------------------------------------------------------------------------------------- / _ \ \_\(_)/_/ _//"\\_ JOHLEM.net / \ https://johlem.net/V1/topics/cheatsheet.php ------------------------------------------------------------------------------------- --- Cheatsheet OpenBSD ------------------------------------ MY PROCEDURE After booting the installer, press S to enter the shell. # cd /dev Create the sd devices: # sh MAKEDEV sd0 sd1 sd2 Check which device is your USB drive with the installer on it: # disklabel sd0 [...] # disklabel sd1 [...] # disklabel sd2 [...] Look for the line label:. In my case, sd2 is the USB device. note: Samsung SSD 870 EVO 500 Go -> sd0 Samsung SSD 980 PRO M.2 PCIe NVMe 1 To -> 1T sd1 flashdrive -> sd2 Delete previous data on disks, if exists: # dd if=/dev/zero of=/dev/rsd0c count=1 bs=1M # dd if=/dev/zero of=/dev/rsd1c count=1 bs=1M If you made mistakes during partitioning earlier, reboot at this stage. # reboot initialize the MBR (i = initialize, y = answer yes): # fdisk -iy sd0 # fdisk -iy sd1 note: If you use GPT for UEFI booting, do # fdisk -iy -g -b 960 sd0 setup RAID slice # disklabel -E sd0 wd0> a partition: [a] # Hit enter offset: [64] # Hit enter size: [xxx] # Hit enter FS type: [4.2BSD] RAID wd0*> w wd0> q Setup the encrypted slice and exit shell: # bioctl -c C -l /dev/sd0a softraid0 New passphrase: Re-type passphrase: sd4 at scsibus3 targ 1 lun 0: sd4: 476937MB, 512 bytes/sector, 976767473 sectors softraid0: CRYPTO volume attached as sd4 note:On voit que le volume crypto est sd4 # exit Welcome to OpenBSD/amd64 6.9 installation program. (I)nstall,(U)pgrade, (A) choose install (...) available network interface are: iwx0 em0 vlan0 choose em0 (its for ethernet) choose dhcp password for root account Start ssd(8) by default? no Do you want the X windows System to be started by xenodm(1)?(no) yes Setup a user ? nameofuser (...) Available disks are: sd0 sd1 sd2 sd3 sd4 Which disk is the root disk? sd4 note: use (?) to find the root disk. Choose Whole disk MBR Use auto layout Location of sets = http HTTP Server = ftp.eu.openbsd.org apres installation ca reboot. Si erreur boot device not found, verifier dans le bios que le boot legacy est bien actif. Start X # rcctl enable xenodm # rcctl start xenodm eteindre le nuc # shutdown -p now ******************************************** POST INSTALL activer doas--- # cat /etc/examples/doas.conf # cp /etc/examples/doas.conf /etc # exit $ doas sh doas (sam@pc.my.domain) password: # disable the root account---- # usermod -p'*' root disable it by setting the password to ‘*’. This will prevent ‘root’ from being usable directly or through su, yet if really needed ‘saurus’ can still doas su to obtain a shell running as user ‘root’: run syspatch # syspatch will apply all missing patches **************************************** https://poolp.org/posts/2018-01-29/install-openbsd-on-dedibox-with-full-disk-encryption/ https://www.openbsd.org/faq/faq14.html https://medium.com/@crhenr/installing-openbsd-6-7-with-disk-encryption-fvwm-ricing-b6fb7e2073e6 https://www.tumfatig.net/20190311/openbsd-laptop-with-full-disk-encryption/ https://si3t.ch/ah/fr/01-intro/install/ official encryption doc : https://www.openbsd.org/faq/faq14.html#softraidFDE /dev/urandom can be (and probably is) veeeery slow. You should use /dev/zero instead. Using /dev/zero is sufficient for 99% of things - and it runs at the speed of the disk (might take 15-20 minutes for 60G, but could be less). #voir les disques dmesg |grep "^[sw]d" sd0 samsung ssd 807 476 940 MB sd1 samsund ssd 980 953 869 MB sd2 corsair voyager 30 176 device lors du boot, bien verifier que le 'legacy boot' est actif dans le BIOS ***************** WARNING: dd if=/dev/zero of=/dev/ is used to clean a drive or device before forensically copying data. The drive or device must always be sanitized before copying information from a system under forensic investigation to mitigate cross contamination. Therefore, it is not a bad command, the end-user must understand what it is used for or they will destroy their data. If this is what you desire then to verify the zero write operation do dd if=/dev/sda | hexdump -C | head. Source: A Practical Guide to Computer Forensics Investigations by Dr Darren Hayes ****************************