tested on openbsd 7.8
when openbsd installer boots, choose (S)hell to start the full-disk encryption setup.
# sysctl hw.disknames hw.disknames=sd0:xxxxxxxxxxx,rd0:xxxxxxxxxxx,sd1:xxxxxxxxxxx #
warning! all data on sd0 will be erased.
create guid partition table (gpt) and a partition layout.
# dd if=/dev/urandom of=/dev/rsd0c bs=1m count=960 960+0 records in 960+0 records out 960 bytes transferred in 0.002 secs (431688 bytes/sec) # fdisk -iy -g -b 960 sd0 Writing GPT. # print 'd *\na a\n\n\nRAIDn\wn\qn\' | disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> sd0*> offset: [1024] size: [1000214159] FS type: [4.2BSD] sd0> sd0> No label changes. #
generate a strong passphrase.
# bioctl -c C -l sd0a softraid0 New passphrase: Re-type passphrase: sd2 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> sd2: 488385MB, 512 bytes/sector, 1000213631 sectors softraid0: CRYPTO volume attached as sd2 # cd /dev && sh MAKEDEV sd2
return to openbsd installer:
# exit@hi@romanzolotarev.com