OpenBSD 7.8 runs on Raspberry Pi 5 and gets WPA3 support sponsored

Contents

With OpenBSD 7.8, Theo de Raadt releases the 59th version of the security-focused Open Source operating system. Since OpenBSD is released semi-annually and developers generally maintain the previous version, OpenBSD 7.6 is now out of support and should be urgently updated.

OpenBSD has been running on various Raspberry Pis for some time, and with version 7.8, OpenBSD now makes the leap to the current Raspberry Pi 5. To achieve this, the developers around Mark Kettenis had to update the drivers for the RP1 peripheral controller (rpone(4)), the RP1 clock controller (rpiclock(4)), the RTC controller (rpirtc(4)), and the Cadence 10/100/1Gb Ethernet device (cad(4)). Recently, there were still problems booting PCIe storage HATs via U-Boot, with WiFi on Raspberry Pi 5B boards of revision "d0", and PWM control for the fan/cooler. The console currently only works via the serial port.

OpenBSD 7.8 can generally use acpi(4) on arm64 and thus save energy. On devices with Snapdragon X Elite, the Advanced Power Management Daemon (apmd(8)) and clock frequency control via sysctl(2) and "hw.cpuspeed" now also run. For the amd64 platform, OpenBSD 7.8 brings some fixes for GPIO events and a fix for non-functional power buttons on ThinkPads with AMD CPUs. Several other improvements are intended to make suspend/hibernate more reliable on notebooks with AMD CPUs/GPUs.

Secure, trusted VMs with AMD SEV-ES

On AMD processors, OpenBSD 7.8 supports AMD Encrypted State (SEV-ES) for starting confidential virtual machines. SEV-ES works together with the vmm/vmd hypervisor and with OpenBSD guests on KVM/qemu. To run guests in AMD SEV-ES mode under OpenBSD 7.8, the "seves" option must be entered in vm.conf(5). The VirtIO devices emulated by the Virtual Machine Daemon vmd(8) for network, block devices, SCSI devices, and entropy comply with VirtIO standard version 1.2. Previously, vmd(8) was supposed to offer the ability to move virtual machines via "send" and "receive" – however, the function was so broken and neglected that the developers promptly removed it completely.

As in previous versions, OpenBSD 7.8 continues to make progress in the area of SMP for networking. Up to eight "softnet threads" now process incoming network connections in parallel. The entire TCP stack also runs on up to eight threads/CPU cores, making "multi queue" capable network cards significantly more useful with OpenBSD.

The Direct Rendering Manager drm(4) has been updated from Linux version 6.12.21 to 6.12.50. New qcdrm(4) drivers for Qualcomm Snapdragon SoCs also support its MSM Mobile Display Subsystem (MDSS). The associated qcdpc(4) driver handles the Qualcomm DisplayPort Controller (e.g., for backlight for eDP panels). Via uvideo(4), devices according to USB Video Class (UVC) can also use H.264.

Fresh wind in programming

OpenBSD 7.8 has not only updated the C++ compiler suite from version 16.0.6 to 19.1.7 plus patches, but also also the C libraries. Perhaps more importantly: OpenBSD 7.7 and older used pkg-config(1) version 0.29.2 to configure the build dependencies of programming projects. This was a somewhat dusty Perl script that was hardly maintained anymore. With OpenBSD 7.8, the developers are switching to the widely used and C-programmed pkgconfig(1) version 2.4.3.

New Network Drivers and WPA3 for OpenBSD

There are many new hardware drivers, starting with the already mentioned Raspberry Pi 5 and obscure drivers for SoCs from "Broadcom Set-Top Boxes" – whose components are also used in the Pi 5. In addition, there are drivers for RK3528 SoCs and RealTek network chips. WiFi devices with Qualcomm IEEE 802.11a/ac/ax/b/g/n chips (qwx(4)) receive support for 802.11n/HT and roaming, a fix for TKIP crypto offloading, and should now work better with suspend/resume. For Intel AX210 chips, OpenBSD 7.8 now loads the correct firmware.

Already FreeBSD 2024 received a surprisingly large grant of 686,400 Euros from the funding society financed by the federal government, which now bears the name Sovereign Tech Agency. Now, OpenBSD is apparently also receiving support from Brussels in the form of Chirpy Software SRL, a company founded by OpenBSD developer Stefan Sperling in 2024, which aims to implement WPA3 for OpenBSD. The financing is likely provided by the "NGI0 Commons Fund" from NLnet.

The entire network stack and its tools such as bgpd(8) or rpki-client(8) as well as the packet filter pf(4) have countless new features and improvements. The developers have also made significant improvements to the terminal multiplexer tmux(1), a modern alternative to screen(1) known from GNU/Linux.

Free and available immediately

OpenBSD is under the free MIT license and is freely available as open-source software in source code form. OpenBSD 7.8 uses LLVM/Clang 19.1.7 as its compiler; versions 20.1.8 and 21.1.2, as well as GCC 8.4.0 and 11.2.0, can be installed additionally. OpenBSD uses Xenocara based on X.Org 7.7 with Xserver 21.1.18, but also offers Wayland and runs partially already with XLibre. In addition to OpenBSD's own cwm(1) window manager, desktop environments such as MATE 1.26, Xfce 4.20, GNOME 48, or KDE Plasma 6.4.5 can also be installed via the package management. Chromium 141, Firefox 143.0.3 and ESR 140.3.1, Thunderbird 143.3.1, and LibreOffice 25.8.1.1 round off the desktop. A great deal of work has gone, as almost every time, into LibreSSL, now available in version 4.2.0, and OpenSSH 10.2. In total, the package management lists 12651 packages for the amd64 platform.

Installation media and instructions for fourteen hardware platforms are available for download on the project page. There you will also find the release information for OpenBSD 7.8 with a detailed overview of all changes.

(mki)