====== OpenBSD ====== I use an OpenBSD virtual host (VMware guest) for certain cryptography requirements (managing the Quay x509 Root CA, some gpg uses). For convenience and because I don't really have a full time need for this level of crypto, I save this work environment as a VMware Fusion VM (yeah, yeah I know that VMware introduces its own risks, but this is strictly for using the tools rather than a runtime environment). This page documents some tricks that are useful in setting up and managing OpenBSD. ====== Encrypting the Filesystem ====== I store secret keys on this VM image so I would like the filesystem to be encrypted to that it is not easily accessible if somebody gets a copy of the VMDK files. More detail is available here: http://www.openbsd.org/faq/faq14.html#softraidCrypto I skimmed through these tutorials as well before deciding how I wanted to do this: * http://ryanak.ca/planet-ubuntu/2013/03/26/Setting-up-full-disk-encryption-in-OpenBSD-5.3.html * http://www.bsdnow.tv/tutorials/fde (also includes instructions for FreeBSD) Here are some terse instructions for making this work: ## these instructions assume you're using SCSI disks ## modify the device names as needed (e.g.: wd instead of sd for ATA) fdisk -iy sd0 disklabel -E sd0 # enter the label editor ## these commands are run at the label editor prompt, not the shell # set up a 1GB swap partition (OpenBSD encrypts swap by default # so we can exclude it from our crypto RAID) > a b offset: [64] size [10474316] 1g Rounding size to cylinder (16065 sectors): 2104451 FS type: [swap]: > a a offset: [2104515] size: [31439205] * FS type: [4.2BSD] RAID > w > q No label changes. ## now create the softraid crpyto volume bioctl -c C -l /dev/sd0a softraid0 # enter your passphrase for the volume # you should see "softraid0: CRYPTO volume attached as sd1" if succsessful exit ## you can complete the install as usual now on sd1 ===== Notes ===== If you want to find the hardware names of your disks you can use: ''sysctl hw.disknames''