On 6/3/19 8:17 PM, Bryan Stenson wrote:
> Hi all -
>
> I'm running -CURRENT on a SSD with FDE encryption using softraid/crypto
> with a passphrase entered via the keyboard at boot. It worked great.
> Then, I upgraded to a build that had a broken bootloader (reported to be
> fixed now: "Re: amd64 snapshot very broken (Jun 1 02:24:13)"). Per that
> thread, I'm trying to boot from temp boot media to update to the fixed
> image.
ouch. :(
> I've tried booting both snapshots/amd64/install65.fs and
> snapshots/amd64/miniroot65.fs, and while it appears the bootloader
> recognizes my softraid crypto device, it's clearly not mounting the crypto
> device (I'm not prompted for a passphrase), and by the time I get to the
> install script, it shows:
>
> Available disks are: .
> Which disk is the root disk? ('?' for details)
>
> Asking for details, both my SSD (sd0) and temp boot media (sd1) are shown,
> but I'm not able to see the encrypted device.
>
> I've dropped to a shell, and created the device (it wasn't there) via "cd
> /dev && sh MAKEDEV sd0", and can see my RAID partition via "disklabel sd0".
You probably need to make sd1 and sd2, as well (sd1 your install media,
will probably be made for you, but as long as you are in the
neighborhood... sd2 will hold the actual file systems on the encrypted
"disk" that you will be installing to.
> But, now I'm stuck/confused...I'm trying to figure it out by following:
> https://www.openbsd.org/faq/faq14.html#softraidFDE
>
> Do I re-create the softraid/crypto with something like "bioctl -c C sd0a
> softraid0"? Or, will this will wipe out the existing data and give me a
> fresh new partition to install to?
yep.
bioctl -c C -l /dev/sd0a softraid0
should do it. I'm just peeking at a script I use to manually mount an
encrypted file system post-boot.
> How can I mount the existing crypto volume for use by the installer?
> (Also, am I asking the right questions here?)
Once you have "unlocked" the encryped partition and it becomes a new
logical drive, make note of that, and answer that drive to the installer
if it doesn't figure it out on its own.
Nick.
