|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
OpenBSD 6.1 to 6.2
Greetings all,
as noted in my first thread, I had installed OpenBSD 6.1 as an experiment along with Windows 7 and I am so pleased with it, that I would like to continue using it. Since version 6.2 is out I though that I would upgrade my installation by (a) encrypting the OpenBSD partition and (b) install or upgrade to version 6.2. Regarding (a) reviewing FAQ # 14, I understand that encryption must happen before the operating system is installed and it is possible to encrypt only a partition. Since my OpenBSD is installed on fourth fdisk(8) partition containing the disklabel(8) partitions, I have been reading the man page for the bioctl(8) command, but cannot figure out how to specify the fourth fdisk(8) partition to be ecrypted. Any help? Regarding (b) since I have done a lot of customization via /etc, do I have to (1) upgrade 6.1 to 6.2, (2) copy /etc of the upgraded system, (3) encrypt the partition, (4) install 6.2, and (5) rewrite /etc with the copied /etc? Or is there a better/easier way? Kindest regards, M |
|
||||
Upgrading with FDE was just discussed yesterday on this forum:
http://daemonforums.org/showthread.php?t=10421 As noted in that thread, and in the OpenBSD upgrade guide, you can boot the new RAMDISK kernel from your existing system. http://www.openbsd.org/faq/upgrade62.html |
|
|||
Hi jggimi,
I am not following your answer. The referred to thread has a 6.1 version already installed on fully encrypted disk. I am asking how to encrypt only a partition. Furthermore, I am not asking how to perform the upgrade, but how to preserve my /etc after install/upgrade of 6.2 on the encrypted partition. Thus, I am not sure how is the referred to thread relevant. Kindest regards, M |
|
|||
Hi jggimi,
please, no need to apologize, you have been extremely helpful in answering my and other newbies' questions. Thank you for the succinct answer below, the only thing that I do not understand is the form of the bioctl(8) command. Even considering, that, as you wrote, the "z" switch preserves the fdisk(8) partition, it seems to me that the Code:
# bioctl -c C -l /dev/sd0a softraid0 Kindest regards, M |
|
||||
This may help. I created a little 10G "drive" using vnconfig(8), just to show how to set up an FDE environment when multibooting.
I created an MBR, and set the OpenBSD partition to begin about half way, so it is 5G in size. This simulates a multiboot system, where only part of the disk is being used for OpenBSD. Below, you can see the MBR partition in both sectors and in GB. Code:
# fdisk -e vnd0 Enter 'help' for information fdisk: 1> p Disk: vnd0 geometry: 209715/1/100 [20971520 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 104857 0 1 - 209714 0 20 [ 10485700: 10485720 ] OpenBSD fdisk: 1> p g Disk: vnd0 geometry: 209715/1/100 [20971520 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 00 0 0 0 - 0 0 0 [ 0: 0G] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0G] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0G] unused *3: A6 104857 0 1 - 209714 0 20 [ 10485700: 5G] OpenBSD fdisk: 1> Code:
disklabel -p g vnd0 # /dev/rvnd0c: type: vnd disk: vnd device label: fictitious duid: ed6d7ca984c23716 flags: bytes/sector: 512 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 209715 total sectors: 20971520 # total bytes: 10.0G boundstart: 10485700 boundend: 20971420 drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] a: 1.0G 10485700 4.2BSD 2048 16384 1 b: 1.0G 12582880 swap c: 10.0G 0 unused d: 1.0G 14680000 4.2BSD 2048 16384 1 e: 1.0G 16777184 4.2BSD 2048 16384 1 f: 1.0G 18874272 4.2BSD 2048 16384 1 $ pkg_info -qm and now I am ready to "reinstall" in my little test system. In reality, I would reboot with the RAMDISK kernel (bsd.rd) and use its shell, but I'm just replicating the disk management components of a reinstall.
Last edited by jggimi; 13th October 2017 at 01:03 PM. Reason: one miniscule typo, but I'm pedantic |
|
||||
Correction: MAKEDEV(8) isn't needed, the install script will find the device and run MAKEDEV for you. So Step 4 should just say, "Now you can see how this aligns with the FAQ."
Last edited by jggimi; 13th October 2017 at 01:33 PM. Reason: clarity and a typo. |
|
|||
Hi jggimi,
I do not care what others say, you are just awesome. I especially appreciate you taking the time for the detailed write up, it clarifies my confusion regarding how the disklabel(8) with the "z" switch and the subsequent Code:
# bioctl -c C -l /dev/sd0a softraid0 I wonder if you should not post it to the HOW-TO section, since the FAQ #14 is not descriptive in explaining how to apply the encryption to less that a full disk, and searching did not really help. Again, thank you very much. Kindest regards, M |
Thread Tools | |
Display Modes | |
|
|