Security, Performance, and Interoperability; Introducing FreeBSD 14

The FreeBSD community is proud to herald the release of FreeBSD 14. FreeBSD 14 represents the 82nd release in the history of one of the world’s first open source projects, and contains over two and a half years of development work since the launch of the previous release. FreeBSD is the engine behind some of the world’s most well-known and widely used systems and brands including Sony Playstation, NetApp, Juniper, NetScaler, Netflix, and Netgate. With support until at least November 30th, 2028 for the FreeBSD 14.x series of releases, FreeBSD 14 continues FreeBSD’s legacy of creating an exceptionally stable, secure, and performance-oriented operating system. FreeBSD 14 brings further security and performance enhancements, along with extended support and interoperability. In this blog, we’ll take a look at these key themes to outline what’s new in FreeBSD 14, and more importantly, why it matters.

FreeBSD has a long legacy of being a secure and stable open source operating system. FreeBSD’s developers continue to work on, and prioritize, security with the intention of creating the most secure version of FreeBSD possible. FreeBSD 14 provides increased security in multiple areas, including Capsicum sandboxing, authentication, the removal of unnecessary services, and more. It is important to note that some security updates announced for the release of FreeBSD 14 have been incorporated into existing 13.x releases in order to ensure their enterprise-level stability and readiness before their formal introduction in FreeBSD 14.

Capsicum is a lightweight operating system capability and sandboxing framework that was initially developed by University of Cambridge with grants from Google, DARPA, and The FreeBSD Foundation. Capsicum stands out as a framework that allows developers to create programs that operate within a safe sandbox environment that is separate and isolated from the rest of their environment. The prototype for Capsicum was developed during the FreeBSD 8.x releases and Capsicum has continued to see improvements in FreeBSD ever since. For example, FreeBSD 14 brings sockstat(1) to Capscum sandboxing. Sockstat(1) is a versatile utility that displays open sockets within FreeBSD. The sockstat(1) utility can be used for a wide range of use cases, including – but certainly not limited to – troubleshooting.

FreeBSD 14 also provides further measures to prevent return-oriented programming attacks. A return-oriented-programming attack (ROP) is a technique that allows attackers to execute code in their target system by gaining control of a system’s call stack. Mature open source projects, like FreeBSD, have numerous developers throughout the world, making further iteration inherent. FreeBSD 14 represents a continuation of existing security measures in this area by enabling position independent executable and address space layout randomization by default for 64-bit architectures.

Lastly, FreeBSD 14 provides updates in cryptography and email, making FreeBSD 14 ideal for highly regulated industries and government. FreeBSD 14 includes support for FIDO/U2F hardware authenticators. FIDO/U2F is an open authentication standard, overseen by the FIDO Alliance, that was created by Google, Yubico, and NXP Semiconductors, with the vision of making a secure public key cryptography system. Aside from support for FIDO/U2F, FreeBSD 14 introduces a more secure, lightweight, and performance-driven default mail transport agent in Dragonfly Mail Agent. Dragonfly Mail Agent provides the maximum security possible in the smallest footprint for users who would like to set their own balance between security, performance, and load-management.

FreeBSD is known for many other things besides security, and high-performance is one of them. In fact, Netflix has done numerous talks about the kind of cutting-edge networking throughput they’re seeing. But it’s not just Netflix that benefits from FreeBSD’s high-performance capabilities. Companies like Simpro and Deepstack have given talks about how they have benefitted from FreeBSD’s performance capabilities. FreeBSD 14 provides additional performance enhancements that can lead to less downtime and helps FreeBSD take the lead in the world of serverless computing.

FreeBSD 14 now reboots even faster than before. To be precise, FreeBSD can now boot in only 25 milliseconds. This massive performance improvement makes FreeBSD 14 an ideal choice for microVMs. FreeBSD 14 also lays the groundwork for further compatibility with Firecracker Virtual Machine Monitor. Although much of the groundwork laid in FreeBSD 14 to optimize for serverless computing is in the background and not in user experience, a faster reboot time is noticeable, and further work is ongoing in the area of serverless computing. Stay tuned!

FreeBSD 14 focuses heavily on support and interoperability with other systems including Linux and major cloud providers. Let’s face it, a hallmark of open source technology is the freedom and ability to choose software depending on what’s right for a user’s specific situation and FreeBSD is adding to that hallmark with FreeBSD 14.

New efforts to enhance interoperability with Linux represent an interesting shift in direction for FreeBSD. FreeBSD 14 makes it easier for users to port applications and programs from Linux to FreeBSD, or vice versa. In this area, a number of utilities have been added to FreeBSD 14, including an nproc(1) utility, compatible with the Linux program of the same name, native timerfd(2) facility to enable porting of Linux programs that use timerfd, and a netlink(4) utility for further compatibility with Linux. 

Lastly in the theme of support and interoperability, FreeBSD 14 includes support for servers with greater CPU space on amd64 and arm64, up to 1024 cores, making FreeBSD an ideal choice for high-performance computing scenarios where systems are running large data-heavy applications. FreeBSD 14 provides further support for users of major cloud providers such as Microsoft Azure, Amazon Web Services, and Google Cloud. FreeBSD brings optimized networking support for Google Cloud and Microsoft Azure, ensuring that all three top cloud providers now have enhanced networking support in FreeBSD. FreeBSD 14 also brings a superior filesystem in the form of ZFS for use on Amazon Web Services and Microsoft Azure. FreeBSD users with arm64 and amd64 architectures are also now supported on all Azure VM types. 

Altogether, FreeBSD 14 includes countless new features supported by The FreeBSD Foundation, and represents a strong step forward for the FreeBSD Project. The release of FreeBSD 14 includes both iterative improvements, like support for OpenSSL 3.0.12, and innovations like an astoundingly fast reboot time along with further optimization for a serverless future. If you’re not currently familiar with FreeBSD and you’re interested in serverless computing, high-performance computing, or even a stable and secure operating system, now might be a good time to start looking into FreeBSD. To get started, visit FreeBSD.org or Download FreeBSD 14.