OpenBSD adds sysctl kern.allowkmem to reduce ‘decades of kernel snooping’

“Make a move towards ending 4 decades of kernel snooping. Add sysctl kern.allowkmem (default 0) which controls the ability to open /dev/mem or /dev/kmem at securelevel > 0.  Over 15 years we converted 99% of utilities in the tree to operate on sysctl-nodes (either by themselves or via code hiding in the guts of -lkvm). pstat -d and -v & procmap are affected and continued use of them will require kern.allowkmem=1 in /etc/sysctl.conf.  acpidump (and it’s buddy sendbug) are affected, but we’ll work out a solution soon. There will be some impact in ports.”




Filippo Valsorda: reversing OpenBSD FDE passwords

Filippo Valsorda of the CloudFlare Security Team wrote a blog on OpenBSD’s full-disk-encryption, after he lost his password.

So I lost my OpenBSD FDE password
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. […] I did a weak attempt at finding some public bruteforce tool, and found nothing. I say weak because somewhere in the back of my brain, I already wanted to take a peek at the OpenBSD FDE implementation. Very little is documented, and while I do trust OpenBSD, I want to know how my data is encrypted. So this was the “perfect” occasion. […]

Related info:



BSSSD: Trusted Computing for FreeBSD and OpenBSD

Excerpting the recent TCG announcement:

BSSSD: Trusted Computing now available for FreeBSD and OpenBSD: All pieces to utilize Trusted Computing and build Trusted Computing applications on FreeBSD and OpenBSD have been made available by the BSSSD-project.

Software components:
 * TPM device driver for the FreeBSD-kernel
 * TPM device driver for the OpenBSD-kernel
 * TCG Software Stack TrouSerS
 * TrustedGRUB boot-loader
 * TPM-Tools
 * OpenSSL-TPMengine
 * OpenCryptoKi
 * TPM-Emulator
 * TPM-Testsuite

Kernel drivers were developed for the following TPMs:
 * Atmel 97SC3203
 * Broadcom BCM0102
 * Infineon IFX SLB 9635 TT 1.2
 * Intel INTC0102
 * Sinosun SNS SSX35
 * STM ST19WP18
 * Winbond WEC WPCT200
 * TPMemulator


BSSSD: Trusted Computing Now Available for FreeBSD and OpenBSD


OpenBSD 5.9 released

OpenBSD 5.9 has been released. There are a few firmware-related improvements in this release, such as:
* New efifb(4) driver for EFI frame buffer.
* amd64 can now boot from 32 bit and 64 bit EFI.
* Initial support for hardware reduced ACPI added to acpi(4).

* New asmc(4) driver for the Apple System Management Controller.
* New dwiic(4) driver for the Synopsys DesignWare I2C controller.
* Support for ACPI configured SD host controllers has been added to sdhc(4).
* The sdmmc(4) driver now supports sector mode for eMMC devices, such as those found on some BeagleBone Black boards.
* The ipmi(4) driver now supports OpenIPMI compatible character device.

Full announcement:


OpenBSD’s new native hypervisor

Many people are reporting OpenBSD’s new native hypervisor:

More information: