Hello, when creating a new crypto volume, softraid apparently does not check whether a supplied key disk already holds a valid key. Considering sr_crypto_create_key_disk, the driver seems to only check whether the partition is of type RAID and then prepares to overwrite the key disk.
This way a user who whishes to re-use a key disk loses the old key instead. While softraid(4), bio(4) and bioctl(8) do not mention any possibility of key disk reuse, the user may not expect this behavior. Also the use of bioctl's force flag is not clear. The user may wrongly assume that data on his key disk remains intact as long as this flag is not supplied. From reading dev/biovar.h it is now clear that it is not intended to change this behavior at all and just enforces creation rather than assembly of a new array. Yet even if there is a check for valid key data it would not be a good idea to allow overwriting with a catch-all force flag set, since the driver cannot tell whether the user allows overwriting metadata on the encrypted volume, on the key disk or both. Rather have the user explicitly zero out metadata (similar examples can already be found on bioctl man page or the user FAQ[1]), take the force flag out and let the driver always take the safe route (i.e. stop operation or re-use found metadata, never overwrite). Please implement aforementioned check, clarify reuse of key disks in the manual and consider my musings about the force flag :) 1: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk Best regards -- Hannes Wenzel
