Skip to content

Instantly share code, notes, and snippets.

Last active March 31, 2022 18:18
What would you like to do?
macOS FileVault encryption and OpenBSD encrypted softraid on a Macbook Air/Pro

Update (2019-05-06): The Broadcom wireless card in the MacBook Pro works and can be crammed into the Air.

Update (2015-12-04): This document used to be very lengthy as there were many manual steps required to get OpenBSD and Mac OS X working together through Boot Camp Assistant (BCA), which created a hybrid MBR and enabled a legacy BIOS emulation mode which older versions of Windows (and OpenBSD) required. Newer Macbooks stopped supporting older versions of Windows through BCA and now only support Windows 10 since it uses GPT and UEFI. However, now that newer versions of OpenBSD support GPT and UEFI, Boot Camp Assistant is no longer needed at all to boot OpenBSD.

macOS FileVault encryption and OpenBSD encrypted softraid on a Macbook Air/Pro

OpenBSD works pretty well on at least the Mid-2011 Macbook Air (A1370, SandyBridge) and Mid-2013 Macbook Air (Haswell). The new KMS code in 5.4 brings up the MBA's eDP display in 1366x768 with backlight control. ACPI works as expected for battery/AC status, CPU throttling, and full suspend/resume support. The Broadcom wireless card in the Pro works with the bwfm driver and can be installed into the Air, or one can use this tiny USB adapter (urtwn) which is rather unobtrusive when plugged in.

The Broadcom multi-touch trackpad is supported as of 5.5 with the ubcmtp driver, allowing for two-finger scrolling and 2- and 3-button emulation by clicking with multiple fingers.

5.8-current brought new or improved support for GPT, UEFI, USB 3, and Thunderbolt (at least Apple's gigabit ethernet adapter, supported by bge). GPT and UEFI support allow OpenBSD to co-exist with Mac OS X without the need for Boot Camp Assistant or Hybrid MBRs (though rEFInd is suggested for a graphical boot menu to choose between the OSes). Here's how to get both OSes working, each with its own disk encryption.

macOS Configuration

  1. Encrypt your drive by enabling FileVault. This will convert it into a Core Storage volume.

  2. Open Disk Utility, click on your hard disk (the drive, not the Mac OS X partition) and click Partition. Click "+" and add an HFS+ partition (choosing MSDOS for the type will create a Hybrid MBR which will cause problems later) of your chosen size that will be used for OpenBSD. Disk Utility will do a live resize and hopefully create your new partition. Pro tip: open a terminal before doing the resize, and tail -f /var/log/system.log to see the output of hfs_truncatefs doing its thing. This can take a half hour or more.

OpenBSD Installation

  1. Download the latest OpenBSD amd64 installXX.fs and dd it to a USB disk. Pro tip: if you're using a USB wireless device that requires firmware (like urtwn), download it manually from and put it on removable media (or possibly even your existing EFI MSDOS partition). Otherwise you won't have a network device available with which to download firmware for your network device.

  2. Reboot your Mac and hold down the Alt key immediately after the startup chime. Select the orange 'EFI Boot' disk.

  3. When OpenBSD boots, choose (S)hell, run fdisk -e sd0 and there should be a new HFS+ partition already sliced out from Disk Utility. Change its type to A6 and quit. disklabel -E sd0, create a new slice taking the defaults for the new OpenBSD partition, and use RAID as the type. Write/quit.

  4. bioctl -cC -l /dev/sd0a softraid0 to create a new softraid encrypted disk from the just-added RAID partition, and enter a passphrase. A new sd device should show up.

  5. install to get back to the installer, use sd2 or whatever was just created as the root disk, proceed as normal. When prompted, choose to use the "(W)hole disk MBR" for sd2, as the current bootloader only supports MBR partitions on softraid devices.

  6. Before rebooting, mount the UEFI ESP partition of your hard drive and move the bootloaders OpenBSD just installed from /EFI/boot (the default EFI location) to an /EFI/openbsd directory, since we will be dual-booting and rEFInd needs to see them in an openbsd directory instead. mkdir /efi; mount -t msdos /dev/sd0i /efi; mkdir /efi/EFI/openbsd; mv /efi/EFI/boot/boot* /efi/EFI/openbsd/

  7. reboot. Your Mac should boot back into OS X.

Dual booting

  1. In macOS, install rEFInd per the instructions there. Reboot and you should now see a graphical boot menu with the OpenBSD blowfish. Selecting OpenBSD should boot to the usual bootloader, prompting you for your softraid passphrase.


  • Figure out how to disable startup chime from OpenBSD (StartupSound doesn't seem to work on Mountain Lion anymore, what is it doing anyway? Writing something to NVRAM?)
Copy link

@jcs you are right. I've screwed my installation doing some wicked triple-boot encryption.

Had to do a clean OSX install and chose HFS+ partition while claiming space for other OSes.

There is no Hybrid MBR, only protective EE.

sudo fdisk /dev/disk0                                                                                            1 ↵  1084  15:28:49
Disk: /dev/disk0    geometry: 60821/255/63 [977105060 sectors]
Signature: 0xAA55
         Starting       Ending
 #: id  cyl  hd sec -  cyl  hd sec [     start -       size]
 1: EE    0   0   1 - 1023 254  63 [         1 -  977105059] <Unknown ID>
 2: 00    0   0   0 -    0   0   0 [         0 -          0] unused
 3: 00    0   0   0 -    0   0   0 [         0 -          0] unused
 4: 00    0   0   0 -    0   0   0 [         0 -          0] unused

Will try the OpenBSD installation soon and report if 5.9 or current installer worked for me.

Copy link

Who else is here in 2019 and used this to successfully install OpenBSD 6.5 next to MacOS Mojave on his late 2013 Macbook?

Just to let anyone know that these excellent instructions are very valid for the above combo. Nice. And thanks a lot

Copy link

A few notes for those seeing this in early 2020:

  • I got this to work using macOS Catalina and OpenBSD -current as of 2020-02-25. Things function properly as far as I can tell.
  • The Broadcom wireless card from the MacBook Pro (BCM943602CS) mentioned didn't work in at least the 2012 version of the 11" MacBook Air I have. The card is too long and the antenna cables don't reach. I suspect it only works in the 13" models, but I'd be happy to be proven wrong.
  • I didn't need to mount the UEFI ESP partition to move the bootloaders (step 6 at the time of writing) or install rEFInd. Simply holding down alt/option after hearing the boot chime will show an EFI Boot drive that corresponds to OpenBSD. rEFInd allows for far more customization, but I didn't need that for my purposes. gyakovlev's comment tipped me off to this.
  • It appears that synclient(1) may no longer be useful for configuring the trackpad based on what I've seen elsewhere on the internet and what it returns on my laptop. It appears wsconsctl(8) is meant to be used now, but I've really only ever used OpenBSD in a server environment and could be wrong. I got natural scrolling and two/three-button emulation through tapping by setting mouse.reverse_scrolling=1 and in /etc/wsconsctl.conf(5). Is there a way to get this working with a trackpad click rather than a tap to mimic macOS behavior?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment