As Bryan stated, bioctl will prompt for the (existing) passphrase and then bring up the (existing) crypto volume.
Once mounted, it will be a standard upgrade installation. To clarify, bioctl should in this case NOT overwrite the existing encrypted data. As a beginner, I found bioctl’s -c and -d options (and its terminology of “create” and “delete”) a bit confusing and, yes, “a little scary” in this regard. FAQ 14.10.3 might be helpful to understand, as it puts it rather explicitly: > note that the initial creation of the container and attaching the container are done with the same bioctl(8) command > The man page for this looks a little scary, as the -d command is described as "deleting" the volume. In the case of crypto, however, it just deactivates encrypted volume so it can't be accessed until it is activated again with the passphrase. http://www.openbsd.org/faq/faq14.html#softraidCrypto > On 16 Apr 2016, at 00:36, Tim Hoddy <t...@skyhook.ath.cx> wrote: > > On 15 April 2016 23:04:45 BST, Bryan Everly <br...@bceassociates.com> wrote: >> Boot the installer. Exit to the shell. Then do: >> >> bioctl -c C -l /dev/sd0a softraid0 >> >> (Substitute for your actual device that is the softraid container). >> You will be promoted for your password. >> >> Watch for the console message telling you what it mounted as. Then >> type exit to return to the installer and upgrade that disk. >> >> Thanks, >> Bryan >> >>> On Apr 15, 2016, at 5:56 PM, Jack J. Woehr <j...@well.com> wrote: >>> >>> How does one upgrade a full-disk encrypted OpenBSD boot disk? > > > The original question is not clear. > > Your instruction will involve an overwrite of a previous install and is, therefore, not a "upgrade".