In this month’s project update we will take a look at the ongoing FreeBSD 64-bit ARM port. AArch64 is the official name for the 64-bit ARM architecture, but it is also known as ARMv8 and arm64. The 64-bit ARM architecture is expected to find use in traditional server markets, in contrast to the embedded and mobile markets where 32-bit ARM is widely adopted.
The FreeBSD Foundation is collaborating with ARM, Cavium, Semihalf and Andrew Turner to port FreeBSD to arm64. Cavium is contributing directly to the Foundation, supplying engineering expertise and hardware for the development community. Cavium's ThunderX platform provides a great match for FreeBSD’s strength as a server operating system, and it supports up to 48 cores in a single package. ThunderX will be the initial reference target for this project, but ports to other arm64 platforms are expected later on.
The kernel bring-up portion of the project is nearing completion; FreeBSD/arm64 boots to single-user mode on ARM's reference simulator. Work is underway on the remaining kernel drivers, and on userland support.
This project’s overall goal is to bring FreeBSD/arm64 to a Tier-1 status, including release media and prebuilt package sets. More information about the arm64 port can be found on the FreeBSD wiki at https://wiki.freebsd.org/arm64, and the in-progress source tree is available through the FreeBSD Foundation’s GitHub account at https://github.com/FreeBSDFoundation/freebsd.
The FreeBSD Foundation is pleased to announce the successful completion of work on the improvement and integration of the Capsicum framework and the Casper services daemon. The Google Open Source Programs Office and the FreeBSD Foundation jointly sponsored Paweł
Jakub Dawidek for this project.
Capsicum is a lightweight OS capability and sandbox framework
developed at the University of Cambridge Computer Laboratory. Capsicum extends the POSIX API, providing several new OS primitives to support object-capability security on UNIX-like operating systems. Capsicum is now a standard part of FreeBSD, and ports to other operating systems are in progress.
The Casper daemon provides an easy to use programming interface for services which are otherwise difficult or impossible to access in a capability sandbox, including DNS resolution, access to the password and system groups database, entropy, and sysctl system configuration nodes.
"Libcapsicum and the Casper daemon make it easier for application developers to take advantage of capability sandboxing -- a critical step in allowing not just web browsers, but also security-ciritical desktop applications such as mail readers and office suites, to mitigate security vulnerabilities," said Robert N. M. Watson, the FreeBSD Foundation board member and University of Cambridge lecturer who led the Google-funded Capsicum research project.
The new libnv library developed as part of this project simplifies inter-process communication, a critical aspect of the Capsicum sandboxing model. Redesigned capability rights allow for finer-grained control of individual capabilities by eliminating the previous limit on the number of different kinds of file-descriptor operations controlled by capabilities.
Capsicum API enhancements appear in FreeBSD 10.0 along with sandboxing of a number of base-system components; Casper will be available from FreeBSD 10.1 on, and will be used by a number of base system components including tcpdump and kdump.
Aleksandr Rybalko continues to make good progress on the FreeBSD-Foundation sponsored Newcons project. This project will provide a replacement for the legacy syscons system console. Newcons provides a number of improvements, including better integration with graphics modes, and broader character set support.
FreeBSD's introduction of Kernel Mode Setting (KMS)-enabled graphics drivers for X11 produced a regression when combined with syscons: it was no longer possible to switch back to a console after starting X. Newcons integrates with KMS and restores this ability.
Newcons adds UTF-8 support and currently includes Latin and Cyrillic characters; additional ones will be added over time. Aleksandr has an example of Cyrillic display and keyboard input in his blog posting at http://raybsd.blogspot.com/2013/10/newcons-international-keyboard-input.html
I have switched my laptop, a Thinkpad X220, to a Newcons kernel. In addition to the improved X11 integration mentioned above, a happy side effect is that suspend and resume again works.
Newcons has a small number of outstanding issues which are currently being fixed, with integration into FreeBSD HEAD to follow shortly. More details on the project can be found on the FreeBSD wiki, at https://wiki.freebsd.org/Newcons
The FreeBSD Foundation is pleased to announce that Edward Tomasz NapieraÅ‚a has joined as its second member of technical staff. This is a continuation of the Foundation's plan to invest in staff in 2013.
A FreeBSD committer since 2007, Edward previously completed a number of projects under Foundation grants, including safe device removal with mounted filesystems, growing mounted filesystems, and resource containers.
Edward is currently implementing a native in-kernel iSCSI stack (both target and initiator) for this increasingly popular block storage protocol. "Although there are a number of iSCSI target implementations that support FreeBSD, the project lacks a high performance and reliable in-kernel target. As iSCSI gains favor, this stack will be a key element in maintaining FreeBSD's competitive position in enterprise and open-source deployments" said Justin T. Gibbs, president of the FreeBSD Foundation. The project is expected to be completed in October 2013.
Another part of Edward's responsibilities will be assisting the FreeBSD Security Team in preparing security advisories and patches.
Edward lives in Warsaw, Poland.