OpenBSD Full Disk Encryption Setup

This post is outdated. FDE is integrated into the installer since OpenBSD 7.3

This is a condensed version of OpenBSD FDE encryption FAQ.

Boot installer, drop to shell with “s”

cd /dev && sh MAKEDEV sd0
dd if=/dev/urandom of=/dev/rsd0c bs=1m
fdisk -iy -g -b 960 sd0 # GPT / without -g and -b for MBR
disklabel -E sd0

Note, switch to kbd en before setting the password as this is what you have on the boot prompt.

bioctl -c C -l sd0a softraid0
dd if=/dev/zero of=/dev/rsd1c bs=1m count=1

Ctrl+D to restart the installer. Choose sd1 as install target.

If sd1 is not present:

cd /dev && sh MAKEDEV sd1

When the installer later asks about installing with MBR or GPT layout, choose MBR. Even if you boot via UEFI/GPT.