I think you will find that hibernate doesn’t work with this setup if you try it.
I found this write-up explaining a little better: http://undeadly.org/cgi?action=article&sid=20131112031806 Seems double-encrypted swap or dual swap partitions is the way to go if you want hibernate to work and don’t want to recompile the kernel. I’ll start by trying out the double-encrypted swap, since I won’t be running heavy loads on this machine and only have a 128gb ssd in it. > On 19 May 2015, at 21:48, Jonathan Thornburg <jth...@astro.indiana.edu> wrote: > > In message <http://marc.info/?l=openbsd-misc&m=143181492518064&w=1>, > Fredrik Alm <fred () fredrikalm ! com> asked about how to handle the > swap partition when using whole-disk softraid crypto: >> I've seen a few 'whole disk encryption' tutorials which puts the >> swap outside of the partition used for the softraid encryption, >> since openbsd already encrypts the swap partition anyway. I assume >> that by putting the swap inside the encrypte d partition, there >> will be performance penalties because encryption is done twice? >> could someone shed a little light on this issue? > > In message <http://marc.info/?l=openbsd-misc&m=143185210923894&w=1> > dan mclaughlin <thevoid () openmailbox ! org> replied > | where did you see those tutorials? i attempted this some months ago > | (6-7) and it was not possible to have swap outside of the softraid. > | i forget what the exact problem was (i should have taken better > | notes...). i believe the system wouldn't boot properly, and i think > | it was because the swap partition was on a different device. > and later in the thread > | honestly though, i don't know how the guy who wrote that tutorial got it to > | work (if in fact he did...), i remember it being completely unworkable. i > | think the only option was to rebuild the kernel, as you said, which really > | isn't an option. > > In message <http://marc.info/?l=openbsd-misc&m=143185991125110&w=1> > Stefan Sperling <stsp () stsp ! name> replied > # Keeping swap on the same disk as the root filesystem has some advantages. > # For historical reasons the system expects this in various places. > # More things (such as hibernate) will work out of the box this way. > > I can report that as of 5.6-stable/amd64, it *is* possible to have > swap outside the softraid. I currently have this configuration running > on a pair of Thinkpad T60 laptops, and I'm fully satisfied with it. > Suspend-to-RAM works fine; I haven't tried hibernate. > > > > For this configuration, I wanted separate softraid-crypto partitions > for the OS and for /home. > > After a few false starts, I settled on the following layout: > > sd0 > --- > | a -+- (sd1) softraid crypt, size = 44.5G > | | a = root 256M > | | d = root2 256M > | | e = var 2G > | | f = var2 2G > | | g = usr 20G > | | h = usr2 20G > | -+----- > | b swap 6G > | j -+- (sd2) softraid crypt, size = all remaining space > | | j = home > --- -+----- > > sd0 is the physical disk > It has 3 openbsd-partitions: a, b, and j > > sd1 is a softraid-crypto disk living inside sd0a. sd1 stores all the > OS partitions, currently 5.6-stable in my case. > [In my case there are actually two sets of OS partitions, > but at present I'm only using the a,e,g root,var,usr ones. > The others are for future use as backups, in the same manner > as I described (for an older OpenBSD system) in message > <http://marc.info/?l=openbsd-misc&m=125989140407974&w=1>.] > > sd0b is the swap partition > > sd2 is a softraid-crypto disk living inside sd0j. sd2 stores /home. > > > > Setting this up took a little bit of tinkering, but with a bit of guru > help on misc@, everything eventually came out fine. Here's the procedure > that eventually worked, starting from a new-from-the-factory disk just > installed into the laptop: > > boot from 5.6 CD > Install, Upgrade, Autoinstall, or Shell --> Shell > > maybe type some commands so the kernel can accumulate some of entropy > in the random-number subsystem > > fill the entire disk with random data: > (--> later steps won't leak which blocks have been written) > (for a big disk this may take a day or so) > > # dd if=/dev/arandom bs=1m of=/dev/sd0c > > I want to use the entire physical disk for OpenBSD: > > # fdisk -i sd0 > > # disklabel -E sd0 > add partitions > a @ offset 128, size 93323264 sectors, type RAID > b size 6G, type swap > j size everything-left, type RAID > > now create softraid-crypto sd1 > > # cd /dev > # sh MAKEDEV sd1 > # dd if=/dev/zero bs=1m count=1 of=/dev/rsd0a > # bioctl -c C -r 100000 -l /dev/sd0a softraid0 > (enter sd1 passphrase) > (enter sd1 passphrase again) > > This passphrase will be the boot passphrase. > > Now install OpenBSD from the CD into sd1, > > # install > > creating whatever OS partitions you like (in my case a,d,e,f,g,h, > as noted above). Two notes about this: First, put the root partition > ("a") at offset 256 as per Christian Weisgerber <naddy () mips ! inka ! de>'s > super-helpful comments in message > <http://marc.info/?l=openbsd-misc&m=141519757707447&w=1>. > And second, don't create either a swap partition ("b") > or a /home partition at this point -- those will come later. > > Now boot the newly-installed system (this will require entering the > boot passphrase, of course). Once it's up and running, edit /etc/fstab > to add sd0b as a swap partition: > > /dev/sd0b none swap sw 0 0 > > Now setup up softraid-crypto sd2 to hold /home > > # dd if=/dev/zero bs=1m count=1 of=/dev/rsd0j > # bioctl -c C -r 100000 -l /dev/sd0j softraid0 > (enter sd2 passphrase) > (enter sd2 passphrase again) > > fdisk -i sd2 > disklabel -E sd2 > add partitions > j @ offset 128, size everything-left, type 4.2BSD > > create the actual /home filesystem: > (these were my chosen newfs options; season to taste for your usage) > # newfs -O 2 -i 131072 -f 4096 -b 32768 sd2j > > Now mount /home > > # mount -o softdep,noatime /dev/sd2j /home > > > > A few other notes about this setup: > > In a normal boot, the process is to turn the machine on, let it do > any memory tests etc, and enter the boot passphrase when prompted. > After OpenBSD boots, login as root and run a script to do > > # bioctl -c C -r 100000 -l /dev/sd0j softraid0 > # mount -o softdep,noatime /dev/sd2j /home > > to mount /home. Since sd2 doesn't exist until the bioctl command > completes (this requires entering the sd2 passphrase, of course), > I don't think putting /home directly into /etc/fstab would work. > > > > One oddity is that according to dmesg (see below) the kernel thinks > sd1b is a swap partition... but no such partition exists. Once we're > up and running multi-user, 'swapctl -l' correctly reports sd0b as the > swap partition, > > # swapctl -l > Device 1024-blocks Used Avail Capacity Priority > /dev/sd0b 6296576 345676 5950900 5% 0 > # sysctl vm.swapencrypt > vm.swapencrypt.enable=1 > vm.swapencrypt.keyscreated=4679 > vm.swapencrypt.keysdeleted=3940 > # > > and swapping to that partition works ok. I haven't investigated what > 'swapctl -l' may say earlier in the boot process. > > I haven't investigated OS crash dumps. > > > > In the event of system crashes, fsck(8) can work its usual magic. > The auto-repair when booting an unclear filesystem should fixup all > the sd1 (OS) partitions; sd2 (/home) will require running 'fsck -p' > by hand in between the bioctl and the mount command. > > > > *** IMPORTANT *** > Don't try this unless you know what you're doing! Playing around > with partitions this way can be fun, and works fine if you do things > correctly, but mistakes can easily scramble your data. So... it's > essential to grok chapters 4 (installation) and 14 (disk setup) of the > FAQ, and the Fine Manuals disklabel(8), fstab(5), and installboot(8), > before trying this sort of setup. And of course, have a full backup > of any data-worth-saving on the disk. > > > > > Obligatory dmesg porn: > > # cat /var/run/dmesg.boot > OpenBSD 5.6-stable (GENERIC.MP) #1: Wed Apr 1 16:07:06 EDT 2015 > r...@copper.astro.indiana.edu:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 3203203072 (3054MB) > avail mem = 3109212160 (2965MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (68 entries) > bios0: vendor LENOVO version "7IET25WW (1.06 )" date 03/15/2007 > bios0: LENOVO 8742W1B > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT > SSDT SSDT > acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) > EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.67 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF > cpu0: 4MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 166MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.33 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF > cpu1: 4MB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins > ioapic0: misconfigured as apic 2, remapped to apid 1 > acpimcfg0 at acpi0 addr 0xf0000000, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus 4 (EXP2) > acpiprt5 at acpi0: bus 12 (EXP3) > acpiprt6 at acpi0: bus 21 (PCI1) > acpicpu0 at acpi0: C3, C2, C1, PSS > acpicpu1 at acpi0: C3, C2, C1, PSS > acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7 > acpitz0 at acpi0: critical temperature is 127 degC > acpitz1 at acpi0: critical temperature is 100 degC > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpibat0 at acpi0: BAT0 model "92P1139" serial 3681 type LION oem "Panasonic" > acpibat1 at acpi0: BAT1 not present > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0 > acpidock0 at acpi0: GDCK not docked (0) > cpu0: Enhanced SpeedStep 1994 MHz: speeds: 2000, 1667, 1333, 1000 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 > ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: msi > pci1 at ppb0 bus 1 > radeondrm0 at pci1 dev 0 function 0 "ATI Mobility FireGL V5250" rev 0x00 > drm0 at radeondrm0 > radeondrm0: msi > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi > azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog > Devices AD1981HD > audio0 at azalia0 > ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi > pci2 at ppb1 bus 2 > em0 at pci2 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address > 00:16:41:e7:a7:b1 > ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: msi > pci3 at ppb2 bus 3 > wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi, > MoW1, address 00:19:d2:c5:84:c5 > ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: msi > pci4 at ppb3 bus 4 > ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: msi > pci5 at ppb4 bus 12 > uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16 > uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17 > uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int 18 > uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int 19 > ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int 19 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 > pci6 at ppb5 bus 21 > cbb0 at pci6 dev 0 function 0 "TI PCI1510 CardBus" rev 0x00: apic 1 int 16 > cardslot0 at cbb0 slot 0 flags 0 > cardbus0 at cardslot0: bus 22 device 0 cacheline 0x8, lattimer 0xb0 > pcmcia0 at cardslot0 > pcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02 > pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA, channel > 0 configured to compatibility, channel 1 configured to compatibility > atapiscsi0 at pciide0 channel 0 drive 0 > scsibus1 at atapiscsi0: 2 targets > cd0 at scsibus1 targ 0 lun 0: <MATSHITA, DVD/CDRW UJDA775, CB03> ATAPI > 5/cdrom removable > cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > pciide0: channel 1 ignored (disabled) > ahci0 at pci0 dev 31 function 2 "Intel 82801GBM AHCI" rev 0x02: msi, AHCI 1.1 > scsibus2 at ahci0: 32 targets > sd0 at scsibus2 targ 0 lun 0: <ATA, WDC WD7500BPKX-2, 01.0> SCSI3 0/direct > fixed naa.50014ee65a76e6b3 > sd0: 715404MB, 512 bytes/sector, 1465149168 sectors > ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: apic 1 int > 23 > iic0 at ichiic0 > usb1 at uhci0: USB revision 1.0 > uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb2 at uhci1: USB revision 1.0 > uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb3 at uhci2: USB revision 1.0 > uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb4 at uhci3: USB revision 1.0 > uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > isa0 at pcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard > pms0 at pckbc0 (aux slot) > pckbc0: using irq 12 for aux slot > wsmouse0 at pms0 mux 0 > wsmouse1 at pms0 mux 0 > pms0: Synaptics touchpad, firmware 6.2 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > aps0 at isa0 port 0x1600/31 > vscsi0 at root > scsibus3 at vscsi0: 256 targets > softraid0 at root > scsibus4 at softraid0: 256 targets > sd1 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed > sd1: 45567MB, 512 bytes/sector, 93322736 sectors > root on sd1a (c2255fc9af18d55e.a) swap on sd1b dump on sd1b > drm: initializing kernel modesetting (RV530 0x1002:0x71D4 0x17AA:0x20A4). > radeondrm0: VRAM: 256M 0x0000000000000000 - 0x000000000FFFFFFF (256M used) > radeondrm0: GTT: 512M 0x0000000010000000 - 0x000000002FFFFFFF > drm: PCIE GART of 512M enabled (table at 0x0000000000040000). > radeondrm0: 1680x1050 > wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 > wsdisplay0: screen 1-5 added (std, vt100 emulation) > # > > ciao, > > -- > -- "Jonathan Thornburg [remove -animal to reply]" > <jth...@astro.indiana-zebra.edu> > Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA > "There was of course no way of knowing whether you were being watched > at any given moment. How often, or on what system, the Thought Police > plugged in on any individual wire was guesswork. It was even conceivable > that they watched everybody all the time." -- George Orwell, "1984"
