Getting started with OpenBSD is a rewarding experience for anyone serious about security, stability, and clean code. This guide walks through the practical steps of an OpenBSD install, from initial preparation to a fully configured system ready for daily use.
Preparing for the OpenBSD Install
Before you begin the OpenBSD install, it is essential to verify hardware compatibility and download the correct installation media. The project maintains a strict hardware support list, so confirming your network adapter and disk controller are supported prevents frustration later. You will need to fetch the installXX.tgz file for your architecture, typically amd64 or i386, along with the SHA256.sig file to verify integrity.
Creating Bootable Media
To proceed with the OpenBSD install, you must write the installation image to a USB stick or burn it to a DVD. On Linux, the dd command is reliable, but you must specify the correct disk device to avoid data loss. On macOS, the diskutil utility performs the same operation by unmounting the drive before writing the image sector by sector.
Verifying Download Integrity
Security is non-negotiable in the OpenBSD ecosystem, which is why verifying the signature of your download is a mandatory step in the OpenBSD install process. You need the OpenBSD release signing key and the GPG tool to confirm that the installXX.tgz file has not been tampered with. Skipping this check undermines the entire security philosophy of the project.
Booting the Installer
With the media prepared, you restart your machine and enter the BIOS or firmware boot menu to select the USB or DVD drive. The OpenBSD bootloader appears, presenting options such as "Install" or "Shell." Choosing "Install" starts the guided text-mode wizard that handles disk layout, user creation, and package selection.
Disk Configuration and Encryption
The installer prompts you to initialize your disks, and this is where the OpenBSD install.shines with its softraid bio(4) framework. You can create an encrypted root partition using bioctl, which sets up RAID and encryption in a single coherent step. This approach ensures that your data at rest is protected without relying on external tools.
Post-Install Configuration
After the OpenBSD install completes, the system reboots into a minimal environment where you finalize the configuration. You edit the rc.conf.local file to configure networking and enable services like sshd, ensuring the firewall rules are defined in /etc/pf.conf to leverage the stateful packet filtering built into the kernel.
Package Management and Updates
To complete your OpenBSD setup, you configure the package repository to fetch the latest ports and packages. Using pkg_add, you can install productivity tools while relying on the system's robust package management to handle dependencies. Regularly running syspatch and pkg_add -u ensures that your install remains secure and up to date with official errata.