OpenBSD 7.0 now also on RISC-V, progress with Apple M1

OpenBSD 7.0 now also on RISC-V, progress with Apple M1

With OpenBSD 7.0, the developers around Theo de Raadt have released the 51st version of their open source operating system, which is concerned with security and correct code. As always, more than half of the new features and improvements concern the area of ​​network and routing as well as the OpenBSD projects OpenSMTPD (now 7.0.0), OpenSSH (8.8) and LibreSSL (3.4.1).

OpenBSD’s own security functions have also been improved, such as KARL (Kernel Address Randomized Link), in which the kernel is relinked with every restart, and unveil (2), with the help of which applications receive a view of the file system that is limited to the absolute minimum . In many places, an old OpenBSD vulnerability, SMP operation, has been further optimized.

Do you already know the free one iX-Newsletter? Register now and don’t miss anything every month on the publication date: heise.de/s/NY1E The next issue will be about the cover topic of the November-iX: Detect and ward off attacks in good time.

The minimalist and security-oriented OpenBSD hypervisor VMM / VMD received a theoretical limit of 512 vCPUs and many small improvements. For the user there is the timeout (1) tool imported from NetBSD, with which the runtime of commands can be time-limited. GNU / Linux users have known the command since GNU Coreutils 7.0.

doas (1), the modern replacement for sudo (1), now asks for the correct password up to three times. There were noticeably many updates to fdisk (8) and tmux (1), the terminal multiplexer. As always, special attention was paid to eliminating even the tiniest errors in the documentation.

The Dynamic Trace Mechanism introduced with OpenBSD 6.7, in which system and application debugging is possible using the pseudo-device / dev / dt, was activated by default in OpenBSD 7.0 on the amd64 / i386, arm64, sparc64 and the powerpc64 platforms.

Annoying problems with the TPM 2.0 modules, especially on ThinkPads, which prevented waking up from S3 suspend mode, have been fixed. With a patch submitted by Theo de Raadt, Mark Kettenis and Mike Larkin on August 30th, systems with a lot of RAM go into deep sleep much faster (hibernate). Due to the optimized handling of unused main memory, according to the developer, the change to hibernate mode is reduced from 100 to 9 seconds with 16 GB of RAM and from 325 to 28 seconds with 40 GB of RAM – de Raadt comments on this with “increase hibernate writeout speed a little “.

The Direct Rendering Manager for hardware accelerated graphics output (DRI) corresponds with OpenBSD 7.0 to that of Linux 5.10.65. Intel’s DRM now gets along better with TigerLake GPUs; AMD supports “Sienna Cichlid”, “Arcturus” and the Cezanne “Green Sardine” Ryzen 5000 APUs. In contrast to some current GNU / Linux distributions, OpenBSD users are spared black screens with some new Ryzen APUs.

After OpenBSD 6.1 ARM and 6.9 PowerPC64 were added to the supported hardware platforms, some developers are now porting OpenBSD to the RISC-V architecture, which is slowly waking up from its slumber. The development takes place primarily on SiFive Unmatched Instead of: The board in the mini-ITX form factor with a 1.2 GHz quad-core CPU, 16 GByte RAM, four USB 3.2 Gen 1, one x16 PCIe slot (8 lanes) and two M.2 slots is just under 600 euros available. At the moment it is interesting for developers, but hardly for end users.

That is also fundamentally supported Microsemi PolarFire SoC Icicle Kit, which is an ultra-low-power SoC FPGA, which could later be well suited for network and firewall appliances or IoT devices.

For owners of the chic SGI Indy, Indigo2, Octane, O2, Origin and Onyx based on the classic 64-bit MIPS processors, OpenBSD 6.9 is no longer an option, because the sgi port will no longer be developed with OpenBSD 7.0. This is not necessarily unexpected if you know the background of the MIPS development: MIPS was developed in the first half of the 80s by researchers at Stanford University in the USA and was the basis for SGI workstations and servers, formerly DEC Computers (which later used alpha processors) and some game consoles. Even Microsoft ported Windows NT to MIPS. After ARM won the race for CPU supremacy in smartphones in 2010 and more and more parts of MIPS were sold out by 2013, MIPS had become important in the market. In March of this year, MIPS Technologies announced that the current generation 8 of MIPS CPUs will be based on the RISV-V architecture – a somewhat strange, but perhaps vital step: MIPS8 processors are now RISC-V CPUs.

The ARM platform got some small improvements with OpenBSD like a correct control of the LEDs with the new (4) driver (e.g. LAN7800 on Raspberry PI 3B +). The Raspberry Pi 4 with its somewhat quirky hardware, on the other hand, is stuck: A new U-Boot version sends a reset command to the PCIe controller when it starts, which is not reinitialized by the bcmpcie (4) driver, however. This also has an impact on USB devices and should be resolved shortly with a fix.

Apple computers with the M1-ARM-CPU received some new drivers, but they are not yet sufficient for full operation. After all, the aplpinctrl (4) driver for “Apple Pin Multiplexing” can be used to address the GPIO controller in order to perhaps expand the systems with interesting hardware.

All new features and improvements are detailed in den Release Notes zu OpenBSD 7.0 documented. The (almost) always artistic accompaniment of each release is unique: The song “The Style Hymn” describes the style guides for OpenBSD developers in a kind of chant, plus there is a chic OpenBSD 7.0 illustration by Natasha Allegri in the van Gogh -Style. ISO files and USB stick images are located on the mirror servers of the project available free of charge for various hardware architectures.

More from iX magazine

More from iX magazine

More from iX magazine

More from iX magazine


(fo)

Article Source