getting started with openbsd

back to /blog bluesky

openbsd is fantastic! here's how to get started with it. this guide assumes you have a basic understanding of the unix command line, and are able to comprehend what the computer is asking you to do and respond accordingly. text commands are written in white with a darker background.

note for virtualbox users: make sure you use an ahci controller for the disks, not the default ide!

part 0: why openbsd?

in the age where your computer actively works against your privacy and freedom, you ought to have something that can keep you safe. linux is a fantastic first step, but most distros put user-friendliness above keeping things up-to-date and secure by default. openbsd on the other hand, has a minimal attack surface by default (leading to their "Only two remote holes in the default install, in a heck of a long time!" blurb on their home page), many security hardening innovations, and the most sensible (in my opinion) take on full disk encryption - it takes the passphrase/keydisk pre-boot - where lots of linux distros have already partially booted before they get your login.

in short, openbsd assumes you don't know what you're doing and makes sure you're safe despite that.

part 1: downloading & verifying

  1. download openbsd 7.6
  2. verify your download - on windows, run certutil -hashFile install76.img SHA256. on another unix, run sha256sum install76.img. the sum should be 973dfa837e4998f6c0f29d0afc9f40d85e29a3d2b25fcea8b3f13b4491fbedc0
  3. write the installer to a usb stick. on windows, download rufus. on another unix, run dd if=install76.img of=[target usb stick] bs=1M

part 2: installation

  1. boot the usb stick. how to do this depends on your motherboard - look up "[model] BIOS key" if it isn't shown at boot
  2. when you reach the boot> prompt, hit enter
  3. give the os a minute to start up, then choose I - the autoinstaller isn't what you need here
  5. go through the installer and follow the instructions on-screen until it asks if you want the x window system to be started by xenodm - choose yes and continue
  6. you can choose not to encrypt the disk, but it's highly recommended - choose passphrase
  7. make sure to choose all sets - you'll need to figure out where they're installed. cd0 on my system.
  8. it will complain about missing the signature. continue anyway - we checked the shasum earlier.
  9. let it finish and reboot!

part 3: installing xfce

  1. login with the root user and whatever password you've set
  2. in the terminal that opened, run fw_update
  3. install some essential packages with pkg_add xfce xfce-extras doas - it's a good idea to install a text editor here if you prefer something other than vi
  4. open /etc/X11/xenodm/Xsetup_0 with the aforementioned text editor and remove the line mentioning xconsole
  5. enable messagebus with rcctl enable messagebus; rcctl start messagebus
  6. enable power management with rcctl enable apmd; rcctl start apmd
  7. (if you've added non-root users) run usermod -G operator [user name] and usermod -G wheel [user name]
  8. (as every user that will use xfce) add the lines export PATH="/usr/local/bin:$PATH" and exec startxfce4 to ~/.xsession
  9. log out and log back in. xfce should open. i recommend changing the cursor style (Applications>Settings>Mouse & Touchpad>Theme)

setting up for mobile use

as root:
  1. install the power manager with pkg_add xfce4-power-manager
  2. find your wifi hardware name with ifconfig - usually has "w" in it
  3. (optional - if you want to auto-join wifi) echo "join [wifi network name] wpakey [wifi network password]" >> /etc/hostname.[wifi card name] and echo "dhcp" >> /etc/hostname.[wifi card name]
  4. (optional - if you want to manually join) run ifconfig join [wifi network name] wpakey [wifi network password]