quico-os-setup/arch-zbm
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

1-get-initial-setup-working #2

Merged
hygienic-books merged 92 commits from 1-get-initial-setup-working into main 2023-03-05 03:02:48 +00:00
Conversation 0 Commits 92 Files Changed 2 +10
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9943b6c61b - Show all commits

10
README.md
View File

@ -156,6 +156,16 @@ In order to generate a new master key after you've changed your user key as ment
``` ```
The parent `zpool/root` is inheriting this property from `zpool` which will make sure that `zpool/root/archlinux-frn` essentially gets its key now from `zpool`. Both `zpool/root/archlinux-frn` and `zpool` use the same exact `keylocation` with identical content. This operation is instant. The parent `zpool/root` is inheriting this property from `zpool` which will make sure that `zpool/root/archlinux-frn` essentially gets its key now from `zpool`. Both `zpool/root/archlinux-frn` and `zpool` use the same exact `keylocation` with identical content. This operation is instant.
## Finishing touches
Just to confirm that the master key has changed run this commands. It takes a moment to output data:
```
zfs send --raw zpool/root/archlinux-frn@rekey | zstream dump | sed -n -e '/crypt_keydata/,/end crypt/p; /END/q'
```
Repeat for source dataset `zpool/root/archlinux-sxu@rekey`. You're particularly interested in parameters `DSL_CRYPTO_MASTER_KEY_1` and the initialization vector `DSL_CRYPTO_IV`. Notice that they differ between old and new dataset confirming that your new dataset has a new master key.
Optionally you may want to clean up: Optionally you may want to clean up:
1. In newly keyed/reencrypted system dataset destroy its snapshot 1. In newly keyed/reencrypted system dataset destroy its snapshot