What’s New

This is a partial list of new features and systems included in OpenBSD 7.7.
For a comprehensive list, see the changelog leading to 7.7.

• Platforms specific improvements:
  • arm64:
    • Set AP power state, fixing the SMC initialization on the M1 MacBook with the latest system firmware.
    • Implemented a new pmap_populate() interface on arm64 and riscv64
      to help pmap_enter(9) succeed
      when there’s enough free physical memory but we can’t allocate KVA to
      map that memory.
    • Optimized pmap teardown by skipping TLB flushes, giving ~5%
      performance boost for kernel build.
    • Enabled PAC on hardware that uses the new QARMA3 cipher.
    • Implemented support for SVE (Scalable Vector Extension).
  • amd64:
    • Added the ability for bus_dmamem_alloc(9)
      to recognize the BUS_DMA_64BIT flag and allocate memory for DMA
      without any 4GB restrictions on amd64.
    • Allowed boot loader to run as AMD SEV guest on QEMU with EFI.
    • Allowed kernel boot on QEMU with AMD SEV.
    • Allowed use of MSI with the QEMU default pc-i440fx machine.
    • Stopped amd64 leak of kernel stack guard pages.
    • Implemented the AMD SEV psp(4) download firmware
      command to load new firmware onto the chip and made the AMD SEV
      automatically load psp(4) firmware during vmd(8) startup.
  • Other architectures:
    • Fixed riscv64 sigcode copying and put riscv64 sigcode in the .rodata memory section.
    • Implemented an interrupt depth counter on sparc64.
    • Moved the hppa stack 1GB higher.
    • On i386, improved the stability in low-memory situations, especially for MP.
    • Fixed a powerpc64 bug where a pte could be put into an incorrect pteg, leading to a crash.
    • Changed luna88k disklabel labeloffset to 0.
  • More platform specific changes can be found in the hardware support section below.
• Various kernel improvements:
  • Improved responsiveness in OOM situations and made free target checks coherent.
  • Removed the ability to specify a root, dump or swap device on st(4).
  • In uvm, prevent a race where a mapped object is being truncated
    while we are spinning to unwire it.
  • Optimized page daemon active and inactive list traversals when
    looking only for low pages.
  • Added a helper to check if memory has been freed for a given
    request to improve speed of the page daemon loop.
  • Started accounting for in-flight pages being written to disk when
    the page daemon is computing page shortage.

  • Adjusted the ptrace interface to properly support
    single-threaded continue and make it possible to use breakpoints in
    multi-threaded processes in gdb.
  • Add ptrace(2)
    commands used to read/write the XSAVE area of a traced process.
  • Correctly honored the count optional argument of the ddb(4) break command,
    ensuring execution does not stop until the breakpoint is hit at least
    that many times.
  • Taught ddb(4) how to
    disassemble endbr64.
  • Moved dt(4) to using
    a ringbuffer per CPU.
  • Added ‘socket’ refcnt type to dt(4).
  • Made btrace(8)
    support additional interval/profile units (hz, us, ms, s).
  • Added multi-line strings support to the bt(5) script parser.
  • Added kern.audio.kbdcontrol sysctl(2) variable,
    allowing the volume keys on multimedia keyboards to be handled as
    regular keys if set to 0.
  • Implement bus_dma(9) bounce buffering
    for raw memory.
  • Started ignoring sub-nodes of non-functional nodes in the ACPI
    tree walk to fix double and triple attachments of the same PCIe root
    bridges.

  • Suspend/Hibernate Support
    • Ensured all
      hibernate
      data is written inside the allocated chunk of swap.
    • Removed unneeded zeroing of free pages during
      hibernate.
    • Corrected
      hibernate
      error detection during RLE writes.
    • Ensured
      hibernate
      fails when I/O or memory allocation errors occur.
  • Bugfixes
    • Fixed a (mostly) hypothetical race in pinsyscalls(2) by
      making it return an error if called in a multi-threaded process.
    • Fixed CPU idle percentage in top(1) on macppc.
    • Reworked how processes are stopped because of a signal. Now
      multithreaded processes can be reliably stopped and continued. This
      should fix problems seen in golang, mpv and in our regress tests.
    • Fix possible races of changes to the per-process unveil
      data structures by either pledge() [removing all path promises] or
      unveil() [adding new paths], against namei() inspecting in other
      thread system calls.
• SMP Improvements
  • Unlocked sysctl kern.timeout_stats.
  • Unlocked sysctl kern.allowkmem.
  • Unlocked sysctl kern.video.record.
  • Unlocked sysctl net.inet.gre.allow and
    net.inet.gre.wccp.
  • Unlocked sysctl kern.global_ptrace.
  • Unlocked sysctl kern.wxabort.
  • Unlocked sysctl kern.malloc.kmemstat.
  • Reduced kernel lock contention when tearing down file-backed regions.
  • Unlocked ptsignal, psignal and prsignal by using the ps_mtx mutex(9).
  • Used a mutex to make psp(4) MP safe.
  • Locked send socket buffer for fstat(2) syscall.
  • Made lock changes to reduce lock contention in __thrsleep and
    __thrwakeup syscalls. go performance particularly benefits from this.
  • Unlocked virtio(4).
  • Made `video_filtops’ MP-safe.
  • Run TCP output and TCP timers in parallel.
    • TCP send(2)
      and recv(2)
      system calls use shared netlock.
      Multiple userland threads can work on different sockets in
      parallel.
    • TCP output no longer blocks IP processing.
    • TCP timer also use locks that are specific to the socket they
      are working on, other network traffic can be processed by
      different CPUs.
    • Socket splicing is MP-safe for TCP.
    • Some of the sysctl syscalls affecting TCP no longer block
      network operations on other CPUs.
    • Only TCP input still uses exclusive netlock and prevents
      other parts of the network stack from running in parallel.
  • Unlocked accept(2) for TCP sockets.
  • Started using shared net lock when calling shutdown(2) on internet
    socket.
  • Reworked rwlocks to reduce pressure on the scheduler and SCHED_LOCK.
  • Pushed the KERNEL_LOCK() down to namei(9) in stat(2), lstat(2) &
    fstatat(2) and Unlocked fstat(2).
  • Unlocked wskbd(4)
    kqueue filterops.
  • Used `ws_mtx’ mutex(9) to make wsmux(4) filterops MP-safe.
  • Unlocked open(2)
    and openat(2).
  • Made wsmouse(4)
    and wstpad filterops MP-safe.
  • Pushed KERNEL_LOCK() inside __realpath(2).
  • Made wakeup of parent process in dowait6 reliable even without kernel lock.
  • Used ps_mtx mutex(9) to lock the child
    process that is being checked by dowait6.
• Direct Rendering Manager and graphics drivers
  • Updated drm(4)
    to Linux 6.12.21.
  • amdgpu(4): Added kernel
    support for Ryzen AI 300 (Strix Point, Strix Halo, Krackan Point),
    Radeon RX 9070 (Navi 48).
  • inteldrm(4): Added
    support for Arrow Lake.
• VMM/VMD improvements
  • Added an IPI for executing INVEPT to flush EPT on remote CPUs, a
    first step toward allowing guest memory not to be wired by UVM.
  • Implemented psp(4)
    shutdown command and ioctl(2) PSP_IOC_SHUTDOWN,
    which will be used by vmd(8) to reset psp(4) on startup.
  • Started using acpipci(4) on
    hypervisors. If the hypervisor cpuid bit is set, use acpipci to attach
    PCI busses. As virtualization is not that old, we can assume that in
    VMs we don’t need the quirk for old, broken ACPI. This solves
    problems with PCI BAR access and recent SeaBIOS versions on QEMU.
• Various new userland features:
  • Numerous changes to make the
    imsg API
    stricter and better, which were followed
    by adapting all applications across the tree.
  • Allow the user to provide an alternative perfpolicy when on
    battery, extending the semantics of hw.perfpolicy to provide two
    buttons to specify desired behavior. This gives users more flexibility
    in setting the performance when AC-powered vs. battery powered.
  • Made calendar(1) use the
    environment variable RECIPIENT_EMAIL for sending mails to.
  • Made security(8)
    use GMT rather than the local timezone when checking for changes in
    device nodes and setuid files. Avoids false positives when changing
    timezones.
  • Added a new variable PASSWDSKIP that can be set in
    /etc/daily.local to prevent security(8) from
    complaining about specific accounts that have no password. This is
    typically used for services like anoncvs and gotd.
  • Added [-f file] to sysctl(8) to apply
    sysctl.conf(5)
    in one go, and started using it in rc(8) instead of a parser implemented in ksh.
  • Added support for read/write of xmm/ymm registers to
    lldb(1).
• Various bugfixes and tweaks in userland:
  • Added wsconscfg(8) -g option
    to get the index of the current virtual terminal.
  • Made getgrouplist(3)
    always return the total number of groups found.
  • Ignore extra groups that don’t fit in the buffer passed to getgrouplist(3),
    providing only the kernel maximum of sixteen groups.
  • Prevent newsyslog(8) from running
    through time checks when an entry needs to be rotated based on size.
  • Changed ps(1) to print
    the session id (PID of the session leader) instead of a pointer with
    display argument ‘sess’.
  • In cu(1), map ucom
    unit number to cuaU number using the same scheme MAKEDEV uses, fixing
    problems with ucom units > 10.
  • Made CPU frequencies human-readable with systat(1) sensors -h.
  • Fixed a bug where getty(8) dx flag was
    supposed to set decctlq, but was setting ixany instead.
  • Made pkg_add(1) run ldconfig(8) after each
    updateset if the list of shared libraries was changed.
  • Corrected behavior of sed(1) c command to match
    POSIX.
  • Make clang(1)
    -fzero-call-used-regs aware of the register used by
    retguard. QEMU is using -fzero-call-used-regs, causing a crash.
  • Disk partition information is now saved by
    security(8).
  • Made security(8)
    ignore quota(1) files
    and all subdirectories of /var/mail when checking the ownership and
    mode of mailboxes.
  • Added pkg-config(1) support
    for relocatable .pc files.
  • Made mandoc(1) “-T html”
    and “-T markdown” output translate “.%R RFC ” to a
    hyperlink to rfc-editor.org.
    
  • Support decimal fractions like “0.25i” in
    roff(7) scaled widths
    and arithmetic operations in
    tbl(7) column widths,
    as needed for some manual pages written with DocBook.
  • When syslogd(8)
    acting as logserver with TLS (-S) and
    client-certificates are used for authentication (-K), use the CN from
    the client’s certificate as hostname.
  • Adjusted the alignment when
    df(1) prints inode columns.
    This makes
    ‘df -hi’ on systems with large partitions easier on the eyes.
  • Made test(1) use
    timespeccmp() and st_mtim instead of comparing st_mtime to fix
    comparison of files with modification times that differ by less than a
    second.
  • Made ksh(1) use
    timespeccmp() and st_mtim instead of comparing st_mtime to fix
    comparison of files with modification times that differ by less than a
    second.
  • In ps(1) added a
    digit to vsz and rss to accommodate processes using more memory.
  • Updated tzfile(5)
    to 2025bgtz from https://github.com/JodaOrg/global-tz.
  • Updated libc/locale support including
    e.g. wcwidth(3)
    and the iswalnum(3)
    family of functions to Unicode Version 15.0.0.
• Improved hardware support and driver bugfixes, including:
  • Increased psp(4) timeouts, allowing the EPYC 9124 time to attach.
  • Added PercentLoad sensor to upd(4), reporting the % of the available UPS power drawn by output outlets.
  • Fixed RunTimeToEmpty on some EATON models in upd(4).
  • Improved the heuristic for detecting I2C devices (making type-A ports on the Vivobook work in ACPI mode).
  • Added support for CSI b control sequence (repeat last printed character) to the wscons(4) vt100 emulation.
  • Fixed simplefb(4) colours for BPP16 and BPP24.
  • Added support for BPP16 16-bit color EFI framebuffer format as offered by U-Boot.
  • Implemented CSI s and CSI u to save and restore cursor position in wscons(4).
  • Made scaling available for normal wsmouse.4 mice, not just touchpads.
  • Added scmi(4) mailbox transport and perf protocol for CPU frequency management on Snapdragon X Elite.
  • Moved to send only a single reset during attach for ihidev(4) devices, preventing issues with some devices like the built-in keyboard on the ThinkPad T14s Gen 6.
  • Changed the sdhc(4) bus power behavior to no longer perform a power-off voltage switch request when the card is already operating at the requested voltage.
  • Implemented aplsmc(4) support for the new CHLS key used to control the battery charge level in newer SMC firmware.
  • Added pinctrl(4) support to the qciic(4) driver for Qualcomm Snapdragon SoCs.
  • Made qcpas(4) send APM_POWER_CHANGE events on AC/battery life changes, allowing upowerd to react.
  • Added qccpucp(4), a driver for the Qualcomm CPUSS Control Processor (CPUCP) mailbox controller.
  • Made qcpon(4) query hardware for the button state to detect release even if the press event is missed, and to signal wakeup when the button is pressed.
  • Made qcscm(4) attach at acpi(4). This lets Qualcomm machines which use qcscm(4) access EFI variables in ACPI mode. Some arm64 machines, like the Samsung Galaxy Book4 Edge can be successfully installed with this change.
  • Fixed support for AMD 600 series ahci(4) controller.
  • Introduce a pckbc@acpi driver attachment that is use instead of pckbc@isa when an interrupt configuration is incompatible with legacy ISA. This unbreaks, among other things, the keyboards in various Chromebooks.
  • Implemented rkpmic(4) power down if the PMIC is marked as the system power controller in the device tree.
  • Added RK3399 support to rkusbphy(4).
  • Added dwmmc(4) support for the “post-power-on-delay-ms” in the MMC power sequencing.
  • Implemented regulator-based signal voltage switch support in dwmmc(4), fixing bootup on the MNT Reform2 with the RK3588 module.
  • Added uvideo(4) support for Jabra PanaCast 20.
  • Ensure uvideo(4) fills v4l2_capability correctly (allowing some V4L consumers to use bus_info to identify the desired webcam when attempting to switch devices).
  • Added uvideo(4) support for devices which report bulk and isochronous endpoints.
  • Made uvideo(4) bypass unknown pixelformat to consumer rather than rejecting unknown driver formats.
  • Support colorformat from uvideo(4) device.
  • Fixed a uvideo(4) crash on close of isochronous endpoint’s webcam.
  • Ensure uvideo(4) forwards frames with error bit to V4L consumers, which adds support of the integrated camera on ThinkPad T14 Gen 5, ThinkPad X1 Nano Gen 2, ThinkPad X13 and many other devices.
  • Forced 32-bit accesses when reading 8-bit or 16-bit registers, allowing use of xhci(4) on a Cadence xHCI controller as seen on the Radxa Orion O6.
  • Added USB 3.0 speed support to xhci(4) and uvideo(4).
  • Fixed uaudio(4) devices that don’t support sample rate changes.
  • Added LED support for ikbd(4) keyboards.
  • Added mtintc(4) a driver supporting interrupt controllers found on MediaTek SoCs.
  • Added mtrng(4), a driver supporting the 32-bit random number generator on MediaTek SoCs.
  • Added mtxhci(4), a driver for the xHCI USB controller found on MediaTek SoCs, and enable it on armv7 and arm64.
• New or improved network hardware support:
  • Added ice(4), a driver for Intel E810 Ethernet (1Gb/10Gb/25Gb/50Gb/100Gb) devices.
  • Increased receive mbuf size with LRO in vio(4), helping TCP splice performance.
  • Fixed xbf(4) and xnf(4) not attaching on XCP-ng 8.3/Xen 4.17.
  • Added printing of number of queues and interrupt and Ethernet address details to mcx(4).
  • Fixed the bnxt(4) receive refill timeout to only refill rings that are currently empty, preventing possible corruption and crashes.
  • Added support for AX88772D to axen(4).
  • Added ixv(4), a driver for virtual functions of Intel 82598EB, 82559 and X540.
  • Enabled rx/tx checksum offloading on iavf(4).
  • Added RSS/multiqueue support for AQC11x models (“aq2”) in aq(4).
  • Added support for reading EEPROM pages for aq(4) cards with SFP slots.
  • Started clearing the OACTIVE flag on transmit queues when ixl(4) is reset.
• Added or improved wireless network drivers:
  • Added support for MA devices to iwx(4).
  • Restricted scanned channels appropriately when qwx(4) runs in a fixed PHY mode.
  • Add support for QCA2066 to qwx(4).
  • Changed mtw(4) to only open bulk usb(4) pipes once for the lifetime of the device.
• Installer, upgrade and bootloader improvements:
  • On the macppc
    architecture, make ofwboot sync instruction cache before entering
    kernel, preventing a potential boot failure.

  • Made installboot(8)
    install a copy of the UEFI bootloader in /efi/openbsd on the EFI
    system partition, allowing creation of boot options for the firmware
    boot manager other OSes will leave alone.
  • Only install a second copy of the bootloader if the EFI
    System Partition is at least 1MB to avoid filling up the tiny ESPs we
    used to create a few releases ago.
  • Made installboot(8) only
    set BootOrder if our boot option isn’t already part of it. This means
    sysupgrade (or reinstalls) will no longer set OpenBSD as the default
    OS if users change the boot order by some other means. Fresh installs
    will still make OpenBSD the default OS.
  • Added a -c option installboot(8) that
    sets up the machine to boot from the specified disk, used on arm64 and
    amd64 with UEFI and GPT.

  • Added sysupgrade(8) -R #.#
    to try to use a specific release version rather than the immediate
    +0.1.
  • Provided a mechanism for getting required keys to sysupgrade(8) older
    machines, providing a new set of keybundles signed by older keys to
    allow sysupgrade to securely and automatically download the required
    key.
  • Added firmware keys to the signify key bundles. sysupgrade(8) will now
    extract the firmware key also, allowing fw_update fetch the most
    up-to-date firmware before upgrading.
  • Added support to sysupgrade(8) to
    perform a sysupgrade from a fileset stored on a filesystem. This is
    convenient for offline machines.

  • Made fw_update(8) -a mean
    all when downloading or installing, not just deleting.
  • Allowed fw_update(8) to
    download firmware without root.
  • Added f