This is just a reminder for me to set up my Lenovo x230 as an OpenBSD laptop (I'm running -current).
For full-disk encryption choose the (S)hell option from the installation medium.
If your hard disk isn't available yet, change directory to /dev and enter
::: ksh # /bin/sh MAKEDEV sd1
Change sdX to whatever your disk should be. To setup the MBR and write a label enter
# fdisk -i sd1 # disklabel -E sd1
When asked for the partitioning scheme choose the appropriate size for SWAP (b) and for the rest choose RAID as partition type. Now we can create the encrypted partition:
# bioctl -c C -l /dev/sd1a softraid0
"-c C" creates the crypto device and "-l" specifies the device itself.
To go on with the installation enter "exit", but be careful! When you have to choose the device for the installation, choose the one bioctl created (sd2 in my case). Furthermore delete SWAP as we already have /dev/sd1a.
EDIT: As of May 2016 W^X is mandatory in OpenBSD so you want to put /usr/local on a separate filesystem.
After first reboot you want to alter your file system table:
# echo 'xxxxxxxxxxxxx.b none swap sw' >> /etc/fstab
where xxxxxxxxxxxxx.b is specified by the following command: "sysctl hw.disknames". That should give you a disk name and its UUID in the following format:
When you want to update from a snapshot create your hard disk and mount the encrypted device with the bioctl command above.
/etc/pf.conf (taken from)
set block-policy drop set skip on lo0 match in all scrub (no-df max-mss 1440) antispoof quick for egress block in quick on egress from urpf-failed to any block in quick on egress from no-route to any block in all pass out quick inet keep state
If you want to disable the touchpad while typing and like "tap-click" add the following lines to your .xsession:
synclient TapButton1=1 syndaemon -t -k -i 2 -d
Add APM daemon to your startup RC file
# echo 'apmd_flags=”-C”' >> /etc/rc.conf.local
To enable automatic suspend when the laptop lid is closed add 'machdep.lidsuspend=1' to your /etc/sysctl.conf.
# echo 'multicast_host=YES' >> /etc/rc.conf.local # echo 'ntpd_flags="-s"' >> /etc/rc.conf.local # echo 'kern.bufcachepercent=50' >> /etc/sysctl.conf # echo 'net.inet.tcp.mssdflt=1440' >> /etc/sysctl.conf
and change the values "datasize-cur" and "datasize-max" from 512 to 1024 MB (/etc/login.conf) (also taken from the BSDNow tutorial).
I found this thread on the OpenBSD mailing list and found it useful:
# sudo sysctl kern.shminfo.shmall=536870912
staff:\ :datasize-cur=infinity:\ :datasize-max=infinity:\ :datasize=infinity:\ :openfiles-cur=1024:\ :stacksize-cur=16M:\ :maxproc-max=512:\ :maxproc-cur=512:\ :ignorenologin:\ :requirehome@:\ :tc=default:
Ready to rock!