Skip to content

Fix encrypted ZFS persistence issue #467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kvinwang merged 1 commit into from
Jan 26, 2026
Merged

Fix encrypted ZFS persistence issue #467

kvinwang merged 1 commit into from
Jan 26, 2026
+5 −4

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Jan 26, 2026
edited
Loading

Problem

Encrypted ZFS volumes were reformatted on every reboot because initialization checked for both LUKS header and zpool on the raw encrypted device.

Solution

For encrypted filesystems, only check for LUKS header presence; filesystem detection happens after opening LUKS. Aligns encrypted ZFS with encrypted ext4.

Testing

  • cargo clippy
  • Verified encrypted ext4 storage persists correctly with KMS key provider
  • Verified encrypted ZFS storage persists correctly

@kvinwang
Fix encrypted ZFS persistence issue
2fb1755 
Problem: VMs with encrypted ZFS storage were reformatting the disk on
every reboot, even with KMS or local key provider enabled.

Root cause: The is_disk_initialized() check required both LUKS header
AND zpool detection for encrypted ZFS (line 1057-1058). However, zpool
import is attempted on the raw encrypted device (/dev/vdb1) before LUKS
is opened, which always fails since the ZFS pool is inside the LUKS
container.

Solution: For any encrypted filesystem (ext4 or ZFS), only check for
LUKS header presence, since the actual filesystem can only be detected
after opening LUKS. This aligns encrypted ZFS handling with encrypted
ext4, which was already using this approach.

Testing: Verified that ext4 encrypted storage persists correctly with
KMS key provider. ZFS testing pending after build completes.
@kvinwang kvinwang enabled auto-merge January 26, 2026 16:14
@kvinwang kvinwang merged commit 53cf142 into master Jan 26, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kvinwang