Jan. 17, 2020, 7:31 p.m.

Installation and Configuration of OpenBSD 6.6

 

Video demo: https://youtube.com/watch?v=8v6_wBvcuMY

OpenBSD on an External Hard Drive

This is a simple guide on how to install OpenBSD 6.6 and using it as Desktop day to day use.
You should also read the official OpenBSD documentation first before reading this guide or post.
I have not used OpenBSD before, the last thing that I used is FreeBSD and I manage to make it work with a proprietary broadcom wifi and XFCE4 desktop, until my HDD failed because of other reasons.

Software Requirements:

  • OpenBSD 6.6 installer (I chose the install66.fs, that will be burned to a flash drive)

Hardware Requirements:

  • A Laptop/PC preferably with an Intel GPU (If this is your first time, I would suggest using a Virtual Machine or just remove your Hard Drive/Solid State Drive to prevent data loss)
  • An External/Portable HDD/SSD (The entire drive will be erased, backup your data first!)
  • Internet Connection through LAN or WiFi

Steps:

We need to acquire the installation disk of OpenBSD, it is available from the official OpenBSD website
https://www.openbsd.org/

Download Link: https://www.openbsd.org/faq/faq4.html#Download

Download your preferred file for installation, I am going to use a USB Flash Drive as my installation medium. I chose the installXX.fs file for amd64 platform. If you are using an older generation of CPU’s that does not support 64-bit arch then pick i386.

DD the file to our USB Flash Drive dd if=./install66.fs of=/dev/sdb bs=4M, this will OVERWRITE the content of the entire /dev/sdb drive, please double check your command. Always backup your files when executing dd.

Boot the OpenBSD installer to your PC/Laptop and plug in your External HDD/SSD. Follow the commands below to enable Full Disk Encryption with SoftRAID:

Welcome to the OpenBSD/amd64 6.6 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s

cd /dev
sh MAKEDEV sd0
dd if=/dev/urandom of=/dev/rsd0c bs=1m

fdisk -iy sd0

Writing MBR at offset 0.

disklabel -E sd0
Label editor (enter '?' for help at any prompt)
a a 
offset: [64] 64
size: [2490031] *
FS type: [4.2BSD] RAID
sd0*> w
sd0> q

No label changes.

bioctl -c C -r 8192 -l /dev/sd0a softraid0
New passphrase:
Re-type passphrase:
softraid0: CRYPTO volume attached as sd2

exit

To summarize the commands above, first we use the Shell to overwrite the content of our external HDD content with random date, this is optional. We now create a new volume occupying the entire drive to be encrypted with the bioctl command. Do not forget your passphrase! After this, we proceed to the actual installation of OpenBSD. Please note that sd2 is the encrypted disk partition that we will install OpenBSD to.

Welcome to the OpenBSD/amd64 6.6 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? i

Choose your keyboard layout [default] ENTER

Available network interfaces are: athcn0 ath0 vlan0.

In my case, athcn0 is my Atheros WiFi Card and ath0 is my ethernet interface. I did not configure my network at this time because of very slow internet connection at that time. We will now be asked on where to install OpenBSD to, choose the SoftRAID FDE that we created earlier. In my case, it is sd2.

Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] sd2
No valid MBR or GPT
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
Setting OpenBSD MBR partition to whole sd2...done.

Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]

I used the Auto Layout to make things simple. After this you will be prompted to specify the location of the file sets, this contains the base system of OpenBSD.

Location of sets? (cd0 disk http or 'done') [cd0] disk
Is the disk partition already mounted? [no] no
Which disk contains the install media? (or 'done') [sd0] sd1
Available sd1 partitions are: a i.
Which sd1 partition has the install sets? (or 'done') [a]
Pathname to the sets? (or 'done') [6.6/amd64]

Since we are using our local installation medium, we can skip the SHA256 verification.

Directory does not contain SHA256.sig. Continue without verification? [no] yes

Post-Install Configurations

After installation, we will now configure OpenBSD for a good desktop experience. After rebooting, and entering your pass phrase you should be greeted by xenodm. After logging in with your credentials you will now be redirected to the fvwm. Ksh is the default shell of OpenBSD.

At this point, you can either SSH to your OpenBSD or use the virtual console for us to be able to configure it (Ctrl + Alt + F1).

To connect to a network (if not already), we need to find out our ethernet interface. If you do not have one, that will be a problem as not all WiFi devices are supported by OpenBSD.

Finding out our ethernet interface:

% ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
    index 4 priority 0 llprio 3
    groups: lo
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
    inet 127.0.0.1 netmask 0xff000000
em0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4> mtu 1500
    lladdr 00:1f:10:00:00:00
index 1 priority 0 llprio 3
    groups: egress
    media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
iwn0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
    lladdr 00:06:00:80:50:c0
    index 2 priority 4 llprio 3
    groups: wlan
    media: IEEE802.11 autoselect
    status: no network
    ieee80211: nwid ""
....

In my case, em0 is my ethernet interface and iwn0 is my wireless interface.

To get the dhcp lease, issue: dhclient em0. I will not try to use wifi with my OpenBSD.

To install firmware for our laptop or Desktop issue this command:

# fw_update

It is important to update the system first before installing other packages:

# syspatch
# pkg_add -Uu

As you may have noticed, there is the annoying xconsole when logging in xenodm. You may want to disable it, just edit the file:
/etc/X11/xenodm/Xsetup_0 and comment out the xconsole line.

To avoid using the root account all the time, we can use the doas command, this is just like the sudo command from GNU+Linux distro, but you can still install sudo with pkg_add. We need to add our user to be authorized to use doas.

echo 'permit persist keepenv user ' > /etc/doas.conf

Be sure to replace user with your actual username.

If you are using a laptop, you may want to enable power management to save battery life. This may also reduce your CPU performance.

rcctl enable apmd
rcctl set apmd flags -A
rcctl start apmd

A note on CPU performance:

If you use apmd, (not confirmed). This may set your CPU clock to the lowest frequency without affecting the performance.

$ apm
Battery state: high, 98% remaining, unknown life estimate
A/C adapter state: connected
Performance adjustment mode: auto (1000 MHz)

This is the automatic power management, as you can see the apm set my laptop’s CPU frequency to 1000 MHz, which is the lowest.

To confirm, please execute this in the shell:

$ sysctl | grep setperf
hw.setperf=0

If hw.setperf=0 then the CPU frequency is set to the lowest. You can max this out to 100 but this will disable the power saving feature of apmd by executing:

$ apm -H

This will make the apm max out the CPU freq. Confirm with:

$ apm
Battery state: high, 98% remaining, unknown life estimate
A/C adapter state: connected
Performance adjustment mode: manual (1000 MHz)

$ sysctl | grep setperf
hw.setperf=100

Further configurations

We will add our user to the staff group, this group has higher resource limits in login.conf. This is important if you will be using OpenBSD as Desktop and for browsing the internet with Firefox or Chromium.

# /etc/logins.conf

#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
    :datasize-cur=1024M:\
    :datasize-max=8192M:\
    :maxproc-max=1024:\
    :maxproc-cur=512:\
    :ignorenologin:\
    :requirehome@:\
    :tc=default:

Literal copy and paste from https://www.c0ffee.net/blog/openbsd-on-a-laptop/, we need to modify sysctl variable for desktop use.

# /etc/sysctl.conf

# shared memory limits (chrome needs a ton)
kern.shminfo.shmall=3145728
kern.shminfo.shmmax=2147483647
kern.shminfo.shmmni=1024

# semaphores
kern.shminfo.shmseg=1024
kern.seminfo.semmns=4096
kern.seminfo.semmni=1024

kern.maxproc=32768
kern.maxfiles=65535
kern.bufcachepercent=90
kern.maxvnodes=262144
kern.somaxconn=2048

To improve the disk performance, we need to include the noatime (just like in GNU+Linux) and softdep (See: https://www.openbsd.org/faq/faq14.html#SoftUpdates) to the /etc/fstab.

xxxxxxxxxxxxxxxx.b none swap sw
xxxxxxxxxxxxxxxx.a / ffs rw,softdep,noatime 1 1
xxxxxxxxxxxxxxxx.k /home ffs rw,nodev,nosuid,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.d /tmp ffs rw,nodev,nosuid,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.f /usr ffs rw,nodev,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.g /usr/X11R6 ffs rw,nodev,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.h /usr/local ffs rw,wxallowed,nodev,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.j /usr/obj ffs rw,nodev,nosuid,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.i /usr/src ffs rw,nodev,nosuid,noatime,softdep 1 2
xxxxxxxxxxxxxxxx.e /var ffs rw,nodev,nosuid,noatime,softdep 1 2

Remove google from the /etc/ntpd.conf
By default, ntpd pings to www.google.com for a sanity check on each clock update.

# $OpenBSD: ntpd.conf,v 1.15 2019/07/04 05:19:31 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

servers pool.ntp.org
server ntp.pagasa.dost.gov.ph
sensor *
constraints from "https://www.mywebsite.com"

You can also specify your custom ntp servers.

Installing Packages

We can easily install packages with pkg_add command as root.

pkg_add i3 i3lock mc nmap pcmanfm firefox-esr chromium nano ristretto tumbler rsync sudo zsh htop jhead ncdu neofetch p7zip redshift scrot terminator vlc

We will configure zsh, I would recommend just copy and pasting Luke Smith zsh config from: https://gist.github.com/LukeSmithxyz/e62f26e55ea8b0ed41a65912fbebbe52. To change the default shell of OpenBSD, just issue the command: # chsdh -swhich zsh“

After changing the shell you should now see the following in a terminal emulator:

[user@redmagic.localhost.localdomain ~]$

Note:
user = username
redmagic = hostname

To use i3wm, we need to edit the .xsession file or create one with the following contents: (WIP)

export ENV=$HOME/.kshrc
xsetroot -solid grey &
xterm -bg black -fg white +sb &
exec i3

SSH-ing and neofetch:

user@1X.X.X.X's password: 
Last login: Sat Jan 18 19:03:37 2020
OpenBSD 6.6 (GENERIC.MP) #4: Wed Jan 15 10:55:43 MST 2020

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

[user@redmagic.localhost.localdomain ~]$

[user@redmagic.localhost.localdomain ~]$ neofetch
                                     _    user@redmagic.localhost.localdomain 
                                    (_)   ----------------------------------- 
              |    .                      OS: OpenBSD 6.6 amd64 
          .   |L  /|   .          _       Host: ASUSTeK Computer INC. 1015PX 
      _ . |\ _| \--+._/| .       (_)      Uptime: 2 hours, 34 mins 
     / ||\| Y J  )   / |/| ./             Packages: 402 (pkg_info) 
    J  |)'( |        ` F`.'/        _     Shell: zsh 5.7.1 
  -<|  F         __     .-<        (_)    Terminal: /dev/ttyp1 
    | /       .-'. `.  /-. L___           CPU: Intel Atom N570 (4) @ 1.667GHz 
    J \      <    \  | | O\|.-'  _        Memory: 529MiB / 2022MiB 
  _J \  .-    \/ O | | \  |F    (_)
 '-F  -<_.     \   .-'  `-' L__                                   
__J  _   _.     >-'  )._.   |-'                                   
 `-|.'   /_.          \_|   F
  /.-   .                _.<
 /'    /.'             .'  `\
  /L  /'   |/      _.-'-\
 /'J       ___.---'\|
   |\  .--' V  | `. `
   |/`. `-.     `._)
      / .-.\
      \ (  `\
       `.\

[user@redmagic.localhost.localdomain ~]$

The rest is still, work-in-progress.

My experience with OpenBSD so far.
The OpenBSD bootup may be slower than the GNU+Linux distro (I am using a USB SATA HDD enclosure), NVIDIA GPU is not supported (xorg can’t find display), Video Playback with VLC may not be that good.

References:

https://www.c0ffee.net/blog/openbsd-on-a-laptop/
https://bsdly.blogspot.com/2017/07/openbsd-and-modern-laptop.html
https://news.ycombinator.com/item?id=18370327
https://sohcahtoa.org.uk/openbsd.html
https://www.openbsd.org/faq/faq15.html
https://www.openbsd.org/faq/faq13.html