Making it real

In my last post, I talked about creating a multiboot Virtual Machine that had OpenBSD, FreeBSD and Linux on it.  In that post, I mentioned that my next step would be to actually set up a laptop on real hardware with this configuration and document the process.

In the intervening time, two big events and a lot of little ones occurred that are interesting to take note of here:

  1.  Apple released the new MacbookPro computers.  To say I am underwhelmed would be an understatement.  I recall a time when Apple not only was innovative and aggressive, but also built some of the best hardware I’ve ever had the privilege to use (more on that with #2 below). Unfortunately adding a tiny little OLED touch strip above the keyboard and further reducing the ports you have available to you doesn’t exactly align with that picture in my head.  But hey, it’s a free country (at least it still is, I’m writing this before the US Presidential election ) so YMMV.  You might really dig the new hardware from our friends in Cupertino.
  2. I bent my 12″ Macbook.  Yes, you read that right.  I bent the thing.  Not by dropping it off of a tall building or slamming it in a car door, but by simply carrying it in my backpack and putting it into the overhead bin on my flight.  It’s not really noticeable except for the fact that it now wobbles when I type on it.  And yes, I tested it on multiple flat surfaces.  And no, it isn’t that the little rubber foot fell off of it.
  3. I’m feeling like I’m being pecked to death by the numerous bugs I’m seeing in macOS Sierra.  There was a time a couple of releases ago where WiFi was a real problem.  Well guess what, that’s back.  I also am a big fan of Apple’s built-in mail and calendar programs.  Well, they randomly crash (or minimize when I click on another window) several times a week.  Oh, and did I mention the hibernation and resume from suspend problems I am having?  Oh, and the fact that while I’m typing this, the external monitor that is hooked up to my wobbly laptop via Apple’s own dongle has gone black for 1-3 seconds several times?

It just doesn’t feel like I’m the core demographic that they are targeting any more.  To that end, I’m seriously considering (and I know this will freak out anyone who knows me), stepping away from the Apple ecosystem.  Now the privacy nightmare malware application known as Windows 10 would not be where I land, so I begin to contemplate a world where I live on OpenBSD full time and work as well as at home.

Unfortunately, there are “corporate” things that I do that will require me to periodically use Windows (we have internal web-based tools that absolutely require Internet Explorer) and Microsoft Office is a necessary evil in the corporate world.  I know I could limp along with a remote desktop client to get to IE and possibly use the web tools in Office365, but I expect that I would run into pain that way.  This means that somewhere on this mythical machine, I would need a Windows VM.

So suddenly, my idea of doing a little experiment of dual booting a laptop got serious – as in deadly serious.  This “test” I’m conducting will be an experiment to see if I can walk away from macOS as my daily driver.  Now, ironically enough, the laptop I’m going to test this out on is an older MacbookPro 13 inch (an 11,1 model).  How is that for funny.  If I can live this way for a few weeks, however, I would be moving officially to a Lenovo Thinkpad X1 Carbon as it is the only small laptop I can find currently that has good open source OS support, a 1TB SSD and 16 GB of RAM.

OK, enough talking onto documenting what I did.  First, I started off by taking this poor old MacbookPro and running DBAN on it.  For those of you who aren’t familiar with DBAN, it stands for Darik’s Boot and Nuke.  Its a collection of utilities you can boot off of a thumb drive that will allow you to securely wipe a hard drive.  I erased the drive (including the EFI partition) on the MacbookPro so I could have a fresh start.

The next step was to download Ubuntu 16.10 onto a thumb drive and install it.  While I would have preferred to use Arch (I like rolling distros), I don’t want to ever be in a situation where I whack my work machine because I waited to long between updates, etc.  Ubuntu (or as I like to jokingly call it – Grandma’s Linux) is probably my better choice here.

Installing it was interesting though.  I couldn’t take the default and let it take the entire drive, plus I wanted to encrypt the disk so I did the manual configuration.  Understanding how to set things up took a couple of attempts and I’m still not totally satisfied with my end result.  In the end, I created an EFI system partition at the front of the disk that is 1,024MB in size, a /boot EXT4 partition that is the same size, and a 200GB encrypted volume that has in it a single EXT4 volume that is mounted as / to the filesystem.  What is missing is a swap drive.  I couldn’t create a “normal” swap partition because the Ubuntu installer informed me that Linux doesn’t encrypt its swap (that was a surprise to me as an OpenBSD user) and it wouldn’t even let me say “who cares do it anyhow.”  It just flat out refused to proceed until I did a swap-less install.  I got grumbled at by the installer but it let me proceed.

Once I rebooted (and the Ubuntu installer religiously hangs on me after installation so I did my typical wait 5 minutes and hold down on the power button – I think I am beginning to see why Bryan Cantrill calls Linux a “dumpster fire”) and rebooted.  I was prompted for my volume encryption password and was dropped very quickly at the desktop.  Now I created a swap FILE (not a partition):

$ sudo fallocate -l 20g /mnt/20GB.swap
$ sudo chmod 600 /mnt/20GB.swap
$ sudo mkswap /mnt/20GB.swap
$ sudo echo "/mnt/20GB.swap none swap sw 0 0" >> /etc/fstab

After doing that, I rebooted and confirmed that I had a working swapfile.

Next, I downloaded the latest snapshot of OpenBSD 6.0-current and dd’ed it to a thumb drive.  I rebooted, installed OpenBSD and promptly stepped all over the drive and made it unbootable.  Oops!

At that point, I decided I really wanted to better understand what I was doing and what better way to do that than to install Arch and do all of the LUKS stuff by hand.  I found a handy-dandy article that walked me through it.  I first downloaded the Arch install ISO and dd’ed it to a thumb drive which I booted from in UEFI mode on the Mac.

# wifi-menu

# timedatectl set-ntp true

# lsblk

From there I was able to find out that I needed to use the block device /dev/sda as my target (the internal drive on the laptop).  I then used gdisk to create the partitions.  I first issued the “o” command to wipe and recreate the GPT partition table.  I then created partition 1 as a 1,024M /boot and EFI system partition with a partition type of ef00 so that it was identified properly.  I then created partition 2 as a standard ext4 partition (this will be the LUKS partition) that consumed half the free space and partition 3 as an ext4 that consumed the rest (this will be where I will be installing OpenBSD).

# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sda2
# cryptsetup luksOpen /dev/sda2 crypt
# lvm pvcreate /dev/mapper/crypt
# lvm vgcreate lvmpool /dev/mapper/crypt
# lvcreate -L 35GB -n root lvmpool
# lvcreate -L 16GB -n swap lvmpool
# lvcreate -l 100%FREE -n home lvmpool
# mkfs.fat -F32 /dev/sda1
# mkfs.ext4 /dev/mapper/lvmpool-root
# mkfs.ext4 /dev/mapper/lvmpool-home
# mkswap /dev/mapper/lvmpool-swap
# swapon /dev/mapper/lvmpool-swap
# mount /dev/mapper/lvmpool-root /mnt
# mkdir -p /mnt/boot
# mount /dev/sdX1 /mnt/boot
# mkdir -p /mnt/home
# mount /dev/mapper/lvmpool-home /mnt/home

Now that I have the volumes created and mounted, I installed Arch as I normally would.  By the way, how weird is it that Linux numbers its devices starting at 1?  I would have expected the first partition to be /dev/sda0 (which of course to an OpenBSD guy such as myself seems dyslexic as it should be /dev/sd0a like we do it).  🙂

Before rebooting, you have to enable the crypto in the kernel by adding “encrypt” and “lvm2” between “block” and “filesystems” in the /etc/mkinitcpio.conf file and then regenerate the initramfs by issuing the “mkinitcpio -p linux” command.  Install the simple bootloader via “bootctl install”.  Finally in /boot/loader/entries/arch.conf file, add the following:

linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/sda2:crypt ro root=/dev/mapper/lvmpool-root rw

Set your hostname in /etc/hostname, install the necessary wifi software with “pacman -S iw wpa_supplicant dialog” and change the root password with “passwd”.  Press CTRL+D to get out of your chroot, unmount /mnt (where you just installed Arch) and reboot.  You should be presented with a prompt to enter your crypto password and then you boot to the console just as you normally would.

Now to install OpenBSD.  I boot from the install60.fs USB stick as I normally would and immediately drop to the shell from the installer prompt.  Use fdisk to change the ext4 partition into an OpenBSD one, then use disklabel on that partition to create a swap file and the installer space.  Following this handy guide, I then created my softraid crypto filesystem and installed as I normally do.

Upon reboot, I am taken into Arch where I can install rEFInd from the console.  Another reboot and (although the icons and naming is pretty goofy by default on rEFInd in this case), I can safely switch between the two operating systems.

Mission accomplished!  I’ll clean things up with the rEFInd configuration, add puffy as an icon and get to it configuring my environments on both sides.  While it ended up being a long journey, I learned a lot on this and ended up having a test machine to now see if I can make the big switch away from macOS and Apple hardware.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s