OpenBSD 6.2 on BeagleBone Black ------------------------------- Last edited: $Date: 2018/01/04 14:01:03 $ ## BeagleBone Black The BeagleBone Black (http://beagleboard.org/BLACK) is an Arm-7 development board with a AM335x 1GHz ARM Cortex-A8processor, 512 Mb DDR3 RAM, ethernet, microD slot, 4GB 8-bit eMMC on-board flash storage and a lof other nice goodies. This board is capable of running OpenBSD :) In order to install OpenBSD on this board, you will need to access the serial console. This is a 3.3 Volt RS232 serial console, and connecting this with a 12 or even 5 Volt serial port will be fatal for the board. You need an USB F-cable to connect the BeagleBone Black serial port to your laptop or computer. ## Connecting the Serial Port Locate the pins of the serial board on the BeagleBone Black. The white dot is next to pin 1. Use the following pins: * pin 1: Ground * pin 4: Receive * pin 5: Transmit I have made a photo where you can see the USB F-cable connected to the serial console, you can find it here: gopher://box.matto.nl/I/images/bbb-serial.jpg I connected the other end (with the USB-connector) with a Debian Linux laptop and started minicom. In minicom, choose for * Baud 115,200 * Bits 8 * Parity N * Stop Bits 1 * Handshake None Boot the board and check that you see the startup-messages. Bring the board down. ## OpenBSD Installation image For the BeagleBone Black you need the miniroot-am335x-62.fs installfile from one of the OpenBSD ftp-mirrors. You can copy this file with dd to a micro SD-card. I did this on a Debian Linux laptop with: dd if=miniroot-am335x-62.fs of=/dev/mmcblk0 bs=16k Funny thing is that you can use the same micro SD-card to install OpenBSD on :) So you dd the install image to a micro SD-card, start the installer from there and install OpenBSD on the same card... ## Get the sets This step is optional, just to make things easier. I downloaded the setfiles from one of the OpenBSD ftp-mirrors: - base62.tgz - BOOTARM.EFI - bsd - bsd.rd - BUILDINFO - comp62.tgz - index.txt - man62.tgz - SHA256 - SHA256.sig I put these files on a local webserver, so during the install the installation program can fetch these files from the local network. I didn't bother to download any x-sets, this board will be running headless. ## Start the installer Now the hard work is done. Put the micro SD-card in the slot on the board. Locate the small switch on to top-side of the board, close to the micro SD-card slot (on the bottom-side). Keep this switch pressed while putting power on the board. The board will now attempt to install from the external micro SD-card and not from the internal eMMC-flash storage. The OpenBSD installer will start. Just follow the installation procedure, At the choice which hard disk to partition, choose sd0. Because this BeagleBone will mount its /home as memory file system I choose for edit the partition table, removed the home partition and changed the size of the /usr partition. After the installation is done reboot. ## Reboot into the installed system After the reboot, login again via the serial cable and have a look around your fresh OpenBSD system. ## Protect the micro SD card by mounting it readonly To protect the life of the SD-card, we are going to make it readonly. Make sure your network configuration is right, ssh is hardened and your ~/.ssh/authorized_keys has the right contents. Make a directory /proto and copy /var and /home to it. mkdir /proto cp -rp /var /proto cp -rp /home /proto Now, create a template for /dev mkdir /proto/dev cd /proto/dev cp /dev/MAKEDEV . ./MAKEDEV all Now edit /etc/fstab, comment the entries for /dev, /var and /home out and make the other entries readonly with noatime option: 4d0dfa46d94a8430.b none swap sw 4d0dfa46d94a8430.a / ffs ro,noatime 1 1 4d0dfa46d94a8430.d /usr ffs rw,wxallowed,nodev 1 2 swap /dev mfs rw,nosuid,noexec,-P=/proto/dev,-i=128,-s=4096 0 0 swap /var mfs rw,nosuid,noexec,-P=/proto/var,-s=8192 0 0 swap /home mfs rw,nosuid,noexec,-P=/proto/home,-s=8192 0 0 swap /tmp mfs rw,nosuid,noexec,-s=8192 0 0 Above, 4d0dfa46d94a8430 is the uuid of the micro SD-card. Each of the last four lines will make a memory file system (MFS) and, for /dev, /var and /home populate that with the corresponding subdirectory from the /proto diretory. Reboot and check everything works fine. ## Remounting read/write In case you want to make some changes. install additional stuff, etc. you can remount a partition by: mount -uw / In this case / gets remounted read-write. ## Harden ssh I prefer to use public key authentication so I changed the /etc/ssh/sshd_config. Don't forget that at boot time, your /home directory will be populated from the /proto directory, so put your public key not only in ~/.ssh/authorized_keys but also in /proto/home/<username>.ssh/<username>/authorized_keys otherwise you will be able to log into your Beaglebone Black after the next reboot. ## Set rc.conf.local In the etc directory, create rc.conf.local with the following lines: ntpd_flags=-s pflogd_flags=NO smtpd_flags=NO sndiod_flags=NO This will set ntpd to set the time immediately after boot, and to stop some unneeded services. ## Change ntpd.conf There seems to be a problem with ntpd. It wouldn't set my clock. The solution I found was to comment out some lines in ntpd.conf This is what the file looks now: servers pool.ntp.org # sensor * # constraints from "https://www.google.com" ## Packages Normally, the packages directory at the OpenBSD-servers ends with the architecture name. However, on ftp.eu.openbsd.org there is a directory pub/OpenBSD/6.2/packages/arm (not arm7). Normally, on OpenBSD systems I put the following line in /root/.profile: export PKG_PATHhttp://ftp.eu.openbsd.org/pub/OpenBSD/`uname -r`/packages/`uname -m`/ In this case this will not work, you have to manually change the last part. On my Beaglebone Black I have this entry in /root/.profile: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/`uname -r`/packages/arm/ In order to test this, I did a pkg_add gopher. After installing: # file gopher gopher: ELF 32-bit LSB shared object, ARM, version 1 As a normal (non-root) user I started gopher, and it works :) ## Resources The following pages where helpfull during the installation of OpenBSD 6.2 on the BeagleBone Black: * OpenBSD on BeagleBone Black Everything I wish I knew before installing the newly renamed armv7 port on a BeagleBone Black by Ted Unangst: http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black * Running OpenBSD off a USB Stick by Volker Roth: http://www.volkerroth.com/tecn-obsd-diskless.html * OpenBSD on Soekris by John Hart: http://blog.spoofed.org/2007/12/openbsd-on-soekris-cheaters-guide.html $Id: openbsd62beagleblack.txt,v 1.7 2018/01/04 14:01:03 matto Exp $