Matthew Graybosch
author by choice, techie by necessity

Installing OpenBSD 6.6 on a used Thinkpad T60

Introduction

This page contains my notes on the installation of OpenBSD on used computers, mostly Lenovo Thinkpads. It should not be taken as more authoritative than the OpenBSD FAQ and the included manual pages. It also contains notes on customizing the user environment after installation. This setup is based entirely upon my own preferences and may not be suitable for your use. However, you might get some ideas for your own setup.

I was installing OpenBSD 6.6 on a secondhand Lenovo Thinkpad T60 while creating this page. It will be subject to updates if I install on other machines or if future versions change the process to an appreciable extent.

Installing the Base System

My process for installing the base OpenBSD system doesn't deviate much from the FAQ. The developers promise "sane defaults", and deliver in almost every respect.

Keyboard Layout

I could choose the default and go with a standard "US English" layout, but when I pulled up the list I see that there's also a "us.swapctrlcaps" layout, so I think I'll go with that.

System Hostname

You can pick what you want, but it's helpful to pick a distinctive name if you've got a home network with multiple computers. I've already got machines named "kether" and "malkuth", so this one will be called "netzach" to keep with the cabalistic theme. If I were working with a larger network, I might select names from the Lesser Key of Solomon, or names of characters from a favorite novel or sci-fi saga.

You'll find that many Linux and BSD users favor naming schemes that are meaningful to them when given a choice in the matter, even if those naming schemes aren't necessarily appropriate for an academic or corporate environment. For example, a fan of Glen Cook's The Black Company might name their machines after The Ten Who Were Taken: Soulcatcher, Limper, Howler, etc. And I'm willing to bet that somewhere there's somebody who sits down at their machine and becomes "sorceress@greyskull.eternia.org", even if only on their home network.

Then again, Square-Enix draws upon the old Unix host naming tradition for the various "servers" hosting the millions playing Final Fantasy XIV across the planet. I tend to frequent "Diabolos" myself.

Network Interfaces

My T60 has both Ethernet and wifi, but I'll be using a wired connection. My wifi uses an Atheros AR5418 chipset, which requires firmware that won't be available until after I've installed the base system. I run into the same difficulty when installing on my T430s, but that machine's got Intel wifi instead of Atheros.

Incidentally, here's a bit of purchasing advice: If you have a choice when buying a used laptop for OpenBSD, you're more likely to have a good experience with Intel wifi and either Intel or AMD graphics. If you've got Nvidia graphics, you might have a better time with FreeBSD or NetBSD. T-series Thinkpads are generally a good bet in my experience, as are other business or enterprise class laptops and desktops by Lenovo. Of course, you won't necessarily know exactly what kind of hardware your new refurb has under the hood until you get your hands on it, so caveat emptor.

I'm going with DHCP instead of a static IP because I haven't taken the time to reconfigure my Verizon-issued router for static IPs. It's not like I can't use nmap to find hosts on a DHCP network if necessary. I've also selected "autoconf" for IPv6 since I've got my router set up to support modern networking.

Root Account Setup

I don't like to use root, but on a new machine it's necessary until I've set up doas. So I'll need a reasonably long passphrase that's memorable to me but obscure to anybody who's likely to get their hands on this machine. It shouldn't be the same as the root password on my other machines, either. Bear in mind that your threat model may be different from mine, and I'm not an information security expert, so you'll need to figure out which precautions best suit your own situation.

Starting sshd(8) by default

It's generally safer not to run sshd and allow remote logins, especially on laptops, but I use ssh and unison to sync my home directory between machines. I don't allow root to login via ssh and I don't connect my laptop to public wifi networks, so I should be reasonably safe.

Using xenodm(1) to start the X Window System

OpenBSD's version of the venerable xdm display manager is disabled by default, but since I usually use X11 for a graphical desktop I turn it on. There was a bit of time when you had no choice since startx had been disabled for security reasons, but that changed somewhat for the 6.6 release.

User Setup

Now it's time to set up a user. I could do this later with useradd(8), but I might as well do it now.

Allowing root ssh login

The OpenBSD installer will disable root ssh login by default unless you insist, and also provides a "prohibit password" option so that you can use public keys instead. It also provides the following warning: root is targeted by password guessing atacks, pubkeys are safer.

Safest of all is not allowing root logins, which is probably why that's the default option.

Timezone Setup

Now the installer wants to know what timezone I'm in. In my case the default is correct, but the installer provides a list if you want something different.

Disk Partitioning

Now we've come to the complicated part of the installation: disk partitioning. The complicated part is that while OpenBSD provides reasonable defaults, these defaults aren't necessarily appropriate for a desktop/workstation. They're too conservative for my use case, so I'll need to adjust the sizes of the disklabels on my OpenBSD partition (which will take up the whole drive) manually. This will require use of the disklabel(8) utility.

Disk and Partition Setup

The first thing I've got to do is decide decide which disk I want to use. I only have one hard drive, identified as sd0, so the choice is obvious. Next, I must decide whether I want to use the whole disk with a master boot record, the whole disk with GPT, or do custom partitioning for a multi-boot setup. I'm going to go with the first choice because I don't get paid enough to deal with Windows on personal gear, let alone deal with dual-booting between Windows and OpenBSD.

Automatic Disklabel Layout

Since chose to use the whole disk (MBR), the OpenBSD installer has created a single partition for itself that takes up the entire disk, and split that partition into 10 "disklabels" with various mount points listed below.

auto-allocated layout
# size mount point
a 1.0G / (root)
b 3.2G swap
c 931.0G unused
d 4.0G /tmp
e 10.0G /var
f 3.0G /usr
g 1.0G /usr/X11R6
h 20.0G /usr/local
i 2.0G /usr/src
j 6.0G /usr/obj
k 300.0G /home

There are a few items of interest to note in this layout. First is the swap partition. 3.2G seems like a lot, but it seems to be what OpenBSD considers the bare minimum: size of RAM plus a little extra in case there's a kernel panic and the current system state needs to be preserved for debugging. Second is the "c" disklabel, which isn't really a disklabel at all. It represents the entire partition, which is completely unused since I haven't written the disklabels yet. Third is the "h" disklabel. 20.0G isn't much for /usr/local; you can fill that up fast if you need to install a lot of packages. You might also want more in /usr/src if you want to build ports yourself or build the OS. Finally, there's disklabel "k", which gets mounted on /home. 300.0G is probably fine for a server, but my music collection alone is about 100.0G.

I could always drop into single user mode later and use disklabel(8) and growfs(8) to resize my filesystems, but I'd rather get that sorted out up front. Fortunately, the installer gives me the option of using the auto layout (default), editing the auto layout, or creating a custom layout. Time to edit.

Editing the Automatic Disklabel Layout

Choosing to edit the auto layout drops me into the layout editor. It's a command-line application, but you can press ? or h at any prompt for help. However, since I have the manual page open I can edit my disklabel layout without having to refer to the built-in help. Here's the result.

custom layout
# size mount point
a 1.0G / (root)
b 6.4G swap
c 931.0G unused
d 8.0G /tmp
e 20.0G /var
f 6.0G /usr
g 2.0G /usr/X11R6
h 60.0G /usr/local
i 4.0G /usr/src
j 9.0G /usr/obj
k 815.0G /home

My custom disklabel scheme leaves me with about 0.1G free. That's good enough for me, so it's time to write the disklabels and move on. I'll just have to wait a bit for the installer to create the partition and allocate disklabels.

Installing the Base System

Now that the partitions and disklabels have been set up, it's time to actually install the system. The installer will want to know where it should look for software sets. In my case, it defaults to cd0, the optical drive. However, I want to run OpenBSD -current on this machine, so I'm going to select http instead to install from the internet.

Once I've selected an internet install, I get prompted to set up a proxy. However, I don't have one so I leave the defaults alone. Next, I must select a HTTP Server. I hit ? for a list and select the closest one to where I live. Next, I've got to specify the server directory. The default is /pub/OpenBSD/6.6/amd64, but I don't want the current release. I want -current, and that lives at /pub/OpenBSD/snapshots/amd64. Once I change the path, the installer hits the network, fetches the sets, and install them. It took me longer to set up the partition and disklabels.

Installation Complete

With the sets installed, the basic installation is complete. If everything went well, you can reboot and you'll have a new system ready to use and customize.

After Your First Boot

Once you've rebooted your new system will reach out to the network and attempt to download firmware for hardware that the kernel can't support without proprietary blobs. This is automatic, and you won't have to do anything.

Unfortunately, my T60's wifi doesn't seem to work with OpenBSD no matter what I do. It's an Atheros AR5418 chipset, which apparently used to work. Fortunately, I've got powerline ethernet at home, and can sync my Thinkpad with my desktop over the wire as needed. The lack of wifi makes my Thinkpad an easily air-gapped laptop, and thus suitable for distraction-free writing.