From: kn <kn@openbsd.org>
Date: Thu, 10 Aug 2023 17:09:34 +0000 (+0000)
Subject: Always create new softraid CRYPTO volume, do not reuse existing one
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=26a251e7fa113f5fa42907a30d8d66d2106424d8;p=openbsd

Always create new softraid CRYPTO volume, do not reuse existing one

The bioctl(8) command to create new and unlock old volumes is the same.
Use `-C force' to prevent reuse, which happens with, e.g. aborted/restarted
encrypted installations past the question or installations onto an old disk.

OK naddy sthen deraadt
---

diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub
index b9fc210d10f..4386ec9873c 100644
--- a/distrib/miniroot/install.sub
+++ b/distrib/miniroot/install.sub
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: install.sub,v 1.1252 2023/08/02 08:51:16 kn Exp $
+#	$OpenBSD: install.sub,v 1.1253 2023/08/10 17:09:34 kn Exp $
 #
 # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
 # Copyright (c) 2015, Robert Peichaer <rpe@openbsd.org>
@@ -3097,7 +3097,7 @@ encrypt_root() {
 	md_prep_fdisk $_chunk
 	echo 'RAID *' | disklabel -w -A -T- $_chunk
 
-	until bioctl -c C -l ${_chunk}a softraid0 >/dev/null; do
+	until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do
 		# Most likely botched passphrases, silently retry twice.
 		((++_tries < 3)) || exit
 	done