OpenBSD Logo

OpenBSD Operating System

(c) w3soft.org, license: CC BY-SA 3.0
OpenBSD is a free, open-source, modern, compact, security-focused and multi-platform UNIX-like operating system based on 4.4BSD OS. It is a compact and complete operating system (more than "Just a Kernel") if compared with the Linux system base. Because of it's unique archiecture it is one of the most secure operating systems which had "Only two remote holes in the default install" since (it was launched) a very long time ago.

  Download OpenBSD Operating System

Latest Release: OpenBSD 7.3, as of 10 April 2023

OpenBSD 7.3 Logo

Specifications:

  • Package Management System: BSD - pkgsrc: OpenBSD Ports
  • Current Release: OpenBSD - version 7.3
  • Release Date: 10 April 2023
  • First Release: June 1997
  • Developer: The OpenBSD Foundation (by Theo de Raadt in Calgary, Canada)
  • Contains Restricted Software / Extras by default: No, available as an extra option only
  • OpenSource, Free: Yes
  • Licensing Model: BSD 4-Clause License
  • Written in: C, Assembly language, Perl, Unix shell
  • Hardware Platforms: (CPU architectures):
    • Supports many hardware platforms. The most popular are: amd64, arm64, i386, armv7, sparc64.
    • The best supported 64-bit CPU architectures are: amd64 (also known as x64, x86_64, AMD64 and Intel 64) and arm64 (also known as AArch64).
    • OpenBSD/amd64 runs on any standard hardware with a 64-bit CPU (Intel or AMD) processors, both: servers and desktops.
    • OpenBSD/arm64 runs on a wide variety of hardware that integrates 64-bit ARMv8 (or later) processors and requires a minimal UEFI firmware (including U-Boot) and supports both ACPI and device-tree based hardware enumeration.
    • Other supported platforms: alpha, hppa, landisk, loongson, luna88k, macppc, octeon, powerpc64.
  • Project Documentation: www.openbsd.org/faq
  • Project Website: www.openbsd.org
this operating system states as having "Only two remote holes in the default install, in a heck of a long time!"
Due respect to smart acquaintances who work on OpenBSD, but to most people who secure application deployment environments, this is not the reassuring statement OpenBSD seems to think it is. The OpenBSD project produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Their efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. This operating system is good as well for a server or to simply run as a workstation.

Review

0 5 5
OpenBSD is a very interesting operating system. It is not just a kernel with a bunch of software packages like Linux distros. This OS is distributed as a whole operating system with a number of third-party software products in the base system, including: LLVM/Clang, GCC, BinUtils, GDB, NCurses, Perl, Expat, ZLib, LibFido2, Unbound, NSD, X.org.
The OpenBSD team often patches third party products, typically to improve the security or quality of the code. There is a new release approximately every six months, with the target release dates in May and November.
The operating system comes with extensive documentation in the form of man pages. They are the authoritative source of information for the OS, and considerable effort is made to ensure they're up to date and accurate. Developers making a change to the system are expected to update the man pages along with their change to the system code. It is expected that users will check the man pages before asking for help.

Pros +
  • small and clean code base, easy auditable
  • integrates other software projects made by the same core team such as: OpenSSH, OpenSMTPD, LibreSSL
  • OpenBSD is a BSD-style Unix, following the 4.4BSD design closely by contrast with Linux and Solaris which are System-D / System-V style
  • easy to use, user-friendly for any Linux / Unix experienced user
  • the philosophy of this OS is to believes in strong security, the aspiration is to be NUMBER ONE in the industry for security
  • full disclosure of security problems
  • the OpenBSD security auditing team typically has between six and twelve members who continue to search for and fix new security hole
  • secure by default - the operating system ships in a Secure by Default mode
Cons -
  • installing the OS is not easy and requires some experience with network, disk partitioning (there is no GUI disk partitioner yet ...)
  • an extended documentation for PF (Packet Filter Firewall) is hard to find

OpenBSD Screenshots

Screenshot: OpenBSD - Console Screenshot: OpenBSD - Mate Desktop
  ... View More OpenBSD ScreenShots


Features

  • OpenBSD is all free, the binaries are free, the source is free, all parts of the OS have reasonable copyright terms permitting free redistribution
  • is a full-featured UNIX-like operating system available in source and binary form at no charge
  • runs on many different hardware platforms
  • benefits from strong ongoing development in many areas, offering opportunities to work with emerging technologies and an international community of developers and end users
  • is thought of as the most secure UNIX-like operating system by many security professionals, as a result of the never-ending comprehensive source code audit
  • integrates cutting-edge security technology suitable for building firewalls and private network services in a distributed environment
  • attempts to minimize the need for customization and tweaking - for the vast majority of users, OpenBSD just works on their hardware for their application

Related Projects

  • OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.
  • LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. Primary development occurs inside the OpenBSD source tree with the usual care the project is known for. On a regular basis the code is re-packaged for portable use by other operating systems (Linux, FreeBSD, Windows, etc).
  • OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange emails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTPD is a fairly complete SMTP implementation.

Free and OpenSource Software ported to OpenBSD
There are many OpenSource / Free Software software applications ported over the years to this operating system by it's native package management system called "Ports".
To make this software easier to install and manage, it is ported to OpenBSD and packaged.
The aim of the package system is to keep track of which software gets installed, so that it may be easily updated or removed.
The OpenBSD Ports is a Package Management System very similar with the Linux Package Management Systems such as: deb, rpm and others.
In minutes, a large number of packages can be fetched and installed, with everything put in the right place.
The "Ports" collection is maintained using 3rd party free / open-source software and does not go through the same thorough security audit that is performed on the OpenBSD base system but they are as stable and secure as their developers release them and most of the time the OpenBSD Ports team will make the best efforts to integrate the latest stable releases and the latest security patches (if any).
The OpenBSD Ports team considers packages to be the goal of their porting work, not the ports themselves. In general, you are advised to use packages over building an application from ports. Of course, most of the ports are Open-Source so you can build all these ports from the source code as they can be audited.
  Find out More about the OpenBSD Ports (Package Management System)


OpenBSD Releases - TimeLine and Changelog


10 April 2023

OpenBSD version 7.3

Significant changes:
* Add kernel support for waitid(2), wait for process state change
* SMP - Unlocked mmap(2), munmap(2), and mprotect(2)
* Introduced clockintr(9), a machine-independent clock interrupt scheduler ; switched all architectures to use the new subsystem
* Introduced retguard for amd64 system calls
* More aggressive randomisation of the stack location for all 64-bit architectures except alpha
* Enhanced memory and process security
* Relinking of network exposed daemons at boot time
* Improved hardware support, including new arm64 variants and numerous network and graphics driver updates
* More flexible network configuration, now supporting lladdr-based config
* Various improvements for VMM/VMD (ex: linux / docker images now are better supported)
* Support for disk encryption in the installer
* X11 Mesa shader cache enabled
* LibreSSL version 3.7.2 ; OpenSSH version 9.3 ; OpenBGPD 7.9

OpenBSD 7.3 Logo

20 October 2022

OpenBSD version 7.2

Significant changes:
* Make route timer MP safe and use rttimer pool
* Added support for: Apple M2, Ampere Altra, Lenovo ThinkPad x13s (Qualcomm Snapdragon 8cx Gen 3)
* Added CPU frequency sensors for each core on CPUs that have MPERF/APERF support
* Bumped the maximum number of supported CPUs to 256 on arm64
* Made the CPU frequency scaling duration relative to the load when in automatic mode on battery
* Use kernel lock to protect parts of ARP, ND6 and PPPoE that are not MP safe ; lookup of existing ARP entries is MP safe and can run in parallell
* Run IPv4 packet reassembly in parallel ; Run IPv6 hop-by-hop options processing in parallel
* Made UNIX domain sockets locking per-socket rather than coarse locking of the entire domain sockets layer
* The TZ environment variable no longer supports absolute paths, to fit better into the pledge(2) bypass model
* LibreSSL version 3.6.0 ; OpenSSH version 9.1 ; OpenBGPD version 7.7

OpenBSD 7.2 Logo

21 April 2022

OpenBSD version 7.1

Significant changes:
* Added kernel interfaces for atomic load and store functions for int and long to be used in reference counted struct members
* Reworked garbage collector for unix(4) sockets to prevent potential kernel panics
* Protected ipsec(4) input and output with the kernel lock to allow forwarding of non-ipsec traffic in parallel
* Updated xorg-server to 21.1.3, leaving in place an earlier change to compute the screen resolution from dimensions returned by the screen
* New logic for pkg_add(1) to avoid excessive moving of files during updates when possible
* Releasing the LibreSSL to 3.5.2 ; Add missing error check for x509 constraints code in libcrypto
* Moved to OpenSSH 9.0 ; Randomized the password used in fakepw in ssh(1)
* Add initial 802.11ac support to iwm(4) ; Added 802.11ac/VHT TX rate adaptation support to the wifi stack
* Made sure armv7,arm64 and risc-v FDT bootloader code does not write beyond the FDT data structure
* Added aplhidev(4) support for the keyboard/touchpad on Apple M1 laptops ; Fixed reading motherboard time on Apple machines with old SMC firmware

OpenBSD 7.1 Logo

14 October 2021

OpenBSD version 7.0

Significant changes:
* Added support for installing on a disk with a GPT on arm64
* Made amd64 hw.setperf percentages proportional to the enhanced speed step frequencies on Intel processors
* Security: Moved objcopy to base set to allow KARL to work on all installs
* VMM: Added a theoretical limit of 512 to the number of allocated vcpus in vmm(4)
* Imported timeout(1) utility from NetBSD. timeout(1) can be used to run commands with a time limit
* Released LibreSSL 3.4.1 ; Added support for OpenSSL 1.1.1 TLSv1.3 APIs ; Implement flushing for TLSv1.3 handshakes behavior
* SMP: Introduced CPU_IS_RUNNING() and used it in scheduler-related code to prevent waiting on non-running CPUs

OpenBSD 7.0 Logo

1 May 2021

OpenBSD version 6.9

Significant changes:
* Implemented a control message to get the state of iscsid(8) and slowed iscsictl(8) loading to prevent mount errors during startup
* Returned to 6.8 behavior of sending two direct ACKs upon receipt of a data segment
* Implemented version 2 of virtio(4) at fdt, as used by Parallels on the Apple M1, allowing use of OpenBSD as VM
* Released LibreSSL 3.3.2 ; Allowed mixing of TLS and non-TLS configuration parameters within httpd(8) ; Allowed specification of TLS ciphers and protocols within smtpd.conf(5)
* Provided U-Boot binaries that work on Raspberry Pi 3 and 4 and firmware for Raspberry Pi 4, allowing use of the same installation method as for 3 without separate UEFI firmware

OpenBSD 6.9 Logo

18 October 2020

OpenBSD version 6.8

Significant changes:
* Reintroduced checks against heavy amap allocations for MAP_SHARED to prevent a panic reachable with mmap(2)
* Added support in the kernel and libc for timecounting in userland, eliminating the need for a context switch everytime a process requests the current time
* Improved CPU frequency scaling in automatic performance mode by removing accounting for offline CPUs
* UEFI boot support for x32 and x64 ; Changed install images called *.fs to *.img to accommodate some UEFI bootloaders

OpenBSD 6.8 Logo

19 May 2020

OpenBSD version 6.7

Significant changes:
* Made FFS2 (BSD Fast File System version 2) which uses 64bit timestamps and block numbers is the default filesystem type on installs and marked as stable
* Reduced the minimum allowed number of chunks in a CONCAT volume from 2 to 1, increasing the number of volumes which can be created on a single disk
* Reworked AMD smt/core/package detection, helping prevent cores being misidentified as threads
* A large number of drivers were written to improve arm64 and armv7 hardware support

OpenBSD 6.7 Logo

17 October 2019

OpenBSD version 6.6

Significant changes:
* The sysupgrade automates upgrades to new releases or snapshots
* SMP-Improvements, System call unlocking
* Introduced a new video driver: amdgpu (AMD RADEON GPU)
* Implemented Linux compatible acpi(4) interfaces and enabled the ACPI support code in radeon(4) and amdgpu(4)

OpenBSD 6.6 Logo

24 April 2019

OpenBSD version 6.5

Significant changes:
* Xenocara: Xorg (X Window Server) is no longer setuid
* Support for parsing NMEA 0183 altitude and ground speed hw.sensors
* Many IEEE 802.11 wireless stack improvements

OpenBSD 6.5 Logo

18 October 2018

OpenBSD version 6.4

Significant changes:
* Introducing a new security feature: unveil - a filesystem visibility restriction
* The Retpoline mitigation against Spectre Variant 2 has been enabled in clang(1) and in assembly files on amd64 and i386 ; Added SpectreRSB mitigation on amd64
* amd64 now uses eager-FPU switching to prevent FPU state information speculatively leaking across protection boundaries

OpenBSD 6.4 Logo

02 April 2018

OpenBSD version 6.3

Significant changes:
* SMP is supported on arm64 platforms
* Multiple security improvements have been made, including Meltdown/Spectre (variant 2) mitigations
* Intel CPU microcode is loaded on boot on amd64
* Several parts of the network stack now run without KERNEL_LOCK()
* pledge() has been modified to support "execpromises" (as the second argument)

OpenBSD 6.3 Logo

    See the Full Versions History for OpenBSD Releases
free 0