outdated, new installations here Tired of Systemd and some other layers in Linux, I will try to install OpenBSD my x230 Tablet, encrypting partitions with a key stored on a SD card. (hello NSA)
I will use an openBSD59 (snapshot of 27th of March 2016).
The x230 is modified, I added a mSATA drive (sd1).
I removed totally Windows as I don't use it.

Install59.iso

I will use the following schema:

• mSATA (sd1) 256GB for /
• SATA (sd0) 500GB for swap/var/home

Boot from the iso/usb key
Select the shell (by type 's') when arriving on the following:
(I)nstall, (U)pgrade, (A)utoinstall, (S)hell?

We will create the above partitions using fdisk/disklabel tools.

fdisk -iy sd1

the output is

fdisk ; sd1: No such file or directory

Let's create the device

cd /dev
sh ./MAKEDEV sd1

An run again:

fdisk -iy sd1

the output is largely nicer:

Writing MBR at offset 0.

Let's partition sd0 and sd1

disklabel -E sd1
> a
partition: [a]
offset: [64]
size: [500103386] 95%
FS type: [4.2BSD] RAID
> w
> q

Done for sd1 (I leave 5% free for TRIM as I got no clear details whether or not I need it or not if it is working or not and well 95% of 256GB should be enough for / )
Let's partition sd0

disklabel -E sd0
> a
partition: [a]
offset: [0]
size: [976773168] 16g
FS type: [4.2BSD] swap
> a
partition: [b]
offset: [33559785]
size: [943213383]
FS type: [swap] RAID
> w
> q

Here we do 2 partitions, swap (already encrypted) and a RAID one that will contained /var /tmp and /home)

Plug in your SD card/ USB stick, here it is named sd3

cd /dev
sh ./MAKEDEV sd3

Don't forget to create the MBR

 fdisk -iy sd3 

We just need around 1MB for the key so I will just create two very small partitions (d and e).

disklabel -E sd3
> a
partition: [a]d
offset: [64]
size: [124735488] 2m
FS type: [4.2BSD] RAID
> a
partition: [a]e
offset: [16065]
size: [124735488] 2m
FS type: [4.2BSD] RAID
> w
> q

So for now we have sd1(m-sata)/sd0(sata)/sd2(sdcard)
Next step is an all-in-one step: we will encrypt sd1a and sd0b as softraid0 and save the key on the SD card.

bioctl -C force -c C -l /dev/sd1a -k /dev/sd3d softraid0
bioctl -C force -c C -l /dev/sd0b -k /dev/sd3e softraid0

Note: http://www.tedunangst.com/flak/post/OpenBSD-softraid-crypto-boot
Maybe it would be good to put on top:

bioctl -c C -l /dev/sd1a -r 98765 softraid0
bioctl -c C -l /dev/sd0b -r 98765 softraid0

Output will be something like:

sd4 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
sd4: 231988MB,512 bytes/sector, 475111754 sectors

and

sd5 at scsibus2 targ 2 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
sd5: 460553MB,512 bytes/sector, 943212855 sectors

We create the devices:

cd /dev
sh ./MAKEDEV sd4
sh ./MAKEDEV sd5

Good practice, erase first MegaByte:

dd if=/dev/zero of=/dev/rsd4c bs=1m count=1
dd if=/dev/zero of=/dev/rsd5c bs=1m count=1

So now we have sd4 and sd5 which we will use during the installation.

Let's go back to the installation

/install

Select layout, timezone, passwords, user(s)…
When at the partitioning point, select the 2 new device (sd4 and sd5 in my case).

Which disk is the root disk? [sd0] sd4
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]W
[… auto partitions schema …]
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] c
> a
partition: [a]a
offset: [64]
size: [475106246]
FS type: [4.2BSD]
mount point: [none] /
> w
> q

We do the same for sd5 (/var /tmp and /home)

which disk do you wish to initialize? [done] sd5
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]W
> a
partition: [a]a
offset: [64]
size: [943208216] 20g
FS type: [4.2BSD]
mount point: [none] /var
> a
partition: [b]
offset: [41945696]
size: [901262584] 10g
FS type: [swap] 4.2BSD
mount point: [none] /tmp
> a
partition: [d]
offset: [62910528]
size: [880297752]
FS type: [4.2BSD]
mount point: [none] /home
> w
> q

And voilà.

which disk do you wish to initialize? [done]

Install the sets
Installation should finish with a success, but DO NOT REBOOT YET

We will tweak quickly the fstab to add the swap partition as well as some parameters:

sed 's/rw/rw,softdep,noatime/g' /mnt/etc/fstab > /mnt/a
echo '/dev/sd0a none swap sw 0 0' >> /mnt/a
mv /mnt/a /mnt/etc/fstab   

Done, everything is ready! ready to reboot

reboot

dd if=/dev/rsd2d of=key1.img bs=1m
dd if=/dev/rsd2e of=key2.img bs=1m

Optional, but thrilling!

cd /
mv /bsd.rd /bsd.rd.sav
wget http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/amd64/bsd.rd

Reboot

reboot

At boot prompt type:

boot> boot bsd.rd

Then use the “upgrade” method, give your keyboard layout, your root device/partition.
When upgrade is done, type again “reboot”.
Once reboot use sysmerge to merge/check modifications

sysmerge

And voilà ! you are in -current

In order to keep some battery:

vi /etc/rc.conf.local

add

apmd_flags="-A"         # Set apmd(8) to automatic performance adjustment mode. 
apmd_enable="YES"

In /etc/rc.conf.local add:

multicast_host=YES
ntpd_flags="-s"
hotplugd_flags=""

In /etc/login.conf change:

       :datasize-max=512M:\
       :datasize-cur=512M:\

by (at least)

       :datasize-max=1024M:\
       :datasize-cur=1024M:\

Reference: http://www.bsdnow.tv/tutorials/the-desktop-obsd

xorg.conf to put in /etc/X11

Section "ServerLayout"
	Identifier     "X.org Configured"
	Screen      0  "Screen0" 0 0
	InputDevice    "Mouse0" "CorePointer"
	InputDevice    "Keyboard0" "CoreKeyboard"
   Option         "AllowEmptyInput" "off"
	Option			"AutoAddDevices" "off"
   Option         "DontZap" "false"
EndSection
 
Section "Files"
	ModulePath   "/usr/X11R6/lib/modules"
	FontPath     "/usr/X11R6/lib/X11/fonts/misc/"
	FontPath     "/usr/X11R6/lib/X11/fonts/TTF/"
	FontPath     "/usr/X11R6/lib/X11/fonts/OTF/"
	FontPath     "/usr/X11R6/lib/X11/fonts/Type1/"
	FontPath     "/usr/X11R6/lib/X11/fonts/100dpi/"
	FontPath     "/usr/X11R6/lib/X11/fonts/75dpi/"
EndSection
 
Section "Module"
	Load  "dbe"
	Load  "dri"
	Load  "dri2"
	Load  "extmod"
	Load  "glx"
	Load  "record"
EndSection
 
Section "InputDevice"
	Identifier  "Keyboard0"
	Driver      "kbd"
        Option "XkbLayout" "us"
        Option "XkbVariant" "intl"
#	Option "XkbOptions "compose:prsc"
EndSection
 
Section "InputDevice"
	Identifier	"Touchpad0"
	Driver		"synaptics"
	Option		"Device" "/dev/wsmouse0"
	Option		"AutoServerLayout" "True"
EndSection
 
Section "InputDevice"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "wsmouse"
	Option	    "Device" "/dev/wsmouse"
	Option	    "ZAxisMapping" "4 5 6 7"
	Option	    "EmulateWheel" "true"
	Option	    "EmulateWheelButton" "2"
	Option	    "AutoServerLayout" "True"
EndSection
 
Section "Monitor"
	Identifier   "Monitor0"
	VendorName   "Monitor Vendor"
	ModelName    "Monitor Model"
EndSection
 
Section "Device"
        ### Available Driver options are:-
        ### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
        ### <string>: "String", <freq>: "<f> Hz/kHz/MHz",
        ### <percent>: "<f>%"
        ### [arg]: arg optional
        #Option     "NoAccel"            	# [<bool>]
        #Option     "SWcursor"           	# [<bool>]
        #Option     "ColorKey"           	# <i>
        #Option     "CacheLines"         	# <i>
        #Option     "Dac6Bit"            	# [<bool>]
        #Option     "DRI"                	# [<bool>]
        #Option     "NoDDC"              	# [<bool>]
        #Option     "ShowCache"          	# [<bool>]
        #Option     "XvMCSurfaces"       	# <i>
        #Option     "PageFlip"           	# [<bool>]
	Identifier  "Card0"
	Driver      "intel"
	BusID       "PCI:0:2:0"
EndSection
 
Section "Screen"
	Identifier "Screen0"
	Device     "Card0"
	Monitor    "Monitor0"
	SubSection "Display"
		Viewport   0 0
		Depth     16
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     24
	EndSubSection
EndSection

See xorg.conf above but basically:

Section "InputDevice"
	Identifier	"Touchpad0"
	Driver		"synaptics"
	Option		"Device" "/dev/wsmouse0"
	Option		"AutoServerLayout" "True"
EndSection
 
Section "InputDevice"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "wsmouse"
	Option	    "Device" "/dev/wsmouse"
	Option	    "ZAxisMapping" "4 5 6 7"
	Option	    "EmulateWheel" "true"
	Option	    "EmulateWheelButton" "2"
	Option	    "AutoServerLayout" "True"
EndSection

In your ~/.xsession

#!/bin/sh
 
# deactivate touchpad
synclient TouchpadOff=1

Still in ~/.xsession

# activate scroll wheel button
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation" 0
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Axes" 6 7 4 5
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Button" 2
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Timeout" 50
xinput set-prop "/dev/wsmouse" "WS Pointer Wheel Emulation Inertia" 3
 
# increase pointer speed
xinput set-prop "/dev/wsmouse" "Device Accel Constant Deceleration" 0.4

Still in ~/.xsession

# set locale
export LC_CTYPE="en_US.UTF-8"
export LC_MESSAGES="en_US.UTF-8"

ifconfig is your friend!
Simple example:

ifconfig iwn0 nwid "my nice wifi" wpakey "4m4z1ngP4$$" up

then if all is ok:

dhclient iwn0

You can scan networks (wifi)

ifconfig iwn0 scan

Basic rules in your /etc/pf.conf

#       $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return    # block stateless traffic
pass            # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

set block-policy drop
match in all scrub (no-df random-id max-mss 1440)
antispoof quick for (egress)
block in quick on egress from { no-route urpf-failed } to any
block in all
pass out quick inet keep state

References: http://www.bsdnow.tv/tutorials/the-desktop-obsd

Time to play with pkg_add to put some useful tools:

pkg_add -Uu
pkg_add -iv firefox
pkg_add -iv ImageMagick irssi vim zsh rxvt-unicode fvwm2 xscreensaver rdesktop iftop rsync wget curl figlet dfc git subversion ranger emelfm2

You can install ports using a snapshot made for you!

cd /usr
wget http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/ports.tar.gz
tar xvzf ports.tar.gz

Two ways:

pkg_info yourpackage

or

cd /usr/ports
make search key=what_you_search

Reference: http://www.bsdnow.tv/tutorials/ports-obsd

→ installboot: no OpenBSD partition
Failed to install bootblocks
You will not be able to boot OpenBSD from sd4

I had this issue when sd0 didn't had a MBR nor sd3 … dd saved the days :)

• http://unix.stackexchange.com/questions/9527/how-should-one-set-up-full-disk-encryption-on-openbsd
• https://ryanak.ca/planet-ubuntu/2013/03/26/Setting-up-full-disk-encryption-in-OpenBSD-5.3.html
• http://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption
• http://brycv.com/blog/2012/encrypted-root-filesystem-using-softraid-4-on-openbsd-with-an-slc-ssd/
• http://www.bsdnow.tv/tutorials/fde
• http://man.openbsd.org/OpenBSD-current/man8/bioctl.8
• http://geodsoft.com/howto/harden/OpenBSD/no_changes.htm
• http://fsfe.soup.io/post/669752294/emergency-exit-OpenBSD-on-the-Thinkpad-X250
• http://www.openbsd.org/faq/faq4.html
• http://undeadly.org/cgi?action=article&sid=20110530221728
• https://github.com/jhautefeuille/obsdnfo
• http://www.openbsd.org/faq/faq14.html
• http://geekyschmidt.com/2011/03/27/openbsd-laptop-mini-howto
• http://www.tumfatig.net/20150215/bind-nsd-unbound-openbsd-5-6/
• http://www.openbsd.org/faq/faq6.html