A new BSDCan video has been posted:
Confidential Computing with OpenBSD -- The Next Step by Hans-Jörg Höxer

https://youtu.be/KpPY0wKSURM

Confidential computing is a family of techniques to enhance security and confidentiality for data in use. One technical approach is strong isolation for virtual machines.

AMDs Secure Encrypted Virtualization (SEV) offers several feature sets for isolation of guest virtual machines from an non-trusted host hypervisor and operating system. These feature sets include memory encryption, encryption of guest state including CPU registers and an attestation framework.

With OpenBSD 7.6 released in October 2024 we are now able to use the memory encryption features of AMD SEV to run OpenBSD as both

a confidential guest VM and

as a hypervisor providing a confidential execution environment.

Now, thanks to memory encryption the hypervisor is not able to peek into a guests memory and is not able to retrieve sensitive information. However, the state of the CPU registers used by the guest is still visible to the hypervisor.

Therefore, we implemented support of AMDs "Secure Encrypted Virtualization with State Encryption" (SEV-ES) for OpenBSD guests and hypervisor. With SEV-ES all CPU guest state is encrypted and hidden from the hypervisor.

In this talk we will explain the fundamentals of SEV and SEV-ES. Then we explore the challenges imposed by SEV-ES for both guest and hypervisor. Finally we will take a closer look into selected implementation details.

Hans-Jörg Höxer is employed at genua, a German firewall manufacturer, who is using OpenBSD as a secure and stable base for its products.

For more information, please visit:
https://www.bsdcan.org/2025/
- and -
https://www.bsdcan.org/2025/timetable/timetable-Confidential-Computing-with.html

@bsdcan #runbsd #bsdcan

A new BSDCan video has been posted:
Confidential Computing with OpenBSD -- The Next Step by Hans-Jörg Höxer

https://youtu.be/KpPY0wKSURM

Confidential computing is a family of techniques to enhance security and confidentiality for data in use. One technical approach is strong isolation for virtual machines.

AMDs Secure Encrypted Virtualization (SEV) offers several feature sets for isolation of guest virtual machines from an non-trusted host hypervisor and operating system. These feature sets include memory encryption, encryption of guest state including CPU registers and an attestation framework.

With OpenBSD 7.6 released in October 2024 we are now able to use the memory encryption features of AMD SEV to run OpenBSD as both

a confidential guest VM and

as a hypervisor providing a confidential execution environment.

Now, thanks to memory encryption the hypervisor is not able to peek into a guests memory and is not able to retrieve sensitive information. However, the state of the CPU registers used by the guest is still visible to the hypervisor.

Therefore, we implemented support of AMDs "Secure Encrypted Virtualization with State Encryption" (SEV-ES) for OpenBSD guests and hypervisor. With SEV-ES all CPU guest state is encrypted and hidden from the hypervisor.

In this talk we will explain the fundamentals of SEV and SEV-ES. Then we explore the challenges imposed by SEV-ES for both guest and hypervisor. Finally we will take a closer look into selected implementation details.

Hans-Jörg Höxer is employed at genua, a German firewall manufacturer, who is using OpenBSD as a secure and stable base for its products.

For more information, please visit:
https://www.bsdcan.org/2025/
- and -
https://www.bsdcan.org/2025/timetable/timetable-Confidential-Computing-with.html

@bsdcan #runbsd #bsdcan

A new BSDCan video has been posted:
An embedded "dev kit" for EndBASIC with NetBSD
by Julio Merino

https://youtu.be/WZFYTInWAqc

In this talk, I'd like to present how I took EndBASIC and built a NetBSD-based embedded device that boots into this interpreter in just a few seconds.

EndBASIC is a side project of mine that implements a retro-looking BASIC environment. Up until now, this featured a web interface and a desktop interface -- but I wanted to offer a prebuilt image for the Raspberry Pi that booted almost-immediately and was resilient to reboots. You know, like the computers of the 1980s, because I believe such a simplified environment can help with learning the basics of programming.

For this project, I picked NetBSD as the core due to its great cross-building features and then implemented new backends for EndBASIC to leverage NetBSD's native features. In particular, I wrote a driver for NetBSD's wscons framebuffer to have graphics output without having to even start X11.

The result is that I can build a full disk image from my Linux development box for NetBSD, write it to an SD card, and have a Pi boot straight into EndBASIC in about 5 seconds.

What's more: the whole of EndBASIC is written in Rust, and cross-compiling it from Linux x86_64 to NetBSD aarch6 is challenging. I bridged this gap with qemu and automated the whole thing so that I can build images end-to-end without even looking. Having proper cross-build support would be desirable, and I'll cover that.

I can also cover the contributions that this project led to upstream NetBSD, which actually made me recover my account and come back to contributing.

I'm actively working on this project and, from now through June, things may change significantly and I might have new things to talk about and demonstrate. For example, I want to integrate with NetBSD's WiFi stack, or SPI to leverage a tiny LCD. But for now, that's what I can offer for this talk!

For more information, please visit:
https://www.bsdcan.org/2025/
- and -
https://www.bsdcan.org/2025/timetable/timetable-An-embedded-dev.html

@bsdcan #bsdcan

A new BSDCan video has been posted:
An embedded "dev kit" for EndBASIC with NetBSD
by Julio Merino

https://youtu.be/WZFYTInWAqc

In this talk, I'd like to present how I took EndBASIC and built a NetBSD-based embedded device that boots into this interpreter in just a few seconds.

EndBASIC is a side project of mine that implements a retro-looking BASIC environment. Up until now, this featured a web interface and a desktop interface -- but I wanted to offer a prebuilt image for the Raspberry Pi that booted almost-immediately and was resilient to reboots. You know, like the computers of the 1980s, because I believe such a simplified environment can help with learning the basics of programming.

For this project, I picked NetBSD as the core due to its great cross-building features and then implemented new backends for EndBASIC to leverage NetBSD's native features. In particular, I wrote a driver for NetBSD's wscons framebuffer to have graphics output without having to even start X11.

The result is that I can build a full disk image from my Linux development box for NetBSD, write it to an SD card, and have a Pi boot straight into EndBASIC in about 5 seconds.

What's more: the whole of EndBASIC is written in Rust, and cross-compiling it from Linux x86_64 to NetBSD aarch6 is challenging. I bridged this gap with qemu and automated the whole thing so that I can build images end-to-end without even looking. Having proper cross-build support would be desirable, and I'll cover that.

I can also cover the contributions that this project led to upstream NetBSD, which actually made me recover my account and come back to contributing.

I'm actively working on this project and, from now through June, things may change significantly and I might have new things to talk about and demonstrate. For example, I want to integrate with NetBSD's WiFi stack, or SPI to leverage a tiny LCD. But for now, that's what I can offer for this talk!

For more information, please visit:
https://www.bsdcan.org/2025/
- and -
https://www.bsdcan.org/2025/timetable/timetable-An-embedded-dev.html

@bsdcan #bsdcan

A new BSDCan video has posted:

Improvements to FreeBSD KASAN By Zhuo Ying Jiang Li

https://youtu.be/pwwSdQi0NUI

KASAN is a kernel sanitizer commonly combined with fuzzing techniques to detect memory corruption bugs, some of which could lead to security compromise. Currently, FreeBSD's KASAN can only detect a subset of temporal safety vulnerabilities due to the lack of a delayed freeing mechanism of freed items. Furthermore, the effectiveness of detecting spatial safety vulnerabilities is also limited because FreeBSD's KASAN does not add redzone padding around UMA allocations.

In this talk, I will present my current work on improving the effectiveness of KASAN by extending it with a quarantining mechanism and injecting redzones around UMA allocations. The development was done on CheriBSD, a fork of FreeBSD with CHERI support, to explore the synergy between CHERI and KASAN. I plan to upstream the relevant improvements to FreeBSD.

#runbsd #freebsd #bsdcan

A new BSDCan video has been posted:

Sleep on FreeBSD: A bedtime story about S0ix By Aymeric Wibo

https://youtu.be/RCjPc4X2Edc

One of the main things still missing in FreeBSD for it to be usable on modern laptops is the ability to go to sleep. In the past, this was done using ACPI S3, but newer laptops have removed this in favour of S0ix, leaving FreeBSD without support for suspend on those machines.

This talk aims to get the casual user familiar enough with the terms and concepts behind power management, such that they can understand what's going on, what's already possible, what can be done, and be able to narrow down power management issues they might encounter.
Full description

This talk will cover:

The background and history of power management on FreeBSD, from APM, to ACPI S3, and finally to s2idle/S0ix, and how to know whether or not a given laptop supports S3 or S0ix or both.

What the full suspend process looks like with modern standby, going into details like ACPI D-states & power resources, SPMC DSMs (acpi_spmc), the AMD SMU (system management unit, amdsmu), etc. and some of the challenges encountered.

Specifics about sleep on AMD, such as USB4 power management in the HCM (host connection manager) and GPIO controller interrupt servicing.

Cover debugging with residency counters, with the SMU on AMD, _LPI objects, and LPIT on Intel.

Niceties and potential future work, such as idleness determination, a powertop equivalent, a built in amd_s2idle.py equivalent (for debugging sleep issues), etc.

#runbsd #freebsd #bsdcan

A new BSDCan Video has been posted:

porch(1): it's not what you expect(1) By Kyle Evans

https://youtu.be/Drbk4rEH1sk

In a world ruled by expect(1) and TCL, we discuss an alternative that was developed based on scripting with lua instead. porch(1) was developed with a language already available and used in FreeBSD base in mind, with the aim of TTY testing via pts(4).

The overall aim of this project is to provide a simple subset of expect(1) functionality specifically aimed at developer and sysadmin automation in another popular language with many niceties for scripted interaction.

In this talk, we'll specifically discuss:

The motivation for writing porch

The underlying design/philosophy (with diagrams to describe the model)

Bundled-in functionality beyond script execution

Practical samples used in FreeBSD today

--

The author has been a FreeBSD src committer since 2017, working on many parts of the tree and gradually introducing lua into the base system. His most recent exploits include improving base system boot environment management with bectl(8) and excursions into the tty layer.

#runbsd #freebsd #bsdcan

A new BSDCan video has posted:

Improvements to FreeBSD KASAN By Zhuo Ying Jiang Li

https://youtu.be/pwwSdQi0NUI

KASAN is a kernel sanitizer commonly combined with fuzzing techniques to detect memory corruption bugs, some of which could lead to security compromise. Currently, FreeBSD's KASAN can only detect a subset of temporal safety vulnerabilities due to the lack of a delayed freeing mechanism of freed items. Furthermore, the effectiveness of detecting spatial safety vulnerabilities is also limited because FreeBSD's KASAN does not add redzone padding around UMA allocations.

In this talk, I will present my current work on improving the effectiveness of KASAN by extending it with a quarantining mechanism and injecting redzones around UMA allocations. The development was done on CheriBSD, a fork of FreeBSD with CHERI support, to explore the synergy between CHERI and KASAN. I plan to upstream the relevant improvements to FreeBSD.

#runbsd #freebsd #bsdcan

A new BSDCan video has been posted:

Sleep on FreeBSD: A bedtime story about S0ix By Aymeric Wibo

https://youtu.be/RCjPc4X2Edc

One of the main things still missing in FreeBSD for it to be usable on modern laptops is the ability to go to sleep. In the past, this was done using ACPI S3, but newer laptops have removed this in favour of S0ix, leaving FreeBSD without support for suspend on those machines.

This talk aims to get the casual user familiar enough with the terms and concepts behind power management, such that they can understand what's going on, what's already possible, what can be done, and be able to narrow down power management issues they might encounter.
Full description

This talk will cover:

The background and history of power management on FreeBSD, from APM, to ACPI S3, and finally to s2idle/S0ix, and how to know whether or not a given laptop supports S3 or S0ix or both.

What the full suspend process looks like with modern standby, going into details like ACPI D-states & power resources, SPMC DSMs (acpi_spmc), the AMD SMU (system management unit, amdsmu), etc. and some of the challenges encountered.

Specifics about sleep on AMD, such as USB4 power management in the HCM (host connection manager) and GPIO controller interrupt servicing.

Cover debugging with residency counters, with the SMU on AMD, _LPI objects, and LPIT on Intel.

Niceties and potential future work, such as idleness determination, a powertop equivalent, a built in amd_s2idle.py equivalent (for debugging sleep issues), etc.

#runbsd #freebsd #bsdcan

A new BSDCan Video has been posted:

porch(1): it's not what you expect(1) By Kyle Evans

https://youtu.be/Drbk4rEH1sk

In a world ruled by expect(1) and TCL, we discuss an alternative that was developed based on scripting with lua instead. porch(1) was developed with a language already available and used in FreeBSD base in mind, with the aim of TTY testing via pts(4).

The overall aim of this project is to provide a simple subset of expect(1) functionality specifically aimed at developer and sysadmin automation in another popular language with many niceties for scripted interaction.

In this talk, we'll specifically discuss:

The motivation for writing porch

The underlying design/philosophy (with diagrams to describe the model)

Bundled-in functionality beyond script execution

Practical samples used in FreeBSD today

--

The author has been a FreeBSD src committer since 2017, working on many parts of the tree and gradually introducing lua into the base system. His most recent exploits include improving base system boot environment management with bectl(8) and excursions into the tty layer.

#runbsd #freebsd #bsdcan

New @bsdcan Video Posted:

ABI stability in FreeBSD By ShengYi Hung

https://youtu.be/vzU6vKd1OFM

The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our pkg system only support build for all major version.

A wiki page distribute the workflow of CTF diff and script:

https://wiki.freebsd.org/ShengYiHong/ABIStability?highlight=%28ABI%29

The outline of my slides will be as following:

What is ABI and why we needs to stablize ABI?

How to maintain ABI stability (a tool to check and ABI tag in binary)?

ABI information (CTF and dwarf) in elf and why we use CTF?

New tools CTFDiff: Why implement new CTFDiff and don't use the illumos one? (we port libctf and other command line tools like ctfdump to FreeBSD from illumos)

CTFDiff script: scripts download tarball from web (kernel tarball) so that we can compare abi between local compile one and web.

Short demo (maybe) for ctfdiff ?

Current status of CTFDiff (needs reviewers, licenses issue (CDDL))

Future works: regulize a stable function/obj ABI/API in kernel.

#runbsd #bsdcan

New @bsdcan Video Posted:

ABI stability in FreeBSD By ShengYi Hung

https://youtu.be/vzU6vKd1OFM

The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our pkg system only support build for all major version.

A wiki page distribute the workflow of CTF diff and script:

https://wiki.freebsd.org/ShengYiHong/ABIStability?highlight=%28ABI%29

The outline of my slides will be as following:

What is ABI and why we needs to stablize ABI?

How to maintain ABI stability (a tool to check and ABI tag in binary)?

ABI information (CTF and dwarf) in elf and why we use CTF?

New tools CTFDiff: Why implement new CTFDiff and don't use the illumos one? (we port libctf and other command line tools like ctfdump to FreeBSD from illumos)

CTFDiff script: scripts download tarball from web (kernel tarball) so that we can compare abi between local compile one and web.

Short demo (maybe) for ctfdiff ?

Current status of CTFDiff (needs reviewers, licenses issue (CDDL))

Future works: regulize a stable function/obj ABI/API in kernel.

#runbsd #bsdcan

New @bsdcan video posted:

Controlled credentials transitions without privileges: mac_do(4), mdo(1) and setcred(2) by Olivier Certner

https://youtu.be/Wl2hewfxcKM

In this talk, we will present a project that aims at allowing controlled process credentials transitions without using setuid executables but instead leveraging FreeBSD's MAC framework.

Traditional credentials-changing programs, such as sudo(8), have a non-negligible attack surface as they often include a lot of infrequently used features and mechanisms that can be dangerous from a security standpoint (e.g., loadable modules). As these programs have to run as 'root', compromising them can have catastrophic consequences.

The mac_do(4) kernel module has been introduced to allow unprivileged processes to change credentials, provided the requested changes are explicitly allowed by rules set by an administrator. It has recently undergone major changes. First, thanks to a redesign of rules, it is now possible to specify full sets of user and group IDs that must be present or absent in the final credentials for a transition to be accepted. Second, each jail can be configured with a different set of rules, allowing different transitions to be allowed as needed, or to inherit from the parent jail.

We will describe how mac_do(4)'s credentials rules work, what the role of the mdo(1) companion program is, and what you can do with them in practice.

We will also touch on some aspects of the implementation, notably why we needed to introduce the new setcred(2) system call, which allows to change all process credentials in a single call, and possibly those that are related to the use of some FreeBSD's kernel sub-systems (notably, sysctl, jails and OSD).

While the current implementation is of production quality and immediately useful, there are lots of possible ways to extend it to cover more scenarios and to progress towards our ideal of having all credentials-changing programs work without the setuid bit. We will present them in the hope to get feedbacks.

#runbsd #bsdcan