December 4, 2024

FreeBSD is a strong choice for organizations looking for a modern and reliable open-source operating system. It offers flexible licensing, strong security, excellent performance, and great stability, making it suitable for businesses of any size.

The FreeBSD 14.x series shows the project’s commitment to improving security and modernization. FreeBSD continually enhances its system’s reliability, security, and hardware compatibility, often keeping up with or exceeding the latest technological standards found in other operating systems. The current release builds on the foundation laid by version 14.0 in November 2023 and aligns with the timeline that includes the FreeBSD 13 branch, which came out in August 2022.

FreeBSD 14.2-RELEASE demonstrates the operating system’s focus on meeting the changing needs of its users, reinforcing its position as a leading open-source option. This version brings important updates in infrastructure, hardware compatibility, and security, highlighting its value in the industry.

FreeBSD 14.x overview

The 14.x series significantly improves the system’s overall performance, security, and stability. This release includes extensive updates across various areas, such as networking, storage, virtualization, userland, and kernel enhancements.

FreeBSD 14.2-RELEASE is the latest version in the 14-STABLE branch. It features improvements, security patches, and updated functionalities designed to enhance user experience and system stability. This section highlights the notable changes and enhancements introduced in FreeBSD 14.x.

Upgrading from previous releases

Users upgrading from earlier versions of FreeBSD will find the transition to the latest version smooth, thanks to the comprehensive documentation available to guide them through the upgrade process. Before starting the installation, it is advisable to check the release errata for any recent issues or updates.y recent issues or updates.

Networking enhancements

Networking is a cornerstone of FreeBSD’s capabilities, and FreeBSD 14.2 adds several new features to the already robust stack introduced in 14.1:

  • Adaptive Interrupt Moderation (AIM): Introduced in the igc(4), lem(4), em(4), and igb(4) drivers, AIM addresses UDP performance regressions and improves efficiency​.
  • LinuxKPI Enhancements: Improvements to wireless drivers like iwlwifi(4) ensure better stability and reliability​.

Previous network improvements in FreeBSD 14.x

FreeBSD 14.x introduced key networking enhancements to improve performance, security, and overall system capabilities. These updates reflect FreeBSD’s commitment to maintaining a state-of-the-art networking stack

  • Kernel TLS (KTLS) Enhancements: Added receive offload support for TLS 1.3, improving performance for encrypted network traffic. This enhancement builds on the existing support for TLS 1.0 through TLS 1.3, ensuring better security and performance for encrypted communications​​.
  • CUBIC as Default TCP Congestion Control: Adopted CUBIC as the default congestion control algorithm for TCP, offering improved performance for long-duration data transfers by allocating a higher fraction of the available bandwidth than NewReno​​.
  • ARP Support for 802-Standard Networks: Restored support for Address Resolution Protocol (ARP) on 802-standard networks, which had been accidentally removed with FDDI support.
  • Kernel WireGuard Driver: Reintegrated the kernel WireGuard driver, offering efficient and secure Virtual Private Network (VPN) connectivity using the WireGuard protocol.
  • Radix Tables for MAC Addresses: Implemented support for radix tables in ipfw(4) for MAC address filtering. This feature allows for more efficient handling and filtering of MAC addresses.
  • IPv6 Rapid Deployment (6rd): Added support for IPv6 Rapid Deployment (6rd) as per RFC 5969, which facilitates the deployment of IPv6 over IPv4 infrastructure.
  • Netlink Protocol: Expanded and improved the netlink(4) user/kernel communication protocol, primarily used for network configuration. The enhancements include better support and conversion of network configuration utilities to use netlink, enhancing the efficiency of network management).
  • pfsync Enhancements: Updated pfsync(4) to support IPv6 transport and extended its packet format to improve queuing, scrubbing, and route-to rules, enhancing the synchronization of state tables across firewalls.
  • Layer 3 Filtering on Bridges: Improved the behavior of Layer 3 filtering on if_bridge(4) by setting net.link.bridge.pfil_member and net.link.bridge.pfil_bridge to default to zero, addressing fail-safety concerns in network configurations.
  • CARP Unicast Address Support: Updated carp(4) to allow configuration of the address to which CARP messages are sent, supporting unicast addresses for certain virtual configurations.

Storage and virtualization

Storage and virtualization enhancements in FreeBSD 14.2 extend the flexibility and resilience introduced in earlier releases:

  • OpenZFS 2.2.6 Upgrade: Provides performance improvements and enhanced data resiliency​.
  • Bhyve Guest: Includes better VNC color handling.
  • VM Guest: Up to 40% performance improvements in TLB flushing on Hyper-V​.

Previous storage and virtualization improvements in FreeBSD 14.x

Storage

  • ZFS Enhancements: OpenZFS upgraded to version 2.2.4, includes performance improvements like adaptive ARC, zstd early abort, and I/O prefetch improvements. New zfskeys service for automatic decryption of ZFS datasets at boot.
  • Block Cloning: Optional support for shallow copies of blocks in file copies, enabled via sysctl.
  • Scrub Error Log: zpool scrub -e command to log scrub errors.
  • BLAKE3 Checksums: Introduction of BLAKE3 checksums, recommended for secure checksums.
  • Corrective zfs receive: Allows for healing corrupted data during receive operations.
  • Vdev and Zpool User Properties: Similar to dataset user properties, for better customization.
  • Adaptive ARC: Fully adaptive ARC minimizes the need for manual tuning.
  • Zstd Early Abort: Efficiency improvements for handling uncompressible data.
  • I/O Prefetch: General improvements and optimizations for I/O prefetch.
  • 32-bit PowerPC Support: ZFS enabled on 32-bit powerpc/powerpcspe architectures.
  • UFS Updates: Soft updates enabled by default for new UFS file systems, allowing background dumps on live systems.
  • Background File System Checks: Using a snapshot for UFS with journaled soft updates.
  • Superblock Check Hashes: Added to detect corruption in superblocks, cylinder group maps, and inodes.
  • Libufs(3) Library Update: Inclusion of corruption checks in all filesystem utilities.
  • Tarfs Support: Added support for tarfs(5), a file system backed by POSIX tar archives, optionally compressed with zstd(1).
  • Msdosfs(5) Enhancements: Records available directory entries in the root directory of FAT12 and FAT16 file systems; Correctly calculates available and used blocks of FAT12 and FAT16 file systems.
  • Synthetic File Systems: Synthetic file systems like devfs(5) and procfs(5) now report 0 blocks used, avoiding 100% full reports.
  • NFS Enhancements: Support for Kerberized NFSv4.1/4.2 mounts and SP4_MACH_CRED.
  • Syskrb5 Mount Option: For Kerberized NFSv4.1/4.2 mounts using AUTH_SYS authentication without requiring Kerberos credentials at mount time.
  • Updated NFS: The NFS client and server have been updated to support NFSv4.2, including extended attributes.
  • Secure NFS: Support for configuring NFS over TLS, emphasizing secure storage solutions.

Virtualization

  • Enhanced Guest Support in bhyve: The bhyve hypervisor and kernel module vmm(4) now support more than 16 vCPUs in a guest, allowing guests to utilize host CPU resources more effectively​​.
  • Bhyve TPM Passthrough: Added support for TPM passthrough in bhyve.
  • Bhyve GPU Passthrough: Improved GPU passthrough support for AMD and Intel GPUs.
  • Virtio-Input Device Emulation: Bhyve now supports injecting keyboard/mouse input events into a guest.
  • Firecracker VMM: FreeBSD can now run inside the Firecracker VMM via the amd64 FIRECRACKER kernel configuration.

Userland, contributed software, and kernel enhancements

FreeBSD 14.2 builds upon the userland updates from 14.1 with additional improvements:

  • New Utilities: Introduction of md5sum(1) for Linux compatibility and updates to libarchive (3.7.7) and OpenSSL (3.0.15)​.
  • Installer Improvements: The bsdinstall(8) utility now supports post-installation firmware downloads​.

Contributed software updates in FreeBSD 14.2

FreeBSD 14.2 brings several updates to contributed software, enhancing functionality, security, and performance for developers and users alike. These updates reflect FreeBSD’s commitment to maintaining a modern software ecosystem:

  • bc: Upgraded to version 7.0.2, providing a robust and efficient calculator utility.
  • libarchive: Updated to version 3.7.7, offering improved capabilities for data archiving and extraction.
  • libcbor: Upgraded to version 0.11.0, ensuring better support for CBOR (Concise Binary Object Representation) data structures (Sponsored by The FreeBSD Foundation).
  • libcxxrt: Updated to a vendor snapshot (6f2fdfebcd62), delivering enhancements for runtime C++ support.
  • libfido2: Enhanced to version 1.14.0, strengthening FreeBSD’s capabilities for FIDO2-based authentication (Sponsored by The FreeBSD Foundation).
  • libpcap: Updated to version 1.10.5, ensuring a modern foundation for packet capturing (Sponsored by The FreeBSD Foundation).
  • llvm: Upgraded to version 18.1.6, providing state-of-the-art compiler and toolchain support for developers.
  • openssl: Upgraded to version 3.0.15, addressing the latest cryptographic standards and security improvements.
  • tcpdump: Updated to version 4.99.5, improving network traffic analysis capabilities (Sponsored by The FreeBSD Foundation).
  • unbound: Enhanced to version 1.22.0, delivering a secure and modern DNS resolver.

Previous userland and kernel enhancements in FreeBSD 14.x

The FreeBSD 14.x series has undergone significant improvements in both the user environment and the kernel, making it more robust, secure, and adaptable. These enhancements improve the system’s functionality and ensure it remains up-to-date with the latest technological standards and user expectations.

Shell and MTA defaults

  • Default Shell: The root user’s default shell is now sh(1), which includes many new features for interactive use. This change simplifies the environment and improves security by using a shell with fewer historical vulnerabilities than other shells like csh or bash.
  • Default MTA: The default Mail Transport Agent (MTA) is now the Dragonfly Mail Agent (dma(8)), replacing sendmail(8). This change simplifies mail configuration and management. Configuration is handled through mailer.conf(5), and sendmail(8) is still available for those who need it. Additionally, the mta_start_script configuration variable has been retired from rc.conf(5) along with the othermta startup script​​.

Userland enhancements

  • Base64 utility: A new utility, base64(1), has been introduced. This utility allows users to encode and decode data in base64 format, which is commonly used for encoding binary data in text files such as email attachments and XML data
  • Capsicum sandbox support for existing utilities like sockstat(1).
  • New kdc_restart Variable: Manages kdc(8) under daemon(8), auto restarting kdc on abnormal termination.
  • Adduser Utility Enhancements: The adduser(8) utility now automatically creates a ZFS dataset for new user home directories if the parent directory resides on a ZFS dataset. This feature supports ZFS encryption, providing enhanced security for user data.
  • Locale and Keyboard Updates: Locale handling upgraded to CLDR 41.0 and Unicode 14.0; Support for the new French bépo keyboard layout (version 1.1rc2) has been added. This layout is normalized by the French national organization for standardization as “NF Z71‐300″​​.
  • Process Management : Enhancements to utilities like login introduce the capability to set process priorities directly from ~/.login_conf, offering refined control over process management.
  • Data Archiving and Extraction : Upgrading libarchive to version 3.6.2 for enhanced data archiving and extraction.

Utilities and enhancements

  • Package Upgrades: Major upgrades to software such as tcpdump, libpcap, OpenSSL to version 3.0.12, One True Awk to 2nd Edition, and Clang/LLVM to version 18.1.5.
  • Systat Utility Update: The systat(1) utility has a new command, iolat, which reports I/O latencies computed by the CAM I/O scheduler. This is useful for diagnosing performance issues related to disk I/O.
  • Tcpsso Utility: A new utility, tcpsso(8), has been added. It allows users to apply a socket option to an existing TCP endpoint, changing the congestion control module or the TCP stack on the fly.
  • Periodic Facility: By default, the changes shown in email by the periodic(8) facility from the daily scripts now show less context to reduce the output size. This behavior can be controlled by the daily_diff_flags variable in periodic.conf(5). Similarly, the changes shown by the security scripts are controlled by the security_status_diff_flags variable​​.
  • Date Utility Update: The date(1) program now supports nanoseconds, allowing for more precise timestamping. For example, date -Ins prints “2024-04-22T12:20:28,763742224+02:00” and date +%N prints “415050400”.
  • Locale Handling: Locale handling has been upgraded to CLDR 41.0 and Unicode 14.0. This ensures better support for internationalization and localization, including new characters and improved collation rules​​.
  • Unprivileged Chroot: The chroot(8) facility now supports unprivileged operation, with a new -n option to enable its use. This enhancement increases the flexibility and security of using chroot environments​​.
  • Md5sum Utility: New md5sum(1) and similar message-digest programs have been added, which are compatible with the Linux versions. This provides easier cross-platform script compatibility​​.
  • Improved Documentation: Enhancements in kernel documentation, making it easier for users and developers to understand and utilize new features.

Kernel enhancements

  • Enhanced Cryptographic Framework: FreeBSD 14.x has expanded its cryptographic framework to support modern ciphers and encryption methods, including support for XChaCha20-Poly1035 AEAD cipher and an API for curve25519, providing robust options for secure communications and data protection.
  • Hardware Support: New drivers for the Intel I225 Ethernet controller and Microchip LAN7430/7431 Ethernet controllers, and improvements in the iwlwifi driver for Intel Wi-Fi devices.
  • AddressSanitizer: Usable in amd64 kernels.
  • Security Improvements: Introducing Address Space Layout Randomization (ASLR) for 64-bit executables.
  • Debugging Enhancements: A new SPLIT_KERNEL_DEBUG configuration option enables separate kernel and module debug data handling.

Cloud support enhancements in FreeBSD 14.2

FreeBSD 14.2 includes significant updates and new features designed to enhance its compatibility and performance in cloud environments. These advancements make FreeBSD an even stronger contender for modern cloud deployments:

  • OpenStack Networking Enhancements:
    The nuageinit startup script now supports OpenStack network configurations, streamlining setup for cloud environments (Sponsored by OVHCloud).
  • OCI-Compatible Container Images:
    FreeBSD now publishes OCI-compatible container images, enabling seamless deployment and integration with container-based cloud ecosystems.
  • Optimized EC2 Images:
    Introduced “small” EC2 images optimized for lightweight deployments. These images exclude debug symbols, tests, 32-bit libraries, LLDB, the Amazon SSM Agent, and AWS CLI for reduced size and faster performance (Sponsored by Amazon).
  • Enhanced EC2 API Compatibility:
    The “shutdown” and “reboot” APIs now function properly for arm64 instances. Older instances upgrading to FreeBSD 14.2 will need debug.acpi.quirks=”8″ set in /boot/loader.conf to enable these features (Sponsored by Amazon).

Earlier cloud support in 14.x:

  • 14.1-RELEASE supports cloudinit, compatible with OpenStack and many hosting facilities.
  • Experimental ZFS-root EC2 AMIs on AWS with cloud-init support.
  • Arm64 images for Azure with Gen2 VM support.

Hardware support and device drivers

FreeBSD 14.2 continues to improve hardware compatibility, addressing both new and legacy platforms:

  • High-Core-Count AMD CPUs: Fixed boot failures by increasing the maximum IOAPIC ID to 255​.

Updates to device drivers in FreeBSD 14.2

FreeBSD 14.2 introduces updates and new drivers to enhance hardware compatibility, performance, and reliability. These improvements demonstrate FreeBSD’s commitment to supporting a broad range of modern and legacy devices.

  • ena: Upgraded to version 2.8.0, improving support for Elastic Network Adapters in cloud environments (Sponsored by Amazon, Inc.).
  • ice: Updated to version 1.43.2-k, enhancing performance for Intel Ethernet controllers (Sponsored by Intel Corporation).
  • ice_ddp: Upgraded to version 1.3.41.0, bringing additional optimizations for Intel’s Dynamic Device Personalization (DDP) profiles (Sponsored by Intel Corporation).
  • hda(4): Added support for Tiger Lake-H processors, expanding compatibility with Intel hardware.
  • ichsmb(4) and ig4(4): Introduced support for Meteor Lake platforms, ensuring seamless operation with the latest Intel chipsets (Sponsored by Framework Computer Inc. and The FreeBSD Foundation).
  • rtw89(4): A new wireless driver supporting Realtek chipsets, providing better connectivity for modern wireless hardware (Sponsored by The FreeBSD Foundation).
  • Realtek 8156/8156B: Support transitioned from cdce(4) to ure(4), offering improved performance and reliability for these Ethernet adapters (Sponsored by The FreeBSD Foundation).
  • ACPI GPIO _AEI Objects: Added support for GPIO _AEI objects, improving ACPI functionality in certain systems (Sponsored by Amazon).
  • nvme(4): Enabled across all architectures, expanding support for NVMe storage devices and configurations.

Earlier hardware support improvements in FreeBSD 14.x

FreeBSD 14.x introduced several significant enhancements to hardware support, ensuring improved compatibility and performance across various modern systems. Key updates include:

  • Intel Wi-Fi (iwlwifi(4)): The iwlwifi(4) driver for Intel Wi-Fi devices has undergone numerous stability improvements, supporting newer chipsets.
  • Intel E800 Series (ice(4)): A driver is available for the Intel E800 series’ ice(4) Ethernet network controllers, which support 100 Gb/s operation. This driver has been upgraded to version 1.39.13-k​​.
  • Multiple PCI MCFG Regions: Added support for multiple PCI MCFG regions on amd64 and i386 architectures, allowing PCI configuration space access for domains (segments) other than 0​​.
  • Raspberry Pi (smsc(4)): The smsc(4) Ethernet driver can now fetch the value of smsc95xx.macaddr passed by some Raspberry Pi models and use it for the MAC address, ensuring a stable MAC address even if there is no address in EEPROM​​.
  • Sound System (snd_clone): The snd_clone framework, including related sysctls, was removed from the sound subsystem, simplifying the system. The per-channel nodes (/dev/dspX.Y) are no longer created; only the primary device (/dev/dspX)​​ is.
  • Asynchronous Audio Device Detach: Audio now supports asynchronous device detach, greatly simplifying the hot-plugging and unplugging of USB headsets and easing the use of PulseAudio in cases requiring system sleep and wake (suspend and resume)​​.
  • NVMe Disks (nda(4)): NVMe disks are now nda devices by default. Symbolic links for the previous nvd(4) device names are created in /dev, and configurations like fstab(5) should be updated to refer to the new device names​​.
  • Intel QAT Driver (qat(4)): The previous qat(4) driver has been replaced with Intel’s QAT driver, providing additional interfaces to the chipset’s cryptographic and compression offload functionality. The new driver does not support Atom C2000 chipsets; the old driver has been renamed to qat_c2xxx​​.
  • DPAA2 (NXP SoCs): Improvements in DPAA2 (second-generation Data Path Acceleration Architecture), including better isolation of DMA resources and cleanup operations, FDT/ACPI MDIO support, netboot over DPAA2, and separate command portals (DPMCP) support​​.
  • Realtek Wireless (rtw88(4)): The rtw88(4) driver for Realtek wireless PCI interfaces has been updated​​.
  • KVM Paravirtualized Clock (kvm_clock): A new driver has been added for the KVM paravirtualized clock​​.
  • ARM Corelink DMC-620 and CMN-600: hwpmc (4) and libpmc now support the Arm Corelink DMC-620 Memory Controller and CMN-600 Coherent Mesh Network Controller​​.
  • Frame Buffer Addressing: A fix for frame buffer addressing has been implemented, affecting frame buffers mapped above 4 GB physical on i386 and Book-E powerpc​​.

Deprecated features

In alignment with FreeBSD’s forward-looking strategy, certain features have been deprecated in 14.2:

  • fdisk(8) Deprecation: Users are encouraged to migrate to gpart(8) for disk partitioning​.
  • Planned Removal of syscons(4): Users are advised to transition to vt(4)​.

Earlier deprecated features and removed support in 14.x

Throughout the FreeBSD 14.x series, several features and supports were deprecated or removed entirely, indicating the project’s forward-looking approach and dedication to embracing modern technologies and standards.

  • Deprecated Drivers: Removed obsolete drivers such as amr(4), iir(4), twa(4), mn(4), mly(4), and nlmrsa(4). Drivers for ISA sound cards have been removed.
  • MIPS Architecture: Support for the MIPS architecture and related hardware has been removed.
  • Other Removals: Deprecated utilities like mergemaster(8) and the Telnet daemon have been removed.

On future releases and development strategy

As FreeBSD continues to evolve, the Project’s development strategy and roadmap for future releases reflect a commitment to embracing modern computing architectures while ensuring broad compatibility and support. FreeBSD 15.0 will mark a pivotal point in this journey, with several key decisions shaping the direction of the operating system

  • Phasing Out 32-bit Platform Support: FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7, signaling a strategic shift towards focusing on 64-bit computing. The armv6i386, and powerpc platforms are deprecated and slated for removal, though 64-bit systems will retain the capability to run older 32-bit binaries.
  • Tier 2 Architecture and armv7: The armv7 architecture is anticipated to be supported as a Tier 2 architecture in FreeBSD 15.0 and the stable/15 branch. However, there is an expectation that armv7 support may be discontinued in FreeBSD 16.0, with updates on the status of armv7 support to be provided around the time of the 15.0 release.
  • Continued Support for 32-bit Binaries and Applications: Despite the shift towards 64-bit platforms, FreeBSD will continue to support the execution of 32-bit binaries on 64-bit platforms through the COMPAT_FREEBSD32 option for at least the stable/15 and stable/16 branches. Moreover, the compilation of individual 32-bit applications will be supported in the stable/15 branch, ensuring compatibility with a broad range of software.
  • Ports and Package Infrastructure: Future releases, starting from FreeBSD 15.0, will not include support for building packages from ports for deprecated 32-bit platforms. This decision reflects the broader industry trend of moving away from 32-bit architectures and focuses development efforts on more widely used 64-bit platforms.
  • End of Life (EOL) for 32-bit Support: The stable/14 branch will retain support for 32-bit kernel and world, along with the ports system’s support for 32-bit systems, until it reaches end of life (EOL) five years after the release of FreeBSD 14.0. This timeline provides a transition period for users and developers relying on 32-bit platforms to migrate to supported architectures.


Community Feedback and Future Decisions: The FreeBSD Project acknowledges the importance of community feedback and committed efforts in shaping the support strategy for deprecated platforms. The community’s needs and contributions will inform decisions regarding extending support for certain platforms in FreeBSD 15.0 or later.

References

For those interested in exploring FreeBSD’s detailed evolution through the 14.x series, the official FreeBSD documentation, and release notes offer comprehensive insights into each version’s advancements and improvements.