On 2019-04-27, Igor Podlesny <[email protected]> wrote: > On Fri, 26 Apr 2019 at 22:58, Stuart Henderson <[email protected]> wrote: >> On 2019-04-26, Igor Podlesny <[email protected]> wrote: >> > Or would kernel's recompiling be needed anyways? > [...] >> Recompiling would be needed. >> >> If you want to try it, see faq 5 about fetching the source tree, >> add "ichwdt* at pci?" to /sys/arch/amd64/conf/GENERIC. then see faq 5 >> about building a kernel. > > Thanks for confirmation and brief how-to even. I'd like to clarify the matter > in > more general ways though. > > 1) Is it true that more or less fresh OpenBSD generic kernels come with > no support of any watchdog hw?
It is not true. They don't have *wide* support but there is some supported hw. If someone wants to change this, I suggest adding acpi watchdog support would give the best return for time spent. > 2) I heard that kernel modules were intentionally rid of in OpenBSD > primarily due > security concerns -- did it really happen for that reason? If so, and > I assume that > happened long ago, were there any developer's opinions to undo this? Actually > even not taking crypto verification approach (modules signing) one > could always have > secure level increased high enough to cut down this vector of attacks > completely. LKM added a bunch of complexity to all kernels with only a small benefit to a small subset of users, and there's a viable alternative (build your own kernels rather than just the module). It's not like a kernel build takes all that long. > OTOH, it's well known that dynamic loading approach greatly expands > functionality of > OS and makes it more convenient to use. They also gave an easy way for people to add crap to their kernels. At least with static kernels we can identify from dmesg when somebody reporting a problem is running something other than a standard kernel build. With LKMs this is gone, the most we'll have is a printf, but people reporting bugs have a tendency to remove things they don't want to show or think are unimportant. Also I don't see what this has to do with watchdogs, you would normally not want to wait until userland starts and LKMs are loaded before arming the watchdog.
