On Mon, Dec 21, 2015 at 06:40:48PM -0600, Luke Small wrote:
You are a normal user and have full disk encryption. You must have read the man page on how to do that? Found the installer option did you. I have read several books on openbsd and all the man pages I could find and didn't find out how to do it anywhere else other that how to webpages.
The manual page for bioctl explains all of the options you need. I have never understood exactly why people have so much difficulty installing a recent OpenBSD system on an encrypted partition. Assuming amd64 or i386: Basically, you boot bsd.rd as normal, and drop to a shell. If the disk you want to use previously had unencrypted data on it that you want to erase, you can blank the disk with dd if=/dev/zero of=/dev/your_device. (I'm not interested in any discussion about how technially some data could still be recovered from such a disk, because in 99% of cases, it can't. Simply zeroing out a disk is good enough for virtually everybody wanting to delete private data.) Then invoke fdisk -e /dev/your_device to make the MBR partition. If you just want OpenBSD on the disk, simply do a reinit, and update the MBR code. Then invoke disklabel -E /dev/your_device and make a RAID partition that spans the entire disk. Then invoke bioctl -c C -l /dev/your_device softraid0 Enter a passphrase The softraid volume will now be mounted Make a device node for the new device using the MAKEDEV script, E.G. sh ./MAKEDEV sd4 Blank the first part of the new encrypted volume using dd if=/dev/zero of=/dev/new_device bs=256k count=4 Repeat the fdisk step above except using the new softraid volume instead of the physical disk. NOTE: Some people might suggest that this is unnecessary, as the installer will do it for you, but I found on at least one occasion that the MBR bootcode wasn't correctly written unless I did it manually. Return to the installer. Install OpenBSD as normal, using the softraid device as your root filesystem. If you are not already familiar with fdisk, disklabel, dd, and the i386 boot process, it's probably worth learning more about OpenBSD and UNIX in general before trying to setup an encrypted volume. -- Tati Chevron Perl and FORTRAN specialist. SWABSIT development and migration department. http://www.swabsit.com
