-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wrsEARYKAG0Fgmd73AMJkFDGduyCLqTQRRQAAAAAABwAIHNhbHRAbm90YXRp
b25zLm9wZW5wZ3Bqcy5vcmftFZHgcxzbQL8QxB+Xw7QTwUHmGX5xofXmDkxW
k3LDNRYhBJwvNjdcM20oSuhK91DGduyCLqTQAAA5LwD+JvsNHdcOC7mpwsV2
2VmY3zaV2bDy2q+xMaefLxk1hOQBAKMJ2WAshHU+60L6vSH6h79kEXLg5cBx
7QnQAsva3owH
=9la6
-----END PGP SIGNATURE-----
Dear All,
I have tried to reinstall OpenBSD 7.6 on my 2015 Macbook Air (A1465) but I cannot seem to be able to boot with keydisk encryption enabled. I have had no issues running / installing 7.6 -current with FDE enabled in the past, however with passphrase rather than keydisk. I'd like to give keydisks a go. I bought some small "leave-in" USB drives for the purpose. As the Macbook Air doesn't have a DVD drive and network boot is not possible for me I have been installing OpenBSD off an USB drive thus far.
I have tried following the FAQ but when it comes to keydisk creation it isn't the most verbose, however reading the relevant man pages (bioctl, diskutil, softraid, etc) I *think* I got it right, but I am running into an issue where, after removing the install media, I think the disk labels get rearranged and I can no longer boot. It halts with a "keydisk not found" error.
I have made a log of what exact commands I ran. In the installation, sd0 is the internal SSD, sd1 is the installer USB stick, and sd2 is the leave-in USB drive I want to use as the keydisk. Below is the slightly edited log. Reading up on similar topics on this list I also saw that providing the output of "machine diskinfo" from the boot prompt can be helpful, so I am including that as well at the end. I am also attaching the `dmesg` output.
I have also tried disabling the MBR boot flags on the keydisk as suggested somewhere on the list but it made no difference.
It has been suggested to me that when setting up softraid0 in bioctl I use disk UUID's from `sysctl hw.disknames` rather than disk labels, but I see no obvious way to provide those to `bioctl`, all the examples and manual pages I have seen were working with /dev/sd* devices.
How could I get the keydisk to boot?
Thanks in advance,
rqm
``` Installation log
Welcome to the OpenBSD/amd64 7.6 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s
# dmesg | grep sd
sd0 at scsibus0 targ 0 lun 0: <ATA, APPLE SSD SD0128, A222> naa.xxxc51
sd0: 115712MB, 512 bytes/sector, 236978176 sectors, thin
sd1 at scsibus1 targ 1 lun 0: <SanDisk, Cruzer Blade, 1.00> removable serial.xxx3C3
sd1: 14939MB, 512 bytes/sector, 30595072 sectors
sd2 at scsibus2 targ 1 lun 0: <USB, SanDisk 3.2Gen1, 1.00> removable serial.xxx0b1
sd2: 29358MB, 512 bytes/sector, 60125184 sectors
# cd /dev
# sh MAKEDEV sd0 sd2
# fdisk -iy sd0
Writing MBR at offset 0.
# disklabel -E sd0
Label editor (enter '?' for help at any prompt)
sd0> p
OpenBSD area: 64-236978176; size: 236978112; free: 236978112
# size offset fstype [fsize bsize cpg]
c: 236978176 0 unused
sd0> a a
offset: [64]
size [236978112]:
FS type: [4.2BSD] RAID
sd0*> w
sd0> q
No label changes.
# fdisk -iy sd2
Writing MBR at offset 0.
# disklabel -E sd2
Label editor (enter '?' for help at any prompt)
sd0> p
OpenBSD area: 64-60125184; size: 60125120; free: 60109119
# size offset fstype [fsize bsize cpg]
a: 16001 64 RAID
c: 60125184 0 unused
sd2>d *
sd2*> w
sd2> p
OpenBSD area: 64-60125184; size: 60125120; free: 60125120
# size offset fstype [fsize bsize cpg]
c: 60125184 0 RAID
sd2> q
No label changes.
# dd if=/dev/zero of=/dev/rsd2c bs=10m count=1
1+0 recordsd in
1+0 records out
10485760 bytes transferred in 0.277 secs (37818744 bytes/sec)
# disklabel -E sd2
sd2> a a
offset: [0]
size: [60125184] 1M
FS type: [4.2BSD] RAID
sd2*> w
sd2> q
No label changes
# bioctl -c C -k sd2a -l sd0a softraid0
sd3 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd3: 115711MB, 512 bytes/sector, 236977584 sectors
softraid0: CRYPTO volume attached as sd3
# cd /dev
# sh MAKEDEV sd3
# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
1+0 recordsd in
1+0 records out
1048576 bytes transferred in 0.277 secs (37818744 bytes/sec)
# reboot
...
welcome to the OpenBSD/amd64 7.6 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? i
...
Available disks are: sd0 sd1 sd2 sd3
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: ATA, APPLE SSD SD0128, A222 naa.xxxc51 (113.0G)
sd1: SanDisk, Cruzer Blade, 1.00 serial.xxx3C3 (14.6G)
sd2: USB, SanDisk 3.2Gen1, 1.00 serial.xxx0b1 (28.7G)
sd2: 29358MB, 512 bytes/sector, 60125184 sectors
sd3: OPENBSD, SR CRYPTO, 006 (113.0G)
Available disks are: sd0 sd1 sd2 sd3
Which disk is the root disk? ('?' for details) [sd0] sd3
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT, or (E)dit? [gpt]
Setting OpenBSD GPT partition to whole sd3...done.
The auto-allocated layout for sd3 is:
...
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
...
Which disk do you wish to initialize? (or 'done') [done]
/dev/sd3a ...
/dev/sd3l ...
/dev/sd3d ...
/dev/sd3f ...
...
Let's install the sets!
Location of sets? (disk http nfs or 'done') [http] disk
Is the partition already mounted? [no]
Which disk contains the install media? (or 'done') [sd1]
a: ...
i: ...
Available sd1 partitions are: a i
Which sd1 partition has the install sets? (or 'done') [a]
Pathname to the sets? (or 'done') [7.6/amd64]
Select sets ...
Set name(s)? (or 'abort' or 'done') [done]
Directory contains no SHA256.sig. Continue without verification? [no] yes
Installing bsd ...
...
Location of sets? (disk http nfs or 'done') [done]
What timezone are you in? ('?' for list) [Canada/Mountain]
Saving configuration files... done.
Making all device nodes... done.
Multiprocessor machine; using bsd.mp instead of bsd.
fw_update: failed.
Cannot fetch http://firmware.openbsd.org/firmware/7.6/SHA256.sig
error: firmware.openbsd.org: no address associated with that name
Relinking to create unique kernel... done.
CONGRATULATIONS! Your OpenBSD install has been successfully completed!
...
Exit to (S)hell, (H)alt or (R)eboot? [reboot]
sd1 detached #unplugging install disk ONLY, keydisk stays in
---
REBOOT
---
BLACK SCREEN INSTEAD OF BOOT PROMPT
---
Using drive 0, partition 3.
Loading. . . . . .
probing: pc0 mem[352K 216K 63K 2252M 68K 1M 64K 1782M a20=on]
disk: hd0+ sr0*
>> OpenBSD/amd64 BOOT 3.67
keydisk not found
keydisk not found
open(sra0a:/etc/boot.conf): Operation not permitted
boot>
keydisk not found
booting sra0a:/bsd: Operation not permitted
failed(1). will try /bsd
Turning timeout off.
boot > _
```
``` Output of `machine diskinfo`
Using drive 0, partition 3.
Loading......
probing: pc0 mem[352K 216K 63K 2252M 68K 1M 64K 1782M a20=0n]
disk: hd0+ sr0*
>> OpenBSD/amd64 B00T 3.67
keydisk not found
keydisk not found
open (sr0a:/etc/boot.conf): Operation not permitted
boot› machine diskinfo
Disk BIOS# Type Cyls Heads Secs Flags Checksum
hd0 0x80 label 1023 255 63 0x2 0xeb358c2c
boot›
```
``` dmesg
OpenBSD 7.6 (RAMDISK_CD) #326: Mon Sep 30 09:00:03 MDT 2024
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 4214292480 (4019MB)
avail mem = 4082368512 (3893MB)
random: good seed from bootblocks
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x8cd10000 (43 entries)
bios0: vendor Apple Inc. version "433.140.2.0.0" date 04/18/2022
bios0: Apple Inc. MacBookAir6,1
acpi0 at bios0: ACPI 5.0
acpi0: tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT DMAR MCFG
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4260U CPU @ 1.40GHz, 1300.01 MHz, 06-45-01, patch 00000026
cpu0: cpuid 1 edx=bfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> ecx=77fafbbf<SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND>
cpu0: cpuid 6 eax=77<SENSOR,ARAT> ecx=9<EFFFREQ>
cpu0: cpuid 7.0 ebx=27ab<FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID> edx=9c000600<SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD>
cpu0: cpuid a vers=3, gp=4, gpwidth=48, ff=3, ffwidth=48
cpu0: cpuid d.1 eax=1<XSAVEOPT>
cpu0: cpuid 80000001 edx=2c100800<NXE,PAGE1GB,RDTSCP,LONG> ecx=21<LAHF,ABM>
cpu0: cpuid 80000007 edx=100<ITSC>
cpu0: MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 40 pins
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus 2 (RP02)
acpiprt4 at acpi0: bus 3 (RP03)
acpiprt5 at acpi0: bus 5 (RP05)
acpiprt6 at acpi0: bus 4 (RP06)
acpipci0 at acpi0 PCI0: 0x00000004 0x00000011 0x00000001
acpicmos0 at acpi0
"APP0001" at acpi0 not configured
"ACPI0008" at acpi0 not configured
"ACPI0001" at acpi0 not configured
"ACPI0002" at acpi0 not configured
"APP000D" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"PNP0C0D" at acpi0 not configured
"PNP0C0C" at acpi0 not configured
"APP0002" at acpi0 not configured
"PNP0C0E" at acpi0 not configured
acpicpu at acpi0 not configured
cpu0: using VERW MDS workaround
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x09
"Intel HD Graphics 5000" rev 0x09 at pci0 dev 2 function 0 not configured
"Intel Core 4G HD Audio" rev 0x09 at pci0 dev 3 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x04: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
vendor "Intel", unknown product 0x9c60 (class system subclass 8237 DMA, rev 0x04) at pci0 dev 21 function 0 not configured
vendor "Intel", unknown product 0x9c66 (class serial bus unknown subclass 0x80, rev 0x04) at pci0 dev 21 function 4 not configured
"Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
"Intel 8 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xe4
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 8 Series PCIE" rev 0xe4: msi
pci2 at ppb1 bus 2
"Broadcom BCM15700A2" rev 0x00 at pci2 dev 0 function 0 not configured
ppb2 at pci0 dev 28 function 2 "Intel 8 Series PCIE" rev 0xe4: msi
pci3 at ppb2 bus 3
bwfm0 at pci3 dev 0 function 0 "Broadcom BCM43602" rev 0x01: msi
ppb3 at pci0 dev 28 function 4 "Intel 8 Series PCIE" rev 0xe4: msi
pci4 at ppb3 bus 5
ppb4 at pci4 dev 0 function 0 "Intel DSL3510 Thunderbolt" rev 0x03
pci5 at ppb4 bus 6
ppb5 at pci5 dev 0 function 0 "Intel DSL3510 Thunderbolt" rev 0x03: msi
pci6 at ppb5 bus 7
"Intel DSL3510 Thunderbolt" rev 0x03 at pci6 dev 0 function 0 not configured
ppb6 at pci5 dev 3 function 0 "Intel DSL3510 Thunderbolt" rev 0x03: msi
pci7 at ppb6 bus 8
ppb7 at pci5 dev 4 function 0 "Intel DSL3510 Thunderbolt" rev 0x03: msi
pci8 at ppb7 bus 57
ppb8 at pci5 dev 5 function 0 "Intel DSL3510 Thunderbolt" rev 0x03: msi
pci9 at ppb8 bus 106
ppb9 at pci5 dev 6 function 0 "Intel DSL3510 Thunderbolt" rev 0x03: msi
pci10 at ppb9 bus 107
ppb10 at pci0 dev 28 function 5 "Intel 8 Series PCIE" rev 0xe4: msi
pci11 at ppb10 bus 4
ahci0 at pci11 dev 0 function 0 vendor "Marvell", unknown product 0x9183 rev 0x14: msi, AHCI 1.0
ahci0: port 0: 6.0Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: <ATA, APPLE SSD SD0128, A222> naa.5001b44ccce89c51
sd0: 115712MB, 512 bytes/sector, 236978176 sectors, thin
"Intel 8 Series LPC" rev 0x04 at pci0 dev 31 function 0 not configured
"Intel 8 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo
efifb0 at mainbus0: 1366x768, 32bpp
wsdisplay0 at efifb0 mux 1: console (std, vt100 emulation)
umass0 at uhub0 port 2 configuration 1 interface 0 "SanDisk Cruzer Blade" rev 2.10/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: <SanDisk, Cruzer Blade, 1.00> removable serial.0781556753080F8053C3
sd1: 14939MB, 512 bytes/sector, 30595072 sectors
uhidev0 at uhub0 port 3 configuration 1 interface 0 "Broadcom Corp. Bluetooth USB Host Controller" rev 2.01/1.69 addr 3
uhidev0: iclass 3/1, 1 report id
ukbd0 at uhidev0 reportid 1
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub0 port 3 configuration 1 interface 1 "Broadcom Corp. Bluetooth USB Host Controller" rev 2.01/1.69 addr 3
uhidev1: iclass 3/1, 2 report ids
uhid at uhidev1 reportid 2 not configured
"Broadcom Corp. Bluetooth USB Host Controller" rev 2.01/1.69 addr 3 at uhub0 port 3 configuration 1 not configured
uhidev2 at uhub0 port 5 configuration 1 interface 0 "Apple Inc. Apple Internal Keyboard / Trackpad" rev 2.00/1.71 addr 4
uhidev2: iclass 3/0, 63 report ids
uhid at uhidev2 reportid 63 not configured
uhidev3 at uhub0 port 5 configuration 1 interface 1 "Apple Inc. Apple Internal Keyboard / Trackpad" rev 2.00/1.71 addr 4
uhidev3: iclass 3/1, 82 report ids
ukbd1 at uhidev3 reportid 1
wskbd1 at ukbd1 mux 1
wskbd1: connecting to wsdisplay0
uhid at uhidev3 reportid 9 not configured
uhid at uhidev3 reportid 63 not configured
uhid at uhidev3 reportid 82 not configured
uhidev4 at uhub0 port 5 configuration 1 interface 2 "Apple Inc. Apple Internal Keyboard / Trackpad" rev 2.00/1.71 addr 4
uhidev4: iclass 3/1, 68 report ids
uhid at uhidev4 reportid 2 not configured
uhid at uhidev4 reportid 63 not configured
uhid at uhidev4 reportid 68 not configured
umass1 at uhub0 port 10 configuration 1 interface 0 "USB SanDisk 3.2Gen1" rev 3.20/1.00 addr 5
umass1: using SCSI over Bulk-Only
scsibus2 at umass1: 2 targets, initiator 0
sd2 at scsibus2 targ 1 lun 0: <USB, SanDisk 3.2Gen1, 1.00> removable serial.0781558381075db0e0b1
sd2: 29358MB, 512 bytes/sector, 60125184 sectors
softraid0 at root
scsibus3 at softraid0: 256 targets
sd3 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd3: 115711MB, 512 bytes/sector, 236977584 sectors
root on rd0a swap on rd0b dump on rd0b
WARNING: CHECK AND RESET THE DATE!
bwfm0: failed loadfirmware of file brcmfmac43602-pcie.bin
```
No comments:
Post a Comment