“Make a move towards ending 4 decades of kernel snooping. Add sysctl kern.allowkmem (default 0) which controls the ability to open /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% of utilities in the tree to operate on sysctl-nodes (either by themselves or via code hiding in the guts of -lkvm). pstat -d and -v & procmap are affected and continued use of them will require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it’s buddy sendbug) are affected, but we’ll work out a solution soon. There will be some impact in ports.”
http://marc.info/?l=openbsd-cvs&m=147481705211536&w=2
Firmware Security 