Create a gist now

Instantly share code, notes, and snippets.

@jcs /gist:5573685
Last active Jun 29, 2017

What would you like to do?
Mac OS X FileVault encryption and OpenBSD encrypted softraid on a Macbook Air/Pro

Update (2015-12-04): This document used to be very lengthy as there were many manual steps required to get OpenBSD and Mac OS X working together through Boot Camp Assistant (BCA), which created a hybrid MBR and enabled a legacy BIOS emulation mode which older versions of Windows (and OpenBSD) required. Newer Macbooks stopped supporting older versions of Windows through BCA and now only support Windows 10 since it uses GPT and UEFI. However, now that newer versions of OpenBSD support GPT and UEFI, Boot Camp Assistant is no longer needed at all to boot OpenBSD.

###Mac OS X FileVault encryption and OpenBSD encrypted softraid on a Macbook Air/Pro

OpenBSD works pretty well on at least the Mid-2011 Macbook Air (A1370, SandyBridge) and Mid-2013 Macbook Air (Haswell). The new KMS code in 5.4 brings up the MBA's eDP display in 1366x768 with backlight control. ACPI works as expected for battery/AC status, CPU throttling, and full suspend/resume support. The Broadcom wireless card does not work, so I am using this tiny USB adapter (urtwn) which is rather unobtrusive when plugged in.

The Broadcom multi-touch trackpad is supported as of 5.5 with the ubcmtp driver, allowing for two-finger scrolling and 2- and 3-button emulation by clicking with multiple fingers.

5.8-current brought new or improved support for GPT, UEFI, USB 3, and Thunderbolt (at least Apple's gigabit ethernet adapter, supported by bge). GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs (though rEFInd is suggested for a graphical boot menu to choose between the OSes). Here's how to get both OSes working, each with its own disk encryption.

####Mac OS X Configuration

  1. Encrypt your drive by enabling FileVault. This will convert it into a Core Storage volume.

  2. Open Disk Utility, click on your hard disk (the drive, not the Mac OS X partition) and click Partition. Click "+" and add an HFS+ partition (choosing MSDOS for the type will create a Hybrid MBR which will cause problems later) of your chosen size that will be used for OpenBSD. Disk Utility will do a live resize and hopefully create your new partition. Pro tip: open a terminal before doing the resize, and tail -f /var/log/system.log to see the output of hfs_truncatefs doing its thing. This can take a half hour or more.

####OpenBSD Installation

  1. Download the latest OpenBSD amd64 installXX.fs and dd it to a USB disk. Pro tip: if you're using a USB wireless device that requires firmware (like urtwn), download it manually from firmware.openbsd.org and put it on removable media (or possibly even your existing EFI MSDOS partition). Otherwise you won't have a network device available with which to download firmware for your network device.

  2. Reboot your Mac and hold down the Alt key immediately after the startup chime. Select the orange 'EFI Boot' disk.

  3. When OpenBSD boots, choose (S)hell, run fdisk -e sd0 and there should be a new HFS+ partition already sliced out from Disk Utility. Change its type to A6 and quit. disklabel -E sd0, create a new slice taking the defaults for the new OpenBSD partition, and use RAID as the type. Write/quit.

  4. bioctl -cC -l /dev/sd0a softraid0 to create a new softraid encrypted disk from the just-added RAID partition, and enter a passphrase. A new sd device should show up.

  5. install to get back to the installer, use sd2 or whatever was just created as the root disk, proceed as normal. When prompted, choose to use the "(W)hole disk MBR" for sd2, as the current bootloader only supports MBR partitions on softraid devices.

  6. Before rebooting, mount the UEFI ESP partition of your hard drive and move the bootloaders OpenBSD just installed from /EFI/boot (the default EFI location) to an /EFI/openbsd directory, since we will be dual-booting and rEFInd needs to see them in an openbsd directory instead. mkdir /efi; mount -t msdos /dev/sd0i /efi; mkdir /efi/EFI/openbsd; mv /efi/EFI/boot/boot* /efi/EFI/openbsd/

  7. reboot. Your Mac should boot back into OS X.

####Dual booting

  1. In OS X, install rEFInd per the instructions there. Reboot and you should now see a graphical boot menu with the OpenBSD blowfish. Selecting OpenBSD should boot to the usual bootloader, prompting you for your softraid passphrase.

####TODO

  • Figure out how to disable startup chime from OpenBSD (StartupSound doesn't seem to work on Mountain Lion anymore, what is it doing anyway? Writing something to NVRAM?)

dcoppa commented May 16, 2013

See:

http://osxdaily.com/2012/11/04/disable-mac-boot-chime/

for some tips that seem to work on Mountain Lion.

ciao,
David

@ghost

ghost commented Aug 7, 2013

How did you create the OpenBSD USB ISO-stick ?

Owner

jcs commented Aug 15, 2013

@oleguldberg It's an isostick so when you plug it in it shows up as a USB drive (with a FAT filesystem) and a CDROM. I just copied the OpenBSD install54.iso file to the FAT drive, put its name in config.txt, unplugged the ISO stick and plugged it back in, and the CDROM then shows the OpenBSD image as if it were an actual CDROM drive with that disc in it. They're very handy because you can put a ton of different ISO images on it at once, and just switch between them on the fly. You can also store drivers and other files on the FAT partition to use between OSes.

alexjj commented Nov 26, 2013

If you boot into OS X and mute the volume this will stop the chime.

sudo bless --device /dev/disk1 --setBoot --nextonly --legacy

I tried that on late 2013 MBP to boot from a usb stick with openbsd installed. Keyboard works in boot> prompt, but doesn't work later, and it can't find root because of XHCI. Damn.
https://twitter.com/plhk_/status/437359568415236096/photo/1

Awesome tuto, thanks ! How did you configure the 2-3 button emulation on the touchpad ?

Owner

jcs commented Jan 20, 2015

synclient can be used once in X to manage everything related to trackpad buttons and emulation.

jturner commented Apr 9, 2015

I was able to get the trackpad to work without issue and I'm able to boot OpenBSD without rEFInd. My only remaining issue is I'm not able to get past cpu1 detection without booting with --nextonly every time. Which isn't the end of the world.

anyone boot OpenBSD on a macbookpro12,1?

brycv commented Dec 6, 2015

With 5.8-current as of basically December 1, the MacBookPro12,1 works reasonably well. Mark Kettenis has one and has been fixing a bunch of things so it runs reasonably well. Broadwell graphics still has some bugs. You can boot a USB install disk that's been created with UEFI boot support and then install the same way. See Jasper's post for details on how to do the UEFI install. The installer has also gained lots of UEFI support but I haven't tested that yet.

Thanks for the updating the document to -current @jcs!
Repartitioning the SSD never works for me in OSX, it does work in recovery mode.

I'm having trouble with the last step:

mkdir /efi;
mount -t msdos /dev/sd0i /efi;
mount_msdos: /dev/sd0i on /efi: Device not configured

-> disklabel -h only shows the RAID partition.

I rebooted anyhow and refind was still showing the original MSDOS partition I created in recovery mode.
I just pick that option and openbsd boots fine, but no video (not even VESA, I used to get VESA in 5.6 and 5.7).

It seems like OpenBSD didn't write anything to the ESP partition.. (Because of the disk encryption maybe?)

Xorg.log : https://gist.github.com/aa816aa9745fad2ee72d
dmesg: https://gist.github.com/ccd823c4db36cf949816

alexjj commented Dec 12, 2015

Last time I dual booted a Mac (it was linux) I muted the volume in OS X and that stopped the start up chime. Doesn't address your TODO specifically though.

Hey @Vanhecke, I had the same problem. Cannot mount sd0i from within OpenBSD.
The solution is to mount the EFI partition to /Volumes/EFI in OS X and place appropriate BOOTX64.EFI to /Volumes/EFI/EFI/BOOT/
No need to install refind, just hold option on boot and choose non osx partition.

Owner

jcs commented Mar 15, 2016

@gyakovlev @Vanhecke The problem you probably ran into is that Apple's Disk Utility chooses to create a hybrid MBR when adding an MSDOS partition, rather than just creating an MBR with one big EE/protective partition. This causes OpenBSD's fdisk and kernel to see the disk as MBR and ignore the GPT, and since the hybrid MBR doesn't have an EFI system partition sliced out (this is different than the EE/protective partition), OpenBSD doesn't recognize a FAT partition anywhere.

The workaround for this (from krw@) is to choose HFS+ when slicing off a partition for OpenBSD, which should cause Disk Utility to not use a hybrid MBR but instead just create one big EE/protective partition in the MBR, which will allow the OpenBSD kernel and fdisk to see the disk as GPT, which will cause the FAT partition to show up (sd0i or similar) and allow the installer to mount the EFI partition. I've updated the notes here to recommend choosing HFS+ for the new partition type in Disk Utility.

@jcs you are right. I've screwed my installation doing some wicked triple-boot encryption.

Had to do a clean OSX install and chose HFS+ partition while claiming space for other OSes.

There is no Hybrid MBR, only protective EE.

sudo fdisk /dev/disk0                                                                                            1 ↵  1084  15:28:49
Password:
Disk: /dev/disk0    geometry: 60821/255/63 [977105060 sectors]
Signature: 0xAA55
         Starting       Ending
 #: id  cyl  hd sec -  cyl  hd sec [     start -       size]
------------------------------------------------------------------------
 1: EE    0   0   1 - 1023 254  63 [         1 -  977105059] <Unknown ID>
 2: 00    0   0   0 -    0   0   0 [         0 -          0] unused
 3: 00    0   0   0 -    0   0   0 [         0 -          0] unused
 4: 00    0   0   0 -    0   0   0 [         0 -          0] unused

Will try the OpenBSD installation soon and report if 5.9 or current installer worked for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment