On Fri, Aug 04, 2023 at 11:45:00AM +0000, Klemens Nanni wrote:
> If the root disk contains a valid CRYPTO volume, bioctl(8) by default
> unlocks that instead of creating a new one.
>
> Use `-C force' to prevent reuse of old volumes, which happens if you, e.g.
> restart an encrypted installation past this point or install onto an old
> disk without wiping it first:
>
> Encrypt the root disk with a passphrase? [no] y
>
> Configuring the crypto chunk sd0...
>
> Disk: sd0 geometry: 652/255/63 [10485760 Sectors]
> Offset: 0 Signature: 0xAA55
> Starting Ending LBA Info:
> #: id C H S - C H S [ start: size ]
>
> -------------------------------------------------------------------------------
> 0: 00 0 0 0 - 0 0 0 [ 0: 0 ]
> Unused
> 1: 00 0 0 0 - 0 0 0 [ 0: 0 ]
> Unused
> 2: 00 0 0 0 - 0 0 0 [ 0: 0 ]
> Unused
> *3: A6 0 1 2 - 652 180 40 [ 64: 10485696 ]
> OpenBSD
> Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit?
> [OpenBSD]
> Passphrase:
> sd1 at scsibus1 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
>
> There bioctl once prompts for the old existing
> Passphrase:
> instead of
> New passphrase:
> Re-type passphrase:
>
>
> Feedback? Objection? OK?
Anyone takers? One likes it, otherwise no replies.
I'm inclined to go ahead with this one soon unless there are objections
is it fixes a few cases users stumbled over.
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1252
diff -u -p -r1.1252 install.sub
--- install.sub 2 Aug 2023 08:51:16 -0000 1.1252
+++ install.sub 10 Aug 2023 07:54:36 -0000
@@ -3097,7 +3097,7 @@ encrypt_root() {
md_prep_fdisk $_chunk
echo 'RAID *' | disklabel -w -A -T- $_chunk
- until bioctl -c C -l ${_chunk}a softraid0 >/dev/null; do
+ until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do
# Most likely botched passphrases, silently retry twice.
((++_tries < 3)) || exit
done
