
            Feb 16 '17 at 6:21










          • I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
            – Ural
            Feb 16 '17 at 6:26

















          up vote
          0
          down vote













          I have the same question but under FreeBSD.





          share




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f342428%2fhow-do-i-automatically-import-a-non-root-encrypted-zfs-pool-on-boot-up%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            2
            down vote



            +150










            I don't have 50 reputation to comment, so I'll post my questions here.
            Your rootfs is not encrypted? So when you boot, you don't receive any cryptsetup prompts?
            If you don't receive any passwords promts, I'd suggest you unpacking your initramfs and modify init file, and add the following lines, somewhere after mounting rootfs.
            cryptsetup open /dev/nvme0n1p3 enc0 && cryptsetup open /dev/nvme1n1p3 enc1 && zpool import -d /dev/mapper zeb



            Sometime ago I needed to add remote ssh unlock of LUKS-encrypted ROOTFS with ZFS on a remote server. I have no way but modify init file and add dropbear to it, launch it, and modify cryptsetup command to accept password from fifo. I made a bash script for that, so when I update initramfs, this bash script unpacks initramfs, put my changes, and packs it back.
            But I am using gentoo and it's beautiful genkernel. Genkernel includes hooks for ZFS and cryptsetup, if you specify it. I don't know how it is in arch linux, maybe you have also an option to build kernel with genkernel/dracut, that way you can easily include cryptsetup and zfs hooks in initramfs, if it is not already included.
            Anyway it is easily doable by modifying init file, try it and post your results here.
            your initramfs maybe compressed using different methods, so find how to uncompress it in archlinux. On my side, I modified genkernel to generate it as cpio, and use cpio commands to unpack/pack back.



            UPDATE:
            You need to edit your mkinitcpio.conf and add 2 hooks
            "encrypt zfs" before "filesystems" in HOOKS
            next you need to define your luks devices, needed for unlocking in
            /etc/crypttab.initramfs # (google crypttab)
            This file will be included in next generation of initramfs, so now we are unlocking them at least.
            Maybe ZFS will do autoimport on next reboot, but if not, do the following:



            create file /usr/lib/initcpio/install/zfsmount



            #!/bin/bash

            build()
            add_runscript



            create file /usr/lib/initcpio/hooks/zfsmount



            #!/usr/bin/ash

            run_hook()
            zpool import mypool



            and in mkinitcpio.conf add "zfsmount" in HOOKS somewhere in the end, before or after "filesystems"



            And, of course, regenerate your initramfs with mkinitcpio



            Refs:
            https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS



            https://wiki.archlinux.org/index.php/mkinitcpio






            share|improve this answer






















            • Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
              – airhuff
              Feb 15 '17 at 17:58










            • Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
              – airhuff
              Feb 15 '17 at 18:20










            • Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
              – Ural
              Feb 16 '17 at 6:19










            • For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
              – Ural
              Feb 16 '17 at 6:21










            • I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
              – Ural
              Feb 16 '17 at 6:26














            up vote
            2
            down vote



            +150










            I don't have 50 reputation to comment, so I'll post my questions here.
            Your rootfs is not encrypted? So when you boot, you don't receive any cryptsetup prompts?
            If you don't receive any passwords promts, I'd suggest you unpacking your initramfs and modify init file, and add the following lines, somewhere after mounting rootfs.
            cryptsetup open /dev/nvme0n1p3 enc0 && cryptsetup open /dev/nvme1n1p3 enc1 && zpool import -d /dev/mapper zeb



            Sometime ago I needed to add remote ssh unlock of LUKS-encrypted ROOTFS with ZFS on a remote server. I have no way but modify init file and add dropbear to it, launch it, and modify cryptsetup command to accept password from fifo. I made a bash script for that, so when I update initramfs, this bash script unpacks initramfs, put my changes, and packs it back.
            But I am using gentoo and it's beautiful genkernel. Genkernel includes hooks for ZFS and cryptsetup, if you specify it. I don't know how it is in arch linux, maybe you have also an option to build kernel with genkernel/dracut, that way you can easily include cryptsetup and zfs hooks in initramfs, if it is not already included.
            Anyway it is easily doable by modifying init file, try it and post your results here.
            your initramfs maybe compressed using different methods, so find how to uncompress it in archlinux. On my side, I modified genkernel to generate it as cpio, and use cpio commands to unpack/pack back.



            UPDATE:
            You need to edit your mkinitcpio.conf and add 2 hooks
            "encrypt zfs" before "filesystems" in HOOKS
            next you need to define your luks devices, needed for unlocking in
            /etc/crypttab.initramfs # (google crypttab)
            This file will be included in next generation of initramfs, so now we are unlocking them at least.
            Maybe ZFS will do autoimport on next reboot, but if not, do the following:



            create file /usr/lib/initcpio/install/zfsmount



            #!/bin/bash

            build()
            add_runscript



            create file /usr/lib/initcpio/hooks/zfsmount



            #!/usr/bin/ash

            run_hook()
            zpool import mypool



            and in mkinitcpio.conf add "zfsmount" in HOOKS somewhere in the end, before or after "filesystems"



            And, of course, regenerate your initramfs with mkinitcpio



            Refs:
            https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS



            https://wiki.archlinux.org/index.php/mkinitcpio






            share|improve this answer






















            • Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
              – airhuff
              Feb 15 '17 at 17:58










            • Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
              – airhuff
              Feb 15 '17 at 18:20










            • Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
              – Ural
              Feb 16 '17 at 6:19










            • For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
              – Ural
              Feb 16 '17 at 6:21










            • I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
              – Ural
              Feb 16 '17 at 6:26












            up vote
            2
            down vote



            +150







            up vote
            2
            down vote



            +150




            +150




            I don't have 50 reputation to comment, so I'll post my questions here.
            Your rootfs is not encrypted? So when you boot, you don't receive any cryptsetup prompts?
            If you don't receive any passwords promts, I'd suggest you unpacking your initramfs and modify init file, and add the following lines, somewhere after mounting rootfs.
            cryptsetup open /dev/nvme0n1p3 enc0 && cryptsetup open /dev/nvme1n1p3 enc1 && zpool import -d /dev/mapper zeb



            Sometime ago I needed to add remote ssh unlock of LUKS-encrypted ROOTFS with ZFS on a remote server. I have no way but modify init file and add dropbear to it, launch it, and modify cryptsetup command to accept password from fifo. I made a bash script for that, so when I update initramfs, this bash script unpacks initramfs, put my changes, and packs it back.
            But I am using gentoo and it's beautiful genkernel. Genkernel includes hooks for ZFS and cryptsetup, if you specify it. I don't know how it is in arch linux, maybe you have also an option to build kernel with genkernel/dracut, that way you can easily include cryptsetup and zfs hooks in initramfs, if it is not already included.
            Anyway it is easily doable by modifying init file, try it and post your results here.
            your initramfs maybe compressed using different methods, so find how to uncompress it in archlinux. On my side, I modified genkernel to generate it as cpio, and use cpio commands to unpack/pack back.



            UPDATE:
            You need to edit your mkinitcpio.conf and add 2 hooks
            "encrypt zfs" before "filesystems" in HOOKS
            next you need to define your luks devices, needed for unlocking in
            /etc/crypttab.initramfs # (google crypttab)
            This file will be included in next generation of initramfs, so now we are unlocking them at least.
            Maybe ZFS will do autoimport on next reboot, but if not, do the following:



            create file /usr/lib/initcpio/install/zfsmount



            #!/bin/bash

            build()
            add_runscript



            create file /usr/lib/initcpio/hooks/zfsmount



            #!/usr/bin/ash

            run_hook()
            zpool import mypool



            and in mkinitcpio.conf add "zfsmount" in HOOKS somewhere in the end, before or after "filesystems"



            And, of course, regenerate your initramfs with mkinitcpio



            Refs:
            https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS



            https://wiki.archlinux.org/index.php/mkinitcpio






            share|improve this answer














            I don't have 50 reputation to comment, so I'll post my questions here.
            Your rootfs is not encrypted? So when you boot, you don't receive any cryptsetup prompts?
            If you don't receive any passwords promts, I'd suggest you unpacking your initramfs and modify init file, and add the following lines, somewhere after mounting rootfs.
            cryptsetup open /dev/nvme0n1p3 enc0 && cryptsetup open /dev/nvme1n1p3 enc1 && zpool import -d /dev/mapper zeb



            Sometime ago I needed to add remote ssh unlock of LUKS-encrypted ROOTFS with ZFS on a remote server. I have no way but modify init file and add dropbear to it, launch it, and modify cryptsetup command to accept password from fifo. I made a bash script for that, so when I update initramfs, this bash script unpacks initramfs, put my changes, and packs it back.
            But I am using gentoo and it's beautiful genkernel. Genkernel includes hooks for ZFS and cryptsetup, if you specify it. I don't know how it is in arch linux, maybe you have also an option to build kernel with genkernel/dracut, that way you can easily include cryptsetup and zfs hooks in initramfs, if it is not already included.
            Anyway it is easily doable by modifying init file, try it and post your results here.
            your initramfs maybe compressed using different methods, so find how to uncompress it in archlinux. On my side, I modified genkernel to generate it as cpio, and use cpio commands to unpack/pack back.



            UPDATE:
            You need to edit your mkinitcpio.conf and add 2 hooks
            "encrypt zfs" before "filesystems" in HOOKS
            next you need to define your luks devices, needed for unlocking in
            /etc/crypttab.initramfs # (google crypttab)
            This file will be included in next generation of initramfs, so now we are unlocking them at least.
            Maybe ZFS will do autoimport on next reboot, but if not, do the following:



            create file /usr/lib/initcpio/install/zfsmount



            #!/bin/bash

            build()
            add_runscript



            create file /usr/lib/initcpio/hooks/zfsmount



            #!/usr/bin/ash

            run_hook()
            zpool import mypool



            and in mkinitcpio.conf add "zfsmount" in HOOKS somewhere in the end, before or after "filesystems"



            And, of course, regenerate your initramfs with mkinitcpio



            Refs:
            https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS



            https://wiki.archlinux.org/index.php/mkinitcpio







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Feb 18 '17 at 8:20

























            answered Feb 15 '17 at 9:25









            Ural

            35616




            35616











            • Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
              – airhuff
              Feb 15 '17 at 17:58










            • Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
              – airhuff
              Feb 15 '17 at 18:20










            • Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
              – Ural
              Feb 16 '17 at 6:19










            • For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
              – Ural
              Feb 16 '17 at 6:21










            • I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
              – Ural
              Feb 16 '17 at 6:26
















            • Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
              – airhuff
              Feb 15 '17 at 17:58










            • Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
              – airhuff
              Feb 15 '17 at 18:20










            • Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
              – Ural
              Feb 16 '17 at 6:19










            • For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
              – Ural
              Feb 16 '17 at 6:21










            • I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
              – Ural
              Feb 16 '17 at 6:26















            Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
            – airhuff
            Feb 15 '17 at 17:58




            Much thanks for your answer, and I upvoted to get you closer to 50 pts. You'll have to bear with me a bit on the boot process. I'm not sure what you mean by unpacking initramfs and modifying init file, but I can search a bit for that. Does Gentoo use systemd? Is the init file you are talking about part of sysVinit? You don't just mean modifying mkinitcpio.conf?
            – airhuff
            Feb 15 '17 at 17:58












            Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
            – airhuff
            Feb 15 '17 at 18:20




            Also, my ultimate goal is an encrypted root ZFS file system. I figured this would be a simpler question/step toward getting there. I previously posted a question like this except for root on ZFS and it got zero votes, one well-meaning but useless comment and not a single answer even though I did a 50 point bounty! Anyway, it seems like if I could figure out how to get the system to prompt for the encryption passphrase for even a non-root filesystem, I'd be most of the way there.
            – airhuff
            Feb 15 '17 at 18:20












            Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
            – Ural
            Feb 16 '17 at 6:19




            Gentoo can use systemd, but I prefer default OpenRC. Systemd thinks it is more clever than user IMHO, and too complicated. Latest version of OpenRC have not less functionality. On my side, zfs on encrypted rootfs was easy part. Even I wrote a solution to unlock the rootfs by ssh, and this didn't took much time. Also I have all compiled with -march=native, which increases system overall speed. Maybe think about switching to Gentoo? :)) I have latest updated software, compiled for my own processor and it works perfectly.
            – Ural
            Feb 16 '17 at 6:19












            For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
            – Ural
            Feb 16 '17 at 6:21




            For encrypted rootfs, have your read wiki.archlinux.org/index.php/Dm-crypt/… and bbs.archlinux.org/viewtopic.php?id=205122 ? For initramfs, I don't know how look systemd's init, but I do the following: gunzip < /boot/initramfs-genkernel-x86_64-$uname | cpio -i --make-directories Now I have initramfs stuff unpacked. I have file 'init', which is a shell script. that doing all stuff, like mounting /proc /sys and rootfs. You can modify it for your needs, and then pack the whole folder back and put to /boot.
            – Ural
            Feb 16 '17 at 6:21












            I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
            – Ural
            Feb 16 '17 at 6:26




            I did that (unpack/pack back) for adding dropbear to it. Usually I can configure all in genkernel.conf (like yours mkinitcpio.conf), So AFTER generating initramfs, try to unpack it and see what it contain. In ubuntu there is easier way like adding a script to /etc/initramfs-tools/... and it packs it there when building initramfs
            – Ural
            Feb 16 '17 at 6:26












            up vote
            0
            down vote













            I have the same question but under FreeBSD.





            share
























              up vote
              0
              down vote













              I have the same question but under FreeBSD.





              share






















                up vote
                0
                down vote










                up vote
                0
                down vote









                I have the same question but under FreeBSD.





                share












                I have the same question but under FreeBSD.






                share











                share


                share










                answered 3 mins ago









                brunobhr

                63




                63



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f342428%2fhow-do-i-automatically-import-a-non-root-encrypted-zfs-pool-on-boot-up%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?