zfs crypto discuss - Mar 2008 - [Bug 769] New: ''zpool import'' cause interaction if locator=prompt

http://defect.opensolaris.org/bz/show_bug.cgi?id=769

           Summary: ''zpool import'' cause interaction if
locator=prompt
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: critical
          Priority: P2
         Component: other
        AssignedTo: darrenm at opensolaris.org
        ReportedBy: hua.tang at sun.com
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


Build: 2008-03-12

# zpool create -o keysource=passphrase,prompt tank /export/home/vdev_file
Enter in passphrase for ''tank'': 
Enter again: 
# zfs create -o encryption=on tank/fs
# zpool export tank
# zpool import -d /export/home tank
Enter in passphrase for ''tank'':

What''s more, given an incorrect passphrase, ''tank/fs''
were mounted.
# df -h | grep tank/fs
tank/fs                218M    18K   218M     1%    /tank/fs

The behaviours are not expected because in page 6 of design doc:

Datasets that are encrypted will only be mounted at pool import time if the
necessary key material is available. Importing a pool will not cause any
interaction to retrieve key material, this is important since pool import may
happen during very early system boot.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=769


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |CLOSED
         Resolution|                            |WONTFIX




--- Comment #1 from Darren J Moffat <darrenm at opensolaris.org> 
2008-03-14 03:14:20 ---
Turns out the design doc was making an incorrect assumption.

There is a difference between and explicit ''zpool import'' and
the "import" that
happens during boot.  There is no explicit call to ''zpool
import'' in any SMF
service.  Instead the kernel finds the pools using the /etc/zfs/zpool.cache
file and setsup an in kernel spa_t for each one, this isn''t the same as
what
happens with an explicit ''zpool import''.

The amendments fast-track that will be filed after codereview will clarify the
distinction between an explicit and implicit import.  In explicit import key
material will be loaded or prompted for.  An implicit import (ie system boot)
will not cause interaction.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.