allow hot key update even if install_url exists

creator_functions.sh

@@ -156,6 +156,7 @@ install_guest_api() {
   # TODO: stick to master branch after code stabilizes
   git checkout dtrfs
   git pull
+  # TODO: download the binary from the detee registry
   cargo build --release > "${my_location}/guest_api.log" 2>&1 ||
     echo_red "Failed to build guest_api"
   strip --discard-all target/release/guest_api

init.sh

@@ -11,8 +11,7 @@ create_mounts
 load_modules
 setup_network
 
-# if you wait a bit, it works. The Kernel works in mysterious ways.
-sleep 2
+# load this module again cause it fails the first time
 modprobe sev_guest
 
 snp_key="$(GET_DERIVATION_KEY=yes guest_api)"
@@ -24,13 +23,13 @@ try_hot_decrypt || {
   if [[ -f "$install_url" ]]; then 
     install_os
   else
-    cryptsetup luksKillSlot -d $root_keyfile /dev/vda1 1
-    [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
-      --key-file $root_keyfile \
-      --new-keyfile $snp_key_file /dev/vda1
     cryptsetup open -d $root_keyfile /dev/vda1 root
     mount /dev/mapper/root /mnt
   fi
+  cryptsetup luksKillSlot -d $root_keyfile /dev/vda1 1
+  [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
+    --key-file $root_keyfile \
+    --new-keyfile $snp_key_file /dev/vda1
 }
 
 github_ssh_key

init_functions.sh

@@ -94,9 +94,6 @@ install_os() {
     echo w
   ) | fdisk /dev/vda
   cryptsetup luksFormat --batch-mode -d $root_keyfile /dev/vda1
-  [[ -f "$snp_key_file" ]] && cryptsetup luksAddKey \
-    --key-file $root_keyfile \
-    --new-keyfile $snp_key_file /dev/vda1
   cryptsetup open -d $root_keyfile /dev/vda1 root
   mkfs.ext4 /dev/mapper/root
   mount /dev/mapper/root /mnt