initramfs: source user scripts from /e/z/initramfs-tools-load-key{,.d/*}

By dropping in a file in a directory (for packages) or by making a file (for local administrators), custom key loading methods may be provided for the rootfs and necessities. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Nicholas Morris <security@niwamo.com> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Co-authored-by: Nicholas Morris <security@niwamo.com> Supersedes: #14704 Closes: #13757 Closes #14733
2026-05-22 02:27:36 +03:00 · 2023-04-12 19:08:49 +02:00
parent 574e09d8c6
commit 6e015933f8
3 changed files with 37 additions and 1 deletions
@@ -420,6 +420,16 @@ decrypt_fs()
 			# Continue only if the key needs to be loaded
 			[ "$KEYSTATUS" = "unavailable" ] || return 0

+			# Try extensions first
+			for f in "/etc/zfs/initramfs-tools-load-key" "/etc/zfs/initramfs-tools-load-key.d/"*; do
+				[ -r "$f" ] || continue
+				(. "$f") && {
+					# Successful return and actually-loaded key: we're done
+					KEYSTATUS="$(get_fs_value "${ENCRYPTIONROOT}" keystatus)"
+					[ "$KEYSTATUS" = "unavailable" ] || return 0
+				}
+			done
+
 			# Do not prompt if key is stored noninteractively,
 			if ! [ "${KEYLOCATION}" = "prompt" ]; then
 				$ZFS load-key "${ENCRYPTIONROOT}"