Mounting an Encrypted ZFS File System
Review the following considerations when attempting to mount an encrypted ZFS file system:
-
If an encrypted file system key is not available during boot time, the file system is not mounted automatically. For example, a file system with an encryption policy set to
passphrase,prompt
will not mount during boot time because the boot process is not interrupted to prompt for a passphrase. -
If you want to mount a file system with an encryption policy set to
passphrase,prompt
at boot time, you will need to either explicitly mount it with thezfs mount
command and specify the passphrase or use thezfs key -l
command to be prompted for the key after the system is booted.For example:
$ zfs mount -a Enter passphrase for 'tank/home/megr': xxxxxxxx Enter passphrase for 'tank/home/ws': xxxxxxxx Enter passphrase for 'tank/home/mork': xxxxxxxx
-
If an encrypted file system's
keysource
property points to a file in another file system, the mount order of the file systems can impact whether the encrypted file system is mounted at boot, particularly if the file is on removable media.