diff options
Diffstat (limited to 'zfs-pivy.hook')
| -rw-r--r-- | zfs-pivy.hook | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/zfs-pivy.hook b/zfs-pivy.hook index b5b8b75f2cb0..b78c4df92f31 100644 --- a/zfs-pivy.hook +++ b/zfs-pivy.hook @@ -52,6 +52,9 @@ zfs_decrypt_fs() { ! eval pivy-zfs unlock "${encryptionroot}"; do sleep 2 done + # do an implicit re-key after unlock, so that the exchange we had with + # the yubikey is not replayable + pivy-zfs rekey "${encryptionroot}" fi # loop until we get the correct password or key is unlocked by another vector (SSH for instance) |