Installing OpenBSD 6.8 with disk encryption (+ FVWM ricing)

Source: https://www.openbsd.org/

Introduction

OpenBSD is a Unix-like operating system created by Theo de Raadt in 1995 as a fork of NetBSD. It runs on various platforms and focuses on reliability, security, correctness, and freedom. This is considered by many as the most secure OS out there, it had only two remote attack vulnerabilities in a long time. The OpenBSD team also developed other important programs, such as OpenSSH.

In this post, I will show you how to install this amazing operating system with disk encryption, as well as show you how to customize the default window manager (FVWM). The final result will be something like this:

Tested on OpenBSD 6.7 and 6.8.

Downloading OpenBSD

You can download the latest version of OpenBSD here. Remember to check the image signature.

Installing OpenBSD

I won’t cover how to create a bootable USB stick or set up a virtual machine. If you plan to use OpenBSD, you should already know that. Let’s start!

  1. At the bootloader screen, type boot or just press enter.

2. You will see a welcome screen with some options. Type i and hit enter.

3. Basic configuration:

Set a keyboard layout, hostname, network interface, IP address, DNS domain name, and root password. You will also be asked if you want to enable sshd by default and if you plan to use the X Window System. I will choose the default options.

4. When the installation prompts you to create a disk layout, type ! to pause it.

Optional: Enter the following command to clean your disk:

# dd if=/dev/urandom of=/dev/wd0c bs=10m

This process can take a long time depending on the size of your disk.

5. Write the MBR and set up a RAID slice:

# fdisk -iy wd0# disklabel -E wd0
wd0> a
partition: [a] # Hit enter
offset: [64] # Hit enter
size: [xxx] # Hit enter
FS type: [4.2BSD] RAID
wd0*> w
wd0> q

6. Set up the encrypted slice and exit the shell:

# bioctl -c C -l /dev/wd0a softraid0
New passphrase: [your super-secure password here]
# exit

7. Press CTRL+C, enter install, and continue the installation.

This will allow the installer to recognize the new encrypted volume. Most of the options will be already set. When the installation prompts you for the disk, use the encrypted volume (in my case sd0). Hit enter to use the whole disk.

8. Set up the disk layout:

I recommend you to use the auto layout option for security reasons.

If you want to use a custom layout (e.g., all directories on the same partition), type c. I will use the following settings:

sd0> a b
offset: [64] # Hit enter
size: [xxx] 8G
FS type: [swap] # Hit enter
sd0*> a
partition: [a]
offset: [xxx] # Hit enter
size: [xxx] # Hit enter
FS type: [4.2BSD] # Hit enter
mount point: [none] /
sd0*> w
sd0> q

9. You can just select the default options next.

If the installer can’t find the SHA256 signature and you are sure the image was not modified in any way, type yes.

10. Reboot the computer. You will be prompted for your password.

Congratulations! At this point, you should have a fully functional OpenBSD installation. Don’t forget to log in as root and create a user account with the adduser command.

Customizing FVWM

The default window manager of OpenBSD is FVWM. I like FVWM, it is lightweight and highly configurable. The default look of FVWM on OpenBSD is something like this:

I don’t think it looks very cool…

Now we will rice this WM. I have a collection of dotfiles in my GitHub account, you can download the repository and run the installation script as root.

# pkg_add unzip wget
# ftp -o dotfiles.tar.gz https://github.com/crhenr/dotfiles/archive/master.tar.gz
# tar xzvf dotfiles.tar.gz && cd dotfiles-master
# chmod +x install.sh
# ./install.sh
Install additional software? [y/n] n
Move dotfiles to which user? crhenr
# reboot

If you enter n for installing additional software, the script will install only the essential for the rice: feh, conky, i3lock, scrot, rofi, ImageMagick, slim, and slim-themes. If you enter y, it will install some of my personal programs (e.g., Firefox and Wireshark).

The result will be something like this:

Login screen
Desktop
Lock screen

Much better :)

Conclusion

Installing OpenBSD is very easy and the default window manager is highly customizable. Feel free to change my dotfiles according to your needs and let me know about your rices. Depending on the feedback, you may see more advanced posts about OpenBSD here.

I hope you enjoyed this tutorial.

Links:

https://github.com/crhenr/dotfiles/

Contribute

If you like this content and want more helpful articles, consider supporting me on Ko-fi or Patreon.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cristian Souza

Cristian Souza

Student at IFRN and information security researcher. https://cristian.sh