OpenBSD Finally Adds Guided Disk Encryption To Its Installer

Full disk encryption is quite important in today's computing environment while some operating systems still sadly don't provide an easy and streamlined manner of setting up an encrypted disk at install-time. Thankfully with the next release of OpenBSD, they are introducing a guided disk encryption option to their installer.

As of this week merged is initial support for guided disk encryption. This is basic OpenBSD encrypted disk setup by the installer when desired, compared to the status quo of manually needing to setup any encrypted disk configuration. OpenBSD developer Klemens Nanni explained with the commit:

Initial support for guided disk encryption

One new question to cover the most common use case, such that manual setup
in (S)hell or '!' prior to install is no longer required:

Encrypt the root disk? (disk, 'no' or '?' for details) [no] ?

Create a passphrase protected CRYPTO softraid volume to be used as root disk.

Available disks are: sd0.
Encrypt the root disk? (disk, 'no' or '?' for details) [no]

Use of keydisk or different disciplines are not covered.
Only asked in interactive installations; no autoinstall(8) or upgrades.
Only reachable on i386, amd64, sparc64 and riscv64 for now (arm64 WIP).

It's great seeing this easier disk encryption setup coming to the OpenBSD installer.

Given the usual OpenBSD release cadence, the next version should be out in April~May.