diff options
| author | Alex Wilson | 2021-03-10 16:28:08 +1000 |
|---|---|---|
| committer | Alex Wilson | 2021-03-10 16:28:08 +1000 |
| commit | 14eb7308203ad6a648be5bafe2a5f4825136d8ee (patch) | |
| tree | 0fca06a95d2d2fafe714cea77fb38dc3ccf0cd42 /zfs-pivy.hook | |
| parent | ef28e3a1858176eb2d25d0f7ff725f04d494aaf2 (diff) | |
| download | aur-14eb7308203ad6a648be5bafe2a5f4825136d8ee.tar.gz | |
Add implicit rekey after unlock in initcpio hook
Diffstat (limited to 'zfs-pivy.hook')
| -rw-r--r-- | zfs-pivy.hook | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/zfs-pivy.hook b/zfs-pivy.hook index b5b8b75f2cb0..b78c4df92f31 100644 --- a/zfs-pivy.hook +++ b/zfs-pivy.hook @@ -52,6 +52,9 @@ zfs_decrypt_fs() { ! eval pivy-zfs unlock "${encryptionroot}"; do sleep 2 done + # do an implicit re-key after unlock, so that the exchange we had with + # the yubikey is not replayable + pivy-zfs rekey "${encryptionroot}" fi # loop until we get the correct password or key is unlocked by another vector (SSH for instance) |