From 0016c31fef742e4f8859a80f6b8f324744508929 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 4 Jun 2020 13:41:00 -0400
Subject: [PATCH] Fix encrypted boot on 8.1

8.1 requires -f or it will fail.
---
 confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh b/confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh
index a26fc5e6..c5964c64 100644
--- a/confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh
+++ b/confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//)
-clevis luks bind -d $cryptdisk -k - tpm2 '{"pcr_bank": "sha256", "pcr_ids": "7"}' < /etc/confluent/confluent.apikey
+clevis luks bind -f -d $cryptdisk -k - tpm2 '{"pcr_bank": "sha256", "pcr_ids": "7"}' < /etc/confluent/confluent.apikey
 cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey