OpenBSD 5.7 full encrypted hdd

You will find plenty of OpenBSD install guides out there.

I like to have a full encrypted hdd (FDE – full disk encryption) on my laptop. I think OpenBSD encrypt swap by default since 10 years! So it’s no need to encrypt swap twice. Just for keep in mind later.

Boot your system e.g. amd64 from CD or flash drive.

Press [ I ] to take the first install step. Choose your keyboard layout. In my case ‚de‘.

Now leave the install routine by typing: !. You have your shell and you can set up your hdd or ssd.

In case of me, my ssd is sd0:

fdisk -iy sd0

-i initialize
-y yes blah blah blah

Edit the disklabel:

disklabel -E sd0

Create a swap partition first. (add b)

> a b
offset: [64]
size [10474316] 1g
Rounding size to cylinder (16065 sectors): 2104451
FS type: [swap]:

To add an a partion enter just:

> a a
offset: [2104515]<enter>
size: [8369865]<enter>
FS type: [4.2BSD] RAID

To save your disk layout press:

> w
and to quit disklabel:
> q

Now comes encryption magic just for partition a:

bioctl -c C -l /dev/sd0a softraid0

You will be ask for your passphrase. Use a phrase, it’s quite easier to remember, and you should remember your pass phrase. „Thank you Edward Snowden <3.“ or „Fuck you god damn NSA and GCHQ.“ or something like that. Now you have the „right“ keyboard layout to use some fancy keys. ;)

New passphrase:
Re-type passphrase:
softraid0: CRYPTO volume attached as sd2

My encryped RAID volume becomes sd2 because sd1 is my flash drive I installed OpenBSD from.

You can now jump back (exit shell) to the install routine.


Just go on with setting the hostname and so on. Install OpenBSD in your sd2 or what ever it will be in your case. Lazy as an OpenBSD slacker you create just a root partion. Choose custom layout to create an a partition in your sd2. In „normal“ disklabel

>a a
<enter> for default ofset of [64]
<enter> for default size (depends on the size of ssd/hdd)
<enter> for default file system type (4.2BSD)
/ for your custom mount point
>w q for write and quit disklabel

Your b partion will be outside your „encryped RAID“ and OpenBSD installer will not find it automaticly. In case of me sd0b.

Edit your fstab like a pro:

sed 's/rw/rw,softdep,noatime/g' /mnt/etc/fstab > /mnt/a
echo '/dev/sd0b none swap sw 0 0' >> /mnt/a
mv /mnt/a /mnt/etc/fstab

Reboot your machine and praise the OpenBSD guys. :)