DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th February 2016
jjstorm jjstorm is offline
Package Pilot
 
Join Date: Nov 2014
Location: Buenos Aires, AR
Posts: 144
Default Full Disk Encryption

I plan on using FDE prior to the installation by dropping to shell. I am left with some questions.


Select (S)hell at the initial prompt.

Welcome to the OpenBSD/amd64 X.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s

From here, you'll be given a shell within the live environment to manipulate the disks. For this example, we will install to the wd0 SATA drive, erasing all of its previous contents. You may want to write random data to the drive first with something like the following:
Code:
    # dd if=/dev/random of=/dev/rwd0c bs=1m
Can you please tell me what the r and c in front and after wd0 are?

What utilities are available in shell for me to find out what my drive ID is (i.e wd0, sd0, hd0, etc...) or will I have found that out during the install disk boot process?


Next, we'll initialize the disk with fdisk(8) and create the softraid partition with disklabel(8).
Code:
# fdisk -iy wd0
Writing MBR at offset 0.
# disklabel -E wd0
Label editor (enter '?' for help at any prompt)
> a a
offset: [2104515]
size: [39825135] *
FS type: [4.2BSD] RAID
> w
> q
No label changes.
Does this mean every partition created during installation will be a softraid partition?
Reply With Quote
  #2   (View Single Post)  
Old 29th February 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by jjstorm View Post
Can you please tell me what the r and c in front and after wd0 are?
The "r" stands for "raw" -- sometimes also called "uncooked," or more correctly, "unbuffered." The "c" is disklabel partition c, the reserved partition representing the whole drive.
Quote:
What utilities are available in shell for me to find out what my drive ID is (i.e wd0, sd0, hd0, etc...) or will I have found that out during the install disk boot process?
You're asking about at install time, using the RAMDISK kernel bsd.rd. There are limited tools in this small kernel. You can scan the dmesg(8) of course, but the easiest thing to use at the shell prompt is the # sysctl hw.disknames command.
Quote:
Does this mean every partition created during installation will be a softraid partition?
Using that "howto", you will have one MBR partition, created with fdisk(8), and one disklabel partition (not including the reserved "c" partition). There are two types of partitions on OpenBSD systems.
  1. MBR partitions. On the half-dozen or so architectures that use MBRs for booting or multi-OS partioning, drives will have MBRs and a single MBR partition containing all-of-OpenBSD's storage allocation.
  2. Disklabel partitions. On every architecture, disklabels are used to subdivide a disk drive. If the drive has an OpenBSD MBR partition, disklabel partitions are used to subdivide that MBR partition.
The disklabel partition will become a softraid(4) device once you initialize it with bioctl(8). That device will be a virtual SCSI device, of type sd(4), and will be the next available drive number. That virtual softraid device will then be subdivided into multiple disklabel partitions.

Last edited by jggimi; 29th February 2016 at 05:00 AM. Reason: corrected comments for MBR partitioning. Not all MBR archs actually use MBR boot programs
Reply With Quote
  #3   (View Single Post)  
Old 1st March 2016
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

I have FDE OpenBSD install and Windows (currently unencrypted). So it is not really a FDE. Only whole OpenBSD is encrypted.
I can provide some examples.

my sd0 is physical device
sd1 is softraid/virtual SCSI device

Warning: These names can change if you for example boot from pendrive. For example I boot from pendrive to upgrade current. I must check what is called each of them before manually provisioning and upgrading.

Code:
sysctl hw.disknames                                                          
hw.disknames=sd0:3a9569f176005878,cd0:,sd1:e2687744d2198a2e
On sd0 I have one primary MBR partition for OpenBSD.
Code:
fdisk sd0 | grep -e OpenBSD -e size          
 #: id      C   H   S -      C   H   S [       start:        size ]
 3: A6  51663  20   7 -  60801  80  63 [   829967361:   146805807 ] OpenBSD     
 #: id      C   H   S -      C   H   S [       start:        size ]
 #: id      C   H   S -      C   H   S [       start:        size ]
It corresponds to disklabel partition for OpenBSD:
Code:
# disklabel sd0 | grep -e RAID -e fstype
#                size           offset  fstype [fsize bsize  cpg]
  a:        146805807        829967361    RAID
It is an end for physical part. Now virtual.
One MBR partition:
Code:
fdisk sd1 | grep -e OpenBSD -e size
 #: id      C   H   S -      C   H   S [       start:        size ]
*3: A6      0   1   2 -   9137 254  63 [          64:   146801906 ] OpenBSD
Code:
disklabel sd1 | grep -e unused -e ' /' -e size
# /dev/rsd1c:
#                size           offset  fstype [fsize bsize  cpg]
  a:          8388608               64  4.2BSD   2048 16384    1 # /
  c:        146805279                0  unused                   
  d:          2097152          8388672  4.2BSD   2048 16384    1 # /var
  e:         31457280         10485824  4.2BSD   2048 16384    1 # /usr
  h:        104858848         41943104  4.2BSD   2048 16384    1 # /home
There were others threads on this on this forum. For examples of how to manually provision softraid crypto device see:
http://daemonforums.org/showpost.php...50&postcount=2
Reply With Quote
  #4   (View Single Post)  
Old 30th May 2016
denta denta is offline
Shell Scout
 
Join Date: Nov 2009
Location: Sweden
Posts: 95
Default

Somewhat related, there might be a minor error in the FAQ about "Encrypting External Disks" (s/sd3/sd1/).

In the sequence of commands following :
"A quick example runthrough of the steps follows, with sd0 being the USB drive."

# bioctl -c C -l sd0a softraid0
New passphrase:
Re-type passphrase:
softraid0: CRYPTO volume attached as sd3
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Full disk encryption in NetBSD 7.0 RC2 bashrules NetBSD Installation and Upgrading 1 18th August 2015 02:11 AM
Reliability concerns on full disk encryption virtuvoos OpenBSD Security 4 31st October 2013 11:06 PM
FreeNAS 8.3.1 introduces full disk ZFS encryption J65nko News 0 22nd March 2013 02:54 AM
Security: Encryption: Disk Encryption eurovive Other BSD and UNIX/UNIX-like 17 6th March 2010 04:09 AM
Full disk encryption with Loop-AES deviant085 OpenBSD Security 9 23rd November 2009 12:51 AM


All times are GMT. The time now is 10:07 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick