From owner-freebsd-current@freebsd.org Sat Oct 17 13:02:52 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EE31F437945 for ; Sat, 17 Oct 2020 13:02:52 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CD38q6psJz46bw for ; Sat, 17 Oct 2020 13:02:51 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wr1-x429.google.com with SMTP id n6so6420957wrm.13 for ; Sat, 17 Oct 2020 06:02:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=9t0KTduQ+cDPrZfBN667HD74BtlbmXcXEIO/rA4Nb1s=; b=lXzrCjbR7b5gyO5+wKv+VFYCEIy/50Tts81PU4FeBWztwSrAUESzDdG2j+eHnDY3pf /W5xHMsH9z2I9EiHzbO/p2iCD5HYnw94h30YyM6a05unJAZjGKDpkH4HcurqtA+3dlTf pJFK6YyrEL4X6SlLYXczloE2sOfkAeDWjEBXSUc+ZyzqO879xhZRL8kZmu2jd6eekRht PJMLY3/eUN//rSVn8xhE2WMxor8DR7vJKKlPo+t1sM4S0tr3UK26NcLRzLHgwMntkb3c 7ZVz4IircCkaOXGXN1NJlJ/4WpTSbDF2lqvMamyd77h8U6i2iftNAlsGSYW6VdBVc25V xq+A== X-Gm-Message-State: AOAM533wkrqUkrqQ4EGjfy2ECvYicR3S4y009pcmT7lTuyLTMsWlH/hA hATsPmJzwy6g2MvxmJuT1v0dOeioA/wImQ== X-Google-Smtp-Source: ABdhPJx5Jn3cCMHgyLKGRa6m8FbF1He+rAPaB+VDQAlhsY9vukm7cTePmyLa0tU2tHbAIoWob7S/CA== X-Received: by 2002:a5d:4144:: with SMTP id c4mr9804636wrq.311.1602939768969; Sat, 17 Oct 2020 06:02:48 -0700 (PDT) Received: from [192.168.1.11] (79-66-147-78.dynamic.dsl.as9105.com. [79.66.147.78]) by smtp.gmail.com with ESMTPSA id m1sm7133129wmm.34.2020.10.17.06.02.48 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 17 Oct 2020 06:02:48 -0700 (PDT) Subject: Re: OpenZFS: using an encrypted dataset without a prompt for its passphrase To: freebsd-current@freebsd.org References: <4fb31ed5-2281-13cf-e45e-28dae27f26b3@FreeBSD.org> From: Graham Perrin Message-ID: <267214f8-a099-b16c-1a13-c082ec95c4b8@gmail.com> Date: Sat, 17 Oct 2020 14:02:47 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4CD38q6psJz46bw X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.76 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.84)[-0.839]; RECEIVED_SPAMHAUS_PBL(0.00)[79.66.147.78:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.94)[-0.936]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.987]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::429:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2020 13:02:53 -0000 On 17/10/2020 12:35, Ryan Moeller wrote: > > On 10/17/20 5:55 AM, Graham Perrin wrote: >> On 17/10/2020 08:40, Ryan Moeller wrote: >>> This is intentional. The pool can be imported but the filesystem is >>> not mounted until the key is loaded. >> >> Thanks, the file system mounts without me entering a passphrase; is >> this intentional? >> > > It shouldn't be possible. > > # zfs mount storage/crypt > cannot mount 'storage/crypt': encryption key not loaded root@momh167-gjp4-8570p:~ # date ; uname -v ; uptime Sat Oct 17 14:00:10 BST 2020 FreeBSD 13.0-CURRENT #69 r366648: Tue Oct 13 05:49:05 BST 2020 root@momh167-gjp4-8570p:/usr/obj/usr/src/amd64.amd64/sys/GENERIC-NODEBUG  2:00PM  up 9 mins, 5 users, load averages: 0.29, 0.56, 0.31 root@momh167-gjp4-8570p:~ # zpool export Transcend && ls -hl /Volumes/t500/VirtualBox ; zpool import Transcend && ls -hl /Volumes/t500/VirtualBox ls: /Volumes/t500/VirtualBox: No such file or directory total 18 drwxr-xr-x  2 grahamperrin  grahamperrin     2B Sep 11 19:28 CloudReady drwxr-xr-x  6 grahamperrin  grahamperrin     6B May  8 09:04 FreeBSD drwxr-xr-x  4 grahamperrin  grahamperrin     4B Sep 20 17:03 Linux drwxr-xr-x  4 grahamperrin  grahamperrin     7B Oct 16 17:41 Windows root@momh167-gjp4-8570p:~ # zfs get all Transcend/VirtualBox | grep -e crypt -e key -e mountpoint | sort Transcend/VirtualBox  encryption aes-256-gcm               - Transcend/VirtualBox  encryptionroot Transcend/VirtualBox      - Transcend/VirtualBox  keyformat passphrase                - Transcend/VirtualBox  keylocation prompt                    local Transcend/VirtualBox  keystatus unavailable               - Transcend/VirtualBox  mountpoint /Volumes/t500/VirtualBox  inherited from Transcend root@momh167-gjp4-8570p:~ # zfs --version zfs-0.8.0-1 zfs-kmod-v2020100400-zfs_79f0935fa root@momh167-gjp4-8570p:~ #