From 8c8a60e8218e62aea44a88ce9d3b71294365ab86 Mon Sep 17 00:00:00 2001
From: ghe0 <gheorghe@gheo.tech>
Date: Mon, 11 Nov 2024 18:32:56 +0200
Subject: [PATCH] allow hot key update even if install_url exists

---
 creator_functions.sh |  1 +
 init.sh              | 11 +++++------
 init_functions.sh    |  3 ---
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/creator_functions.sh b/creator_functions.sh
index 31886e8..609ba2d 100644
--- a/creator_functions.sh
+++ b/creator_functions.sh
@@ -156,6 +156,7 @@ install_guest_api() {
   # TODO: stick to master branch after code stabilizes
   git checkout dtrfs
   git pull
+  # TODO: download the binary from the detee registry
   cargo build --release > "${my_location}/guest_api.log" 2>&1 ||
     echo_red "Failed to build guest_api"
   strip --discard-all target/release/guest_api
diff --git a/init.sh b/init.sh
index 2746d92..99bcfe3 100755
--- a/init.sh
+++ b/init.sh
@@ -11,8 +11,7 @@ create_mounts
 load_modules
 setup_network
 
-# if you wait a bit, it works. The Kernel works in mysterious ways.
-sleep 2
+# load this module again cause it fails the first time
 modprobe sev_guest
 
 snp_key="$(GET_DERIVATION_KEY=yes guest_api)"
@@ -24,13 +23,13 @@ try_hot_decrypt || {
   if [[ -f "$install_url" ]]; then 
     install_os
   else
-    cryptsetup luksKillSlot -d $root_keyfile /dev/vda1 1
-    [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
-      --key-file $root_keyfile \
-      --new-keyfile $snp_key_file /dev/vda1
     cryptsetup open -d $root_keyfile /dev/vda1 root
     mount /dev/mapper/root /mnt
   fi
+  cryptsetup luksKillSlot -d $root_keyfile /dev/vda1 1
+  [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
+    --key-file $root_keyfile \
+    --new-keyfile $snp_key_file /dev/vda1
 }
 
 github_ssh_key
diff --git a/init_functions.sh b/init_functions.sh
index b19f616..f06f6c1 100644
--- a/init_functions.sh
+++ b/init_functions.sh
@@ -94,9 +94,6 @@ install_os() {
     echo w
   ) | fdisk /dev/vda
   cryptsetup luksFormat --batch-mode -d $root_keyfile /dev/vda1
-  [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
-    --key-file $root_keyfile \
-    --new-keyfile $snp_key_file /dev/vda1
   cryptsetup open -d $root_keyfile /dev/vda1 root
   mkfs.ext4 /dev/mapper/root
   mount /dev/mapper/root /mnt