Raspberry Pi 4 - Unable to get FDE working

Hello,


thanks to those of you working on the arm64 port of OpenBSD, as well as
working

on this great OS as a whole!

I spend a couple of days now trying to get a FDE install of OpenBSD 6.8
working without

success. I tried different methods, hence, my knowledge about the boot
process on

aarch64/arm64 architecture is limited, so it is for x86 I'm afraid. The
"error" I receive is

that after a successful install, the boot process won't execute. An
installation to an

unencrypted device won't jeopardize my efforts, which limits the error
to some config

issue involving the FDE and not a BIOS misconfiguration.


Starting with a bsd.rd boot, I'm following the FDE setup described in

(https://www.openbsd.org/faq/faq14.html#softraidFDE).  In my setup there
is a couple

of devices involved: - sd0 8gb sd-card with raspberry-firmware v1.21

                                 - sd1 16gb usb-stick to become the key-disk

                                 - sd2 16gb usb-stick with miniroot.img
flashed onto

                                 -sd3 250gb usb attached ssd


Manual steps:

# fdisk -iy -g -b 960 sd3

# disklabel -E sd3 -> creating the RAID partition on a with an offset of 64


I read about the necessity of creating an EFI-Sys partition and
realigning the OpenBSD

one here
(https://www.reddit.com/r/openbsd/comments/5487cb/full_disk_encryption_gpt/d80cwf1/?utm_source=reddit&utm_medium=web2x&context=3).
Following this example I'll end up wit the following sd3 GPT-Table:

Disk: sd3       Usable LBA: 64 to 488397104 [488397168 Sectors]
GUID: d0211d02-06fb-4f06-9821-727cbc5d534d
    #: type                                 [       start: size ]
       guid                                 name
------------------------------------------------------------------------
    1: EFI Sys                              [          64: 960 ]
7656e91c-21e5-49d6-803b-e683d212258b
    3: OpenBSD                              [        1024: 488396081 ]
       baad59dd-a515-4d7c-b1aa-b0b632253e78 OpenBSD Area


# disklabel -E sd3
Label editor (enter '?' for help at any prompt)
sd3> a a
offset: [1024]
size: [488396081] *
FS type: [4.2BSD] RAID
sd3*> w
sd3> q
No label changes.


# fdisk -iy sd1
Writing MBR at offset 0.


# disklabel -E sd1
sd1> a a
offset: [64] 1024
size: [30297566] 1m
FS type: [4.2BSD] RAID
sd1*> w

I read about formatting the remaining space on the key-disk to FAT-322
the slides of

a presentation on the official OpenBSD page, but don't know if this is
either relevant,

outdated or not applicable for arm64 infrastructure

(https://www.openbsd.org/papers/eurobsdcon2015-softraid-boot.pdf).

sd1> a i
offset: [16065]
size: [30282525] *
FS type: [4.2BSD] MSDOS
sd1*> p
OpenBSD area: 64-30298590; size: 30298526; free: 960
#                size           offset  fstype [fsize bsize   cpg]
   a:            15041             1024    RAID
   c:         30310400                0  unused
   i:         30282525            16065   MSDOS
sd1*> w
sd1> q
No label changes.

# newfs_msdos /dev/rsd1i

# bioctl -c C -k sd1a -l sd3a softraid0

softraid0: CRYPTO volume attached as sd4

# cd /dev && sh MAKEDEV sd4
# dd if=/dev/zero of=/dev/rsd4c bs=1m count=1


I'm starting the installation process, providing answers manually.

[...]

Available disks are: sd0 sd1 sd2 sd3 sd4.
Which disk is the root disk? ('?' for details) [sd0] sd4
Disk: sd4       geometry: 30401/255/63 [488395553 Sectors]
Offset: 0       Signature: 0xAA55
             Starting         Ending         LBA Info:
  #: id      C   H   S -      C   H   S [       start:        size ]
-------------------------------------------------------------------------------
*0: 0C      2  10   9 -      4  20  16 [       32768:       32768 ] FAT32L
  1: 00      0   0   0 -      0   0   0 [           0:           0 ] unused
  2: 00      0   0   0 -      0   0   0 [           0:           0 ] unused
  3: A6      4  20  17 -  30401  55  23 [       65536:   488330017 ] OpenBSD


Use (W)hole disk or (E)dit the MBR? [whole]
Creating a msdos partition and an OpenBSD partition for rest of sd4...done.
/dev/rsd4i: 32668 sectors in 8167 FAT16 clusters (2048 bytes/cluster)
bps=512 spc=4 res=1 nft=2 rde=512 mid=0xf8 spf=32 spt=63 hds=255
hid=32768 bsec=32768
The auto-allocated layout for sd4 is:
#                size           offset  fstype [fsize bsize   cpg]
   a:          1024.0M            65536  4.2BSD   2048 16384     1 # /
   b:          4152.7M          2162688    swap
   c:        238474.4M                0  unused
   d:          4096.0M         10667488  4.2BSD   2048 16384     1 # /tmp
   e:         11889.5M         19056064  4.2BSD   2048 16384     1 # /var
   f:          6144.0M         43405664  4.2BSD   2048 16384     1 # /usr
   g:          1024.0M         55988576  4.2BSD   2048 16384     1 #
/usr/X11R6
   h:         20480.0M         58085728  4.2BSD   2048 16384     1 #
/usr/local
   i:            16.0M            32768   MSDOS
   j:          2048.0M        100028768  4.2BSD   2048 16384     1 #
/usr/src
   k:          6144.0M        104223072  4.2BSD   2048 16384     1 #
/usr/obj
   l:        181440.2M        116806016  4.2BSD   4096 32768     1 # /home

Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] e
Label editor (enter '?' for help at any prompt)
sd4> d a
sd4*> d b
sd4*> d d
sd4*> d e
sd4*> d f
sd4*> d g
sd4*> d h
sd4*> d j
sd4*> d k
sd4*> d l
sd4*> w
sd4> p

OpenBSD area: 65536-488395553; size: 488330017; free: 488330017
#                size           offset  fstype [fsize bsize   cpg]
   c:        488395553                0  unused
   i:            32768            32768   MSDOS


sd4> a a
offset: [65536]
size: [488330017] 10240m
FS type: [4.2BSD]
mount point: [none] /
sd4*> w
sd4> a d
offset: [21045120]
size: [467350433] 4096m
FS type: [4.2BSD]
mount point: [none] /tmp
sd4*> w
sd4> a e
offset: [29447136]
size: [458948417] 40960m
FS type: [4.2BSD]
mount point: [none] /var
sd4*> w
sd4> a f
offset: [113338560]
size: [375056993] 147456m
FS type: [4.2BSD]
mount point: [none] /usr
sd4*> w
sd4> a g
offset: [415344448]
size: [73051105] 16384m
FS type: [4.2BSD]
mount point: [none] /home
sd4*> w
sd4> p
OpenBSD area: 65536-488395553; size: 488330017; free: 39491265
#                size           offset  fstype [fsize bsize   cpg]
   a:         20979584            65536  4.2BSD   2048 16384     1 # /
   c:        488395553                0  unused
   d:          8402016         21045120  4.2BSD   2048 16384     1 # /tmp
   e:         83891424         29447136  4.2BSD   2048 16384     1 # /var
   f:        302005888        113338560  4.2BSD   4096 32768     1 # /usr
   g:         33559840        415344448  4.2BSD   2048 16384     1 # /home
   i:            32768            32768   MSDOS
sd4> q

No label changes.

Which disk do you wish to initialize? (or 'done') [done]
/dev/sd4a (5463406fee5a6848.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd4g (5463406fee5a6848.g) on /mnt/home type ffs (rw, asynchronous,
local, nodev, nosuid)
/dev/sd4d (5463406fee5a6848.d) on /mnt/tmp type ffs (rw, asynchronous,
local, nodev, nosuid)
/dev/sd4f (5463406fee5a6848.f) on /mnt/usr type ffs (rw, asynchronous,
local, nodev)
/dev/sd4e (5463406fee5a6848.e) on /mnt/var type ffs (rw, asynchronous,
local, nodev, nosuid)

[...]

What timezone are you in? ('?' for list) [Canada/Mountain] Europe/Berlin
Saving configuration files... done.
Making all device nodes... done.
Multiprocessor machine; using bsd.mp instead of bsd.
Relinking to create unique kernel... done.

CONGRATULATIONS! Your OpenBSD install has been successfully completed!

Exit to (S)hell, (H)alt or (R)eboot? [reboot] s


On my endeavor to find the missing part to the puzzle, I found a block
entry, saying

that after a successful install one should format the i partition with
newfs_msdos,

mount it and the copy the bootaa64.efi file into a newly created
/efi/boot directory

(https://jasper.la/posts/openbsd-uefi-bootloader-howto/). The blog entry
from 2015

is not relevant anymore, as the file is already present.


Once I'm restarting now, the Raspberry is skipping the boot order set in
the bios

going over all four pxe-boot options, before telling me that no boot
media was found.


Can anyone elaborate what I'm doing wrong and how a I can get a working

FDE OpenBSD install with an Raspberry Pi 4 arm board?


Thanks in advance!

On Tue, Jan 12, 2021 at 11:14:34PM +0100, Dennis Nuesser wrote:
Can you elaborate? At which point in the boot sequence does a failure occur?
What kind of failure is this? Do you see any error code or message?

One thing I noticed by looking at sources is that installboot(8) on arm64
doesn't seem to have any softraid support. This indicates that softraid boot
support for this platform is not yet complete...?

installboot(8) needs to patch softraid meta-data to enable booting from the
softraid volume. If that doesn't happen then the system won't boot.

On Tue, Jan 12, 2021 at 11:42:03PM +0100, Stefan Sperling wrote:
After reading more code it looks like arm64 might actually be getting
away without arm64-specific code in installboot.

Did you try it with a passphrase instead of a key disk?
If that doesn't work either, I'm out of clues.

The boot sequence ends once the raspberry firmware version

lights up on the screen. I do not reach beyond this point. The

FDE with a passphrase I have not tried out so far, since it is

rather impracticable for  a server setup.


On 13.01.21 00:08, Stefan Sperling wrote:

On Wed, Jan 13, 2021 at 10:05:48AM +0100, Dennis Nuesser wrote:
> The boot sequence ends once the raspberry firmware version
>
> lights up on the screen. I do not reach beyond this point. The
>
> FDE with a passphrase I have not tried out so far, since it is
>
> rather impracticable for  a server setup.

I'm not suggesting that you use a passphrase in production if it is
not a good fit. Knowing whether or not your setup can boot from softraid
with a passphrase might help with isolating the issue, that's all.

For sure, I just mentioned why I didn't try out in the first place.

On 13.01.21 10:05, Dennis Nuesser wrote:

Just gave it a try with a passphrase instead of a key-disk, with the

same result. The system isn't booting up. Can any OpenBSD-arm

developer confirm my finding about the current situation with FDE

not working form arm64 architecture or is there some configuration

issue I'm unable to spot?

On 13.01.21 10:18, Stefan Sperling wrote: