Do not allow an encrypted pool to be locked if it is being used for system dataset
We should not allow an encrypted pool to be locked if it is being used for system dataset as this can result in various unintended consequences.
We risk breaking locking the pool
Following should be made sure:
1) A pool which has passphrase set cannot be set for containing system datasets
2) A pool which has a passphrase set and already might have system dataset hosted before this ticket addressed this issue, should allow only to remove the passphrase. Changing cannot be done in this case
3) For a pool meeting criteria described in point no 2, it should be ensured that the user is not able to lock it
4) If we have two pools in Storage - pool1 and pool2. Pool 2 can be encrypted and have a passphrase set. System datasets should be on pool 1 before we proceed with this condition. Once we have this in place, we should try detaching pool1 and then make sure that system dataset does not go to pool2 and instead moves to freenas-boot
#4 Updated by Bonnie Follweiler almost 3 years ago
- Status changed from Ready for Testing to Blocked
- Reason for Blocked set to Dependent on a related task to be completed
After an upgrade from 11.2-U2 with an encrypted pool saved as a system dataset: The pool is locked after the upgrade (at login). The system dataset is still set to the encrypted pool.
I can't further test this until https://redmine.ixsystems.com/issues/62145 is ready for testing