Fresher than ever: OpenBSD 7.6 supports AVX-512 and Snapdragon X1

Contents

OpenBSD 7.6 is here: The 57th release of the security-focused open source operating system shows that, in addition to their passionate focus on security and lean, correct code, the developers have not lost sight of modern hardware requirements.

For many years, modern processors have suffered from out-of-order execution attacks with their speculative execution of machine instructions. The massive security gaps mainly affect Intel and, in some cases, AMD CPUs. Even ARM, IBM POWER or even MIPS and SPARC systems are at risk. As an open source operating system consistently designed for security, OpenBSD has been mitigating these hardware problems for some time by means of appropriate code (mitigation). OpenBSD 7.6 now also implements extensions against Spectre-4 for ARM64 and Spectre-BJB for the Cortex-A57 (e.g. Opteron A1100, Snapdragon 8120, Samsung Octa 5433 or Nvidia Tegra X1). For x86 CPUs, a vulnerability in Intel's Atom CPUs in Register File Data Sampling (RFDS) will be mitigated together with a firmware update.

OpenBSD 7.6 supports the Qualcomm Snapdragon X1 Elite (X1E80100), one of the fastest ARM CPUs. Its twelve Oryon CPU cores run at 3.4 GHz or two in turbo mode at 4 GHz. This ARM CPU is installed, for example, in the expensive Samsung Galaxy Book 4 Edge, which also receives Microsoft's Copilot+ certification thanks to its integrated AI chip. OpenBSD 7.6 should already be able to start these and similar devices in ACPI mode.

Many small internal improvements

The OpenBSD developers are continuing to work on details in the SMP capability of the system. Version 7.6 allows multiple CPU cores to receive incoming UDP packets in parallel. IPv4 and IPv6 sockets have also been made SMP-proof. A new feature is the rport(4) pseudo device for point-to-point connections on network layer 3 between routing domains. It is similar to the pair(4) virtual Ethernet interface from OpenBSD 5.6, but works much more efficiently as it does not add Ethernet headers. In many other places, the still frequently existing kernel locks have been removed.

As OpenBSD is often used as a secure network appliance, the developers have also worked on the network and routing functions. In particular, many improvements have been made to the Border Gateway Protocol daemon bgpd(8) and the RPKI validator rpki-client(8).

OpenSSH is available in version 9.9 and has been split into several binaries. Another new feature is support for the hybrid ML-KEM X25519 post-quantum key exchange.

Significantly more hardware support

The list of additional hardware supported by OpenBSD 7.6 is surprisingly long and mainly concerns network components. Starting with many fixes for the Raspberry Pi 5 and new Wi-Fi drivers, there are plenty of new features mainly for the ARM and RISC-V platforms. For example, OpenBSD 7.6 now runs on a Milk-V Pioneer, a powerful RISC-V development system with 64 cores and 128 GB RAM.

The Direct Rendering Manager drm(4) and the graphics drivers in OpenBSD 7.6 are up to date with Linux Linux 6.6.52. New is the support for Intel's Meteor Lake in inteldrm(4).

The modern OpenBSD hypervisor VMM/VMD now makes more CPU features of the host available to its guests. The handling of all three components (vmm(4), vmd(8) and vmctl(8)) has been slightly improved. OpenBSD 7.6 now also supports AMD Secure Encrypted Virtualization (SEV) and can pass the functions on to the guest.

Energy saving is also an issue with OpenBSD 7.6: the focus is currently on sleep states. The developers have added an implementation of suspend-to-idle on AMD64 so that systems that do not support S3 can also switch to suspend mode. The feature is not yet finished, but can be activated and tested via machdep.lidaction=-1.

OpenBSD: Security meets philosophy

Some confusion was caused by the remark "We have reached OpenBSD of Theseus" in Theo de Raadt's commit to the ancient BSD game quiz(6). With the commit, he replaced the last unchanged file from the original OpenBSD 1.1.1.1.

Anyone who has not read the Greek philosopher Plutarch (46-119) is generally not familiar with his "Ship of Theseus" paradox. In a thought experiment, Plutarch poses the question of whether a ship is still the same ship if all its individual parts have been replaced over the years –, i.e. if it no longer has a single original component. The paradox has often been addressed, from the "Grandfather's Axe" (UK), where the shaft and later the blade were replaced, to Tin Woodman in the Wizard of Oz, to the Buddhists' "Dà zhìdù lùn" or the Japanese Isa Grand shrine, which is rebuilt every 20 years.

It's nice to see that there are still projects where exciting philosophical questions make you think instead of vehemently bickering about ideological narratives.

Free of charge and available immediately

OpenBSD is released under the free MIT license and is available as open source software free of charge and in source code. OpenBSD 7.6 includes Xenocara based on Xorg 7.7, which runs various window managers and desktop environments such as cwm, dwm, MATE, Xfce 4.18.1, GNOME 46 and KDE Frameworks 6.5.0 with KDE Plasma 6.1.4. For the desktop there is Chromium 128 or Mozilla Firefox 130/ESR 128.2 and LibreOffice 24.8.1.2 – as well as Emacs 29.4 or Vim 9.1.707/Neovim 0.10.1.

Free installation images and instructions for 14 hardware platforms are available for download on the project page. The release notes for OpenBSD 7.6 with a detailed overview of all changes can also be found there.

(vbr)