OpenBSD 7.9 – A Comprehensive Look at the 60th Release

Thesis

OpenBSD 7.9 marks the 60th iteration of the project and, rather than delivering a single headline feature, it deepens the operating system’s core philosophy: security‑first, clean‑code design that scales across an ever‑wider hardware spectrum. By extending support to emerging ARM and RISC‑V SoCs, improving the scheduler’s awareness of heterogeneous cores, and tightening the pledge/unveil model, the release demonstrates how incremental, well‑audited changes can collectively shift the platform forward.

Key Arguments

1. Platform‑Specific Hardware Expansion

• ARM64 – The release enables the ice(4) driver on ARM, adds support for Rockchip RK3588/RK3576 SoCs, and introduces a driver for the Genesys Logic GL9755 SDHC controller, which powers the SD slot in many Apple Silicon laptops. These additions broaden the range of laptops and single‑board computers that can run OpenBSD out‑of‑the‑box.
• AMD64 – New SMU handling in amdpmc(4) allows deeper power‑state control, while disabling Panel Self‑Refresh in amdgpu prevents hangs on ThinkPad X13 gen 6. The kernel now zero‑initialises DM page‑table entries, fixing a bug that manifested on systems with more than 512 GiB of RAM, and it mitigates a floating‑point state leakage on Zen/Zen+ CPUs.
• RISC‑V – Support for the SpacemiT K1 SoC arrives with a clock driver (smtclock(4)), device‑tree integration, and handling of the Zicbom and Svpbmt extensions. These changes make OpenBSD a viable option on the increasingly popular HiFive Unmatched platform.
• Other Architectures – Ice(4) now works on big‑endian SPARC64, power‑pc64 memory barriers have been upgraded to sync, and TLB shoot‑down on Alpha has been reworked. These seemingly modest fixes remove long‑standing obstacles that kept OpenBSD from being used on legacy hardware.

2. Kernel Scheduler and Concurrency Improvements

OpenBSD 7.9 introduces a heterogeneous‑core scheduler governed by the hw.blockcpu sysctl. Administrators can now describe a set of CPUs as SMT, performance, efficient, or lethargic, and the scheduler will preferentially keep work on the faster cores while idling the slower ones. The feature is already functional on amd64 and arm64, paving the way for better power‑efficiency on modern laptops that mix high‑performance and low‑power cores.

The kernel also replaces the traditional CAS spinlock with a parking lock for mutexes, reduces unnecessary page‑daemon sleeps, and adds a ddb(4) stop command that sends SIGSTOP to a target PID. These changes improve latency under load and make debugging multi‑processor deadlocks easier.

3. Security Hardening and New System Calls

• The root exemption for bpf(4) BIOCLOCK has been removed, ensuring that even privileged processes cannot bypass BPF descriptor revocation.
• The long‑standing pledge(2) promise tmppath is retired; instead, developers are encouraged to combine unveil with more granular pledge flags.
• A new system call, __pledge_open(2), permits libc to open a small, whitelisted set of internal files while still respecting pledge/unveil constraints. The call returns read‑only file descriptors that cannot be used for writes, chmod, or ftruncate, thereby reducing the attack surface of privileged helper binaries.
• Kernel address exposure via sysctl(2) is now limited to the root user, and the p_addr symbol is hidden from non‑privileged callers.

4. Networking Stack Evolution

The networking subsystem receives a suite of enhancements:

• VEB(4) becomes VLAN‑aware, supporting access, trunk, and hybrid port configurations, and introduces a LOCKED flag to guarantee MAC‑address consistency.
• IPFIX/Netflow v10 now includes NAT‑post‑translation fields, enabling accurate traffic accounting in modern NAT deployments.
• Checksum offload and TSO are now supported between rport(4) pairs, allowing large TCP segments to traverse rdomains without extra CPU work.
• PF(4) gains source and state limiters, with configurable actions on limit breach, and the default limiter action in pfctl(8) has been switched to block.
• IPv6 SLAAC is enabled by default, and the stack now ignores malformed TCP SACK packets that could otherwise trigger kernel panics.

5. Userland Polishing and Port Refresh

Userland sees a cascade of refinements: login(1) and xenodm(1) now honour XDG_RUNTIME_DIR, sndiod(8) automatically falls back to secondary audio devices, and tmux(1) gains synchronized output mode, focus‑follows‑mouse, and an extensive set of new command‑line flags. The libtls library has been hardened for better const‑correctness, and the LibreSSL 4.3.0 release adds ML‑KEM‑768 support, new TLS extensions, and a series of memory‑safety fixes.

The ports tree has been updated with more than 13 000 pre‑built packages across architectures. Highlights include Rust 1.94.1, Python 3.13.13, Node.js 22.22.2, LLVM/Clang 21.1.8, and the latest releases of major desktop environments such as KDE 6.6.4 and GNOME 49. Documentation continues to improve, with richer manual pages and clearer installation guides.

Implications

• Broader Adoption on ARM and RISC‑V – By supporting the RK3588, RK3576, and SpacemiT K1 SoCs, OpenBSD becomes a realistic choice for developers building embedded gateways, edge devices, and even consumer laptops that rely on these chips.
• Energy‑Efficient Servers and Laptops – The heterogeneous‑core scheduler allows data‑center operators to squeeze more work out of high‑performance cores while idling low‑power cores, potentially reducing power draw without sacrificing throughput.
• Hardening the Trusted Computing Base – Removing root bypasses for BPF and tightening pledge/unveil semantics reduce the kernel’s attack surface, aligning with the project’s long‑standing goal of a minimal TCB.
• Network Operators Gain Better Visibility – VLAN‑aware bridges, NAT‑aware Netflow, and PF limiters give operators finer‑grained control and measurement, which is essential as traffic encryption becomes ubiquitous.

Counter‑Perspectives

Some critics may argue that the release’s incremental nature lacks a singular, eye‑catching innovation, making it harder to attract newcomers accustomed to headline‑grabbing features. Moreover, the removal of the tmppath pledge promise could break legacy scripts that relied on the older semantics, requiring developers to audit and adjust their codebases. Finally, while the hardware support has expanded, the driver set still lags behind the rapid cadence of new SoCs, meaning early adopters may encounter missing peripherals on the very latest hardware.

Overall, OpenBSD 7.9 exemplifies a philosophy of measured progress: each addition is carefully audited, each security change is justified, and the cumulative effect is a more versatile, safer operating system that remains true to its core values.