Introduction
The NetBSD Project is pleased to announce NetBSD 10.0, the eighteenth major release of the NetBSD operating system. It represents culmulative improvements to the operating system since NetBSD 9.x was originally branched in 2019.
This releases is dedicated to Willian Jolitz, who along with Lynne Jolitz ported 4.3BSD Net/2 to the Intel 80386, creating 386BSD, the foundation upon which we built NetBSD.
Upgrade instructions
An existing installation can be upgraded by booting an installation image and selecting the Upgrade option, or unattended upgrades can be performed sysupgrade tool from pkgsrc. If you are using sysupgrade, update the kernel and modules first, then reboot.
Please take particular note of Changes to system behaviour and compatibility if you are upgrading from an earlier release.
Changes since NetBSD 9.2
Performance and scalability
Benchmarks of NetBSD 10 show huge performance and scalabiliy gains over NetBSD 9.x, especially on multiprocessor and multicore systems, for compute and filesystem-bound applications. Areas of improvement included:
-
Switched the kernel’s file path lookup cache to use faster per-directory red-black trees.
-
Improved scheduler performance, including the ability to more appropriately spread load on a mixture of slow and fast cores (e.g. big.LITTLE Arm CPUs).
-
Various optimizations for the machine-independent virtual memory system:
-
Switched to a faster radix tree algorithm for memory page lookups.
-
Improved tracking of clean/dirty pages, speeding up &man.fsync.2; on large files by orders of magnitude.
-
Improved parallelization: rewritten page allocator with awareness of CPU topology, replaced global counters with per-CPU counters, and reduced lock contention.
-
-
Improved the performance of the &man.select.2; and &man.poll.2; system calls.
-
Improved the performance of
tmpfs
, implemented lazy update of atime/mtime. -
Various optimizations of architecture-dependent x86 and AArch64 code.
-
Various boot speed improvements.
Security and quality assurance
-
Compatibility with WireGuard®:
-
A new interface, &man.wg.4;, provides a VPN tunnel compatible with the WireGuard® specification.
-
A userspace implementation using a rump kernel server is also included, see &man.wg-userspace.4;
-
The NetBSD implementation works with WireGuard® implementations used by commercial VPN providers, Android, Linux, and more.
-
-
Stronger, faster cryptography:
-
Added an implementation of the Adiantum cipher for efficient disk encryption with &man.cgd.4; on systems without AES acceleration.
-
Switched the default password hashing algorithm to Argon2id, winner of the Password Hashing Competition. The algorithm’s hardness automatically scales with system performance. Added support for Argon2id to &man.cgdconfig.8; for use in password-based disk encryption.
-
The kernel now takes advantage of CPU acceleration and vectorization for common cryptographic algorithms on x86 and Arm, including AES and ChaCha. All in-kernel implementations of AES are now constant-time on all architectures.
-
Swap encryption is now automatic using the
vm.swap_encrypt=1
&man.sysctl.8; variable.
-
-
Support for new Armv8-A security features:
-
Privileged Access Never - helps prevent inadvertent userspace memory access by the kernel.
-
Pointer Authentication - helps defend against return-oriented programming attacks on buffer overrun.
-
Branch Target Identification - limits the locations to which branch instructions can jump.
-
-
More sanitizers, testing capabilities, and quality assurance:
-
Kernel Concurrency Sanitizer - detects race conditions in the kernel at runtime.
-
Kernel Memory Sanitizer - detects uninitialized memory in the kernel at runtime.
-
A new virtual USB host driver (vHCI) allows fuzzing and detecting bugs in USB drivers from userspace, even if the hardware is unavailable to developers.
-
More than 2000 new test cases were added.
-
Completed various kernel-wide audits of internal API usage: &man.membar.ops.3;, &man.autoconf.9;…
-
Hardware support
-
Improved support for Arm:
-
Allwinner V3s SoC support, found in e.g. the Lichee Pi Zero.
-
Amlogic G12 SoC support, found in e.g. the ODROID-N2+.
-
Apple M1 SoC support, e.g. the M1 Mac Mini.
-
NXP i.MX 8M SoC support, found in e.g. the HummingBoard Pulse.
-
PINE64 Quartz64 (with EDK II UEFI firmware installed) (Rockchip RK3566/RK3568) support.
-
Raspberry Pi 4 (with EDK II UEFI firmware installed) support.
-
Rockchip RK3288 support, found in e.g. the Asus Tinker Board.
-
Added support for booting the Raspberry Pi 0-3 in big endian mode.
-
Added support for ACPI Collaborative Processor Performance Control, used for CPU performance adjustment on ServerReady hardware.
-
Added support for &man.compat.linux.8; on AArch64, making it possible to run Linux userspace programs when the
compat_linux
module is enabled in/etc/modules.conf
. -
Added support for &man.spiflash.4; on Rockchip RK3328.
-
Various UEFI bootloader improvements: support for other-endian FFS, booting from &man.raid.4; volumes, ISO9660 (.iso file system) support,
boot.cfg
support,gop
command for changing the video mode,/dev/efi
device for accessing variables from userspace, loading kernel modules directly from the bootloader.
-
-
New drivers:
-
&man.eqos.4; - a driver for DesignWare Ethernet Quality-of-Service controllers.
-
&man.genet.4; - a driver for Broadcom GENETv5 Ethernet controllers, found on the Raspberry Pi 4.
-
&man.ixl.4; - a driver for Intel Ethernet 700 series 10/25/40 Gigabit Ethernet adapters.
-
&man.iavf.4; - a driver for Intel Ethernet Adaptive Virtual Functions.
-
&man.mcommphy.4; - a driver for Motorcomm YT8511C / YT8511H Gigabit Ethernet transceivers.
-
&man.mos.4; - a driver for MosChip MCS7730/7830/7832 USB Ethernet devices.
-
&man.nct.4; - a driver for Nuvoton NCT5104D GPIO controllers, found on PC Engines APU systems.
-
&man.pcf8574.4; - a GPIO driver used for LEDs and indicators on some SPARC64 hardware.
-
&man.qat.4; - a driver for Intel QuickAssist cryptographic accelerators.
-
&man.rge.4; - a driver for Realtek 8125 2.5 Gigabit Ethernet adapters.
-
&man.scmd.4; - a driver for Sparkfun Serial Controlled Motors.
-
&man.sgp40mox.4; - a driver for Sensirion SGP40 MOx gas sensors.
-
&man.sht3xtemp.4; - a driver for Sensirion SHT30/SHT31/SHT35 humidity/temperature sensors.
-
&man.sht4xtemp.4; - a driver for Sensirion SHT40/SHT41/SHT45 humidity/temperature sensors.
-
&man.wwanc.4; - a driver for Intel XMM7360 LTE modems.
-
-
Improved drivers:
-
Synced the GPU drivers in the kernel with Linux 5.6, bringing lots of new hardware support for accelerated graphics, for Intel (via i915), Nvidia (via nouveau), and AMD (via amdgpu and radeon) graphics processors.
-
&man.acpi.4; - added
/dev/acpi
, a character device for accessing ACPI tables. &man.acpidump.8; no longer requiresoptions INSECURE
. -
&man.aq.4; - added hardware TCP/UDP RX checksum offloading for Aquantia 2.5/5/10 Gigabit Ethernet interfaces.
-
&man.ciss.4; - added support for PERFORMANT mode and MSI/MSI-X on supported HP Smart Array RAID controllers.
-
&man.itesio.4; - added IT8625E support.
-
&man.ixv.4; - added support for mailbox API version 1.5, used on ESXi.
-
&man.mcx.4; - added hardware checksum offloading, hardware VLAN tagging, and support for multiple receive queues for Mellanox ConnectX multi-Gigabit Ethernet interfaces.
-
&man.nvme.4; - added suspend/resume support.
-
&man.onewire.4;, &man.owtemp.4; - reduced CPU overhead, improved reliability.
-
&man.pci.4; - added support for Enhanced Allocations, as seen in Cavium ThunderX based boards.
-
&man.pci.4; - added more PCIe 5.x decoding support.
-
&man.pms.4; - many improvements to Synaptics trackpad support.
-
&man.wm.4; - added support for Intel Tiger Lake and newer devices (I219V 15-V9 and LM 16-19).
-
&man.xhci.4; - added initial support for isochronous pipes (works with e.g. USB 3.x webcams)
-
&man.xhci.4; - added suspend/resume support.
-
-
Improved support for MIPS:
-
A bootable image,
octeon.img.gz
, is now provided for Cavium OCTEON MIPS64 boards, such as the Ubiquiti ERLite-3. TheERLITE
kernel configuration was renamed toOCTEON
. -
Added support for &man.ofctl.8; and
/dev/openfirm
, enabled on Cavium Octeon cores. -
Added flattened device tree, USB 3, CPU core support on Cavium Octeon.
-
Added support for kernel modules.
-
Ported &man.dtrace.1; and the &man.crash.8; kernel debugger.
-
-
Improved support for vintage hardware:
-
alpha: Enabled multiprocessor support by default in
GENERIC
kernels after several stability problems were fixed. -
alpha: Improved performance of TLB operations in the machine-dependent portion of the virtual memory system.
-
alpha: Implemented fast soft-interrupts.
-
evbppc: Added support for the DHT Walnut 405GP board.
-
hp300: Implemented bitmap ops support for the EVRX framebuffer on the HP9000/425e.
-
hp300: Added support for multiple rd(4) disks on all
punits
for HPDisk. -
hppa: Enabled support for kernel moduels in
GENERIC
. -
luna68k: Added support for keyboard LED and buzzer controls via &man.wskbd.4;.
-
macppc: Added support for the GeForce framebuffer, and CPU temperature and fan sensors on the iMac G5.
-
sparc64: Added environment monitoring for the Sun Enterprise 250.
-
x68k: Added Emulate3Buttons support to the monolithic X server.
-
Virtualization improvements
-
Many improvements to Xen support:
-
Added support for Xen PVH.
-
Added support for Xen PV drivers under HVM guests.
-
Added support for jumbo frames and feature-sg to paravirtualized network interfaces.
-
Dom0 kernels now have multiprocessor support enabled.
-
Xen kernels now use the same kernel modules as native kernels.
-
Paravirtualized network ddevices (&man.xennet.4;), block devices (&man.xbd.4;) are now
MPSAFE
and can take advantage of kernel paralellization. -
Grant table v2 support in the hypervisor is now required.
-
-
VirtIO driver enhancements:
-
Added support for VirtIO 1.0 to the &man.virtio.4; drivers, which previously supported version 0.9.
-
A new &man.vio9p.4; driver allows mounting VirtIO 9P filesystems exported by the VM host.
-
-
Added support for REP CMPS x86 instructions to the NetBSD Virtual Machine Montior (&man.nvmm.4;).
-
Added support for QEMU’s virtual "mipssim" machine to NetBSD/evbmips, including extensions for &man.virtio.4;.
-
Added support for running NetBSD/alpha in QEMU.
-
Added support for VMware ESXi-Arm to NetBSD/aarch64.
Features and general improvements
-
Networking stack improvements:
-
Implemented RFC 7048 in the kernel’s network stack, relaxing rules for IPv6 Neighbor Discovery retransmissions. IPv6 Neighbor Detection is now address agnostic and is used by ARP.
-
&man.lagg.4; - new scalable link aggregation and link failover interface, replaces &man.agr.4;.
-
&man.vether.4; - new virtual Ethernet interface with configurable address for use as a &man.bridge.4; endpoint, replaces &man.tap.4; in some scenarios.
-
-
File system and storage improvements:
-
Added support for POSIX.1e access control lists to FFS via extended attributes.
-
Dropped warning that ZFS is under development. ZFS on NetBSD has been ready for production use for some time.
-
&man.refuse.3; - now supports all FUSE API variants from FUSE 1.1 to FUSE 3.10.
-
&man.raid.4; - added support for swapped-endian configurations.
-
&man.blkdiskard.8; - new front end for &man.fdiscard.2; to manually TRIM a disk.
-
&man.fsck.udf.8; - new command for repairing damage to Universal Disk Format file systems, making UDF a suitable reliable read-write choice for cross-system shared disks.
-
&man.newfs.udf.8; - added support for formatting of UDF 2.50 with a metadata partition.
-
udf: various changes to enable bug-compatibility with Windows 10.
-
-
New userspace programs:
-
&man.aiomixer.1; - &man.curses.3;-based console audio mixer.
-
&man.realpath.1; - prints absolute paths from relative paths, including resolving symbolic links.
-
&man.ioctlprint.1; - prints descriptive
ioctl
values. -
&man.testpat.6; - display a color test pattern.
-
&man.warp.6; - classic BSD space war game (copyright donated to the NetBSD Foundation by Larry Wall).
-
-
Improvements to userspace programs:
-
&man.audioplay.1; - added ability to decode 64-bit and 32-bit IEEE floating point RIFF WAVE files.
-
&man.env.1; - added
-u
flag to remove an environment variable, and-0
to allow variable input separated by NUL characters. -
&man.mv.1; - added a -h option to atomically replace a symlink to a directory.
-
&man.netstat.1; - added various new packet counters.
-
&man.nbperf.1; - various optimizations; reduced memory footprint by 30%.
-
&man.patch.1; - added support for patching files with excessively long lines.
-
&man.ps.1; - added
-G
flag to take a single group argument, as required by POSIX.2. -
&man.sh.1;, &man.ksh.1;, &man.csh.1; - added
jobs -Z
to set the process title, as in zsh. -
&man.sh.1; - added command auto-completion.
-
&man.script.1; - added proper playback of &man.curses.3; sessions.
-
&man.vmstat.1; - added fast &man.sysctl.7;-based kernel hash statistics generation
-
&man.httpd.8; - added &man.blocklistd.8; support.
-
&man.inetd.8; - added a
-f
flag to run in the foreground. -
&man.scan.ffs.8; - added
SIGINFO
support, to display the status of the scan when Ctrl+T is pressed. -
&man.sysinst.8; - added support for configuring Wi-Fi devices.
-
&man.wsfontload.8; - added a
-l
flag to list all loaded and built-in fonts. -
&man.wsmoused.8: - added support for absolute mouse position events, e.g. touchscreens.
-
-
New and extended APIs:
-
&man.eventfd.2;, &man.timerfd.2; - new native system calls compatible with Linux, also used in &man.compat.linux.8;
-
&man.fexecve.2; - new system call for executing a file from a file descriptor, conforming to The Open Group Extended API Set 2.
-
&man.getrandom.2; - new system call compatible with the Linux system call.
-
&man.kqueue.2; - added
EVFILT_USER
for user-established events. -
&man.ppoll.2; - an alias of the native system call
pollts
for compatibility with other operating systems. -
&man.curses.3; - added stub mouse functions and
curses_version()
for compatibility with ncurses. -
&man.ossaudio.3; - added an implementation of the OSSv4 mixer API.
-
&man.hosts.access.3; - added &man.blocklistd.8; support, enabling all programs using libwrap to block access from denied hosts.
-
&man.regex.3; - added native language support, and support for GNU extensions (off by default).
-
-
Miscellaneous improvements:
-
Added BSD-licensed Spleen bitmap fonts for low and high-DPI displays to the X11 sets and
/usr/share/wscons/fonts
, made them the default for &man.ctwm.1;. -
&man.compat.linux.8; - added
eventfd
,timerfd
, POSIX timers,preadv
, andpwritev
. -
&man.wskbd.4; - added definitions for French BÉPO and German Neo 2 layouts.
-
&man.wsmouse.4; - added "precision scrolling" event types.
-
Changes to system behaviour and compatibility
-
Networking setups using &man.tap.4; as a &man.bridge.4; endpoint must be updated to use &man.vether.4; instead, as &man.tap.4;'s link state is now based on whether it has been opened by an application.
-
For security reasons, &man.compat.linux.8; is now disabled by default.
-
To load it at boot time, add
compat_linux
to/etc/modules.conf
.
-
-
The default package database for new installations was changed to
/usr/pkg/pkgdb
for consistency with other pkgsrc platforms, replacing/var/db/pkg
. -
IEEE 802.11 (Wi-Fi) devices now require SSID configuration in order to associate with an open access point.
-
blacklistd(8), a daemon that can block and release ports on demand to avoid DoS abuse, was renamed to &man.blocklistd.8;.
-
Changed the default shell of the
toor
user to/rescue/sh
to ensure that a user with a statically linked shell exists on the default install, in case of trouble. -
Xorg now determines the default keyboard layout based on wscons configuration instead of
/etc/xorg.conf
. To override the default, use &man.setxkbmap.1;. -
arm: ROCKPro64 &man.ld.4; disk device ordering was changed due to the addition of sdio devices.
-
x86: HDMI audio was enabled in the
GENERIC
kernel config. Users may have to adjust the default audio device with &man.audiocfg.1;. -
&man.crunchgen.1; - various special variable handling flags were removed and replaced with
-V
. -
&man.kqueue.2; - the
udata
type was changed fromintptr_t
tovoid *
for compatibility with other BSDs. -
&man.curses.3; - changed the default colour pair to 0 in line with other curses implementations.
-
&man.proplib.3; - various API changes and additions. older APIs that have been replaced now produce deprecation warnings.
-
&man.iconv.3; - the input argument was changed to be non-const to match current POSIX, previously being const for compatibility with other standards (e.g. SUSv2).
-
&man.resolver.3; - the default was changed to check-names (see &man.resolv.conf.5;), which means that hostnames that contain invalid characters will not resolve.
-
&man.secmodel.extensions.8: - added restrictions on hardlink creation.
Removed obsolete components
Many obsolete components were removed with the aim of making the network stack and kernel more maintainable, and to make future system-wide improvements (e.g. improved SMP) easier. In some cases removed drivers couldn’t be tested due to lack of available hardware and interest, or contained serious long-term bugs.
-
Drivers and support for networking technologies largely replaced by Ethernet: HIPPI, FDDI, and Token Ring.
-
In-kernel SMBFS - nsmb(4) and mount_smbfs(8). This did not support modern versions of the SMB protocol, and userspace implementations are more functional.
-
In-kernel IPv6 Router Advertisment handling - now handled in userspace by &man.dhcpcd.8;.
-
azalia(4) - a driver which was replaced by &man.hdaudio.4; in past releases.
-
de(4) - a driver which was replaced by &man.tlp.4; in past releases.
-
strip(4) - a driver for Metricom Ricochet packet radios.
-
urio(4) - a driver for Diamond Multimedia Rio500 MP3 players.
-
uscanner(4) - a driver for very old USB scanners, use &man.ugen.4; and SANE instead.
-
uyap(4) - a driver for USB YAP phone firmware loaders.
-
uyurex(4) - a driver for a novelty device made by the art group Maywa-denki in 2008.
-
sup(1) - a client for the CMU Software Upgrade Protocol. It is available in pkgsrc.
-
Support for ISD’s non-standard ATA protocol in &man.umass.4;, used for accessing storage in early Archos MP3 players.
-
CIRCLEQ
from &man.queue.3;, it was deprecated since NetBSD 7 due to pointer aliasing violations. -
Several libraries from the X11 distribution:
libXTrap
,libXevie
, andlibglut
(while unlike the other libraries, GLUT is still useful with modern X servers, libglut users are recommended to switch to FreeGLUT, which is available in pkgsrc). If necessary, removed libraries can continue to be used by installingcompat90
from pkgsrc.
Third-party components
Various third-party components included in the NetBSD base system were updated:
-
&man.gcc.1; - updated to 10.3.
-
&man.openssl.1; - updated to 1.1.1j
-
&man.postfix.1; - updated to 3.5.2.
-
&man.tmux.1; - updated to 3.2a
-
&man.dhcpcd.8; - updated to 9.4.1.
-
&man.pppd.8; - updated to 2.4.9.
-
&man.resolvconf.8; - updated to 3.12.0
-
&man.ssh.1;, &man.sshd.8; - updated to 8.8.
-
Note RSA/SHA-1 signature deprecation. You may need to re-enable ssh-rsa support when connecting to older servers.
-
-
&man.yacc.1; - updated to byacc 20210109.
-
&man.Xorg.1; - updated to 1.20.13.
-
&man.dhcpd.8; - updated to 4.4.3.
-
&man.tcpdump.8; - updated to 4.9.3.
-
&man.kerberos.8; - updated to Heimdal 7.7.0.
-
&man.unbound.8; - updated to 1.13.1.
-
&man.wpa_supplicant.8; - updated to 2.9.
-
&man.ldap.3; - updated to 2.5.6.
-
&man.pcap.3; - updated to 1.9.1.
-
&man.openpam.3; - updated to 20190224.
-
&man.acpi.4; - updated ACPICA to 20210604.
-
&man.services.5; - updated to version 2019-10-04 from IANA.
-
binutils - updated to 2.34.
-
libfido2 - updated to 1.8.0.
-
pam-u2f - updated to 1.2.0.
-
tzdata, tzcode - updated to 2022a.
Download NetBSD 10.0
-
Installation / USB stick image for 64-bit x86 (hybrid UEFI/BIOS image)
-
Installation / USB stick image for 64-bit x86 (legacy BIOS only)
-
Installation / USB stick image for 32-bit x86
-
Installation / USB stick image for Arm SystemReady servers/workstations
-
Live / SD card image for 64-bit Arm
-
Live / SD card image for 64-bit Arm (MBR Partition Table)
-
Live / SD card image for 32-bit Armv7-A
-
Live / SD card image for original Raspberry Pi (armv6-A)
-
Live / USB stick image for Cavium Octeon
-
CD/DVD image for 64-bit x86
-
Note: the CD/DVD images are not bootable when written to USB drives!
-
-
CD/DVD image for 32-bit x86
-
CD/DVD image for 64-bit Arm SystemReady virtual machines
-
CD/DVD image for 64-bit SPARC
-
CD/DVD image for Apple PowerPC
-
CD/DVD image for Alpha
-
More installation media, including for other architectures (e.g. 32-bit SPARC, Dreamcast, Motorola 68K, SGI MIPS, VAX), and other distribution files are available from the NetBSD CDN.
Use &man.gunzip.1;, &man.dd.1;, and &man.sync.1; on Unix, or
Rawrite32 on Windows
to write an .img.gz
file to a removable drive, USB stick, or SD card.
On Arm boards (not Raspberry Pi or platforms with native UEFI), you may also need to write U-Boot to the SD card.