Re: where is the image of openbsd arm ?

[lists]

Looks like, it's the same message 2nd time, lets add more insomniac fun bits.
Who am I kidding, you'll figure the spelling without reading help.  Oh, wait,
has anyone tried any product from this company?  And I have another question,

Wikipedia: Kontron AG
[https://en.wikipedia.org/wiki/Kontron]

Home page: Kontron
[http://www.kontron.com/]

Can anyone *please* draft a quick list (summary) of OpenBSD friendly computer 
main board manufacturers of the seriously usable level for embedded, desktop,
server and networking classes equipment (skip multimedia & gaming stuff pls),
who (did) provide and/or continue to give OpenBSD developers access to system
design and programming documentation, and at least engineering documentation?

And slightly a different angle, obviously PC Engines is a good recommendation
for such a computer board maker, how would you compare to the other "listed"?

Re: where is the image of openbsd arm ?

[lists]

Sat, 25 Jun 2016 09:03:05 +1000 
> On Fri, 24 Jun 2016 06:32:33 +0300
> li...@wrant.com wrote:
> 
> > Fri, 24 Jun 2016 12:10:11 +1000   
> > > On Fri, 24 Jun 2016 04:30:39 +0300
> > > li...@wrant.com wrote:
> > > > 
> > > > What is more important is the level of engineering information
> > > > available from the manufacturer (PC Engines) web site including
> > > > tech specs, manual, BIOS updates, accessories, enclosures, diag
> > > > boards and also: Schematics!  
> > > 
> > > I certainly dig schematics! Don't forget, they use coreboot.
> > 
> > Yes, these are block diagrams of important sub-systems with chip
> > pin-outs, signal names, voltages, logic arrangement.  It's not the
> > complete electric schematic diagram as in a service manual, and
> > certainly not system design documentation, but is is engineering
> > level sufficient and: public access!  
> 
> The schematic here (http://pcengines.ch/schema/apu2c.pdf) actually has
> many of the the components too (mostly the support components around
> the chips, and power regulators and filters), but they are "joined"
> with the corresponding signal pins.

Yes, this is the doc I was referring to, and it is very useful for me.

> But as you say, engineering level sufficient and public access;
> definitely a win.

Indeed, I am now much more inclined to order a device with engineering
level of documentation!  I am totally sick from integrator level docs.

> I mentioned coreboot mainly because it is great to have hardware that
> comes with it pre-installed, so it is essentially a guarantee that it
> works.

Got it, thanks for the info.  I want to know coreboot & find a real
serial BIOS designed from the ground up to be serial line operated.

> > Comparing this to the paper manual I got with my expensive 2011 Atom
> > D525 system board from SuperMicro, I found what I got lacking for my
> > engineers purpose, despite having connector pin-outs and some
> > voltages.  Also, some time later I found out much cheaper Atom
> > mini-ITX boards form competitors as a whole, I would have went with a
> > PC Engines if I knew about them then.  
> 
> I originally held off on PC Engines because they only had 100Mbps
> connections at the time, and the specs were somewhat mediocre. The APU1
> came in, but it only had a dual-core CPU and I have heard horror
> stories about it heating up a lot.

Well, to be fair with this, I upgrade rare just because it happens that
designs are very successful as in 20 years for some systems.  And still
when I find an appropriate for the time being promising system, I order.
To be also fair, I did review Soekris as well, and found that to be too
difficult to obtain at the time, no seller in my part of Eastern Europe.

> Then the APU2 came in, and it was difficult to refuse; 1GHz quad-core,
> 4GB RAM, USB 3.0, supports OpenBSD, and 100% open source and
> public-access schematic. And best of all, it means I can finally have a
> modern system that doesn't have UEFI, which seems avoidable in laptops
> these days unfortunately.

Important decision, indeed.  See the serial BIOS comment, I now want more
than what the traditional BIOS transposed over the BMC/IPMI controller is
offering.  To add more speculation to the Arm side, the BMC looks like it
is (speculatively) an Arm device with a Linux (speculation again) like fw
on it, and it is part of my gateway system.  And this firmware frequently
crashes, luckily not affecting the system until I reboot.  This does not
make me happy at all, I would prefer that was an OpenBSD based BMC & IPMI
block even if the maker insisted Arm was the solution for the controller.

So the moment I can haz OpenBSD on the Arm and that can replace the BMC..
This is the moment I will order another BMC, until then, goodbye to IPMI.

> > So, are you saying that coreboot is serial compatible BIOS?  As in
> > textual interface exposed on the serial port, and no menu like the
> > other historic Award/Phoenix/Ami PC BIOS-es?  Does it give access to
> > all the BIOS options over the serial port as in pre-boot system set
> > up via RS-232?  None video and keyboard dependencies any more for
> > complete system management?  Is it?  
> 
> This one is ASCII only, and doesn't appear to use any funny control
> codes to juggle text around the screen and move the cursor all over
> the place; if it does use control characters, then they are very
> basic ASCII ones for presentation.
> 
> Though I am not sure if this is vanilla Coreboot; it would have been
> modified to suit the hardware.

More here would be interesting, if you can get details on the firmware.

> There is a "menu", but it's one of those "type the number of the item
> you wish to enter" menus. The only options I could see are the boot
> device order and a few settings here and there.
> 
> The general attitude of this BIOS is "load the OS and get out of the
> way", which is how it should be.

Indeed, sold.

> > > > 

Re: where is the image of openbsd arm ?

[lists]

Sat, 25 Jun 2016 01:46:47 +0200 arrowscr...@mail.com
> Too much noise folks.
> Hardware discussion does not belong to misc@. Please try go to other
> mailing list, maybe people in openbsd-arm will like this hardware
> related discussion, but not here. Thanks.

Hahaa, now we're talking.  Open a can of gateways and pass the popcorn.
In short, why Arm it with a .py school project kit, when you got cheap
(correction inexpensive, scratch overpriced) x86 boards begging deploy.

Re: where is the image of openbsd arm ?

[lists]

Fri, 24 Jun 2016 23:30:37 + (UTC) Christian Weisgerber

> On 2016-06-24, Chris Cappuccio  wrote:
> 
> >> Walking on the wild side, I suppose something could be done with a
> >> switch and vlans.  
> >
> > Yeah, but now your switch is using ten times the power of your router.  
> 
> There are small managed switches that have a size and power profile
> similar to any dumb desktop switch, e.g.:
> http://www.tp-link.us/products/details/cat-39_TL-SG3210.html

Yeah, guess I will revert to the copper only models for (home) office,
this looks nice!  Anyone can say something about the management iface?
Some ageing dumb 100 Mbps are giving in and I'm tired of re-soldering.
Luckily have spare switches, handfuls of capacitors, yet one switches
eats through them and I acquired that after market.  I hate the thing.
I think one similar TL will actually go on and buy in the near future.

Re: where is the image of openbsd arm ?

[David Vasek]

On Fri, 24 Jun 2016, Christian Weisgerber wrote:


On 2016-06-24, "Jacob L. Leifman"  wrote:


Is it possible to add more wired NICs to the APU?


Not really.  You could add more ports with a mini-PCIe dual/quad
NIC, but you would have to build your own case.


As there are two USB ports, any USB-attached ethernet adapter should work. 
With a powered USB hub, probably a number of them. Am I right?


Of course, performance of such a setup can't match that of a mini-PCIe 
ethernet adapter.


Regards,
David

Re: where is the image of openbsd arm ?

[bytevolcano]

On Fri, 24 Jun 2016 06:32:33 +0300
li...@wrant.com wrote:

> Fri, 24 Jun 2016 12:10:11 +1000 
> > On Fri, 24 Jun 2016 04:30:39 +0300
> > li...@wrant.com wrote:  
> > > 
> > > What is more important is the level of engineering information
> > > available from the manufacturer (PC Engines) web site including
> > > tech specs, manual, BIOS updates, accessories, enclosures, diag
> > > boards and also: Schematics!
> > 
> > I certainly dig schematics! Don't forget, they use coreboot.  
> 
> Yes, these are block diagrams of important sub-systems with chip
> pin-outs, signal names, voltages, logic arrangement.  It's not the
> complete electric schematic diagram as in a service manual, and
> certainly not system design documentation, but is is engineering
> level sufficient and: public access!

The schematic here (http://pcengines.ch/schema/apu2c.pdf) actually has
many of the the components too (mostly the support components around
the chips, and power regulators and filters), but they are "joined"
with the corresponding signal pins.

But as you say, engineering level sufficient and public access;
definitely a win.

I mentioned coreboot mainly because it is great to have hardware that
comes with it pre-installed, so it is essentially a guarantee that it
works.

> 
> Comparing this to the paper manual I got with my expensive 2011 Atom
> D525 system board from SuperMicro, I found what I got lacking for my
> engineers purpose, despite having connector pin-outs and some
> voltages.  Also, some time later I found out much cheaper Atom
> mini-ITX boards form competitors as a whole, I would have went with a
> PC Engines if I knew about them then.

I originally held off on PC Engines because they only had 100Mbps
connections at the time, and the specs were somewhat mediocre. The APU1
came in, but it only had a dual-core CPU and I have heard horror
stories about it heating up a lot.

Then the APU2 came in, and it was difficult to refuse; 1GHz quad-core,
4GB RAM, USB 3.0, supports OpenBSD, and 100% open source and
public-access schematic. And best of all, it means I can finally have a
modern system that doesn't have UEFI, which seems avoidable in laptops
these days unfortunately.

> 
> So, are you saying that coreboot is serial compatible BIOS?  As in
> textual interface exposed on the serial port, and no menu like the
> other historic Award/Phoenix/Ami PC BIOS-es?  Does it give access to
> all the BIOS options over the serial port as in pre-boot system set
> up via RS-232?  None video and keyboard dependencies any more for
> complete system management?  Is it?

This one is ASCII only, and doesn't appear to use any funny control
codes to juggle text around the screen and move the cursor all over
the place; if it does use control characters, then they are very
basic ASCII ones for presentation.

Though I am not sure if this is vanilla Coreboot; it would have been
modified to suit the hardware.

There is a "menu", but it's one of those "type the number of the item
you wish to enter" menus. The only options I could see are the boot
device order and a few settings here and there.

The general attitude of this BIOS is "load the OS and get out of the
way", which is how it should be.

> 
> > > 
> > > This seems to be by far more friendly to both engineer & consumer
> > > users.
> > > 
> > > PC Engines APU2 product line
> > > [http://www.pcengines.ch/apu2b2.htm]
> > > 
> > > 1) How do the APU systems go as pricing to comparable systems from
> > > other similar (industrial class, desktop enclosure)
> > > manufacturers?
> > 
> > I have two APU2C4 boards.  
> 
> I've never seen these in action, nor had chance to use any coreboot
> device.

I don't think this is has vanilla coreboot software on it either, given
that it only has a serial port and no video output. This is the only
coreboot device I have used.

> 
> > The price is not bad, and the ALIX/APU boards are not loaded with
> > consumer-grade "ooh, aah" bullet-point rubbish, unlike some of the
> > VIA boards which are (quite worryingly) also marketed towards
> > medical devices.  
> 
> The SuperMicro BIOS experience over serial port (the -F models have a
> BMC/IMPI controller onboard) is not that great.  It is the traditional
> Award style BIOS transposed in a screen interface 1:1 without a proper
> serial connection functionality factored in.  It is not a serial BIOS,
> it is serial exposed historic old school BIOS.  Not necessarily bad,
> it has borders, colours, much like servers from other commercial
> vendors.

This BIOS is 100% text-based, and it is a "what goes out stays out"
approach as far as its UI is concerned. In my opinion, every single
BIOS should be like this.

Basically you need to make sure the serial console is connected before
starting the system up, otherwise you'll end up missing the BIOS setup
menu and the system will either be in the 10 second delay (that allows
you to make a selection before it boots into the OS), or it 

Re: where is the image of openbsd arm ?

[lists]

Sat, 25 Jun 2016 01:23:25 +0200 Christian Weisgerber

> David Vasek:
> 
> > As there are two USB ports, any USB-attached ethernet adapter should work. 
> > With a powered USB hub, probably a number of them. Am I right?  
> 
> If you are desperate enough.
> 
> There's a dual axen(4) adapter in one package:
> https://www.startech.com/Networking-IO/usb-network-adapters/USB-3-to-Dual-Port-Gigabit-Ethernet-Adapter-NIC-with-USB-Port~USB32000SPT

I was lucky on random 1st pull out of Ebay for a 100 Mbps USB blue clear
plastic with SMD LED on-board and what looked on the picture and in the
description as an ASIX new model USB to Ethernet adaptor, ordered 2 pcs:

axe0 at uhub5 port 1 configuration 1 interface 0 "ASIX Electronics AX88772B" 
rev 2.00/0.01 addr 5
axe0: AX88772B, address 00:80:8e:mask
ukphy0 at axe0 phy 16: Generic IEEE 802.3u media interface, rev. 1: OUI 
0x000ec6, model 0x0008

axe1 at uhub5 port 3 configuration 1 interface 0 "ASIX Electronics AX88772B" 
rev 2.00/0.01 addr 7
axe1: AX88772B, address 00:80:8e:mask
ukphy1 at axe1 phy 16: Generic IEEE 802.3u media interface, rev. 1: OUI 
0x000ec6, model 0x0008

The sellers rotate their offers frequently so cannot give adequate link.
Note, I can't imagine GbE pulled out of USB2, and that's why cheap's OK.

These work, but as you presume I do not use them in production, just as
a fallback for the comm device Atom N280 (EEE PC 1005HA-B) sub-notebook.

You may want to pick another one, I just wanted to share that this works,
in contrast with the USB to RS-232 adaptors I picked, that're dismantled.

Re: where is the image of openbsd arm ?

[arrowscript]

Too much noise folks.
Hardware discussion does not belong to misc@. Please try go to other mailing 
list, maybe people in openbsd-arm will like this hardware related discussion, 
but not here. Thanks.

Re: where is the image of openbsd arm ?

[Christian Weisgerber]

On 2016-06-24, Chris Cappuccio  wrote:

>> Walking on the wild side, I suppose something could be done with a
>> switch and vlans.
>
> Yeah, but now your switch is using ten times the power of your router.

There are small managed switches that have a size and power profile
similar to any dumb desktop switch, e.g.:
http://www.tp-link.us/products/details/cat-39_TL-SG3210.html

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: where is the image of openbsd arm ?

[Christian Weisgerber]

David Vasek:

> As there are two USB ports, any USB-attached ethernet adapter should work. 
> With a powered USB hub, probably a number of them. Am I right?

If you are desperate enough.

There's a dual axen(4) adapter in one package:
https://www.startech.com/Networking-IO/usb-network-adapters/USB-3-to-Dual-Port-Gigabit-Ethernet-Adapter-NIC-with-USB-Port~USB32000SPT

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: where is the image of openbsd arm ?

[bytevolcano]

On Fri, 24 Jun 2016 06:32:33 +0300
li...@wrant.com wrote:

> Fri, 24 Jun 2016 12:10:11 +1000 
> > On Fri, 24 Jun 2016 04:30:39 +0300
> > li...@wrant.com wrote:  
> > > 
> > > What is more important is the level of engineering information
> > > available from the manufacturer (PC Engines) web site including
> > > tech specs, manual, BIOS updates, accessories, enclosures, diag
> > > boards and also: Schematics!
> > 
> > I certainly dig schematics! Don't forget, they use coreboot.  
> 
> Yes, these are block diagrams of important sub-systems with chip
> pin-outs, signal names, voltages, logic arrangement.  It's not the
> complete electric schematic diagram as in a service manual, and
> certainly not system design documentation, but is is engineering
> level sufficient and: public access!

The schematic here (http://pcengines.ch/schema/apu2c.pdf) actually has
many of the the components too (mostly the support components around
the chips, and power regulators and filters), but they are "joined"
with the corresponding signal pins.

But as you say, engineering level sufficient and public access;
definitely a win.

I mentioned coreboot mainly because it is great to have hardware that
comes with it pre-installed, so it is essentially a guarantee that it
works.

> 
> Comparing this to the paper manual I got with my expensive 2011 Atom
> D525 system board from SuperMicro, I found what I got lacking for my
> engineers purpose, despite having connector pin-outs and some
> voltages.  Also, some time later I found out much cheaper Atom
> mini-ITX boards form competitors as a whole, I would have went with a
> PC Engines if I knew about them then.

I originally held off on PC Engines because they only had 100Mbps
connections at the time, and the specs were somewhat mediocre. The APU1
came in, but it only had a dual-core CPU and I have heard horror
stories about it heating up a lot.

Then the APU2 came in, and it was difficult to refuse; 1GHz quad-core,
4GB RAM, USB 3.0, supports OpenBSD, and 100% open source and
public-access schematic. And best of all, it means I can finally have a
modern system that doesn't have UEFI, which seems avoidable in laptops
these days unfortunately.

> 
> So, are you saying that coreboot is serial compatible BIOS?  As in
> textual interface exposed on the serial port, and no menu like the
> other historic Award/Phoenix/Ami PC BIOS-es?  Does it give access to
> all the BIOS options over the serial port as in pre-boot system set
> up via RS-232?  None video and keyboard dependencies any more for
> complete system management?  Is it?

This one is ASCII only, and doesn't appear to use any funny control
codes to juggle text around the screen and move the cursor all over
the place; if it does use control characters, then they are very
basic ASCII ones for presentation.

Though I am not sure if this is vanilla Coreboot; it would have been
modified to suit the hardware.

There is a "menu", but it's one of those "type the number of the item
you wish to enter" menus. The only options I could see are the boot
device order and a few settings here and there.

The general attitude of this BIOS is "load the OS and get out of the
way", which is how it should be.

> 
> > > 
> > > This seems to be by far more friendly to both engineer & consumer
> > > users.
> > > 
> > > PC Engines APU2 product line
> > > [http://www.pcengines.ch/apu2b2.htm]
> > > 
> > > 1) How do the APU systems go as pricing to comparable systems from
> > > other similar (industrial class, desktop enclosure)
> > > manufacturers?
> > 
> > I have two APU2C4 boards.  
> 
> I've never seen these in action, nor had chance to use any coreboot
> device.

I don't think this is has vanilla coreboot software on it either, given
that it only has a serial port and no video output. This is the only
coreboot device I have used.

> 
> > The price is not bad, and the ALIX/APU boards are not loaded with
> > consumer-grade "ooh, aah" bullet-point rubbish, unlike some of the
> > VIA boards which are (quite worryingly) also marketed towards
> > medical devices.  
> 
> The SuperMicro BIOS experience over serial port (the -F models have a
> BMC/IMPI controller onboard) is not that great.  It is the traditional
> Award style BIOS transposed in a screen interface 1:1 without a proper
> serial connection functionality factored in.  It is not a serial BIOS,
> it is serial exposed historic old school BIOS.  Not necessarily bad,
> it has borders, colours, much like servers from other commercial
> vendors.

This BIOS is 100% text-based, and it is a "what goes out stays out"
approach as far as its UI is concerned. In my opinion, every single
BIOS should be like this.

Basically you need to make sure the serial console is connected before
starting the system up, otherwise you'll end up missing the BIOS setup
menu and the system will either be in the 10 second delay (that allows
you to make a selection before it boots into the OS), or it 

Re: OT: Toosl to manage PKI under OpenBSD

[Predrag Punosevac]

> On Fri 24.Jun'16 at 12:46:48 +, Dahlberg, David wrote:
> > Am Freitag, den 24.06.2016, 11:45 + schrieb C. L. Martinez:
> >
> > > I would like to deploy/setup a PKI under OpenBSD for my home lab.
> > > Searching about this topic, I think the best option is to use
> > > customized openssl/libressl scripts, but it colud be very hard to
> keep
> > > for certifcate requests, revocations, etc.
> > >
> > > Â Any suggestion about what can be better option?
> >
> > Have a look at security/xca, else define "better option".
> >
> > Cheers
>
> For "better option", I am speaking about what could be the best tool or
> procedure to \
> manage a PKI under OpenBSD.
>

easy-rsa

You just chose to ignore the answer.

Predrag

>
> --
> Greetings,
> C. L. Martinez

Re: where is the image of openbsd arm ?

[lists]

Fri, 24 Jun 2016 14:37:20 -0700 Chris Cappuccio 
> Jacob L. Leifman [jac...@bitwise.net] wrote:
> > Is it possible to add more wired NICs to the APU? Alternatively, is 
> > there a comparably robust and OpenBSD supported low-wattage platform 
> > with at least 4 (and preferrably 5-6) NICs?
> 
> It has two mini pci-e slots. Syba and others make a mini pci-e gigabit card.
> That might work, but you'll have to modify the case. There are plenty of
> boxes even faster, like supermicro SYS-E200-9B with 4 LAN (X11SBA-LN4F).

See also the below 7 LAN system.  Beware the fans are high pitch noisy
higher static pressure (4cm).  The CPU is 20W TDP rate Atom C2758.  It
has 7 on system GbE LAN ports + 1 IPMI GbE LAN port.  I hate: they did
not put an RS-232 Serial port above the VGA port.  I have not used it,
so can not provide any dmesg for this, and can't comment on price too.

SuperMicro Server 1U SYS-5018A-TN7B
[http://www.supermicro.com/products/system/1U/5018/SYS-5018A-TN7B.cfm]

SuperMicro Motherboard A1SRM-LN7F-2758
[http://www.supermicro.com/products/motherboard/Atom/X10/A1SRM-LN7F-2758.cfm]

ServeTheHome 2014 Review A1SRM-LN7F-2758
[http://www.servethehome.com/supermicro-a1srm-ln7f-2758-review-awesome/]

A 200W small form factor PSU may be ideal, if you can find a nice TFX.
Some mini-ITX chassis have these included and make a nice case per se.
There may be other 4+ GbE systems on the market w/o BMC for much less
$, expect this to top 400 USD street price today and potential quirks.
I would pick this board ANY day but NOT the chassis for (home) office.
This is a huge overkill for the residential Internet offers, mind you.
Another idea is to check for 4 port PCI cards and extend a -LN4 board.

Re: where is the image of openbsd arm ?

[Chris Cappuccio]

Ted Unangst [t...@tedunangst.com] wrote:
> Jacob L. Leifman wrote:
> > Is it possible to add more wired NICs to the APU? Alternatively, is 
> > there a comparably robust and OpenBSD supported low-wattage platform 
> > with at least 4 (and preferrably 5-6) NICs?
> 
> Walking on the wild side, I suppose something could be done with a
> switch and vlans.

Yeah, but now your switch is using ten times the power of your router.

Re: where is the image of openbsd arm ?

[Ted Unangst]

Jacob L. Leifman wrote:
> Is it possible to add more wired NICs to the APU? Alternatively, is 
> there a comparably robust and OpenBSD supported low-wattage platform 
> with at least 4 (and preferrably 5-6) NICs?

Walking on the wild side, I suppose something could be done with a
switch and vlans.

Re: where is the image of openbsd arm ?

[Christian Weisgerber]

On 2016-06-24, "Jacob L. Leifman"  wrote:

> Is it possible to add more wired NICs to the APU?

Not really.  You could add more ports with a mini-PCIe dual/quad
NIC, but you would have to build your own case.

The APU2 is at a very sweet price/performance spot *if* it fits
your requirements.

> Alternatively, is there a comparably robust and OpenBSD supported
> low-wattage platform with at least 4 (and preferrably 5-6) NICs?

There's the Soekris net6501, which has four NICs and a PCIe expansion
slot.  It's an old design, and compared to the APU2 even the fastest
model has much less CPU and no AES-NI if you were thinking of doing
IPsec.  It is also much more expensive.
https://soekris.com/products/net6501-1.html

Rather more competitive designs are based on the Intel Rangeley
(Atom C2000) SoCs, but these are also expensive:

Adi Engineering and Netgate offer these:
RCC-VE 2440 (4 ports). stsp@ has one, I think.
https://www.netgate.com/products/rcc-ve-2440.html
RCC-VE 4860 (6 ports)
https://www.netgate.com/products/rcc-ve-4860.html

Somebody recently mentioned the Lanner FW-7525:
https://marc.info/?l=openbsd-misc=146576932210443=2
http://www.lannerinc.com/products/x86-network-appliances/x86-desktop-appliances/fw-7525

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: where is the image of openbsd arm ?

[Chris Cappuccio]

Jacob L. Leifman [jac...@bitwise.net] wrote:
> Is it possible to add more wired NICs to the APU? Alternatively, is 
> there a comparably robust and OpenBSD supported low-wattage platform 
> with at least 4 (and preferrably 5-6) NICs?
> 

It has two mini pci-e slots. Syba and others make a mini pci-e gigabit card.
That might work, but you'll have to modify the case. There are plenty of
boxes even faster, like supermicro SYS-E200-9B with 4 LAN (X11SBA-LN4F).

Re: where is the image of openbsd arm ?

[Jacob L. Leifman]

Is it possible to add more wired NICs to the APU? Alternatively, is 
there a comparably robust and OpenBSD supported low-wattage platform 
with at least 4 (and preferrably 5-6) NICs?

Thank you.

On 24 Jun 2016 at 13:37, Chris Cappuccio wrote:

> li...@wrant.com [li...@wrant.com] wrote:
> > 
> > 1) How do the APU systems go as pricing to comparable systems from
> > other similar (industrial class, desktop enclosure) manufacturers?
> > 
> 
> The pricing direct from PC Engines is roughly 2x to 3x the cost
> of certain cheap, popular ARM boards. It's on par or lower than
> the pricing of the higher end ARM boards (some of which are supported
> in the armv7 port)
> 
> > 2) How is the OpenBSD experience on the APU systems, do they have serial
> > RS232 console (serial BIOS), do they expose all the hardware to OpenBSD?
> > 
> 
> Everything is exposed. The serial console requires boot.conf setup,
> and Bob Beck recently fixed some aggressive behaviour in the boot loader
> so that it no longer prints garbage characters on the screen during
> the 'set tty com0' transition. Thank you Bob for spending the time to
> track this annoying behaviour down !
> 
> Chris

Re: where is the image of openbsd arm ?

[Chris Cappuccio]

li...@wrant.com [li...@wrant.com] wrote:
> 
> 1) How do the APU systems go as pricing to comparable systems from
> other similar (industrial class, desktop enclosure) manufacturers?
> 

The pricing direct from PC Engines is roughly 2x to 3x the cost
of certain cheap, popular ARM boards. It's on par or lower than
the pricing of the higher end ARM boards (some of which are supported
in the armv7 port)

> 2) How is the OpenBSD experience on the APU systems, do they have serial
> RS232 console (serial BIOS), do they expose all the hardware to OpenBSD?
> 

Everything is exposed. The serial console requires boot.conf setup,
and Bob Beck recently fixed some aggressive behaviour in the boot loader
so that it no longer prints garbage characters on the screen during
the 'set tty com0' transition. Thank you Bob for spending the time to
track this annoying behaviour down !

Chris

Re: where is the image of openbsd arm ?

[Chris Cappuccio]

bytevolc...@safe-mail.net [bytevolc...@safe-mail.net] wrote:
> 
> In addition, the clips for the mSATA/mPCIe slots, given that the use of
> metallic screw points would improve grounding to the devices and would
> be a lot more robust and resilient against vibration; with screw posts,
> there is the option of using rubber washers too. And, screw posts would
> cost an order of magnitude less, considering the cost of assembly too.
> 

The clips are really easy to use if you push them in and out with a
tool. They are plenty resilient in my opinion, unless you bend the
crap out of them...

I had problems with the heat sink material and I just use zalman paint-brush
heatsink paste on all units. If the heat sink material works properly,
then the zalman is actually slightly higher temperature. Some units
i've assembled with the heat sink material aren't stable, and the material
comes out baked/cracked. I'm not sure why, and I just use paste and
they work fine.

> I have not had the opportunity to test the GPIO support though; the
> watchdog timer is not supported by OpenBSD, so whatever you do, do not
> enable the watchdog timer yet.
> 

I have code for the GPIO. It uses extended configuration mode to
peek/poke the GPIO registers on the nct5104d, which is not the
preferred method. It needs to be converted to use the direct access
through the GPIO register table (section 10.2 of the nct5104d datasheet)
and needs to be a separate item from the wbsio driver, similar to lm.
But the autoconf framework may need some adaptation here too. (These
items are according to kettenis@)

Chris

Re: OT: Toosl to manage PKI under OpenBSD

[C. L. Martinez]

On Fri 24.Jun'16 at 12:46:48 +, Dahlberg, David wrote:
> Am Freitag, den 24.06.2016, 11:45 + schrieb C. L. Martinez:
> 
> > I would like to deploy/setup a PKI under OpenBSD for my home lab.
> > Searching about this topic, I think the best option is to use
> > customized openssl/libressl scripts, but it colud be very hard to keep
> > for certifcate requests, revocations, etc.
> > 
> >  Any suggestion about what can be better option?
> 
> Have a look at security/xca, else define "better option".
> 
> Cheers

For "better option", I am speaking about what could be the best tool or 
procedure to manage a PKI under OpenBSD.


-- 
Greetings,
C. L. Martinez

Re: OT: Toosl to manage PKI under OpenBSD

[Kapetanakis Giannis]

On 24/06/16 14:45, C. L. Martinez wrote:

Hi all,

  I would like to deploy/setup a PKI under OpenBSD for my home lab. Searching 
about this topic, I think the best option is to use customized openssl/libressl 
scripts, but it colud be very hard to keep for certifcate requests, 
revocations, etc.

  Any suggestion about what can be better option?

Thanks



The simplest option would be easy-rsa

It is in ports.

G

OT: Toosl to manage PKI under OpenBSD

[C. L. Martinez]

Hi all,

 I would like to deploy/setup a PKI under OpenBSD for my home lab. Searching 
about this topic, I think the best option is to use customized openssl/libressl 
scripts, but it colud be very hard to keep for certifcate requests, 
revocations, etc.

 Any suggestion about what can be better option?

Thanks

-- 
Greetings,
C. L. Martinez

inet6 ff02::1:ff routes leaking?

[Aaron Riekenberg]

I am running an OpenBSD 5.9 box as a firewall/router on a Comcast cable
connection.  My box has 2 interfaces: em0 on external network (cable modem)
and em1 on internal network.  I have applied all available patches for 5.9.

For ipv6 I'm running wide-dhcpv6 package to get a non-temporary address on
em0 and prefix delegation (/64) on em1.

I'm using slaac on em0 to get the default inet6 route from Comcast - I have
"rtsol" line in hostname.em0.

Finally I'm running rtadvd on em1 to advertise inet6 route and prefix to
internal clients.  I'm using default rtadvd config (no config file).

This all works great, but one issue I'm noticing is netstat -rn output
seems to keep growing, particularly for ff02::1:ff routes on the internal
interface (em1).  After 2 days of uptime I have this:

$ netstat -rn | grep -c 'ff02::1:ff'
124

These routes look like this - notice c flag so these are cloned routes:

$ netstat -rn | grep  'ff02::1:ff'
ff02::1:ff02:e530%em1  link#3 UHLc
  03 - 4 em1
ff02::1:ff04:8e23%em1  link#3 UHLc
  0   71 - 4 em1
ff02::1:ff04:ee06%em1  link#3 UHLc
  02 - 4 em1

Wikipedia says these are solicited node multicast addresses:
https://en.wikipedia.org/wiki/Solicited-node_multicast_address

Looking at the kernel code - I think these are all cloned child routes of a
route set up by this code in sys/netinet6/in6.c (interesting comment):

 807 bzero(, sizeof(info));
 808 info.rti_info[RTAX_DST] = sin6tosa();
 809 info.rti_info[RTAX_GATEWAY] =
sin6tosa(>ia_addr);
 810 info.rti_info[RTAX_NETMASK] =
sin6tosa();
 811 info.rti_info[RTAX_IFA] =
sin6tosa(>ia_addr);
 812 /* XXX: we need RTF_CLONING to fake
nd6_rtrequest */
 813 info.rti_flags = RTF_CLONING;
 814 error = rtrequest(RTM_ADD, ,
RTP_CONNECTED, NULL,
 815 ifp->if_rdomain);

mltaddr is set to in6addr_linklocal_allnodes, which
is IN6ADDR_LINKLOCAL_ALLNODES_INIT, which is ff02::1:ff


Questions - Are these child routes really leaking?  Is there a max number
of cloned child routes or a timeout for these?  I cannot find any evidence
of this.

If they are leaking - I worry my poor router will eventually try to add all
possible 2^24 solicited node multicast entires to the routing table and die
of memory exhaustion.

Re: where is the image of openbsd arm ?

[Karel Gardas]

On Fri, Jun 24, 2016 at 1:49 AM, Chris Cappuccio  wrote:
> The APU2 is a 4 core system while the APU1 is 2 core. The APU1 is actually
> marginally faster at "openssl speed", per-core. The APU2 has USB3, better
> ethernet. It also has an integrated CPU/chipset, which practically translates
> to lower heat.

APU2C4 -- 4GB ECC RAM which (together with points you already
mentioned) makes it nice little server.