After OpenBSD 6.8 celebrated its 25th birthday in November last year, we can congratulate the recently released OpenBSD 6.9 on its fiftieth edition. The BSD (Berkeley Software Distribution) operating system, designed for maximum security, is available free of charge. It serves as a development platform for many new security functions that other operating systems often take over.
OpenBSD is under the really free ISC and BSD license, the project does not accept new code under the GPL license, which is restrictive by comparison. With his commit “Log Message: 6.9-beta” on February 6th, OpenBSD founder Theo de Raadt won the Working on the OpenBSD 6.9 release officially launched.
Lots of news for POWER9 and ARM64, RISC-V
The long and detailed list of new features and improvements in OpenBSD 6.9 applies to all 13 hardware platforms, which supports OpenBSD and of course the amd64 / i386 as well. A lot of work has gone into the platforms powerpc64 (PowerNV machines with IBM POWER9 CPUs) and arm64 (64-bit ARM). Support for POWER9 systems (more precisely: Power-ISA v3.0) was incorporated into OpenBSD 6.8 just six months ago. Dale Rahn added the riscv64 platform with an initial commit (64-bit RISC-V) with experimental status added.
Specifically, powerpc64 received the astfb (4) driver for frame buffers based on the Aspeed BMC, which can be found on many POWER8 and POWER9 systems. There is now also an SMP kernel (bsd.mp) on the installation images, and this ramdisk kernel can now also be started over the network. OpenBSD 6.9 finally uses the power-saving mechanisms of POWER9 and supports remote maintenance on PowerNV computers with ipmi (4).
There are many small improvements and above all drivers for arm64 and thus also for example Rockchip RK3328 / 3399 systems or the Raspberry Pi 3/4. Attention: The onboard network card does not work on the Pi 3 model B + in particular. The focus on security is made clear in a cryptox (4) driver that can use any existing encryption hardware on ARMv8 or newer. The MMU on ARM systems is also used by smmu (4), for example to detect incorrectly configured or suspiciously behaving I / O devices. For the Raspberry Pi there is finally a driver for the µSD card slot in ACPI mode with sdhc (4).
There has to be some hype: Apple M1
What is little known is that in some cases OpenBSD is very quick to adapt to new hardware. The porting to Apple’s new ARM-M1-SoCs is making great strides. Apple M1 Icestorm and Firestorm are recognized, there is support for the BCM4378 (Broadcom and Cypress IEEE 802.11a / ac / b / g / n wireless network device), UART, watchdog, interrupt controller, PCIe bridge and the IOMMU. This means that OpenBSD does not yet run on the new Apple machines, but that should be the case with the upcoming OpenBSD 7.0 in the fall.
Network stack with more SMP
Since OpenBSD is not exactly the platform of choice for massive cloud servers, there have not yet been any massive efforts to make the network stack completely multithreaded. Companies like Genua, manufacturers of high-security firewalls like Genugate, have been promoting and supporting this for a long time. OpenBSD 6.9 brings some improvements to SMP operation, including some that network applications can benefit from.
David Gwynne is even working on a completely rewritten replacement for the bridge (4) driver, the Virtual Ethernet Bridge veb(4). Veb (4) increases the security of the system through a logical separation from the host network stack and, according to the developer, should already be “a lot” faster than bridge (4) and above all designed for parallel operation on several CPU cores .
Encrypted RAID and hypervisor
With RAID1C (C for crypto) OpenBSD 6.9 can encrypt a software RAID securely and seamlessly via softraid (4). The softraid (4) driver provides a virtual host bus adapter (HDA) under which RAID and other I / O services run. The modern OpenBSD hypervisor VMM / VMD received additional security functions and has been cleaned up. Vmd (4) can use the new veb (4) bridge and can now start virtual machines directly from compressed RAM disks.