In order to achieve a truly read-only installation we will need to also create the device files in mfs. Type the following commands:
mkdir /mfs/dev
cp /dev/MAKEDEV /mfs/dev
cd /mfs/dev
./MAKEDEV all
to create all device files in the /mfs/dev directory. Now we can mount the /dev directory on top of /dev in mfs as well. Add the following line to /etc/fstab
swap /dev mfs rw,-s=1024,nosuid 0 0
and since we're already at it change the first three lines to
/dev/wd0a / ffs rw,noatime,softdep 1 1
/dev/wd0e /usr ffs ro,nodev,noatime,softdep 1 2
/dev/wd0d /var ffs rw,nodev,nosuid,noatime,softdep 1 2
where changes are shown in bold. And then add the following to line
# Copy dev files before anything else
cp –Rp /mfs/dev/* /dev
# ReMount / read-only
mount –ur /dev/wd0a /
to /etc/rcafter the line rm –f /fastboot
By default OpenBSD remounts / read-write (regardless of the ro setting in /etc/fstab) which we can prevent by commenting out the line
mount –uw /
just above the line with rm –f /fastboot.