roman 🦄🐡 Profile picture
a minimalist web developer (https://t.co/5vJGhQp7n4) #javascript #typescript #nodejs #openbsd #runbsd #vim a fan of https://t.co/2T6Xm0ZdFN

Jul 22, 2018, 34 tweets

Autoinstall #OpenBSD 6.3 on #ThinkPad X1C5 with full disk encryption in five minutes!

1. Turn you computer on
2. Press F1

3. Wait a second...

4. Select "Security > I/O Port Access"

5. Check devices and disable if you don't need them.
Bluetooth and Fingerprint Reader* are not supported in #OpenBSD 6.3.

* there is a patch for Fingerprint Reader (I don't use it)

6. Select "Security > Secure Boot"

7. Select "... Boot Priority > Legacy First"

8. Press F10 to save and exit.

9. Plug in USB drive with #OpenBSD 6.3 Installer and press F12 while rebooting

10. In Boot Menu select "USB HDD: ..." and press Enter.

11. Wait for #OpenBSD Installer to boot (or press Enter to skip few seconds)

12. Type "s" and press Enter to select "(S)hell".

13. Check hw.disknames

# sysctl

sd0 is SSD
rd0 is RAM disk for OpenBSD installer
sd1 is USB flash drive

14. Erase sd0

# dd if=/dev/urandom of=/dev/rsd0c bs=1m

In my case just first MB, because the disk has been erased already.

15. Wait...

Erasing a whole disk could take few minutes.

16. Reinitialize the partition table (overwrite the primary MBR bootcode and MBR partition table)

# fdisk -iy sd0

17. Create the partition layout:

# disklabel -E sd0
> z
> a a
RAID
> w
> q

18. Check the layout

# disklabel sd0

19. Check the partition table

# fdisk sd0

20. Create an encrypted volume on "a" partition:

# bioctl -c C -l sd0a softraid0

Enter your new passphrase.

21. Confirm the passphrase and wait for CRYPTO volume to be attached as sd2.

22. Exit shell

# exit

23. Type "a" and press Enter to select "(A)utoinstall"

24. Use "em0" network interface for now

* Check Ethernet cable is pluged-in.
** Check DHCP server is available.

*** Firmware for iwm0 interface will be downloaded on the first boot (when OpenBSD is installed).

25. Type-in URL to your install.conf

For example, like this:
romanzolotarev.com/openbsd/neptun…

* Passwords may be in plaintext, encrypted with encrypt(1), or set to ‘*************’ (13 '*'s) to disable password logins, only permitting alternative access methods (e.g. ssh(1) keys).

26. Wait for OpenBSD to be installed on sd2 (your brand new encrypted volume)

Installer will reboot your computer as soon as OpenBSD is installed.

27. Hooray! OpenBSD 6.3 has been installed.
Type-in your passphrase to attach the encrypted volume.

* Don't forget to unplug your USB flash drive.

28. Wait for OpenBSD to boot (press Enter to skip few seconds)

29. OpenBSD installs firmware on its first boot...

30. Login as root with your password.

31. Enjoy OpenBSD 6.3 ;)

To be continued...

30. Switch to VT1 with Fn+CTRL+ALT and F1, and login as root.

@canadianbryan is there a way to install firmware earlier? I have it downloaded on USB flash drive.

7. Keep UEFI!
Just use -g option of fdisk on the following steps.

h/t @gsora_ and @canadianbryan

Replace with:

# fdisk -iy -g -b 960 sd0

Keep the partition created with
# fdisk -iy -g -b 960 sd0

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling