This article has been updated for the OpenBSD 6.2 release.
Here is a quick way to setup (in 7 steps) OpenBSD 6.2 with the encryption of the filesystem.
First step : Boot and start the installation :
(I)nstall : I
Keyboard Layout : ENTER (I'm french so in my case I took the FR layout)
Leave the installer with : !
Second step : Prepare your disk for encryption.
Using a SSD, my disk is named : sd0, the name may vary, for example : wd0.
Initiating the disk :
# fdisk -iy sd0
Configure your volume :
# disklabel -E sd0 z (erase everything) a a (create your volume) FS TYPE : RAID w (write your volume) q (quit)
Now we'll use bioctl to encrypt the partition we created, in this case : sd0a (disk sd0 + partition « a »).
# bioctl -c C -l /dev/sd0a softraid0
Enter your passphrase.
Third step :
Let's resume the OpenBSD's installer. We follow the install procedure :
Fourth step : Partitioning of the encrypted volume.
We select our new volume, in this case : sd1
The whole disk will be used : W(hole)
Let's create our partitions :
a b (to create the swap) a a (to create your / partition)
NB : You are more than welcome to create multiple partitions for your system.
w (we write) q (we quit)
Fifth step : System installation
It's time to choose how we'll install our system (network install by http in my case)
Sixth step : Finalize the installation.
Last step : Reboot and start your system.
Put your passphrase. Welcome to OpenBSD 6.2 with a full encrypted file system.
Optionnal : Disable the swap encryption.
The swap is actually part of the encrypted filesystem, we don't need OpenBSD to encrypt it. Sysctl is giving us this possibility.
# cp /etc/examples/sysctl.conf /etc # vi /etc/sysctl.conf
Uncomment the following line :
Need help ?
Subscribe to CagedMonster'S Blog
Get the latest posts delivered right to your inbox