/ OpenBSD

Setup OpenBSD 6.2 with Full Disk Encryption

This article has been updated for the OpenBSD 6.2 release.

Here is a quick way to setup (in 7 steps) OpenBSD 6.2 with the encryption of the filesystem.

First step : Boot and start the installation :

(I)nstall : I

Keyboard Layout : ENTER (I'm french so in my case I took the FR layout)

Leave the installer with : !


Second step : Prepare your disk for encryption.

Using a SSD, my disk is named : sd0, the name may vary, for example : wd0.

Initiating the disk :

# fdisk -iy sd0

Configure your volume :

# disklabel -E sd0

z (erase everything) 

a a (create your volume) 

w (write your volume) 
q (quit)

Now we'll use bioctl to encrypt the partition we created, in this case : sd0a (disk sd0 + partition « a »).

# bioctl -c C -l /dev/sd0a softraid0

Enter your passphrase.


Third step :

Let's resume the OpenBSD's installer. We follow the install procedure :

# exit


Fourth step : Partitioning of the encrypted volume.

We select our new volume, in this case : sd1

The whole disk will be used : W(hole)

Let's create our partitions :

a b (to create the swap) 

a a (to create your / partition)

NB : You are more than welcome to create multiple partitions for your system.

w (we write) 
q (we quit)


Fifth step : System installation

It's time to choose how we'll install our system (network install by http in my case)


Sixth step : Finalize the installation.


Last step : Reboot and start your system.

Put your passphrase. Welcome to OpenBSD 6.2 with a full encrypted file system.


Optionnal : Disable the swap encryption.

The swap is actually part of the encrypted filesystem, we don't need OpenBSD to encrypt it. Sysctl is giving us this possibility.

# cp /etc/examples/sysctl.conf /etc 
# vi /etc/sysctl.conf

Uncomment the following line :


Need help ?



« I know everyone I've been everywhere I know everything Because I'm everybody » Ether - Nothingface

Read More