DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th October 2017
lea0342 lea0342 is offline
Port Guard
 
Join Date: Sep 2017
Posts: 18
Default Upgrading stable installation on a encrypted disk

I installed OpenBSD 6.1 in an virtualbox VM, using the FAQ to install to a full disk encryption softraid.

My current disks in the 6.1 installation is:
# sysctl hw.disknames
hw.disknames=wd0:34352553674n45n56,cd0:,sd0:93c4e4 6739bc0586

My current layout in 6.1 is this:
/dev/sd0a - /
/dev/sd0k - /home
/dev/sd0d - /tmp
/dev/sd0f - /usr
/dev/sd0g - /usr/X11R6
/dev/sd0h - /usr/local
/dev/sd0j - /usr/obj
/dev/sd0i - /usr/src
/dev/sd0e - /var

Now that 6.2 is released, I wanted to upgrade but when I tried the "Upgrade" option in the 6.2 release, i get the following disks in my system:

# sysctl hw.disknames
hw.disknames=wd0:34352553674n45n56,cd0:,rd0:3n4nm6 7365298m

I think i need to decrypt and mount the disk so that the installer found the "sd0" softraid disk, but i couldn't find a way to do that.

What are the steps to upgrade a system installed to a full disk encryption softraid disk? thanks in advance!
Reply With Quote
  #2   (View Single Post)  
Old 9th October 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,975
Default

Hello and welcome!

You can manually issue bioctl(8) but it is far easier to copy the new release RAMDISK kernel (bsd.rd) to your root directory, and boot it from there. The bootloader will prompt for passphrase or look for the keydisk.
Code:
# cp bsd.rd /new.bsd.rd
# reboot
.
.
.
passphrase: 
boot> new.bsd.rd

Last edited by jggimi; 9th October 2017 at 09:03 PM. Reason: forgot to add the passphrase prompt.
Reply With Quote
  #3   (View Single Post)  
Old 10th October 2017
lea0342 lea0342 is offline
Port Guard
 
Join Date: Sep 2017
Posts: 18
Default

Hi! and thank you so much! thats a really easy way i'll try, i assume that when the upgrade process get to the disk section, i'll only need to set the partitions isnt it?.

The other way will be to issue the bioctl command to decrypt the volume first with "bioctl -c C -l /dev/sd0c softraid0"?

Thanks!
Reply With Quote
  #4   (View Single Post)  
Old 10th October 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,975
Default

The upgrade script will ask you which disk to upgrade. You'll select the appropriate drive, such as sd0, sd1, sd2, ... If you don't recall the number, don't worry, you can press Enter. The upgrade script will try to mount an "a" partition and look for an etc/fstab file. If it isn't successful, it will prompt again.
Reply With Quote
  #5   (View Single Post)  
Old 10th October 2017
lea0342 lea0342 is offline
Port Guard
 
Join Date: Sep 2017
Posts: 18
Default

Quote:
Originally Posted by jggimi View Post
The upgrade script will ask you which disk to upgrade. You'll select the appropriate drive, such as sd0, sd1, sd2, ... If you don't recall the number, don't worry, you can press Enter. The upgrade script will try to mount an "a" partition and look for an etc/fstab file. If it isn't successful, it will prompt again.
But i think that's the case when your disk isn't encrypted, isn't it?

There's a bioctl command I need to run in the shell prior to enter the Upgrade script for it to can mount and access the encrypted drive.
Reply With Quote
  #6   (View Single Post)  
Old 10th October 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,975
Default

When you boot a bootloader from an encrypted disk, the bootloader decrypts the softraid drive in order to locate, and load the kernel before passing control to it. The decryption key is passed to the kernel, so that it can address the drive via softraid(4).

The only plaintext sectors on an FDE drive are MBR/GPT, disklabel, softraid metadata, and the bootloader. The kernel uses the softraid(4) driver to conduct I/O.

The RAMDISK kernel (bsd.rd) includes the softraid(4) driver.

Step 1: place the new bsd.rd kernel in the root directory. It's an encrypted directory, because the entire drive (except as above) is encrypted.
Step 2: reboot the system
Step 3: provide your passphrase or your keydisk to the bootloader.
Step 4: tell the bootloader to load the new bsd.rd kernel. The kernel will assign an sd drive number to the decrypted disk.
Step 5. Run the upgrade script.
Step 6. Give the script the sd drive number to upgrade.

Last edited by jggimi; 10th October 2017 at 03:08 PM. Reason: clarity
Reply With Quote
  #7   (View Single Post)  
Old 10th October 2017
lea0342 lea0342 is offline
Port Guard
 
Join Date: Sep 2017
Posts: 18
Default

Thank you so so much for that explanation!

Being this my firsts steps in OpenBSD, I wonder, is that information available somewhere? or did you know by your experience? I can't seem to found anything in my searches on the matter, only how to install to an encrypted disk, but i already did that when i installed 6.1 weeks ago.
Reply With Quote
  #8   (View Single Post)  
Old 10th October 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,975
Default

It is documented in softraid(4) and boot(8/{amd64,i386,sparc64}), but not in a howto/faq form. The OpenBSD Journal published an article that included an upgrade discussion in 2011, but while these articles are accurate at the time of publication, they are not updated/revised for later changes in technology.
Reply With Quote
Reply

Tags
softraid, upgrade encrypted

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can not see SSD disk at installation marcusp OpenBSD Installation and Upgrading 3 27th May 2017 01:51 PM
Multiple (3 disk) installation J65nko OpenBSD Installation and Upgrading 11 4th February 2016 08:34 PM
Upgrading encrypted 5.7 stable to -current e1-531g OpenBSD Installation and Upgrading 5 11th August 2015 03:32 PM
Encrypted disk compatibility issue TheLogicInverter FreeBSD Security 3 30th January 2009 02:59 PM
Installation master "disk" using USB memory stick, dd? peterg22 FreeBSD Installation and Upgrading 7 14th October 2008 05:18 PM


All times are GMT. The time now is 04:39 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick