The setup of the whole disk encryption takes 3 minutes, the tutorial will guide you through the whole installation process, though.

The tutorial assumes that the hard disk of the server has been already formatted.

The disk names on the used servers are sd0,sd0a and sd1. Change those to wd0, wd0a and wd1, if needed.

cd /dev 
sh MAKEDEV sd0
fdisk -iy sd0

disklabel -E sd0

#Confirm with enter to use the whole remaining disk space


#bioctl changes or sets the disk password
bioctl -c C -l sd0a softraid0

<type in your password>


Example image

The following steps correspond to a standard install.

The X-Windows system wont be used, since we are running a headless server.

Do you expect to run the X Window System no

Since the root account is a common attack target, it is recommended to disable the password based login for the root user and use a ssh key instead.


Example image

Chosse sd1 in the next step.

Confirm the preselected choice [whole] with enter.

Use the Auto layout, confirm the preselected choice again.

Example image

After the disk layout configuration has been finished, confirm the question if you want to initialize the disk.

Which disk do you wish to initialize? [done] done

The last step is the choice of sets. The download time took 20-25 minutes, while this tutorial has been written.

Location of sets? http
HTTP proxy URL?   none
HTTP Server ?     Use the preselected choice, in the tutorials case 
Server directory? Use the preselected choice, in the tutorials case pub/OpenBSD/6.7/amd6

Example image

Confirm the location of sets question with done

Location of sets? (cd0 disk http nfs or 'done') [done] done

After the message “Relinking to create unique kernel” appears the hint, that the OpenBSD install has finished successfully. You can now reboot the server.

If everything has gone well, you’ll be greated with the following login mask, after the reboot:

Example image

Type in your disk password and the server will start in a few seconds.