Re: Upgrade to 5.9 full disk encryption
Ted Roby wrote: > Do any of you find that when dealing with sd1 and greater in bsd.rd > you must explicitly create these devices? That step was not needed with the upgrade procedure I described in that "drunken mathematician" e-mail. I have a working laptop to show for. Best, Predrag
Re: Upgrade to 5.9 full disk encryption
On 2016-04-18, Erling Westenvikwrote: > On Mon, Apr 18, 2016 at 12:36:34PM -0700, Ted Roby wrote: >> Do any of you find that when dealing with sd1 and greater in bsd.rd you >> must explicitly create these devices? > > Yes. This behaviour is mentioned in FAQ 14 (14.10.1 - Installing to a > mirror) which states: > > "The install kernel only has the /dev entries for one wd(4) device and > one sd(4) device on boot, so you will need to manually create more disk > devices if your desired softraid setup requires them. This process is > normally done automatically by the installer, but you haven't yet run > the installer, and you will be adding a disk that didn't exist at boot." > > Have a look at: > > http://www.openbsd.org/faq/faq14.html#softraidDI Yes, but the faq doesn't talk about the need for this for upgrades (only install), nor in the section about FDE. And it's not obvious that you have to 'create' the device again for upgrades, nor that this is not destructive.
Re: Upgrade to 5.9 full disk encryption
On Mon, Apr 18, 2016 at 12:36:34PM -0700, Ted Roby wrote: > Do any of you find that when dealing with sd1 and greater in bsd.rd you > must explicitly create these devices? Yes. This behaviour is mentioned in FAQ 14 (14.10.1 - Installing to a mirror) which states: "The install kernel only has the /dev entries for one wd(4) device and one sd(4) device on boot, so you will need to manually create more disk devices if your desired softraid setup requires them. This process is normally done automatically by the installer, but you haven't yet run the installer, and you will be adding a disk that didn't exist at boot." Have a look at: http://www.openbsd.org/faq/faq14.html#softraidDI Regards, Erling > I've been following this habit for years, and did not see anyone offer the > advice in this thread. > > Basically: > > cd /dev > sh MAKEDEV sd1 > > > > On Sun, Apr 17, 2016 at 2:04 PM, Sean Howardwrote: > > > J o l > > > > Sent from my Phone. > > Original Message > > From: Predrag Punosevap > > > > Sent: Sunday, April 17, 2016 09:11 > > To: erling.westen...@gmail.com > > Cc: misc@openbsd.org > > Subject: Re: Upgrade to 5.m. J9 full disk encryption > > > > Erling Westenvik wrote: > > Tn. I > > > On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote: > > > > Bryan Everly wrote: > > > > > > > > > > Boot the installer. Exit to the shell. Then do: > > > > > > > > > > bioctl -c C -l /dev/sd0a softraid0 > > > > > > > > > > > > > Unless I did something really stupid I would swear that I upgraded > > fully > > > > encrypted laptop running 5.8 to 5.9 easier. > > > > > > > > I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the laptop. > > > > When prompted for boot password and entered it. Then I booted from > > > > bsd.rd and chose the upgrade option. When upgrade manager asked me what > > > > is the installation disk I pointed it to the crypto disk. In my case > > > > physical device is > > > > > > > > /dev/sd0 > > > > > > > > and crypto device is /dev/sd1 > > > > > > > > No softraid passwords were needed. > > > > > > Actually it was but you referred to it as "boot password" above, > > > something which may sound confusing to new users. The correct term would > > > be "passphrase". There is no such thing as a "boot password" unless one > > > refers to the machine's BIOS password. > > > > > > After downloading a ramdisk (bsd.rd) kernel and after rebooting, I prefer > > > to exit to the boot(8) prompt when it asks for the passphrase: > > > > > > Using drive 0, partition 3. > > > Loading. > > > probing: pc0 apm pci mem[639K 254M a20=on] > > > disk: hd0+ sr0* > > > >> OpenBSD/i386 BOOT 3.21 > > > Passphrase: > > > ^^ > > > Then I enter: > > > > > > boot> boot sr0a:/bsd.rd > > > ^ > > > And the passphrase: > > > > > > Passphrase: > > > > > > I easily get distracted and this way I make sure that the system doesn't > > > start with the old system (bsd) kernel in case I miss the five second > > > delay offered by boot(8). Having to wait for a system to finish booting > > > just so you can log in and reboot again, can be an annoying waste of > > > time.. :-) > > > > > > Regards, > > > > > > Erling > > > > Hi Erling, > > > > Thanks for posting. I was very tired when I sent the original message > > and reading it over this morning I sounded like a drunken mathematician. > > Of course one has to enter the passphrase. The only step I avoided > > comparing to the original post was dropping into the shell before > > starting the upgrade process. For the people who might be reading these > > posts I was explicitly to state that I don't use a password to protect > > my BIOS. > > > > Predrag > > > > > > > > > > > After upgrade was finished I booted > > > > into 5.9 and did usual sysmerge, cleaning files and upgrading packages. > > > > > > > > Best, > > > > Predrag > > > > [demime 1.01d removed an attachment of type image/png] > > > > [demime 1.01d removed an attachment of type application/octet-stream] > > > > [demime 1.01d removed an attachment of type application/octet-stream]
Re: Upgrade to 5.9 full disk encryption
Do any of you find that when dealing with sd1 and greater in bsd.rd you must explicitly create these devices? I've been following this habit for years, and did not see anyone offer the advice in this thread. Basically: cd /dev sh MAKEDEV sd1 On Sun, Apr 17, 2016 at 2:04 PM, Sean Howardwrote: > J o âl > > Sent from my Phone. > Original Message > From: Predrag Punosevap > â > Sent: Sunday, April 17, 2016 09:11 > To: erling.westen...@gmail.com > Cc: misc@openbsd.org > Subject: Re: Upgrade to 5.m. J9 full disk encryption > > Erling Westenvik wrote: > Tn. Iâ > > On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote: > > > Bryan Everly wrote: > > > > > > > > Boot the installer. Exit to the shell. Then do: > > > > > > > > bioctl -c C -l /dev/sd0a softraid0 > > > > > > > > > > Unless I did something really stupid I would swear that I upgraded > fully > > > encrypted laptop running 5.8 to 5.9 easier. > > > > > > I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the laptop. > > > When prompted for boot password and entered it. Then I booted from > > > bsd.rd and chose the upgrade option. When upgrade manager asked me what > > > is the installation disk I pointed it to the crypto disk. In my case > > > physical device is > > > > > > /dev/sd0 > > > > > > and crypto device is /dev/sd1 > > > > > > No softraid passwords were needed. > > > > Actually it was but you referred to it as "boot password" above, > > something which may sound confusing to new users. The correct term would > > be "passphrase". There is no such thing as a "boot password" unless one > > refers to the machine's BIOS password. > > > > After downloading a ramdisk (bsd.rd) kernel and after rebooting, I prefer > > to exit to the boot(8) prompt when it asks for the passphrase: > > > > Using drive 0, partition 3. > > Loading. > > probing: pc0 apm pci mem[639K 254M a20=on] > > disk: hd0+ sr0* > > >> OpenBSD/i386 BOOT 3.21 > > Passphrase: > > ^^ > > Then I enter: > > > > boot> boot sr0a:/bsd.rd > > ^ > > And the passphrase: > > > > Passphrase: > > > > I easily get distracted and this way I make sure that the system doesn't > > start with the old system (bsd) kernel in case I miss the five second > > delay offered by boot(8). Having to wait for a system to finish booting > > just so you can log in and reboot again, can be an annoying waste of > > time.. :-) > > > > Regards, > > > > Erling > > Hi Erling, > > Thanks for posting. I was very tired when I sent the original message > and reading it over this morning I sounded like a drunken mathematician. > Of course one has to enter the passphrase. The only step I avoided > comparing to the original post was dropping into the shell before > starting the upgrade process. For the people who might be reading these > posts I was explicitly to state that I don't use a password to protect > my BIOS. > > Predrag > > > > > > > After upgrade was finished I booted > > > into 5.9 and did usual sysmerge, cleaning files and upgrading packages. > > > > > > Best, > > > Predrag > > [demime 1.01d removed an attachment of type image/png] > > [demime 1.01d removed an attachment of type application/octet-stream] > > [demime 1.01d removed an attachment of type application/octet-stream]
Re: Upgrade to 5.9 full disk encryption
 J o âl Sent from my Phone.  Original Message  From: Predrag Punosevap â Sent: Sunday, April 17, 2016 09:11 To: erling.westen...@gmail.com Cc: misc@openbsd.org Subject: Re: Upgrade to 5.m. J9 full disk encryption Erling Westenvikwrote: Tn. Iâ > On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote: > > Bryan Everly wrote: > > > > > > Boot the installer. Exit to the shell. Then do: > > > > > > bioctl -c C -l /dev/sd0a softraid0 > > > > > > > Unless I did something really stupid I would swear that I upgraded fully > > encrypted laptop running 5.8 to 5.9 easier. > > > > I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the laptop. > > When prompted for boot password and entered it. Then I booted from > > bsd.rd and chose the upgrade option. When upgrade manager asked me what > > is the installation disk I pointed it to the crypto disk. In my case > > physical device is > > > > /dev/sd0 > > > > and crypto device is /dev/sd1 > > > > No softraid passwords were needed. > > Actually it was but you referred to it as "boot password" above, > something which may sound confusing to new users. The correct term would > be "passphrase". There is no such thing as a "boot password" unless one > refers to the machine's BIOS password. > > After downloading a ramdisk (bsd.rd) kernel and after rebooting, I prefer > to exit to the boot(8) prompt when it asks for the passphrase: > > Using drive 0, partition 3. > Loading. > probing: pc0 apm pci mem[639K 254M a20=on] > disk: hd0+ sr0* > >> OpenBSD/i386 BOOT 3.21 > Passphrase: > ^^ > Then I enter: > > boot> boot sr0a:/bsd.rd > ^ > And the passphrase: > > Passphrase: > > I easily get distracted and this way I make sure that the system doesn't > start with the old system (bsd) kernel in case I miss the five second > delay offered by boot(8). Having to wait for a system to finish booting > just so you can log in and reboot again, can be an annoying waste of > time.. :-) > > Regards, > > Erling Hi Erling, Thanks for posting. I was very tired when I sent the original message and reading it over this morning I sounded like a drunken mathematician. Of course one has to enter the passphrase. The only step I avoided comparing to the original post was dropping into the shell before starting the upgrade process. For the people who might be reading these posts I was explicitly to state that I don't use a password to protect my BIOS. Predrag > > > After upgrade was finished I booted > > into 5.9 and did usual sysmerge, cleaning files and upgrading packages. > > > > Best, > > Predrag [demime 1.01d removed an attachment of type image/png] [demime 1.01d removed an attachment of type application/octet-stream] [demime 1.01d removed an attachment of type application/octet-stream]
Re: Upgrade to 5.9 full disk encryption
Erling Westenvikwrote: > On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote: > > Bryan Everly wrote: > > > > > > Boot the installer. Exit to the shell. Then do: > > > > > > bioctl -c C -l /dev/sd0a softraid0 > > > > > > > Unless I did something really stupid I would swear that I upgraded fully > > encrypted laptop running 5.8 to 5.9 easier. > > > > I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the laptop. > > When prompted for boot password and entered it. Then I booted from > > bsd.rd and chose the upgrade option. When upgrade manager asked me what > > is the installation disk I pointed it to the crypto disk. In my case > > physical device is > > > > /dev/sd0 > > > > and crypto device is /dev/sd1 > > > > No softraid passwords were needed. > > Actually it was but you referred to it as "boot password" above, > something which may sound confusing to new users. The correct term would > be "passphrase". There is no such thing as a "boot password" unless one > refers to the machine's BIOS password. > > After downloading a ramdisk (bsd.rd) kernel and after rebooting, I prefer > to exit to the boot(8) prompt when it asks for the passphrase: > > Using drive 0, partition 3. > Loading. > probing: pc0 apm pci mem[639K 254M a20=on] > disk: hd0+ sr0* > >> OpenBSD/i386 BOOT 3.21 > Passphrase: > ^^ > Then I enter: > > boot> boot sr0a:/bsd.rd > ^ > And the passphrase: > > Passphrase: > > I easily get distracted and this way I make sure that the system doesn't > start with the old system (bsd) kernel in case I miss the five second > delay offered by boot(8). Having to wait for a system to finish booting > just so you can log in and reboot again, can be an annoying waste of > time.. :-) > > Regards, > > Erling Hi Erling, Thanks for posting. I was very tired when I sent the original message and reading it over this morning I sounded like a drunken mathematician. Of course one has to enter the passphrase. The only step I avoided comparing to the original post was dropping into the shell before starting the upgrade process. For the people who might be reading these posts I was explicitly to state that I don't use a password to protect my BIOS. Predrag > > >After upgrade was finished I booted > > into 5.9 and did usual sysmerge, cleaning files and upgrading packages. > > > > Best, > > Predrag
Re: Upgrade to 5.9 full disk encryption
On Sat, Apr 16, 2016 at 11:02:36PM -0400, Predrag Punosevac wrote: > Bryan Everly wrote: > > > > Boot the installer. Exit to the shell. Then do: > > > > bioctl -c C -l /dev/sd0a softraid0 > > > > Unless I did something really stupid I would swear that I upgraded fully > encrypted laptop running 5.8 to 5.9 easier. > > I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the laptop. > When prompted for boot password and entered it. Then I booted from > bsd.rd and chose the upgrade option. When upgrade manager asked me what > is the installation disk I pointed it to the crypto disk. In my case > physical device is > > /dev/sd0 > > and crypto device is /dev/sd1 > > No softraid passwords were needed. Actually it was but you referred to it as "boot password" above, something which may sound confusing to new users. The correct term would be "passphrase". There is no such thing as a "boot password" unless one refers to the machine's BIOS password. After downloading a ramdisk (bsd.rd) kernel and after rebooting, I prefer to exit to the boot(8) prompt when it asks for the passphrase: Using drive 0, partition 3. Loading. probing: pc0 apm pci mem[639K 254M a20=on] disk: hd0+ sr0* >> OpenBSD/i386 BOOT 3.21 Passphrase:^^ Then I enter: boot> boot sr0a:/bsd.rd ^ And the passphrase: Passphrase: I easily get distracted and this way I make sure that the system doesn't start with the old system (bsd) kernel in case I miss the five second delay offered by boot(8). Having to wait for a system to finish booting just so you can log in and reboot again, can be an annoying waste of time.. :-) Regards, Erling >After upgrade was finished I booted > into 5.9 and did usual sysmerge, cleaning files and upgrading packages. > > Best, > Predrag
Re: Upgrade to 5.9 full disk encryption
Bryan Everly wrote: > > Boot the installer. Exit to the shell. Then do: > > bioctl -c C -l /dev/sd0a softraid0 > Unless I did something really stupid I would swear that I upgraded fully encrypted laptop running 5.8 to 5.9 easier. I downloaded bsd.rd for 5.9 and put into /. Then I rebooted the laptop. When prompted for boot password and entered it. Then I booted from bsd.rd and chose the upgrade option. When upgrade manager asked me what is the installation disk I pointed it to the crypto disk. In my case physical device is /dev/sd0 and crypto device is /dev/sd1 No softraid passwords were needed. After upgrade was finished I booted into 5.9 and did usual sysmerge, cleaning files and upgrading packages. Best, Predrag
Re: Upgrade to 5.9 full disk encryption
Niels wrote: As Bryan stated, bioctl will prompt for the (existing) passphrase and then bring up the (existing) crypto volume. I took the manual to mean that, but asked to confirm. Bryan's answer was correct, we're all upgraded to 5.9, thanks all. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Upgrade to 5.9 full disk encryption
As Bryan stated, bioctl will prompt for the (existing) passphrase and then bring up the (existing) crypto volume. Once mounted, it will be a standard upgrade installation. To clarify, bioctl should in this case NOT overwrite the existing encrypted data. As a beginner, I found bioctl’s -c and -d options (and its terminology of “create” and “delete”) a bit confusing and, yes, “a little scary” in this regard. FAQ 14.10.3 might be helpful to understand, as it puts it rather explicitly: > note that the initial creation of the container and attaching the container are done with the same bioctl(8) command > The man page for this looks a little scary, as the -d command is described as "deleting" the volume. In the case of crypto, however, it just deactivates encrypted volume so it can't be accessed until it is activated again with the passphrase. http://www.openbsd.org/faq/faq14.html#softraidCrypto > On 16 Apr 2016, at 00:36, Tim Hoddywrote: > > On 15 April 2016 23:04:45 BST, Bryan Everly wrote: >> Boot the installer. Exit to the shell. Then do: >> >> bioctl -c C -l /dev/sd0a softraid0 >> >> (Substitute for your actual device that is the softraid container). >> You will be promoted for your password. >> >> Watch for the console message telling you what it mounted as. Then >> type exit to return to the installer and upgrade that disk. >> >> Thanks, >> Bryan >> >>> On Apr 15, 2016, at 5:56 PM, Jack J. Woehr wrote: >>> >>> How does one upgrade a full-disk encrypted OpenBSD boot disk? > > > The original question is not clear. > > Your instruction will involve an overwrite of a previous install and is, therefore, not a "upgrade".
Re: Upgrade to 5.9 full disk encryption
Happy to help! :) Thanks, Bryan > On Apr 15, 2016, at 6:35 PM, Jack J. Woehrwrote: > > Bryan Everly wrote: >> Boot the installer. Exit to the shell. Then do: >> >> bioctl -c C -l /dev/sd0a softraid0 >> >> (Substitute for your actual device that is the softraid container). >> You will be promoted for your password. >> >> Watch for the console message telling you what it mounted as. Then >> type exit to return to the installer and upgrade that disk. > > Works for me. Thanks, Bryan. > > -- > Jack J. Woehr # Science is more than a body of knowledge. It's a way of > www.well.com/~jax # thinking, a way of skeptically interrogating the universe > www.softwoehr.com # with a fine understanding of human fallibility. - Carl > Sagan
Re: Upgrade to 5.9 full disk encryption
On 15 April 2016 23:04:45 BST, Bryan Everlywrote: >Boot the installer. Exit to the shell. Then do: > >bioctl -c C -l /dev/sd0a softraid0 > >(Substitute for your actual device that is the softraid container). >You will be promoted for your password. > >Watch for the console message telling you what it mounted as. Then >type exit to return to the installer and upgrade that disk. > >Thanks, >Bryan > >> On Apr 15, 2016, at 5:56 PM, Jack J. Woehr wrote: >> >> How does one upgrade a full-disk encrypted OpenBSD boot disk? The original question is not clear. Your instruction will involve an overwrite of a previous install and is, therefore, not a "upgrade".
Re: Upgrade to 5.9 full disk encryption
Bryan Everly wrote: Boot the installer. Exit to the shell. Then do: bioctl -c C -l /dev/sd0a softraid0 (Substitute for your actual device that is the softraid container). You will be promoted for your password. Watch for the console message telling you what it mounted as. Then type exit to return to the installer and upgrade that disk. Works for me. Thanks, Bryan. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Upgrade to 5.9 full disk encryption
Boot the installer. Exit to the shell. Then do: bioctl -c C -l /dev/sd0a softraid0 (Substitute for your actual device that is the softraid container). You will be promoted for your password. Watch for the console message telling you what it mounted as. Then type exit to return to the installer and upgrade that disk. Thanks, Bryan > On Apr 15, 2016, at 5:56 PM, Jack J. Woehrwrote: > > How does one upgrade a full-disk encrypted OpenBSD boot disk? > > -- > Jack J. Woehr # Science is more than a body of knowledge. It's a way of > www.well.com/~jax # thinking, a way of skeptically interrogating the universe > www.softwoehr.com # with a fine understanding of human fallibility. - Carl > Sagan