I am looking for direction on how to auto-unlock an encrypted ZFS root partition on boot (no passphrase needed). This is for a server that will be headless and will need to be able to reboot without human input. The drives are encrypted in case of failure and needing to return to the OEM.
Ideally I plan to use a TPM for password storage/retrieval but if I could locate how to hard code the password on boot it would be a good start (TPM would be a plus and where I'm trying to get to ultimately).
I setup Ubuntu 22.04 with the following settings:
ZFS + encryption:
This encrypts the rpool/root volume with native encryption and stores the system.key file in a LUKS volume that opens via cryptsetup on boot.
root@zfs_encrypt:~# sudo blkid --match-token TYPE=crypto_LUKS -o device
/dev/zd0
It looks like there is a LUKS device at /dev/zd0. This maps to the following:
/dev/mapper/keystore-rpool: LABEL="keystore-rpool" UUID="6866fb91-cd4d-47a4-b560-87f869c8cfff" BLOCK_SIZE="4096" TYPE="ext4"
I'm not sure how to supply the password at boot time. Crypttab is empty and /etc/fstab only contains a mount for EFI.
Please let me know if you have any resources that help outline the next steps to automating the boot/cryptsetup process with this configuration.
