/ FreeBSD

Step-by-Step FreeBSD installation with ZFS and Full Disk Encryption

Introduction :

This paper has been written for non-expert users looking for an easy way to install FreeBSD.
We'll use detailed screenshots to help you setup FreeBSD 11.1 with full disk encryption using ZFS.
If you need help to configure your machine after the installation, you can consult this tutorial made for Raspberry PI but working for the other platforms too.

FreeBSD logo

Table of Contents :

  1. What do I need ?
  2. Boot and install
  3. Configure your keyboard layout
  4. Hostname and system components configuration
  5. Network configuration
  6. Select the server you want to use for the installation
  7. Disk configuration
  8. Last steps to finish the installation
    8.1. Root password
    8.2. Time and date
    8.3. Services
    8.4. Security
    8.5. Additionnal user
    8.6. The end
  9. First boot
  10. Need help ?

1. What do I need ?

For this tutorial, the installation has been made on a Intel Core i7 - AMD64 architecture.

On a USB key, you would probably use this link :
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-mini-memstick.img
If you can't do a network installation, you'd better use this image :
ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-memstick.img

You can write the image file on your USB device (replace XXXX with the name of your device) using dd :

# dd if=FreeBSD-11.1-RELEASE-amd64-mini-memstick.img of=/dev/XXXX bs=1m

For Windows users you can use this tool.

2. Boot and install :

To navigate easily into the installation interface, remember a few things :

  • Use ARROWS to change your selection
  • Use TABULATION to jump from the selection list to the validation options
  • ENTER is used to validate your choices
  • Multiple selections can be made with SPACEBAR

Here is your first choice :

F1

3. Configure your keyboard layout :

As I'm French I took the FRENCH layout.

F2

You have the possibility to test your keyboard layout to see if it fits you, or you can continue :

F3

4. Hostname and system components configuration :

Set the name of your machine :

F4

What components do you want to install ?

  • Use ports if you want to compile your applications yourself, otherwise, you'll use the pkg tool to install precompiled packages.
  • You can install the system sources, src, if you're willing to compile your system later, apply patches, activate specific kernel options (Like ALTQ for Packet Filer)...

F5

5. Network configuration :

Select the network interface you want to configure.

F6

First, we configure our IPv4 network. I used a static adress so you can see how it works, but you can use DHCP for an automated configuration, it depends of what you want to do with your system (desktop/server).

F7

F7-1

F8

IPv6 network configuration. Same as for IPv4, you can use SLAAC for an automated configuration.

F9

F10-1

F10-2

Here, you can configure your DNS servers, I used the Google DNS servers so you can use them too if needed.

F11

6. Select the server you want to use for the installation :

I always use the IPv6 mirror to ensure that my IPv6 network configuration is good.

F12

7. Disk configuration :

As we want to do an easy full disk encryption, we'll use ZFS.

F13

Make sure to select the disk encryption :

F14

Launch the disk configuration :

F15

Here everything is normal, you have to select the disk you'll use :

F16

I have only one SSD disk named da0 :

F17

Last chance before erasing your disk :

F18

Time to choose the password you'll use to start your system :

F19

F20

F21

8. Last steps to finish the installation :

The installer will download what you need and what you selected previously (ports, src, etc.) to create your system :

F22

8.1. Root password :

Enter your root password :

F22-1

8.2. Time and date :

Set your timezone, in my case : Europe/France

F22-2

F23

F23-1

Make sure the date and time are good, or you can change them :

F24

F25

8.3. Services :

Select the services you'll use at system startup depending again of what you want to do. In many cases powerd and ntpd will be useful, sshd if you're planning on using FreeBSD as a server.

F26

8.4. Security :

Security options you want to enable. You'll still be able to change them after the installation with sysctl.

F26-1

8.5. Additionnal user :

Create an unprivileged system user :

F26-2

Make sure your user is in the wheel group so he can use the su command.

F26-3

F26-4

8.6. The end

End of your configuration, you can still do some modifications if you want :

F26-5

F26-6

F26-7

9. First boot :

Enter the passphrase you have chosen previously :

F27

F28

F29

Welcome to Freebsd 11.1 with full disk encryption !

10. Need help ?

CagedMonster

CagedMonster

« I know everyone I've been everywhere I know everything Because I'm everybody » Ether - Nothingface

Read More