On 10/10, Stefan Sperling wrote:
On Tue, Oct 10, 2017 at 10:28:40AM -0700, [email protected] wrote:
When installing OpenBSD using a keydisk for full disk encryption, I get an
error at the end of the installation process indicating that I won't be able
to boot from my newly installed system:
I suspect the problem is happening somewhere in these steps
which unfortunately you're not showing in detail:
* add a RAID partition that takes up the whole disk
* create a crypto volume using a keydisk
What did you actually do there?
Sorry there wasn't enough detail. I'll try again--here's every step
after booting the install media (please forgive any typos...I
typed/copied this by eye+hand):
Welcome to the OpenBSD/amd64 6.2 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s
# kbd us.dvorak
# disklabel sd0 ...make sure I'm looking at the correct disk
# dd if=/dev/random of=/dev/rsd0c bs=1m count=1
# fdisk -iy sd0
# disklabel -E sd0
a a
offset: [64]
size: [937697921]
FS type: [4.2BSD] raid
q
Write new label?: [y]
# cd dev
# sh ./MAKEDEV sd1 sd2 sd3
# cd /
# disklabel sd1
# disklabel sd2 ...found my keydisk
# bioctl -c C -k sd2k -l sd0a softraid0
sd4 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSC2 0/direct
fixed
sd4: 457860MB, 512 bytes/sector, 937697393 sectors
softraid0: CRYPTO volume attached as sd4
# install
At any prompt except password prompts you can escape to a shell by
typing '!'. ...
Choose your keyboard layout ('?' or 'L' for list) [default] us.dvorak
System hostname? (short form, e.g. 'foo') foo
Available network interfaces are: em0 iwm0 vlan0.
Which network interface do you wish to configure? (or 'done') [em0] done
DNS domain name? (e.g. 'example.com') [my.domain]
DNS nameservers? (IP address list or 'none') [none]
Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes]
Do you want the X Window System to be started by xenodm(1)? [no]
Setup a user? (enter a lower-case loginname, or 'no') [no]
Since no user was setup, root logins via sshd(8) might be useful.
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] yes
Available disks are: sd0 sd1 sd2 sd3 sd4.
Which disk is the root disk? ('?' for details) [sd0] sd4
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
Setting OpenBSD MBR partition to whole sd4...done.
The autoallocated layout for sd4 is:
# size offset fstype [fsize bsize cpg]
a: 1.0G 64 4.2BSD 2048 16364 1 # /
b: 4.2G 2097216 swap
c: 447.1G 0 unused
d: 4.0G 10901888 4.2BSD 2048 16384 1 # /tmp
e: 11.9G 19290464 4.2BSD 2048 16384 1 # /var
f: 2.0G 44239808 4.2BSD 2048 16384 1 # /usr
g: 1.0G 48434112 4.2BSD 2048 16384 1 # /usr/X11R6
h: 10.0G 50531264 4.2BSD 2048 16384 1 # /usr/local
i: 2.0G 71502784 4.2BSD 2048 16384 1 # /usr/src
j: 6.0G 75697088 4.2BSD 2048 16384 1 # /usr/obj
k: 300.0G 88280000 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
Rounding offset to bsize (32 sectors): 10901888
Rounding size to bsize (32 sectors): 8388576
Rounding size to bsize (32 sectors): 24949344
/dev/rsd4a: 1024.0MB in 2097152 sectors of 512 bytes
6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4k: 307200.0MB in 629145600 sectors of 512 bytes
378 cylinder groups of 814.44MB, 26062 blocks, 52224 inodes each
/dev/rsd4d: 4096.0MB in 8388576 sectors of 512 byens
21 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4f: 2048.0MB in 4194304 sectors of 512 bytes
11 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4g: 1024.0MB in 20971520 sectors of 512 bytes
6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4h: 10240.0MB in 20971520 sector of 512 bytes
51 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4j: 6144.0MB in 12582912 sectors of 512 bytes
31 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4i: 2048.0MB in 4194304 sectors of 512 bytes
11 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd4e: 12182.3MB in 24949344 sectors of 512 bytes
61 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
Available disks are: sd0 sd1 sd2 sd3.
Which disk do you wish to initialize? (or 'done') [done]
/dev/sd4a (e0cb45b8b9951c09.a) on /mnt type ffs (rw, asychronous, local)
/dev/sd4k (e0cb45b8b9951c09.a) on /mnt/home type ffs (rw, asychronous, local,
nodev, nosuid)
/dev/sd4d (e0cb45b8b9951c09.a) on /mnt/tmp type ffs (rw, asychronous, local,
nodev, nosuid)
/dev/sd4f (e0cb45b8b9951c09.a) on /mnt/usr type ffs (rw, asychronous, local,
nodev)
/dev/sd4g (e0cb45b8b9951c09.a) on /mnt/usr/X11R6 type ffs (rw, asychronous,
local, nodev)
/dev/sd4h (e0cb45b8b9951c09.a) on /mnt/usr/local type ffs (rw, asychronous,
local, nodev)
/dev/sd4j (e0cb45b8b9951c09.a) on /mnt/usr/obj type ffs (rw, asychronous,
local, nodev, nosuid)
/dev/sd4i (e0cb45b8b9951c09.a) on /mnt/usr/src type ffs (rw, asychronous,
local, nodev, nosuid)
/dev/sd4e (e0cb45b8b9951c09.a) on /mnt/var type ffs (rw, asychronous, local,
nodev, nosuid)
Let's install the sets!
Location of sets? (disk http or 'done') [http] disk
Is the disk partition already mounted? [no]
Available disks are: sd0 sd1 sd2 sd3 sd4.
Which disk contains the install media? (or 'done') [sd0] sd1
a: 736256 1024 4.2BSD 2048 16384 16142
i: 960 64 MSDOS
Available sd1 partitions are: a i.
Which sd1 partition has the install sets? (or 'done') [a]
Pathname to the sets? (or 'done') [6.2/amd64]
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
[X] bsd [X] base62.tgz [X] game62.tgz [X] xfont62.tgz
[X] bsd.mp [X] comp62.tgz [X] xbase62.tgz [X] xserv62.tgz
[X] bsd.rd [X] man62.tgz [X] xshare62.tgz
Set name(s)? (or 'abort' or 'done') [done]
Directory does not contain SHA256.sig. Continue without verification? [no] yes
Installing bsd 100% |**************************| 12777 KB 00:00
Installing bsd.mp 100% |**************************| 12858 KB 00:00
Installing bsd.rd 100% |**************************| 9565 KB 00:00
Installing base62.tgz 100% |**************************| 139 KB 00:16
Extracting etc.tgz 100% |**************************| 189 KB 00:00
Installing comp62.tgz 100% |**************************| 75525 KB 00:14
Installing man62.tgz 100% |**************************| 7008 KB 00:01
Installing game62.tgz 100% |**************************| 2718 KB 00:00
Installing xbase62.tgz 100% |**************************| 17964 KB 00:03
Installing xetc.tgz 100% |**************************| 7036 00:00
Installing xshare62.tgz 100% |**************************| 4417 KB 00:01
Installing xfont62.tgz 100% |**************************| 39342 KB 00:03
Installing xserv62.tgz 100% |**************************| 12572 KB 00:01
Location of sets? (disk http or 'done') [done]
What timezone are you in? ('?' for list) [Canada/Mountain]
Saving configuration files...done.
Making all device nodes...done.
installboot: no OpenBSD partition
Failed to install bootblocks.
You will not be able to boot OpenBSD from sd4.
#
Did you run fdisk -iy sd2 ?
No. I didn't realize I needed to. I was attempting to follow the FDE
section of the softraid FAQ:
http://www.openbsd.org/faq/faq14.html#softraid but just substitute a
keydisk for the passphrase, but sounds like I guessed wrong...sorry for
the noise, I'll poke around some more online and see what else has been
written. Sounds like the keydisk needs to be bootable, and maybe the
installer doesn't help with that. The bioctl man page doesn't have much
to say on the subject.
What does the disklabel of sd2 look like?
# disklabel sd2
# /dev/rsd2c:
type: SCSI
disk: SCSI disk
label: Nitrokey Storage
duid: b0635aea4d74d1c5
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
secotrs/cylinder: 16065
cylinders: 261
total sectors: 4194304
boundstart: 0
boundend: 4194304
drivedata: 0
16 partitions:
# size offset fstype [fzize bsize cpg]
c: 4194304 0 unused
i: 4178239 16065 MSDOS
k: 16065 0 RAID
On 10/10, Stefan Sperling wrote:
On Tue, Oct 10, 2017 at 10:28:40AM -0700, [email protected] wrote:
When installing OpenBSD using a keydisk for full disk encryption, I get an
error at the end of the installation process indicating that I won't be able
to boot from my newly installed system:
I suspect the problem is happening somewhere in these steps
which unfortunately you're not showing in detail:
* add a RAID partition that takes up the whole disk
* create a crypto volume using a keydisk
What did you actually do there?
Did you run fdisk -iy sd2 ?
What does the disklabel of sd2 look like?
