Installing OpenBSD 6.8 with disk encryption (+ FVWM ricing)

It is time to use the most secure operating system.

Source: https://www.openbsd.org/

Introduction

In this post, I will show you how to install this amazing operating system with disk encryption, as well as show you how to customize the default window manager (FVWM). The final result will be something like this:

Tested on OpenBSD 6.7 and 6.8.

Downloading OpenBSD

Installing OpenBSD

  1. At the bootloader screen, type boot or just press enter.

2. You will see a welcome screen with some options. Type i and hit enter.

3. Basic configuration:

Set a keyboard layout, hostname, network interface, IP address, DNS domain name, and root password. You will also be asked if you want to enable sshd by default and if you plan to use the X Window System. I will choose the default options.

4. When the installation prompts you to create a disk layout, type ! to pause it.

Optional: Enter the following command to clean your disk:

# dd if=/dev/urandom of=/dev/wd0c bs=10m

This process can take a long time depending on the size of your disk.

5. Write the MBR and set up a RAID slice:

# fdisk -iy wd0# disklabel -E wd0
wd0> a
partition: [a] # Hit enter
offset: [64] # Hit enter
size: [xxx] # Hit enter
FS type: [4.2BSD] RAID
wd0*> w
wd0> q

6. Set up the encrypted slice and exit the shell:

# bioctl -c C -l /dev/wd0a softraid0
New passphrase: [your super-secure password here]
# exit

7. Press CTRL+C, enter install, and continue the installation.

This will allow the installer to recognize the new encrypted volume. Most of the options will be already set. When the installation prompts you for the disk, use the encrypted volume (in my case sd0). Hit enter to use the whole disk.

8. Set up the disk layout:

I recommend you to use the auto layout option for security reasons.

If you want to use a custom layout (e.g., all directories on the same partition), type c. I will use the following settings:

sd0> a b
offset: [64] # Hit enter
size: [xxx] 8G
FS type: [swap] # Hit enter
sd0*> a
partition: [a]
offset: [xxx] # Hit enter
size: [xxx] # Hit enter
FS type: [4.2BSD] # Hit enter
mount point: [none] /
sd0*> w
sd0> q

9. You can just select the default options next.

If the installer can’t find the SHA256 signature and you are sure the image was not modified in any way, type yes.

10. Reboot the computer. You will be prompted for your password.

Congratulations! At this point, you should have a fully functional OpenBSD installation. Don’t forget to log in as root and create a user account with the adduser command.

Customizing FVWM

I don’t think it looks very cool…

Now we will rice this WM. I have a collection of dotfiles in my GitHub account, you can download the repository and run the installation script as root.

# pkg_add unzip wget
# ftp -o dotfiles.tar.gz https://github.com/crhenr/dotfiles/archive/master.tar.gz
# tar xzvf dotfiles.tar.gz && cd dotfiles-master
# chmod +x install.sh
# ./install.sh
Install additional software? [y/n] n
Move dotfiles to which user? crhenr
# reboot

If you enter n for installing additional software, the script will install only the essential for the rice: feh, conky, i3lock, scrot, rofi, ImageMagick, slim, and slim-themes. If you enter y, it will install some of my personal programs (e.g., Firefox and Wireshark).

The result will be something like this:

Login screen
Desktop
Lock screen

Much better :)

Conclusion

I hope you enjoyed this tutorial.

Links:

https://github.com/crhenr/dotfiles/

Contribute

If you like this content and want more helpful articles, consider supporting me on Ko-fi or Patreon.

Student at IFRN and information security researcher. https://crhenr.xyz