hoschi@gfuzz:~$

OpenBSD 7.5 (amd64) via qemu on Hetzner physical machine (no phys. access / KVM console)

"Life is really simple, but we insist on making it complicated." -- Confucius via ChatGPT

Exercise

Setup OpenBSD 7.5 on a physical machine with Hetzner (~35 EUR per month) with RAID1 on 2 SSD drives and encrypted partition. We neither have access to OpenBSD installation images directly nor can we use an OpenBSD rescue system.

Hetzner actually offers access to web based KVM interface to your server, however this has to be requested and plugged in manually by an onsite staff member. Normally they are quite fast providing it - even on a 24/7 base - but access is limited to 3h max and it takes some time to retrieve access to it.

I would like to have a way which is 100% under my control at any time, not only during installation but also having an OpenBSD rescue mode.

This is inspired by From Linux to NetBSD, with SSH only

TL;DR :smile:

From Hetzner’s rescue image:

root@rescue ~ # wget -q https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/install75.iso
root@rescue ~ # qemu-system-x86_64 \
  -enable-kvm         # Enable KVM virtualization
  -cpu host           # Use host CPU features to trigger possible firmware upgrades during installation
  -nographic          # Disable graphical output
  -boot d             # Boot from CD-ROM
  -cdrom install75.iso # Specify installation ISO image
  -drive file=/dev/sda,format=raw,id=sata0,if=virtio  # First phys. hard drive
  -drive file=/dev/sdb,format=raw,id=sata1,if=virtio  # Second phys. hard drive
  -m 2048             # Allocate 2048 MB of memory, affects dynamic swap calculation
  -smp 4              # Configure 4 virtual CPUs

Emulated OpenBSD installation image booting from phys. disks:

SeaBIOS (version 1.16.2-debian-1.16.2-1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+7EFCEFC0+7EF0EFC0 CA00

Booting from DVD/CD...
CD-ROM: E0
Loading /7.5/AMD64/CDBOOT
probing: pc0 com0 mem[639K 2046M a20=on]
disk: fd0 hd0+* hd1+* cd0
>> OpenBSD/amd64 CDBOOT 3.65
boot> set tty com0
switching console to com>> OpenBSD/amd64 CDBOOT 3.65

Hardware specs

Some hardware specs upfront, collecting these before starting with the installation might save you from some trouble later.

lsblk

root@rescue ~ # lsblk
NAMEMAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:00 3.1G1 loop 
sda 8:00 465.8G0 disk 
sdb 8:16 0 465.8G0 disk 

Hetzner motd

Hardware data:

 CPU1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Cores 8)
 Memory:31891 MB
 Disk /dev/sda: 500 GB (=> 465 GiB) doesn't contain a valid partition table
 Disk /dev/sdb: 500 GB (=> 465 GiB) doesn't contain a valid partition table
 Total capacity 931 GiB with 2 Disks

Network data:
 eth0LINK: yes
 MAC:90:1b:0e:8a:54:91
 IP: 136.243.110.155
 IPv6: 2a01:4f8:171:1129::2/64
 Intel(R) PRO/1000 Network Driver

ip a

root@rescue ~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 90:1b:0e:8a:54:91 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 136.243.110.155/26 scope global eth0
 valid_lft forever preferred_lft forever
inet6 2a01:4f8:171:1129::2/64 scope global 
 valid_lft forever preferred_lft forever
inet6 fe80::921b:eff:fe8a:5491/64 scope link 
 valid_lft forever preferred_lft forever

lspci

root@rescue ~ # lspci
00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers (rev 07)
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 530 (rev 06)
00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31)
00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31)
00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31)
00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31)
00:1f.0 ISA bridge: Intel Corporation B150 Chipset LPC/eSPI Controller (rev 31)
00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31)
00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-LM (rev 31)

netstat -rn

root@rescue ~ # netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Windowirtt Iface
0.0.0.0 136.243.110.129 0.0.0.0 UG0 00 eth0
136.243.110.128 136.243.110.129 255.255.255.192 UG0 00 eth0
136.243.110.129 0.0.0.0 255.255.255.255 UH0 00 eth0

Activate rescue system and boot into it

Login to https://robot.hetzner.com/server and activate linux rescue system (btw. unfortunately they seem to have discontinued FreeBSD rescue system)

ssh into rescue system (using ssh pub key authentication)

$ ssh root@srv07.gfuzz.de
Warning: Permanently added 'srv07.gfuzz.de' (ED25519) to the list of known hosts.
Linux rescue 6.9.7 #1 SMP Thu Jun 27 15:07:37 UTC 2024 x86_64

-------------------------------------------------------------------------------------------------------------------------

  Welcome to the Hetzner Rescue System.

  This Rescue System is based on Debian GNU/Linux 12 (bookworm) with a custom kernel.
  You can install software like you would in a normal system.

  To install a new operating system from one of our prebuilt images, run 'installimage' and follow the instructions.

  Important note: Any data that was not written to the disks will be lost during a reboot.

  For additional information, check the following resources:
    Rescue System:           https://docs.hetzner.com/robot/dedicated-server/troubleshooting/hetzner-rescue-system
    Installimage:            https://docs.hetzner.com/robot/dedicated-server/operating-systems/installimage
    Install custom software: https://docs.hetzner.com/robot/dedicated-server/operating-systems/installing-custom-images
    other articles:          https://docs.hetzner.com/robot

-------------------------------------------------------------------------------------------------------------------------

Rescue System (via Legacy/CSM) up since 2024-08-11 19:30 +02:00

Hardware data:

   CPU1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Cores 8)
   Memory:  31891 MB
   Disk /dev/sda: 500 GB (=> 465 GiB)
   Disk /dev/sdb: 500 GB (=> 465 GiB)
   Total capacity 931 GiB with 2 Disks

Network data:
   eth0  LINK: yes
         MAC:  90:1b:0e:8a:54:91
         IP:   136.243.110.155
         IPv6: 2a01:4f8:171:1129::2/64
         Intel(R) PRO/1000 Network Driver

root@rescue ~ #

Wipe out any content on SSDs

There is a chance that existing data (i.e. previous openbsd/softraid0 installations…) might interfere, so better be safe than sorry.

sda

root@rescue ~ # dd if=/dev/urandom of=/dev/sda bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.014283 s, 73.4 MB/s

sdb

root@rescue ~ # dd if=/dev/urandom of=/dev/sdb bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.010774 s, 97.3 MB/s

Fetch install75.iso

root@rescue ~ # wget https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/install75.iso

Use qemu with iso and phys. disks via serial console

root@rescue ~ # qemu-system-x86_64 \
  -enable-kvm         # Enable KVM virtualization
  -cpu host           # Use host CPU features (to trigger possible firmware upgrades during installation)
  -nographic          # Disable graphical output
  -boot d             # Boot from CD-ROM
  -cdrom install75.iso # Specify installation ISO image
  -drive file=/dev/sda,format=raw,id=sata0,if=virtio  # First phys. hard drive
  -drive file=/dev/sdb,format=raw,id=sata1,if=virtio  # Second phys. hard drive
  -m 2048             # Allocate 2048 MB of memory (affects dynamic swap calculation)
  -smp 4              # Configure 4 virtual CPUs

Keep in mind that me

Switch output to serial console

SeaBIOS (version 1.16.2-debian-1.16.2-1)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+7EFCEFC0+7EF0EFC0 CA00

Booting from DVD/CD...
CD-ROM: E0
Loading /7.5/AMD64/CDBOOT
probing: pc0 com0 mem[639K 2046M a20=on]
disk: fd0 hd0+* hd1+* cd0
>> OpenBSD/amd64 CDBOOT 3.65
boot> set tty com0
switching console to com>> OpenBSD/amd64 CDBOOT 3.65
boot>
0

dmesg

cannot open cd0a:/etc/random.seed: No such file or directory
booting cd0a:/7.5/amd64/bsd.rd: 4076463+1688576+3891240+0+708608 [109+464016+317541]=0xaa40e8
entry point at 0xffffffff81001000
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2024 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 7.5 (RAMDISK_CD) #76: Wed Mar 20 15:53:54 MDT 2024
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 2130550784 (2031MB)
avail mem = 2061877248 (1966MB)
random: good seed from bootblocks
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5a00 (9 entries)
bios0: vendor SeaBIOS version "1.16.2-debian-1.16.2-1" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: ACPI 1.0
acpi0: tables DSDT FACP APIC HPET WAET
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 329.58 MHz, 06-5e-03
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,IN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 16-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: apic clock running at 999MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpihpet0 at acpi0: 100000000 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
com0: console
acpicmos0 at acpi0
"ACPI0010" at acpi0 not configured
acpicpu at acpi0 not configured
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
vga1: aperture needed
wsdisplay at vga1 not configured
em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x03: apic 0 int 11, address 52:54:00:12:34:56
virtio0 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio0
scsibus1 at vioblk0: 1 targets
sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, >
sd0: 476940MB, 512 bytes/sector, 976773168 sectors
virtio0: msix per-VQ
virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk1 at virtio1
scsibus2 at vioblk1: 1 targets
sd1 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, >
sd1: 476940MB, 512 bytes/sector, 976773168 sectors
virtio1: msix per-VQ
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
softraid0 at root
scsibus3 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
WARNING: CHECK AND RESET THE DATE!

Welcome to the OpenBSD/amd64 7.5 installation program.

Mainly taken from OpenBSD FAQ - Disk Setup

Exit to shell:

Welcome to the OpenBSD/amd64 7.5 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s

Create device special files (see MAKEDEV(8))

# cd /dev
# sh MAKEDEV sd0 sd1 sd2

Write MBR to both disks

# fdisk -iy sd0
Writing MBR at offset 0.
# fdisk -iy sd1
Writing MBR at offset 0.

Create disklabel on first disk an clone into second disk

# disklabel -E sd0
Label editor (enter '?' for help at any prompt)
sd0> a a
offset: [64]
size: [976773104]
FS type: [4.2BSD] RAID
sd0*> w
sd0> q
No label changes.
# disklabel sd0 > layout
# disklabel -R sd1 layout
# rm layout

Setup RAID1

# bioctl -c 1 -l sd0a,sd1a softraid0
sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 1, 006>
sd2: 476939MB, 512 bytes/sector, 976772576 sectors
softraid0: RAID 1 volume attached as sd2
# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
1+0 records in
1+0 records out
1048576 bytes transferred in 0.016 secs (63963458 bytes/sec)

Check RAID1 status:

# bioctl sd2
Volume      Status               Size Device
softraid0 0 Online       500107558912 sd2     RAID1
          0 Online       500107558912 0:0.0   noencl <sd0a>
          1 Online       500107558912 0:1.0   noencl <sd1a>

Exit into installer :-)

# exit

Actual installer (configure terminal, hostname, v4/v6 network, passwords)

  • qemu emulates Intel EM1000 (em0) which is 1:1 the same for our phys. host
Welcome to the OpenBSD/amd64 7.5 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? i
At any prompt except password prompts you can escape to a shell by
typing '!'. Default answers are shown in []'s and are selected by
pressing RETURN.  You can exit this program at any time by pressing
Control-C, but this can leave your system in an inconsistent state.

Terminal type? [vt220]
System hostname? (short form, e.g. 'foo') srv07

Available network interfaces are: em0 vlan0.
Network interface to configure? (name, lladdr, '?', or 'done') [em0]
IPv4 address for em0? (or 'autoconf' or 'none') [autoconf] autoconf
IPv6 address for em0? (or 'autoconf' or 'none') [none] autoconf
Available network interfaces are: em0 vlan0.
Network interface to configure? (name, lladdr, '?', or 'done') [done]
Using DNS domainname my.domain
Using DNS nameservers at 10.0.2.3

Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes]
Do you expect to run the X Window System? [yes] no
Change the default console to com0? [yes] no
Setup a user? (enter a lower-case loginname, or 'no') [no] hoschi
Full name for user hoschi? [hoschi] Oliver Peter
Password for user hoschi? (will not echo)
Password for user hoschi? (again)
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] prohibit-password
What timezone are you in? ('?' for list) [Europe/Berlin]

Make sure to select sd2 (our RAID1 interface)!

Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] sd2
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
Setting OpenBSD MBR partition to whole sd2...done.
The auto-allocated layout for sd2 is:
#                size           offset  fstype [fsize bsize   cpg]
  a:             1.0G               64  4.2BSD   2048 16384     1 # /
  b:             2.2G          2097216    swap
  c:           465.8G                0  unused
  d:             4.0G          6782752  4.2BSD   2048 16384     1 # /tmp
  e:             8.0G         15171328  4.2BSD   2048 16384     1 # /var
  f:            30.0G         31882400  4.2BSD   2048 16384     1 # /usr
  g:             1.0G         94796960  4.2BSD   2048 16384     1 # /usr/X11R6
  h:            20.0G         96894112  4.2BSD   2048 16384     1 # /usr/local
  i:             3.0G        138837152  4.2BSD   2048 16384     1 # /usr/src
  j:             6.0G        145128608  4.2BSD   2048 16384     1 # /usr/obj
  k:           300.0G        157711552  4.2BSD   4096 32768     1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
/dev/rsd2a: 1024.0MB in 2097152 sectors of 512 bytes
6 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2k: 307200.0MB in 629145536 sectors of 512 bytes
378 cylinder groups of 814.44MB, 26062 blocks, 52224 inodes each
/dev/rsd2d: 4096.0MB in 8388576 sectors of 512 bytes
21 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2f: 30720.0MB in 62914560 sectors of 512 bytes
152 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2g: 1024.0MB in 2097152 sectors of 512 bytes
6 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2h: 20480.0MB in 41943040 sectors of 512 bytes
102 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2j: 6144.0MB in 12582912 sectors of 512 bytes
31 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2i: 3072.0MB in 6291456 sectors of 512 bytes
16 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2e: 8159.7MB in 16711072 sectors of 512 bytes
41 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/sd2a (6f75b1b9913f80c0.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd2k (6f75b1b9913f80c0.k) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2d (6f75b1b9913f80c0.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2f (6f75b1b9913f80c0.f) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
/dev/sd2g (6f75b1b9913f80c0.g) on /mnt/usr/X11R6 type ffs (rw, asynchronous, local, nodev)
/dev/sd2h (6f75b1b9913f80c0.h) on /mnt/usr/local type ffs (rw, asynchronous, local, nodev)
/dev/sd2j (6f75b1b9913f80c0.j) on /mnt/usr/obj type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2i (6f75b1b9913f80c0.i) on /mnt/usr/src type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2e (6f75b1b9913f80c0.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)

Let's install the sets!
Location of sets? (cd0 disk http nfs or 'done') [cd0]
Pathname to the sets? (or 'done') [7.5/amd64]

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
    [X] bsd           [X] base75.tgz    [X] game75.tgz    [X] xfont75.tgz
    [X] bsd.mp        [X] comp75.tgz    [X] xbase75.tgz   [X] xserv75.tgz
    [X] bsd.rd        [X] man75.tgz     [X] xshare75.tgz
Set name(s)? (or 'abort' or 'done') [done]
Directory does not contain SHA256.sig. Continue without verification? [no] yes
Installing bsd          100% |**************************| 25844 KB    00:03
Installing bsd.mp       100% |**************************| 25917 KB    00:03
Installing bsd.rd       100% |**************************|  4575 KB    00:00
Installing base75.tgz   100% |**************************|   408 MB    01:11
Extracting etc.tgz      100% |**************************|   267 KB    00:00
Installing comp75.tgz   100% |**************************| 80681 KB    00:16
Installing man75.tgz    100% |**************************|  7870 KB    00:01
Installing game75.tgz   100% |**************************|  2733 KB    00:00
Installing xbase75.tgz  100% |**************************| 58938 KB    00:12
Extracting xetc.tgz     100% |**************************|  7300       00:00
Installing xshare75.tgz 100% |**************************|  4578 KB    00:01
Installing xfont75.tgz  100% |**************************| 22968 KB    00:03
Installing xserv75.tgz  100% |**************************| 15472 KB    00:02
Location of sets? (cd0 disk http nfs or 'done') [done]
Saving configuration files... done.
Making all device nodes... done.
Multiprocessor machine; using bsd.mp instead of bsd.
fw_update: add intel; update none
Relinking to create unique kernel... done.

CONGRATULATIONS! Your OpenBSD install has been successfully completed!

When you login to your new system the first time, please read your mail
using the 'mail' command.

Exit to (S)hell, (H)alt or (R)eboot? [reboot] h
syncing disks... done

The operating system has halted.
Please press any key to reboot.

Exit qemu with CTRL-a x and reboot phys. machine

QEMU: Terminated
root@rescue ~ # reboot

After ~1min login via SSH should be possible

$ ssh hoschi@srv07.gfuzz.de
hoschi@srv07.gfuzz.de's password:
OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

srv07$

Become root and use syspatch to update OS

srv07$ su -
Password:
srv07# syspatch
Get/Verify syspatch75-001_xserver... 100% |*********************************************************************************************************************************************************************************************************************************************************|  4308 KB    00:00
Installing patch 001_xserver
Get/Verify syspatch75-003_libcryp... 100% |*********************************************************************************************************************************************************************************************************************************************************| 12910 KB    00:00
Installing patch 003_libcrypto
Get/Verify syspatch75-004_bgpd.tgz 100% |***********************************************************************************************************************************************************************************************************************************************************|   221 KB    00:00
Installing patch 004_bgpd
Get/Verify syspatch75-005_sndiod.tgz 100% |*********************************************************************************************************************************************************************************************************************************************************| 59601       00:00
Installing patch 005_sndiod
Errata can be reviewed under /var/syspatch
srv07#

Full dmesg after reboot/update

OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024
    deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34106925056 (32526MB)
avail mem = 33051824128 (31520MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xcbe08000 (78 entries)
bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.11 R1.29.0 for D3401-H1x" date 01/27/2020
bios0: FUJITSU D3401-H1
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT UEFI SSDT DMAR ASF!
acpi0: wakeup devices PEG0(S4) PEGP(S4) PS2K(S3) PS2M(S3) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) RP12(S4) PXSX(S4) RP13(S4) PXSX(S4) RP01(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.41 MHz, 06-5e-03, patch 000000f0
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.41 MHz, 06-5e-03, patch 000000f0
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.41 MHz, 06-5e-03, patch 000000f0
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0
cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu4: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0
cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu5: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu5: smt 1, core 1, package 0
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0
cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu6: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu6: smt 1, core 2, package 0
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3691.40 MHz, 06-5e-03, patch 000000f0
cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu7: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 4-way L2 cache, 8MB 64b/line 16-way L3 cache
cpu7: smt 1, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf8000000, bus 0-63
acpihpet0 at acpi0: 23999999 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (RP09)
acpiprt3 at acpi0: bus -1 (RP10)
acpiprt4 at acpi0: bus -1 (RP11)
acpiprt5 at acpi0: bus -1 (RP12)
acpiprt6 at acpi0: bus -1 (RP13)
acpiprt7 at acpi0: bus -1 (RP01)
acpiprt8 at acpi0: bus -1 (RP02)
acpiprt9 at acpi0: bus -1 (RP03)
acpiprt10 at acpi0: bus -1 (RP04)
acpiprt11 at acpi0: bus -1 (RP05)
acpiprt12 at acpi0: bus -1 (RP06)
acpiprt13 at acpi0: bus -1 (RP07)
acpiprt14 at acpi0: bus -1 (RP08)
acpiprt15 at acpi0: bus -1 (RP17)
acpiprt16 at acpi0: bus -1 (RP18)
acpiprt17 at acpi0: bus -1 (RP19)
acpiprt18 at acpi0: bus -1 (RP20)
acpiprt19 at acpi0: bus -1 (RP14)
acpiprt20 at acpi0: bus -1 (RP15)
acpiprt21 at acpi0: bus -1 (RP16)
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
"INT33A1" at acpi0 not configured
acpibtn0 at acpi0: PWRB
"PNP0C14" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
acpicpu0 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu4 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu5 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu6 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu7 at acpi0: C3(200@256 mwait.1@0x40), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PG00, resource for PEG0
acpipwrres1 at acpi0: WRST
acpipwrres2 at acpi0: WRST
acpipwrres3 at acpi0: WRST
acpipwrres4 at acpi0: WRST
acpipwrres5 at acpi0: WRST
acpipwrres6 at acpi0: WRST
acpipwrres7 at acpi0: WRST
acpipwrres8 at acpi0: WRST
acpipwrres9 at acpi0: WRST
acpipwrres10 at acpi0: WRST
acpipwrres11 at acpi0: WRST
acpipwrres12 at acpi0: WRST
acpipwrres13 at acpi0: WRST
acpipwrres14 at acpi0: WRST
acpipwrres15 at acpi0: WRST
acpipwrres16 at acpi0: WRST
acpipwrres17 at acpi0: WRST
acpipwrres18 at acpi0: WRST
acpipwrres19 at acpi0: WRST
acpipwrres20 at acpi0: WRST
acpipwrres21 at acpi0: FN00, resource for FAN0
acpipwrres22 at acpi0: FN01, resource for FAN1
acpipwrres23 at acpi0: FN02, resource for FAN2
acpipwrres24 at acpi0: FN03, resource for FAN3
acpipwrres25 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0### AML PARSE ERROR (0x842): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV
error evaluating: \\_TZ_.TZ00._TMP
### AML PARSE ERROR (0x842): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV
error evaluating: \\_TZ_.TZ00._TMP

acpitz1 at acpi0### AML PARSE ERROR (0x9f3): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV
error evaluating: \\_TZ_.TZ01._TMP
### AML PARSE ERROR (0x9f3): Undefined name: \\_SB_.PCI0.LPCB.H_EC.ECAV
error evaluating: \\_TZ_.TZ01._TMP

acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 3691 MHz: speeds: 3401, 3400, 3200, 3000, 2800, 2700, 2500, 2300, 2100, 1900, 1700, 1500, 1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 6G Host" rev 0x07
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 530" rev 0x06
drm0 at inteldrm0
inteldrm0: msi, SKYLAKE, gen 9
xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x31: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
pchtemp0 at pci0 dev 20 function 2 "Intel 100 Series Thermal" rev 0x31
"Intel 100 Series MEI" rev 0x31 at pci0 dev 22 function 0 not configured
ahci0 at pci0 dev 23 function 0 "Intel 100 Series AHCI" rev 0x31: msi, AHCI 1.3.1
ahci0: port 1: 6.0Gb/s
ahci0: port 2: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 1 lun 0: <ATA, Crucial_CT500MX2, MU05> naa.500a075110d8eac0
sd0: 476940MB, 512 bytes/sector, 976773168 sectors, thin
sd1 at scsibus1 targ 2 lun 0: <ATA, Crucial_CT500MX2, MU05> naa.500a075110d8e5f1
sd1: 476940MB, 512 bytes/sector, 976773168 sectors, thin
pcib0 at pci0 dev 31 function 0 "Intel B150 LPC" rev 0x31
"Intel 100 Series PMC" rev 0x31 at pci0 dev 31 function 2 not configured
ichiic0 at pci0 dev 31 function 4 "Intel 100 Series SMBus" rev 0x31: apic 2 int 16
iic0 at ichiic0
em0 at pci0 dev 31 function 6 "Intel I219-LM" rev 0x31: msi, address 90:1b:0e:8a:54:91
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: NCT6792D rev 0x11
lm1 at wbsio0 port 0xa10/8: NCT6792D
vmm0 at mainbus0: VMX/EPT
uhidev0 at uhub0 port 8 configuration 1 interface 0 "Raritan KX4-101" rev 2.00/1.00 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
uhidev1 at uhub0 port 8 configuration 1 interface 1 "Raritan KX4-101" rev 2.00/1.00 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev2 at uhub0 port 8 configuration 1 interface 2 "Raritan KX4-101" rev 2.00/1.00 addr 2
uhidev2: iclass 3/0
ums1 at uhidev2: 3 buttons, Z dir
wsmouse1 at ums1 mux 0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR RAID 1, 006>
sd2: 476939MB, 512 bytes/sector, 976772576 sectors
root on sd2a (6f75b1b9913f80c0.a) swap on sd2b dump on sd2b
inteldrm0: 1920x1080, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
sd3 at scsibus3 targ 2 lun 0: <OPENBSD, SR CRYPTO, 006>
sd3: 399931MB, 512 bytes/sector, 819060528 sectors
wskbd1: disconnecting from wsdisplay0
wskbd1 detached
ukbd0 detached
uhidev0 detached
wsmouse0 detached
ums0 detached
uhidev1 detached
wsmouse1 detached
ums1 detached
uhidev2 detached
uhub0: device problem, disabling port 8
uhidev0 at uhub0 port 8 configuration 1 interface 0 "Raritan KX4-101" rev 2.00/1.00 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 8 configuration 1 interface 1 "Raritan KX4-101" rev 2.00/1.00 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev2 at uhub0 port 8 configuration 1 interface 2 "Raritan KX4-101" rev 2.00/1.00 addr 2
uhidev2: iclass 3/0
ums1 at uhidev2: 3 buttons, Z dir
wsmouse1 at ums1 mux 0

Encrypted partition + /home

Configure root pubkey authentication, make sure no user process (something that needs /home) is currently running and login as root via ssh:

ssh root@srv07.gfuzz.de
Last login: Sun Aug 11 19:40:39 2024 from 144.76.31.135
OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

srv07#

unmount home and change /home partition type to RAID

srv07# umount /home
srv07# disklabel -E sd2
Label editor (enter '?' for help at any prompt)
sd2> p
OpenBSD area: 64-976772576; size: 976772512; free: 189915536
#                size           offset  fstype [fsize bsize   cpg]
  a:          2097152               64  4.2BSD   2048 16384 12960 # /
  b:          4685520          2097216    swap                    # none
  c:        976772576                0  unused
  d:          8388576          6782752  4.2BSD   2048 16384 12960 # /tmp
  e:         16711072         15171328  4.2BSD   2048 16384 12960 # /var
  f:         62914560         31882400  4.2BSD   2048 16384 12960 # /usr
  g:          2097152         94796960  4.2BSD   2048 16384 12960 # /usr/X11R6
  h:         41943040         96894112  4.2BSD   2048 16384 12960 # /usr/local
  i:          6291456        138837152  4.2BSD   2048 16384 12960 # /usr/src
  j:         12582912        145128608  4.2BSD   2048 16384 12960 # /usr/obj
  k:        629145536        157711552  4.2BSD   4096 32768 26062 # /home
sd2> d k
sd2*> a k
offset: [157711520]
size: [819061056]
FS type: [4.2BSD] RAID
sd2*> p
OpenBSD area: 64-976772576; size: 976772512; free: 16
#                size           offset  fstype [fsize bsize   cpg]
  a:          2097152               64  4.2BSD   2048 16384 12960 # /
  b:          4685520          2097216    swap                    # none
  c:        976772576                0  unused
  d:          8388576          6782752  4.2BSD   2048 16384 12960 # /tmp
  e:         16711072         15171328  4.2BSD   2048 16384 12960 # /var
  f:         62914560         31882400  4.2BSD   2048 16384 12960 # /usr
  g:          2097152         94796960  4.2BSD   2048 16384 12960 # /usr/X11R6
  h:         41943040         96894112  4.2BSD   2048 16384 12960 # /usr/local
  i:          6291456        138837152  4.2BSD   2048 16384 12960 # /usr/src
  j:         12582912        145128608  4.2BSD   2048 16384 12960 # /usr/obj
  k:        819061056        157711520    RAID
sd2*> w
sd2> q
No label changes.

Clear out previous home partition

srv07# dd if=/dev/zero of=/dev/rsd2k bs=1m count=1

Setup encrypted partition

srv07# bioctl -c C -l sd2k softraid0
New passphrase:
Re-type passphrase:
softraid0: CRYPTO volume attached as sd3

Configure new partition:

srv07# disklabel -E sd3
Label editor (enter '?' for help at any prompt)
sd3> a a
offset: [0]
size: [819060528]
FS type: [4.2BSD]
sd3*>
sd3*> w
sd3> q
No label changes.

Create /crypt and get rid of current /home from /etc/fstab

srv07# mkdir /crypt
srv07# cat /etc/fstab
6f75b1b9913f80c0.b none swap sw
6f75b1b9913f80c0.a / ffs rw 1 1
6f75b1b9913f80c0.k /home ffs rw,nodev,nosuid 1 2
6f75b1b9913f80c0.d /tmp ffs rw,nodev,nosuid 1 2
6f75b1b9913f80c0.f /usr ffs rw,nodev 1 2
6f75b1b9913f80c0.g /usr/X11R6 ffs rw,nodev 1 2
6f75b1b9913f80c0.h /usr/local ffs rw,wxallowed,nodev 1 2
6f75b1b9913f80c0.j /usr/obj ffs rw,nodev,nosuid 1 2
6f75b1b9913f80c0.i /usr/src ffs rw,nodev,nosuid 1 2
6f75b1b9913f80c0.e /var ffs rw,nodev,nosuid 1 2

Use vi to replace entry for /home with /crypt

srv07# vi /etc/fstab
...
/dev/sd3a       /crypt  ffs     rw,nodev,nosuid,noauto 0 0 

Create FFS2 filesystem

srv07# newfs /dev/rsd3c
/dev/rsd3c: 399931.9MB in 819060528 sectors of 512 bytes
1975 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
super-block backups (for fsck -b #) at:
 160, 414880, 829600, 1244320, 1659040, 2073760, 2488480, 2903200, 3317920, 3732640, 4147360, 4562080, 4976800, 5391520, 5806240, 6220960, 6635680, 7050400, 7465120, 7879840, 8294560, 8709280, 9124000, 9538720, 9953440, 10368160, 10782880, 11197600, 11612320, 12027040, 12441760, 12856480, 13271200, 13685920,
 14100640, 14515360, 14930080, 15344800, 15759520, 16174240, 16588960, 17003680, 17418400, 17833120, 18247840, 18662560, 19077280, 19492000, 19906720, 20321440, 20736160, 21150880, 21565600, 21980320, 22395040, 22809760, 23224480, 23639200, 24053920, 24468640, 24883360, 25298080, 25712800, 26127520, 26542240,
[...]

Mount /crypt and check

srv07# mount /crypt
srv07# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd2a      986M    131M    806M    14%    /
/dev/sd2d      3.9G   10.0K    3.7G     1%    /tmp
/dev/sd2f     29.1G    1.4G   26.2G     6%    /usr
/dev/sd2g      986M    303M    634M    33%    /usr/X11R6
/dev/sd2h     19.4G    146K   18.4G     1%    /usr/local
/dev/sd2j      5.8G    2.0K    5.5G     1%    /usr/obj
/dev/sd2i      2.9G    2.0K    2.8G     1%    /usr/src
/dev/sd2e      7.7G   25.4M    7.3G     1%    /var
/dev/sd3a      378G    2.0K    359G     1%    /crypt

Setup /home -> /crypt/home

srv07# mv /home crypt
srv07# ln -s /crypt/home /home
srv07# cd /home
srv07# mkdir hoschi
srv07# chown hoschi:hoschi hoschi

And we are done! :-)

After some ansible magic in the background:

“Rescue mode” for OpenBSD

Like above:

  1. enable Hetzner Linux Rescue mode and
  2. trigger a reset of the machine
  3. login as root via ssh

boot from cd

$ wget https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/cd75.iso
$ qemu-system-x86_64 \
  -nographic          # Disable graphical output
  -boot d             # Boot from CD-ROM
  -cdrom cd75.iso     # Specify installation ISO image
  -drive file=/dev/sda,format=raw  # First phys. hard drive
  -drive file=/dev/sdb,format=raw  # Second phys hard drive
  -m 2048             # Allocate 2048 MB of memory
  -smp 4              # Configure 4 virtual CPUs

boot from local disks

$ qemu-system-x86_64 \
  -enable-kvm         # Enable KVM virtualization
  -cpu host           # Use host CPU features
  -nographic          # Disable graphical output
  -drive file=/dev/sda,format=raw,id=sata0,if=virtio  # First phys. hard drive
  -drive file=/dev/sdb,format=raw,id=sata1,if=virtio  # Second phys. hard drive
  -m 2048             # Allocate 2048 MB of memory
  -smp 4              # Configure 4 virtual CPUs