OpenBSD 7.5 (amd64) via qemu on Hetzner physical machine (no phys. access / KVM console)

OpenBSD 7.5 (amd64) via qemu on Hetzner physical machine (no phys. access / KVM console) === ###### tags: `bsd` `gfuzz` `hetzner` ![](/uploads/upload_ebbb2624896e29020bbe185518541662.png) ![](/uploads/upload_aa1472acbb79872dd3c1c3f5951a95fb.png) ```"Life is really simple, but we insist on making it complicated." -- Confucius via ChatGPT``` # Exercise Setup OpenBSD 7.5 on a physical machine with Hetzner (~35 EUR per month) with RAID1 on 2 SSD drives and encrypted partition. We neither have access to OpenBSD installation images directly nor can we use an OpenBSD rescue system. Hetzner actually offers access to web based KVM interface to your server, however this has to be requested and plugged in manually by an onsite staff member. Normally they are quite fast providing it - even on a 24/7 base - but access is limited to 3h max and it takes some time to retrieve access to it. I would like to have a way which is 100% under my control at any time, not only during installation but also having an OpenBSD rescue mode. This is inspired by [From Linux to NetBSD, with SSH only](https://cloudbsd.xyz/main/) # TL;DR :smile: From Hetzner's rescue image: ``` root@rescue ~ # wget -q https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/install75.iso root@rescue ~ # qemu-system-x86_64 \ -enable-kvm # Enable KVM virtualization -cpu host # Use host CPU features to trigger possible firmware upgrades during installation -nographic # Disable graphical output -boot d # Boot from CD-ROM -cdrom install75.iso # Specify installation ISO image -drive file=/dev/sda,format=raw,id=sata0,if=virtio # First phys. hard drive -drive file=/dev/sdb,format=raw,id=sata1,if=virtio # Second phys. hard drive -m 2048 # Allocate 2048 MB of memory, affects dynamic swap calculation -smp 4 # Configure 4 virtual CPUs ``` Emulated OpenBSD installation image booting from phys. disks: ``` SeaBIOS (version 1.16.2-debian-1.16.2-1) iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+7EFCEFC0+7EF0EFC0 CA00 Booting from DVD/CD... CD-ROM: E0 Loading /7.5/AMD64/CDBOOT probing: pc0 com0 mem[639K 2046M a20=on] disk: fd0 hd0+* hd1+* cd0 >> OpenBSD/amd64 CDBOOT 3.65 boot> set tty com0 switching console to com>> OpenBSD/amd64 CDBOOT 3.65 `````` ## Hardware specs Some hardware specs upfront, collecting these before starting with the installation might save you from some trouble later. ### lsblk ```bash root@rescue ~ # lsblk NAMEMAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:00 3.1G1 loop sda 8:00 465.8G0 disk sdb 8:16 0 465.8G0 disk ``` ### Hetzner motd ``` Hardware data: CPU1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Cores 8) Memory:31891 MB Disk /dev/sda: 500 GB (=> 465 GiB) doesn't contain a valid partition table Disk /dev/sdb: 500 GB (=> 465 GiB) doesn't contain a valid partition table Total capacity 931 GiB with 2 Disks Network data: eth0LINK: yes MAC:90:1b:0e:8a:54:91 IP: 136.243.110.155 IPv6: 2a01:4f8:171:1129::2/64 Intel(R) PRO/1000 Network Driver ``` ### ip a ``` root@rescue ~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 90:1b:0e:8a:54:91 brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet 136.243.110.155/26 scope global eth0 valid_lft forever preferred_lft forever inet6 2a01:4f8:171:1129::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::921b:eff:fe8a:5491/64 scope link valid_lft forever preferred_lft forever ``` ### lspci ``` root@rescue ~ # lspci 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers (rev 07) 00:02.0 VGA compatible controller: Intel Corporation HD Graphics 530 (rev 06) 00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31) 00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31) 00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31) 00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31) 00:1f.0 ISA bridge: Intel Corporation B150 Chipset LPC/eSPI Controller (rev 31) 00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31) 00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31) 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-LM (rev 31) ``` ### netstat -rn ``` root@rescue ~ # netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Windowirtt Iface 0.0.0.0 136.243.110.129 0.0.0.0 UG0 00 eth0 136.243.110.128 136.243.110.129 255.255.255.192 UG0 00 eth0 136.243.110.129 0.0.0.0 255.255.255.255 UH0 00 eth0 ``` # Activate rescue system and boot into it Login to https://robot.hetzner.com/server and activate linux rescue system (btw. unfortunately they seem to have discontinued FreeBSD rescue system) ![](/uploads/upload_8c6986213fde13c904139ca4bf235322.png) ![](/uploads/upload_ee43bb10b7c7c7d12f550d9e61d73364.png) ![](/uploads/upload_f30f916484438112e9a4ddf290a3593b.png) # ssh into rescue system (using ssh pub key authentication) ```bash $ ssh root@srv07.gfuzz.de Warning: Permanently added 'srv07.gfuzz.de' (ED25519) to the list of known hosts. Linux rescue 6.9.7 #1 SMP Thu Jun 27 15:07:37 UTC 2024 x86_64 ------------------------------------------------------------------------------------------------------------------------- Welcome to the Hetzner Rescue System. This Rescue System is based on Debian GNU/Linux 12 (bookworm) with a custom kernel. You can install software like you would in a normal system. To install a new operating system from one of our prebuilt images, run 'installimage' and follow the instructions. Important note: Any data that was not written to the disks will be lost during a reboot. For additional information, check the following resources: Rescue System: https://docs.hetzner.com/robot/dedicated-server/troubleshooting/hetzner-rescue-system Installimage: https://docs.hetzner.com/robot/dedicated-server/operating-systems/installimage Install custom software: https://docs.hetzner.com/robot/dedicated-server/operating-systems/installing-custom-images other articles: https://docs.hetzner.com/robot ------------------------------------------------------------------------------------------------------------------------- Rescue System (via Legacy/CSM) up since 2024-08-11 19:30 +02:00 Hardware data: CPU1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Cores 8) Memory: 31891 MB Disk /dev/sda: 500 GB (=> 465 GiB) Disk /dev/sdb: 500 GB (=> 465 GiB) Total capacity 931 GiB with 2 Disks Network data: eth0 LINK: yes MAC: 90:1b:0e:8a:54:91 IP: 136.243.110.155 IPv6: 2a01:4f8:171:1129::2/64 Intel(R) PRO/1000 Network Driver root@rescue ~ # ``` # Wipe out any content on SSDs There is a chance that existing data (i.e. previous openbsd/softraid0 installations...) might interfere, so better be safe than sorry. ## sda ``` root@rescue ~ # dd if=/dev/urandom of=/dev/sda bs=1M count=1 1+0 records in 1+0 records out 1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.014283 s, 73.4 MB/s ``` ## sdb ``` root@rescue ~ # dd if=/dev/urandom of=/dev/sdb bs=1M count=1 1+0 records in 1+0 records out 1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.010774 s, 97.3 MB/s ``` # Fetch install75.iso ``` root@rescue ~ # wget https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/install75.iso ``` # Use qemu with iso and phys. disks via serial console ``` root@rescue ~ # qemu-system-x86_64 \ -enable-kvm # Enable KVM virtualization -cpu host # Use host CPU features (to trigger possible firmware upgrades during installation) -nographic # Disable graphical output -boot d # Boot from CD-ROM -cdrom install75.iso # Specify installation ISO image -drive file=/dev/sda,format=raw,id=sata0,if=virtio # First phys. hard drive -drive file=/dev/sdb,format=raw,id=sata1,if=virtio # Second phys. hard drive -m 2048 # Allocate 2048 MB of memory (affects dynamic swap calculation) -smp 4 # Configure 4 virtual CPUs ``` Keep in mind that me ## Switch output to serial console ``` SeaBIOS (version 1.16.2-debian-1.16.2-1) iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+7EFCEFC0+7EF0EFC0 CA00 Booting from DVD/CD... CD-ROM: E0 Loading /7.5/AMD64/CDBOOT probing: pc0 com0 mem[639K 2046M a20=on] disk: fd0 hd0+* hd1+* cd0 >> OpenBSD/amd64 CDBOOT 3.65 boot> set tty com0 switching console to com>> OpenBSD/amd64 CDBOOT 3.65 boot> 0 ``` ## dmesg :::spoiler Click here to see full dmesg ``` cannot open cd0a:/etc/random.seed: No such file or directory booting cd0a:/7.5/amd64/bsd.rd: 4076463+1688576+3891240+0+708608 [109+464016+317541]=0xaa40e8 entry point at 0xffffffff81001000 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2024 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 7.5 (RAMDISK_CD) #76: Wed Mar 20 15:53:54 MDT 2024 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 2130550784 (2031MB) avail mem = 2061877248 (1966MB) random: good seed from bootblocks mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5a00 (9 entries) bios0: vendor SeaBIOS version "1.16.2-debian-1.16.2-1" date 04/01/2014 bios0: QEMU Standard PC (i440FX + PIIX, 1996) acpi0 at bios0: ACPI 1.0 acpi0: tables DSDT FACP APIC HPET WAET acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 329.58 MHz, 06-5e-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,IN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 16-way L2 cache, 16MB 64b/line 16-way L3 cache cpu0: apic clock running at 999MHz cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins acpihpet0 at acpi0: 100000000 Hz acpiprt0 at acpi0: bus 0 (PCI0) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo com0: console acpicmos0 at acpi0 "ACPI0010" at acpi0 not configured acpicpu at acpi0 not configured cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 "Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 "Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 vga1: aperture needed wsdisplay at vga1 not configured em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x03: apic 0 int 11, address 52:54:00:12:34:56 virtio0 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio0 scsibus1 at vioblk0: 1 targets sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > sd0: 476940MB, 512 bytes/sector, 976773168 sectors virtio0: msix per-VQ virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk1 at virtio1 scsibus2 at vioblk1: 1 targets sd1 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > sd1: 476940MB, 512 bytes/sector, 976773168 sectors virtio1: msix per-VQ isa0 at mainbus0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0 mux 1 softraid0 at root scsibus3 at softraid0: 256 targets root on rd0a swap on rd0b dump on rd0b WARNING: CHECK AND RESET THE DATE! ``` ::: ## Welcome to the OpenBSD/amd64 7.5 installation program. Mainly taken from [OpenBSD FAQ - Disk Setup](https://www.openbsd.org/faq/faq14.html) ### Exit to shell: ``` Welcome to the OpenBSD/amd64 7.5 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s ``` ### Create device special files (see ```MAKEDEV(8)```) ``` # cd /dev # sh MAKEDEV sd0 sd1 sd2 ``` ### Write MBR to both disks ``` # fdisk -iy sd0 Writing MBR at offset 0. # fdisk -iy sd1 Writing MBR at offset 0. ``` ### Create disklabel on first disk an clone into second disk ``` # disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> a a offset: [64] size: [976773104] FS type: [4.2BSD] RAID sd0*> w sd0> q No label changes. # disklabel sd0 > layout # disklabel -R sd1 layout # rm layout ``` ### Setup RAID1 ``` # bioctl -c 1 -l sd0a,sd1a softraid0 sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 1, 006> sd2: 476939MB, 512 bytes/sector, 976772576 sectors softraid0: RAID 1 volume attached as sd2 ``` ### "Because the new device probably has a lot of garbage where you expect a master boot record and disklabel, zeroing the first chunk of it is highly recommended." ``` # dd if=/dev/zero of=/dev/rsd2c bs=1m count=1 1+0 records in 1+0 records out 1048576 bytes transferred in 0.016 secs (63963458 bytes/sec) ``` ### Check RAID1 status: ``` # bioctl sd2 Volume Status Size Device softraid0 0 Online 500107558912 sd2 RAID1 0 Online 500107558912 0:0.0 noencl <sd0a> 1 Online 500107558912 0:1.0 noencl <sd1a> ``` ### Exit into installer :-) ``` # exit ``` ### Actual installer (configure terminal, hostname, v4/v6 network, passwords) * qemu emulates Intel EM1000 (em0) which is 1:1 the same for our phys. host ``` Welcome to the OpenBSD/amd64 7.5 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? i At any prompt except password prompts you can escape to a shell by typing '!'. Default answers are shown in []'s and are selected by pressing RETURN. You can exit this program at any time by pressing Control-C, but this can leave your system in an inconsistent state. Terminal type? [vt220] System hostname? (short form, e.g. 'foo') srv07 Available network interfaces are: em0 vlan0. Network interface to configure? (name, lladdr, '?', or 'done') [em0] IPv4 address for em0? (or 'autoconf' or 'none') [autoconf] autoconf IPv6 address for em0? (or 'autoconf' or 'none') [none] autoconf Available network interfaces are: em0 vlan0. Network interface to configure? (name, lladdr, '?', or 'done') [done] Using DNS domainname my.domain Using DNS nameservers at 10.0.2.3 Password for root account? (will not echo) Password for root account? (again) Start sshd(8) by default? [yes] Do you expect to run the X Window System? [yes] no Change the default console to com0? [yes] no Setup a user? (enter a lower-case loginname, or 'no') [no] hoschi Full name for user hoschi? [hoschi] Oliver Peter Password for user hoschi? (will not echo) Password for user hoschi? (again) WARNING: root is targeted by password guessing attacks, pubkeys are safer. Allow root ssh login? (yes, no, prohibit-password) [no] prohibit-password What timezone are you in? ('?' for list) [Europe/Berlin] ``` ### Make sure to select sd2 (our RAID1 interface)! ``` Available disks are: sd0 sd1 sd2. Which disk is the root disk? ('?' for details) [sd0] sd2 No valid MBR or GPT. Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] Setting OpenBSD MBR partition to whole sd2...done. The auto-allocated layout for sd2 is: # size offset fstype [fsize bsize cpg] a: 1.0G 64 4.2BSD 2048 16384 1 # / b: 2.2G 2097216 swap c: 465.8G 0 unused d: 4.0G 6782752 4.2BSD 2048 16384 1 # /tmp e: 8.0G 15171328 4.2BSD 2048 16384 1 # /var f: 30.0G 31882400 4.2BSD 2048 16384 1 # /usr g: 1.0G 94796960 4.2BSD 2048 16384 1 # /usr/X11R6 h: 20.0G 96894112 4.2BSD 2048 16384 1 # /usr/local i: 3.0G 138837152 4.2BSD 2048 16384 1 # /usr/src j: 6.0G 145128608 4.2BSD 2048 16384 1 # /usr/obj k: 300.0G 157711552 4.2BSD 4096 32768 1 # /home Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] /dev/rsd2a: 1024.0MB in 2097152 sectors of 512 bytes 6 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2k: 307200.0MB in 629145536 sectors of 512 bytes 378 cylinder groups of 814.44MB, 26062 blocks, 52224 inodes each /dev/rsd2d: 4096.0MB in 8388576 sectors of 512 bytes 21 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2f: 30720.0MB in 62914560 sectors of 512 bytes 152 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2g: 1024.0MB in 2097152 sectors of 512 bytes 6 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2h: 20480.0MB in 41943040 sectors of 512 bytes 102 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2j: 6144.0MB in 12582912 sectors of 512 bytes 31 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2i: 3072.0MB in 6291456 sectors of 512 bytes 16 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/rsd2e: 8159.7MB in 16711072 sectors of 512 bytes 41 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each /dev/sd2a (6f75b1b9913f80c0.a) on /mnt type ffs (rw, asynchronous, local) /dev/sd2k (6f75b1b9913f80c0.k) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid) /dev/sd2d (6f75b1b9913f80c0.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid) /dev/sd2f (6f75b1b9913f80c0.f) on /mnt/usr type ffs (rw, asynchronous, local, nodev) /dev/sd2g (6f75b1b9913f80c0.g) on /mnt/usr/X11R6 type ffs (rw, asynchronous, local, nodev) /dev/sd2h (6f75b1b9913f80c0.h) on /mnt/usr/local type ffs (rw, asynchronous, local, nodev) /dev/sd2j (6f75b1b9913f80c0.j) on /mnt/usr/obj type ffs (rw, asynchronous, local, nodev, nosuid) /dev/sd2i (6f75b1b9913f80c0.i) on /mnt/usr/src type ffs (rw, asynchronous, local, nodev, nosuid) /dev/sd2e (6f75b1b9913f80c0.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid) Let's install the sets! Location of sets? (cd0 disk http nfs or 'done') [cd0] Pathname to the sets? (or 'done') [7.5/amd64] Select sets by entering a set name, a file name pattern or 'all'. De-select sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'. [X] bsd [X] base75.tgz [X] game75.tgz [X] xfont75.tgz [X] bsd.mp [X] comp75.tgz [X] xbase75.tgz [X] xserv75.tgz [X] bsd.rd [X] man75.tgz [X] xshare75.tgz Set name(s)? (or 'abort' or 'done') [done] Directory does not contain SHA256.sig. Continue without verification? [no] yes Installing bsd 100% |**************************| 25844 KB 00:03 Installing bsd.mp 100% |**************************| 25917 KB 00:03 Installing bsd.rd 100% |**************************| 4575 KB 00:00 Installing base75.tgz 100% |**************************| 408 MB 01:11 Extracting etc.tgz 100% |**************************| 267 KB 00:00 Installing comp75.tgz 100% |**************************| 80681 KB 00:16 Installing man75.tgz 100% |**************************| 7870 KB 00:01 Installing game75.tgz 100% |**************************| 2733 KB 00:00 Installing xbase75.tgz 100% |**************************| 58938 KB 00:12 Extracting xetc.tgz 100% |**************************| 7300 00:00 Installing xshare75.tgz 100% |**************************| 4578 KB 00:01 Installing xfont75.tgz 100% |**************************| 22968 KB 00:03 Installing xserv75.tgz 100% |**************************| 15472 KB 00:02 Location of sets? (cd0 disk http nfs or 'done') [done] Saving configuration files... done. Making all device nodes... done. Multiprocessor machine; using bsd.mp instead of bsd. fw_update: add intel; update none Relinking to create unique kernel... done. CONGRATULATIONS! Your OpenBSD install has been successfully completed! When you login to your new system the first time, please read your mail using the 'mail' command. Exit to (S)hell, (H)alt or (R)eboot? [reboot] h syncing disks... done The operating system has halted. Please press any key to reboot. ``` ## Exit qemu with CTRL-a x and reboot phys. machine ``` QEMU: Terminated root@rescue ~ # reboot ``` ## After ~1min login via SSH should be possible ``` $ ssh hoschi@srv07.gfuzz.de hoschi@srv07.gfuzz.de's password: OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. srv07$ ``` ## Become root and use syspatch to update OS ``` srv07$ su - Password: srv07# syspatch Get/Verify syspatch75-001_xserver... 100% |*********************************************************************************************************************************************************************************************************************************************************| 4308 KB 00:00 Installing patch 001_xserver Get/Verify syspatch75-003_libcryp... 100% |*********************************************************************************************************************************************************************************************************************************************************| 12910 KB 00:00 Installing patch 003_libcrypto Get/Verify syspatch75-004_bgpd.tgz 100% |***********************************************************************************************************************************************************************************************************************************************************| 221 KB 00:00 Installing patch 004_bgpd Get/Verify syspatch75-005_sndiod.tgz 100% |*********************************************************************************************************************************************************************************************************************************************************| 59601 00:00 Installing patch 005_sndiod Errata can be reviewed under /var/syspatch srv07# ``` # Full dmesg after reboot/update :::spoiler Click here to see final dmesg of phys. host ``` OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34106925056 (32526MB) avail mem = 33051824128 (31520MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xcbe08000 (78 entries) bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.11 R1.29.0 for D3401-H1x" date 01/27/2020 bios0: FUJITSU D3401-H1 acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT UEFI SSDT DMAR ASF! acpi0: wakeup devices PEG0(S4) PEGP(S4) PS2K(S3) PS2M(S3) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) RP12(S4) PXSX(S4) RP13(S4) PXSX(S4) RP01(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.41 MHz, 06-5e-03, patch 000000f0 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.41 MHz, 06-5e-03, patch 000000f0 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.41 MHz, 06-5e-03, patch 000000f0 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0 cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu4: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu4: smt 1, core 0, package 0 cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0 cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu5: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu5: smt 1, core 1, package 0 cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0 cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu6: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu6: smt 1, core 2, package 0 cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0 cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu7: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache cpu7: smt 1, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf8000000, bus 0-63 acpihpet0 at acpi0: 23999999 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (RP09) acpiprt3 at acpi0: bus -1 (RP10) acpiprt4 at acpi0: bus -1 (RP11) acpiprt5 at acpi0: bus -1 (RP12) acpiprt6 at acpi0: bus -1 (RP13) acpiprt7 at acpi0: bus -1 (RP01) acpiprt8 at acpi0: bus -1 (RP02) acpiprt9 at acpi0: bus -1 (RP03) acpiprt10 at acpi0: bus -1 (RP04) acpiprt11 at acpi0: bus -1 (RP05) acpiprt12 at acpi0: bus -1 (RP06) acpiprt13 at acpi0: bus -1 (RP07) acpiprt14 at acpi0: bus -1 (RP08) acpiprt15 at acpi0: bus -1 (RP17) acpiprt16 at acpi0: bus -1 (RP18) acpiprt17 at acpi0: bus -1 (RP19) acpiprt18 at acpi0: bus -1 (RP20) acpiprt19 at acpi0: bus -1 (RP14) acpiprt20 at acpi0: bus -1 (RP15) acpiprt21 at acpi0: bus -1 (RP16) acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001 acpicmos0 at acpi0 "INT33A1" at acpi0 not configured acpibtn0 at acpi0: PWRB "PNP0C14" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpicpu0 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu4 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu5 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu6 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu7 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: WRST acpipwrres2 at acpi0: WRST acpipwrres3 at acpi0: WRST acpipwrres4 at acpi0: WRST acpipwrres5 at acpi0: WRST acpipwrres6 at acpi0: WRST acpipwrres7 at acpi0: WRST acpipwrres8 at acpi0: WRST acpipwrres9 at acpi0: WRST acpipwrres10 at acpi0: WRST acpipwrres11 at acpi0: WRST acpipwrres12 at acpi0: WRST acpipwrres13 at acpi0: WRST acpipwrres14 at acpi0: WRST acpipwrres15 at acpi0: WRST acpipwrres16 at acpi0: WRST acpipwrres17 at acpi0: WRST acpipwrres18 at acpi0: WRST acpipwrres19 at acpi0: WRST acpipwrres20 at acpi0: WRST acpipwrres21 at acpi0: FN00, resource for FAN0 acpipwrres22 at acpi0: FN01, resource for FAN1 acpipwrres23 at acpi0: FN02, resource for FAN2 acpipwrres24 at acpi0: FN03, resource for FAN3 acpipwrres25 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0### AML PARSE ERROR (0x842): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV error evaluating: \\_TZ_.TZ00._TMP ### AML PARSE ERROR (0x842): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV error evaluating: \\_TZ_.TZ00._TMP acpitz1 at acpi0### AML PARSE ERROR (0x9f3): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV error evaluating: \\_TZ_.TZ01._TMP ### AML PARSE ERROR (0x9f3): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV error evaluating: \\_TZ_.TZ01._TMP acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD1F cpu0: using VERW MDS workaround (except on vmm entry) cpu0: Enhanced SpeedStep 3691 MHz: speeds: 3401, 3400, 3200, 3000, 2800, 2700, 2500, 2300, 2100, 1900, 1700, 1500, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 6G Host" rev 0x07 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 530" rev 0x06 drm0 at inteldrm0 inteldrm0: msi, SKYLAKE, gen 9 xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x31: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 pchtemp0 at pci0 dev 20 function 2 "Intel 100 Series Thermal" rev 0x31 "Intel 100 Series MEI" rev 0x31 at pci0 dev 22 function 0 not configured ahci0 at pci0 dev 23 function 0 "Intel 100 Series AHCI" rev 0x31: msi, AHCI 1.3.1 ahci0: port 1: 6.0Gb/s ahci0: port 2: 6.0Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 1 lun 0: <ATA, Crucial_CT500MX2, MU05> naa.500a075110d8eac0 sd0: 476940MB, 512 bytes/sector, 976773168 sectors, thin sd1 at scsibus1 targ 2 lun 0: <ATA, Crucial_CT500MX2, MU05> naa.500a075110d8e5f1 sd1: 476940MB, 512 bytes/sector, 976773168 sectors, thin pcib0 at pci0 dev 31 function 0 "Intel B150 LPC" rev 0x31 "Intel 100 Series PMC" rev 0x31 at pci0 dev 31 function 2 not configured ichiic0 at pci0 dev 31 function 4 "Intel 100 Series SMBus" rev 0x31: apic 2 int 16 iic0 at ichiic0 em0 at pci0 dev 31 function 6 "Intel I219-LM" rev 0x31: msi, address 90:1b:0e:8a:54:91 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: NCT6792D rev 0x11 lm1 at wbsio0 port 0xa10/8: NCT6792D vmm0 at mainbus0: VMX/EPT uhidev0 at uhub0 port 8 configuration 1 interface 0 "Raritan KX4-101" rev 2.00/1.00 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd1 at ukbd0 mux 1 uhidev1 at uhub0 port 8 configuration 1 interface 1 "Raritan KX4-101" rev 2.00/1.00 addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 uhidev2 at uhub0 port 8 configuration 1 interface 2 "Raritan KX4-101" rev 2.00/1.00 addr 2 uhidev2: iclass 3/0 ums1 at uhidev2: 3 buttons, Z dir wsmouse1 at ums1 mux 0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 1, 006> sd2: 476939MB, 512 bytes/sector, 976772576 sectors root on sd2a (6f75b1b9913f80c0.a) swap on sd2b dump on sd2b inteldrm0: 1920x1080, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) sd3 at scsibus3 targ 2 lun 0: <OPENBSD, SR CRYPTO, 006> sd3: 399931MB, 512 bytes/sector, 819060528 sectors wskbd1: disconnecting from wsdisplay0 wskbd1 detached ukbd0 detached uhidev0 detached wsmouse0 detached ums0 detached uhidev1 detached wsmouse1 detached ums1 detached uhidev2 detached uhub0: device problem, disabling port 8 uhidev0 at uhub0 port 8 configuration 1 interface 0 "Raritan KX4-101" rev 2.00/1.00 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub0 port 8 configuration 1 interface 1 "Raritan KX4-101" rev 2.00/1.00 addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 3 buttons, Z dir wsmouse0 at ums0 mux 0 uhidev2 at uhub0 port 8 configuration 1 interface 2 "Raritan KX4-101" rev 2.00/1.00 addr 2 uhidev2: iclass 3/0 ums1 at uhidev2: 3 buttons, Z dir wsmouse1 at ums1 mux 0 ``` ::: # Encrypted partition + /home Configure root pubkey authentication, make sure no user process (something that needs /home) is currently running and login as root via ssh: ``` ssh root@srv07.gfuzz.de Last login: Sun Aug 11 19:40:39 2024 from 144.76.31.135 OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. srv07# ``` ## unmount home and change /home partition type to RAID ``` srv07# umount /home srv07# disklabel -E sd2 Label editor (enter '?' for help at any prompt) sd2> p OpenBSD area: 64-976772576; size: 976772512; free: 189915536 # size offset fstype [fsize bsize cpg] a: 2097152 64 4.2BSD 2048 16384 12960 # / b: 4685520 2097216 swap # none c: 976772576 0 unused d: 8388576 6782752 4.2BSD 2048 16384 12960 # /tmp e: 16711072 15171328 4.2BSD 2048 16384 12960 # /var f: 62914560 31882400 4.2BSD 2048 16384 12960 # /usr g: 2097152 94796960 4.2BSD 2048 16384 12960 # /usr/X11R6 h: 41943040 96894112 4.2BSD 2048 16384 12960 # /usr/local i: 6291456 138837152 4.2BSD 2048 16384 12960 # /usr/src j: 12582912 145128608 4.2BSD 2048 16384 12960 # /usr/obj k: 629145536 157711552 4.2BSD 4096 32768 26062 # /home sd2> d k sd2*> a k offset: [157711520] size: [819061056] FS type: [4.2BSD] RAID sd2*> p OpenBSD area: 64-976772576; size: 976772512; free: 16 # size offset fstype [fsize bsize cpg] a: 2097152 64 4.2BSD 2048 16384 12960 # / b: 4685520 2097216 swap # none c: 976772576 0 unused d: 8388576 6782752 4.2BSD 2048 16384 12960 # /tmp e: 16711072 15171328 4.2BSD 2048 16384 12960 # /var f: 62914560 31882400 4.2BSD 2048 16384 12960 # /usr g: 2097152 94796960 4.2BSD 2048 16384 12960 # /usr/X11R6 h: 41943040 96894112 4.2BSD 2048 16384 12960 # /usr/local i: 6291456 138837152 4.2BSD 2048 16384 12960 # /usr/src j: 12582912 145128608 4.2BSD 2048 16384 12960 # /usr/obj k: 819061056 157711520 RAID sd2*> w sd2> q No label changes. ``` ## Clear out previous home partition ``` srv07# dd if=/dev/zero of=/dev/rsd2k bs=1m count=1 ``` ## Setup encrypted partition ``` srv07# bioctl -c C -l sd2k softraid0 New passphrase: Re-type passphrase: softraid0: CRYPTO volume attached as sd3 ``` ## Configure new partition: ``` srv07# disklabel -E sd3 Label editor (enter '?' for help at any prompt) sd3> a a offset: [0] size: [819060528] FS type: [4.2BSD] sd3*> sd3*> w sd3> q No label changes. ``` ## Create /crypt and get rid of current /home from /etc/fstab ``` srv07# mkdir /crypt srv07# cat /etc/fstab 6f75b1b9913f80c0.b none swap sw 6f75b1b9913f80c0.a / ffs rw 1 1 6f75b1b9913f80c0.k /home ffs rw,nodev,nosuid 1 2 6f75b1b9913f80c0.d /tmp ffs rw,nodev,nosuid 1 2 6f75b1b9913f80c0.f /usr ffs rw,nodev 1 2 6f75b1b9913f80c0.g /usr/X11R6 ffs rw,nodev 1 2 6f75b1b9913f80c0.h /usr/local ffs rw,wxallowed,nodev 1 2 6f75b1b9913f80c0.j /usr/obj ffs rw,nodev,nosuid 1 2 6f75b1b9913f80c0.i /usr/src ffs rw,nodev,nosuid 1 2 6f75b1b9913f80c0.e /var ffs rw,nodev,nosuid 1 2 ``` ## Use vi to replace entry for /home with /crypt ``` srv07# vi /etc/fstab ... /dev/sd3a /crypt ffs rw,nodev,nosuid,noauto 0 0 ``` ## Create FFS2 filesystem ``` srv07# newfs /dev/rsd3c /dev/rsd3c: 399931.9MB in 819060528 sectors of 512 bytes 1975 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each super-block backups (for fsck -b #) at: 160, 414880, 829600, 1244320, 1659040, 2073760, 2488480, 2903200, 3317920, 3732640, 4147360, 4562080, 4976800, 5391520, 5806240, 6220960, 6635680, 7050400, 7465120, 7879840, 8294560, 8709280, 9124000, 9538720, 9953440, 10368160, 10782880, 11197600, 11612320, 12027040, 12441760, 12856480, 13271200, 13685920, 14100640, 14515360, 14930080, 15344800, 15759520, 16174240, 16588960, 17003680, 17418400, 17833120, 18247840, 18662560, 19077280, 19492000, 19906720, 20321440, 20736160, 21150880, 21565600, 21980320, 22395040, 22809760, 23224480, 23639200, 24053920, 24468640, 24883360, 25298080, 25712800, 26127520, 26542240, [...] ``` ## Mount /crypt and check ``` srv07# mount /crypt srv07# df -h Filesystem Size Used Avail Capacity Mounted on /dev/sd2a 986M 131M 806M 14% / /dev/sd2d 3.9G 10.0K 3.7G 1% /tmp /dev/sd2f 29.1G 1.4G 26.2G 6% /usr /dev/sd2g 986M 303M 634M 33% /usr/X11R6 /dev/sd2h 19.4G 146K 18.4G 1% /usr/local /dev/sd2j 5.8G 2.0K 5.5G 1% /usr/obj /dev/sd2i 2.9G 2.0K 2.8G 1% /usr/src /dev/sd2e 7.7G 25.4M 7.3G 1% /var /dev/sd3a 378G 2.0K 359G 1% /crypt ``` ## Setup /home -> /crypt/home ``` srv07# mv /home crypt srv07# ln -s /crypt/home /home srv07# cd /home srv07# mkdir hoschi srv07# chown hoschi:hoschi hoschi ``` ## And we are done! :-) After some ansible magic in the background: ![](/uploads/upload_d4c8d59353fd38ef734d5c74d9a2e8c2.png) # "Rescue mode" for OpenBSD Like above: 1. enable Hetzner Linux Rescue mode and 2. trigger a reset of the machine 3. login as root via ssh ## boot from cd ``` $ wget https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/cd75.iso $ qemu-system-x86_64 \ -nographic # Disable graphical output -boot d # Boot from CD-ROM -cdrom cd75.iso # Specify installation ISO image -drive file=/dev/sda,format=raw # First phys. hard drive -drive file=/dev/sdb,format=raw # Second phys hard drive -m 2048 # Allocate 2048 MB of memory -smp 4 # Configure 4 virtual CPUs ``` ## boot from local disks ``` $ qemu-system-x86_64 \ -enable-kvm # Enable KVM virtualization -cpu host # Use host CPU features -nographic # Disable graphical output -drive file=/dev/sda,format=raw,id=sata0,if=virtio # First phys. hard drive -drive file=/dev/sdb,format=raw,id=sata1,if=virtio # Second phys. hard drive -m 2048 # Allocate 2048 MB of memory -smp 4 # Configure 4 virtual CPUs ```