What is OpenBSD?
OpenBSD is a fully functional, multi-platform UN*X-like Operating System based on Berkeley Networking Release 2 (Net/2) and 4.4BSD-Lite. There are several operating systems in this family, but OpenBSD differentiates itself by putting security and correctness first. The OpenBSD team strives to achieve what is called a "secure by default" status. This means that an OpenBSD user should feel safe that their newly installed machine will not be compromised. This "secure by default" goal is achieved by taking a proactive stance on security.
Since security flaws are essentially mistakes in design or implement- ation, the OpenBSD team puts as much importance on finding and fixing existing design flaws and implementation bugs as it does writing new code. This means that an OpenBSD system will not only be more secure, but it will be more stable. The source code for all critical system components has been checked for remote-access, local-access, denial- of-service, data destruction, and information-gathering problems.
In addition to bug fixing, OpenBSD has integrated strong cryptography into the base system. A fully functional IPsec implementation is provided as well as support for common protocols such as SSL and SSH. Network filtering and monitoring tools such as packet filtering, NAT, and bridging are also standard, as well as several routing services, such as BGP and OSPF. For high performance demands, support for hardware cryptography has also been added to the base system. Because security is often seen as a tradeoff with usability, OpenBSD provides as many security options as possible to allow the user to enjoy secure computing without feeling burdened by it.
Because OpenBSD is from Canada, the export of Cryptography pieces (such as OpenSSH and IPsec) to the world is not restricted.
(NOTE: OpenBSD can not be re-exported from the US once it has entered the US. Because of this, take care NOT to get the distribution from a mirror server in the US if you are outside of Canada and the US.)
A list of software and ideas developed by the OpenBSD project is available on the web at https://www.OpenBSD.org/innovations.html.
A comprehensive list of the improvements brought by the 7.5 release is also available at https://www.OpenBSD.org/75.html.
OpenBSD/arm64 runs on a wide variety of hardware that integrates 64-bit ARMv8 processors. OpenBSD/arm64 requires a minimal UEFI firmware (including U-Boot) and supports both ACPI and device-tree based hardware enumeration.
Sources of OpenBSD:
Please refer to https://www.openbsd.org/ftp.html for all the ways you may acquire OpenBSD.
OpenBSD 7.5 Release Contents:
The OpenBSD 7.5 release is organized in the following way. In the .../7.5 directory, for each of the architectures having an OpenBSD 7.5 binary distribution, there is a sub-directory.
The arm64-specific portion of the OpenBSD 7.5 release is found in the "arm64" subdirectory of the distribution. That subdirectory is laid out as follows:
.../7.5/arm64/
INSTALL.arm64 Installation notes; this file.
SHA256 Output of the cksum(1) program using the option
-a sha256, usable for verification of the
correctness of downloaded files.
SHA256.sig The above file, signed with the OpenBSD signing key
for the 7.5 release, usable for verification of the
integrity of the above file, and thus of the
downloaded files.
miniroot75.img A miniroot filesystem image to be used if you
for some reason can't or don't want to use the
ramdisk installation method.
*.tgz arm64 binary distribution sets; see below.
bsd A stock GENERIC arm64 kernel which will be
installed on your system during the install.
bsd.mp A stock GENERIC.MP arm64 kernel, with support for
multiprocessor machines, which can be used instead
of the GENERIC kernel after the install.
bsd.rd A compressed RAMDISK kernel; the embedded
filesystem contains the installation tools.
Used for simple installation from a pre-existing
system.
install75.iso The arm64 boot and installation CD-ROM image,
which contains the base and X sets, so that install
or upgrade can be done without network connectivity.
install75.img A boot and installation image which contains
the base and X sets. An install or upgrade can be
done with a USB key without network connectivity.
cd75.iso A simple bootable filesystem image consisting of the
bsd.rd installation kernel, suitable to be used
as a bootable CD-ROM image, but will require the base
and X sets be found via another media or network.
The OpenBSD/arm64 binary distribution sets contain the binaries which comprise the OpenBSD 7.5 release for arm64 systems. There are eight binary distribution sets. The binary distribution sets can be found in the "arm64" subdirectory of the OpenBSD 7.5 distribution tree, and are as follows:
base75 The OpenBSD/arm64 7.5 base binary distribution. You MUST
install this distribution set. It contains the base OpenBSD
utilities that are necessary for the system to run and be
minimally functional. This includes parts of the toolchain
required to relink a kernel.
It includes shared library support, and excludes everything
described below.
[ 265.0 MB gzipped, 509.1 MB uncompressed ]
comp75 The OpenBSD/arm64 Compiler tools. All of the tools relating
to C and C++ are supported. This set includes the system
include files (/usr/include), the compiler
toolchain, and the various system libraries (except the
shared libraries, which are included as part of the base set).
This set also includes the manual pages for all of the
utilities it contains, as well as the system call and library
manual pages.
[ 69.1 MB gzipped, 255.3 MB uncompressed ]
game75 This set includes the games and their manual pages.
[ 2.6 MB gzipped, 6.1 MB uncompressed ]
man75 This set includes all of the manual pages for the binaries
and other software contained in the base set.
Note that it does not include any of the manual pages
that are included in the other sets.
[ 7.6 MB gzipped, 29.5 MB uncompressed ]
xbase75 This set includes the base X distribution. This includes
programs, headers and libraries.
[ 47.4 MB gzipped, 156.4 MB uncompressed ]
xfont75 This set includes all of the X fonts.
[ 22.4 MB gzipped, 34.1 MB uncompressed ]
xserv75 This set includes all of the X servers.
[ 10.2 MB gzipped, 29.4 MB uncompressed ]
xshare75 This set includes all text files equivalent between all
architectures.
[ 4.4 MB gzipped, 23.8 MB uncompressed ]
OpenBSD System Requirements and Supported Devices:
The following machines are targeted by OpenBSD/arm64:
Allwinner A64/H5/H6
Pine64 Pine 64/64+
Pine64 H64
Pine64 Pinebook
NanoPi A64
Orange Pi PC2
Orange Pi Zero Plus
AMD Opteron A1100 (Seattle)
AMD Seattle Development Board
SoftIron OverDrive 1000
SoftIron OverDrive 3000
Amlogic G12B/SM1
Banana Pi BPI-M5
Hardkernel ODROID-N2
Hardkernel ODROID-C4
Hardkernel ODROID-HC4
Ampere eMAG
Lenovo ThinkSystem HR330A
Lenovo ThinkSystem HR350A
Ampere Altra
GIGABYTE R152-P30/31/32
GIGABYTE E252-P30/31
GIGABYTE R272-P30/31/32/33
Apple M1/M2
Apple Mac mini (M1, 2020)
Apple MacBook Air (M1, 2020)
Apple MacBook Pro (13-inch, M1, 2020)
Apple iMac (24-inch, M1, 2021)
Apple MacBook Pro (14-inch, M1 Pro/Max, 2021)
Apple MacBook Pro (16-inch, M1 Pro/Max, 2021)
Apple Studio (M1 Max/Ultra, 2022)
Apple MacBook Air (13-inch, M2, 2022)
Apple MacBook Pro (13-inch, M2, 2022)
Apple MacBook Air (15-inch, M2, 2023)
Apple MacBook Pro (14-inch, M2 Pro/Max, 2023)
Apple MacBook Pro (16-inch, M2 Pro/Max, 2023)
Broadcom BCM2837/BCM2711
Raspberry Pi 3
Raspberry Pi 3 Model B+
Raspberry Pi 4
Raspberry Pi 400
Raspberry Pi Compute Module 4
Marvell ARMADA 3K
Turris MOX
Marvell ESPRESSObin
GL.iNet Brume
Marvell ARMADA 7K/8K
SolidRun/Marvell MACCHIATObin
Qualcomm Snapdragon 7cx (SC7180/SC7180P)
Acer Aspire One
Qualcomm Snapdragon 8cx Gen 3 (SC8280XP)
Lenovo ThinkPad X13s Gen 1
Microsoft Windows Dev Kit 2023
Rockchip RK3328/RK3399(pro)
Pine64 ROCK64
Pine64 ROCKPro64
Pinebook Pro
Firefly-RK3399
FriendlyElec NanoPC-T4
Theobroma Systems RK3399-Q7
Radxa ROCK Pi N10
Rockchip RK3566/RK3568
Pine64 Quartz64 Model A
Pine64 Quartz64 Model B
ROC-RK3566-PC
NanoPi R5S
Radxa ROCK 3A
Socionext SC2A11
Socionext SynQuacer-E Developerbox
Verifying the OpenBSD Installation Media:
OpenBSD installations are able to verify files for the next release. The OpenBSD 7.5 release was signed with the /etc/signify/openbsd-75-base.pub release key.
If you have an existing OpenBSD installation, you can run signify(1) to verify the signature and checksum. For example, run the following to verify that the cd75.iso file was distributed by the OpenBSD team: signify -C -p /etc/signify/openbsd-75-base.pub -x SHA256.sig cd75.iso
If you are unable to run or compile signify(1), use sha256(1) with the SHA256 file to see if a file was corrupt during the transfer.
Getting the OpenBSD System onto Useful Media:
Installation is supported from several media types, including:
CD-ROM
FFS partitions
DOS (FAT) partitions
EXT2 partitions
HTTP
The steps necessary to prepare the distribution sets for installation depend on which method of installation you choose. Some methods require a bit of setup first that is explained below.
The installation allows installing OpenBSD directly from HTTP mirror sites over the internet, however you must consider the speed and reliability of your internet connection for this option. It may save much time and frustration to download the distribution sets to a local server or disk and perform the installation from there, rather than directly from the internet.
If you are upgrading OpenBSD, you also have the option of installing OpenBSD by putting the new distribution sets somewhere in your existing file system, and using them from there. To do that, do the following:
Place the distribution sets you wish to upgrade somewhere
in your current file system tree. At a bare minimum, you
must upgrade the "base" binary distribution, and so must
put the "base75" set somewhere in your file system. It
is recommended that you upgrade the other sets, as well.
Preparing your System for OpenBSD Installation:
To perform an installation you must be able to interact with the console of the machine. In some cases this can be done by an attached monitor and keyboard. In others a serial console is required. USB OTG ports such as the one found on the BeagleBone will not function as a console. You need to be able to interact with the firmware on the console. Often this requires a 3.3V TTL level adapter connected to pins or a header on the board.
Firmware which provides an UEFI interface with a Device Tree Blob (DTB) file or ACPI support is required to boot. In most cases this is provided by images of U-Boot 2016.07 or newer on SD/MMC devices or in SPI flash. If the miniroot or install images are used, U-Boot and DTB files are distributed as part of the images.
OpenBSD can be installed onto a disk by copying the miniroot or install image for your board ("miniroot75.img" or "install75.img") to an SD card.
Booting from an SD card:
To use a miniroot/install image you will need another machine to plug the SD card in to. Any machine type will do, as long as it supports SD card storage devices. Under OpenBSD, it will appear as a ``sd'' device, for example sd1.
Use the dd(1) utility to copy the image to the SD card. The command would likely be, under OpenBSD: dd if=miniroot75.img of=/dev/rsd1c bs=1m
When you have connected the serial to your computer, a command such as "cu -l cuaU0 -s 115200" (assuming cuaU0 is your serial port device) should connect you to the board's console.
Running EFI payloads with U-Boot:
If the U-Boot target supports "distro_bootcmd" efiboot will automatically be loaded by placing bootaa64.efi into /efi/boot/bootaa64.efi on a FAT filesystem. With dtb files placed in /vendor/, /dtbs/vendor/, or /dtb/current/vendor/.
If the U-Boot target supports bootefi but not automatically finding it with "distro_bootcmd" then it must be loaded manually or by U-Boot commands or script. => run findfdt => load mmc 0:1 ${fdt_addr_r} ${fdtfile} => load mmc 0:1 ${kernel_addr_r} efi/boot/bootaa64.efi => bootefi ${kernel_addr_r} ${fdt_addr_r} The bootloader will then run and try to load sd0a:/bsd off an FFS filesystem after a timeout.
Install on Apple Silicon:
These machines do not come with UEFI firmware by default. In order to install OpenBSD on these machine you need to run the Asahi Linux installer first in macOS or the macOS recovery environment. Instructions on how to download and run the Asahi Linux installer can be found at https://asahilinux.org/. Run it in macOS or the macOS recovery environment.
Note that while running the suggested: curl https://alx.sh | sh is probably safe, it is teaching a bad habit. It is better to download the installer: curl -o alx.sh https://alx.sh and inspect the alx.sh script before running it: sh alx.sh
You will have to create some free space for your OpenBSD install by choosing the "Resize an existing partition to make space for a new OS" option first. Once that is done, pick the "Install an OS into free space" option, choose "UEFI environment only (m1n1 + U-Boot + ESP)" and follow the steps presented to you.
Now you can copy the miniroot or install image ("miniroot75.img" or "install75.img") to a USB drive, plug it into one of the type-C ports on the machine and reset the machine to boot into the OpenBSD installer.
Install on Raspberry Pi:
The standard miniroot supports at least the Raspberry Pi 3 and 4 with no additional firmware. Some devices may not be functional with Pi 3+. It is recommended that you install to a USB storage device.
The default system console is on the TTL serial interface on the TXD/RXD/GND pins of the https://pinout.xyz/ header on the board. It will be helpful to obtain an adapter (e.g. CP2102 USB-UART). If you have one, attach it to the pins and a computer; a command such as "cu -l cuaU0 -s 115200" (assuming cuaU0 is your serial port device) should connect you to the board's console.
If not, note that once the kernel has started running, by default you will only see output on the serial console. To switch to displaying on the monitor instead, watch for the OpenBSD BOOTAA64 "boot>" prompt, and type "set tty fb0".
Alternatively the system can be booted using UEFI firmware found at https://github.com/pftf/RPi4. Follow their instructions to install to an SD card and run the OpenBSD installer from USB. v1.21 is known to work; some newer versions may have problems.
Install on systems without a supported miniroot:
If a miniroot is not available for your system you will have to modify an existing image before booting it.
To do so first install the u-boot-aarch64 and dtb packages. Write the provided miniroot image to an SD card:
dd if=miniroot75.img of=/dev/rsdXc bs=1m
Add a board specific DTB file (Allwinner and Rockchip U-Boot images come with a default DTB):
mount /dev/sdXi /mnt
mkdir /mnt/vendor
cp /usr/local/share/dtb/arm64/vendor/board.dtb /mnt/vendor/
umount /mnt
For systems based on Allwinner Axx SoCs:
dd if=/usr/local/share/u-boot/board/u-boot-sunxi-with-spl.bin \
of=/dev/sdXc bs=1024 seek=8
For systems based on Rockchip RK33xx SoCs:
dd if=/usr/local/share/u-boot/board/idbloader.img \
of=/dev/sdXc seek=64
dd if=/usr/local/share/u-boot/board/u-boot.itb \
of=/dev/sdXc seek=16384
For systems based on Rockchip RK356x SoCs:
dd if=/usr/local/share/u-boot/board/u-boot-rockchip.bin \
of=/dev/sdXc seek=64
Installing the OpenBSD System:
Installing OpenBSD is a relatively simple process. If you take your time and are careful to read the information presented by the installer, you shouldn't have any trouble.
You should now be ready to install OpenBSD.
The following is a walk-through of the steps you will take while getting OpenBSD installed on your hard disk.
The installation procedure is designed to gather as much information about your system setup as possible at the beginning, so that no human interaction is required as soon as the questions are over.
The order of these questions might be quite disconcerting if you are used to other installation procedures, including older OpenBSD versions.
If any question has a default answer, it will be displayed in brackets ("[]") after the question. If you wish to stop the installation, you may hit Control-C at any time, but if you do, you'll have to begin the installation process again from scratch. Using Control-Z to suspend the process may be a better option, or at any prompt enter "!" to get a shell, from which "exit" will return you back to that prompt.
Once the kernel has loaded, you will be presented with the
OpenBSD kernel boot messages which contain information about
the hardware that was detected and supported by OpenBSD.
After the kernel is done initializing, you will be asked whether
you wish to do an "(I)nstall", "(U)pgrade" or an "(A)utoinstall".
Enter "I" for a fresh install or "U" to upgrade an existing
installation. Enter "A" to start an unattended installation
where all of your answers are supplied in a response file (more
on that in "Preparing an unattended installation of OpenBSD").
If you are connected with a serial console, you will next be
asked for your terminal type.
You should choose the terminal type from amongst those listed.
(If your terminal type is xterm, just use vt220).
If you are connected using a glass console, you will next be
asked for your keyboard layout (the default being the US QWERTY
layout). Depending on your keyboard type, not all international
layouts may be supported; answering "?" (which, on QWERTY layouts,
is the key to the left of the right "shift" key, shifted) will
display a list of supported layouts.
(If you do not need to change the keyboard layout, just press
enter.)
The first question you will be asked is the system hostname.
Reply with the name of the system, without any domain part.
You will now be given an opportunity to configure the network.
The network configuration you enter (if any) can then be used to
do the install from another system using HTTP, and will also be
the configuration used by the system after the installation is
complete.
The install program will give you a list of network interfaces you
can configure. For each network interface you select to configure,
you will be asked for:
- the symbolic host name to use (except for the first
interface setup, which will reuse the host name entered at the
beginning of the installation).
- the IPv4 settings: address and netmask. If the IP address
should be obtained from a DHCP server, simply enter "dhcp"
when asked for the address.
- the IPv6 settings (address, prefix length, and default router).
You may enter "autoconf" when asked for the address for the
interface to configure automatically via router solicitation
messages.
After all interfaces have been configured, if there have been
any IPv4 interfaces set up, you will be asked for the IPv4 default
route. This step is skipped if you only have one IPv4 interface
setup, and it is configured with DHCP.
The install program will also ask you for your DNS domain name,
and the domain name servers, unless this information has
already been obtained from a DHCP server during interface setup.
You will then be asked to enter the initial root password
of the system, twice.
Although the install program will only check that the two
passwords match, you should make sure to use a strong password.
As a minimum, the password should be at least eight characters
long and a mixture of both lower and uppercase letters, numbers
and punctuation characters.
You will then be asked whether you want to start sshd(8) by
default.
Since the X Window System can run on OpenBSD/arm64
without the need for a configuration file, you will get asked
whether you want to start xenodm(1) on boot.
You will now be given the possibility to set up a user account
on the forthcoming system. This user will be added to the
"wheel" group.
Enter the desired login name, or "n" if you do not want to
add a user account at this point. Valid login names are
sequences of digits and lowercase letters, and must start
with a lowercase letter. If the login name matches this
criteria, and doesn't conflict with any of the administrative
user accounts (such as "root", "daemon" or "ftp"), you
will be prompted for the user's descriptive name, as well
as its password, twice.
As for the root password earlier, the install program will only
check that the two passwords match, but you should make sure to
use a strong password here as well.
If you have chosen to set up a user account, and you had chosen
to start sshd(8) on boot, you will be asked if you want to allow
sshd(8) logins as root.
Depending on the installation media you are using, you may now
be given the opportunity to configure the time zone your system
will use. If the installation program skips this question, do
not be alarmed: the time zone will be configured at the end of
the installation.
The installation program will now tell you which disks it can
install on, and ask you which it should use.
Reply with the name of your root disk.
You will be given the possibility to encrypt the contents of that
disk with a passphrase or a key disk.
Disks on OpenBSD/arm64 are partitioned using either "MBR"
or "GPT" partitioning schemes. You will need to create one
disk partition in which the OpenBSD filesystems will be created.
The fdisk(8) utility will be invoked to let you edit your MBR
partitioning. The current MBR partitions defined will be
displayed and you will be allowed to modify them, and add new
partitions.
The setup will need two partitions, one 'OpenBSD' for the
OpenBSD/arm64 installation, and one 'MSDOS' for the
U-Boot scripts/bootloader.
If you use the whole disk option, the install script
will create a small 'MSDOS' partition and use the rest of
the disk for the OpenBSD installation.
After your OpenBSD MBR partition has been set up, the real
partition setup can follow.
The file system layout is stored in the OpenBSD disk label. Each
file system is stored in its own "disk label partition", which
is a subdivision of the OpenBSD disk partition you created. In
the text below, "partition" refers to these subdivisions.
You will be shown a default layout with the recommended file
systems. This default layout is based on the disk size.
You will be given the choice of accepting the proposed layout,
editing it, or creating your own custom layout. These
last two choices will invoke the disklabel(8) interactive editor,
allowing you to create your desired layout.
Within the editor, you will see at least a "c" partition of
fstype "unused". This represents the whole disk and cannot be
modified.
You must create partition "a" as a native OpenBSD partition, i.e.
one with "4.2BSD" as the fstype, to hold the root file system.
In addition to partition "a" you should create partition "b" with
fstype "swap", and native OpenBSD partitions to hold separate file
systems such as /usr, /tmp, /var, and /home.
You will need to provide a mount point for all partitions you
define. Partitions without mount points, or not of the
4.2BSD fstype, will neither be formatted nor mounted during the
installation.
For quick help while in the interactive editor, enter "?".
The "z" command (which deletes all partitions and starts with a
clean label), the "A" command (which performs the automatic
partition layout) and the "n" command (to change mount points)
are of particular interest.
Although the partitions' position and size are written in exact
sector values, you do not need a calculator to create your
partitions! Human-friendly units can be specified by adding "k",
"m" or "g" after any numbers to have them converted to kilobytes,
megabytes or gigabytes. Or you may specify a percentage of the
disk size using "%" as the suffix.
Enter "M" to view the entire manual page (see the info on the
"-E" flag). To exit the editor enter "q".
After the layout has been saved, new filesystems will be
created on all partitions with mount points.
This will DESTROY ALL EXISTING DATA on those partitions.
After configuring your root disk, the installer will
return to the list of available disks to configure.
You can choose the other disks to use with OpenBSD in
any order, and will get to set up their layout similarly
to the root disk above. However, for non-root disks,
you will not be proposed a default partition layout.
When all your disks are configured, simply hit return
at the disk prompt.
After these preparatory steps have been completed, you will be
able to extract the distribution sets onto your system. There
are several install methods supported:
HTTP, CD-ROM, or a local disk partition.
To install via HTTP:
To begin an HTTP install you will need the following
pieces of information:
1) Proxy server URL if you are using a URL-based HTTP
proxy (squid, CERN FTP, Apache 1.2 or higher).
You need to define a proxy if you are behind a
firewall that blocks outgoing HTTP connections
(assuming you have a proxy available to use).
2) The IP address (or hostname if you configured
DNS servers earlier in the install) of an HTTP
server carrying the OpenBSD 7.5 distribution.
The installation program will try to fetch a list
of such servers; depending on your network settings,
this might fail. If the list could be fetched, it
will be displayed, and you can choose an entry from
the list (the first entries are expected to be the
closest mirrors to your location).
3) The directory holding the distribution sets.
Then refer to the section named "installation set selection"
below.
To install from CD-ROM:
When installing from a CD-ROM, you will be asked which
device holds the distribution sets. This will typically
be "cd0". If there is more than one partition on the
CD-ROM, you will be asked which partition the distribution
is to be loaded from. This is normally partition "a".
You will also have to provide the relative path to the
directory on the CD-ROM which holds the distribution, for
the arm64 this is "7.5/arm64".
Then refer to the section named "installation set selection"
below.
To install from a local disk partition:
When installing from a local disk partition, you will
first have to identify which disk holds the distribution
sets.
This is normally "sdN", where N is a number.
Next you will have to identify the partition within that disk
that holds the distribution; this is a single letter between
"a" and "p".
You will also have to identify the type of file system
residing in the partition identified. Currently, you can
install from partitions that have been formatted as the
Berkeley fast file system (ffs), Linux (ext2) or MS-DOS.
You will also have to provide the relative path to the
directory on the file system where the distribution sets
are located. Note that this path should not be prefixed
with a "/".
Then refer to the next section.
Installation set selection:
A list of available distribution sets found on the
given location will be listed.
You may individually select distribution sets to install
by entering their names or wildcards (e.g. "*.tgz" or
"base*|comp*"), or you may enter "all" to select all the
sets (which is what most users will want to do).
You may also enter "abort" to deselect everything and
restart the selection from scratch, or unselect sets
by entering their name prefixed with "-" (e.g. "-x*").
It is also possible to enter an arbitrary filename and
have it treated as a file set.
When you are done selecting distribution sets, enter
"done". The files will begin to extract.
After the files have been extracted, you will be given the choice
to select a new location from which to install distribution sets.
If there have been errors extracting the sets from the previous
location, or if some sets have been missing, this allows you to
select a better source.
Also, if the installation program complains that the distribution
sets you have been using do not match their recorded checksums, you
might want to check your installation source (although this can
happen between releases, if a snapshot is being updated on a mirror
server with newer files while you are installing).
The last thing you might need to configure, if you did not get
the chance to earlier, is the time zone your system will be using.
For this work properly, it is expected that you have installed at
least the "base75" and "bsd" distribution sets.
The installation program will then proceed to save the system
configuration, create all the device nodes needed by the installed
system, and will install bootblocks on the root disk.
On multiprocessor systems, if the bsd.mp kernel has been installed,
it will be renamed to "bsd", which is the default kernel the boot
blocks look for. The single processor kernel, "bsd", will be
available as "bsd.sp".
Finally, you will be asked whether you would like to install
non-free firmware files (which can't be tightly integrated to
the OpenBSD system) on first boot, by invoking fw_update(8) on
the next boot.
Congratulations, you have successfully installed OpenBSD 7.5. When you reboot into OpenBSD, you should log in as "root" at the login prompt. You should create yourself an account, if you skipped this step during installation, and protect it and the "root" account with good passwords.
The install program leaves root an initial mail message. We recommend you read it, as it contains answers to basic questions you might have about OpenBSD, such as configuring your system, installing packages, getting more information about OpenBSD, sending in your dmesg output and more. To do this, run
mail
and then just enter "more 1" to get the first message. You quit mail by entering "q".
Some of the files in the OpenBSD 7.5 distribution might need to be tailored for your site. We recommend you run:
man afterboot
which will tell you about a bunch of the files needing to be reviewed. If you are unfamiliar with UN*X-like system administration, it's recommended that you buy a book that discusses it.
As you may have seen during installation, on some systems OpenBSD/arm64 will configure the system console (displaying kernel messages, panics, and so on) to use the serial interface even though it has video hardware. To use video output on the framebuffer instead, you may add "set tty fb0" to /etc/boot.conf.
In these cases the installer question about running X11 is not displayed; to start an X11 display manager at boot, use "rcctl enable xenodm".
Preparing an unattended installation of OpenBSD:
If "(A)utoinstall" is chosen at the install prompt or if the installation system detects that it booted from the network, and isn't interrupted within 5 seconds, it attempts a fully-automatic installation.
The installer autoconfigures a DHCP IPv4 address on the network interface the system booted from, or in case of multiple interfaces it will ask which one to use. Upon success, it retrieves a response file via HTTP. If that fails, the installer asks for the response file location, which can be either a URL or a local path, and retrieves the response file from there.
The "next-server" DHCP option specifies the hostname part of the URL,
as in "http://
The response file contains lines with key/value pairs separated by an equals sign "=", where the key is a non-ambiguous part (up to the question mark) of the installer question, consisting of whitespace separated words. The value is what would have been entered at the interactive prompt. Empty lines and lines beginning with a "#" character are ignored. The installer uses default answers in case of missing answers.
Here is a response file example that uses a hashed password (see encrypt(1) for more details) for root and a public ssh key for the user that is created during the installation.
System hostname = openbsd
Password for root = $2a$14$Z4xRMg8vDpgYH...GVot3ySoj8yby
Setup a user = puffy
Password for user = *************
Public ssh key for user = ssh-ed25519 AAAAC3NzaC1...g3Aqre puffy@ai
What timezone are you in = Europe/Stockholm
Location of sets = http
HTTP Server = ftp.eu.openbsd.org
The "System hostname" key above matches the following full question asked during an interactive installation:
System hostname? (short form, e.g. 'foo')
While the installation is in progress the installer writes all output to the file /ai.log, which is available as mail on the freshly installed system after the initial reboot. If the installation is successful the system will reboot automatically; otherwise, you will be dropped back into the shell where you can look at the /ai.log file or try again.
Upgrading a previously-installed OpenBSD System:
Warning! Upgrades to OpenBSD 7.5 are currently only supported from the immediately previous release. The upgrade process will also work with older releases, but might not execute some migration tasks that would be necessary for a proper upgrade.
The best solution, whenever possible, is to backup your data and reinstall from scratch. As a minimum, if the toolchain (the "comp" set) was installed, you should remove all files within /usr/include before attempting to upgrade.
To upgrade OpenBSD 7.5 from a previous version, start with the general instructions in the section "Installing OpenBSD".
Boot from your usual boot device. When prompted, select the (U)pgrade option rather than the (I)nstall option at the prompt in the install process.
You will be presented with a welcome message, and depending on how you are connected to the system, you will be asked to set the terminal type or to choose a keyboard layout.
The upgrade script will ask you for the existing root partition, and will use the existing filesystems defined in /etc/fstab to install the new system in. It will also use your existing network parameters.
From then, the upgrade procedure is very close to the installation procedure described earlier in this document.
However, it is strongly advised that you unpack the etc.tgz and the xetc.tgz files found in /var/sysmerge in a temporary directory and merge changes by hand, or with the help of the sysmerge(8) helper script, since all components of your system may not function correctly until your files in "/etc" are updated.
Getting source code for your OpenBSD System:
Now that your OpenBSD system is up and running, you probably want to get access to source code so that you can recompile pieces of the system.
You can get the pieces over the internet using anonymous CVS, rsync, FTP or HTTP(s). For more information, see:
https://www.OpenBSD.org/anoncvs.html
https://www.OpenBSD.org/ftp.html
Using online OpenBSD documentation:
Documentation is available if you first install the manual pages distribution set. Traditionally, the UN*X "man pages" (documentation) are denoted by "name(section)". Some examples of this are
intro(1),
man(1),
apropos(1),
passwd(1),
passwd(5) and
afterboot(8).
The section numbers group the topics into several categories, but three are of primary interest: user commands are in section 1, file formats are in section 5, and administrative information is in section 8.
The "man" command is used to view the documentation on a topic, and is started by entering "man [section] topic". The brackets [] around the section should not be entered, but rather indicate that the section is optional. If you don't ask for a particular section, the topic with the least-numbered section name will be displayed. For instance, after logging in, enter
man passwd
to read the documentation for passwd(1). To view the documentation for passwd(5), enter
man 5 passwd
instead.
If you are unsure of what man page you are looking for, enter
apropos subject-word
where "subject-word" is your topic of interest; a list of possibly related man pages will be displayed.
Adding third party software - packages and ports:
As complete as your OpenBSD system is, you may want to add any of several excellent third party software applications. There are several ways to do this. You can:
-
Use the OpenBSD package collection to grab a pre-compiled and tested version of the application for your hardware.
-
Use the OpenBSD ports collection to automatically get any needed source file, apply any required patches, create the application, and install it for you.
-
Obtain the source code and build the application based upon whatever installation procedures are provided with the application.
Instructions for installing applications from the various sources using the different installation methods follow.
You should also refer to the packages(7) manual page.
Installing applications from the ftp.OpenBSD.org package collection:
All available packages for your architecture have been placed on
ftp.OpenBSD.org in the directory pub/OpenBSD/7.5/packages/aarch64/
You may want to peruse this to see what packages are available. The
packages are also on the OpenBSD mirror sites. See
https://www.OpenBSD.org/ftp.html
for a list of current mirror sites.
Installation of a package is very easy.
1) become the superuser (root)
2) use the "pkg_add" command to install the software
"pkg_add" is smart enough to know how to download the software
from the OpenBSD HTTP server. Example:
$ su
Password: <enter your root password>
# pkg_add emacs
Installing applications from the OpenBSD ports collection:
See https://www.openbsd.org/faq/faq15.html#Ports for current
instructions on obtaining and installing OpenBSD ports.
You should also refer to the ports(7) manual page.
Installing other applications:
If an OpenBSD package or port does not exist for an application
you're pretty much on your own. The first thing to do is ask
<ports@OpenBSD.org> if anyone is working on a port -- there may
be one in progress. If no such port exists, you might want to
look at the FreeBSD ports or NetBSD pkgsrc for inspiration.
If you can't find an existing port, try to make your own and
feed it back to OpenBSD. That's how our ports collection grows.
Some details can be found in the OpenBSD Porter's Handbook at
https://www.openbsd.org/faq/ports/
with more help coming from the mailing list, <ports@OpenBSD.org>.
Administrivia:
There are various mailing lists available via the mailing list server at majordomo@OpenBSD.org. To get help on using the mailing list server, send mail to that address with an empty body, and it will reply with instructions.
More information about the various OpenBSD mailing list and proper netiquette is available at
https://www.OpenBSD.org/mail.html
To report bugs, use the "sendbug" command shipped with OpenBSD, and fill in as much information about the problem as you can. Good bug reports include lots of details. Additionally, bug reports can be sent by mail to:
bugs@OpenBSD.org
As a favor, please avoid mailing huge documents or files to the mailing lists. Instead, put the material you would have sent on a web server, then mail the appropriate list about it, or if you'd rather not do that, mail the list saying you'll send the data to those who want it.
For more information about reporting bugs, see
https://www.OpenBSD.org/report.html