On Wed, Dec 29, 2021 at 05:22:19PM -0500, openbsd-m...@pyr3x.com wrote: > Hello, > > I'm using full disk encryption via the softraid subsystem and bioctl with a > keydisk. I have a second drive that I'm backing up the root filesystem to > via ROOTBACKUP=1 and the proper fstab entry. > > I'd like to be able to reuse the same keydisk to decrypt the second drive. > It appears there is no way to inform bioctl to reuse a correctly formatted > keydisk, so it overwrites it each time. Right now I've opted to use a > passfile for the second drive and confirmed I could boot to it by entering > the passphrase via 'boot sr1a:/bsd -a' -- but I'd prefer to simply let it > pickup the keydisk. Is there something I'm missing?
Two different crypto volumes cannot use the same RAID type disklabel slice as a keydisk. However, you can create two distinct RAID type disklabel slices on your key disk device (1MB per slice should be sufficient), and then pass one of each of those slices to bioctl -k when you create your two crypto volumes. This way, a single physical disk device will be able to unlock both volumes.
