The netboot installer for OpenBSD was bumped to version 6.6, following today’s release announcement from OpenBSD. A list of changes can be found at the OpenBSD 6.6 release page. Items of interest to prgmr.com customers include:
- Further and improved mitigations against Spectre side-channel vulnerability in Intel CPUs built since 2012.
- Mitigations for Intel’s Microarchitectural Data Sampling vulnerability, using the new CPU VERW behavior if available or by using the proper sequence from Intel’s “Deep Dive” doc in the return-to-userspace and enter-VMM-guest paths. Updated vmm(4) to pass through the MSR bits so that guests can apply the optimal mitigation.
If you’re interested in running OpenBSD on prgmr.com, please see our wiki page on OpenBSD.
Note that the OpenBSD installer is only available for VPSes with HVM virtualization. The virtualization type can be checked from the ‘system details’ option of the management console. If your VPS uses PV and you are interested in a conversion to HVM, please write email@example.com.